xmrig | ef3bbb414d42925a68b315fb3036521fe0c45b3b123c58237dfafba5077c6d4d

Analysis

max time kernel
150s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
Size

2.2MB
MD5

0e9649ce5e7c6dbe9336b4879057ecff
SHA1

7f996c4deb0a42aaea010f64ab94331aa946cadd
SHA256

ef3bbb414d42925a68b315fb3036521fe0c45b3b123c58237dfafba5077c6d4d
SHA512

42fcc645784b98ec383aa29b943b5821f90ae2cd17fed9603aaa3b58dddac30a2b5e49096f949b7f4761809dc03b9ac95ad911a1201ffb9e76e9cd4671d7fbf3
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qr2:NABB

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 25 IoCs

miner

resource	yara_rule
behavioral2/memory/2604-346-0x00007FF718B20000-0x00007FF718F12000-memory.dmp	xmrig
behavioral2/memory/4700-384-0x00007FF6CDA50000-0x00007FF6CDE42000-memory.dmp	xmrig
behavioral2/memory/3656-391-0x00007FF6ECD10000-0x00007FF6ED102000-memory.dmp	xmrig
behavioral2/memory/424-396-0x00007FF7E3CA0000-0x00007FF7E4092000-memory.dmp	xmrig
behavioral2/memory/652-395-0x00007FF751090000-0x00007FF751482000-memory.dmp	xmrig
behavioral2/memory/804-394-0x00007FF625F70000-0x00007FF626362000-memory.dmp	xmrig
behavioral2/memory/4964-393-0x00007FF7C49B0000-0x00007FF7C4DA2000-memory.dmp	xmrig
behavioral2/memory/1844-392-0x00007FF7F1690000-0x00007FF7F1A82000-memory.dmp	xmrig
behavioral2/memory/1076-390-0x00007FF738130000-0x00007FF738522000-memory.dmp	xmrig
behavioral2/memory/1992-389-0x00007FF7758E0000-0x00007FF775CD2000-memory.dmp	xmrig
behavioral2/memory/2104-388-0x00007FF64F9E0000-0x00007FF64FDD2000-memory.dmp	xmrig
behavioral2/memory/4596-387-0x00007FF7E1B20000-0x00007FF7E1F12000-memory.dmp	xmrig
behavioral2/memory/1448-386-0x00007FF78D0A0000-0x00007FF78D492000-memory.dmp	xmrig
behavioral2/memory/1676-385-0x00007FF739F30000-0x00007FF73A322000-memory.dmp	xmrig
behavioral2/memory/3260-383-0x00007FF647E60000-0x00007FF648252000-memory.dmp	xmrig
behavioral2/memory/2920-382-0x00007FF69D780000-0x00007FF69DB72000-memory.dmp	xmrig
behavioral2/memory/1736-312-0x00007FF777CB0000-0x00007FF7780A2000-memory.dmp	xmrig
behavioral2/memory/2424-256-0x00007FF72DF60000-0x00007FF72E352000-memory.dmp	xmrig
behavioral2/memory/4040-265-0x00007FF6BE350000-0x00007FF6BE742000-memory.dmp	xmrig
behavioral2/memory/2756-213-0x00007FF7FA180000-0x00007FF7FA572000-memory.dmp	xmrig
behavioral2/memory/3672-180-0x00007FF6294D0000-0x00007FF6298C2000-memory.dmp	xmrig
behavioral2/memory/3676-136-0x00007FF761B20000-0x00007FF761F12000-memory.dmp	xmrig
behavioral2/memory/1520-53-0x00007FF69B8F0000-0x00007FF69BCE2000-memory.dmp	xmrig
behavioral2/memory/216-4838-0x00007FF7BD6F0000-0x00007FF7BDAE2000-memory.dmp	xmrig
behavioral2/memory/2528-4275-0x00007FF724D00000-0x00007FF7250F2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5016	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
804	DGuUisR.exe
1520	evhGLpR.exe
2528	fRjZMwq.exe
3676	FjiaICE.exe
3672	qTeSqIc.exe
2756	YdOjvBQ.exe
2424	mkMyucq.exe
4040	wWPyrvx.exe
1736	jANLymr.exe
2604	BoLydQM.exe
652	vBDSXjp.exe
2920	nxlWpFw.exe
3260	aoqrLSf.exe
4700	ALFAFDO.exe
1676	xhXNZvn.exe
1448	WWOrPvP.exe
4596	FEdiHQE.exe
2104	cQvcjHr.exe
1992	XeovhzQ.exe
424	PAZLBol.exe
1076	NpDxdUq.exe
3656	XJvocak.exe
1844	IDAaOXd.exe
4964	GfKVqhO.exe
4644	BxIgBFQ.exe
2568	hYOaQju.exe
3616	DwIqUoz.exe
3860	oLVtGhO.exe
2880	GqkpQyP.exe
224	tuvWgdI.exe
628	hOIcAOQ.exe
1984	yGUTMEE.exe
4576	JaELvxb.exe
5012	GnDlbgD.exe
584	zXviEWM.exe
4676	xftapNV.exe
2384	fEiglqm.exe
808	SXjzdOx.exe
3832	RXrualc.exe
4856	OqPPfkk.exe
4364	dNrpNOT.exe
1048	GvNOeOU.exe
508	MBIpgro.exe
2120	lkABrCi.exe
3696	yqYvZfN.exe
3400	qLbVyLD.exe
1156	JKlScHQ.exe
1936	MavQUQm.exe
2800	JEdRLOy.exe
2288	ddFFkCA.exe
3224	CbAslje.exe
2376	OwhwQcp.exe
4764	JsGVphZ.exe
5032	VjNEOHc.exe
760	mwoSuJw.exe
1456	EERzEZG.exe
4456	Adssgdn.exe
4340	qFeTgQS.exe
1528	IVdcJwA.exe
4208	MzfwCZp.exe
3012	cIrPtSk.exe
5048	jTtlvCP.exe
4940	iMsFnum.exe
4852	YyClGYo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/216-0-0x00007FF7BD6F0000-0x00007FF7BDAE2000-memory.dmp	upx
behavioral2/files/0x000700000002341a-19.dat	upx
behavioral2/files/0x000700000002341b-23.dat	upx
behavioral2/files/0x000700000002341c-42.dat	upx
behavioral2/files/0x0007000000023424-62.dat	upx
behavioral2/files/0x0007000000023421-109.dat	upx
behavioral2/files/0x000700000002342d-156.dat	upx
behavioral2/memory/2604-346-0x00007FF718B20000-0x00007FF718F12000-memory.dmp	upx
behavioral2/memory/4700-384-0x00007FF6CDA50000-0x00007FF6CDE42000-memory.dmp	upx
behavioral2/memory/3656-391-0x00007FF6ECD10000-0x00007FF6ED102000-memory.dmp	upx
