xmrig | 761f0cea271fa0e363096006837fc3c816393b65ff8a078d27e4f116cdb457cb

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
Size

1.9MB
MD5

065dd8fbdfc56e8c2bb8719f9e120325
SHA1

c17a9d1865062c05175d2c71c6abb110d0db419f
SHA256

761f0cea271fa0e363096006837fc3c816393b65ff8a078d27e4f116cdb457cb
SHA512

d8bdb9586af50c4eb8bcf33fedf529361e138136cd846e5a7d197d4adc36272881dc94c0e4a9054cd06aacb317da8c5b246a056e3e4b99e8f10e8606f48e5ac5
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrlTjv:NABw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 23 IoCs

miner

resource	yara_rule
behavioral2/memory/2432-435-0x00007FF78F300000-0x00007FF78F6F2000-memory.dmp	xmrig
behavioral2/memory/3200-546-0x00007FF64CA40000-0x00007FF64CE32000-memory.dmp	xmrig
behavioral2/memory/4792-545-0x00007FF6AFF70000-0x00007FF6B0362000-memory.dmp	xmrig
behavioral2/memory/3460-544-0x00007FF6C0CF0000-0x00007FF6C10E2000-memory.dmp	xmrig
behavioral2/memory/1288-543-0x00007FF70ADF0000-0x00007FF70B1E2000-memory.dmp	xmrig
behavioral2/memory/4028-434-0x00007FF7C2E70000-0x00007FF7C3262000-memory.dmp	xmrig
behavioral2/memory/2928-408-0x00007FF7D8740000-0x00007FF7D8B32000-memory.dmp	xmrig
behavioral2/memory/4660-385-0x00007FF746C70000-0x00007FF747062000-memory.dmp	xmrig
behavioral2/memory/1180-315-0x00007FF6A31C0000-0x00007FF6A35B2000-memory.dmp	xmrig
behavioral2/memory/2800-257-0x00007FF74BC60000-0x00007FF74C052000-memory.dmp	xmrig
behavioral2/memory/1392-236-0x00007FF602510000-0x00007FF602902000-memory.dmp	xmrig
behavioral2/memory/4296-241-0x00007FF64D480000-0x00007FF64D872000-memory.dmp	xmrig
behavioral2/memory/2448-181-0x00007FF7E4E10000-0x00007FF7E5202000-memory.dmp	xmrig
behavioral2/memory/704-98-0x00007FF7EA9B0000-0x00007FF7EADA2000-memory.dmp	xmrig
behavioral2/memory/4612-4005-0x00007FF7FC6E0000-0x00007FF7FCAD2000-memory.dmp	xmrig
behavioral2/memory/4740-3998-0x00007FF65EAF0000-0x00007FF65EEE2000-memory.dmp	xmrig
behavioral2/memory/3056-3996-0x00007FF69D440000-0x00007FF69D832000-memory.dmp	xmrig
behavioral2/memory/4636-4037-0x00007FF769460000-0x00007FF769852000-memory.dmp	xmrig
behavioral2/memory/1464-4034-0x00007FF746E20000-0x00007FF747212000-memory.dmp	xmrig
behavioral2/memory/3404-4032-0x00007FF6D4D20000-0x00007FF6D5112000-memory.dmp	xmrig
behavioral2/memory/704-4003-0x00007FF7EA9B0000-0x00007FF7EADA2000-memory.dmp	xmrig
behavioral2/memory/3924-4001-0x00007FF6C43E0000-0x00007FF6C47D2000-memory.dmp	xmrig
behavioral2/memory/3668-3995-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3668	NSXgAel.exe
3404	uwxlOrj.exe
1464	dyihSPS.exe
4740	PXnmTOp.exe
4636	nYnUjEj.exe
1288	DSZdExx.exe
3924	XNGYlEn.exe
704	xGYMFQU.exe
4612	sJiRola.exe
2448	wRStzTz.exe
1392	poEVDhk.exe
3460	JREBuAv.exe
4296	sdzJfQw.exe
2800	WADuUqf.exe
1180	TEvqllD.exe
4792	odvICpP.exe
4660	jtLvReA.exe
2928	gTsZWXg.exe
4028	GLywJbH.exe
3200	taciSWg.exe
2432	mzITZqL.exe
436	iCzaxMl.exe
4632	OTfcaTC.exe
4728	nhqApAc.exe
4348	JpywRhM.exe
4976	LVAYxFn.exe
1072	GCjZVyY.exe
3864	XzLNtem.exe
5076	qzgwpiZ.exe
4548	BLZIsqg.exe
4600	PZhznRq.exe
1540	hdYoECt.exe
4648	iJbRMxk.exe
1872	wIQCXOZ.exe
2268	ZBJHvMl.exe
1068	qlzECTQ.exe
4876	VfXKyvo.exe
3152	hBczHku.exe
1260	tbQjrfZ.exe
5020	oeCYyTa.exe
2248	AwwKBwy.exe
5004	uHWBhiw.exe
3544	UNvFdjh.exe
1576	QXfrnGN.exe
3812	AMxrkQZ.exe
868	kbryzIx.exe
2196	vLrXlEG.exe
4928	bvtzEis.exe
1920	PrVwgEt.exe
968	sIAkXof.exe
4684	IKeAxCR.exe
4268	vRxukiM.exe
844	ACJRobf.exe
540	UbOjByw.exe
2872	RkhWopm.exe
760	nNeNPHX.exe
4580	efavUVB.exe
4888	FKFvfUp.exe
3540	RWKMzii.exe
4528	VNWPGMY.exe
4476	nmnqZje.exe
4256	ULlEstV.exe
4364	dkKSwCE.exe
5060	qOLYVnu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3056-0-0x00007FF69D440000-0x00007FF69D832000-memory.dmp	upx
behavioral2/files/0x000c000000023bc2-5.dat	upx
behavioral2/files/0x000a000000023bcf-45.dat	upx
behavioral2/files/0x000a000000023bcb-41.dat	upx
behavioral2/files/0x000a000000023bce-40.dat	upx
behavioral2/files/0x000a000000023bca-50.dat	upx
behavioral2/files/0x000a000000023bd1-48.dat	upx
behavioral2/files/0x000a000000023bd2-85.dat	upx
behavioral2/files/0x000a000000023bdd-118.dat	upx
behavioral2/files/0x000a000000023bd8-146.dat	upx
behavioral2/files/0x0009000000023c05-185.dat	upx
behavioral2/memory/2432-435-0x00007FF78F300000-0x00007FF78F6F2000-memory.dmp	upx
behavioral2/memory/3200-546-0x00007FF64CA40000-0x00007FF64CE32000-memory.dmp	upx
behavioral2/memory/4792-545-0x00007FF6AFF70000-0x00007FF6B0362000-memory.dmp	upx
behavioral2/memory/3460-544-0x00007FF6C0CF0000-0x00007FF6C10E2000-memory.dmp	upx
behavioral2/memory/1288-543-0x00007FF70ADF0000-0x00007FF70B1E2000-memory.dmp	upx
behavioral2/memory/4028-434-0x00007FF7C2E70000-0x00007FF7C3262000-memory.dmp	upx
behavioral2/memory/2928-408-0x00007FF7D8740000-0x00007FF7D8B32000-memory.dmp	upx
behavioral2/memory/4660-385-0x00007FF746C70000-0x00007FF747062000-memory.dmp	upx
behavioral2/memory/1180-315-0x00007FF6A31C0000-0x00007FF6A35B2000-memory.dmp	upx
behavioral2/memory/2800-257-0x00007FF74BC60000-0x00007FF74C052000-memory.dmp	upx
behavioral2/memory/1392-236-0x00007FF602510000-0x00007FF602902000-memory.dmp	upx
behavioral2/memory/4296-241-0x00007FF64D480000-0x00007FF64D872000-memory.dmp	upx
behavioral2/files/0x000a000000023be1-198.dat	upx
behavioral2/files/0x000a000000023be0-195.dat	upx
behavioral2/files/0x000a000000023bdf-190.dat	upx
behavioral2/files/0x0009000000023c06-188.dat	upx
behavioral2/memory/2448-181-0x00007FF7E4E10000-0x00007FF7E5202000-memory.dmp	upx
behavioral2/files/0x000e000000023bf7-180.dat	upx
behavioral2/files/0x000a000000023bdc-176.dat	upx
behavioral2/files/0x000a000000023bf0-175.dat	upx
behavioral2/files/0x000b000000023be8-169.dat	upx
behavioral2/files/0x000a000000023bdb-162.dat	upx
behavioral2/files/0x000a000000023be2-204.dat	upx
behavioral2/files/0x000a000000023bda-153.dat	upx
behavioral2/files/0x000a000000023bd9-149.dat	upx
behavioral2/files/0x0008000000023c00-184.dat	upx
behavioral2/files/0x000b000000023be7-145.dat	upx
behavioral2/memory/4612-142-0x00007FF7FC6E0000-0x00007FF7FCAD2000-memory.dmp	upx
behavioral2/files/0x000a000000023bd4-138.dat	upx
behavioral2/files/0x000b000000023be6-137.dat	upx
behavioral2/files/0x000a000000023be5-136.dat	upx
behavioral2/files/0x000a000000023be4-135.dat	upx
behavioral2/files/0x000a000000023be3-134.dat	upx
behavioral2/files/0x000a000000023bd6-124.dat	upx
behavioral2/files/0x000a000000023bd7-122.dat	upx
behavioral2/files/0x000a000000023bd5-120.dat	upx
behavioral2/files/0x000a000000023bde-119.dat	upx
behavioral2/files/0x000a000000023bd0-116.dat	upx
behavioral2/files/0x000a000000023bd3-104.dat	upx
behavioral2/memory/704-98-0x00007FF7EA9B0000-0x00007FF7EADA2000-memory.dmp	upx
behavioral2/files/0x000a000000023bcc-76.dat	upx
behavioral2/memory/3924-70-0x00007FF6C43E0000-0x00007FF6C47D2000-memory.dmp	upx
behavioral2/files/0x000a000000023bcd-69.dat	upx
behavioral2/memory/4636-58-0x00007FF769460000-0x00007FF769852000-memory.dmp	upx
behavioral2/memory/4740-55-0x00007FF65EAF0000-0x00007FF65EEE2000-memory.dmp	upx
behavioral2/memory/1464-32-0x00007FF746E20000-0x00007FF747212000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-19.dat	upx
behavioral2/memory/3404-25-0x00007FF6D4D20000-0x00007FF6D5112000-memory.dmp	upx
behavioral2/memory/3668-11-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	upx
behavioral2/memory/4612-4005-0x00007FF7FC6E0000-0x00007FF7FCAD2000-memory.dmp	upx
behavioral2/memory/4740-3998-0x00007FF65EAF0000-0x00007FF65EEE2000-memory.dmp	upx
behavioral2/memory/3056-3996-0x00007FF69D440000-0x00007FF69D832000-memory.dmp	upx
behavioral2/memory/4636-4037-0x00007FF769460000-0x00007FF769852000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oQqBsYW.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\AzDHESv.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\YwHplHe.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\eXUiUoZ.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\fwwERwC.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\aZxCPSy.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\rhtzVMC.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\UykpCEn.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\RgunbkC.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\GUGVBBs.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\xAsSclf.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\OYpfPfM.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\ApfJPMV.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\aRwiocs.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\dUzQXJH.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\VAmrZng.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\JxPCXcV.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\hWYNSWf.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\wZabHXF.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\HeTXFTh.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\TeJCtcf.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\pewVyHb.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\UNdOHjI.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\CEfqpvn.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\bxkuhIj.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\TgEbekk.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\BbcHLIW.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\VvMabUx.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\TaDZTaq.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\bWEEXAb.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\AwXVlJK.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\xArBnZq.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\rdeSPxd.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\npzfQzj.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\qiqnYYk.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\pQOUjbd.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\tIHAVjn.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\zVlOkzf.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\ynATQCg.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\PmMvufK.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\nAGGIsc.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\VshBOWC.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\NAJgyxZ.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\YPCsVCH.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\jTcRZlc.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\DQkAvyy.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\hEbdpZB.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\cclQAPh.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\SyfINQR.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\adRpmxO.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\rvxpynY.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\eWXRBVf.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\YzTLLkP.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\EbfyRLx.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\hryLkTs.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\zOgtldr.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\MPpbxSj.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\OlcUGGC.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\BNxzzcn.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\wxYYSvI.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\ZybrnlD.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\HntiFlT.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\FkSuOer.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
File created	C:\Windows\System\YxMeASp.exe	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5088	powershell.exe
5088	powershell.exe
5088	powershell.exe
5088	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
808	Process not Found
4608	Process not Found
2536	Process not Found
1708	Process not Found
5052	Process not Found
1180	Process not Found
2432	Process not Found
1540	Process not Found
2268	Process not Found
2604	Process not Found
3672	Process not Found
3876	Process not Found
3444	Process not Found
6464	Process not Found
2804	Process not Found
4092	Process not Found
388	Process not Found
3316	Process not Found
4796	Process not Found
1528	Process not Found
4948	Process not Found
1932	Process not Found
680	Process not Found
14292	Process not Found
4952	Process not Found
704	Process not Found
912	Process not Found
4612	Process not Found
1492	Process not Found
2448	Process not Found
4700	Process not Found
1392	Process not Found
3840	Process not Found
2820	Process not Found
4320	Process not Found
5104	Process not Found
14252	Process not Found
1020	Process not Found
4296	Process not Found
4260	Process not Found
2800	Process not Found
4200	Process not Found
1676	Process not Found
14296	Process not Found
4044	Process not Found
2928	Process not Found
2028	Process not Found
4028	Process not Found
4148	Process not Found
3200	Process not Found
3692	Process not Found
436	Process not Found
4192	Process not Found
3940	Process not Found
4880	Process not Found
