xmrig | f38ac5c1faf5c0c6b18bbda9e20e0b7d6ed64819f5c55f3d4639561b667d0dca

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
Size

2.0MB
MD5

0c1b9870aced18cee5c4f2bafd7b3919
SHA1

5462903a07e9ee37e7aa20dac95b2266907be101
SHA256

f38ac5c1faf5c0c6b18bbda9e20e0b7d6ed64819f5c55f3d4639561b667d0dca
SHA512

5e8986edc57e6d4e5004d0192354b3b393e9e09adfa0acb2eee4ef91960ed5e668f8df8b60940a3e6a05d1a0a8651e71d88e6e57557b6ecbbaf80b978eb32e6d
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+U1Ugu:NABV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 22 IoCs

miner

resource	yara_rule
behavioral2/memory/548-158-0x00007FF664000000-0x00007FF6643F2000-memory.dmp	xmrig
behavioral2/memory/2936-194-0x00007FF6222A0000-0x00007FF622692000-memory.dmp	xmrig
behavioral2/memory/2776-246-0x00007FF794110000-0x00007FF794502000-memory.dmp	xmrig
behavioral2/memory/3832-268-0x00007FF7B2A30000-0x00007FF7B2E22000-memory.dmp	xmrig
behavioral2/memory/892-341-0x00007FF711100000-0x00007FF7114F2000-memory.dmp	xmrig
behavioral2/memory/3044-395-0x00007FF6F38B0000-0x00007FF6F3CA2000-memory.dmp	xmrig
behavioral2/memory/5112-417-0x00007FF6260C0000-0x00007FF6264B2000-memory.dmp	xmrig
behavioral2/memory/4932-416-0x00007FF754CE0000-0x00007FF7550D2000-memory.dmp	xmrig
behavioral2/memory/3464-323-0x00007FF698EF0000-0x00007FF6992E2000-memory.dmp	xmrig
behavioral2/memory/2312-303-0x00007FF625AA0000-0x00007FF625E92000-memory.dmp	xmrig
behavioral2/memory/5084-279-0x00007FF79C3B0000-0x00007FF79C7A2000-memory.dmp	xmrig
behavioral2/memory/2316-218-0x00007FF7C7A60000-0x00007FF7C7E52000-memory.dmp	xmrig
behavioral2/memory/5108-195-0x00007FF711A20000-0x00007FF711E12000-memory.dmp	xmrig
behavioral2/memory/2900-159-0x00007FF7116C0000-0x00007FF711AB2000-memory.dmp	xmrig
behavioral2/memory/2736-139-0x00007FF695360000-0x00007FF695752000-memory.dmp	xmrig
behavioral2/memory/948-116-0x00007FF70F380000-0x00007FF70F772000-memory.dmp	xmrig
behavioral2/memory/1216-25-0x00007FF79F320000-0x00007FF79F712000-memory.dmp	xmrig
behavioral2/memory/4036-4579-0x00007FF643F10000-0x00007FF644302000-memory.dmp	xmrig
behavioral2/memory/4148-4575-0x00007FF673BE0000-0x00007FF673FD2000-memory.dmp	xmrig
behavioral2/memory/4520-4277-0x00007FF781B70000-0x00007FF781F62000-memory.dmp	xmrig
behavioral2/memory/4612-4035-0x00007FF678140000-0x00007FF678532000-memory.dmp	xmrig
behavioral2/memory/2088-4032-0x00007FF73FD70000-0x00007FF740162000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4520	DcWAWyf.exe
1216	OwWzeMe.exe
2088	pmWctsa.exe
4036	KtrWWWI.exe
3044	imYxvvP.exe
4148	KrKXFIv.exe
948	OlizgFS.exe
2736	PLJealC.exe
4932	FjbmtTA.exe
548	HObMztb.exe
2900	ThdQYUV.exe
2936	yCiUEJR.exe
5112	yDCPpME.exe
5108	dmwzzOt.exe
2316	bDxAver.exe
2776	TGXzNur.exe
3832	ndVgGLz.exe
5084	cWONatF.exe
2312	bESDtQb.exe
3464	VExYrUB.exe
892	xinbOGA.exe
4544	HLuqkGp.exe
3716	UENLZTT.exe
332	kcHlFCz.exe
5060	WKcjxsF.exe
3780	RsRUZzg.exe
2256	wagLMDu.exe
1196	txznvPW.exe
2644	VhGMkuP.exe
1556	RhiBDrH.exe
2688	gKGhKvx.exe
988	DOeqtkG.exe
1156	bAOdExY.exe
1244	AlaGyqB.exe
4600	EhVwwwm.exe
4084	IxJOhaG.exe
4944	jLlXvGK.exe
3124	djSrpqY.exe
3848	qtcCEaz.exe
852	PuISqvj.exe
2692	wSbicgI.exe
456	IuDlBcM.exe
2964	EkSuZLJ.exe
2732	BVFXmvy.exe
4700	gYSAJbH.exe
3268	wsmrpAb.exe
2228	LpDdLDU.exe
1076	NoFkzSe.exe
4856	FOdHKJN.exe
4816	DxDiAZL.exe
2356	FOAnGnm.exe
2376	tBPwVdW.exe
4796	GLIdvXR.exe
4304	ReutAUN.exe
4316	raXzSed.exe
1264	SpWiapB.exe
4320	HfvrAVg.exe
2672	kmXGCfR.exe
4028	yGhzzDY.exe
3868	CwsVQEk.exe
2716	cTQhAuD.exe
1968	sbJArZF.exe
3600	HCNqAll.exe
4864	jHQlypj.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4612-0-0x00007FF678140000-0x00007FF678532000-memory.dmp	upx
behavioral2/files/0x000b000000023bac-5.dat	upx
behavioral2/files/0x000a000000023bb0-11.dat	upx
behavioral2/files/0x000a000000023bb3-31.dat	upx
behavioral2/memory/2088-39-0x00007FF73FD70000-0x00007FF740162000-memory.dmp	upx
behavioral2/files/0x0031000000023bb6-38.dat	upx
behavioral2/files/0x0031000000023bb7-53.dat	upx
behavioral2/files/0x000a000000023bb1-34.dat	upx
behavioral2/files/0x000a000000023bbd-87.dat	upx
behavioral2/files/0x000a000000023bcc-134.dat	upx
behavioral2/memory/548-158-0x00007FF664000000-0x00007FF6643F2000-memory.dmp	upx
behavioral2/memory/2936-194-0x00007FF6222A0000-0x00007FF622692000-memory.dmp	upx
behavioral2/memory/2776-246-0x00007FF794110000-0x00007FF794502000-memory.dmp	upx
behavioral2/memory/3832-268-0x00007FF7B2A30000-0x00007FF7B2E22000-memory.dmp	upx
behavioral2/memory/892-341-0x00007FF711100000-0x00007FF7114F2000-memory.dmp	upx
behavioral2/memory/3044-395-0x00007FF6F38B0000-0x00007FF6F3CA2000-memory.dmp	upx
behavioral2/memory/5112-417-0x00007FF6260C0000-0x00007FF6264B2000-memory.dmp	upx
behavioral2/memory/4932-416-0x00007FF754CE0000-0x00007FF7550D2000-memory.dmp	upx
behavioral2/memory/3464-323-0x00007FF698EF0000-0x00007FF6992E2000-memory.dmp	upx
behavioral2/memory/2312-303-0x00007FF625AA0000-0x00007FF625E92000-memory.dmp	upx
behavioral2/memory/5084-279-0x00007FF79C3B0000-0x00007FF79C7A2000-memory.dmp	upx
behavioral2/memory/2316-218-0x00007FF7C7A60000-0x00007FF7C7E52000-memory.dmp	upx
behavioral2/memory/5108-195-0x00007FF711A20000-0x00007FF711E12000-memory.dmp	upx
behavioral2/files/0x000a000000023bc6-192.dat	upx
behavioral2/files/0x000b000000023bbb-191.dat	upx
behavioral2/files/0x000a000000023bc4-190.dat	upx
behavioral2/files/0x000a000000023bcb-180.dat	upx
behavioral2/files/0x000b000000023bbc-177.dat	upx
behavioral2/files/0x000a000000023bc3-174.dat	upx
behavioral2/files/0x000a000000023bc9-167.dat	upx
behavioral2/files/0x000a000000023bca-170.dat	upx
behavioral2/files/0x000a000000023bc1-163.dat	upx
behavioral2/files/0x000a000000023bc8-161.dat	upx
behavioral2/files/0x000a000000023bd1-160.dat	upx
behavioral2/files/0x000a000000023bc0-196.dat	upx
behavioral2/memory/2900-159-0x00007FF7116C0000-0x00007FF711AB2000-memory.dmp	upx
behavioral2/files/0x000a000000023bd0-157.dat	upx
behavioral2/files/0x000a000000023bcf-156.dat	upx
behavioral2/files/0x000a000000023bce-155.dat	upx
behavioral2/files/0x000a000000023bc2-148.dat	upx
behavioral2/files/0x000a000000023bc7-141.dat	upx
behavioral2/memory/2736-139-0x00007FF695360000-0x00007FF695752000-memory.dmp	upx
behavioral2/files/0x000a000000023bcd-137.dat	upx
behavioral2/files/0x000a000000023bc5-150.dat	upx
behavioral2/files/0x000a000000023bbe-132.dat	upx
behavioral2/memory/948-116-0x00007FF70F380000-0x00007FF70F772000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-135.dat	upx
behavioral2/files/0x000a000000023bba-101.dat	upx
behavioral2/files/0x000a000000023bb4-100.dat	upx
behavioral2/files/0x000a000000023bb9-96.dat	upx
behavioral2/files/0x0031000000023bb8-89.dat	upx
behavioral2/memory/4148-74-0x00007FF673BE0000-0x00007FF673FD2000-memory.dmp	upx
behavioral2/files/0x000a000000023bb5-65.dat	upx
behavioral2/files/0x000a000000023bb2-61.dat	upx
behavioral2/memory/4036-40-0x00007FF643F10000-0x00007FF644302000-memory.dmp	upx
behavioral2/memory/1216-25-0x00007FF79F320000-0x00007FF79F712000-memory.dmp	upx
behavioral2/memory/4520-20-0x00007FF781B70000-0x00007FF781F62000-memory.dmp	upx
behavioral2/memory/4036-4579-0x00007FF643F10000-0x00007FF644302000-memory.dmp	upx
behavioral2/memory/4148-4575-0x00007FF673BE0000-0x00007FF673FD2000-memory.dmp	upx
behavioral2/memory/4520-4277-0x00007FF781B70000-0x00007FF781F62000-memory.dmp	upx
behavioral2/memory/4612-4035-0x00007FF678140000-0x00007FF678532000-memory.dmp	upx
behavioral2/memory/2088-4032-0x00007FF73FD70000-0x00007FF740162000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IdBtVLi.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\vBvJDbB.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\bfpcmmz.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\YWMZtPr.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ZlUoYYn.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\SWrXnbk.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\aKOcleR.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\rLHqhTB.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ZwUYNSm.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\fFmHjVA.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\NSVbOHa.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\mIPIdCS.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\OoNJrNh.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\dbDIGDk.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ecgWBRT.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\pQHIkkg.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\irjdPEO.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\sJNyBZn.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\XlCucRY.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\vuuzghf.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\LMWPMCD.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\pbdjzPR.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\CrBsgiE.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\SIdenWq.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\yaSCMrZ.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\cvlLjeU.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\YVFjXaK.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\yEeGFaZ.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\AnIOnju.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\vPsClgX.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\fdLskne.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\VhAylIP.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\WJGGMeW.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\TrAWLXr.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\VlGnkcz.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ACVoinM.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\DNNjsLL.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\aJYBFZz.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\iVGjblU.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\KuqXleN.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\VJoyUGL.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ctEaVkX.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\lidURKS.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\uiONAfq.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\cTQhAuD.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\oaVetIg.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ZDLHeFI.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\kwtONeA.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\PXBOkLA.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\LXBEmgj.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\gTuTTPE.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\jPhlisW.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\uFjwNso.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\YIEKvwS.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\QtQREXM.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\DOeqtkG.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\lOjexNi.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ljCtBLc.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\PfEhnPw.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\AjhEmnO.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\gHeLqqC.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\ekMKeII.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\RVezbqO.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
File created	C:\Windows\System\txXOyru.exe	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1560	powershell.exe
1560	powershell.exe
1560	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
10464	Process not Found
10268	Process not Found
12900	Process not Found
9864	Process not Found
11504	Process not Found
7960	Process not Found
6892	Process not Found
9980	Process not Found
1080	Process not Found
3768	Process not Found
1280	Process not Found
13740	Process not Found
13564	Process not Found
11900	Process not Found
13332	Process not Found
1016	Process not Found
1692	Process not Found
3724	Process not Found
584	Process not Found
404	Process not Found
1924	Process not Found
4724	Process not Found
588	Process not Found
1012	Process not Found
13648	Process not Found
13588	Process not Found
1580	Process not Found
4436	Process not Found
1204	Process not Found
528	Process not Found
544	Process not Found
4532	Process not Found
376	Process not Found
2392	Process not Found
5280	Process not Found
3576	Process not Found
2332	Process not Found
856	Process not Found
448	Process not Found
736	Process not Found
3048	Process not Found
5276	Process not Found
5320	Process not Found
5392	Process not Found
1820	Process not Found
2700	Process not Found
5176	Process not Found
5496	Process not Found
5500	Process not Found
5560	Process not Found
984	Process not Found
5604	Process not Found
5676	Process not Found
4776	Process not Found
5624	Process not Found
13884	Process not Found
5796	Process not Found
13728	Process not Found
5816	Process not Found
5980	Process not Found
14296	Process not Found
5848	Process not Found
6120	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1560	powershell.exe
Token: SeLockMemoryPrivilege	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	13304	dwm.exe
Token: SeChangeNotifyPrivilege	13304	dwm.exe