behavioral2/memory/424-396-0x00007FF7E3CA0000-0x00007FF7E4092000-memory.dmp	upx
behavioral2/memory/652-395-0x00007FF751090000-0x00007FF751482000-memory.dmp	upx
behavioral2/memory/804-394-0x00007FF625F70000-0x00007FF626362000-memory.dmp	upx
behavioral2/memory/4964-393-0x00007FF7C49B0000-0x00007FF7C4DA2000-memory.dmp	upx
behavioral2/memory/1844-392-0x00007FF7F1690000-0x00007FF7F1A82000-memory.dmp	upx
behavioral2/memory/1076-390-0x00007FF738130000-0x00007FF738522000-memory.dmp	upx
behavioral2/memory/1992-389-0x00007FF7758E0000-0x00007FF775CD2000-memory.dmp	upx
behavioral2/memory/2104-388-0x00007FF64F9E0000-0x00007FF64FDD2000-memory.dmp	upx
behavioral2/memory/4596-387-0x00007FF7E1B20000-0x00007FF7E1F12000-memory.dmp	upx
behavioral2/memory/1448-386-0x00007FF78D0A0000-0x00007FF78D492000-memory.dmp	upx
behavioral2/memory/1676-385-0x00007FF739F30000-0x00007FF73A322000-memory.dmp	upx
behavioral2/memory/3260-383-0x00007FF647E60000-0x00007FF648252000-memory.dmp	upx
behavioral2/memory/2920-382-0x00007FF69D780000-0x00007FF69DB72000-memory.dmp	upx
behavioral2/memory/1736-312-0x00007FF777CB0000-0x00007FF7780A2000-memory.dmp	upx
behavioral2/memory/2424-256-0x00007FF72DF60000-0x00007FF72E352000-memory.dmp	upx
behavioral2/memory/4040-265-0x00007FF6BE350000-0x00007FF6BE742000-memory.dmp	upx
behavioral2/memory/2756-213-0x00007FF7FA180000-0x00007FF7FA572000-memory.dmp	upx
behavioral2/files/0x0007000000023434-194.dat	upx
behavioral2/files/0x000700000002342c-188.dat	upx
behavioral2/files/0x000700000002343c-185.dat	upx
behavioral2/memory/3672-180-0x00007FF6294D0000-0x00007FF6298C2000-memory.dmp	upx
behavioral2/files/0x000700000002343b-177.dat	upx
behavioral2/files/0x0007000000023431-173.dat	upx
behavioral2/files/0x000700000002343a-172.dat	upx
behavioral2/files/0x0007000000023438-168.dat	upx
behavioral2/files/0x000700000002342e-163.dat	upx
behavioral2/files/0x0007000000023437-161.dat	upx
behavioral2/files/0x0007000000023436-158.dat	upx
behavioral2/files/0x0007000000023433-143.dat	upx
behavioral2/files/0x000700000002343d-184.dat	upx
behavioral2/files/0x0007000000023428-137.dat	upx
behavioral2/memory/2528-133-0x00007FF724D00000-0x00007FF7250F2000-memory.dmp	upx
behavioral2/files/0x0007000000023427-126.dat	upx
behavioral2/files/0x0007000000023430-125.dat	upx
behavioral2/files/0x0007000000023439-169.dat	upx
behavioral2/files/0x000700000002342a-164.dat	upx
behavioral2/files/0x0007000000023426-118.dat	upx
behavioral2/files/0x0007000000023425-112.dat	upx
behavioral2/files/0x0007000000023435-155.dat	upx
behavioral2/files/0x0007000000023429-148.dat	upx
behavioral2/files/0x0007000000023423-104.dat	upx
behavioral2/files/0x000700000002342b-96.dat	upx
behavioral2/files/0x0007000000023432-141.dat	upx
behavioral2/memory/3676-136-0x00007FF761B20000-0x00007FF761F12000-memory.dmp	upx
behavioral2/files/0x000700000002342f-122.dat	upx
behavioral2/files/0x0007000000023422-120.dat	upx
behavioral2/files/0x0007000000023420-76.dat	upx
behavioral2/files/0x000700000002341e-71.dat	upx
behavioral2/memory/1520-53-0x00007FF69B8F0000-0x00007FF69BCE2000-memory.dmp	upx
behavioral2/files/0x000700000002341d-44.dat	upx
behavioral2/files/0x000700000002341f-36.dat	upx
behavioral2/files/0x0008000000023419-20.dat	upx
behavioral2/files/0x0008000000023416-14.dat	upx
behavioral2/memory/216-4838-0x00007FF7BD6F0000-0x00007FF7BDAE2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\efFmZzS.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\ZUFrccM.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\DrZvqka.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\cpUxzoK.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\pPAudDF.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\DMUTARD.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\xLgWLcQ.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\FfjyVhE.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\weXMfzI.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\EXrkBDR.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\beOIuSb.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\VPfMYmU.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\StnouAt.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\DtBMbSa.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\sgktdWA.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\pmLAVGw.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\YHVOdFv.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\nOKuDhG.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\iWvKaCX.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\zbzxtSr.