2428	Process not Found
10924	Process not Found
4356	Process not Found
4976	Process not Found
1272	Process not Found
1436	Process not Found
3256	Process not Found
4488	Process not Found
13316	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
Token: SeDebugPrivilege	5088	powershell.exe
Token: SeLockMemoryPrivilege	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	12736	dwm.exe
Token: SeChangeNotifyPrivilege	12736	dwm.exe
Token: 33	12736	dwm.exe
Token: SeIncBasePriorityPrivilege	12736	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 5088	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	84
PID 3056 wrote to memory of 5088	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	84
PID 3056 wrote to memory of 3668	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	85
PID 3056 wrote to memory of 3668	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	85
PID 3056 wrote to memory of 3404	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	86
PID 3056 wrote to memory of 3404	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	86
PID 3056 wrote to memory of 1464	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	87
PID 3056 wrote to memory of 1464	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	87
PID 3056 wrote to memory of 4740	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	88
PID 3056 wrote to memory of 4740	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	88
PID 3056 wrote to memory of 4636	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	89
PID 3056 wrote to memory of 4636	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	89
PID 3056 wrote to memory of 1288	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	90
PID 3056 wrote to memory of 1288	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	90
PID 3056 wrote to memory of 3924	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	91
PID 3056 wrote to memory of 3924	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	91
PID 3056 wrote to memory of 704	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	92
PID 3056 wrote to memory of 704	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	92
PID 3056 wrote to memory of 4612	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	93
PID 3056 wrote to memory of 4612	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	93
PID 3056 wrote to memory of 2448	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	94
PID 3056 wrote to memory of 2448	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	94
PID 3056 wrote to memory of 1392	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	95
PID 3056 wrote to memory of 1392	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	95
PID 3056 wrote to memory of 3460	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	96
PID 3056 wrote to memory of 3460	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	96
PID 3056 wrote to memory of 4792	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	97
PID 3056 wrote to memory of 4792	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	97
PID 3056 wrote to memory of 4296	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	98
PID 3056 wrote to memory of 4296	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	98
PID 3056 wrote to memory of 2800	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	99
PID 3056 wrote to memory of 2800	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	99
PID 3056 wrote to memory of 1180	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	100
PID 3056 wrote to memory of 1180	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	100
PID 3056 wrote to memory of 4660	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	101
PID 3056 wrote to memory of 4660	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	101
PID 3056 wrote to memory of 2928	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	102
PID 3056 wrote to memory of 2928	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	102
PID 3056 wrote to memory of 4028	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	103
PID 3056 wrote to memory of 4028	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	103
PID 3056 wrote to memory of 3200	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	104
PID 3056 wrote to memory of 3200	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	104
PID 3056 wrote to memory of 2432	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	105
PID 3056 wrote to memory of 2432	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	105
PID 3056 wrote to memory of 436	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	106
PID 3056 wrote to memory of 436	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	106
PID 3056 wrote to memory of 4632	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	107
PID 3056 wrote to memory of 4632	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	107
PID 3056 wrote to memory of 4728	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	108
PID 3056 wrote to memory of 4728	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	108
PID 3056 wrote to memory of 4348	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	109
PID 3056 wrote to memory of 4348	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	109
PID 3056 wrote to memory of 4976	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	110
PID 3056 wrote to memory of 4976	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	110
PID 3056 wrote to memory of 1072	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	111
PID 3056 wrote to memory of 1072	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	111
PID 3056 wrote to memory of 3864	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	112
PID 3056 wrote to memory of 3864	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	112
PID 3056 wrote to memory of 5076	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	113
PID 3056 wrote to memory of 5076	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	113
PID 3056 wrote to memory of 4548	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	114
PID 3056 wrote to memory of 4548	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	114
PID 3056 wrote to memory of 4600	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	115
PID 3056 wrote to memory of 4600	3056	065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\065dd8fbdfc56e8c2bb8719f9e120325_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5088
- C:\Windows\System\NSXgAel.exe
  C:\Windows\System\NSXgAel.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\uwxlOrj.exe
  C:\Windows\System\uwxlOrj.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\dyihSPS.exe
  C:\Windows\System\dyihSPS.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PXnmTOp.exe
  C:\Windows\System\PXnmTOp.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\nYnUjEj.exe
  C:\Windows\System\nYnUjEj.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\DSZdExx.exe
  C:\Windows\System\DSZdExx.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\XNGYlEn.exe
  C:\Windows\System\XNGYlEn.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\xGYMFQU.exe
  C:\Windows\System\xGYMFQU.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\sJiRola.exe
  C:\Windows\System\sJiRola.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\wRStzTz.exe
  C:\Windows\System\wRStzTz.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\poEVDhk.exe
  C:\Windows\System\poEVDhk.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\JREBuAv.exe
  C:\Windows\System\JREBuAv.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\odvICpP.exe
  C:\Windows\System\odvICpP.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\sdzJfQw.exe
  C:\Windows\System\sdzJfQw.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\WADuUqf.exe
  C:\Windows\System\WADuUqf.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\TEvqllD.exe
  C:\Windows\System\TEvqllD.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\jtLvReA.exe
  C:\Windows\System\jtLvReA.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\gTsZWXg.exe
  C:\Windows\System\gTsZWXg.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\GLywJbH.exe
  C:\Windows\System\GLywJbH.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\taciSWg.exe
  C:\Windows\System\taciSWg.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\mzITZqL.exe
  C:\Windows\System\mzITZqL.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\iCzaxMl.exe
  C:\Windows\System\iCzaxMl.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\OTfcaTC.exe
  C:\Windows\System\OTfcaTC.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\nhqApAc.exe
  C:\Windows\System\nhqApAc.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\JpywRhM.exe
  C:\Windows\System\JpywRhM.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\LVAYxFn.exe
  C:\Windows\System\LVAYxFn.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\GCjZVyY.exe
  C:\Windows\System\GCjZVyY.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\XzLNtem.exe
  C:\Windows\System\XzLNtem.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\qzgwpiZ.exe
  C:\Windows\System\qzgwpiZ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\BLZIsqg.exe
  C:\Windows\System\BLZIsqg.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\PZhznRq.exe
  C:\Windows\System\PZhznRq.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\hdYoECt.exe
  C:\Windows\System\hdYoECt.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\iJbRMxk.exe
  C:\Windows\System\iJbRMxk.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\wIQCXOZ.exe
  C:\Windows\System\wIQCXOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ZBJHvMl.exe
  C:\Windows\System\ZBJHvMl.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\qlzECTQ.exe
  C:\Windows\System\qlzECTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\VfXKyvo.exe
  C:\Windows\System\VfXKyvo.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\hBczHku.exe
  C:\Windows\System\hBczHku.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\tbQjrfZ.exe
  C:\Windows\System\tbQjrfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\oeCYyTa.exe
  C:\Windows\System\oeCYyTa.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\AwwKBwy.exe
  C:\Windows\System\AwwKBwy.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\UbOjByw.exe
  C:\Windows\System\UbOjByw.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\RkhWopm.exe
  C:\Windows\System\RkhWopm.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\uHWBhiw.exe
  C:\Windows\System\uHWBhiw.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\UNvFdjh.exe
  C:\Windows\System\UNvFdjh.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\QXfrnGN.exe
  C:\Windows\System\QXfrnGN.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\AMxrkQZ.exe
  C:\Windows\System\AMxrkQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\kbryzIx.exe
  C:\Windows\System\kbryzIx.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\vLrXlEG.exe
  C:\Windows\System\vLrXlEG.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\bvtzEis.exe
  C:\Windows\System\bvtzEis.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\PrVwgEt.exe
  C:\Windows\System\PrVwgEt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\sIAkXof.exe
  C:\Windows\System\sIAkXof.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\IKeAxCR.exe
  C:\Windows\System\IKeAxCR.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\vRxukiM.exe
  C:\Windows\System\vRxukiM.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\ACJRobf.exe
  C:\Windows\System\ACJRobf.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\nNeNPHX.exe
  C:\Windows\System\nNeNPHX.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\efavUVB.exe
  C:\Windows\System\efavUVB.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\FKFvfUp.exe
  C:\Windows\System\FKFvfUp.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\RWKMzii.exe
  C:\Windows\System\RWKMzii.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\VNWPGMY.exe
  C:\Windows\System\VNWPGMY.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\nmnqZje.exe
  C:\Windows\System\nmnqZje.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\ULlEstV.exe
  C:\Windows\System\ULlEstV.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\EhtzUuC.exe
  C:\Windows\System\EhtzUuC.exe
  2⤵
  PID:1924
- C:\Windows\System\dkKSwCE.exe
  C:\Windows\System\dkKSwCE.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\qOLYVnu.exe
  C:\Windows\System\qOLYVnu.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\QZFyLuo.exe
  C:\Windows\System\QZFyLuo.exe
  2⤵
  PID:2776
- C:\Windows\System\ewzAYRc.exe
  C:\Windows\System\ewzAYRc.exe
  2⤵
  PID:4860
- C:\Windows\System\wROonEt.exe
  C:\Windows\System\wROonEt.exe
  2⤵
  PID:3016
- C:\Windows\System\kYMmZAA.exe
  C:\Windows\System\kYMmZAA.exe
  2⤵
  PID:1168
- C:\Windows\System\eoevIWY.exe
  C:\Windows\System\eoevIWY.exe
  2⤵
  PID:2796
- C:\Windows\System\BewsBYF.exe
  C:\Windows\System\BewsBYF.exe
  2⤵
  PID:4704
- C:\Windows\System\rcfRdkC.exe