Token: 33	13304	dwm.exe
Token: SeIncBasePriorityPrivilege	13304	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 1560	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	84
PID 4612 wrote to memory of 1560	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	84
PID 4612 wrote to memory of 4520	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	85
PID 4612 wrote to memory of 4520	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	85
PID 4612 wrote to memory of 1216	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	86
PID 4612 wrote to memory of 1216	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	86
PID 4612 wrote to memory of 2088	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	87
PID 4612 wrote to memory of 2088	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	87
PID 4612 wrote to memory of 4036	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	88
PID 4612 wrote to memory of 4036	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	88
PID 4612 wrote to memory of 3044	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	89
PID 4612 wrote to memory of 3044	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	89
PID 4612 wrote to memory of 4148	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	90
PID 4612 wrote to memory of 4148	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	90
PID 4612 wrote to memory of 948	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	91
PID 4612 wrote to memory of 948	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	91
PID 4612 wrote to memory of 2736	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	92
PID 4612 wrote to memory of 2736	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	92
PID 4612 wrote to memory of 4932	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	93
PID 4612 wrote to memory of 4932	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	93
PID 4612 wrote to memory of 548	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	94
PID 4612 wrote to memory of 548	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	94
PID 4612 wrote to memory of 2900	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	95
PID 4612 wrote to memory of 2900	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	95
PID 4612 wrote to memory of 2936	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	96
PID 4612 wrote to memory of 2936	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	96
PID 4612 wrote to memory of 5112	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	97
PID 4612 wrote to memory of 5112	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	97
PID 4612 wrote to memory of 5108	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	98
PID 4612 wrote to memory of 5108	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	98
PID 4612 wrote to memory of 2316	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	99
PID 4612 wrote to memory of 2316	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	99
PID 4612 wrote to memory of 3716	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	100
PID 4612 wrote to memory of 3716	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	100
PID 4612 wrote to memory of 332	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	101
PID 4612 wrote to memory of 332	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	101
PID 4612 wrote to memory of 2776	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	102
PID 4612 wrote to memory of 2776	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	102
PID 4612 wrote to memory of 3832	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	103
PID 4612 wrote to memory of 3832	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	103
PID 4612 wrote to memory of 5084	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	104
PID 4612 wrote to memory of 5084	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	104
PID 4612 wrote to memory of 2312	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	105
PID 4612 wrote to memory of 2312	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	105
PID 4612 wrote to memory of 3464	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	106
PID 4612 wrote to memory of 3464	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	106
PID 4612 wrote to memory of 892	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	107
PID 4612 wrote to memory of 892	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	107
PID 4612 wrote to memory of 4544	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	108
PID 4612 wrote to memory of 4544	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	108
PID 4612 wrote to memory of 5060	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	109
PID 4612 wrote to memory of 5060	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	109
PID 4612 wrote to memory of 3780	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	110
PID 4612 wrote to memory of 3780	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	110
PID 4612 wrote to memory of 2256	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	111
PID 4612 wrote to memory of 2256	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	111
PID 4612 wrote to memory of 1196	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	112
PID 4612 wrote to memory of 1196	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	112
PID 4612 wrote to memory of 2644	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	113
PID 4612 wrote to memory of 2644	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	113
PID 4612 wrote to memory of 1556	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	114
PID 4612 wrote to memory of 1556	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	114
PID 4612 wrote to memory of 2688	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	115
PID 4612 wrote to memory of 2688	4612	0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c1b9870aced18cee5c4f2bafd7b3919_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1560
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1560" "2532" "2460" "2536" "0" "0" "2540" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:14256
- C:\Windows\System\DcWAWyf.exe
  C:\Windows\System\DcWAWyf.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\OwWzeMe.exe
  C:\Windows\System\OwWzeMe.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\pmWctsa.exe
  C:\Windows\System\pmWctsa.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\KtrWWWI.exe
  C:\Windows\System\KtrWWWI.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\imYxvvP.exe
  C:\Windows\System\imYxvvP.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\KrKXFIv.exe
  C:\Windows\System\KrKXFIv.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\OlizgFS.exe
  C:\Windows\System\OlizgFS.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\PLJealC.exe
  C:\Windows\System\PLJealC.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FjbmtTA.exe
  C:\Windows\System\FjbmtTA.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\HObMztb.exe
  C:\Windows\System\HObMztb.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\ThdQYUV.exe
  C:\Windows\System\ThdQYUV.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\yCiUEJR.exe
  C:\Windows\System\yCiUEJR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\yDCPpME.exe
  C:\Windows\System\yDCPpME.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\dmwzzOt.exe
  C:\Windows\System\dmwzzOt.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\bDxAver.exe
  C:\Windows\System\bDxAver.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UENLZTT.exe
  C:\Windows\System\UENLZTT.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\kcHlFCz.exe
  C:\Windows\System\kcHlFCz.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\TGXzNur.exe
  C:\Windows\System\TGXzNur.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ndVgGLz.exe
  C:\Windows\System\ndVgGLz.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\cWONatF.exe
  C:\Windows\System\cWONatF.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\bESDtQb.exe
  C:\Windows\System\bESDtQb.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\VExYrUB.exe
  C:\Windows\System\VExYrUB.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\xinbOGA.exe
  C:\Windows\System\xinbOGA.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\HLuqkGp.exe
  C:\Windows\System\HLuqkGp.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\WKcjxsF.exe
  C:\Windows\System\WKcjxsF.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\RsRUZzg.exe
  C:\Windows\System\RsRUZzg.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\wagLMDu.exe
  C:\Windows\System\wagLMDu.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\txznvPW.exe
  C:\Windows\System\txznvPW.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\VhGMkuP.exe
  C:\Windows\System\VhGMkuP.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RhiBDrH.exe
  C:\Windows\System\RhiBDrH.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\gKGhKvx.exe
  C:\Windows\System\gKGhKvx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\DOeqtkG.exe
  C:\Windows\System\DOeqtkG.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\bAOdExY.exe
  C:\Windows\System\bAOdExY.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\AlaGyqB.exe
  C:\Windows\System\AlaGyqB.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\EhVwwwm.exe
  C:\Windows\System\EhVwwwm.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\IxJOhaG.exe
  C:\Windows\System\IxJOhaG.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\jLlXvGK.exe
  C:\Windows\System\jLlXvGK.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\djSrpqY.exe
  C:\Windows\System\djSrpqY.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\qtcCEaz.exe
  C:\Windows\System\qtcCEaz.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\PuISqvj.exe
  C:\Windows\System\PuISqvj.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\wSbicgI.exe
  C:\Windows\System\wSbicgI.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\SpWiapB.exe
  C:\Windows\System\SpWiapB.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\IuDlBcM.exe
  C:\Windows\System\IuDlBcM.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\EkSuZLJ.exe
  C:\Windows\System\EkSuZLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\BVFXmvy.exe
  C:\Windows\System\BVFXmvy.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\gYSAJbH.exe
  C:\Windows\System\gYSAJbH.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\wsmrpAb.exe
  C:\Windows\System\wsmrpAb.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\LpDdLDU.exe
  C:\Windows\System\LpDdLDU.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\NoFkzSe.exe
  C:\Windows\System\NoFkzSe.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\FOdHKJN.exe
  C:\Windows\System\FOdHKJN.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\DxDiAZL.exe
  C:\Windows\System\DxDiAZL.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\FOAnGnm.exe
  C:\Windows\System\FOAnGnm.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\tBPwVdW.exe
  C:\Windows\System\tBPwVdW.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GLIdvXR.exe
  C:\Windows\System\GLIdvXR.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\ReutAUN.exe
  C:\Windows\System\ReutAUN.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\raXzSed.exe
  C:\Windows\System\raXzSed.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\HfvrAVg.exe
  C:\Windows\System\HfvrAVg.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\kmXGCfR.exe
  C:\Windows\System\kmXGCfR.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\yGhzzDY.exe
  C:\Windows\System\yGhzzDY.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\CwsVQEk.exe
  C:\Windows\System\CwsVQEk.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\cTQhAuD.exe
  C:\Windows\System\cTQhAuD.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\sbJArZF.exe
  C:\Windows\System\sbJArZF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\HCNqAll.exe
  C:\Windows\System\HCNqAll.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\jHQlypj.exe
  C:\Windows\System\jHQlypj.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\eFPrQpb.exe
  C:\Windows\System\eFPrQpb.exe
  2⤵
  PID:412
- C:\Windows\System\nDnvGku.exe
  C:\Windows\System\nDnvGku.exe
  2⤵
  PID:5092
- C:\Windows\System\MhOkUoh.exe
  C:\Windows\System\MhOkUoh.exe
  2⤵
  PID:2888
- C:\Windows\System\qBGtZYe.exe
  C:\Windows\System\qBGtZYe.exe
  2⤵
  PID:3224
- C:\Windows\System\LhrljdX.exe
  C:\Windows\System\LhrljdX.exe
  2⤵
  PID:3944
- C:\Windows\System\sfkSeTA.exe
  C:\Windows\System\sfkSeTA.exe
  2⤵
  PID:816
- C:\Windows\System\pQHIkkg.exe
  C:\Windows\System\pQHIkkg.exe
  2⤵
  PID:2152
- C:\Windows\System\Nhqnxkx.exe
  C:\Windows\System\Nhqnxkx.exe
  2⤵
  PID:4656
- C:\Windows\System\vuuzghf.exe
  C:\Windows\System\vuuzghf.exe
  2⤵
  PID:3520
- C:\Windows\System\yUzwjmS.exe
  C:\Windows\System\yUzwjmS.exe
  2⤵
  PID:3924
- C:\Windows\System\dTpsBzo.exe
  C:\Windows\System\dTpsBzo.exe
  2⤵
  PID:1660
- C:\Windows\System\yXVPSWa.exe
  C:\Windows\System\yXVPSWa.exe
  2⤵
  PID:2996
- C:\Windows\System\JZDWJBr.exe
  C:\Windows\System\JZDWJBr.exe
  2⤵
  PID:2004
- C:\Windows\System\sHkyJXj.exe