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\uRwYxnt.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\LvHYleg.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\dvlEJTF.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\HbwQoHS.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\MsttgvB.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\fYgYRDH.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\lBzgptV.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\XUBZHsE.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\EKaXQUG.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\lTHrUcd.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\vexzcDY.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\ZGdAehR.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\cgAyqiA.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\zqxDutN.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\vzkXeBT.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\YqdnCCk.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\iUsVjBT.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\SDjyiXS.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\gQTiBQI.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\tLZKvKH.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\sGOjTzV.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\BHkLpvc.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\vZclrIT.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\miLBNfE.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\tieaORh.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\vPhZXpS.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\aWfKQdB.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\DrPUUDj.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\DPbYXbZ.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\jaQgHxw.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\dmkJHSW.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\fRjZMwq.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\LcZDUEu.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\cATvzWB.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\nnoMZUe.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\fAypdbs.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\XpFdttk.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\SyjWPJu.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\mWNOEbf.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\wTCRuxp.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\VDadhCD.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\eMEKRFY.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\wWPyrvx.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
File created	C:\Windows\System\dqvpirO.exe	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5016	powershell.exe
5016	powershell.exe
5016	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
7144	Process not Found
9340	Process not Found
9392	Process not Found
8848	Process not Found
8856	Process not Found
9540	Process not Found
9580	Process not Found
8924	Process not Found
9004	Process not Found
7016	Process not Found
9944	Process not Found
9332	Process not Found
8220	Process not Found
9988	Process not Found
1960	Process not Found
10000	Process not Found
7748	Process not Found
6416	Process not Found
10036	Process not Found
10364	Process not Found
10060	Process not Found
10080	Process not Found
10084	Process not Found
10108	Process not Found
10112	Process not Found
10140	Process not Found
10412	Process not Found
10156	Process not Found
9600	Process not Found
7132	Process not Found
9060	Process not Found
10684	Process not Found
10804	Process not Found
10784	Process not Found
9992	Process not Found
9984	Process not Found
11008	Process not Found
11028	Process not Found
10356	Process not Found
10048	Process not Found
10376	Process not Found
10380	Process not Found
10388	Process not Found
10396	Process not Found
10132	Process not Found
12228	Process not Found
11248	Process not Found
10428	Process not Found
10456	Process not Found
9180	Process not Found
9860	Process not Found
10672	Process not Found
8344	Process not Found
10764	Process not Found
6176	Process not Found
12720	Process not Found
10980	Process not Found
11000	Process not Found
12604	Process not Found
12612	Process not Found
12620	Process not Found
12632	Process not Found
10372	Process not Found
12648	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
Token: SeDebugPrivilege	5016	powershell.exe