  C:\Windows\System\rcfRdkC.exe
  2⤵
  PID:2420
- C:\Windows\System\jgPycxy.exe
  C:\Windows\System\jgPycxy.exe
  2⤵
  PID:4336
- C:\Windows\System\qpFwABS.exe
  C:\Windows\System\qpFwABS.exe
  2⤵
  PID:4068
- C:\Windows\System\pnjZUYU.exe
  C:\Windows\System\pnjZUYU.exe
  2⤵
  PID:772
- C:\Windows\System\kDKmobd.exe
  C:\Windows\System\kDKmobd.exe
  2⤵
  PID:400
- C:\Windows\System\GEKhXdk.exe
  C:\Windows\System\GEKhXdk.exe
  2⤵
  PID:4316
- C:\Windows\System\MJTBdsh.exe
  C:\Windows\System\MJTBdsh.exe
  2⤵
  PID:4720
- C:\Windows\System\AaDNoDq.exe
  C:\Windows\System\AaDNoDq.exe
  2⤵
  PID:4152
- C:\Windows\System\qOrKrgs.exe
  C:\Windows\System\qOrKrgs.exe
  2⤵
  PID:1952
- C:\Windows\System\MVQTUIs.exe
  C:\Windows\System\MVQTUIs.exe
  2⤵
  PID:1584
- C:\Windows\System\VsHFEAW.exe
  C:\Windows\System\VsHFEAW.exe
  2⤵
  PID:3176
- C:\Windows\System\QwfNFEB.exe
  C:\Windows\System\QwfNFEB.exe
  2⤵
  PID:1980
- C:\Windows\System\YCtqyXB.exe
  C:\Windows\System\YCtqyXB.exe
  2⤵
  PID:5124
- C:\Windows\System\EuDkHWf.exe
  C:\Windows\System\EuDkHWf.exe
  2⤵
  PID:5148
- C:\Windows\System\YEhSzOH.exe
  C:\Windows\System\YEhSzOH.exe
  2⤵
  PID:5172
- C:\Windows\System\pgzgpAD.exe
  C:\Windows\System\pgzgpAD.exe
  2⤵
  PID:5188
- C:\Windows\System\swLBmWz.exe
  C:\Windows\System\swLBmWz.exe
  2⤵
  PID:5204
- C:\Windows\System\YQswsbw.exe
  C:\Windows\System\YQswsbw.exe
  2⤵
  PID:5220
- C:\Windows\System\wmzosdJ.exe
  C:\Windows\System\wmzosdJ.exe
  2⤵
  PID:5248
- C:\Windows\System\KTLeFKW.exe
  C:\Windows\System\KTLeFKW.exe
  2⤵
  PID:5272
- C:\Windows\System\jyCtqyA.exe
  C:\Windows\System\jyCtqyA.exe
  2⤵
  PID:5292
- C:\Windows\System\bHGNfbQ.exe
  C:\Windows\System\bHGNfbQ.exe
  2⤵
  PID:5308
- C:\Windows\System\pcnJFnN.exe
  C:\Windows\System\pcnJFnN.exe
  2⤵
  PID:5328
- C:\Windows\System\JzlZPev.exe
  C:\Windows\System\JzlZPev.exe
  2⤵
  PID:5348
- C:\Windows\System\ZmxNuSK.exe
  C:\Windows\System\ZmxNuSK.exe
  2⤵
  PID:5376
- C:\Windows\System\JqnxrZF.exe
  C:\Windows\System\JqnxrZF.exe
  2⤵
  PID:5396
- C:\Windows\System\eEbMHST.exe
  C:\Windows\System\eEbMHST.exe
  2⤵
  PID:5420
- C:\Windows\System\NHSMUyP.exe
  C:\Windows\System\NHSMUyP.exe
  2⤵
  PID:5440
- C:\Windows\System\SogDFdc.exe
  C:\Windows\System\SogDFdc.exe
  2⤵
  PID:5480
- C:\Windows\System\zYObilX.exe
  C:\Windows\System\zYObilX.exe
  2⤵
  PID:5496
- C:\Windows\System\NlgYGgs.exe
  C:\Windows\System\NlgYGgs.exe
  2⤵
  PID:5528
- C:\Windows\System\fXSqbbR.exe
  C:\Windows\System\fXSqbbR.exe
  2⤵
  PID:5544
- C:\Windows\System\WssfqQw.exe
  C:\Windows\System\WssfqQw.exe
  2⤵
  PID:5568
- C:\Windows\System\qLmdNZA.exe
  C:\Windows\System\qLmdNZA.exe
  2⤵
  PID:5612
- C:\Windows\System\HQXCMWe.exe
  C:\Windows\System\HQXCMWe.exe
  2⤵
  PID:5628
- C:\Windows\System\KEyprWB.exe
  C:\Windows\System\KEyprWB.exe
  2⤵
  PID:5644
- C:\Windows\System\ItUcoOs.exe
  C:\Windows\System\ItUcoOs.exe
  2⤵
  PID:5696
- C:\Windows\System\GvqkSWv.exe
  C:\Windows\System\GvqkSWv.exe
  2⤵
  PID:5716
- C:\Windows\System\XGPKuuQ.exe
  C:\Windows\System\XGPKuuQ.exe
  2⤵
  PID:5736
- C:\Windows\System\UcvCgXD.exe
  C:\Windows\System\UcvCgXD.exe
  2⤵
  PID:5764
- C:\Windows\System\zBgdjdM.exe
  C:\Windows\System\zBgdjdM.exe
  2⤵
  PID:5780
- C:\Windows\System\KwLmPth.exe
  C:\Windows\System\KwLmPth.exe
  2⤵
  PID:5796
- C:\Windows\System\fHoxuju.exe
  C:\Windows\System\fHoxuju.exe
  2⤵
  PID:5816
- C:\Windows\System\ciKzdVn.exe
  C:\Windows\System\ciKzdVn.exe
  2⤵
  PID:5852
- C:\Windows\System\FFbwCHY.exe
  C:\Windows\System\FFbwCHY.exe
  2⤵
  PID:5880
- C:\Windows\System\fGTEqIU.exe
  C:\Windows\System\fGTEqIU.exe
  2⤵
  PID:5896
- C:\Windows\System\nYWyyrh.exe
  C:\Windows\System\nYWyyrh.exe
  2⤵
  PID:5916
- C:\Windows\System\DblbNNO.exe
  C:\Windows\System\DblbNNO.exe
  2⤵
  PID:5936
- C:\Windows\System\SLzbJxu.exe
  C:\Windows\System\SLzbJxu.exe
  2⤵
  PID:5964
- C:\Windows\System\hXAOMHr.exe
  C:\Windows\System\hXAOMHr.exe
  2⤵
  PID:5980
- C:\Windows\System\IEOXoSl.exe
  C:\Windows\System\IEOXoSl.exe
  2⤵
  PID:6008
- C:\Windows\System\JkWAcIz.exe
  C:\Windows\System\JkWAcIz.exe
  2⤵
  PID:6024
- C:\Windows\System\ksNqxpw.exe
  C:\Windows\System\ksNqxpw.exe
  2⤵
  PID:6040
- C:\Windows\System\vwxkTAM.exe
  C:\Windows\System\vwxkTAM.exe
  2⤵
  PID:2576
- C:\Windows\System\oXTjzjf.exe
  C:\Windows\System\oXTjzjf.exe
  2⤵
  PID:2396
- C:\Windows\System\gUoNOKf.exe
  C:\Windows\System\gUoNOKf.exe
  2⤵
  PID:4432
- C:\Windows\System\yytPksI.exe
  C:\Windows\System\yytPksI.exe
  2⤵
  PID:2460
- C:\Windows\System\vixRDSS.exe
  C:\Windows\System\vixRDSS.exe
  2⤵
  PID:3652
- C:\Windows\System\FDcNQZm.exe
  C:\Windows\System\FDcNQZm.exe
  2⤵
  PID:3992
- C:\Windows\System\mwnPhvL.exe
  C:\Windows\System\mwnPhvL.exe
  2⤵
  PID:2644
- C:\Windows\System\umZElAs.exe
  C:\Windows\System\umZElAs.exe
  2⤵
  PID:376
- C:\Windows\System\HZlabcp.exe
  C:\Windows\System\HZlabcp.exe
  2⤵
  PID:216
- C:\Windows\System\oaJoaFS.exe
  C:\Windows\System\oaJoaFS.exe
  2⤵
  PID:5368
- C:\Windows\System\TDzlHpa.exe
  C:\Windows\System\TDzlHpa.exe
  2⤵
  PID:2524
- C:\Windows\System\YlhZmdw.exe
  C:\Windows\System\YlhZmdw.exe
  2⤵
  PID:4484
- C:\Windows\System\mWtHlqh.exe
  C:\Windows\System\mWtHlqh.exe
  2⤵
  PID:2180
- C:\Windows\System\KPDrxwX.exe
  C:\Windows\System\KPDrxwX.exe
  2⤵
  PID:1088
- C:\Windows\System\vjKDeLp.exe
  C:\Windows\System\vjKDeLp.exe
  2⤵
  PID:5136
- C:\Windows\System\fIJLBsD.exe
  C:\Windows\System\fIJLBsD.exe
  2⤵
  PID:5212
- C:\Windows\System\DhYRgcq.exe
  C:\Windows\System\DhYRgcq.exe
  2⤵
  PID:5240
- C:\Windows\System\noACZVN.exe
  C:\Windows\System\noACZVN.exe
  2⤵
  PID:5284
- C:\Windows\System\KfRQnBY.exe
  C:\Windows\System\KfRQnBY.exe
  2⤵
  PID:5320
- C:\Windows\System\TdpTNbm.exe
  C:\Windows\System\TdpTNbm.exe
  2⤵
  PID:5992
- C:\Windows\System\FZraJPL.exe
  C:\Windows\System\FZraJPL.exe
  2⤵
  PID:6172
- C:\Windows\System\xnlpmwV.exe
  C:\Windows\System\xnlpmwV.exe
  2⤵
  PID:6188
- C:\Windows\System\UykpCEn.exe
  C:\Windows\System\UykpCEn.exe
  2⤵
  PID:6204
- C:\Windows\System\bNCutRZ.exe
  C:\Windows\System\bNCutRZ.exe
  2⤵
  PID:6224
- C:\Windows\System\dbiXlOR.exe
  C:\Windows\System\dbiXlOR.exe
  2⤵
  PID:6244
- C:\Windows\System\DaUDwpc.exe
  C:\Windows\System\DaUDwpc.exe
  2⤵
  PID:6272
- C:\Windows\System\QmrFHbU.exe
  C:\Windows\System\QmrFHbU.exe
  2⤵
  PID:6288
- C:\Windows\System\vBkMTji.exe
  C:\Windows\System\vBkMTji.exe
  2⤵
  PID:6312
- C:\Windows\System\QbHJleD.exe
  C:\Windows\System\QbHJleD.exe
  2⤵
  PID:6328
- C:\Windows\System\sFhjXSw.exe
  C:\Windows\System\sFhjXSw.exe
  2⤵
  PID:6352
- C:\Windows\System\rpFdMrB.exe
  C:\Windows\System\rpFdMrB.exe
  2⤵
  PID:6376
- C:\Windows\System\qlmSKEK.exe
  C:\Windows\System\qlmSKEK.exe
  2⤵
  PID:6396
- C:\Windows\System\WkjotPn.exe
  C:\Windows\System\WkjotPn.exe
  2⤵
  PID:6420
- C:\Windows\System\iQqOlFp.exe
  C:\Windows\System\iQqOlFp.exe
  2⤵
  PID:6436
- C:\Windows\System\OUKjURE.exe
  C:\Windows\System\OUKjURE.exe
  2⤵
  PID:6460
- C:\Windows\System\AcKiQJh.exe
  C:\Windows\System\AcKiQJh.exe
  2⤵
  PID:6488
- C:\Windows\System\kQLGBus.exe
  C:\Windows\System\kQLGBus.exe
  2⤵
  PID:6508
- C:\Windows\System\GKiNgZd.exe
  C:\Windows\System\GKiNgZd.exe
  2⤵
  PID:6528
- C:\Windows\System\syWwWnb.exe
  C:\Windows\System\syWwWnb.exe
  2⤵
  PID:6556
- C:\Windows\System\tjWOGfL.exe
  C:\Windows\System\tjWOGfL.exe
  2⤵
  PID:6596
- C:\Windows\System\LGcbPyC.exe
  C:\Windows\System\LGcbPyC.exe
  2⤵
  PID:6624
- C:\Windows\System\aZxCPSy.exe
  C:\Windows\System\aZxCPSy.exe
  2⤵
  PID:6648
- C:\Windows\System\BAedKtP.exe
  C:\Windows\System\BAedKtP.exe
  2⤵
  PID:6672
- C:\Windows\System\VLiQXsn.exe
  C:\Windows\System\VLiQXsn.exe
  2⤵
  PID:6688
- C:\Windows\System\hBMowoF.exe
  C:\Windows\System\hBMowoF.exe
  2⤵
  PID:6708
- C:\Windows\System\cWzHLaZ.exe
  C:\Windows\System\cWzHLaZ.exe
  2⤵
  PID:6732
- C:\Windows\System\JlrnfSY.exe
  C:\Windows\System\JlrnfSY.exe
  2⤵
  PID:6752
- C:\Windows\System\DCIzeED.exe
  C:\Windows\System\DCIzeED.exe
  2⤵
  PID:6916
- C:\Windows\System\NGcZXeO.exe
  C:\Windows\System\NGcZXeO.exe
  2⤵
  PID:6932
- C:\Windows\System\TtyCXMt.exe
  C:\Windows\System\TtyCXMt.exe
  2⤵
  PID:6948
- C:\Windows\System\AnfGGER.exe
  C:\Windows\System\AnfGGER.exe
  2⤵
  PID:6964
- C:\Windows\System\VVZWgmF.exe
  C:\Windows\System\VVZWgmF.exe
  2⤵
  PID:6980
- C:\Windows\System\dicerPo.exe
  C:\Windows\System\dicerPo.exe
  2⤵
  PID:6996
- C:\Windows\System\CRxRwva.exe
  C:\Windows\System\CRxRwva.exe
  2⤵
  PID:7012
- C:\Windows\System\vUmkJiS.exe
  C:\Windows\System\vUmkJiS.exe
  2⤵
  PID:7028
- C:\Windows\System\TKzhLJP.exe
  C:\Windows\System\TKzhLJP.exe
  2⤵
  PID:7044
- C:\Windows\System\FbLHqJg.exe
  C:\Windows\System\FbLHqJg.exe
  2⤵
  PID:7060
- C:\Windows\System\UQLAqde.exe
  C:\Windows\System\UQLAqde.exe
  2⤵
  PID:7076
- C:\Windows\System\SYqXLct.exe
  C:\Windows\System\SYqXLct.exe
  2⤵
  PID:7092
- C:\Windows\System\MfvcqOv.exe
  C:\Windows\System\MfvcqOv.exe
  2⤵
  PID:7108
- C:\Windows\System\NeAKGPc.exe
  C:\Windows\System\NeAKGPc.exe
  2⤵
  PID:7124
- C:\Windows\System\ssNNRIq.exe
  C:\Windows\System\ssNNRIq.exe
  2⤵
  PID:7140
- C:\Windows\System\MuHSVKV.exe
  C:\Windows\System\MuHSVKV.exe
  2⤵
  PID:7156
- C:\Windows\System\ECmSaEL.exe
  C:\Windows\System\ECmSaEL.exe
  2⤵
  PID:5652
- C:\Windows\System\ZwVhlYZ.exe
  C:\Windows\System\ZwVhlYZ.exe
  2⤵
  PID:5684
- C:\Windows\System\pTaSbCY.exe
  C:\Windows\System\pTaSbCY.exe
  2⤵
  PID:5712
- C:\Windows\System\cLITPLv.exe
  C:\Windows\System\cLITPLv.exe
  2⤵
  PID:5744
- C:\Windows\System\ppDDMgt.exe
  C:\Windows\System\ppDDMgt.exe
  2⤵
  PID:3600
- C:\Windows\System\YxMeASp.exe
  C:\Windows\System\YxMeASp.exe
  2⤵
  PID:6092
- C:\Windows\System\gsmzJEp.exe
  C:\Windows\System\gsmzJEp.exe
  2⤵
  PID:6032
- C:\Windows\System\jmiwLQP.exe
  C:\Windows\System\jmiwLQP.exe
  2⤵
  PID:2964
- C:\Windows\System\jTKPkKD.exe
  C:\Windows\System\jTKPkKD.exe
  2⤵
  PID:5892
- C:\Windows\System\IAIuhff.exe
  C:\Windows\System\IAIuhff.exe
  2⤵
  PID:5832
- C:\Windows\System\fDZjueH.exe
  C:\Windows\System\fDZjueH.exe
  2⤵
  PID:5808
- C:\Windows\System\xXjuqMC.exe
  C:\Windows\System\xXjuqMC.exe
  2⤵
  PID:1916
- C:\Windows\System\WnyvadA.exe
  C:\Windows\System\WnyvadA.exe
  2⤵
  PID:4556
- C:\Windows\System\NcgIdGr.exe
  C:\Windows\System\NcgIdGr.exe
  2⤵
  PID:2392
- C:\Windows\System\sepbqKM.exe
  C:\Windows\System\sepbqKM.exe
  2⤵
  PID:5972
- C:\Windows\System\zGQcbdb.exe
  C:\Windows\System\zGQcbdb.exe
  2⤵
  PID:5404
- C:\Windows\System\pqRMjGI.exe
  C:\Windows\System\pqRMjGI.exe
  2⤵
  PID:5180
- C:\Windows\System\NLVIpDq.exe
  C:\Windows\System\NLVIpDq.exe
  2⤵
  PID:6240
- C:\Windows\System\jznAkEI.exe
  C:\Windows\System\jznAkEI.exe
  2⤵
  PID:6408
- C:\Windows\System\szbQglZ.exe
  C:\Windows\System\szbQglZ.exe
  2⤵
  PID:536
- C:\Windows\System\CFrULSu.exe
  C:\Windows\System\CFrULSu.exe
  2⤵
  PID:5132
- C:\Windows\System\CICHwYV.exe
  C:\Windows\System\CICHwYV.exe
  2⤵
  PID:5300
- C:\Windows\System\aEyWQTe.exe
  C:\Windows\System\aEyWQTe.exe
  2⤵
  PID:6180
- C:\Windows\System\mCUMrpP.exe
  C:\Windows\System\mCUMrpP.exe
  2⤵
  PID:6220
- C:\Windows\System\LcZDxhJ.exe
  C:\Windows\System\LcZDxhJ.exe
  2⤵
  PID:6280
- C:\Windows\System\jNTBENQ.exe
  C:\Windows\System\jNTBENQ.exe
  2⤵
  PID:6344
- C:\Windows\System\uPwcXWY.exe
  C:\Windows\System\uPwcXWY.exe
  2⤵
  PID:6404
- C:\Windows\System\Pbhvqrc.exe
  C:\Windows\System\Pbhvqrc.exe
  2⤵
  PID:6456
- C:\Windows\System\coYqdIL.exe
  C:\Windows\System\coYqdIL.exe
  2⤵
  PID:6524
- C:\Windows\System\YiHnYHt.exe
  C:\Windows\System\YiHnYHt.exe
  2⤵
  PID:6572
- C:\Windows\System\NeuxadM.exe
  C:\Windows\System\NeuxadM.exe
  2⤵
  PID:6668
- C:\Windows\System\fQvzUry.exe
  C:\Windows\System\fQvzUry.exe
  2⤵
  PID:6720
- C:\Windows\System\SzTkscL.exe
  C:\Windows\System\SzTkscL.exe
  2⤵
  PID:7184
- C:\Windows\System\kjrKjro.exe
  C:\Windows\System\kjrKjro.exe
  2⤵
  PID:7204
- C:\Windows\System\GUmkHps.exe
  C:\Windows\System\GUmkHps.exe
  2⤵
  PID:7224
- C:\Windows\System\gkVWnVM.exe
  C:\Windows\System\gkVWnVM.exe
  2⤵
  PID:7248
- C:\Windows\System\goRxPnc.exe
  C:\Windows\System\goRxPnc.exe
  2⤵
  PID:7268
- C:\Windows\System\fttctSX.exe
  C:\Windows\System\fttctSX.exe
  2⤵
  PID:7292
- C:\Windows\System\UtsVVfp.exe
  C:\Windows\System\UtsVVfp.exe
  2⤵
  PID:7320
- C:\Windows\System\cSwWcVE.exe
  C:\Windows\System\cSwWcVE.exe
  2⤵
  PID:7336
- C:\Windows\System\NetXNwV.exe
  C:\Windows\System\NetXNwV.exe
  2⤵
  PID:7360
- C:\Windows\System\JJxuXHo.exe
  C:\Windows\System\JJxuXHo.exe
  2⤵
  PID:7388
- C:\Windows\System\nAXdqey.exe
  C:\Windows\System\nAXdqey.exe
  2⤵
  PID:7404
- C:\Windows\System\HAfdDNR.exe
  C:\Windows\System\HAfdDNR.exe
  2⤵
  PID:7428
- C:\Windows\System\PwmHXAH.exe
  C:\Windows\System\PwmHXAH.exe
  2⤵
  PID:7452
- C:\Windows\System\UrfUlIV.exe
  C:\Windows\System\UrfUlIV.exe
  2⤵
  PID:7472
- C:\Windows\System\nOuHOWR.exe
  C:\Windows\System\nOuHOWR.exe
  2⤵
  PID:7492