  C:\Windows\System\sHkyJXj.exe
  2⤵
  PID:3672
- C:\Windows\System\cWOVFvo.exe
  C:\Windows\System\cWOVFvo.exe
  2⤵
  PID:3220
- C:\Windows\System\HqgHHUo.exe
  C:\Windows\System\HqgHHUo.exe
  2⤵
  PID:1192
- C:\Windows\System\guyFIxK.exe
  C:\Windows\System\guyFIxK.exe
  2⤵
  PID:1792
- C:\Windows\System\ubzSDEL.exe
  C:\Windows\System\ubzSDEL.exe
  2⤵
  PID:5132
- C:\Windows\System\GpmRBiP.exe
  C:\Windows\System\GpmRBiP.exe
  2⤵
  PID:5164
- C:\Windows\System\XEVKUFb.exe
  C:\Windows\System\XEVKUFb.exe
  2⤵
  PID:5352
- C:\Windows\System\oCulWXx.exe
  C:\Windows\System\oCulWXx.exe
  2⤵
  PID:5368
- C:\Windows\System\QojEuCZ.exe
  C:\Windows\System\QojEuCZ.exe
  2⤵
  PID:5400
- C:\Windows\System\uHvunRF.exe
  C:\Windows\System\uHvunRF.exe
  2⤵
  PID:5416
- C:\Windows\System\DcZKNKf.exe
  C:\Windows\System\DcZKNKf.exe
  2⤵
  PID:5440
- C:\Windows\System\HCmKHzI.exe
  C:\Windows\System\HCmKHzI.exe
  2⤵
  PID:5464
- C:\Windows\System\rWpZXKb.exe
  C:\Windows\System\rWpZXKb.exe
  2⤵
  PID:5480
- C:\Windows\System\ZhggUJK.exe
  C:\Windows\System\ZhggUJK.exe
  2⤵
  PID:5504
- C:\Windows\System\sANwXxa.exe
  C:\Windows\System\sANwXxa.exe
  2⤵
  PID:5524
- C:\Windows\System\RGLquIx.exe
  C:\Windows\System\RGLquIx.exe
  2⤵
  PID:5544
- C:\Windows\System\mzxyPQZ.exe
  C:\Windows\System\mzxyPQZ.exe
  2⤵
  PID:5564
- C:\Windows\System\OBhXDiq.exe
  C:\Windows\System\OBhXDiq.exe
  2⤵
  PID:5588
- C:\Windows\System\XOTgYxZ.exe
  C:\Windows\System\XOTgYxZ.exe
  2⤵
  PID:5608
- C:\Windows\System\hQVYnEN.exe
  C:\Windows\System\hQVYnEN.exe
  2⤵
  PID:5636
- C:\Windows\System\fwvioPy.exe
  C:\Windows\System\fwvioPy.exe
  2⤵
  PID:5656
- C:\Windows\System\BQphJIP.exe
  C:\Windows\System\BQphJIP.exe
  2⤵
  PID:5700
- C:\Windows\System\YIHXhhz.exe
  C:\Windows\System\YIHXhhz.exe
  2⤵
  PID:5724
- C:\Windows\System\ORaNTUx.exe
  C:\Windows\System\ORaNTUx.exe
  2⤵
  PID:5884
- C:\Windows\System\rqkFwdV.exe
  C:\Windows\System\rqkFwdV.exe
  2⤵
  PID:5936
- C:\Windows\System\nluZbTa.exe
  C:\Windows\System\nluZbTa.exe
  2⤵
  PID:5952
- C:\Windows\System\CMAzoTS.exe
  C:\Windows\System\CMAzoTS.exe
  2⤵
  PID:5984
- C:\Windows\System\cCiRuNV.exe
  C:\Windows\System\cCiRuNV.exe
  2⤵
  PID:6000
- C:\Windows\System\EhTWmJa.exe
  C:\Windows\System\EhTWmJa.exe
  2⤵
  PID:6020
- C:\Windows\System\uWshdfO.exe
  C:\Windows\System\uWshdfO.exe
  2⤵
  PID:6040
- C:\Windows\System\ACVoinM.exe
  C:\Windows\System\ACVoinM.exe
  2⤵
  PID:6060
- C:\Windows\System\FXDckJy.exe
  C:\Windows\System\FXDckJy.exe
  2⤵
  PID:6080
- C:\Windows\System\qGPNXan.exe
  C:\Windows\System\qGPNXan.exe
  2⤵
  PID:6096
- C:\Windows\System\tmWwhZN.exe
  C:\Windows\System\tmWwhZN.exe
  2⤵
  PID:2800
- C:\Windows\System\tykEqer.exe
  C:\Windows\System\tykEqer.exe
  2⤵
  PID:2380
- C:\Windows\System\RhOEAou.exe
  C:\Windows\System\RhOEAou.exe
  2⤵
  PID:4976
- C:\Windows\System\BABWXwZ.exe
  C:\Windows\System\BABWXwZ.exe
  2⤵
  PID:5152
- C:\Windows\System\fBMsFWd.exe
  C:\Windows\System\fBMsFWd.exe
  2⤵
  PID:5232
- C:\Windows\System\wvWLKrs.exe
  C:\Windows\System\wvWLKrs.exe
  2⤵
  PID:5304
- C:\Windows\System\xpNARSY.exe
  C:\Windows\System\xpNARSY.exe
  2⤵
  PID:5740
- C:\Windows\System\MfRIsNN.exe
  C:\Windows\System\MfRIsNN.exe
  2⤵
  PID:5380
- C:\Windows\System\hozRJlV.exe
  C:\Windows\System\hozRJlV.exe
  2⤵
  PID:5436
- C:\Windows\System\gPGkhHv.exe
  C:\Windows\System\gPGkhHv.exe
  2⤵
  PID:5492
- C:\Windows\System\NUhPVto.exe
  C:\Windows\System\NUhPVto.exe
  2⤵
  PID:5536
- C:\Windows\System\RuoSFBX.exe
  C:\Windows\System\RuoSFBX.exe
  2⤵
  PID:5596
- C:\Windows\System\GuibXcH.exe
  C:\Windows\System\GuibXcH.exe
  2⤵
  PID:5644
- C:\Windows\System\PgHYcIT.exe
  C:\Windows\System\PgHYcIT.exe
  2⤵
  PID:5712
- C:\Windows\System\hIpUoWv.exe
  C:\Windows\System\hIpUoWv.exe
  2⤵
  PID:5764
- C:\Windows\System\kWmfjEZ.exe
  C:\Windows\System\kWmfjEZ.exe
  2⤵
  PID:5844
- C:\Windows\System\pFDfilp.exe
  C:\Windows\System\pFDfilp.exe
  2⤵
  PID:5904
- C:\Windows\System\aiWVKdc.exe
  C:\Windows\System\aiWVKdc.exe
  2⤵
  PID:5944
- C:\Windows\System\JHZhoNc.exe
  C:\Windows\System\JHZhoNc.exe
  2⤵
  PID:5996
- C:\Windows\System\rSEvCrE.exe
  C:\Windows\System\rSEvCrE.exe
  2⤵
  PID:6048
- C:\Windows\System\mBuVEmK.exe
  C:\Windows\System\mBuVEmK.exe
  2⤵
  PID:6104
- C:\Windows\System\aSSWSra.exe
  C:\Windows\System\aSSWSra.exe
  2⤵
  PID:5036
- C:\Windows\System\JNhuvet.exe
  C:\Windows\System\JNhuvet.exe
  2⤵
  PID:3104
- C:\Windows\System\uRNEiqo.exe
  C:\Windows\System\uRNEiqo.exe
  2⤵
  PID:2284
- C:\Windows\System\RxCotsB.exe
  C:\Windows\System\RxCotsB.exe
  2⤵
  PID:2844
- C:\Windows\System\qDXlpMA.exe
  C:\Windows\System\qDXlpMA.exe
  2⤵
  PID:3612
- C:\Windows\System\yeuLiEh.exe
  C:\Windows\System\yeuLiEh.exe
  2⤵
  PID:3736
- C:\Windows\System\AKGCrhm.exe
  C:\Windows\System\AKGCrhm.exe
  2⤵
  PID:3312
- C:\Windows\System\SKcGept.exe
  C:\Windows\System\SKcGept.exe
  2⤵
  PID:916
- C:\Windows\System\sGxqyMi.exe
  C:\Windows\System\sGxqyMi.exe
  2⤵
  PID:3856
- C:\Windows\System\WLgnZJD.exe
  C:\Windows\System\WLgnZJD.exe
  2⤵
  PID:4644
- C:\Windows\System\VBpROYp.exe
  C:\Windows\System\VBpROYp.exe
  2⤵
  PID:1912
- C:\Windows\System\xLRZDPW.exe
  C:\Windows\System\xLRZDPW.exe
  2⤵
  PID:2248
- C:\Windows\System\dQSsWzl.exe
  C:\Windows\System\dQSsWzl.exe
  2⤵
  PID:2440
- C:\Windows\System\sFKEqTN.exe
  C:\Windows\System\sFKEqTN.exe
  2⤵
  PID:4476
- C:\Windows\System\ApnGRoY.exe
  C:\Windows\System\ApnGRoY.exe
  2⤵
  PID:3920
- C:\Windows\System\PqrfpoS.exe
  C:\Windows\System\PqrfpoS.exe
  2⤵
  PID:1576
- C:\Windows\System\vQqqdBM.exe
  C:\Windows\System\vQqqdBM.exe
  2⤵
  PID:4484
- C:\Windows\System\wYHgrAJ.exe
  C:\Windows\System\wYHgrAJ.exe
  2⤵
  PID:3556
- C:\Windows\System\DyKWkco.exe
  C:\Windows\System\DyKWkco.exe
  2⤵
  PID:2244
- C:\Windows\System\gWhwwkG.exe
  C:\Windows\System\gWhwwkG.exe
  2⤵
  PID:4812
- C:\Windows\System\RQpLnYq.exe
  C:\Windows\System\RQpLnYq.exe
  2⤵
  PID:2780
- C:\Windows\System\nBJcPNW.exe
  C:\Windows\System\nBJcPNW.exe
  2⤵
  PID:5324
- C:\Windows\System\bYgXXoI.exe
  C:\Windows\System\bYgXXoI.exe
  2⤵
  PID:5412
- C:\Windows\System\krEWgFL.exe
  C:\Windows\System\krEWgFL.exe
  2⤵
  PID:5488
- C:\Windows\System\stMFyez.exe
  C:\Windows\System\stMFyez.exe
  2⤵
  PID:5732
- C:\Windows\System\XKHuhZR.exe
  C:\Windows\System\XKHuhZR.exe
  2⤵
  PID:3300
- C:\Windows\System\tnSDvhW.exe
  C:\Windows\System\tnSDvhW.exe
  2⤵
  PID:228
- C:\Windows\System\EHyImtm.exe
  C:\Windows\System\EHyImtm.exe
  2⤵
  PID:4768
- C:\Windows\System\hLrkcQl.exe
  C:\Windows\System\hLrkcQl.exe
  2⤵
  PID:5992
- C:\Windows\System\NCyaFsA.exe
  C:\Windows\System\NCyaFsA.exe
  2⤵
  PID:3120
- C:\Windows\System\ZWMnSLs.exe
  C:\Windows\System\ZWMnSLs.exe
  2⤵
  PID:2016
- C:\Windows\System\gkxCvXp.exe
  C:\Windows\System\gkxCvXp.exe
  2⤵
  PID:1640
- C:\Windows\System\BYLMYQM.exe
  C:\Windows\System\BYLMYQM.exe
  2⤵
  PID:3204
- C:\Windows\System\gPegjnm.exe
  C:\Windows\System\gPegjnm.exe
  2⤵
  PID:4416
- C:\Windows\System\pPTSiQt.exe
  C:\Windows\System\pPTSiQt.exe
  2⤵
  PID:5620
- C:\Windows\System\dfCTkVB.exe
  C:\Windows\System\dfCTkVB.exe
  2⤵
  PID:6156
- C:\Windows\System\AJNyKcr.exe
  C:\Windows\System\AJNyKcr.exe
  2⤵
  PID:6188
- C:\Windows\System\JIHSfmh.exe
  C:\Windows\System\JIHSfmh.exe
  2⤵
  PID:6208
- C:\Windows\System\JJouCrt.exe
  C:\Windows\System\JJouCrt.exe
  2⤵
  PID:6224
- C:\Windows\System\GqGlmPW.exe
  C:\Windows\System\GqGlmPW.exe
  2⤵
  PID:6252
- C:\Windows\System\jyqwmHa.exe
  C:\Windows\System\jyqwmHa.exe
  2⤵
  PID:6276
- C:\Windows\System\fdcdDRP.exe
  C:\Windows\System\fdcdDRP.exe
  2⤵
  PID:6296
- C:\Windows\System\xNxaTGK.exe
  C:\Windows\System\xNxaTGK.exe
  2⤵
  PID:6312
- C:\Windows\System\TCjozZG.exe
  C:\Windows\System\TCjozZG.exe
  2⤵
  PID:6340
- C:\Windows\System\yqAbpgX.exe
  C:\Windows\System\yqAbpgX.exe
  2⤵
  PID:6364
- C:\Windows\System\iPaqnjI.exe
  C:\Windows\System\iPaqnjI.exe
  2⤵
  PID:6384
- C:\Windows\System\pytOzub.exe
  C:\Windows\System\pytOzub.exe
  2⤵
  PID:6408
- C:\Windows\System\eyJSXso.exe
  C:\Windows\System\eyJSXso.exe
  2⤵
  PID:6424
- C:\Windows\System\wmaPIzB.exe
  C:\Windows\System\wmaPIzB.exe
  2⤵
  PID:6448
- C:\Windows\System\IpEinma.exe
  C:\Windows\System\IpEinma.exe
  2⤵
  PID:6472
- C:\Windows\System\YIOaTLs.exe
  C:\Windows\System\YIOaTLs.exe
  2⤵
  PID:6496
- C:\Windows\System\ZACVZuf.exe
  C:\Windows\System\ZACVZuf.exe
  2⤵
  PID:6520
- C:\Windows\System\XEBRVmX.exe
  C:\Windows\System\XEBRVmX.exe
  2⤵
  PID:6536
- C:\Windows\System\kYujhuE.exe
  C:\Windows\System\kYujhuE.exe
  2⤵
  PID:6560
- C:\Windows\System\RHFyFqK.exe
  C:\Windows\System\RHFyFqK.exe
  2⤵
  PID:6584
- C:\Windows\System\UHgYLEb.exe
  C:\Windows\System\UHgYLEb.exe
  2⤵
  PID:6600
- C:\Windows\System\laMnDod.exe
  C:\Windows\System\laMnDod.exe
  2⤵
  PID:6624
- C:\Windows\System\NdVhJrf.exe
  C:\Windows\System\NdVhJrf.exe
  2⤵
  PID:6648
- C:\Windows\System\dzXtSMR.exe
  C:\Windows\System\dzXtSMR.exe
  2⤵
  PID:6672
- C:\Windows\System\clLgGwB.exe
  C:\Windows\System\clLgGwB.exe
  2⤵
  PID:6688
- C:\Windows\System\sYAbfnn.exe
  C:\Windows\System\sYAbfnn.exe
  2⤵
  PID:6724
- C:\Windows\System\popGLcv.exe
  C:\Windows\System\popGLcv.exe
  2⤵
  PID:6744
- C:\Windows\System\OZhUvwv.exe
  C:\Windows\System\OZhUvwv.exe
  2⤵
  PID:6772
- C:\Windows\System\KlxPghl.exe
  C:\Windows\System\KlxPghl.exe
  2⤵
  PID:6796
- C:\Windows\System\fmpWfCz.exe
  C:\Windows\System\fmpWfCz.exe
  2⤵
  PID:6820
- C:\Windows\System\DiwYvIM.exe
  C:\Windows\System\DiwYvIM.exe
  2⤵
  PID:6844
- C:\Windows\System\gAzZBls.exe
  C:\Windows\System\gAzZBls.exe
  2⤵
  PID:6864
- C:\Windows\System\pwawSPu.exe
  C:\Windows\System\pwawSPu.exe
  2⤵
  PID:6884
- C:\Windows\System\ponAtPq.exe
  C:\Windows\System\ponAtPq.exe
  2⤵
  PID:6912
- C:\Windows\System\ZlbODrv.exe
  C:\Windows\System\ZlbODrv.exe
  2⤵
  PID:6928
- C:\Windows\System\kkZhoCk.exe
  C:\Windows\System\kkZhoCk.exe
  2⤵
  PID:6956
- C:\Windows\System\ZkYRzJo.exe
  C:\Windows\System\ZkYRzJo.exe
  2⤵
  PID:6980
- C:\Windows\System\CAnZRWC.exe
  C:\Windows\System\CAnZRWC.exe
  2⤵
  PID:7012
- C:\Windows\System\dxtZmGC.exe
  C:\Windows\System\dxtZmGC.exe
  2⤵
  PID:7028
- C:\Windows\System\uSAPZia.exe
  C:\Windows\System\uSAPZia.exe
  2⤵
  PID:7048
- C:\Windows\System\rfdVfTi.exe
  C:\Windows\System\rfdVfTi.exe
  2⤵
  PID:7068
- C:\Windows\System\xrwmavE.exe
  C:\Windows\System\xrwmavE.exe
  2⤵
  PID:7100
- C:\Windows\System\Bqxyras.exe
  C:\Windows\System\Bqxyras.exe
  2⤵
  PID:7124
- C:\Windows\System\QXTGZyf.exe
  C:\Windows\System\QXTGZyf.exe
  2⤵
  PID:7148
- C:\Windows\System\HSPKBDO.exe
  C:\Windows\System\HSPKBDO.exe
  2⤵
  PID:3760
- C:\Windows\System\cONOllC.exe
  C:\Windows\System\cONOllC.exe
  2⤵
  PID:5256
- C:\Windows\System\SWDoJDf.exe
  C:\Windows\System\SWDoJDf.exe
  2⤵
  PID:1952
- C:\Windows\System\fvqkxCf.exe
  C:\Windows\System\fvqkxCf.exe
  2⤵
  PID:5236
- C:\Windows\System\jatqrMT.exe
  C:\Windows\System\jatqrMT.exe
  2⤵
  PID:5140
- C:\Windows\System\WFASBhC.exe
  C:\Windows\System\WFASBhC.exe
  2⤵
  PID:5472
- C:\Windows\System\RVfJWIc.exe
  C:\Windows\System\RVfJWIc.exe
  2⤵
  PID:6284
- C:\Windows\System\qWTvDgS.exe
  C:\Windows\System\qWTvDgS.exe
  2⤵
  PID:6348
- C:\Windows\System\SKnNwku.exe
  C:\Windows\System\SKnNwku.exe
  2⤵
  PID:6164
- C:\Windows\System\cjdxQMX.exe
  C:\Windows\System\cjdxQMX.exe
  2⤵
  PID:6444
- C:\Windows\System\tPmDEsC.exe
  C:\Windows\System\tPmDEsC.exe
  2⤵
  PID:6488
- C:\Windows\System\ktFXdDI.exe
  C:\Windows\System\ktFXdDI.exe
  2⤵
  PID:6532
- C:\Windows\System\fvdwoVi.exe
  C:\Windows\System\fvdwoVi.exe
  2⤵
  PID:6556
- C:\Windows\System\SHzotqL.exe
  C:\Windows\System\SHzotqL.exe
  2⤵
  PID:6440
- C:\Windows\System\VSUydnc.exe
  C:\Windows\System\VSUydnc.exe
  2⤵
  PID:6240
- C:\Windows\System\ZJAdWBl.exe
  C:\Windows\System\ZJAdWBl.exe
  2⤵
  PID:6920
- C:\Windows\System\tLQlqcQ.exe
  C:\Windows\System\tLQlqcQ.exe
  2⤵
  PID:6680
- C:\Windows\System\qHYkCTQ.exe
  C:\Windows\System\qHYkCTQ.exe
  2⤵
  PID:6708
- C:\Windows\System\dduVwRU.exe
  C:\Windows\System\dduVwRU.exe
  2⤵
  PID:6736
- C:\Windows\System\gGQzOXZ.exe
  C:\Windows\System\gGQzOXZ.exe
  2⤵
  PID:7132
- C:\Windows\System\YIfwYev.exe
  C:\Windows\System\YIfwYev.exe
  2⤵
  PID:6432
- C:\Windows\System\xnNuQYl.exe
  C:\Windows\System\xnNuQYl.exe
  2⤵
  PID:6972
- C:\Windows\System\qMKPvnh.exe
  C:\Windows\System\qMKPvnh.exe
  2⤵
  PID:7176
- C:\Windows\System\NmBcbvC.exe
  C:\Windows\System\NmBcbvC.exe
  2⤵
  PID:7200
- C:\Windows\System\QzbTgOL.exe
  C:\Windows\System\QzbTgOL.exe
  2⤵
  PID:7224
- C:\Windows\System\kAwEVyw.exe
  C:\Windows\System\kAwEVyw.exe
  2⤵
  PID:7248
- C:\Windows\System\AftXbEm.exe
  C:\Windows\System\AftXbEm.exe
  2⤵
  PID:7268
- C:\Windows\System\IPxWttl.exe
  C:\Windows\System\IPxWttl.exe
  2⤵
  PID:7292
- C:\Windows\System\tNLPJCb.exe
  C:\Windows\System\tNLPJCb.exe
  2⤵
  PID:7312
- C:\Windows\System\SbjnxoF.exe
  C:\Windows\System\SbjnxoF.exe
  2⤵
  PID:7332
- C:\Windows\System\rXjgFRL.exe
  C:\Windows\System\rXjgFRL.exe
  2⤵
  PID:7348
- C:\Windows\System\mMQfpZv.exe
  C:\Windows\System\mMQfpZv.exe
  2⤵
  PID:7372
- C:\Windows\System\DXxOKJd.exe