Token: SeCreateGlobalPrivilege	13848	dwm.exe
Token: SeChangeNotifyPrivilege	13848	dwm.exe
Token: 33	13848	dwm.exe
Token: SeIncBasePriorityPrivilege	13848	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 5016	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	82
PID 216 wrote to memory of 5016	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	82
PID 216 wrote to memory of 804	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	83
PID 216 wrote to memory of 804	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	83
PID 216 wrote to memory of 1520	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	84
PID 216 wrote to memory of 1520	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	84
PID 216 wrote to memory of 2528	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	85
PID 216 wrote to memory of 2528	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	85
PID 216 wrote to memory of 3676	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	86
PID 216 wrote to memory of 3676	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	86
PID 216 wrote to memory of 3672	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	87
PID 216 wrote to memory of 3672	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	87
PID 216 wrote to memory of 2756	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	88
PID 216 wrote to memory of 2756	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	88
PID 216 wrote to memory of 2424	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	89
PID 216 wrote to memory of 2424	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	89
PID 216 wrote to memory of 4040	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	90
PID 216 wrote to memory of 4040	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	90
PID 216 wrote to memory of 1736	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	91
PID 216 wrote to memory of 1736	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	91
PID 216 wrote to memory of 3260	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	92
PID 216 wrote to memory of 3260	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	92
PID 216 wrote to memory of 2604	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	93
PID 216 wrote to memory of 2604	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	93
PID 216 wrote to memory of 652	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	94
PID 216 wrote to memory of 652	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	94
PID 216 wrote to memory of 2920	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	95
PID 216 wrote to memory of 2920	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	95
PID 216 wrote to memory of 4700	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	96
PID 216 wrote to memory of 4700	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	96
PID 216 wrote to memory of 1676	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	97
PID 216 wrote to memory of 1676	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	97
PID 216 wrote to memory of 1448	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	98
PID 216 wrote to memory of 1448	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	98
PID 216 wrote to memory of 4596	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	99
PID 216 wrote to memory of 4596	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	99
PID 216 wrote to memory of 2104	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	100
PID 216 wrote to memory of 2104	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	100
PID 216 wrote to memory of 1992	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	101
PID 216 wrote to memory of 1992	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	101
PID 216 wrote to memory of 424	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	102
PID 216 wrote to memory of 424	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	102
PID 216 wrote to memory of 1076	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	103
PID 216 wrote to memory of 1076	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	103
PID 216 wrote to memory of 3656	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	104
PID 216 wrote to memory of 3656	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	104
PID 216 wrote to memory of 1844	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	105
PID 216 wrote to memory of 1844	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	105