- C:\Windows\System\qQibGGN.exe
  C:\Windows\System\qQibGGN.exe
  2⤵
  PID:7524
- C:\Windows\System\uzMLtGC.exe
  C:\Windows\System\uzMLtGC.exe
  2⤵
  PID:7540
- C:\Windows\System\fPFtEMq.exe
  C:\Windows\System\fPFtEMq.exe
  2⤵
  PID:7556
- C:\Windows\System\yUZOrwG.exe
  C:\Windows\System\yUZOrwG.exe
  2⤵
  PID:7572
- C:\Windows\System\oVcqSry.exe
  C:\Windows\System\oVcqSry.exe
  2⤵
  PID:7588
- C:\Windows\System\xGwtQHz.exe
  C:\Windows\System\xGwtQHz.exe
  2⤵
  PID:7604
- C:\Windows\System\MKWDFyd.exe
  C:\Windows\System\MKWDFyd.exe
  2⤵
  PID:7624
- C:\Windows\System\yJasuqX.exe
  C:\Windows\System\yJasuqX.exe
  2⤵
  PID:7640
- C:\Windows\System\xTmkOSC.exe
  C:\Windows\System\xTmkOSC.exe
  2⤵
  PID:7660
- C:\Windows\System\EnwOzvK.exe
  C:\Windows\System\EnwOzvK.exe
  2⤵
  PID:7680
- C:\Windows\System\BriwWGd.exe
  C:\Windows\System\BriwWGd.exe
  2⤵
  PID:7700
- C:\Windows\System\BHCFwdh.exe
  C:\Windows\System\BHCFwdh.exe
  2⤵
  PID:7720
- C:\Windows\System\RpsHwBK.exe
  C:\Windows\System\RpsHwBK.exe
  2⤵
  PID:7736
- C:\Windows\System\YgKnESQ.exe
  C:\Windows\System\YgKnESQ.exe
  2⤵
  PID:7756
- C:\Windows\System\dEVGTND.exe
  C:\Windows\System\dEVGTND.exe
  2⤵
  PID:7884
- C:\Windows\System\XiMyKqB.exe
  C:\Windows\System\XiMyKqB.exe
  2⤵
  PID:7904
- C:\Windows\System\wjWzrQY.exe
  C:\Windows\System\wjWzrQY.exe
  2⤵
  PID:7920
- C:\Windows\System\coIONIV.exe
  C:\Windows\System\coIONIV.exe
  2⤵
  PID:7940
- C:\Windows\System\WqJgPEC.exe
  C:\Windows\System\WqJgPEC.exe
  2⤵
  PID:7960
- C:\Windows\System\KnHbenh.exe
  C:\Windows\System\KnHbenh.exe
  2⤵
  PID:7980
- C:\Windows\System\wpRzRWz.exe
  C:\Windows\System\wpRzRWz.exe
  2⤵
  PID:8000
- C:\Windows\System\bqIRctT.exe
  C:\Windows\System\bqIRctT.exe
  2⤵
  PID:8016
- C:\Windows\System\hktoHoH.exe
  C:\Windows\System\hktoHoH.exe
  2⤵
  PID:8044
- C:\Windows\System\tOEouud.exe
  C:\Windows\System\tOEouud.exe
  2⤵
  PID:8068
- C:\Windows\System\fuMLFxp.exe
  C:\Windows\System\fuMLFxp.exe
  2⤵
  PID:8096
- C:\Windows\System\ZYroPlg.exe
  C:\Windows\System\ZYroPlg.exe
  2⤵
  PID:8128
- C:\Windows\System\zVLUUOf.exe
  C:\Windows\System\zVLUUOf.exe
  2⤵
  PID:8172
- C:\Windows\System\KsBOkpb.exe
  C:\Windows\System\KsBOkpb.exe
  2⤵
  PID:6704
- C:\Windows\System\naBApUh.exe
  C:\Windows\System\naBApUh.exe
  2⤵
  PID:5776
- C:\Windows\System\TPaojkw.exe
  C:\Windows\System\TPaojkw.exe
  2⤵
  PID:6484
- C:\Windows\System\INYTDbB.exe
  C:\Windows\System\INYTDbB.exe
  2⤵
  PID:8216
- C:\Windows\System\YjCvDfP.exe
  C:\Windows\System\YjCvDfP.exe
  2⤵
  PID:8236
- C:\Windows\System\pSxkJOP.exe
  C:\Windows\System\pSxkJOP.exe
  2⤵
  PID:8252
- C:\Windows\System\QOGTESZ.exe
  C:\Windows\System\QOGTESZ.exe
  2⤵
  PID:8280
- C:\Windows\System\CHiduWO.exe
  C:\Windows\System\CHiduWO.exe
  2⤵
  PID:8300
- C:\Windows\System\GVnPQIH.exe
  C:\Windows\System\GVnPQIH.exe
  2⤵
  PID:8316
- C:\Windows\System\iEaUnaq.exe
  C:\Windows\System\iEaUnaq.exe
  2⤵
  PID:8340
- C:\Windows\System\bDUTCMC.exe
  C:\Windows\System\bDUTCMC.exe
  2⤵
  PID:8364
- C:\Windows\System\vCHgiiu.exe
  C:\Windows\System\vCHgiiu.exe
  2⤵
  PID:8384
- C:\Windows\System\GnGPezX.exe
  C:\Windows\System\GnGPezX.exe
  2⤵
  PID:8404
- C:\Windows\System\CELhQBY.exe
  C:\Windows\System\CELhQBY.exe
  2⤵
  PID:8420
- C:\Windows\System\mHNFEjT.exe
  C:\Windows\System\mHNFEjT.exe
  2⤵
  PID:8436
- C:\Windows\System\spASWgU.exe
  C:\Windows\System\spASWgU.exe
  2⤵
  PID:8500
- C:\Windows\System\xXFTgxn.exe
  C:\Windows\System\xXFTgxn.exe
  2⤵
  PID:8516
- C:\Windows\System\DrPNstL.exe
  C:\Windows\System\DrPNstL.exe
  2⤵
  PID:8532
- C:\Windows\System\LwjrmNd.exe
  C:\Windows\System\LwjrmNd.exe
  2⤵
  PID:8548
- C:\Windows\System\gQBZKti.exe
  C:\Windows\System\gQBZKti.exe
  2⤵
  PID:8564
- C:\Windows\System\hEbdpZB.exe
  C:\Windows\System\hEbdpZB.exe
  2⤵
  PID:8584
- C:\Windows\System\BCLTDOY.exe
  C:\Windows\System\BCLTDOY.exe
  2⤵
  PID:8600
- C:\Windows\System\KNRLklz.exe
  C:\Windows\System\KNRLklz.exe
  2⤵
  PID:8620
- C:\Windows\System\jjunZrS.exe
  C:\Windows\System\jjunZrS.exe
  2⤵
  PID:8636
- C:\Windows\System\zInOCDS.exe
  C:\Windows\System\zInOCDS.exe
  2⤵
  PID:8656
- C:\Windows\System\mpgutLY.exe
  C:\Windows\System\mpgutLY.exe
  2⤵
  PID:8672
- C:\Windows\System\jKQDdxd.exe
  C:\Windows\System\jKQDdxd.exe
  2⤵
  PID:8688
- C:\Windows\System\ixIurCt.exe
  C:\Windows\System\ixIurCt.exe
  2⤵
  PID:8708
- C:\Windows\System\MOZbyNm.exe
  C:\Windows\System\MOZbyNm.exe
  2⤵
  PID:8728
- C:\Windows\System\TcqrClu.exe
  C:\Windows\System\TcqrClu.exe
  2⤵
  PID:8748
- C:\Windows\System\EhdzOmC.exe
  C:\Windows\System\EhdzOmC.exe
  2⤵
  PID:8772
- C:\Windows\System\qLirocC.exe
  C:\Windows\System\qLirocC.exe
  2⤵
  PID:8800
- C:\Windows\System\oTPxEzy.exe
  C:\Windows\System\oTPxEzy.exe
  2⤵
  PID:8820
- C:\Windows\System\ZPRdmqq.exe
  C:\Windows\System\ZPRdmqq.exe
  2⤵
  PID:8844
- C:\Windows\System\WbmSYvo.exe
  C:\Windows\System\WbmSYvo.exe
  2⤵
  PID:8872
- C:\Windows\System\TgAEEGM.exe
  C:\Windows\System\TgAEEGM.exe
  2⤵
  PID:8888
- C:\Windows\System\UsceBZa.exe
  C:\Windows\System\UsceBZa.exe
  2⤵
  PID:8912
- C:\Windows\System\hhBuaef.exe
  C:\Windows\System\hhBuaef.exe
  2⤵
  PID:8936
- C:\Windows\System\JUeHPLM.exe
  C:\Windows\System\JUeHPLM.exe
  2⤵
  PID:8956
- C:\Windows\System\nGdnZLj.exe
  C:\Windows\System\nGdnZLj.exe
  2⤵
  PID:8976
- C:\Windows\System\GLNmIVa.exe
  C:\Windows\System\GLNmIVa.exe
  2⤵
  PID:9000
- C:\Windows\System\IvCrMXW.exe
  C:\Windows\System\IvCrMXW.exe
  2⤵
  PID:9016
- C:\Windows\System\HpyIojG.exe
  C:\Windows\System\HpyIojG.exe
  2⤵
  PID:9040
- C:\Windows\System\jrltSQW.exe
  C:\Windows\System\jrltSQW.exe
  2⤵
  PID:9064
- C:\Windows\System\tGKqMxu.exe
  C:\Windows\System\tGKqMxu.exe
  2⤵
  PID:9176
- C:\Windows\System\YncPDFY.exe
  C:\Windows\System\YncPDFY.exe
  2⤵
  PID:9204
- C:\Windows\System\qXHoskU.exe
  C:\Windows\System\qXHoskU.exe
  2⤵
  PID:7284
- C:\Windows\System\nrYEPnc.exe
  C:\Windows\System\nrYEPnc.exe
  2⤵
  PID:7368
- C:\Windows\System\epZUDbM.exe
  C:\Windows\System\epZUDbM.exe
  2⤵
  PID:7500
- C:\Windows\System\kFHXqYz.exe
  C:\Windows\System\kFHXqYz.exe
  2⤵
  PID:7564
- C:\Windows\System\vPZJNDv.exe
  C:\Windows\System\vPZJNDv.exe
  2⤵
  PID:3328
- C:\Windows\System\FOPyJQS.exe
  C:\Windows\System\FOPyJQS.exe
  2⤵
  PID:6156
- C:\Windows\System\XVOtgno.exe
  C:\Windows\System\XVOtgno.exe
  2⤵
  PID:6924
- C:\Windows\System\nlkGxqo.exe
  C:\Windows\System\nlkGxqo.exe
  2⤵
  PID:6960
- C:\Windows\System\kljzWaP.exe
  C:\Windows\System\kljzWaP.exe
  2⤵
  PID:7004
- C:\Windows\System\QdcqlzI.exe
  C:\Windows\System\QdcqlzI.exe
  2⤵
  PID:7052
- C:\Windows\System\emADPCR.exe
  C:\Windows\System\emADPCR.exe
  2⤵
  PID:7100
- C:\Windows\System\YrLTuXG.exe
  C:\Windows\System\YrLTuXG.exe
  2⤵
  PID:7136
- C:\Windows\System\PUomJZn.exe
  C:\Windows\System\PUomJZn.exe
  2⤵
  PID:5584
- C:\Windows\System\aOeCAMp.exe
  C:\Windows\System\aOeCAMp.exe
  2⤵
  PID:5676
- C:\Windows\System\lBxsjoD.exe
  C:\Windows\System\lBxsjoD.exe
  2⤵
  PID:6120
- C:\Windows\System\NrqZrqk.exe
  C:\Windows\System\NrqZrqk.exe
  2⤵
  PID:5928
- C:\Windows\System\bYCpDad.exe
  C:\Windows\System\bYCpDad.exe
  2⤵
  PID:5824
- C:\Windows\System\NvBgHNk.exe
  C:\Windows\System\NvBgHNk.exe
  2⤵
  PID:4616
- C:\Windows\System\FUrdRJr.exe
  C:\Windows\System\FUrdRJr.exe
  2⤵
  PID:5948
- C:\Windows\System\emzndGA.exe
  C:\Windows\System\emzndGA.exe
  2⤵
  PID:6152
- C:\Windows\System\VwRMUQq.exe
  C:\Windows\System\VwRMUQq.exe
  2⤵
  PID:1432
- C:\Windows\System\jGZNHNR.exe
  C:\Windows\System\jGZNHNR.exe
  2⤵
  PID:6196
- C:\Windows\System\ntihJsT.exe
  C:\Windows\System\ntihJsT.exe
  2⤵
  PID:6300
- C:\Windows\System\GXdOCEH.exe
  C:\Windows\System\GXdOCEH.exe
  2⤵
  PID:6548
- C:\Windows\System\LbcyqnI.exe
  C:\Windows\System\LbcyqnI.exe
  2⤵
  PID:6696
- C:\Windows\System\pZVEYUg.exe
  C:\Windows\System\pZVEYUg.exe
  2⤵
  PID:7180
- C:\Windows\System\GcXuPOY.exe
  C:\Windows\System\GcXuPOY.exe
  2⤵
  PID:7260
- C:\Windows\System\cwnpwNp.exe
  C:\Windows\System\cwnpwNp.exe
  2⤵
  PID:7400
- C:\Windows\System\iTYwgCM.exe
  C:\Windows\System\iTYwgCM.exe
  2⤵
  PID:7464
- C:\Windows\System\YJUpNGi.exe
  C:\Windows\System\YJUpNGi.exe
  2⤵
  PID:7568
- C:\Windows\System\kniyMdy.exe
  C:\Windows\System\kniyMdy.exe
  2⤵
  PID:7620
- C:\Windows\System\ZwOVxkq.exe
  C:\Windows\System\ZwOVxkq.exe
  2⤵
  PID:7676
- C:\Windows\System\iBWLsmw.exe
  C:\Windows\System\iBWLsmw.exe
  2⤵
  PID:7712
- C:\Windows\System\fyrdZSh.exe
  C:\Windows\System\fyrdZSh.exe
  2⤵
  PID:7748
- C:\Windows\System\gcjxDyB.exe
  C:\Windows\System\gcjxDyB.exe
  2⤵
  PID:7892
- C:\Windows\System\qDDYHEd.exe
  C:\Windows\System\qDDYHEd.exe
  2⤵
  PID:7928
- C:\Windows\System\MOdKoxs.exe
  C:\Windows\System\MOdKoxs.exe
  2⤵
  PID:7956
- C:\Windows\System\caXcNtb.exe
  C:\Windows\System\caXcNtb.exe
  2⤵
  PID:7996
- C:\Windows\System\vkSrtwX.exe
  C:\Windows\System\vkSrtwX.exe
  2⤵
  PID:8060
- C:\Windows\System\ExbyPCz.exe
  C:\Windows\System\ExbyPCz.exe
  2⤵
  PID:8116
- C:\Windows\System\iCdqPsW.exe
  C:\Windows\System\iCdqPsW.exe
  2⤵
  PID:5620
- C:\Windows\System\VpxewCN.exe
  C:\Windows\System\VpxewCN.exe
  2⤵
  PID:8204
- C:\Windows\System\MPVONqU.exe
  C:\Windows\System\MPVONqU.exe
  2⤵
  PID:8248
- C:\Windows\System\FBFWBWW.exe
  C:\Windows\System\FBFWBWW.exe
  2⤵
  PID:8292
- C:\Windows\System\XZGXoDb.exe
  C:\Windows\System\XZGXoDb.exe
  2⤵
  PID:8324
- C:\Windows\System\yVkZzhG.exe
  C:\Windows\System\yVkZzhG.exe
  2⤵
  PID:8352
- C:\Windows\System\zYKXgns.exe
  C:\Windows\System\zYKXgns.exe
  2⤵
  PID:8392
- C:\Windows\System\EcLiECN.exe
  C:\Windows\System\EcLiECN.exe
  2⤵
  PID:8432
- C:\Windows\System\wnGlRCa.exe
  C:\Windows\System\wnGlRCa.exe
  2⤵
  PID:8460
- C:\Windows\System\sulzkwN.exe
  C:\Windows\System\sulzkwN.exe
  2⤵
  PID:8508
- C:\Windows\System\BFPtzOZ.exe
  C:\Windows\System\BFPtzOZ.exe
  2⤵
  PID:8544
- C:\Windows\System\sWQuUlO.exe
  C:\Windows\System\sWQuUlO.exe
  2⤵
  PID:8580
- C:\Windows\System\MPpbxSj.exe
  C:\Windows\System\MPpbxSj.exe
  2⤵
  PID:8632
- C:\Windows\System\SpGCNhm.exe
  C:\Windows\System\SpGCNhm.exe
  2⤵
  PID:8668
- C:\Windows\System\cbmPNwR.exe
  C:\Windows\System\cbmPNwR.exe
  2⤵
  PID:8720
- C:\Windows\System\zLGoWxW.exe
  C:\Windows\System\zLGoWxW.exe
  2⤵
  PID:8768
- C:\Windows\System\MIMVvtN.exe
  C:\Windows\System\MIMVvtN.exe
  2⤵
  PID:8828
- C:\Windows\System\hXgoXVp.exe
  C:\Windows\System\hXgoXVp.exe
  2⤵
  PID:8880
- C:\Windows\System\adGMgsx.exe
  C:\Windows\System\adGMgsx.exe
  2⤵
  PID:8920
- C:\Windows\System\cJdoUVR.exe
  C:\Windows\System\cJdoUVR.exe
  2⤵
  PID:8952
- C:\Windows\System\kSsJVfH.exe
  C:\Windows\System\kSsJVfH.exe
  2⤵
  PID:8996
- C:\Windows\System\zHdjASG.exe
  C:\Windows\System\zHdjASG.exe
  2⤵
  PID:9048
- C:\Windows\System\iFBnWAR.exe
  C:\Windows\System\iFBnWAR.exe
  2⤵
  PID:9084
- C:\Windows\System\hqiQwtm.exe
  C:\Windows\System\hqiQwtm.exe
  2⤵
  PID:3612
- C:\Windows\System\sTbbkCh.exe
  C:\Windows\System\sTbbkCh.exe
  2⤵
  PID:2528
- C:\Windows\System\bmdWcrf.exe
  C:\Windows\System\bmdWcrf.exe
  2⤵
  PID:60
- C:\Windows\System\vrKzWqe.exe
  C:\Windows\System\vrKzWqe.exe
  2⤵
  PID:4924
- C:\Windows\System\slsBXYj.exe
  C:\Windows\System\slsBXYj.exe
  2⤵
  PID:3660
- C:\Windows\System\XgPKTru.exe
  C:\Windows\System\XgPKTru.exe
  2⤵
  PID:1276
- C:\Windows\System\dkeIWRk.exe
  C:\Windows\System\dkeIWRk.exe
  2⤵
  PID:3564
- C:\Windows\System\SqzzxEx.exe
  C:\Windows\System\SqzzxEx.exe
  2⤵
  PID:384
- C:\Windows\System\UBBJmDi.exe
  C:\Windows\System\UBBJmDi.exe
  2⤵
  PID:1148
- C:\Windows\System\EOHguqo.exe
  C:\Windows\System\EOHguqo.exe
  2⤵
  PID:32
- C:\Windows\System\xKiPYqA.exe
  C:\Windows\System\xKiPYqA.exe
  2⤵
  PID:3480
- C:\Windows\System\zxnNSio.exe
  C:\Windows\System\zxnNSio.exe
  2⤵
  PID:1636
- C:\Windows\System\sBmrptE.exe
  C:\Windows\System\sBmrptE.exe
  2⤵
  PID:5340
- C:\Windows\System\VwIWpsz.exe
  C:\Windows\System\VwIWpsz.exe
  2⤵
  PID:3060
- C:\Windows\System\oAsBLJZ.exe
  C:\Windows\System\oAsBLJZ.exe
  2⤵
  PID:7352
- C:\Windows\System\evQqEai.exe
  C:\Windows\System\evQqEai.exe
  2⤵
  PID:9232
- C:\Windows\System\FFSupyf.exe
  C:\Windows\System\FFSupyf.exe
  2⤵
  PID:9256
- C:\Windows\System\pMGfNNt.exe
  C:\Windows\System\pMGfNNt.exe
  2⤵
  PID:9280
- C:\Windows\System\sLmMVjC.exe
  C:\Windows\System\sLmMVjC.exe
  2⤵
  PID:9300
- C:\Windows\System\MwCqMKh.exe
  C:\Windows\System\MwCqMKh.exe
  2⤵
  PID:9324
- C:\Windows\System\ItDffmF.exe
  C:\Windows\System\ItDffmF.exe
  2⤵
  PID:9348
- C:\Windows\System\CDwKUWR.exe
  C:\Windows\System\CDwKUWR.exe
  2⤵
  PID:9368
- C:\Windows\System\ObfphGx.exe
  C:\Windows\System\ObfphGx.exe
  2⤵
  PID:9392
- C:\Windows\System\rCRdilg.exe
  C:\Windows\System\rCRdilg.exe
  2⤵
  PID:9416
- C:\Windows\System\QeADsNt.exe
  C:\Windows\System\QeADsNt.exe
  2⤵
  PID:9440
- C:\Windows\System\CXfRDya.exe
  C:\Windows\System\CXfRDya.exe
  2⤵
  PID:9472
- C:\Windows\System\CQQjFSP.exe