  C:\Windows\System\DXxOKJd.exe
  2⤵
  PID:7400
- C:\Windows\System\JAbmpni.exe
  C:\Windows\System\JAbmpni.exe
  2⤵
  PID:7420
- C:\Windows\System\tSFJBQH.exe
  C:\Windows\System\tSFJBQH.exe
  2⤵
  PID:7440
- C:\Windows\System\wzikBOP.exe
  C:\Windows\System\wzikBOP.exe
  2⤵
  PID:7460
- C:\Windows\System\WCrDTQW.exe
  C:\Windows\System\WCrDTQW.exe
  2⤵
  PID:7480
- C:\Windows\System\ltUMSXk.exe
  C:\Windows\System\ltUMSXk.exe
  2⤵
  PID:7496
- C:\Windows\System\ANMysXs.exe
  C:\Windows\System\ANMysXs.exe
  2⤵
  PID:7520
- C:\Windows\System\nLZAdFv.exe
  C:\Windows\System\nLZAdFv.exe
  2⤵
  PID:7548
- C:\Windows\System\eLZycdl.exe
  C:\Windows\System\eLZycdl.exe
  2⤵
  PID:7564
- C:\Windows\System\oBiUIQv.exe
  C:\Windows\System\oBiUIQv.exe
  2⤵
  PID:7584
- C:\Windows\System\LGQSKnC.exe
  C:\Windows\System\LGQSKnC.exe
  2⤵
  PID:7608
- C:\Windows\System\aunHvrk.exe
  C:\Windows\System\aunHvrk.exe
  2⤵
  PID:7632
- C:\Windows\System\zQFMVsR.exe
  C:\Windows\System\zQFMVsR.exe
  2⤵
  PID:7652
- C:\Windows\System\MnWucwI.exe
  C:\Windows\System\MnWucwI.exe
  2⤵
  PID:7676
- C:\Windows\System\qriaokL.exe
  C:\Windows\System\qriaokL.exe
  2⤵
  PID:7696
- C:\Windows\System\kopHtvo.exe
  C:\Windows\System\kopHtvo.exe
  2⤵
  PID:7716
- C:\Windows\System\VMESlgF.exe
  C:\Windows\System\VMESlgF.exe
  2⤵
  PID:7744
- C:\Windows\System\VYJuJFD.exe
  C:\Windows\System\VYJuJFD.exe
  2⤵
  PID:7764
- C:\Windows\System\LCFLxtd.exe
  C:\Windows\System\LCFLxtd.exe
  2⤵
  PID:7784
- C:\Windows\System\vCfRzks.exe
  C:\Windows\System\vCfRzks.exe
  2⤵
  PID:7808
- C:\Windows\System\uSsGZuS.exe
  C:\Windows\System\uSsGZuS.exe
  2⤵
  PID:7828
- C:\Windows\System\XqeoGgR.exe
  C:\Windows\System\XqeoGgR.exe
  2⤵
  PID:7856
- C:\Windows\System\VmbNiyZ.exe
  C:\Windows\System\VmbNiyZ.exe
  2⤵
  PID:7872
- C:\Windows\System\bijJxCg.exe
  C:\Windows\System\bijJxCg.exe
  2⤵
  PID:7896
- C:\Windows\System\zzWFVXY.exe
  C:\Windows\System\zzWFVXY.exe
  2⤵
  PID:7924
- C:\Windows\System\BDOaHQO.exe
  C:\Windows\System\BDOaHQO.exe
  2⤵
  PID:7948
- C:\Windows\System\HjOMsit.exe
  C:\Windows\System\HjOMsit.exe
  2⤵
  PID:7972
- C:\Windows\System\nlptXDH.exe
  C:\Windows\System\nlptXDH.exe
  2⤵
  PID:8000
- C:\Windows\System\RkfoRgL.exe
  C:\Windows\System\RkfoRgL.exe
  2⤵
  PID:8016
- C:\Windows\System\sWiFWiR.exe
  C:\Windows\System\sWiFWiR.exe
  2⤵
  PID:8040
- C:\Windows\System\LqwDOxa.exe
  C:\Windows\System\LqwDOxa.exe
  2⤵
  PID:8064
- C:\Windows\System\npKEkyL.exe
  C:\Windows\System\npKEkyL.exe
  2⤵
  PID:8084
- C:\Windows\System\ZDLHeFI.exe
  C:\Windows\System\ZDLHeFI.exe
  2⤵
  PID:8108
- C:\Windows\System\dPlUsBD.exe
  C:\Windows\System\dPlUsBD.exe
  2⤵
  PID:8128
- C:\Windows\System\HIPhvMC.exe
  C:\Windows\System\HIPhvMC.exe
  2⤵
  PID:8148
- C:\Windows\System\fZxZYhG.exe
  C:\Windows\System\fZxZYhG.exe
  2⤵
  PID:8168
- C:\Windows\System\CiLSlHr.exe
  C:\Windows\System\CiLSlHr.exe
  2⤵
  PID:6580
- C:\Windows\System\pOLVgLl.exe
  C:\Windows\System\pOLVgLl.exe
  2⤵
  PID:6620
- C:\Windows\System\HIhZcTZ.exe
  C:\Windows\System\HIhZcTZ.exe
  2⤵
  PID:6660
- C:\Windows\System\YVFjXaK.exe
  C:\Windows\System\YVFjXaK.exe
  2⤵
  PID:7024
- C:\Windows\System\TUlFawv.exe
  C:\Windows\System\TUlFawv.exe
  2⤵
  PID:6764
- C:\Windows\System\ZwUYNSm.exe
  C:\Windows\System\ZwUYNSm.exe
  2⤵
  PID:6792
- C:\Windows\System\kYKmgpS.exe
  C:\Windows\System\kYKmgpS.exe
  2⤵
  PID:6852
- C:\Windows\System\oaVetIg.exe
  C:\Windows\System\oaVetIg.exe
  2⤵
  PID:5708
- C:\Windows\System\rtucQRZ.exe
  C:\Windows\System\rtucQRZ.exe
  2⤵
  PID:6380
- C:\Windows\System\SQmJPdq.exe
  C:\Windows\System\SQmJPdq.exe
  2⤵
  PID:7304
- C:\Windows\System\yolKUnX.exe
  C:\Windows\System\yolKUnX.exe
  2⤵
  PID:7368
- C:\Windows\System\rNEYhpf.exe
  C:\Windows\System\rNEYhpf.exe
  2⤵
  PID:1572
- C:\Windows\System\ZHrFdjR.exe
  C:\Windows\System\ZHrFdjR.exe
  2⤵
  PID:6200
- C:\Windows\System\xsLvGOc.exe
  C:\Windows\System\xsLvGOc.exe
  2⤵
  PID:6904
- C:\Windows\System\hPOOygL.exe
  C:\Windows\System\hPOOygL.exe
  2⤵
  PID:7572
- C:\Windows\System\LKPTkbl.exe
  C:\Windows\System\LKPTkbl.exe
  2⤵
  PID:7616
- C:\Windows\System\XSWAmfG.exe
  C:\Windows\System\XSWAmfG.exe
  2⤵
  PID:6696
- C:\Windows\System\sNYmDaN.exe
  C:\Windows\System\sNYmDaN.exe
  2⤵
  PID:7684
- C:\Windows\System\EKabyws.exe
  C:\Windows\System\EKabyws.exe
  2⤵
  PID:6176
- C:\Windows\System\nuhqlWU.exe
  C:\Windows\System\nuhqlWU.exe
  2⤵
  PID:8200
- C:\Windows\System\irjdPEO.exe
  C:\Windows\System\irjdPEO.exe
  2⤵
  PID:8224
- C:\Windows\System\tgtGiWh.exe
  C:\Windows\System\tgtGiWh.exe
  2⤵
  PID:8244
- C:\Windows\System\fVpDqob.exe
  C:\Windows\System\fVpDqob.exe
  2⤵
  PID:8268
- C:\Windows\System\cnDAjtM.exe
  C:\Windows\System\cnDAjtM.exe
  2⤵
  PID:8292
- C:\Windows\System\DlbRFfj.exe
  C:\Windows\System\DlbRFfj.exe
  2⤵
  PID:8308
- C:\Windows\System\UDHVpiV.exe
  C:\Windows\System\UDHVpiV.exe
  2⤵
  PID:8332
- C:\Windows\System\xmFUKQB.exe
  C:\Windows\System\xmFUKQB.exe
  2⤵
  PID:8360
- C:\Windows\System\vCLmLSE.exe
  C:\Windows\System\vCLmLSE.exe
  2⤵
  PID:8376
- C:\Windows\System\bYVcRLL.exe
  C:\Windows\System\bYVcRLL.exe
  2⤵
  PID:8400
- C:\Windows\System\CrToJfj.exe
  C:\Windows\System\CrToJfj.exe
  2⤵
  PID:8424
- C:\Windows\System\dWvRMBJ.exe
  C:\Windows\System\dWvRMBJ.exe
  2⤵
  PID:8448
- C:\Windows\System\AlLkVEN.exe
  C:\Windows\System\AlLkVEN.exe
  2⤵
  PID:8468
- C:\Windows\System\bWxpgJw.exe
  C:\Windows\System\bWxpgJw.exe
  2⤵
  PID:8496
- C:\Windows\System\SmvAbfA.exe
  C:\Windows\System\SmvAbfA.exe
  2⤵
  PID:8520
- C:\Windows\System\kBrHRYX.exe
  C:\Windows\System\kBrHRYX.exe
  2⤵
  PID:8540
- C:\Windows\System\cjGzmuq.exe
  C:\Windows\System\cjGzmuq.exe
  2⤵
  PID:8564
- C:\Windows\System\WIBtCFA.exe
  C:\Windows\System\WIBtCFA.exe
  2⤵
  PID:8584
- C:\Windows\System\THtFgop.exe
  C:\Windows\System\THtFgop.exe
  2⤵
  PID:8608
- C:\Windows\System\IDbhoqa.exe
  C:\Windows\System\IDbhoqa.exe
  2⤵
  PID:8632
- C:\Windows\System\wwcHTLi.exe
  C:\Windows\System\wwcHTLi.exe
  2⤵
  PID:8652
- C:\Windows\System\HxUHPHI.exe
  C:\Windows\System\HxUHPHI.exe
  2⤵
  PID:8676
- C:\Windows\System\PSbihau.exe
  C:\Windows\System\PSbihau.exe
  2⤵
  PID:8700
- C:\Windows\System\vURuhwJ.exe
  C:\Windows\System\vURuhwJ.exe
  2⤵
  PID:8724
- C:\Windows\System\kbRPHrP.exe
  C:\Windows\System\kbRPHrP.exe
  2⤵
  PID:8752
- C:\Windows\System\zwrWmsD.exe
  C:\Windows\System\zwrWmsD.exe
  2⤵
  PID:8772
- C:\Windows\System\soapXdr.exe
  C:\Windows\System\soapXdr.exe
  2⤵
  PID:8792
- C:\Windows\System\uirrTnP.exe
  C:\Windows\System\uirrTnP.exe
  2⤵
  PID:8812
- C:\Windows\System\DCxMDfD.exe
  C:\Windows\System\DCxMDfD.exe
  2⤵
  PID:8836
- C:\Windows\System\opoMfCW.exe
  C:\Windows\System\opoMfCW.exe
  2⤵
  PID:8856
- C:\Windows\System\bAGVIbl.exe
  C:\Windows\System\bAGVIbl.exe
  2⤵
  PID:8880
- C:\Windows\System\VmgiPpC.exe
  C:\Windows\System\VmgiPpC.exe
  2⤵
  PID:8904
- C:\Windows\System\pdqqbrJ.exe
  C:\Windows\System\pdqqbrJ.exe
  2⤵
  PID:8924
- C:\Windows\System\QFRXknC.exe
  C:\Windows\System\QFRXknC.exe
  2⤵
  PID:8948
- C:\Windows\System\IEDOkWS.exe
  C:\Windows\System\IEDOkWS.exe
  2⤵
  PID:8972
- C:\Windows\System\opuwWTL.exe
  C:\Windows\System\opuwWTL.exe
  2⤵
  PID:8988
- C:\Windows\System\lyDRwRc.exe
  C:\Windows\System\lyDRwRc.exe
  2⤵
  PID:9012
- C:\Windows\System\EYnJrVz.exe
  C:\Windows\System\EYnJrVz.exe
  2⤵
  PID:9036
- C:\Windows\System\aIfJbjM.exe
  C:\Windows\System\aIfJbjM.exe
  2⤵
  PID:9056
- C:\Windows\System\hUujUcA.exe
  C:\Windows\System\hUujUcA.exe
  2⤵
  PID:9080
- C:\Windows\System\hYtDxdK.exe
  C:\Windows\System\hYtDxdK.exe
  2⤵
  PID:9112
- C:\Windows\System\vQvYYAr.exe
  C:\Windows\System\vQvYYAr.exe
  2⤵
  PID:9132
- C:\Windows\System\StXJNuj.exe
  C:\Windows\System\StXJNuj.exe
  2⤵
  PID:9156
- C:\Windows\System\evWYnHj.exe
  C:\Windows\System\evWYnHj.exe
  2⤵
  PID:9180
- C:\Windows\System\sudthLY.exe
  C:\Windows\System\sudthLY.exe
  2⤵
  PID:9204
- C:\Windows\System\OzyBJKb.exe
  C:\Windows\System\OzyBJKb.exe
  2⤵
  PID:7772
- C:\Windows\System\sblWQnl.exe
  C:\Windows\System\sblWQnl.exe
  2⤵
  PID:6572
- C:\Windows\System\poqpVma.exe
  C:\Windows\System\poqpVma.exe
  2⤵
  PID:7212
- C:\Windows\System\UDDAwGv.exe
  C:\Windows\System\UDDAwGv.exe
  2⤵
  PID:7908
- C:\Windows\System\aHYbIXt.exe
  C:\Windows\System\aHYbIXt.exe
  2⤵
  PID:7936
- C:\Windows\System\qzxSMgO.exe
  C:\Windows\System\qzxSMgO.exe
  2⤵
  PID:7284
- C:\Windows\System\jxphIkm.exe
  C:\Windows\System\jxphIkm.exe
  2⤵
  PID:5684
- C:\Windows\System\wYLUxGJ.exe
  C:\Windows\System\wYLUxGJ.exe
  2⤵
  PID:8092
- C:\Windows\System\PZcmnws.exe
  C:\Windows\System\PZcmnws.exe
  2⤵
  PID:8164
- C:\Windows\System\EhBcJXH.exe
  C:\Windows\System\EhBcJXH.exe
  2⤵
  PID:6608
- C:\Windows\System\XYzRGDy.exe
  C:\Windows\System\XYzRGDy.exe
  2⤵
  PID:6204
- C:\Windows\System\NYsUenS.exe
  C:\Windows\System\NYsUenS.exe
  2⤵
  PID:7540
- C:\Windows\System\sbRiclo.exe
  C:\Windows\System\sbRiclo.exe
  2⤵
  PID:6804
- C:\Windows\System\PjHaUlz.exe
  C:\Windows\System\PjHaUlz.exe
  2⤵
  PID:3016
- C:\Windows\System\HSVFoWt.exe
  C:\Windows\System\HSVFoWt.exe
  2⤵
  PID:7556
- C:\Windows\System\XKDxqis.exe
  C:\Windows\System\XKDxqis.exe
  2⤵
  PID:7664
- C:\Windows\System\PfSfLdr.exe
  C:\Windows\System\PfSfLdr.exe
  2⤵
  PID:8196
- C:\Windows\System\yTLsfKi.exe
  C:\Windows\System\yTLsfKi.exe
  2⤵
  PID:7892
- C:\Windows\System\vOEOnhz.exe
  C:\Windows\System\vOEOnhz.exe
  2⤵
  PID:7256
- C:\Windows\System\snlGbqE.exe
  C:\Windows\System\snlGbqE.exe
  2⤵
  PID:8392
- C:\Windows\System\OErJavr.exe
  C:\Windows\System\OErJavr.exe
  2⤵
  PID:7380
- C:\Windows\System\SvvYyOb.exe
  C:\Windows\System\SvvYyOb.exe
  2⤵
  PID:7432
- C:\Windows\System\pbdjzPR.exe
  C:\Windows\System\pbdjzPR.exe
  2⤵
  PID:8052
- C:\Windows\System\gpmuLMq.exe
  C:\Windows\System\gpmuLMq.exe
  2⤵
  PID:8076
- C:\Windows\System\PMunnnj.exe
  C:\Windows\System\PMunnnj.exe
  2⤵
  PID:8532
- C:\Windows\System\lYiIuOO.exe
  C:\Windows\System\lYiIuOO.exe
  2⤵
  PID:8592
- C:\Windows\System\kbKchXG.exe
  C:\Windows\System\kbKchXG.exe
  2⤵
  PID:5192
- C:\Windows\System\SVKZROr.exe
  C:\Windows\System\SVKZROr.exe
  2⤵
  PID:6752
- C:\Windows\System\VhAylIP.exe
  C:\Windows\System\VhAylIP.exe
  2⤵
  PID:8780
- C:\Windows\System\ERDBzoE.exe
  C:\Windows\System\ERDBzoE.exe
  2⤵
  PID:9232
- C:\Windows\System\cCgGHHF.exe
  C:\Windows\System\cCgGHHF.exe
  2⤵
  PID:9252
- C:\Windows\System\WkucUCv.exe
  C:\Windows\System\WkucUCv.exe
  2⤵
  PID:9280
- C:\Windows\System\BclKUjm.exe
  C:\Windows\System\BclKUjm.exe
  2⤵
  PID:9300
- C:\Windows\System\SLdqdoE.exe
  C:\Windows\System\SLdqdoE.exe
  2⤵
  PID:9320
- C:\Windows\System\ZDxwASO.exe
  C:\Windows\System\ZDxwASO.exe
  2⤵
  PID:9348
- C:\Windows\System\YMuHjpC.exe
  C:\Windows\System\YMuHjpC.exe
  2⤵
  PID:9368
- C:\Windows\System\khpFoTR.exe
  C:\Windows\System\khpFoTR.exe
  2⤵
  PID:9392
- C:\Windows\System\vkLUSMW.exe
  C:\Windows\System\vkLUSMW.exe
  2⤵
  PID:9416
- C:\Windows\System\cIGJbOf.exe
  C:\Windows\System\cIGJbOf.exe
  2⤵
  PID:9440
- C:\Windows\System\XjurSKQ.exe
  C:\Windows\System\XjurSKQ.exe
  2⤵
  PID:9456
- C:\Windows\System\XhJhPvH.exe
  C:\Windows\System\XhJhPvH.exe
  2⤵
  PID:9484
- C:\Windows\System\sVYTwDe.exe
  C:\Windows\System\sVYTwDe.exe
  2⤵
  PID:9508
- C:\Windows\System\MsKYbEQ.exe
  C:\Windows\System\MsKYbEQ.exe
  2⤵
  PID:9536
- C:\Windows\System\fbpEOXr.exe
  C:\Windows\System\fbpEOXr.exe
  2⤵
  PID:9556
- C:\Windows\System\TMRIMKL.exe
  C:\Windows\System\TMRIMKL.exe
  2⤵
  PID:9580
- C:\Windows\System\HyBjzwy.exe
  C:\Windows\System\HyBjzwy.exe
  2⤵
  PID:9600
- C:\Windows\System\LXQwJoT.exe
  C:\Windows\System\LXQwJoT.exe
  2⤵
  PID:9616
- C:\Windows\System\YYceVbq.exe
  C:\Windows\System\YYceVbq.exe
  2⤵
  PID:9644
- C:\Windows\System\yfdlfJy.exe
  C:\Windows\System\yfdlfJy.exe
  2⤵
  PID:9664
- C:\Windows\System\LCxoqoD.exe
  C:\Windows\System\LCxoqoD.exe
  2⤵
  PID:9684
- C:\Windows\System\qTGnYoH.exe
  C:\Windows\System\qTGnYoH.exe
  2⤵
  PID:9712
- C:\Windows\System\xDXZiXP.exe
  C:\Windows\System\xDXZiXP.exe
  2⤵
  PID:9736
- C:\Windows\System\fEDtjut.exe
  C:\Windows\System\fEDtjut.exe
  2⤵
  PID:9764
- C:\Windows\System\couuXgh.exe
  C:\Windows\System\couuXgh.exe
  2⤵
  PID:9788
- C:\Windows\System\nHqdRfi.exe
  C:\Windows\System\nHqdRfi.exe
  2⤵
  PID:9804
- C:\Windows\System\gJzYDfs.exe
  C:\Windows\System\gJzYDfs.exe
  2⤵
  PID:9824
- C:\Windows\System\TZQCCyL.exe
  C:\Windows\System\TZQCCyL.exe
  2⤵
  PID:9848
- C:\Windows\System\urHyoWs.exe
  C:\Windows\System\urHyoWs.exe
  2⤵
  PID:9872
- C:\Windows\System\sQJjIvh.exe
  C:\Windows\System\sQJjIvh.exe
  2⤵
  PID:9900
- C:\Windows\System\NKXcOxF.exe
  C:\Windows\System\NKXcOxF.exe
  2⤵
  PID:9920
- C:\Windows\System\mheHayE.exe
  C:\Windows\System\mheHayE.exe
  2⤵
  PID:9944
- C:\Windows\System\xqTKsyA.exe
  C:\Windows\System\xqTKsyA.exe
  2⤵
  PID:9964
- C:\Windows\System\UNBjuUh.exe
  C:\Windows\System\UNBjuUh.exe
  2⤵
  PID:9984
- C:\Windows\System\eQCMKqC.exe
  C:\Windows\System\eQCMKqC.exe
  2⤵
  PID:10008
- C:\Windows\System\KimEgOf.exe
  C:\Windows\System\KimEgOf.exe
  2⤵
  PID:10036
- C:\Windows\System\YobwUyK.exe
  C:\Windows\System\YobwUyK.exe