PID 216 wrote to memory of 4964	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	106
PID 216 wrote to memory of 4964	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	106
PID 216 wrote to memory of 4644	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	107
PID 216 wrote to memory of 4644	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	107
PID 216 wrote to memory of 2568	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	108
PID 216 wrote to memory of 2568	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	108
PID 216 wrote to memory of 3616	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	109
PID 216 wrote to memory of 3616	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	109
PID 216 wrote to memory of 3860	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	110
PID 216 wrote to memory of 3860	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	110
PID 216 wrote to memory of 808	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	111
PID 216 wrote to memory of 808	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	111
PID 216 wrote to memory of 2880	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	112
PID 216 wrote to memory of 2880	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	112
PID 216 wrote to memory of 224	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	113
PID 216 wrote to memory of 224	216	0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe	113

C:\Users\Admin\AppData\Local\Temp\0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e9649ce5e7c6dbe9336b4879057ecff_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5016
- C:\Windows\System\DGuUisR.exe
  C:\Windows\System\DGuUisR.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\evhGLpR.exe
  C:\Windows\System\evhGLpR.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\fRjZMwq.exe
  C:\Windows\System\fRjZMwq.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\FjiaICE.exe
  C:\Windows\System\FjiaICE.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\qTeSqIc.exe
  C:\Windows\System\qTeSqIc.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\YdOjvBQ.exe
  C:\Windows\System\YdOjvBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\mkMyucq.exe
  C:\Windows\System\mkMyucq.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\wWPyrvx.exe
  C:\Windows\System\wWPyrvx.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\jANLymr.exe
  C:\Windows\System\jANLymr.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\aoqrLSf.exe
  C:\Windows\System\aoqrLSf.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\BoLydQM.exe
  C:\Windows\System\BoLydQM.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\vBDSXjp.exe
  C:\Windows\System\vBDSXjp.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\nxlWpFw.exe
  C:\Windows\System\nxlWpFw.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ALFAFDO.exe
  C:\Windows\System\ALFAFDO.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\xhXNZvn.exe
  C:\Windows\System\xhXNZvn.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\WWOrPvP.exe
  C:\Windows\System\WWOrPvP.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\FEdiHQE.exe
  C:\Windows\System\FEdiHQE.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\cQvcjHr.exe
  C:\Windows\System\cQvcjHr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\XeovhzQ.exe
  C:\Windows\System\XeovhzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\PAZLBol.exe
  C:\Windows\System\PAZLBol.exe
  2⤵
  - Executes dropped EXE
  PID:424
- C:\Windows\System\NpDxdUq.exe
  C:\Windows\System\NpDxdUq.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\XJvocak.exe
  C:\Windows\System\XJvocak.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\IDAaOXd.exe
  C:\Windows\System\IDAaOXd.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\GfKVqhO.exe
  C:\Windows\System\GfKVqhO.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\BxIgBFQ.exe
  C:\Windows\System\BxIgBFQ.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\hYOaQju.exe
  C:\Windows\System\hYOaQju.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\DwIqUoz.exe
  C:\Windows\System\DwIqUoz.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\oLVtGhO.exe
  C:\Windows\System\oLVtGhO.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\SXjzdOx.exe
  C:\Windows\System\SXjzdOx.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\GqkpQyP.exe
  C:\Windows\System\GqkpQyP.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\tuvWgdI.exe
  C:\Windows\System\tuvWgdI.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\hOIcAOQ.exe