  C:\Windows\System\CQQjFSP.exe
  2⤵
  PID:9496
- C:\Windows\System\upFRLeV.exe
  C:\Windows\System\upFRLeV.exe
  2⤵
  PID:9520
- C:\Windows\System\ynATQCg.exe
  C:\Windows\System\ynATQCg.exe
  2⤵
  PID:9548
- C:\Windows\System\ANTBXMn.exe
  C:\Windows\System\ANTBXMn.exe
  2⤵
  PID:9568
- C:\Windows\System\GujkfgV.exe
  C:\Windows\System\GujkfgV.exe
  2⤵
  PID:9592
- C:\Windows\System\QsEMyoO.exe
  C:\Windows\System\QsEMyoO.exe
  2⤵
  PID:9612
- C:\Windows\System\ZtjfSbV.exe
  C:\Windows\System\ZtjfSbV.exe
  2⤵
  PID:9636
- C:\Windows\System\mLYqrvt.exe
  C:\Windows\System\mLYqrvt.exe
  2⤵
  PID:9664
- C:\Windows\System\AeSTYRP.exe
  C:\Windows\System\AeSTYRP.exe
  2⤵
  PID:9684
- C:\Windows\System\jkWtYou.exe
  C:\Windows\System\jkWtYou.exe
  2⤵
  PID:9704
- C:\Windows\System\afQgJFD.exe
  C:\Windows\System\afQgJFD.exe
  2⤵
  PID:9724
- C:\Windows\System\nRGoitt.exe
  C:\Windows\System\nRGoitt.exe
  2⤵
  PID:9752
- C:\Windows\System\pofUPnu.exe
  C:\Windows\System\pofUPnu.exe
  2⤵
  PID:9780
- C:\Windows\System\HupFMjC.exe
  C:\Windows\System\HupFMjC.exe
  2⤵
  PID:9800
- C:\Windows\System\GxSrblS.exe
  C:\Windows\System\GxSrblS.exe
  2⤵
  PID:9824
- C:\Windows\System\iPFlLUQ.exe
  C:\Windows\System\iPFlLUQ.exe
  2⤵
  PID:9840
- C:\Windows\System\UNGsWFJ.exe
  C:\Windows\System\UNGsWFJ.exe
  2⤵
  PID:9864
- C:\Windows\System\dusZRjg.exe
  C:\Windows\System\dusZRjg.exe
  2⤵
  PID:9884
- C:\Windows\System\zUnLmPz.exe
  C:\Windows\System\zUnLmPz.exe
  2⤵
  PID:9908
- C:\Windows\System\yKKGSdW.exe
  C:\Windows\System\yKKGSdW.exe
  2⤵
  PID:9932
- C:\Windows\System\FRxMRFK.exe
  C:\Windows\System\FRxMRFK.exe
  2⤵
  PID:9964
- C:\Windows\System\LgNvNZP.exe
  C:\Windows\System\LgNvNZP.exe
  2⤵
  PID:9988
- C:\Windows\System\nqztuCu.exe
  C:\Windows\System\nqztuCu.exe
  2⤵
  PID:10012
- C:\Windows\System\cklbDrN.exe
  C:\Windows\System\cklbDrN.exe
  2⤵
  PID:10032
- C:\Windows\System\xmQCNkB.exe
  C:\Windows\System\xmQCNkB.exe
  2⤵
  PID:10052
- C:\Windows\System\uXFplaL.exe
  C:\Windows\System\uXFplaL.exe
  2⤵
  PID:10080
- C:\Windows\System\SpEQDhJ.exe
  C:\Windows\System\SpEQDhJ.exe
  2⤵
  PID:10100
- C:\Windows\System\wVTSKxu.exe
  C:\Windows\System\wVTSKxu.exe
  2⤵
  PID:10124
- C:\Windows\System\CxFzUyD.exe
  C:\Windows\System\CxFzUyD.exe
  2⤵
  PID:10148
- C:\Windows\System\VAmrZng.exe
  C:\Windows\System\VAmrZng.exe
  2⤵
  PID:10172
- C:\Windows\System\OzPgCML.exe
  C:\Windows\System\OzPgCML.exe
  2⤵
  PID:10192
- C:\Windows\System\XgQLAhx.exe
  C:\Windows\System\XgQLAhx.exe
  2⤵
  PID:10220
- C:\Windows\System\lBSQIDI.exe
  C:\Windows\System\lBSQIDI.exe
  2⤵
  PID:10236
- C:\Windows\System\CyFGNsb.exe
  C:\Windows\System\CyFGNsb.exe
  2⤵
  PID:7020
- C:\Windows\System\tfturkn.exe
  C:\Windows\System\tfturkn.exe
  2⤵
  PID:4464
- C:\Windows\System\WIMEmeg.exe
  C:\Windows\System\WIMEmeg.exe
  2⤵
  PID:6640
- C:\Windows\System\yHypRXl.exe
  C:\Windows\System\yHypRXl.exe
  2⤵
  PID:7436
- C:\Windows\System\dljSVSd.exe
  C:\Windows\System\dljSVSd.exe
  2⤵
  PID:7912
- C:\Windows\System\VRDEBEe.exe
  C:\Windows\System\VRDEBEe.exe
  2⤵
  PID:8024
- C:\Windows\System\WzrKmKt.exe
  C:\Windows\System\WzrKmKt.exe
  2⤵
  PID:8232
- C:\Windows\System\dOeUhnw.exe
  C:\Windows\System\dOeUhnw.exe
  2⤵
  PID:8376
- C:\Windows\System\cxEbazq.exe
  C:\Windows\System\cxEbazq.exe
  2⤵
  PID:8484
- C:\Windows\System\EVBiKKC.exe
  C:\Windows\System\EVBiKKC.exe
  2⤵
  PID:8608
- C:\Windows\System\RKDVFqf.exe
  C:\Windows\System\RKDVFqf.exe
  2⤵
  PID:8756
- C:\Windows\System\SmKSQLt.exe
  C:\Windows\System\SmKSQLt.exe
  2⤵
  PID:8968
- C:\Windows\System\PgcYLVn.exe
  C:\Windows\System\PgcYLVn.exe
  2⤵
  PID:9060
- C:\Windows\System\DGmKALg.exe
  C:\Windows\System\DGmKALg.exe
  2⤵
  PID:2948
- C:\Windows\System\ALcSjHX.exe
  C:\Windows\System\ALcSjHX.exe
  2⤵
  PID:4436
- C:\Windows\System\vBbayZo.exe
  C:\Windows\System\vBbayZo.exe
  2⤵
  PID:4376
- C:\Windows\System\QknTIMG.exe
  C:\Windows\System\QknTIMG.exe
  2⤵
  PID:4812
- C:\Windows\System\BCPNOlx.exe
  C:\Windows\System\BCPNOlx.exe
  2⤵
  PID:9212
- C:\Windows\System\ceOoisl.exe
  C:\Windows\System\ceOoisl.exe
  2⤵
  PID:7548
- C:\Windows\System\KCIZIYJ.exe
  C:\Windows\System\KCIZIYJ.exe
  2⤵
  PID:6908
- C:\Windows\System\mFTWevF.exe
  C:\Windows\System\mFTWevF.exe
  2⤵
  PID:6956
- C:\Windows\System\rlOOPGQ.exe
  C:\Windows\System\rlOOPGQ.exe
  2⤵
  PID:9400
- C:\Windows\System\LAbFJZE.exe
  C:\Windows\System\LAbFJZE.exe
  2⤵
  PID:6048
- C:\Windows\System\WgCVItM.exe
  C:\Windows\System\WgCVItM.exe
  2⤵
  PID:9488
- C:\Windows\System\ncPHUSD.exe
  C:\Windows\System\ncPHUSD.exe
  2⤵
  PID:5364
- C:\Windows\System\TDInvvG.exe
  C:\Windows\System\TDInvvG.exe
  2⤵
  PID:10244
- C:\Windows\System\NMRXttp.exe
  C:\Windows\System\NMRXttp.exe
  2⤵
  PID:10260
- C:\Windows\System\BXfFJEk.exe
  C:\Windows\System\BXfFJEk.exe
  2⤵
  PID:10292
- C:\Windows\System\KPjpoee.exe
  C:\Windows\System\KPjpoee.exe
  2⤵
  PID:10312
- C:\Windows\System\FrLquZQ.exe
  C:\Windows\System\FrLquZQ.exe
  2⤵
  PID:10332
- C:\Windows\System\mLIpOjk.exe
  C:\Windows\System\mLIpOjk.exe
  2⤵
  PID:10356
- C:\Windows\System\hRWofkq.exe
  C:\Windows\System\hRWofkq.exe
  2⤵
  PID:10384
- C:\Windows\System\CTpRGTJ.exe
  C:\Windows\System\CTpRGTJ.exe
  2⤵
  PID:10408
- C:\Windows\System\IjDldMG.exe
  C:\Windows\System\IjDldMG.exe
  2⤵
  PID:10428
- C:\Windows\System\vERYydf.exe
  C:\Windows\System\vERYydf.exe
  2⤵
  PID:10456
- C:\Windows\System\QArfHHI.exe
  C:\Windows\System\QArfHHI.exe
  2⤵
  PID:10472
- C:\Windows\System\KfisxGv.exe
  C:\Windows\System\KfisxGv.exe
  2⤵
  PID:10496
- C:\Windows\System\AfHAvGF.exe
  C:\Windows\System\AfHAvGF.exe
  2⤵
  PID:10528
- C:\Windows\System\yoYmYOl.exe
  C:\Windows\System\yoYmYOl.exe
  2⤵
  PID:10560
- C:\Windows\System\ICUUXOO.exe
  C:\Windows\System\ICUUXOO.exe
  2⤵
  PID:10576
- C:\Windows\System\OIfNDjP.exe
  C:\Windows\System\OIfNDjP.exe
  2⤵
  PID:10596
- C:\Windows\System\dHSAFMf.exe
  C:\Windows\System\dHSAFMf.exe
  2⤵
  PID:10620
- C:\Windows\System\FqGEwYW.exe
  C:\Windows\System\FqGEwYW.exe
  2⤵
  PID:10644
- C:\Windows\System\ptzEqKF.exe
  C:\Windows\System\ptzEqKF.exe
  2⤵
  PID:10664
- C:\Windows\System\JdXBMdf.exe
  C:\Windows\System\JdXBMdf.exe
  2⤵
  PID:10688
- C:\Windows\System\LXgTjrA.exe
  C:\Windows\System\LXgTjrA.exe
  2⤵
  PID:10704
- C:\Windows\System\LffSuCF.exe
  C:\Windows\System\LffSuCF.exe
  2⤵
  PID:10724
- C:\Windows\System\CmTpBDW.exe
  C:\Windows\System\CmTpBDW.exe
  2⤵
  PID:10744
- C:\Windows\System\CQceHWE.exe
  C:\Windows\System\CQceHWE.exe
  2⤵
  PID:10764
- C:\Windows\System\xHeIyCY.exe
  C:\Windows\System\xHeIyCY.exe
  2⤵
  PID:10780
- C:\Windows\System\LZWzhSr.exe
  C:\Windows\System\LZWzhSr.exe
  2⤵
  PID:10800
- C:\Windows\System\BRTwhzq.exe
  C:\Windows\System\BRTwhzq.exe
  2⤵
  PID:10824
- C:\Windows\System\CKoVOeg.exe
  C:\Windows\System\CKoVOeg.exe
  2⤵
  PID:10844
- C:\Windows\System\wRDJUCj.exe
  C:\Windows\System\wRDJUCj.exe
  2⤵
  PID:10868
- C:\Windows\System\IKZxGCE.exe
  C:\Windows\System\IKZxGCE.exe
  2⤵
  PID:10888
- C:\Windows\System\clKTuMP.exe
  C:\Windows\System\clKTuMP.exe
  2⤵
  PID:10908
- C:\Windows\System\PQQWhMQ.exe
  C:\Windows\System\PQQWhMQ.exe
  2⤵
  PID:10928
- C:\Windows\System\lniaknj.exe
  C:\Windows\System\lniaknj.exe
  2⤵
  PID:10944
- C:\Windows\System\WwQEbTn.exe
  C:\Windows\System\WwQEbTn.exe
  2⤵
  PID:10960
- C:\Windows\System\JVZutBw.exe
  C:\Windows\System\JVZutBw.exe
  2⤵
  PID:10980
- C:\Windows\System\lLqeMBh.exe
  C:\Windows\System\lLqeMBh.exe
  2⤵
  PID:11000
- C:\Windows\System\QtTDiCQ.exe
  C:\Windows\System\QtTDiCQ.exe
  2⤵
  PID:11020
- C:\Windows\System\qXVNszY.exe
  C:\Windows\System\qXVNszY.exe
  2⤵
  PID:11044
- C:\Windows\System\HIImGQd.exe
  C:\Windows\System\HIImGQd.exe
  2⤵
  PID:11068
- C:\Windows\System\CUhItOx.exe
  C:\Windows\System\CUhItOx.exe
  2⤵
  PID:11088
- C:\Windows\System\loSRXpw.exe
  C:\Windows\System\loSRXpw.exe
  2⤵
  PID:11112
- C:\Windows\System\XoMXGZu.exe
  C:\Windows\System\XoMXGZu.exe
  2⤵
  PID:11128
- C:\Windows\System\eSZAQVr.exe
  C:\Windows\System\eSZAQVr.exe
  2⤵
  PID:11152
- C:\Windows\System\OvhPrsL.exe
  C:\Windows\System\OvhPrsL.exe
  2⤵
  PID:11176
- C:\Windows\System\jXHOjiu.exe
  C:\Windows\System\jXHOjiu.exe
  2⤵
  PID:11204
- C:\Windows\System\cqliiXc.exe
  C:\Windows\System\cqliiXc.exe
  2⤵
  PID:11220
- C:\Windows\System\pLdbmDW.exe
  C:\Windows\System\pLdbmDW.exe
  2⤵
  PID:11240
- C:\Windows\System\NrjjMFG.exe
  C:\Windows\System\NrjjMFG.exe
  2⤵
  PID:11260
- C:\Windows\System\TIodjWz.exe
  C:\Windows\System\TIodjWz.exe
  2⤵
  PID:9732
- C:\Windows\System\qqvGHGV.exe
  C:\Windows\System\qqvGHGV.exe
  2⤵
  PID:9852
- C:\Windows\System\GbfclnB.exe
  C:\Windows\System\GbfclnB.exe
  2⤵
  PID:7584
- C:\Windows\System\DUzzlpy.exe
  C:\Windows\System\DUzzlpy.exe
  2⤵
  PID:7732
- C:\Windows\System\wBaFaUo.exe
  C:\Windows\System\wBaFaUo.exe
  2⤵
  PID:10004
- C:\Windows\System\BkmxrGq.exe
  C:\Windows\System\BkmxrGq.exe
  2⤵
  PID:8244
- C:\Windows\System\MNjYNbK.exe
  C:\Windows\System\MNjYNbK.exe
  2⤵
  PID:10116
- C:\Windows\System\hqcirbL.exe
  C:\Windows\System\hqcirbL.exe
  2⤵
  PID:11268
- C:\Windows\System\pHAuFWV.exe
  C:\Windows\System\pHAuFWV.exe
  2⤵
  PID:11292
- C:\Windows\System\vZMBPfw.exe
  C:\Windows\System\vZMBPfw.exe
  2⤵
  PID:11312
- C:\Windows\System\XPZaHtY.exe
  C:\Windows\System\XPZaHtY.exe
  2⤵
  PID:11332
- C:\Windows\System\DyBCPoW.exe
  C:\Windows\System\DyBCPoW.exe
  2⤵
  PID:11356
- C:\Windows\System\rnRgZRK.exe
  C:\Windows\System\rnRgZRK.exe
  2⤵
  PID:11380
- C:\Windows\System\pTxIoHC.exe
  C:\Windows\System\pTxIoHC.exe
  2⤵
  PID:11404
- C:\Windows\System\GnOOneB.exe
  C:\Windows\System\GnOOneB.exe
  2⤵
  PID:11424
- C:\Windows\System\aIgYnnQ.exe
  C:\Windows\System\aIgYnnQ.exe
  2⤵
  PID:11452
- C:\Windows\System\VhiTCah.exe
  C:\Windows\System\VhiTCah.exe
  2⤵
  PID:11468
- C:\Windows\System\CeeizPm.exe
  C:\Windows\System\CeeizPm.exe
  2⤵
  PID:11488
- C:\Windows\System\xDvKPTW.exe
  C:\Windows\System\xDvKPTW.exe
  2⤵
  PID:11508
- C:\Windows\System\mDAHSuJ.exe
  C:\Windows\System\mDAHSuJ.exe
  2⤵
  PID:11528
- C:\Windows\System\Ytoswhj.exe
  C:\Windows\System\Ytoswhj.exe
  2⤵
  PID:11548
- C:\Windows\System\hulOzVs.exe
  C:\Windows\System\hulOzVs.exe
  2⤵
  PID:11576
- C:\Windows\System\bTnLtVD.exe
  C:\Windows\System\bTnLtVD.exe
  2⤵
  PID:11600
- C:\Windows\System\eMRqLiw.exe
  C:\Windows\System\eMRqLiw.exe
  2⤵
  PID:11616
- C:\Windows\System\jOXshEL.exe
  C:\Windows\System\jOXshEL.exe
  2⤵
  PID:11640
- C:\Windows\System\FtyJQWo.exe
  C:\Windows\System\FtyJQWo.exe
  2⤵
  PID:11660
- C:\Windows\System\dRcWcMd.exe
  C:\Windows\System\dRcWcMd.exe
  2⤵
  PID:11680
- C:\Windows\System\aYrHngx.exe
  C:\Windows\System\aYrHngx.exe
  2⤵
  PID:11700
- C:\Windows\System\FInkAse.exe
  C:\Windows\System\FInkAse.exe
  2⤵
  PID:11724
- C:\Windows\System\aBkGHqQ.exe
  C:\Windows\System\aBkGHqQ.exe
  2⤵
  PID:11744
- C:\Windows\System\FZVLiAq.exe
  C:\Windows\System\FZVLiAq.exe
  2⤵
  PID:11764
- C:\Windows\System\xftKhBu.exe
  C:\Windows\System\xftKhBu.exe
  2⤵
  PID:11784
- C:\Windows\System\NWSNrgf.exe
  C:\Windows\System\NWSNrgf.exe
  2⤵
  PID:11804
- C:\Windows\System\EtOnOHI.exe
  C:\Windows\System\EtOnOHI.exe
  2⤵
  PID:11824
- C:\Windows\System\iiJdsfe.exe
  C:\Windows\System\iiJdsfe.exe
  2⤵
  PID:11844
- C:\Windows\System\tmQXIDc.exe
  C:\Windows\System\tmQXIDc.exe
  2⤵
  PID:11860
- C:\Windows\System\NDiKrBS.exe
  C:\Windows\System\NDiKrBS.exe
  2⤵
  PID:11880
- C:\Windows\System\vkGbWuW.exe
  C:\Windows\System\vkGbWuW.exe
  2⤵
  PID:11896
- C:\Windows\System\eNbsIhc.exe
  C:\Windows\System\eNbsIhc.exe
  2⤵
  PID:11912
- C:\Windows\System\riGLfiK.exe
  C:\Windows\System\riGLfiK.exe
  2⤵
  PID:11932
- C:\Windows\System\wiWHImY.exe
  C:\Windows\System\wiWHImY.exe
  2⤵
  PID:11952
- C:\Windows\System\uxykEic.exe
  C:\Windows\System\uxykEic.exe
  2⤵
  PID:11972
- C:\Windows\System\tMGFnCo.exe
  C:\Windows\System\tMGFnCo.exe
  2⤵
  PID:11992
- C:\Windows\System\zRxZMOV.exe
  C:\Windows\System\zRxZMOV.exe
  2⤵
  PID:12008
- C:\Windows\System\XNtdPFG.exe
  C:\Windows\System\XNtdPFG.exe
  2⤵
  PID:12028
- C:\Windows\System\wnVtsPl.exe
  C:\Windows\System\wnVtsPl.exe
  2⤵
  PID:12052
- C:\Windows\System\VFLfPja.exe
  C:\Windows\System\VFLfPja.exe
  2⤵
  PID:12068
- C:\Windows\System\tiXwzcV.exe
  C:\Windows\System\tiXwzcV.exe
  2⤵
  PID:12092
- C:\Windows\System\sVgNQft.exe
  C:\Windows\System\sVgNQft.exe
  2⤵
  PID:12116
- C:\Windows\System\qyoZEJs.exe
  C:\Windows\System\qyoZEJs.exe
  2⤵
  PID:12132
- C:\Windows\System\BdixchH.exe
  C:\Windows\System\BdixchH.exe
  2⤵
  PID:12160
- C:\Windows\System\frJvcPH.exe
  C:\Windows\System\frJvcPH.exe
  2⤵
  PID:12180
- C:\Windows\System\YYecuEq.exe
  C:\Windows\System\YYecuEq.exe
  2⤵
  PID:12196
- C:\Windows\System\GCPkXKq.exe
  C:\Windows\System\GCPkXKq.exe
  2⤵
  PID:12212
- C:\Windows\System\cWYLEtS.exe
  C:\Windows\System\cWYLEtS.exe
  2⤵
  PID:12228
- C:\Windows\System\CApXXOJ.exe
  C:\Windows\System\CApXXOJ.exe