  2⤵
  PID:10056
- C:\Windows\System\cDMPwiT.exe
  C:\Windows\System\cDMPwiT.exe
  2⤵
  PID:10084
- C:\Windows\System\LyBjaIW.exe
  C:\Windows\System\LyBjaIW.exe
  2⤵
  PID:10112
- C:\Windows\System\MumyWsR.exe
  C:\Windows\System\MumyWsR.exe
  2⤵
  PID:10132
- C:\Windows\System\QgHPqap.exe
  C:\Windows\System\QgHPqap.exe
  2⤵
  PID:10156
- C:\Windows\System\cromtyF.exe
  C:\Windows\System\cromtyF.exe
  2⤵
  PID:10180
- C:\Windows\System\VdWFDAZ.exe
  C:\Windows\System\VdWFDAZ.exe
  2⤵
  PID:10208
- C:\Windows\System\jYbooMD.exe
  C:\Windows\System\jYbooMD.exe
  2⤵
  PID:10232
- C:\Windows\System\NCMrXOi.exe
  C:\Windows\System\NCMrXOi.exe
  2⤵
  PID:7776
- C:\Windows\System\ZbGTezQ.exe
  C:\Windows\System\ZbGTezQ.exe
  2⤵
  PID:7792
- C:\Windows\System\xrrSnfv.exe
  C:\Windows\System\xrrSnfv.exe
  2⤵
  PID:8264
- C:\Windows\System\aLDwBYY.exe
  C:\Windows\System\aLDwBYY.exe
  2⤵
  PID:7916
- C:\Windows\System\XsZTmBW.exe
  C:\Windows\System\XsZTmBW.exe
  2⤵
  PID:9072
- C:\Windows\System\bkwxPGb.exe
  C:\Windows\System\bkwxPGb.exe
  2⤵
  PID:9140
- C:\Windows\System\EfxvCKL.exe
  C:\Windows\System\EfxvCKL.exe
  2⤵
  PID:9176
- C:\Windows\System\AScRSvl.exe
  C:\Windows\System\AScRSvl.exe
  2⤵
  PID:8024
- C:\Windows\System\KqODQEF.exe
  C:\Windows\System\KqODQEF.exe
  2⤵
  PID:7956
- C:\Windows\System\KEjpnSx.exe
  C:\Windows\System\KEjpnSx.exe
  2⤵
  PID:8184
- C:\Windows\System\srpjCJq.exe
  C:\Windows\System\srpjCJq.exe
  2⤵
  PID:4356
- C:\Windows\System\QdXWloB.exe
  C:\Windows\System\QdXWloB.exe
  2⤵
  PID:6396
- C:\Windows\System\xAeRwDg.exe
  C:\Windows\System\xAeRwDg.exe
  2⤵
  PID:6420
- C:\Windows\System\ShdBccB.exe
  C:\Windows\System\ShdBccB.exe
  2⤵
  PID:8352
- C:\Windows\System\ZWXjtsM.exe
  C:\Windows\System\ZWXjtsM.exe
  2⤵
  PID:8684
- C:\Windows\System\uNaHowX.exe
  C:\Windows\System\uNaHowX.exe
  2⤵
  PID:6880
- C:\Windows\System\YVkYcMF.exe
  C:\Windows\System\YVkYcMF.exe
  2⤵
  PID:8768
- C:\Windows\System\vOIrbGQ.exe
  C:\Windows\System\vOIrbGQ.exe
  2⤵
  PID:8576
- C:\Windows\System\YHwipnY.exe
  C:\Windows\System\YHwipnY.exe
  2⤵
  PID:8808
- C:\Windows\System\KeXFKnp.exe
  C:\Windows\System\KeXFKnp.exe
  2⤵
  PID:10252
- C:\Windows\System\PIqFMUk.exe
  C:\Windows\System\PIqFMUk.exe
  2⤵
  PID:10272
- C:\Windows\System\lDdQPPK.exe
  C:\Windows\System\lDdQPPK.exe
  2⤵
  PID:10296
- C:\Windows\System\ciqqONh.exe
  C:\Windows\System\ciqqONh.exe
  2⤵
  PID:10316
- C:\Windows\System\kseSOZD.exe
  C:\Windows\System\kseSOZD.exe
  2⤵
  PID:10340
- C:\Windows\System\cUzMQQn.exe
  C:\Windows\System\cUzMQQn.exe
  2⤵
  PID:10364
- C:\Windows\System\rPPArzZ.exe
  C:\Windows\System\rPPArzZ.exe
  2⤵
  PID:10384
- C:\Windows\System\GdxYZCU.exe
  C:\Windows\System\GdxYZCU.exe
  2⤵
  PID:10408
- C:\Windows\System\lWVGTbc.exe
  C:\Windows\System\lWVGTbc.exe
  2⤵
  PID:10432
- C:\Windows\System\LmBzncH.exe
  C:\Windows\System\LmBzncH.exe
  2⤵
  PID:10452
- C:\Windows\System\upBePYX.exe
  C:\Windows\System\upBePYX.exe
  2⤵
  PID:10476
- C:\Windows\System\edemjmW.exe
  C:\Windows\System\edemjmW.exe
  2⤵
  PID:10496
- C:\Windows\System\YKbCCnB.exe
  C:\Windows\System\YKbCCnB.exe
  2⤵
  PID:10520
- C:\Windows\System\hgIJnNz.exe
  C:\Windows\System\hgIJnNz.exe
  2⤵
  PID:10540
- C:\Windows\System\PpMKdwO.exe
  C:\Windows\System\PpMKdwO.exe
  2⤵
  PID:10564
- C:\Windows\System\kGgmxcV.exe
  C:\Windows\System\kGgmxcV.exe
  2⤵
  PID:10592
- C:\Windows\System\lEHqPGg.exe
  C:\Windows\System\lEHqPGg.exe
  2⤵
  PID:10880
- C:\Windows\System\HGqTBQJ.exe
  C:\Windows\System\HGqTBQJ.exe
  2⤵
  PID:10928
- C:\Windows\System\DHFvMrJ.exe
  C:\Windows\System\DHFvMrJ.exe
  2⤵
  PID:10952
- C:\Windows\System\xdgEHCV.exe
  C:\Windows\System\xdgEHCV.exe
  2⤵
  PID:10972
- C:\Windows\System\hzoIqhF.exe
  C:\Windows\System\hzoIqhF.exe
  2⤵
  PID:10992
- C:\Windows\System\sxQvJTz.exe
  C:\Windows\System\sxQvJTz.exe
  2⤵
  PID:11008
- C:\Windows\System\oeffvET.exe
  C:\Windows\System\oeffvET.exe
  2⤵
  PID:11032
- C:\Windows\System\IeVMJck.exe
  C:\Windows\System\IeVMJck.exe
  2⤵
  PID:11052
- C:\Windows\System\dvhInuv.exe
  C:\Windows\System\dvhInuv.exe
  2⤵
  PID:11072
- C:\Windows\System\JuSMhOn.exe
  C:\Windows\System\JuSMhOn.exe
  2⤵
  PID:11096
- C:\Windows\System\hxBTpZX.exe
  C:\Windows\System\hxBTpZX.exe
  2⤵
  PID:11124
- C:\Windows\System\zqBLhNg.exe
  C:\Windows\System\zqBLhNg.exe
  2⤵
  PID:11148
- C:\Windows\System\UxXudXi.exe
  C:\Windows\System\UxXudXi.exe
  2⤵
  PID:11168
- C:\Windows\System\BasVenW.exe
  C:\Windows\System\BasVenW.exe
  2⤵
  PID:11192
- C:\Windows\System\INeRneq.exe
  C:\Windows\System\INeRneq.exe
  2⤵
  PID:11216
- C:\Windows\System\wUptXkL.exe
  C:\Windows\System\wUptXkL.exe
  2⤵
  PID:11236
- C:\Windows\System\VLNHlCX.exe
  C:\Windows\System\VLNHlCX.exe
  2⤵
  PID:8820
- C:\Windows\System\QAYOfCP.exe
  C:\Windows\System\QAYOfCP.exe
  2⤵
  PID:8892
- C:\Windows\System\hIYMrYC.exe
  C:\Windows\System\hIYMrYC.exe
  2⤵
  PID:8220
- C:\Windows\System\ctpyRok.exe
  C:\Windows\System\ctpyRok.exe
  2⤵
  PID:8932
- C:\Windows\System\fvdVCum.exe
  C:\Windows\System\fvdVCum.exe
  2⤵
  PID:8984
- C:\Windows\System\IWUvNnK.exe
  C:\Windows\System\IWUvNnK.exe
  2⤵
  PID:9032
- C:\Windows\System\wcXtRxD.exe
  C:\Windows\System\wcXtRxD.exe
  2⤵
  PID:9552
- C:\Windows\System\dkCTAgH.exe
  C:\Windows\System\dkCTAgH.exe
  2⤵
  PID:9596
- C:\Windows\System\INjtBbW.exe
  C:\Windows\System\INjtBbW.exe
  2⤵
  PID:7184
- C:\Windows\System\foHkKNP.exe
  C:\Windows\System\foHkKNP.exe
  2⤵
  PID:9856
- C:\Windows\System\EAKPPxl.exe
  C:\Windows\System\EAKPPxl.exe
  2⤵
  PID:6464
- C:\Windows\System\uMzVXuN.exe
  C:\Windows\System\uMzVXuN.exe
  2⤵
  PID:8888
- C:\Windows\System\xYAgoYl.exe
  C:\Windows\System\xYAgoYl.exe
  2⤵
  PID:5264
- C:\Windows\System\wPScGge.exe
  C:\Windows\System\wPScGge.exe
  2⤵
  PID:8624
- C:\Windows\System\cDrQNvq.exe
  C:\Windows\System\cDrQNvq.exe
  2⤵
  PID:9548
- C:\Windows\System\IrOANpi.exe
  C:\Windows\System\IrOANpi.exe
  2⤵
  PID:9772
- C:\Windows\System\iMNjSVi.exe
  C:\Windows\System\iMNjSVi.exe
  2⤵
  PID:9888
- C:\Windows\System\vHdAWkJ.exe
  C:\Windows\System\vHdAWkJ.exe
  2⤵
  PID:10100
- C:\Windows\System\vDOqqIg.exe
  C:\Windows\System\vDOqqIg.exe
  2⤵
  PID:8236
- C:\Windows\System\iqdIEJp.exe
  C:\Windows\System\iqdIEJp.exe
  2⤵
  PID:8940
- C:\Windows\System\JDczdJa.exe
  C:\Windows\System\JDczdJa.exe
  2⤵
  PID:8620
- C:\Windows\System\lEBTNNm.exe
  C:\Windows\System\lEBTNNm.exe
  2⤵
  PID:7476
- C:\Windows\System\iVoyBIE.exe
  C:\Windows\System\iVoyBIE.exe
  2⤵
  PID:8736
- C:\Windows\System\mAYpSlV.exe
  C:\Windows\System\mAYpSlV.exe
  2⤵
  PID:9224
- C:\Windows\System\ZWnguAF.exe
  C:\Windows\System\ZWnguAF.exe
  2⤵
  PID:10280
- C:\Windows\System\cyrapTE.exe
  C:\Windows\System\cyrapTE.exe
  2⤵
  PID:10312
- C:\Windows\System\WsoUmDv.exe
  C:\Windows\System\WsoUmDv.exe
  2⤵
  PID:9276
- C:\Windows\System\bAJvGoW.exe
  C:\Windows\System\bAJvGoW.exe
  2⤵
  PID:9316
- C:\Windows\System\nIXHAZu.exe
  C:\Windows\System\nIXHAZu.exe
  2⤵
  PID:10572
- C:\Windows\System\vuKdvUW.exe
  C:\Windows\System\vuKdvUW.exe
  2⤵
  PID:9500
- C:\Windows\System\nDPRLJt.exe
  C:\Windows\System\nDPRLJt.exe
  2⤵
  PID:9624
- C:\Windows\System\YuKkhbe.exe
  C:\Windows\System\YuKkhbe.exe
  2⤵
  PID:7756
- C:\Windows\System\KbCdfwx.exe
  C:\Windows\System\KbCdfwx.exe
  2⤵
  PID:7864
- C:\Windows\System\OGmgMNP.exe
  C:\Windows\System\OGmgMNP.exe
  2⤵
  PID:7300
- C:\Windows\System\RQhPMyt.exe
  C:\Windows\System\RQhPMyt.exe
  2⤵
  PID:11288
- C:\Windows\System\ueYgGcW.exe
  C:\Windows\System\ueYgGcW.exe
  2⤵
  PID:11308
- C:\Windows\System\nTlhrqc.exe
  C:\Windows\System\nTlhrqc.exe
  2⤵
  PID:11332
- C:\Windows\System\kZorzab.exe
  C:\Windows\System\kZorzab.exe
  2⤵
  PID:11348
- C:\Windows\System\ZlUoYYn.exe
  C:\Windows\System\ZlUoYYn.exe
  2⤵
  PID:11372
- C:\Windows\System\HVoqwtA.exe
  C:\Windows\System\HVoqwtA.exe
  2⤵
  PID:11400
- C:\Windows\System\FXEwGtk.exe
  C:\Windows\System\FXEwGtk.exe
  2⤵
  PID:11424
- C:\Windows\System\QqONbRX.exe
  C:\Windows\System\QqONbRX.exe
  2⤵
  PID:11440
- C:\Windows\System\YXnkXtk.exe
  C:\Windows\System\YXnkXtk.exe
  2⤵
  PID:11464
- C:\Windows\System\apUsjGg.exe
  C:\Windows\System\apUsjGg.exe
  2⤵
  PID:11484
- C:\Windows\System\SWrXnbk.exe
  C:\Windows\System\SWrXnbk.exe
  2⤵
  PID:11508
- C:\Windows\System\DbUAKqa.exe
  C:\Windows\System\DbUAKqa.exe
  2⤵
  PID:11532
- C:\Windows\System\ypQzFIA.exe
  C:\Windows\System\ypQzFIA.exe
  2⤵
  PID:11556
- C:\Windows\System\AmnVxXV.exe
  C:\Windows\System\AmnVxXV.exe
  2⤵
  PID:11584
- C:\Windows\System\jtNGOxD.exe
  C:\Windows\System\jtNGOxD.exe
  2⤵
  PID:11616
- C:\Windows\System\jMtQjTD.exe
  C:\Windows\System\jMtQjTD.exe
  2⤵
  PID:11640
- C:\Windows\System\aUJuYsM.exe
  C:\Windows\System\aUJuYsM.exe
  2⤵
  PID:11668
- C:\Windows\System\uLvkbSr.exe
  C:\Windows\System\uLvkbSr.exe
  2⤵
  PID:11688
- C:\Windows\System\tdEbrpM.exe
  C:\Windows\System\tdEbrpM.exe
  2⤵
  PID:11712
- C:\Windows\System\VvWkAgB.exe
  C:\Windows\System\VvWkAgB.exe
  2⤵
  PID:11740
- C:\Windows\System\KEMGdHv.exe
  C:\Windows\System\KEMGdHv.exe
  2⤵
  PID:11768
- C:\Windows\System\GFqxFEy.exe
  C:\Windows\System\GFqxFEy.exe
  2⤵
  PID:11788
- C:\Windows\System\RuSZoRh.exe
  C:\Windows\System\RuSZoRh.exe
  2⤵
  PID:11812
- C:\Windows\System\SaAeZVu.exe
  C:\Windows\System\SaAeZVu.exe
  2⤵
  PID:11852
- C:\Windows\System\KgcvNZx.exe
  C:\Windows\System\KgcvNZx.exe
  2⤵
  PID:11884
- C:\Windows\System\kCQwZvb.exe
  C:\Windows\System\kCQwZvb.exe
  2⤵
  PID:11920
- C:\Windows\System\EDzlSsF.exe
  C:\Windows\System\EDzlSsF.exe
  2⤵
  PID:11944
- C:\Windows\System\qRkIdHF.exe
  C:\Windows\System\qRkIdHF.exe
  2⤵
  PID:11972
- C:\Windows\System\AKEDhtX.exe
  C:\Windows\System\AKEDhtX.exe
  2⤵
  PID:11992
- C:\Windows\System\inPXFhG.exe
  C:\Windows\System\inPXFhG.exe
  2⤵
  PID:12020
- C:\Windows\System\yIbAQQb.exe
  C:\Windows\System\yIbAQQb.exe
  2⤵
  PID:12044
- C:\Windows\System\LxHpILH.exe
  C:\Windows\System\LxHpILH.exe
  2⤵
  PID:12060
- C:\Windows\System\oSmWURv.exe
  C:\Windows\System\oSmWURv.exe
  2⤵
  PID:12084
- C:\Windows\System\jkKbWvx.exe
  C:\Windows\System\jkKbWvx.exe
  2⤵
  PID:12108
- C:\Windows\System\hTluiyZ.exe
  C:\Windows\System\hTluiyZ.exe
  2⤵
  PID:12128
- C:\Windows\System\OLGWzaP.exe
  C:\Windows\System\OLGWzaP.exe
  2⤵
  PID:12148
- C:\Windows\System\xbVtSdH.exe
  C:\Windows\System\xbVtSdH.exe
  2⤵
  PID:12164
- C:\Windows\System\BfXwYWC.exe
  C:\Windows\System\BfXwYWC.exe
  2⤵
  PID:12184
- C:\Windows\System\QQEaZAm.exe
  C:\Windows\System\QQEaZAm.exe
  2⤵
  PID:12200
- C:\Windows\System\KlYvdzJ.exe
  C:\Windows\System\KlYvdzJ.exe
  2⤵
  PID:12216
- C:\Windows\System\iGwOZnL.exe
  C:\Windows\System\iGwOZnL.exe
  2⤵
  PID:12232
- C:\Windows\System\RZaRqoQ.exe
  C:\Windows\System\RZaRqoQ.exe
  2⤵
  PID:12252
- C:\Windows\System\DrrAHxr.exe
  C:\Windows\System\DrrAHxr.exe
  2⤵
  PID:12268
- C:\Windows\System\ekMKeII.exe
  C:\Windows\System\ekMKeII.exe
  2⤵
  PID:12284
- C:\Windows\System\ruqtekQ.exe
  C:\Windows\System\ruqtekQ.exe
  2⤵
  PID:8144
- C:\Windows\System\xCdQXRa.exe
  C:\Windows\System\xCdQXRa.exe
  2⤵
  PID:7000
- C:\Windows\System\dQjTXJm.exe
  C:\Windows\System\dQjTXJm.exe
  2⤵
  PID:7688
- C:\Windows\System\QxKrwgn.exe
  C:\Windows\System\QxKrwgn.exe
  2⤵
  PID:10188
- C:\Windows\System\AOkIKgq.exe
  C:\Windows\System\AOkIKgq.exe
  2⤵
  PID:10200
- C:\Windows\System\oYuodVn.exe
  C:\Windows\System\oYuodVn.exe
  2⤵
  PID:7456
- C:\Windows\System\LGtnGey.exe
  C:\Windows\System\LGtnGey.exe
  2⤵
  PID:10148
- C:\Windows\System\vujRmvA.exe
  C:\Windows\System\vujRmvA.exe
  2⤵
  PID:8712
- C:\Windows\System\XrvmqBZ.exe
  C:\Windows\System\XrvmqBZ.exe
  2⤵
  PID:11104
- C:\Windows\System\bNGQKAy.exe
  C:\Windows\System\bNGQKAy.exe
  2⤵
  PID:10292
- C:\Windows\System\pfefPZv.exe
  C:\Windows\System\pfefPZv.exe
  2⤵
  PID:10372
- C:\Windows\System\bjOlNfE.exe
  C:\Windows\System\bjOlNfE.exe
  2⤵
  PID:10404
- C:\Windows\System\riTAdou.exe
  C:\Windows\System\riTAdou.exe
  2⤵
  PID:10444
- C:\Windows\System\JAOyugr.exe
  C:\Windows\System\JAOyugr.exe
  2⤵
  PID:12308
- C:\Windows\System\wRbFvfp.exe
  C:\Windows\System\wRbFvfp.exe
  2⤵
  PID:12328
- C:\Windows\System\DQcvKDM.exe
  C:\Windows\System\DQcvKDM.exe
  2⤵
  PID:12344
- C:\Windows\System\zCQiONZ.exe
  C:\Windows\System\zCQiONZ.exe
  2⤵
  PID:12364
- C:\Windows\System\PcEfRVC.exe
  C:\Windows\System\PcEfRVC.exe
  2⤵
  PID:12380
- C:\Windows\System\cBIjRve.exe
  C:\Windows\System\cBIjRve.exe
  2⤵
  PID:12404
- C:\Windows\System\qmwLeaT.exe
  C:\Windows\System\qmwLeaT.exe
  2⤵
  PID:12424
- C:\Windows\System\EQFcNyR.exe
  C:\Windows\System\EQFcNyR.exe
  2⤵
  PID:12448
- C:\Windows\System\NwPtVXT.exe
  C:\Windows\System\NwPtVXT.exe
  2⤵
  PID:12492
- C:\Windows\System\bXGEqIg.exe
  C:\Windows\System\bXGEqIg.exe
  2⤵
  PID:12520
- C:\Windows\System\YHBELSp.exe
  C:\Windows\System\YHBELSp.exe
  2⤵
  PID:12548
- C:\Windows\System\cNeenGY.exe
  C:\Windows\System\cNeenGY.exe
  2⤵
  PID:12572
- C:\Windows\System\rWLOvHZ.exe
  C:\Windows\System\rWLOvHZ.exe
  2⤵
  PID:12596
- C:\Windows\System\soPYiJS.exe
  C:\Windows\System\soPYiJS.exe
  2⤵
  PID:12624
- C:\Windows\System\icMWxVv.exe