  C:\Windows\System\hOIcAOQ.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\yGUTMEE.exe
  C:\Windows\System\yGUTMEE.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JaELvxb.exe
  C:\Windows\System\JaELvxb.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\GnDlbgD.exe
  C:\Windows\System\GnDlbgD.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\zXviEWM.exe
  C:\Windows\System\zXviEWM.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\xftapNV.exe
  C:\Windows\System\xftapNV.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\fEiglqm.exe
  C:\Windows\System\fEiglqm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\RXrualc.exe
  C:\Windows\System\RXrualc.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\OqPPfkk.exe
  C:\Windows\System\OqPPfkk.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\dNrpNOT.exe
  C:\Windows\System\dNrpNOT.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\GvNOeOU.exe
  C:\Windows\System\GvNOeOU.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\MBIpgro.exe
  C:\Windows\System\MBIpgro.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\lkABrCi.exe
  C:\Windows\System\lkABrCi.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\yqYvZfN.exe
  C:\Windows\System\yqYvZfN.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\qLbVyLD.exe
  C:\Windows\System\qLbVyLD.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\JKlScHQ.exe
  C:\Windows\System\JKlScHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\MavQUQm.exe
  C:\Windows\System\MavQUQm.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\JEdRLOy.exe
  C:\Windows\System\JEdRLOy.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ddFFkCA.exe
  C:\Windows\System\ddFFkCA.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\CbAslje.exe
  C:\Windows\System\CbAslje.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\OwhwQcp.exe
  C:\Windows\System\OwhwQcp.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\YyClGYo.exe
  C:\Windows\System\YyClGYo.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\JsGVphZ.exe
  C:\Windows\System\JsGVphZ.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\VjNEOHc.exe
  C:\Windows\System\VjNEOHc.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\mwoSuJw.exe
  C:\Windows\System\mwoSuJw.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\rZBtSKH.exe
  C:\Windows\System\rZBtSKH.exe
  2⤵
  PID:1756
- C:\Windows\System\EERzEZG.exe
  C:\Windows\System\EERzEZG.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\Adssgdn.exe
  C:\Windows\System\Adssgdn.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\qFeTgQS.exe
  C:\Windows\System\qFeTgQS.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\IVdcJwA.exe
  C:\Windows\System\IVdcJwA.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\MzfwCZp.exe
  C:\Windows\System\MzfwCZp.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\cIrPtSk.exe
  C:\Windows\System\cIrPtSk.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\jTtlvCP.exe
  C:\Windows\System\jTtlvCP.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\iMsFnum.exe
  C:\Windows\System\iMsFnum.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\JKlFgjc.exe
  C:\Windows\System\JKlFgjc.exe
  2⤵
  PID:5112
- C:\Windows\System\ruqPTsc.exe
  C:\Windows\System\ruqPTsc.exe
  2⤵
  PID:1268
- C:\Windows\System\OoidmAP.exe
  C:\Windows\System\OoidmAP.exe
  2⤵
  PID:736
- C:\Windows\System\FqJiMpF.exe
  C:\Windows\System\FqJiMpF.exe
  2⤵
  PID:2832
- C:\Windows\System\XFFCgsv.exe
  C:\Windows\System\XFFCgsv.exe
  2⤵
  PID:3680
- C:\Windows\System\kPgQqXM.exe
  C:\Windows\System\kPgQqXM.exe
  2⤵
  PID:2000
- C:\Windows\System\AgHDbqZ.exe
  C:\Windows\System\AgHDbqZ.exe
  2⤵
  PID:1012
- C:\Windows\System\khsRbcO.exe
  C:\Windows\System\khsRbcO.exe
  2⤵
  PID:2884
- C:\Windows\System\lDoeXeg.exe
  C:\Windows\System\lDoeXeg.exe
  2⤵
  PID:2044
- C:\Windows\System\HZmAIZH.exe
  C:\Windows\System\HZmAIZH.exe
  2⤵
  PID:1836
- C:\Windows\System\HIzeiRA.exe
  C:\Windows\System\HIzeiRA.exe
  2⤵
  PID:3964
- C:\Windows\System\fPqdbBE.exe
  C:\Windows\System\fPqdbBE.exe
  2⤵
  PID:452
- C:\Windows\System\LxtLdtq.exe
  C:\Windows\System\LxtLdtq.exe
  2⤵
  PID:5136
- C:\Windows\System\jwSfmBy.exe
  C:\Windows\System\jwSfmBy.exe
  2⤵
  PID:5152
- C:\Windows\System\NKbbpyh.exe
  C:\Windows\System\NKbbpyh.exe
  2⤵
  PID:5176
- C:\Windows\System\WxZJSDU.exe
  C:\Windows\System\WxZJSDU.exe
  2⤵
  PID:5204
- C:\Windows\System\NFLQoVy.exe
  C:\Windows\System\NFLQoVy.exe
  2⤵
  PID:5224