  2⤵
  PID:12252
- C:\Windows\System\igVQKst.exe
  C:\Windows\System\igVQKst.exe
  2⤵
  PID:12268
- C:\Windows\System\NiTzrom.exe
  C:\Windows\System\NiTzrom.exe
  2⤵
  PID:10228
- C:\Windows\System\idEMBZM.exe
  C:\Windows\System\idEMBZM.exe
  2⤵
  PID:7372
- C:\Windows\System\pjRrGGa.exe
  C:\Windows\System\pjRrGGa.exe
  2⤵
  PID:8272
- C:\Windows\System\qiqnYYk.exe
  C:\Windows\System\qiqnYYk.exe
  2⤵
  PID:2992
- C:\Windows\System\GNoaMif.exe
  C:\Windows\System\GNoaMif.exe
  2⤵
  PID:2140
- C:\Windows\System\PzUmbCN.exe
  C:\Windows\System\PzUmbCN.exe
  2⤵
  PID:5064
- C:\Windows\System\TsrExNO.exe
  C:\Windows\System\TsrExNO.exe
  2⤵
  PID:6888
- C:\Windows\System\zPYUmrF.exe
  C:\Windows\System\zPYUmrF.exe
  2⤵
  PID:9332
- C:\Windows\System\YrWnBEQ.exe
  C:\Windows\System\YrWnBEQ.exe
  2⤵
  PID:9432
- C:\Windows\System\bDODExZ.exe
  C:\Windows\System\bDODExZ.exe
  2⤵
  PID:6468
- C:\Windows\System\AWOluEG.exe
  C:\Windows\System\AWOluEG.exe
  2⤵
  PID:9604
- C:\Windows\System\QiErxMN.exe
  C:\Windows\System\QiErxMN.exe
  2⤵
  PID:9676
- C:\Windows\System\FwOgwWQ.exe
  C:\Windows\System\FwOgwWQ.exe
  2⤵
  PID:10328
- C:\Windows\System\bGWVYRR.exe
  C:\Windows\System\bGWVYRR.exe
  2⤵
  PID:12312
- C:\Windows\System\agGFcsr.exe
  C:\Windows\System\agGFcsr.exe
  2⤵
  PID:12332
- C:\Windows\System\KcvROlI.exe
  C:\Windows\System\KcvROlI.exe
  2⤵
  PID:12356
- C:\Windows\System\HWAIoNw.exe
  C:\Windows\System\HWAIoNw.exe
  2⤵
  PID:12380
- C:\Windows\System\tUPDNPG.exe
  C:\Windows\System\tUPDNPG.exe
  2⤵
  PID:12400
- C:\Windows\System\HcDEJZY.exe
  C:\Windows\System\HcDEJZY.exe
  2⤵
  PID:12424
- C:\Windows\System\FTbYQAZ.exe
  C:\Windows\System\FTbYQAZ.exe
  2⤵
  PID:12452
- C:\Windows\System\rZlgBKP.exe
  C:\Windows\System\rZlgBKP.exe
  2⤵
  PID:12480
- C:\Windows\System\kcgNqvy.exe
  C:\Windows\System\kcgNqvy.exe
  2⤵
  PID:12496
- C:\Windows\System\ejeSMVL.exe
  C:\Windows\System\ejeSMVL.exe
  2⤵
  PID:12520
- C:\Windows\System\onFtnLw.exe
  C:\Windows\System\onFtnLw.exe
  2⤵
  PID:12544
- C:\Windows\System\VWWcclh.exe
  C:\Windows\System\VWWcclh.exe
  2⤵
  PID:12568
- C:\Windows\System\NPJbYwr.exe
  C:\Windows\System\NPJbYwr.exe
  2⤵
  PID:12588
- C:\Windows\System\tYAbsmm.exe
  C:\Windows\System\tYAbsmm.exe
  2⤵
  PID:12608
- C:\Windows\System\AZdhfFg.exe
  C:\Windows\System\AZdhfFg.exe
  2⤵
  PID:12636
- C:\Windows\System\NdIsqxk.exe
  C:\Windows\System\NdIsqxk.exe
  2⤵
  PID:12656
- C:\Windows\System\CvLFTqO.exe
  C:\Windows\System\CvLFTqO.exe
  2⤵
  PID:12680
- C:\Windows\System\edmoOWa.exe
  C:\Windows\System\edmoOWa.exe
  2⤵
  PID:12700
- C:\Windows\System\iQIEqZr.exe
  C:\Windows\System\iQIEqZr.exe
  2⤵
  PID:12720
- C:\Windows\System\gvDFjKq.exe
  C:\Windows\System\gvDFjKq.exe
  2⤵
  PID:12744
- C:\Windows\System\neaeIbS.exe
  C:\Windows\System\neaeIbS.exe
  2⤵
  PID:12764
- C:\Windows\System\ErflSpl.exe
  C:\Windows\System\ErflSpl.exe
  2⤵
  PID:12784
- C:\Windows\System\YCGOaKx.exe
  C:\Windows\System\YCGOaKx.exe
  2⤵
  PID:12808
- C:\Windows\System\vyyvlwB.exe
  C:\Windows\System\vyyvlwB.exe
  2⤵
  PID:12828
- C:\Windows\System\YlydtdE.exe
  C:\Windows\System\YlydtdE.exe
  2⤵
  PID:12852
- C:\Windows\System\hODjIod.exe
  C:\Windows\System\hODjIod.exe
  2⤵
  PID:12868
- C:\Windows\System\hBKSHWd.exe
  C:\Windows\System\hBKSHWd.exe
  2⤵
  PID:12892
- C:\Windows\System\ehYNVOg.exe
  C:\Windows\System\ehYNVOg.exe
  2⤵
  PID:12920
- C:\Windows\System\izkjgWT.exe
  C:\Windows\System\izkjgWT.exe
  2⤵
  PID:12936
- C:\Windows\System\jQoUolP.exe
  C:\Windows\System\jQoUolP.exe
  2⤵
  PID:12960
- C:\Windows\System\pQOUjbd.exe
  C:\Windows\System\pQOUjbd.exe
  2⤵
  PID:12984
- C:\Windows\System\vQdakWj.exe
  C:\Windows\System\vQdakWj.exe
  2⤵
  PID:9960
- C:\Windows\System\QoPcwMx.exe
  C:\Windows\System\QoPcwMx.exe
  2⤵
  PID:11172
- C:\Windows\System\vqazBnO.exe
  C:\Windows\System\vqazBnO.exe
  2⤵
  PID:11064
- C:\Windows\System\YrFhZyC.exe
  C:\Windows\System\YrFhZyC.exe
  2⤵
  PID:11752
- C:\Windows\System\EiQVLTM.exe
  C:\Windows\System\EiQVLTM.exe
  2⤵
  PID:10160
- C:\Windows\System\bdIEjMC.exe
  C:\Windows\System\bdIEjMC.exe
  2⤵
  PID:12152
- C:\Windows\System\SpOPBno.exe
  C:\Windows\System\SpOPBno.exe
  2⤵
  PID:11756
- C:\Windows\System\yQTqpvJ.exe
  C:\Windows\System\yQTqpvJ.exe
  2⤵
  PID:11524
- C:\Windows\System\frNlbNZ.exe
  C:\Windows\System\frNlbNZ.exe
  2⤵
  PID:10788
- C:\Windows\System\LcETjsN.exe
  C:\Windows\System\LcETjsN.exe
  2⤵
  PID:12912
- C:\Windows\System\ELGoLgS.exe
  C:\Windows\System\ELGoLgS.exe
  2⤵
  PID:12980
- C:\Windows\System\IYPgSEc.exe
  C:\Windows\System\IYPgSEc.exe
  2⤵
  PID:11300
- C:\Windows\System\HNVLEAf.exe
  C:\Windows\System\HNVLEAf.exe
  2⤵
  PID:2288
- C:\Windows\System\NnRcwiF.exe
  C:\Windows\System\NnRcwiF.exe
  2⤵
  PID:10308
- C:\Windows\System\IaEUgpL.exe
  C:\Windows\System\IaEUgpL.exe
  2⤵
  PID:10856
- C:\Windows\System\xJUdISG.exe
  C:\Windows\System\xJUdISG.exe
  2⤵
  PID:3536
- C:\Windows\System\LDlqVzD.exe
  C:\Windows\System\LDlqVzD.exe
  2⤵
  PID:10936
- C:\Windows\System\SyBFiiP.exe
  C:\Windows\System\SyBFiiP.exe
  2⤵
  PID:12616
- C:\Windows\System\FQVmPDV.exe
  C:\Windows\System\FQVmPDV.exe
  2⤵
  PID:12668
- C:\Windows\System\qRNAkJe.exe
  C:\Windows\System\qRNAkJe.exe
  2⤵
  PID:12516
- C:\Windows\System\VoaWVcM.exe
  C:\Windows\System\VoaWVcM.exe
  2⤵
  PID:11136
- C:\Windows\System\tIHAVjn.exe
  C:\Windows\System\tIHAVjn.exe
  2⤵
  PID:10184
- C:\Windows\System\BGZGxZd.exe
  C:\Windows\System\BGZGxZd.exe
  2⤵
  PID:1328
- C:\Windows\System\TlaUAqn.exe
  C:\Windows\System\TlaUAqn.exe
  2⤵
  PID:12560
- C:\Windows\System\BjisKWZ.exe
  C:\Windows\System\BjisKWZ.exe
  2⤵
  PID:12064
- C:\Windows\System\rGChxwb.exe
  C:\Windows\System\rGChxwb.exe
  2⤵
  PID:12504
- C:\Windows\System\ifScxFK.exe
  C:\Windows\System\ifScxFK.exe
  2⤵
  PID:12776
- C:\Windows\System\XArPZut.exe
  C:\Windows\System\XArPZut.exe
  2⤵
  PID:13012
- C:\Windows\System\DKpLOWi.exe
  C:\Windows\System\DKpLOWi.exe
  2⤵
  PID:13184
- C:\Windows\System\pxPDzyo.exe
  C:\Windows\System\pxPDzyo.exe
  2⤵
  PID:10396
- C:\Windows\System\cIUHsHE.exe
  C:\Windows\System\cIUHsHE.exe
  2⤵
  PID:2556
- C:\Windows\System\bsXzXEr.exe
  C:\Windows\System\bsXzXEr.exe
  2⤵
  PID:12528
- C:\Windows\System\iIPefgx.exe
  C:\Windows\System\iIPefgx.exe
  2⤵
  PID:12932
- C:\Windows\System\dqiFTBX.exe
  C:\Windows\System\dqiFTBX.exe
  2⤵
  PID:2156
- C:\Windows\System\AzfdkIs.exe
  C:\Windows\System\AzfdkIs.exe
  2⤵
  PID:7036
- C:\Windows\System\DLpAMrI.exe
  C:\Windows\System\DLpAMrI.exe
  2⤵
  PID:13252
- C:\Windows\System\ojrYqdl.exe
  C:\Windows\System\ojrYqdl.exe
  2⤵
  PID:10884
- C:\Windows\System\eHZxmUl.exe
  C:\Windows\System\eHZxmUl.exe
  2⤵
  PID:12688
- C:\Windows\System\axdZeCs.exe
  C:\Windows\System\axdZeCs.exe
  2⤵
  PID:13052
- C:\Windows\System\fWTdNvB.exe
  C:\Windows\System\fWTdNvB.exe
  2⤵
  PID:13024
- C:\Windows\System\NDZGLkU.exe
  C:\Windows\System\NDZGLkU.exe
  2⤵
  PID:1484
- C:\Windows\System\Gjzxiit.exe
  C:\Windows\System\Gjzxiit.exe
  2⤵
  PID:11740
- C:\Windows\System\VLJhich.exe
  C:\Windows\System\VLJhich.exe
  2⤵
  PID:12208
- C:\Windows\System\ugZoFoA.exe
  C:\Windows\System\ugZoFoA.exe
  2⤵
  PID:5864
- C:\Windows\System\GtIhjbN.exe
  C:\Windows\System\GtIhjbN.exe
  2⤵
  PID:12260
- C:\Windows\System\DeLzqEf.exe
  C:\Windows\System\DeLzqEf.exe
  2⤵
  PID:12236
- C:\Windows\System\WxizkAK.exe
  C:\Windows\System\WxizkAK.exe
  2⤵
  PID:9076
- C:\Windows\System\UkyURQQ.exe
  C:\Windows\System\UkyURQQ.exe
  2⤵
  PID:12020
- C:\Windows\System\dajuGVn.exe
  C:\Windows\System\dajuGVn.exe
  2⤵
  PID:7484
- C:\Windows\System\FZBAeMB.exe
  C:\Windows\System\FZBAeMB.exe
  2⤵
  PID:8184
- C:\Windows\System\fNraedB.exe
  C:\Windows\System\fNraedB.exe
  2⤵
  PID:12604
- C:\Windows\System\dxOUaUh.exe
  C:\Windows\System\dxOUaUh.exe
  2⤵
  PID:12712
- C:\Windows\System\JlJoHVX.exe
  C:\Windows\System\JlJoHVX.exe
  2⤵
  PID:13232
- C:\Windows\System\lGhPXht.exe
  C:\Windows\System\lGhPXht.exe
  2⤵
  PID:9456
- C:\Windows\System\cpHlsBc.exe
  C:\Windows\System\cpHlsBc.exe
  2⤵
  PID:11708
- C:\Windows\System\gJItQgm.exe
  C:\Windows\System\gJItQgm.exe
  2⤵
  PID:11188
- C:\Windows\System\dxyPwvN.exe
  C:\Windows\System\dxyPwvN.exe
  2⤵
  PID:12816
- C:\Windows\System\RXymWnB.exe
  C:\Windows\System\RXymWnB.exe
  2⤵
  PID:2932
- C:\Windows\System\yTnzfGF.exe
  C:\Windows\System\yTnzfGF.exe
  2⤵
  PID:11980
- C:\Windows\System\BWUUVDE.exe
  C:\Windows\System\BWUUVDE.exe
  2⤵
  PID:12848
- C:\Windows\System\daIGvLd.exe
  C:\Windows\System\daIGvLd.exe
  2⤵
  PID:1232
- C:\Windows\System\etumiMk.exe
  C:\Windows\System\etumiMk.exe
  2⤵
  PID:9760
- C:\Windows\System\CHSkRKA.exe
  C:\Windows\System\CHSkRKA.exe
  2⤵
  PID:7744
- C:\Windows\System\FvUvdcb.exe
  C:\Windows\System\FvUvdcb.exe
  2⤵
  PID:564
- C:\Windows\System\fKewwaZ.exe
  C:\Windows\System\fKewwaZ.exe
  2⤵
  PID:11124
- C:\Windows\System\FxKjCDS.exe
  C:\Windows\System\FxKjCDS.exe
  2⤵
  PID:9192
- C:\Windows\System\RvjAbcz.exe
  C:\Windows\System\RvjAbcz.exe
  2⤵
  PID:4060
- C:\Windows\System\NIDyvDe.exe
  C:\Windows\System\NIDyvDe.exe
  2⤵
  PID:1364
- C:\Windows\System\ZNkveUQ.exe
  C:\Windows\System\ZNkveUQ.exe
  2⤵
  PID:12324
- C:\Windows\System\arUVsom.exe
  C:\Windows\System\arUVsom.exe
  2⤵
  PID:4932
- C:\Windows\System\evsOTyI.exe
  C:\Windows\System\evsOTyI.exe
  2⤵
  PID:9944
- C:\Windows\System\xiOhIsq.exe
  C:\Windows\System\xiOhIsq.exe
  2⤵
  PID:316
- C:\Windows\System\OIMRdFp.exe
  C:\Windows\System\OIMRdFp.exe
  2⤵
  PID:4672
- C:\Windows\System\wWtHmjU.exe
  C:\Windows\System\wWtHmjU.exe
  2⤵
  PID:2908
- C:\Windows\System\IqHvFAW.exe
  C:\Windows\System\IqHvFAW.exe
  2⤵
  PID:788
- C:\Windows\System\vFQMhoJ.exe
  C:\Windows\System\vFQMhoJ.exe
  2⤵
  PID:9948
- C:\Windows\System\daUGkzb.exe
  C:\Windows\System\daUGkzb.exe
  2⤵
  PID:1620
- C:\Windows\System\xLXlpvE.exe
  C:\Windows\System\xLXlpvE.exe
  2⤵
  PID:4048
- C:\Windows\System\MNHIGJw.exe
  C:\Windows\System\MNHIGJw.exe
  2⤵
  PID:4412
- C:\Windows\System\itKUEmJ.exe
  C:\Windows\System\itKUEmJ.exe
  2⤵
  PID:4236
- C:\Windows\System\OTWXUmF.exe
  C:\Windows\System\OTWXUmF.exe
  2⤵
  PID:4760
- C:\Windows\System\SYwgwZu.exe
  C:\Windows\System\SYwgwZu.exe
  2⤵
  PID:4868
- C:\Windows\System\wGWjygo.exe
  C:\Windows\System\wGWjygo.exe
  2⤵
  PID:2784
- C:\Windows\System\uzuyVSs.exe
  C:\Windows\System\uzuyVSs.exe
  2⤵
  PID:1292
- C:\Windows\System\YkSuNFH.exe
  C:\Windows\System\YkSuNFH.exe
  2⤵
  PID:1968
- C:\Windows\System\BKuBRjS.exe
  C:\Windows\System\BKuBRjS.exe
  2⤵
  PID:4040
- C:\Windows\System\RrZLYyQ.exe
  C:\Windows\System\RrZLYyQ.exe
  2⤵
  PID:4352
- C:\Windows\System\jnKyres.exe
  C:\Windows\System\jnKyres.exe
  2⤵
  PID:932
- C:\Windows\System\PQSkohR.exe
  C:\Windows\System\PQSkohR.exe
  2⤵
  PID:3744
- C:\Windows\System\FjGmnft.exe
  C:\Windows\System\FjGmnft.exe
  2⤵
  PID:4480
- C:\Windows\System\HvmXjVM.exe
  C:\Windows\System\HvmXjVM.exe
  2⤵
  PID:4248
- C:\Windows\System\CGdmodn.exe
  C:\Windows\System\CGdmodn.exe
  2⤵
  PID:3712
- C:\Windows\System\xmcKSFu.exe
  C:\Windows\System\xmcKSFu.exe
  2⤵
  PID:4280
- C:\Windows\System\oiQdhrl.exe
  C:\Windows\System\oiQdhrl.exe
  2⤵
  PID:4008
- C:\Windows\System\rpwyEAd.exe
  C:\Windows\System\rpwyEAd.exe
  2⤵
  PID:3052
- C:\Windows\System\aCyngDl.exe
  C:\Windows\System\aCyngDl.exe
  2⤵
  PID:4292
- C:\Windows\System\giADnie.exe
  C:\Windows\System\giADnie.exe
  2⤵
  PID:3212
- C:\Windows\System\YOsgBcj.exe
  C:\Windows\System\YOsgBcj.exe
  2⤵
  PID:3004
- C:\Windows\System\UeLBlaF.exe
  C:\Windows\System\UeLBlaF.exe
  2⤵
  PID:8
- C:\Windows\System\trXvAvP.exe
  C:\Windows\System\trXvAvP.exe
  2⤵
  PID:13320
- C:\Windows\System\paSDJNe.exe
  C:\Windows\System\paSDJNe.exe
  2⤵
  PID:13356
- C:\Windows\System\KEKxQNP.exe
  C:\Windows\System\KEKxQNP.exe
  2⤵
  PID:13424
- C:\Windows\System\DJjxYfD.exe
  C:\Windows\System\DJjxYfD.exe
  2⤵
  PID:13444
- C:\Windows\System\xaPYmOE.exe
  C:\Windows\System\xaPYmOE.exe
  2⤵
  PID:13460
- C:\Windows\System\TGrRpmb.exe
  C:\Windows\System\TGrRpmb.exe
  2⤵
  PID:13512
- C:\Windows\System\YAnbOKg.exe
  C:\Windows\System\YAnbOKg.exe
  2⤵
  PID:13528
- C:\Windows\System\zSRllgj.exe
  C:\Windows\System\zSRllgj.exe
  2⤵
  PID:13544
- C:\Windows\System\UUzonXc.exe
  C:\Windows\System\UUzonXc.exe
  2⤵
  PID:13616
- C:\Windows\System\qYQsSti.exe
  C:\Windows\System\qYQsSti.exe
  2⤵
  PID:13632
- C:\Windows\System\qQEIlrg.exe
  C:\Windows\System\qQEIlrg.exe
  2⤵
  PID:13672
- C:\Windows\System\TaDZTaq.exe
  C:\Windows\System\TaDZTaq.exe
  2⤵
  PID:13700
- C:\Windows\System\ASXtVhJ.exe
  C:\Windows\System\ASXtVhJ.exe
  2⤵
  PID:13728
- C:\Windows\System\utNyXEo.exe
  C:\Windows\System\utNyXEo.exe
  2⤵
  PID:13776
- C:\Windows\System\LRWaAIy.exe
  C:\Windows\System\LRWaAIy.exe
  2⤵
  PID:13816
- C:\Windows\System\raJzSka.exe
  C:\Windows\System\raJzSka.exe
  2⤵
  PID:13976
- C:\Windows\System\tVvxHol.exe
  C:\Windows\System\tVvxHol.exe
  2⤵
  PID:14016