  C:\Windows\System\icMWxVv.exe
  2⤵
  PID:12644
- C:\Windows\System\jABsXHu.exe
  C:\Windows\System\jABsXHu.exe
  2⤵
  PID:12672
- C:\Windows\System\WzwBBSh.exe
  C:\Windows\System\WzwBBSh.exe
  2⤵
  PID:12692
- C:\Windows\System\Yfluwgl.exe
  C:\Windows\System\Yfluwgl.exe
  2⤵
  PID:12716
- C:\Windows\System\ZyUtONb.exe
  C:\Windows\System\ZyUtONb.exe
  2⤵
  PID:12736
- C:\Windows\System\RyZfAFF.exe
  C:\Windows\System\RyZfAFF.exe
  2⤵
  PID:12764
- C:\Windows\System\jZhpiwi.exe
  C:\Windows\System\jZhpiwi.exe
  2⤵
  PID:12784
- C:\Windows\System\DFezymP.exe
  C:\Windows\System\DFezymP.exe
  2⤵
  PID:12808
- C:\Windows\System\MFlzDnG.exe
  C:\Windows\System\MFlzDnG.exe
  2⤵
  PID:12828
- C:\Windows\System\rxdXRXV.exe
  C:\Windows\System\rxdXRXV.exe
  2⤵
  PID:12856
- C:\Windows\System\JwPgJiF.exe
  C:\Windows\System\JwPgJiF.exe
  2⤵
  PID:12880
- C:\Windows\System\ZpDZbVu.exe
  C:\Windows\System\ZpDZbVu.exe
  2⤵
  PID:12904
- C:\Windows\System\kaIeIkI.exe
  C:\Windows\System\kaIeIkI.exe
  2⤵
  PID:12924
- C:\Windows\System\BQMMFTH.exe
  C:\Windows\System\BQMMFTH.exe
  2⤵
  PID:12948
- C:\Windows\System\yEeGFaZ.exe
  C:\Windows\System\yEeGFaZ.exe
  2⤵
  PID:12972
- C:\Windows\System\ZFnTpKW.exe
  C:\Windows\System\ZFnTpKW.exe
  2⤵
  PID:13000
- C:\Windows\System\UEwLkfj.exe
  C:\Windows\System\UEwLkfj.exe
  2⤵
  PID:13020
- C:\Windows\System\tbjvCXJ.exe
  C:\Windows\System\tbjvCXJ.exe
  2⤵
  PID:13040
- C:\Windows\System\YDBhEtO.exe
  C:\Windows\System\YDBhEtO.exe
  2⤵
  PID:13068
- C:\Windows\System\iXFsSxQ.exe
  C:\Windows\System\iXFsSxQ.exe
  2⤵
  PID:13092
- C:\Windows\System\CNXBcEC.exe
  C:\Windows\System\CNXBcEC.exe
  2⤵
  PID:13116
- C:\Windows\System\JQEzmAr.exe
  C:\Windows\System\JQEzmAr.exe
  2⤵
  PID:13144
- C:\Windows\System\eOYfAEm.exe
  C:\Windows\System\eOYfAEm.exe
  2⤵
  PID:13168
- C:\Windows\System\idNSIQl.exe
  C:\Windows\System\idNSIQl.exe
  2⤵
  PID:13192
- C:\Windows\System\nUgHTwe.exe
  C:\Windows\System\nUgHTwe.exe
  2⤵
  PID:13212
- C:\Windows\System\aJYBFZz.exe
  C:\Windows\System\aJYBFZz.exe
  2⤵
  PID:13240
- C:\Windows\System\WRYMGiJ.exe
  C:\Windows\System\WRYMGiJ.exe
  2⤵
  PID:13256
- C:\Windows\System\ftCaZST.exe
  C:\Windows\System\ftCaZST.exe
  2⤵
  PID:13276
- C:\Windows\System\CVKcBHN.exe
  C:\Windows\System\CVKcBHN.exe
  2⤵
  PID:13292
- C:\Windows\System\WNMdNAT.exe
  C:\Windows\System\WNMdNAT.exe
  2⤵
  PID:13308
- C:\Windows\System\cQaKrGr.exe
  C:\Windows\System\cQaKrGr.exe
  2⤵
  PID:10376
- C:\Windows\System\ZpAvpll.exe
  C:\Windows\System\ZpAvpll.exe
  2⤵
  PID:8348
- C:\Windows\System\EoiuUEe.exe
  C:\Windows\System\EoiuUEe.exe
  2⤵
  PID:12620
- C:\Windows\System\qqtuuOb.exe
  C:\Windows\System\qqtuuOb.exe
  2⤵
  PID:12728
- C:\Windows\System\MpETKfN.exe
  C:\Windows\System\MpETKfN.exe
  2⤵
  PID:10940
- C:\Windows\System\TXibhql.exe
  C:\Windows\System\TXibhql.exe
  2⤵
  PID:8960
- C:\Windows\System\pNLkkaw.exe
  C:\Windows\System\pNLkkaw.exe
  2⤵
  PID:12556
- C:\Windows\System\PjDwXQl.exe
  C:\Windows\System\PjDwXQl.exe
  2⤵
  PID:11636
- C:\Windows\System\VZMjlee.exe
  C:\Windows\System\VZMjlee.exe
  2⤵
  PID:11704
- C:\Windows\System\zVflolE.exe
  C:\Windows\System\zVflolE.exe
  2⤵
  PID:8616
- C:\Windows\System\sUfIkqw.exe
  C:\Windows\System\sUfIkqw.exe
  2⤵
  PID:12324
- C:\Windows\System\jCOGKeq.exe
  C:\Windows\System\jCOGKeq.exe
  2⤵
  PID:9776
- C:\Windows\System\nWGhNua.exe
  C:\Windows\System\nWGhNua.exe
  2⤵
  PID:9464
- C:\Windows\System\XfwxxJT.exe
  C:\Windows\System\XfwxxJT.exe
  2⤵
  PID:6152
- C:\Windows\System\CkzAund.exe
  C:\Windows\System\CkzAund.exe
  2⤵
  PID:12804
- C:\Windows\System\WZygYti.exe
  C:\Windows\System\WZygYti.exe
  2⤵
  PID:12536
- C:\Windows\System\ikkAXYz.exe
  C:\Windows\System\ikkAXYz.exe
  2⤵
  PID:8368
- C:\Windows\System\yPzOzeQ.exe
  C:\Windows\System\yPzOzeQ.exe
  2⤵
  PID:12592
- C:\Windows\System\GgvTqkW.exe
  C:\Windows\System\GgvTqkW.exe
  2⤵
  PID:12660
- C:\Windows\System\yeEWfdE.exe
  C:\Windows\System\yeEWfdE.exe
  2⤵
  PID:11268
- C:\Windows\System\svYTedR.exe
  C:\Windows\System\svYTedR.exe
  2⤵
  PID:11408
- C:\Windows\System\ZOdrqXT.exe
  C:\Windows\System\ZOdrqXT.exe
  2⤵
  PID:11984
- C:\Windows\System\LovYJKI.exe
  C:\Windows\System\LovYJKI.exe
  2⤵
  PID:11548
- C:\Windows\System\GjaDKkw.exe
  C:\Windows\System\GjaDKkw.exe
  2⤵
  PID:13288
- C:\Windows\System\VtiqSWS.exe
  C:\Windows\System\VtiqSWS.exe
  2⤵
  PID:10844
- C:\Windows\System\JKqfkyZ.exe
  C:\Windows\System\JKqfkyZ.exe
  2⤵
  PID:12892
- C:\Windows\System\qUdtYku.exe
  C:\Windows\System\qUdtYku.exe
  2⤵
  PID:12116
- C:\Windows\System\vasXDZO.exe
  C:\Windows\System\vasXDZO.exe
  2⤵
  PID:12724
- C:\Windows\System\eBldNAX.exe
  C:\Windows\System\eBldNAX.exe
  2⤵
  PID:11296
- C:\Windows\System\TmFKIgp.exe
  C:\Windows\System\TmFKIgp.exe
  2⤵
  PID:12944
- C:\Windows\System\iMqlOUU.exe
  C:\Windows\System\iMqlOUU.exe
  2⤵
  PID:7416
- C:\Windows\System\yrJZsBL.exe
  C:\Windows\System\yrJZsBL.exe
  2⤵
  PID:1172
- C:\Windows\System\acaqtAz.exe
  C:\Windows\System\acaqtAz.exe
  2⤵
  PID:10896
- C:\Windows\System\vcJQEhO.exe
  C:\Windows\System\vcJQEhO.exe
  2⤵
  PID:13076
- C:\Windows\System\CrBsgiE.exe
  C:\Windows\System\CrBsgiE.exe
  2⤵
  PID:10804
- C:\Windows\System\kOMdGAt.exe
  C:\Windows\System\kOMdGAt.exe
  2⤵
  PID:12652
- C:\Windows\System\VVGvyOB.exe
  C:\Windows\System\VVGvyOB.exe
  2⤵
  PID:12336
- C:\Windows\System\HivhubD.exe
  C:\Windows\System\HivhubD.exe
  2⤵
  PID:11228
- C:\Windows\System\PwKhaov.exe
  C:\Windows\System\PwKhaov.exe
  2⤵
  PID:9268
- C:\Windows\System\mKWUDXb.exe
  C:\Windows\System\mKWUDXb.exe
  2⤵
  PID:5096
- C:\Windows\System\NcMHSWb.exe
  C:\Windows\System\NcMHSWb.exe
  2⤵
  PID:10888
- C:\Windows\System\lpzpLNm.exe
  C:\Windows\System\lpzpLNm.exe
  2⤵
  PID:11700
- C:\Windows\System\uUkNhoP.exe
  C:\Windows\System\uUkNhoP.exe
  2⤵
  PID:11796
- C:\Windows\System\bVdLehh.exe
  C:\Windows\System\bVdLehh.exe
  2⤵
  PID:9248
- C:\Windows\System\fFmHjVA.exe
  C:\Windows\System\fFmHjVA.exe
  2⤵
  PID:10308
- C:\Windows\System\LRzIKSW.exe
  C:\Windows\System\LRzIKSW.exe
  2⤵
  PID:11912
- C:\Windows\System\xMzFFpJ.exe
  C:\Windows\System\xMzFFpJ.exe
  2⤵
  PID:13104
- C:\Windows\System\mmlMKII.exe
  C:\Windows\System\mmlMKII.exe
  2⤵
  PID:9388
- C:\Windows\System\jZgPLBO.exe
  C:\Windows\System\jZgPLBO.exe
  2⤵
  PID:12240
- C:\Windows\System\BByJZtH.exe
  C:\Windows\System\BByJZtH.exe
  2⤵
  PID:9044
- C:\Windows\System\iABhGXr.exe
  C:\Windows\System\iABhGXr.exe
  2⤵
  PID:1512
- C:\Windows\System\ITTOMdx.exe
  C:\Windows\System\ITTOMdx.exe
  2⤵
  PID:13264
- C:\Windows\System\NYZAOcV.exe
  C:\Windows\System\NYZAOcV.exe
  2⤵
  PID:12956
- C:\Windows\System\gfWlcqd.exe
  C:\Windows\System\gfWlcqd.exe
  2⤵
  PID:12760
- C:\Windows\System\GVONNVk.exe
  C:\Windows\System\GVONNVk.exe
  2⤵
  PID:12608
- C:\Windows\System\iNZKjVb.exe
  C:\Windows\System\iNZKjVb.exe
  2⤵
  PID:10324
- C:\Windows\System\zqRSAom.exe
  C:\Windows\System\zqRSAom.exe
  2⤵
  PID:224
- C:\Windows\System\KqAvxDO.exe
  C:\Windows\System\KqAvxDO.exe
  2⤵
  PID:9364
- C:\Windows\System\MUAtKKk.exe
  C:\Windows\System\MUAtKKk.exe
  2⤵
  PID:13352
- C:\Windows\System\OGDHNnF.exe
  C:\Windows\System\OGDHNnF.exe
  2⤵
  PID:13372
- C:\Windows\System\TmFNUTL.exe
  C:\Windows\System\TmFNUTL.exe
  2⤵
  PID:13392
- C:\Windows\System\gsLCdjm.exe
  C:\Windows\System\gsLCdjm.exe
  2⤵
  PID:13412
- C:\Windows\System\CuplGmN.exe
  C:\Windows\System\CuplGmN.exe
  2⤵
  PID:13448
- C:\Windows\System\GWVppGJ.exe
  C:\Windows\System\GWVppGJ.exe
  2⤵
  PID:13484
- C:\Windows\System\EHylZPK.exe
  C:\Windows\System\EHylZPK.exe
  2⤵
  PID:13504
- C:\Windows\System\MzcrYMs.exe
  C:\Windows\System\MzcrYMs.exe
  2⤵
  PID:13572
- C:\Windows\System\tvowDiN.exe
  C:\Windows\System\tvowDiN.exe
  2⤵
  PID:13984
- C:\Windows\System\IrhnsQJ.exe
  C:\Windows\System\IrhnsQJ.exe
  2⤵
  PID:14120
- C:\Windows\System\bcdyHNL.exe
  C:\Windows\System\bcdyHNL.exe
  2⤵
  PID:14148
- C:\Windows\System\FtzaDGC.exe
  C:\Windows\System\FtzaDGC.exe
  2⤵
  PID:14176
- C:\Windows\System\PnfspZg.exe
  C:\Windows\System\PnfspZg.exe
  2⤵
  PID:14200
- C:\Windows\System\fIxgfES.exe
  C:\Windows\System\fIxgfES.exe
  2⤵
  PID:14272
- C:\Windows\System\hMsHIem.exe
  C:\Windows\System\hMsHIem.exe
  2⤵
  PID:14300
- C:\Windows\System\rZGzyWv.exe
  C:\Windows\System\rZGzyWv.exe
  2⤵
  PID:14324
- C:\Windows\System\txHjsJH.exe
  C:\Windows\System\txHjsJH.exe
  2⤵
  PID:10528
- C:\Windows\System\Vmjxnjy.exe
  C:\Windows\System\Vmjxnjy.exe
  2⤵
  PID:13364
- C:\Windows\System\ZyjsjvF.exe
  C:\Windows\System\ZyjsjvF.exe
  2⤵
  PID:11872
- C:\Windows\System\kEtoxHj.exe
  C:\Windows\System\kEtoxHj.exe
  2⤵
  PID:13380
- C:\Windows\System\rRKsCAP.exe
  C:\Windows\System\rRKsCAP.exe
  2⤵
  PID:13804
- C:\Windows\System\UuzUtUi.exe
  C:\Windows\System\UuzUtUi.exe
  2⤵
  PID:13876
- C:\Windows\System\rLHqhTB.exe
  C:\Windows\System\rLHqhTB.exe
  2⤵
  PID:13628
- C:\Windows\System\VDRVHaC.exe
  C:\Windows\System\VDRVHaC.exe
  2⤵
  PID:13836
- C:\Windows\System\VczTZFv.exe
  C:\Windows\System\VczTZFv.exe
  2⤵
  PID:13756
- C:\Windows\System\ddRFyXK.exe
  C:\Windows\System\ddRFyXK.exe
  2⤵
  PID:13940
- C:\Windows\System\BVULEMz.exe
  C:\Windows\System\BVULEMz.exe
  2⤵
  PID:13960
- C:\Windows\System\pxOqxWB.exe
  C:\Windows\System\pxOqxWB.exe
  2⤵
  PID:13996
- C:\Windows\System\DeHVPFm.exe
  C:\Windows\System\DeHVPFm.exe
  2⤵
  PID:10244
- C:\Windows\System\DYGmLyY.exe
  C:\Windows\System\DYGmLyY.exe
  2⤵
  PID:14016
- C:\Windows\System\LTyeDCE.exe
  C:\Windows\System\LTyeDCE.exe
  2⤵
  PID:14028
- C:\Windows\System\DJBEHpo.exe
  C:\Windows\System\DJBEHpo.exe
  2⤵
  PID:14052
- C:\Windows\System\alORbIt.exe
  C:\Windows\System\alORbIt.exe
  2⤵
  PID:13456
- C:\Windows\System\rXljigI.exe
  C:\Windows\System\rXljigI.exe
  2⤵
  PID:1276
- C:\Windows\System\UbrbZLa.exe
  C:\Windows\System\UbrbZLa.exe
  2⤵
  PID:13480
- C:\Windows\System\yrMwHMY.exe
  C:\Windows\System\yrMwHMY.exe
  2⤵
  PID:12340
- C:\Windows\System\dbDIGDk.exe
  C:\Windows\System\dbDIGDk.exe
  2⤵
  PID:12120
- C:\Windows\System\mUJkQnk.exe
  C:\Windows\System\mUJkQnk.exe
  2⤵
  PID:10044
- C:\Windows\System\FjOraIY.exe
  C:\Windows\System\FjOraIY.exe
  2⤵
  PID:3212
- C:\Windows\System\xLvWxLB.exe
  C:\Windows\System\xLvWxLB.exe
  2⤵
  PID:13568
- C:\Windows\System\VenacJM.exe
  C:\Windows\System\VenacJM.exe
  2⤵
  PID:2116
- C:\Windows\System\lYkehWJ.exe
  C:\Windows\System\lYkehWJ.exe
  2⤵
  PID:1312
- C:\Windows\System\dpaWkYV.exe
  C:\Windows\System\dpaWkYV.exe
  2⤵
  PID:3100
- C:\Windows\System\uBCcQVH.exe
  C:\Windows\System\uBCcQVH.exe
  2⤵
  PID:14168
- C:\Windows\System\TVttqJL.exe
  C:\Windows\System\TVttqJL.exe
  2⤵
  PID:10332
- C:\Windows\System\SSukqZf.exe
  C:\Windows\System\SSukqZf.exe
  2⤵
  PID:13492
- C:\Windows\System\rSzrXaD.exe
  C:\Windows\System\rSzrXaD.exe
  2⤵
  PID:1176
- C:\Windows\System\LxVJutR.exe
  C:\Windows\System\LxVJutR.exe
  2⤵
  PID:1144
- C:\Windows\System\NaBLTeX.exe
  C:\Windows\System\NaBLTeX.exe
  2⤵
  PID:684
- C:\Windows\System\YPLUGgq.exe
  C:\Windows\System\YPLUGgq.exe
  2⤵
  PID:11684
- C:\Windows\System\xdGWyfS.exe
  C:\Windows\System\xdGWyfS.exe
  2⤵
  PID:14260
- C:\Windows\System\uasyuvQ.exe
  C:\Windows\System\uasyuvQ.exe
  2⤵
  PID:10016
- C:\Windows\System\WJGGMeW.exe
  C:\Windows\System\WJGGMeW.exe
  2⤵
  PID:13632
- C:\Windows\System\kqNuSqI.exe
  C:\Windows\System\kqNuSqI.exe
  2⤵
  PID:13584
- C:\Windows\System\qBSSEit.exe
  C:\Windows\System\qBSSEit.exe
  2⤵
  PID:860
- C:\Windows\System\HedqWwL.exe
  C:\Windows\System\HedqWwL.exe
  2⤵
  PID:796
- C:\Windows\System\gHOGYeY.exe
  C:\Windows\System\gHOGYeY.exe
  2⤵
  PID:13660
- C:\Windows\System\kreKajq.exe
  C:\Windows\System\kreKajq.exe
  2⤵
  PID:4828
- C:\Windows\System\mWaIWhP.exe
  C:\Windows\System\mWaIWhP.exe
  2⤵
  PID:13444
- C:\Windows\System\DibrmGY.exe
  C:\Windows\System\DibrmGY.exe
  2⤵
  PID:13700
- C:\Windows\System\TAMVKJI.exe
  C:\Windows\System\TAMVKJI.exe
  2⤵
  PID:13820
- C:\Windows\System\SNvUfXD.exe
  C:\Windows\System\SNvUfXD.exe
  2⤵
  PID:13936
- C:\Windows\System\qaYhiev.exe
  C:\Windows\System\qaYhiev.exe
  2⤵
  PID:13944
- C:\Windows\System\ZZxyZbZ.exe
  C:\Windows\System\ZZxyZbZ.exe
  2⤵
  PID:7236
- C:\Windows\System\osbjZOi.exe
  C:\Windows\System\osbjZOi.exe
  2⤵
  PID:13812
- C:\Windows\System\ehAUVsB.exe
  C:\Windows\System\ehAUVsB.exe
  2⤵
  PID:14116
- C:\Windows\System\tGIyOgn.exe
  C:\Windows\System\tGIyOgn.exe
  2⤵
  PID:14240
- C:\Windows\System\YdxNJCJ.exe
  C:\Windows\System\YdxNJCJ.exe
  2⤵
  PID:4104
- C:\Windows\System\gGDLOst.exe
  C:\Windows\System\gGDLOst.exe
  2⤵
  PID:12472
- C:\Windows\System\BKWOsvt.exe
  C:\Windows\System\BKWOsvt.exe
  2⤵
  PID:876
- C:\Windows\System\ktinLmW.exe
  C:\Windows\System\ktinLmW.exe
  2⤵
  PID:4144
- C:\Windows\System\cGWzqBj.exe
  C:\Windows\System\cGWzqBj.exe
  2⤵
  PID:844
- C:\Windows\System\jGKfGCt.exe
  C:\Windows\System\jGKfGCt.exe
  2⤵
  PID:14104
- C:\Windows\System\dTOGIWY.exe
  C:\Windows\System\dTOGIWY.exe
  2⤵
  PID:2992
- C:\Windows\System\iKDizFa.exe
  C:\Windows\System\iKDizFa.exe
  2⤵
  PID:14184
- C:\Windows\System\TScGoVR.exe
  C:\Windows\System\TScGoVR.exe
  2⤵
  PID:13692