- C:\Windows\System\jrhJgdE.exe
  C:\Windows\System\jrhJgdE.exe
  2⤵
  PID:5244
- C:\Windows\System\YBOGXyO.exe
  C:\Windows\System\YBOGXyO.exe
  2⤵
  PID:5272
- C:\Windows\System\ZMQqtzV.exe
  C:\Windows\System\ZMQqtzV.exe
  2⤵
  PID:5296
- C:\Windows\System\LvcyIqP.exe
  C:\Windows\System\LvcyIqP.exe
  2⤵
  PID:5320
- C:\Windows\System\IVkhQxH.exe
  C:\Windows\System\IVkhQxH.exe
  2⤵
  PID:5344
- C:\Windows\System\DqVMNUp.exe
  C:\Windows\System\DqVMNUp.exe
  2⤵
  PID:5364
- C:\Windows\System\RSfvsKr.exe
  C:\Windows\System\RSfvsKr.exe
  2⤵
  PID:5388
- C:\Windows\System\rruwocU.exe
  C:\Windows\System\rruwocU.exe
  2⤵
  PID:5412
- C:\Windows\System\IQYrqaO.exe
  C:\Windows\System\IQYrqaO.exe
  2⤵
  PID:5432
- C:\Windows\System\mKBZwxO.exe
  C:\Windows\System\mKBZwxO.exe
  2⤵
  PID:5452
- C:\Windows\System\oCcApLt.exe
  C:\Windows\System\oCcApLt.exe
  2⤵
  PID:5476
- C:\Windows\System\IIAMorA.exe
  C:\Windows\System\IIAMorA.exe
  2⤵
  PID:5520
- C:\Windows\System\IouXHIy.exe
  C:\Windows\System\IouXHIy.exe
  2⤵
  PID:5548
- C:\Windows\System\NLwRvEZ.exe
  C:\Windows\System\NLwRvEZ.exe
  2⤵
  PID:5572
- C:\Windows\System\bkhUnQK.exe
  C:\Windows\System\bkhUnQK.exe
  2⤵
  PID:5592
- C:\Windows\System\KqBUEdM.exe
  C:\Windows\System\KqBUEdM.exe
  2⤵
  PID:5644
- C:\Windows\System\xtPyFuA.exe
  C:\Windows\System\xtPyFuA.exe
  2⤵
  PID:5668
- C:\Windows\System\GHfNYVI.exe
  C:\Windows\System\GHfNYVI.exe
  2⤵
  PID:5688
- C:\Windows\System\dUTqBaC.exe
  C:\Windows\System\dUTqBaC.exe
  2⤵
  PID:5708
- C:\Windows\System\vPNDNWi.exe
  C:\Windows\System\vPNDNWi.exe
  2⤵
  PID:5728
- C:\Windows\System\SQRPmTN.exe
  C:\Windows\System\SQRPmTN.exe
  2⤵
  PID:5744
- C:\Windows\System\MdvXOFa.exe
  C:\Windows\System\MdvXOFa.exe
  2⤵
  PID:5768
- C:\Windows\System\JYYNiop.exe
  C:\Windows\System\JYYNiop.exe
  2⤵
  PID:5784
- C:\Windows\System\BhDcnOl.exe
  C:\Windows\System\BhDcnOl.exe
  2⤵
  PID:5816
- C:\Windows\System\tRaLsVD.exe
  C:\Windows\System\tRaLsVD.exe
  2⤵
  PID:5832
- C:\Windows\System\JqWDOTE.exe
  C:\Windows\System\JqWDOTE.exe
  2⤵
  PID:5864
- C:\Windows\System\AIHcGiX.exe
  C:\Windows\System\AIHcGiX.exe
  2⤵
  PID:5884
- C:\Windows\System\BudzPAq.exe
  C:\Windows\System\BudzPAq.exe
  2⤵
  PID:5900
- C:\Windows\System\cmEpoZH.exe
  C:\Windows\System\cmEpoZH.exe
  2⤵
  PID:5924
- C:\Windows\System\DpPQPnb.exe
  C:\Windows\System\DpPQPnb.exe
  2⤵
  PID:5956
- C:\Windows\System\TpFqgva.exe
  C:\Windows\System\TpFqgva.exe
  2⤵
  PID:5972
- C:\Windows\System\czZDjWF.exe
  C:\Windows\System\czZDjWF.exe
  2⤵
  PID:5996
- C:\Windows\System\AJiUkHA.exe
  C:\Windows\System\AJiUkHA.exe
  2⤵
  PID:4056
- C:\Windows\System\wqKJoCT.exe
  C:\Windows\System\wqKJoCT.exe
  2⤵
  PID:2536
- C:\Windows\System\pkedHTv.exe
  C:\Windows\System\pkedHTv.exe
  2⤵
  PID:2324
- C:\Windows\System\PXLDTJk.exe
  C:\Windows\System\PXLDTJk.exe
  2⤵
  PID:1040
- C:\Windows\System\VrqBhol.exe
  C:\Windows\System\VrqBhol.exe
  2⤵
  PID:3896
- C:\Windows\System\OVcrUeV.exe
  C:\Windows\System\OVcrUeV.exe
  2⤵
  PID:4592
- C:\Windows\System\ONiuiSx.exe
  C:\Windows\System\ONiuiSx.exe
  2⤵
  PID:832
- C:\Windows\System\KNvIsih.exe
  C:\Windows\System\KNvIsih.exe
  2⤵
  PID:5304
- C:\Windows\System\xoLlbQa.exe
  C:\Windows\System\xoLlbQa.exe
  2⤵
  PID:5356
- C:\Windows\System\sGcGiIo.exe
  C:\Windows\System\sGcGiIo.exe
  2⤵
  PID:5424
- C:\Windows\System\sxnLtzi.exe
  C:\Windows\System\sxnLtzi.exe
  2⤵
  PID:5484
- C:\Windows\System\BmFumYo.exe
  C:\Windows\System\BmFumYo.exe
  2⤵
  PID:5512
- C:\Windows\System\ljihHqW.exe
  C:\Windows\System\ljihHqW.exe
  2⤵
  PID:5584
- C:\Windows\System\LWcNcAI.exe
  C:\Windows\System\LWcNcAI.exe
  2⤵
  PID:5680
- C:\Windows\System\RyJakeI.exe
  C:\Windows\System\RyJakeI.exe
  2⤵
  PID:5752
- C:\Windows\System\pbLntiH.exe
  C:\Windows\System\pbLntiH.exe
  2⤵
  PID:5856
- C:\Windows\System\nFjldQG.exe
  C:\Windows\System\nFjldQG.exe
  2⤵
  PID:5940
- C:\Windows\System\GMWAwYc.exe
  C:\Windows\System\GMWAwYc.exe
  2⤵
  PID:1584
- C:\Windows\System\tWRtyZZ.exe
  C:\Windows\System\tWRtyZZ.exe
  2⤵
  PID:1328
- C:\Windows\System\AAzaDcf.exe
  C:\Windows\System\AAzaDcf.exe
  2⤵
  PID:2876
- C:\Windows\System\ZBDMNQY.exe
  C:\Windows\System\ZBDMNQY.exe
  2⤵
  PID:4808
- C:\Windows\System\bgDoiyf.exe
  C:\Windows\System\bgDoiyf.exe
  2⤵
  PID:1044
- C:\Windows\System\ESrwINe.exe
  C:\Windows\System\ESrwINe.exe
  2⤵
  PID:5652
- C:\Windows\System\YlhMSOu.exe
  C:\Windows\System\YlhMSOu.exe
  2⤵
  PID:5100
- C:\Windows\System\EMHOpmt.exe