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:12736

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1620

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:12324

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2640

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:11912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:12184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1ff0eqzi.334.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BLZIsqg.exe

Filesize
1.9MB

MD5
51f8d26f29710c46b4a44adbedef2128

SHA1
1c474f4f07840e55f974c9ee1e57474b39635df4

SHA256
6e4d17555dbf425ece99f93e046b623fb965063a9fe82b70a4344da8a36748e2

SHA512
1b1295d4fd34a0a8bf3c6e9eafbb3a561552a56106a3d408d1f8410c4ec0dce58e539ef74b2a85ff7975c35b99f4b1a6ff7df9dff472f9c29691280a5a6f12af

Download Submit
C:\Windows\System\DSZdExx.exe

Filesize
1.9MB

MD5
22d173996bccdac3d807fb56fb12a3d4

SHA1
577f7bb4e8d9811e3368d79f74bb541dcc5a8676

SHA256
e72eac1936c8cbfb12cbd7c9073187264e5d2555274857213c10ee0a373d93bd

SHA512
634c15c864b2e6ae8f33eade3725644cb9f455ee152d368efe4a07b46bc5c4d3b65ef8afe151ce93fa785f7d6bd661a3815f5944bad24faf14651235189be275

Download Submit
C:\Windows\System\GCjZVyY.exe

Filesize
1.9MB

MD5
5c72af4cf98108115449b6000d05fefc

SHA1
11de261c62714a9edd26d9d37a159b5a926814da

SHA256
4489db9c61f6103ac3aaaca99c547099a3261909426fdc82faec695d3fd9d239

SHA512
facd3ca8a229a55df01842dc27d5331ac9a9049e3efdb6bb66907ab6142d878f3cd06068e07d374d3a558638d8ecb9808052942f035237a14f948d08ed2567fc

Download Submit
C:\Windows\System\GLywJbH.exe

Filesize
1.9MB

MD5
7e832bc21342ff3608d9b9e30d5646f7

SHA1
7db6c46a8e51b338d6c699cbdca020183bcc0d47

SHA256
60d8da51e4eb62fc83a3fd63c6ceef443fea5f36f2dff7f358ba49d5e321ca1e

SHA512
3e7657b164147e7deb2a869076271205d86405471f7d88d37aee663e92e4c7b8dfed72b9a3ca9dae54b402a602e4c0274621f79a3c6af33c6675de2c9a081abd

Download Submit
C:\Windows\System\JREBuAv.exe

Filesize
1.9MB

MD5
1e7efcc6c0b9827461ef0319327b3d0b

SHA1
4de96490363a5e61fa6384de7f1977060dda019a

SHA256
94a3ecf8fbd2199665518100f5acb65e8bf3ea7f1cb8c99aef1fbc2ec7303dba

SHA512
fcfd3b7d68d93c9126773c3071008c65aa4eb340a123851d3e5f04554ea2a9a3753dd11ab957cd5cdf57d653c3f55d4e854b62237abfefad926071407e7cdfa1

Download Submit
C:\Windows\System\JpywRhM.exe

Filesize
1.9MB

MD5
c3fd3347b0810a3702a4ce939f5b9b41

SHA1
1065cad8632a026ab92ba76669e00293ecfe898f

SHA256
2f0443440d3a943eed04852726d1d8d5c32388e22059149770a62709a6e0aaa8

SHA512
79a844e9c120da9ec5788856cf63bb2935338b13066b863b397a09b176d5365283d9247d26b70367f7b94b183b1780b50a2df7bdc721e046223d5926e8a45702

Download Submit
C:\Windows\System\LVAYxFn.exe

Filesize
1.9MB

MD5
1673ea86d1e3f09f51387917116e3df5

SHA1
334993265e83c7a3896e210896efd90c90ce5f3d

SHA256
38159f11938ed0170c3ea7a800c7dc473af8909caf48fb33a594019d2630da2f

SHA512
a8e09a752071cfbfe16ab9e1ca87ceaf8844b609c0181fb1eb621f238732de25d9bd2e9db94737fc3adda39ff6416f535c31512ce443f024e0170b8380905b85

Download Submit
C:\Windows\System\NSXgAel.exe

Filesize
1.9MB

MD5
9c1af31ca1426ddef347290a9e823326

SHA1
3ac1d99d70c09db4b87ad4c50a2857cfb2daaff9

SHA256
29647751e1d4d4167ee83935ceec357ceca561864f31b32eb6d1838f7f35627b

SHA512
fd6339ba67912f091acdcd5d3999af541166d95e2b0b21949f080a980f6263923a9aa112a08e03f136e077d09278bc5c6890794769d19e4642c55cf9ac021e07

Download Submit
C:\Windows\System\OTfcaTC.exe

Filesize
1.9MB

MD5
3405b910ae0070ed3c1cdfdd9fe323ee

SHA1
e0c09bb7f93f76b7eeb5640323288e6ceb7bffea

SHA256
f3c67d2aa375a04ae3bdcf241dc41bd68417cd05de73a4b845c37b332396a468

SHA512
39e6f92a67efa47d596c031bb91f0073c3fe44557410d1409566b64c5a28540274a778db7a4dc2a017aabe2af82cd34260694e2315ac9e098e3fb02430033a58

Download Submit
C:\Windows\System\PXnmTOp.exe

Filesize
1.9MB

MD5
8e5ba942d9c0f53bdbf6d0fef7d30561

SHA1
9a675a5dc8642941e212c405c7507195a8fe4a64

SHA256
6616bcfc0c596651e842081a6caaff5fdbd418943565235fee18583c51a3de94

SHA512
0d1f689f58d96cd9bc6e06ae8a64910386faac30c5adc929df6d8b77baaec624e870c1a070f7fa0e32e3320db6edc64911c1e4aa6581e7f5844ad72aebd89b3e

Download Submit
C:\Windows\System\PZhznRq.exe

Filesize
1.9MB

MD5
1ccbfbe280f7c51cd68d86d382d9aed3

SHA1
e370ccaec55dcba5c1651ae8933a1125eca23ba2

SHA256
913c93b6465c9e01bd55e67f5eff16436257fe9e6a59f439abe284ebb6286b6b

SHA512
c444dd34ce6b02df8d7a6a6635969098dc46866f63ef491d7c1151589ab787b1cff43c4b5226a1c91972679f7b284c9fc6ed0e527423f041c871ebd097d3e25b

Download Submit
C:\Windows\System\TEvqllD.exe

Filesize
1.9MB

MD5
0277e93c8b3e4b66f12657f6e8bdb56e

SHA1
23adbab15effe5fd00fd8655259e1610335e192b

SHA256
2e987ab823a8aa46303e44f5719023c985e1fd7eaf0293dfc0aeabda93962b92

SHA512
73b0b876d5844e31aa6092baacc3d639d0bd98ddc67a6d5bb8b3239429ff28e7a177e47a70890709f711216effb30dc40f2bf136e746495415f3dd45cc7deeaf

Download Submit
C:\Windows\System\VfXKyvo.exe

Filesize
1.9MB

MD5
675cf1f47443db6b47df562688cdb44a

SHA1
d0f861b8d550f0efb10540aa509171ba04023ed7

SHA256
219fff56f4aa9b682ba15565b8f81d3550a024f1d3a219c01cb2c0be5f9d9a5d

SHA512
3be77f5f45d2d13bbe47c4adfeef784fb69cf7a5324067fc8e370fd80b020325818d8ae9d738bc786a5c1b7e8991c9a0e8929d41633079795c8f2c81751e63a4

Download Submit
C:\Windows\System\WADuUqf.exe

Filesize
1.9MB

MD5
1824b85a5074d64dee37be48ecd9e054

SHA1
c12b207f2c8cf1b98e19e15a1b82ab8131f0555e

SHA256
192b2357180b68e471484e29768f46fca009d3ae14d87702ae95c6f3b4874125

SHA512
a6da77e2b6a3db40dd6237f63d9dd208cc63617ffee925129725ae882c70c9fe3dffc53727057049894b8fd9ef9755e86f737af7ffd5ddd65b87678717f211db

Download Submit
C:\Windows\System\XNGYlEn.exe

Filesize
1.9MB

MD5
c306c644b74275b5b8f609fc2270eb29

SHA1
ff33a162785b37a77ac477318d75202bcdee3135

SHA256
a64345c01e001e1ff6aadf2bb794d82898dafc99ab445861f6c42bc9fa02c4ad

SHA512
1e24821f0a2120dbdab4533ccc9f957ee90a2cd8adfd26ab83b7f822f9b6eeb4d7d815624605c5bbf719a4f0bd2e4555326be137573baea86c9b9e157fb34128

Download Submit
C:\Windows\System\XzLNtem.exe

Filesize
1.9MB

MD5
f0d1a54fee575c5df5c6c09905c9997b

SHA1
752d0386fb9ff1a8fd4b93922f2a13a319bc7c33

SHA256
81f29ba9596928d81d003165f9932db114386c614ab0128db591e9a589775707

SHA512
3dfb0d133b7770763c9e4947ca0933434e768f1c5316bc0e04c917e643d94789160cda72f9979107b36ddc3c152662ade41aee89f641c567603bc44f489d4b05

Download Submit
C:\Windows\System\ZBJHvMl.exe

Filesize
1.9MB

MD5
df30aacd0e40d92d0ee447647b613e5b

SHA1
0c1565ac34fec83166d483f2899e956025ed06e6

SHA256
105c2c63d40d80f06bc564725c13de41ad892f756952a180a9e273cbbb065738

SHA512
98589a57005690bdf9f5fbe99f82810b83f8903a6f57fe4cb8d7dcd1f4fe2ac7f1afb1d236b676e714f1a0eaf69b80dc9b528c6afd16e96ec102e7d2e5e2e1bf