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:13304

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1740

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13932

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14096

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14128

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4104

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:7160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:8344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qyd5qjyj.4p3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AlaGyqB.exe

Filesize
2.0MB

MD5
0ed20e54e00a8ffaf4bf18d7cff0d1bd

SHA1
2cf029337a6f8116aa0a6cc63a418be3349b3d32

SHA256
333f6d70d84acc2da669cea2f30eb65c175e1b0b8bb542a7071f22e3dcb67bfc

SHA512
121d6a6894131c5d5f9f6ccbbe8f88ba49f1979c6996823c26954aaf1e5bbffd0af55006652aac2c857d0cdd9b2757ca766ac57ca1119166694acd5d6cda853d

Download Submit
C:\Windows\System\DOeqtkG.exe

Filesize
2.0MB

MD5
2342766405b717ea7d2d6bb1d087546d

SHA1
343690998b4b73f7dcea08ca50810f1dc10ced91

SHA256
13101b76cb84291a9cf9c38072f9fb43f97172dc88d93cf16254b36c1571077b

SHA512
6a1e1e1fd96808cfd8110f4afcc1fbdd958910c2e9739a6b35e0c7c1e1d283b14567bf1ef64da217f3cd86d8a922295dcfd020305893a7f9e003f7ee328a67ce

Download Submit
C:\Windows\System\DcWAWyf.exe

Filesize
2.0MB

MD5
098dfd6e8eda08cef212b19977845d42

SHA1
5f7c1c9221d9adaeea8038bb02131bad75cf3c01

SHA256
cdeeb5f02f3d8ced68d29dc1839f7cd80ec0df0d96f683e337a8d44e57a9f4f1

SHA512
e465e828fcde1eafbfe75ad1bb8d7c4f8ebbd12705567e15b02f349d7e8a5ae809f6dec227b8cf0242bd61e4c9df2504caca4fef79161b2afdac82d6ceb1f6ed

Download Submit
C:\Windows\System\EhVwwwm.exe

Filesize
2.0MB

MD5
5bf02bce349bed33c3adfa26005ee7e5

SHA1
fa507fd200bb3a3f30870280c7cba306bbb44ffb

SHA256
ad53cc11780f1b15f2988386d0d09f55f3aa118c9933997ece22b6e49d077296

SHA512
c96c432219ed89b9fd605dad4171ac1a3f1b64f2871441afc770ca544793a9419f4a60c46b1a5f8f13f14a1baff4ce34c1cd66abb8e6ab98de04e1ed6b836265

Download Submit
C:\Windows\System\FjbmtTA.exe

Filesize
2.0MB

MD5
873bd42c120adc2d539c274342880e55

SHA1
4694ab291dc307a22ddc47b6905ff823820c9955

SHA256
83608f9381b21be7a1e35b21ee6a31901aa42d91157574935c8e9ec8d1b837a1

SHA512
3b610bd966dbfb2d203777c66bd63eeb4340b9c05755a83f28512990b70a92d813e00747f95f60f08259577c859dce0a2ac3af9a68a359b5248d900beee573ce

Download Submit
C:\Windows\System\HLuqkGp.exe

Filesize
2.0MB

MD5
13434810379fc2807f47c62233ed23ec

SHA1
15a486f38a5f7a12ea373e2ece66ff375b8a3e45

SHA256
77b6a7eb21150b251c61a52f45c69e61470407f688520646456d5d9a4869e41e

SHA512
d1af38554f9a17e926d9eb5a1a3b9def55e95668b4046bf0e37702cd7cabb1c192a32144e7d73227f25ed9b8775747bc01488dc5858bbe689511e7ca746d3650

Download Submit
C:\Windows\System\HObMztb.exe

Filesize
2.0MB

MD5
a08038aab0b29263b305ec01f99605a3

SHA1
785992a22d2aaf8b5cd4c55147acb075d539e9df

SHA256
3d0144431392ebd5452f9697dbaf04bdb1818d283e3e3f181927aee56eca4d12

SHA512
34b478f2f30605496db31b0bccad89bd340111a97eaf2ca1c37d79855b80e040b325e39137d029a89fe310ef2df57f7411082d4c8036759d19ff1eea4d61692c

Download Submit
C:\Windows\System\KrKXFIv.exe

Filesize
2.0MB

MD5
6dce70affc196a18cf6361849d2d631e

SHA1
643a32622d7d3cfb157680e47130b8ebf09c0a95

SHA256
81f93d2e9018ec1fa5fa9d1fcd0849899bdad86815b84cf7492ba54e96de455c

SHA512
28aae800451da0a51f63e02c4e241791e163b203f91dfb3baa70da53ecea89d9a68caccbd26346dd4e116afd9f41c271e7d2ff28bd9f74deee36e0ec215e9b32

Download Submit
C:\Windows\System\KtrWWWI.exe

Filesize
2.0MB

MD5
4f64ffc8060a638b8667b718f8441289

SHA1
fbe4db55657e6e633f36d838e4b53290d28b531f

SHA256
e7909afd29473a76c6246828a27b6eeecd4205d8510ced937f7e19438262d40b

SHA512
7f58f1869e892d702a270a8cdbdc6d2871d16d1e75ebb59310e23777b6a03c73eda535a56f154caad1d8a8496bbd2678eb840cd205ff2575ce0099bb5e6ce3d6

Download Submit
C:\Windows\System\OlizgFS.exe

Filesize
2.0MB

MD5
a8684186d586211078073e06c2647ff7

SHA1
872cb2df4c880ebfb417ff3d8d89f4814ee5c456

SHA256
85df311dd3c4bd5105ac4ea54429d2e4dbd09ceed3b2aef4c46fc7c3ea818e64

SHA512
8b70fee7a77ab6e5a79dc8b9b4666422c0c8c6a768d93776531c511bb1fb2164e20e9ca067035d6dfe3ea66210cf3bf4478af5cf004c48001707d9c0015e8dd5

Download Submit
C:\Windows\System\OwWzeMe.exe

Filesize
2.0MB

MD5
a5c73447c70e665e288ea61fb4e01f78

SHA1
612e9a791fe886f3b5ba5bbb0946cba65b142344

SHA256
2399bb9142dced4a9728d85ff77462635f329e8bfc23b9aa5b0130bc91d19e6c

SHA512
21e2fafa146a6a00e6525466f5d198f1b2874d3273fd5b78c50fb8f2a5387c3cd9b5e114f468e8906a1b1cb408d83413dab636964302c618881e7c0c7abce077

Download Submit
C:\Windows\System\PLJealC.exe

Filesize
2.0MB

MD5
a45e43448778905f55ce5da086a675d3

SHA1
06bb8a319ca669a15fe10f7fbf4d3940625d6679

SHA256
2577178d60f603338f88ddb3e6ae80debdbf6fc0de55f5f4d2f8b2f0bdaef349

SHA512
88e38016fb8123ad1d7179bfe8cdaad4b80d4c4a12141698e2e44a763f9f9c79f3ac0f98b998361a38d90106772995a520f9e6007839ab230bcf69504da3cbdb

Download Submit
C:\Windows\System\RhiBDrH.exe

Filesize
2.0MB

MD5
05963ed7e9ae27d96a900e20d0166d02

SHA1
31c98c8b6247413c40c90b8d9f6d10c01baff86c

SHA256
784d27e52d2046a120acd3df33098a624549855c75d2c8b559d197c1a0a6189d

SHA512
7b6877b578c9c1db5300c3c840315958ee2da417a3b7c412e02fe3e31d8ba64b20d65bdd60048a076b4a9c3d55ce74df6e099ccb2679194932169295e8413fa5

Download Submit
C:\Windows\System\RsRUZzg.exe

Filesize
2.0MB

MD5
c16e0c401192adf1b3e15385118eb596

SHA1
7cf167611fe3877dc372fee25566671b66c65a63

SHA256
250f663f2abb11051e0a062db90647207d8be6101778865dafeda051139c089f

SHA512
c7aae827147c7429f9d742fdb66e933e12fd4d91c703adb2738c78dcdd53773ec364202feed5d0bb0b526afeda5446b95188c8bbc46bff2a006b1e69d9f8c54f

Download Submit
C:\Windows\System\TGXzNur.exe

Filesize
2.0MB

MD5
6ba26181962a6ca3c63fa10bdb3d48c4

SHA1
88ce98cd55486343a67faa816a5122876f2ded1d

SHA256
1fdb02a142fec53b1ec78785e390cdd373da195660443bedaa6590291ca59407

SHA512
eb1706d754ecb39d9c71345537a2d309060a49153308d00a06d76ce1457879013546b82ae6af21fb34c7e9d4f5d040fa6d7ad9aefb44f4ac46215db8c6e135ac

Download Submit
C:\Windows\System\ThdQYUV.exe

Filesize
2.0MB

MD5
78f4d358a52185a0537542b380f850b8

SHA1
cfd43259da5c311cab936f83557bc097a8f58232

SHA256
e79452587e725514118d6b5d6e6e8d001540e6469303ce1d9b198e818b540042

SHA512
b06661e7bf67b9a4a1402c9238180d2bdd96e70585dcd102b805119627e8fe2a988cfdaeabe65e8230061074cd736e3cced722eadc96a9d92eee84f36e03914e

Download Submit
C:\Windows\System\UENLZTT.exe

Filesize
2.0MB

MD5
0fc1f8f58179209566f5b38eb324d5da

SHA1
72f8ebfb16a193777418a3e31a95f62c6a8b2c15

SHA256
d7197e26fa302d1f63cf636d53e3182264192eadffec648e0a5952f4f0cc7d14

SHA512
15669ac88fed65d267e99aaacf9f50e4cf8a4313eb1579eb34195794fbf21b5b19fa745bcc756e64a9b15523d0b4f97a183017a323605f379e072a06e2d3bfd4

Download Submit
C:\Windows\System\VExYrUB.exe

Filesize
2.0MB

MD5
7bfb2401c5d77204bce011aae41fa5ae

SHA1
2dcd511db485a8d1629f8f4c6dd6b97ce574541d

SHA256
f10bc26998071620863347588dbadd63647a698f2322116e17b5660b142cbec2

SHA512
950c5b6ea3a9aee8c37bdaed1bab3775f389e05a00d68c9dd7563232cd1fb06736141effb67b3765f84ab4beddcd65f6c487c982da952fcc5c8824f4803a35f4

Download Submit
C:\Windows\System\VhGMkuP.exe

Filesize
2.0MB

MD5
5c070574d805c218012047e6478792f9

SHA1
c1970254ab635e9ab91f0edd753c0a5f4a2a0e4a

SHA256
54ae5bf6ce6c432e63201967a00fd8ea050b4b6940f166ba9c31142f700b452f

SHA512
8ac1be929410a5e89f14f0d371bbb1d813411d2dcfe1405826bb4f34c640c33a7395f6b380aee18fd8dfc50716718146918523d3eed13df743bf7728a476a977

Download Submit
C:\Windows\System\WKcjxsF.exe

Filesize
2.0MB

MD5
849c80bc2a2bfc9820d5e14857870f8f

SHA1
3f5808a048a101eaa321ea25b6f16d72cc7ec234

SHA256
2865d6424eb20cd871ac69a5d873a58c4a13da7811726e7214b29254760a6efb

SHA512
7ea03b339cf8178a6b70349df796041fd1668260f52eaf6430683d8d85f1f1079bc7b796b2ee7f460be94fe75feb336e7dd1f8ca459e40e9f55928babc84b08a

Download Submit
C:\Windows\System\bAOdExY.exe

Filesize
2.0MB

MD5
e1c2a9637ad101c24eecb977c13eb3f2

SHA1
3b775af6dea7e664b3a53e7933a29868bda01ad3

SHA256
4ed22dd3a8e2f93c17f2161a050ae6aaba9ffb8a426e8750a17c0903a24c705c

SHA512
63c1acde1b88bbfe3ca516c983eccd0890e32ccc705e7867b08169d5148dbad262e4568e7497ac06731c2f673a0b386ec33ef8e5b0b8c1ba2223d517f9e2531b

Download Submit
C:\Windows\System\bDxAver.exe

Filesize
2.0MB

MD5
167877d370bdd3613fba25dd72a3b05a

SHA1
8271946b5eb7cd52a364e54b99d4d33b46044f09

SHA256
4c032ed1e0164c85d2c9d31609b68d9b66978239bdc9ed558ee11d00755d51c1

SHA512
8393f5e2db4914789b709515c4f66219cc15760026fa3f2489a9fa3d2e3dd0e1348b1e041f087a74352eccbcb5305c7329c24929b99dceb00d247f8de02e65e9

Download Submit
C:\Windows\System\bESDtQb.exe

Filesize
2.0MB

MD5
3df3b62cffac008bcfce7322a7182e03

SHA1
3139c6c7621befc1b7f190e05aa727b5815904b0

SHA256
85900a3e573c997ab5c1be328142946f2fe8a28aa97f1556cd701aa31af76196

SHA512
0dc7d8683feaee6286d423db0dc5e781cba7e613866fca93e639ca41e56475d5aab6e1237f06495000a249cc0e4e16accdcd9b4e1cbb3aac243b1c686c1d874e

Download Submit
C:\Windows\System\cWONatF.exe

Filesize
2.0MB

MD5
5524cec171c45751c8bcdf9a360a45dc

SHA1
c08cdf0ff17e3ca989ef5322e5ce802c02252ead

SHA256
9997fe88a989fc06657c8dcb61eea8219d74dba498549811fd8ef1a92ef6b31a

SHA512
380435faf2dbab6d165b308af6c386efa96521b1563be6fcc6acf46e80a2624b5bccc79d65a6fc75d20aafc3807f3f94d1ae8d1b55343ac79ada1d30b0256e1b

Download Submit
C:\Windows\System\dmwzzOt.exe

Filesize
2.0MB

MD5
893031bff571641dd3305aefc5a9bb70

SHA1
9637f81d4ea65fce7a317061e9454e60e61a1969

SHA256
d690bdd58bdc6cfcd33fce160588ec5c9dde2fb33cee9cd77d24d9fddc26c880

SHA512
6cda062c6af8f148d67d5b4605f9105c75abcb6ca0cf69d20b22f818bbfa22d7e859ed6f874a3f9523508e388f3dcd985954a7bd86fc42a2c3d6873895165f6b

Download Submit
C:\Windows\System\gKGhKvx.exe

Filesize
2.0MB

MD5
3d835a4f91acf66dda52ea058885ba3f

SHA1
28d14383752860bd406f1163366419bed7d199e8

SHA256
a3dafedce9f4ce4d034814277e001c5f7af34e5195b22546d9ef27cf83534e3e

SHA512
9a7a01553ee8348e9eb00228578d208c0360d02b15494951c4c923275fe6f33d40103e0b4e25bd9a1d5edcef9b7c0caca624ee47cec3c6d315e6a57602d4d276

Download Submit
C:\Windows\System\imYxvvP.exe

Filesize
2.0MB

MD5
f4e52bdbed2c341a5f202f17aa31cf87

SHA1
e373429ceea2a7ffb69996fde8d990581e060063

SHA256
4642cb9654f20afa4ca209e88b0398e9b2d9f756f40c69d7320cb94b7f79868b

SHA512
e996547cb00a992c1aa8c5864356e4902788b8127749bfbd7d5bea503c36fdff52eb34c1d0d0cbf85ad9a8f52d7db4c3932e4f3656fed47e0ba9009c0bbd52fa

Download Submit
C:\Windows\System\kcHlFCz.exe

Filesize
2.0MB

MD5
3992765e7c3cbb3364fdad33884eece0

SHA1
507e6853fe378e1eea14a1833e17693694f77c1c

SHA256
cfe94570e1c781ca7c38fad390486ac1e9a0f3306acb3b7e5300c4ebd63c6b77

SHA512
f904e5555d433f810d592cbdd0d242d02eb87b6150a757ea1072099426e753321c1da900717a56ba7d02438b24e3122eb21f174c4c0469c9bff93d544916ccba

Download Submit
C:\Windows\System\ndVgGLz.exe

Filesize
2.0MB

MD5
19a8275c06c74a03b16f215d40b1fe37

SHA1
e16e91d0bff96e3358ff79b139429b2bbd906f67

SHA256
9c83444a0970cf04e78b0f1ffca694ea84661733fee18cfd093f8d19b6676a39

SHA512
6f0302665209157fce4c513e26ab2a21c29f6fcb5e741b0583909781a88ef25016d29f1630a892f397c63baaf8b34d47735945f3b124829f6b348694daf62b3b

Download Submit
C:\Windows\System\pmWctsa.exe

Filesize
2.0MB

MD5
a80015eb69a850a0f8ebcc952651b84a

SHA1
d02cf1a22efb6a244c2d40c982df753446d72a5d

SHA256
07bc160f274a67aa365f47eb305a80a7dd1480b2a328d5c2dca607cedbc4fe9b

SHA512
6c45919ecbeac19694da359dfda65d3273a7523cdf3a0592464c81234c3ca7c87092b7b33fb666c0ae985ce83ed97f9ff9cbc6c6f2acfde0d53f73cac98eb4cb

Download Submit
C:\Windows\System\txznvPW.exe

Filesize
2.0MB

MD5
1e10aa1fda211429bc259da33dfe40ee

SHA1
bcefef151c4b0fd53ca04206080a7532dd3e71a6

SHA256
482db8efec5aab5ad3945c3aaf21ff0a8aff1f9ae911180433bf309b67957c71

SHA512
dbc67229a741669baca87308631fef184b8ae7f25fbc4102424cce50b37ba7abf28741b7c9317dad28f65c5cd48435e14916880fd52fd407133d3536403bbdc5

Download Submit
C:\Windows\System\wagLMDu.exe

Filesize
2.0MB

MD5
70eab530d52dd76a15c5cfcc72549de1

SHA1
686ef0c565e1163de0aeebae4344710831b050db

SHA256
cec7bc967da8f51ea79bb04c760929a4fa99a46f0909481ca7c02204ed805f7e

SHA512
7b5128ec29c4835aa54193ebd2c0ec14c5aa1abd863c63a1be9a94972d0bf81c5d2effcce8e20a4128d0b8dceb1d21d21d7c4a8d2a0dd1c3a90490562079f910

Download Submit
C:\Windows\System\xinbOGA.exe

Filesize
2.0MB

MD5
64279becaf92eccf7e63ad410c2e0295

SHA1
9bc9250e4c093c80fc3f43c2a9acdf4ab422d69f

SHA256
5986fa36cc1a01507c0cbf65659ca77c00e28866eff3db08fbdf5da67726e93b

SHA512
d2a241f0ffbdcb0b91dabfc9dd02002381458ebb99476f8255be0827eef4dff0d3d9db1d43b17eb0afa5ca3f55af7802fd2da0408802472da91236c8c62eba47

Download Submit
C:\Windows\System\yCiUEJR.exe

Filesize
2.0MB

MD5
56ec76c4a997c0a66c88d2bef2a4ddb7

SHA1
d9b35de6d8bff3274cf87ba56156791c29fe658c

SHA256
dd594042668c96f95560f390c92feb98ceb3d76787aff4c272f8d880ba1fa042

SHA512
42e1dfa894fc81551cec207e00c8689dddf9eac5e7203aec5f6689e321445aaead475ce7311b9f67985f35a3e0e5520b28133415fdc39b77400e37ebac528724

Download Submit
C:\Windows\System\yDCPpME.exe

Filesize
2.0MB

MD5
bf46baf752bece0de0dbeb6813a61af4

SHA1
3c695395665881410912235b90c36cb825710bc5

SHA256
f236d2cbc4c0c26aed6608e16d64d6ee72cf9655631754f012a6841bce60399e

SHA512
43de43496c12b56f968470562b3b0708f801b832e04d52005b4bbb840c4ef6883af118aadab34aa98f6f819de105098cf81b46261edd8219e89c8fc7021e02b2

Download Submit
C:\Windows\System\yECQxMD.exe

Filesize
8B

MD5
9e16362b7eef9ff59cf4576b688fec20

SHA1
58714a79316bdda8b345ca47c2a7e8087e024871

SHA256
cb157cd47cb9ddacb8fa194262e9cc1364ca68490d93ad041938e77ef90ead7c

SHA512
53056e2e9a952538e1c61538c2bad2166adaf2d4a03d0e97e211329cd7f80967988343aa21690b08c2f1ad6d3fabfdc6095392f57b127d575de79d724d1a09de

Download Submit
memory/548-158-0x00007FF664000000-0x00007FF6643F2000-memory.dmp

Filesize
3.9MB

Download
memory/892-341-0x00007FF711100000-0x00007FF7114F2000-memory.dmp

Filesize
3.9MB

Download
memory/948-116-0x00007FF70F380000-0x00007FF70F772000-memory.dmp

Filesize
3.9MB

Download
memory/1216-25-0x00007FF79F320000-0x00007FF79F712000-memory.dmp

Filesize
3.9MB

Download
memory/1560-22-0x0000020DC7370000-0x0000020DC7380000-memory.dmp

Filesize
64KB

Download
memory/1560-380-0x00007FFAE6EB0000-0x00007FFAE7971000-memory.dmp

Filesize
10.8MB

Download
memory/1560-21-0x0000020DC7370000-0x0000020DC7380000-memory.dmp

Filesize
64KB

Download
memory/1560-168-0x0000020DC72E0000-0x0000020DC7302000-memory.dmp

Filesize
136KB

Download
memory/2088-4032-0x00007FF73FD70000-0x00007FF740162000-memory.dmp

Filesize
3.9MB

Download
memory/2088-39-0x00007FF73FD70000-0x00007FF740162000-memory.dmp

Filesize
3.9MB

Download
memory/2312-303-0x00007FF625AA0000-0x00007FF625E92000-memory.dmp

Filesize
3.9MB

Download
memory/2316-218-0x00007FF7C7A60000-0x00007FF7C7E52000-memory.dmp

Filesize
3.9MB

Download
memory/2736-139-0x00007FF695360000-0x00007FF695752000-memory.dmp

Filesize
3.9MB

Download
memory/2776-246-0x00007FF794110000-0x00007FF794502000-memory.dmp

Filesize
3.9MB

Download
memory/2900-159-0x00007FF7116C0000-0x00007FF711AB2000-memory.dmp

Filesize
3.9MB

Download
memory/2936-194-0x00007FF6222A0000-0x00007FF622692000-memory.dmp

Filesize
3.9MB

Download
memory/3044-395-0x00007FF6F38B0000-0x00007FF6F3CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3464-323-0x00007FF698EF0000-0x00007FF6992E2000-memory.dmp

Filesize
3.9MB

Download
memory/3832-268-0x00007FF7B2A30000-0x00007FF7B2E22000-memory.dmp

Filesize
3.9MB

Download
memory/4036-40-0x00007FF643F10000-0x00007FF644302000-memory.dmp

Filesize
3.9MB

Download
memory/4036-4579-0x00007FF643F10000-0x00007FF644302000-memory.dmp

Filesize
3.9MB

Download
memory/4148-74-0x00007FF673BE0000-0x00007FF673FD2000-memory.dmp

Filesize
3.9MB

Download
memory/4148-4575-0x00007FF673BE0000-0x00007FF673FD2000-memory.dmp

Filesize
3.9MB

Download
memory/4520-20-0x00007FF781B70000-0x00007FF781F62000-memory.dmp

Filesize
3.9MB

Download
memory/4520-4277-0x00007FF781B70000-0x00007FF781F62000-memory.dmp

Filesize
3.9MB

Download
memory/4612-0-0x00007FF678140000-0x00007FF678532000-memory.dmp

Filesize
3.9MB

Download
memory/4612-1-0x00000258E4620000-0x00000258E4630000-memory.dmp

Filesize
64KB

Download
memory/4612-4035-0x00007FF678140000-0x00007FF678532000-memory.dmp

Filesize
3.9MB

Download
memory/4932-416-0x00007FF754CE0000-0x00007FF7550D2000-memory.dmp

Filesize
3.9MB

Download
memory/5084-279-0x00007FF79C3B0000-0x00007FF79C7A2000-memory.dmp

Filesize
3.9MB

Download
memory/5108-195-0x00007FF711A20000-0x00007FF711E12000-memory.dmp

Filesize
3.9MB

Download
memory/5112-417-0x00007FF6260C0000-0x00007FF6264B2000-memory.dmp

Filesize
3.9MB

Download