Download Submit
C:\Windows\System\dyihSPS.exe

Filesize
1.9MB

MD5
cf14498b092d5ba3e9a605ebd34aea26

SHA1
5995fe8f9d39255346b475eff7943ee01481e692

SHA256
aca21d5a7caec7344824b2697f4618af58b7148bceba625d301c54b64ea89092

SHA512
de534b3ab4baed435cc1d6b11663c5a55505d7fd61b59ec3111a4a4fffbd05b157f43bf1332d2a445c9fbdc7f2662fb2071fd9464fba42f7977b3c9682785295

Download Submit
C:\Windows\System\eFamiqe.exe

Filesize
8B

MD5
3277aa72bb7d7f1eb1043502fbd1c406

SHA1
8712dca2f3fbc82bf0cbbeecdc5d6a26c87f443c

SHA256
e94b62f30c9ce8b0b5cea14d4367a52fe08005d1bd56ca932a1fd7fc15c61bc9

SHA512
9fb0369549dba8937fb796cbc4ade6bacf540f10f98e02675f1b04c615cbb49e396cdbd25cd29de56c7bfb889c8464199939a84fa31434a75c020caeb4f9f503

Download Submit
C:\Windows\System\gTsZWXg.exe

Filesize
1.9MB

MD5
d7d05b6fded548c0284cdbbae2807446

SHA1
4d5ecf48ccac040538a71173eb540e84fd58d212

SHA256
db3bf8bd9ba875c383bad1b6736541b143ffcbd44024d4a465f11de2a32f225a

SHA512
27a302ea0c2dbb5ded229c0ddfdcda683afd01e029e1ba955bfd7a2d73827710615cec3b8ea75e3ba94ef1e1bf34b48f9bf17d9ed072001d987a78ebb0982533

Download Submit
C:\Windows\System\hBczHku.exe

Filesize
1.9MB

MD5
30b3c4b9f0093ce265c154a46cc7e035

SHA1
82ab24f03b26a9901b39778b3916e26955b97e83

SHA256
d2b1a93ab4ee08951b0fda111dd5e356e757d286030103d6a7ef4a0baedd928d

SHA512
5b0ed2a107d75423ef85b1c3f39a25783fb8962b735ba1ce63d20bd95202c08cf156095f5024e064fd06eb9ec8ad4f1a6cb0488da0914196ec533e5b0ff01490

Download Submit
C:\Windows\System\hdYoECt.exe

Filesize
1.9MB

MD5
bae06dd1a8804a3558776ae15868b06b

SHA1
cfa7dbdff69c99d0cf0efed60a9e009cb9b08e99

SHA256
4b80d7152e8414e292e8c92bbb69a9c2cc9f79ecf43ac08225550314559effbe

SHA512
676c15ac1c99fd0278ae30d0042fbb99c813b1e3c4cd3c0970c330415044a773e32d040439ff56bb76ab7e61002c0ab02903c15202ad38209b07f55cb4b521b2

Download Submit
C:\Windows\System\iCzaxMl.exe

Filesize
1.9MB

MD5
a781f8ba71c02a1502eabe30205ab8ff

SHA1
436e46366504eb509707db9850f78f2c0504f905

SHA256
654037c2132ad832155e932f5933b841a8fc02fa6d3d44b75a221afc0a859bc2

SHA512
bcf774eada2d6305b759e47a495b84e00165990a520e24cd52f88b63d3cd088b37668a174066f327206fcb99c4f0d229c08f6cbb12b7db871b56a800a79862aa

Download Submit
C:\Windows\System\iJbRMxk.exe

Filesize
1.9MB

MD5
7bc0ba866f2c71b25062ad05a069396e

SHA1
7a04e82d58b25922f845d4e53164595e8892d53d

SHA256
07ce57e8ba0bea0e1027bf3b4872216f7b80090f78486b4053cedf4aa1facea3

SHA512
8041f9acc3d23372a36ef05b7407579e61d6a99da886e5075d5850cdc081156caf417ffc74679a4565a5e90fd8c5e352e084b76c1637100025d7ab2beb026b82

Download Submit
C:\Windows\System\jtLvReA.exe

Filesize
1.9MB

MD5
491b71c63b93160fbce912258334ac20

SHA1
e6af5ee6585af38216139c8eecb5bd40500d5071

SHA256
7d627003eca157eb855e4d764945731643adc968bfc19e23d22a4c5546b22d99

SHA512
d70295e7f1f0e2bf3cbe49fccc2c3ab1a0f717988b873619b60ccc8dabe5a78717da3089e165805ee18e67e33bac1a5d3af58038580cf7717c800d2dd30d0093

Download Submit
C:\Windows\System\mzITZqL.exe

Filesize
1.9MB

MD5
de82b00a2924a402123710560237e2fc

SHA1
a4d17063aa998f2ca4d227d0a9c11ec4407fa61c

SHA256
4fc0e3b1897d73806cb84b8ecd9a70e047aef20ca5af02b5b1580a640fd32ed3

SHA512
32683751d8d7884f4e0803f3d6f6c343e65f47a017dea244d0b34ab6ac01be009db6229881117dad7bbc8ebbc13484e1db8b02e3c9b6838b2a2accbf8de9b6d2

Download Submit
C:\Windows\System\nYnUjEj.exe

Filesize
1.9MB

MD5
424ff139e15e1f55f55542156d036b1f

SHA1
b6de49f4b9fcdbb8554d2cdd820a1d15f1a56bfd

SHA256
9dfbd234cdcc118763e7d17c7d1ae4f8bbbd47dc07777926a3dff42b747e8b4e

SHA512
8ef77875398ffef7006886e0d6d14fe9a48d919254f95689598703326374e0d10b67711904603c9083595784d653cf0680d29bbe28303af939764d60946420fe

Download Submit
C:\Windows\System\nhqApAc.exe

Filesize
1.9MB

MD5
5c6e54f97f61742a0ec817e87887ad84

SHA1
63237dfc2e08084cfa8adf55fb42dd138abf13c3

SHA256
f6e22b615c9f042d8fa0f5a46755e9c752d3f1ea6bc703d521082b01f63ef362

SHA512
6ec5b2bb60f8af7fbe1768d346fc0f396d3923c67c99a316b1e3e57bc54e255e7b58c353dc34a1f44826bd5d961ec351cbeb1ae287ca03a47f02281a35bfba11

Download Submit
C:\Windows\System\odvICpP.exe

Filesize
1.9MB

MD5
d4a36ca5399bfd6243c95407fa93784e

SHA1
335e0e3bc9565a40106119c61bea13d03ec5d381

SHA256
796f4d60d602416b0008c7744abbaa83e44c2972c7234cef454474cf7dce1569

SHA512
835eeb5eed49540efe375bd54c99726d3160ea2bee7ddd6bba005a90b3185ef347dd1007d78d22d8575f97a11379781948d94e7092adb6ee6426b7f0e37ef93d

Download Submit
C:\Windows\System\poEVDhk.exe

Filesize
1.9MB

MD5
f17a8c79f4553ca8542466cfbf34771a

SHA1
d4672df9efd636df7fda8d1caa2b4a9ed5a9bef6

SHA256
b909e3279e5790cee5637b9a481e30f98bbaf2d66b1a7ce27f9757b6b7af6441

SHA512
5c5b00e9c479a75904ae79f58e72c829db4ebda2f5e3662d1efdbe2208a63d409461fd977a9b765ec0c6374b2b94200346caff94d68edb632ff8a9c0b5350916

Download Submit
C:\Windows\System\qlzECTQ.exe

Filesize
1.9MB

MD5
def2eb1a5d1caa179303c097c83c9c82

SHA1
59507b7c37627f47e34eb80e25d272b7d8a1ac52

SHA256
b41f398a0bffe105b328317e3f3a8025a25ccca7d03131a81aacd373d4ad36b5

SHA512
36281bf9a89203acef0c72a3d00f0b5cba42499cafd6209cc3e12e4bf2e42084b422d086159f4c05fd54a81ccad051f51708f724cf60a39bfb4088d5155cdb8d

Download Submit
C:\Windows\System\qzgwpiZ.exe

Filesize
1.9MB

MD5
0c67963087d279d92595253d50807002

SHA1
09bb8d581955fc395d7447412e304ece82ed62d0

SHA256
4b13ca46f1fb67d24c83e8922448894155ff4d6db3f11fe59d0fdf363982c3b3

SHA512
3850711556dfdbed63ff6eabbe48b3ab3213f0da96014a29af878c7f690c5e2be76ac9a6290c17120af32aa3e92e3604cf126079169ec9c7ca5d4d3d7de23f9a

Download Submit
C:\Windows\System\sJiRola.exe

Filesize
1.9MB

MD5
b7563d7755d4c8cf2f53660d2889bad5

SHA1
5e7a15a37eda495c1ca973a8284c10229c0ec02f

SHA256
550a628d6c3b4ff37c24ffe517bcf77a736ceb83cabaa7c7261111cd84d06079

SHA512
67c3116f823bd5a1369925ff9e5124345cedad43ddcda2a04c43e4c10b2f52764ac6767748d7955cf452e30f4e1de74e1a5c4e914afaa2a12dde2bfead188abb

Download Submit
C:\Windows\System\sdzJfQw.exe

Filesize
1.9MB

MD5
6df14d7e35e2e21cf611898aabba977b

SHA1
1918d130c1bc721ae020bbe689af82cdbc751d82

SHA256
8ee2354b825bea9c97869c0131d9b5da34425bb8ebd4753771c9a1a7f0926cf4

SHA512
76226bfea33b4bf7e759cbb081ad2aad509fc2553fc95c735a9485abde34c019b0eb1467077acccedf51894e29b3d939b4a8c21d4ee3403e7a8041ed7dc9af61

Download Submit
C:\Windows\System\taciSWg.exe

Filesize
1.9MB

MD5
7fc37088f3233d38ccbdaa55d69b463d

SHA1
2f707db0ca1af9478cb3cc2e566f818f02a8622d

SHA256
693942d1f9a0fb31a58fc21bbf03aa49d4bb5ccfb26875003dac2e682bee204f

SHA512
9b66562e34b0e3781b3475ec04cc58046e8312d4670af56cb6e3e899bf62d7b5cb5d93db9bd5d93307498daa44e58d573718abe0287c4593aea20ee49e713093

Download Submit
C:\Windows\System\uwxlOrj.exe

Filesize
1.9MB

MD5
32e7b78ae61bff4326e9b8381b9cb536

SHA1
931014f038718bfebb460cf0cee01c44e52153cd

SHA256
78e419de607622ecce78a4db4f4a9178718d7c3157421f5a925ef84b40621f62

SHA512
efcdd172c8dccbf1e3b7aa27d21d7e1047d72f548f946dab4aa76a2077cf27e2d60c56938ed6ffd5c2804ddcb1789068214020955d8fe386a0794f5f4653330c

Download Submit
C:\Windows\System\wIQCXOZ.exe

Filesize
1.9MB

MD5
521f1c50b11b6d5f62c16bb1d1e21f2f

SHA1
af2552a21e7ef98fc39fc573458a9e9750ead335

SHA256
d9ceb9b33b9522f25a2c29497585e96cc563cb4a5e7b299c9a1208be6f8b286e

SHA512
f659fec0e58478c23f092845eaee8a7587e5e93dda9e94c84e95fe344c0fcf345208ace1715ced0c886614d3b57833021d69415053a4b7ba38226364b441335b

Download Submit
C:\Windows\System\wRStzTz.exe

Filesize
1.9MB

MD5
4fead86d84f5bac74d892c01a6f5b251

SHA1
1b6496b3189a6ee083e3bf7a39ee8d7cb537c841

SHA256
8633297cc520191cf20e49439b2af631e94215adcece251dcf479dbcdbe3a93d

SHA512
9d39d8826a9a86202b127ed6cb9a26a2383abb7c89122cc3210b54228e210df4a85462525730ee5b82f1a7e377fba399962fde0a309420c2e8400133aa9cc27a

Download Submit
C:\Windows\System\xGYMFQU.exe

Filesize
1.9MB

MD5
ead6974d4013a8128bc82399da260174

SHA1
59debc23a89c5e47b99f70b8aa8f9e43edff5f3b

SHA256
1e8425b010151cc4dfb0709581ef8f4e3458c289b3993f702a911bd2baa7b38e

SHA512
3b7373ffe62ebf56d16ba453c77063d47756368b083b3e50dadf966057b38011da71f5eb396bbde2dfaadf1dd5302ccf9c539fea81c223c444a8ce851e91422a

Download Submit
memory/704-98-0x00007FF7EA9B0000-0x00007FF7EADA2000-memory.dmp

Filesize
3.9MB

Download
memory/704-4003-0x00007FF7EA9B0000-0x00007FF7EADA2000-memory.dmp

Filesize
3.9MB

Download
memory/1180-315-0x00007FF6A31C0000-0x00007FF6A35B2000-memory.dmp

Filesize
3.9MB

Download
memory/1288-543-0x00007FF70ADF0000-0x00007FF70B1E2000-memory.dmp

Filesize
3.9MB

Download
memory/1392-236-0x00007FF602510000-0x00007FF602902000-memory.dmp

Filesize
3.9MB

Download
memory/1464-32-0x00007FF746E20000-0x00007FF747212000-memory.dmp

Filesize
3.9MB

Download
memory/1464-4034-0x00007FF746E20000-0x00007FF747212000-memory.dmp

Filesize
3.9MB

Download
memory/2432-435-0x00007FF78F300000-0x00007FF78F6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2448-181-0x00007FF7E4E10000-0x00007FF7E5202000-memory.dmp

Filesize
3.9MB

Download
memory/2800-257-0x00007FF74BC60000-0x00007FF74C052000-memory.dmp

Filesize
3.9MB

Download
memory/2928-408-0x00007FF7D8740000-0x00007FF7D8B32000-memory.dmp

Filesize
3.9MB

Download
memory/3056-0-0x00007FF69D440000-0x00007FF69D832000-memory.dmp

Filesize
3.9MB

Download
memory/3056-3996-0x00007FF69D440000-0x00007FF69D832000-memory.dmp

Filesize
3.9MB

Download
memory/3056-1-0x000001CFC9C00000-0x000001CFC9C10000-memory.dmp

Filesize
64KB

Download
memory/3200-546-0x00007FF64CA40000-0x00007FF64CE32000-memory.dmp

Filesize
3.9MB

Download
memory/3404-25-0x00007FF6D4D20000-0x00007FF6D5112000-memory.dmp

Filesize
3.9MB

Download
memory/3404-4032-0x00007FF6D4D20000-0x00007FF6D5112000-memory.dmp

Filesize
3.9MB

Download
memory/3460-544-0x00007FF6C0CF0000-0x00007FF6C10E2000-memory.dmp

Filesize
3.9MB

Download
memory/3668-11-0x00007FF74FE80000-0x00007FF750272000-memory.dmp

Filesize
3.9MB

Download
memory/3668-3995-0x00007FF74FE80000-0x00007FF750272000-memory.dmp

Filesize
3.9MB

Download
memory/3924-4001-0x00007FF6C43E0000-0x00007FF6C47D2000-memory.dmp

Filesize
3.9MB

Download
memory/3924-70-0x00007FF6C43E0000-0x00007FF6C47D2000-memory.dmp

Filesize
3.9MB

Download
memory/4028-434-0x00007FF7C2E70000-0x00007FF7C3262000-memory.dmp

Filesize
3.9MB

Download
memory/4296-241-0x00007FF64D480000-0x00007FF64D872000-memory.dmp

Filesize
3.9MB

Download
memory/4612-142-0x00007FF7FC6E0000-0x00007FF7FCAD2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-4005-0x00007FF7FC6E0000-0x00007FF7FCAD2000-memory.dmp

Filesize
3.9MB

Download
memory/4636-58-0x00007FF769460000-0x00007FF769852000-memory.dmp

Filesize
3.9MB

Download
memory/4636-4037-0x00007FF769460000-0x00007FF769852000-memory.dmp

Filesize
3.9MB

Download
memory/4660-385-0x00007FF746C70000-0x00007FF747062000-memory.dmp

Filesize
3.9MB

Download
memory/4740-55-0x00007FF65EAF0000-0x00007FF65EEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4740-3998-0x00007FF65EAF0000-0x00007FF65EEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4792-545-0x00007FF6AFF70000-0x00007FF6B0362000-memory.dmp

Filesize
3.9MB

Download
memory/5088-34-0x00000250ECF50000-0x00000250ECF60000-memory.dmp

Filesize
64KB

Download
memory/5088-35-0x00000250ECF50000-0x00000250ECF60000-memory.dmp

Filesize
64KB

Download
memory/5088-542-0x00007FFE63300000-0x00007FFE63DC1000-memory.dmp

Filesize
10.8MB

Download
memory/5088-522-0x00000250ED200000-0x00000250ED222000-memory.dmp

Filesize
136KB

Download