  C:\Windows\System\EMHOpmt.exe
  2⤵
  PID:5964
- C:\Windows\System\WQrySJh.exe
  C:\Windows\System\WQrySJh.exe
  2⤵
  PID:5736
- C:\Windows\System\HGajWOQ.exe
  C:\Windows\System\HGajWOQ.exe
  2⤵
  PID:5760
- C:\Windows\System\BLZDaVs.exe
  C:\Windows\System\BLZDaVs.exe
  2⤵
  PID:2280
- C:\Windows\System\bQiCQoW.exe
  C:\Windows\System\bQiCQoW.exe
  2⤵
  PID:2500
- C:\Windows\System\MNqOFoa.exe
  C:\Windows\System\MNqOFoa.exe
  2⤵
  PID:2028
- C:\Windows\System\CpVqRpd.exe
  C:\Windows\System\CpVqRpd.exe
  2⤵
  PID:2628
- C:\Windows\System\XTEcHwl.exe
  C:\Windows\System\XTEcHwl.exe
  2⤵
  PID:3156
- C:\Windows\System\clrymvp.exe
  C:\Windows\System\clrymvp.exe
  2⤵
  PID:3608
- C:\Windows\System\bvXDxlE.exe
  C:\Windows\System\bvXDxlE.exe
  2⤵
  PID:4384
- C:\Windows\System\WJXeETR.exe
  C:\Windows\System\WJXeETR.exe
  2⤵
  PID:4628
- C:\Windows\System\WumNpUu.exe
  C:\Windows\System\WumNpUu.exe
  2⤵
  PID:1180
- C:\Windows\System\MMbdHkv.exe
  C:\Windows\System\MMbdHkv.exe
  2⤵
  PID:2084
- C:\Windows\System\xsFLyss.exe
  C:\Windows\System\xsFLyss.exe
  2⤵
  PID:5188
- C:\Windows\System\rcWmpVo.exe
  C:\Windows\System\rcWmpVo.exe
  2⤵
  PID:4468
- C:\Windows\System\NjmhGtv.exe
  C:\Windows\System\NjmhGtv.exe
  2⤵
  PID:5008
- C:\Windows\System\RpdwrBa.exe
  C:\Windows\System\RpdwrBa.exe
  2⤵
  PID:5740
- C:\Windows\System\UFtyXUL.exe
  C:\Windows\System\UFtyXUL.exe
  2⤵
  PID:5880
- C:\Windows\System\rPvQsAQ.exe
  C:\Windows\System\rPvQsAQ.exe
  2⤵
  PID:2564
- C:\Windows\System\tushgte.exe
  C:\Windows\System\tushgte.exe
  2⤵
  PID:4092
- C:\Windows\System\yvIxDpJ.exe
  C:\Windows\System\yvIxDpJ.exe
  2⤵
  PID:5532
- C:\Windows\System\RBNBJGZ.exe
  C:\Windows\System\RBNBJGZ.exe
  2⤵
  PID:4536
- C:\Windows\System\bFaTudw.exe
  C:\Windows\System\bFaTudw.exe
  2⤵
  PID:320
- C:\Windows\System\MIfHXZl.exe
  C:\Windows\System\MIfHXZl.exe
  2⤵
  PID:2012
- C:\Windows\System\nFpVmQU.exe
  C:\Windows\System\nFpVmQU.exe
  2⤵
  PID:6160
- C:\Windows\System\ewfeZzi.exe
  C:\Windows\System\ewfeZzi.exe
  2⤵
  PID:6188
- C:\Windows\System\VYWZHfT.exe
  C:\Windows\System\VYWZHfT.exe
  2⤵
  PID:6208
- C:\Windows\System\CrAXiHL.exe
  C:\Windows\System\CrAXiHL.exe
  2⤵
  PID:6240
- C:\Windows\System\eQRSiEv.exe
  C:\Windows\System\eQRSiEv.exe
  2⤵
  PID:6260
- C:\Windows\System\KycdYfW.exe
  C:\Windows\System\KycdYfW.exe
  2⤵
  PID:6280
- C:\Windows\System\UjRPkgY.exe
  C:\Windows\System\UjRPkgY.exe
  2⤵
  PID:6300
- C:\Windows\System\FaaiTaW.exe
  C:\Windows\System\FaaiTaW.exe
  2⤵
  PID:6324
- C:\Windows\System\rvGFuSt.exe
  C:\Windows\System\rvGFuSt.exe
  2⤵
  PID:6344
- C:\Windows\System\LbcXiHc.exe
  C:\Windows\System\LbcXiHc.exe
  2⤵
  PID:6364
- C:\Windows\System\XtnMZJk.exe
  C:\Windows\System\XtnMZJk.exe
  2⤵
  PID:6392
- C:\Windows\System\qCLOwfW.exe
  C:\Windows\System\qCLOwfW.exe
  2⤵
  PID:6408
- C:\Windows\System\dqDwkmg.exe
  C:\Windows\System\dqDwkmg.exe
  2⤵
  PID:6432
- C:\Windows\System\WGEfpeg.exe
  C:\Windows\System\WGEfpeg.exe
  2⤵
  PID:6452
- C:\Windows\System\IqNXSew.exe
  C:\Windows\System\IqNXSew.exe
  2⤵
  PID:6472
- C:\Windows\System\AzrcOSx.exe
  C:\Windows\System\AzrcOSx.exe
  2⤵
  PID:6496
- C:\Windows\System\bxhbZja.exe
  C:\Windows\System\bxhbZja.exe
  2⤵
  PID:6520
- C:\Windows\System\prfqhXC.exe
  C:\Windows\System\prfqhXC.exe
  2⤵
  PID:6544
- C:\Windows\System\SEPQgrT.exe
  C:\Windows\System\SEPQgrT.exe
  2⤵
  PID:6568
- C:\Windows\System\nlVnyol.exe
  C:\Windows\System\nlVnyol.exe
  2⤵
  PID:6588
- C:\Windows\System\skeQUiQ.exe
  C:\Windows\System\skeQUiQ.exe
  2⤵
  PID:6616
- C:\Windows\System\SsJcdQq.exe
  C:\Windows\System\SsJcdQq.exe
  2⤵
  PID:6636
- C:\Windows\System\EcnATch.exe
  C:\Windows\System\EcnATch.exe
  2⤵
  PID:6656
- C:\Windows\System\xQzRUbb.exe
  C:\Windows\System\xQzRUbb.exe
  2⤵
  PID:6680
- C:\Windows\System\uFDhJWN.exe
  C:\Windows\System\uFDhJWN.exe
  2⤵
  PID:6704
- C:\Windows\System\lUtZZyl.exe
  C:\Windows\System\lUtZZyl.exe
  2⤵
  PID:6720
- C:\Windows\System\pzHEKqc.exe
  C:\Windows\System\pzHEKqc.exe
  2⤵
  PID:6748
- C:\Windows\System\RmTRPqN.exe
  C:\Windows\System\RmTRPqN.exe
  2⤵
  PID:6780
- C:\Windows\System\IKYQRMu.exe
  C:\Windows\System\IKYQRMu.exe
  2⤵
  PID:6804
- C:\Windows\System\TwgRfGo.exe
  C:\Windows\System\TwgRfGo.exe
  2⤵
  PID:6828
- C:\Windows\System\JrZRiQr.exe
  C:\Windows\System\JrZRiQr.exe
  2⤵
  PID:6848
- C:\Windows\System\tqSMswt.exe
  C:\Windows\System\tqSMswt.exe
  2⤵
  PID:6868
- C:\Windows\System\EOhGdYU.exe
  C:\Windows\System\EOhGdYU.exe
  2⤵
  PID:6884
- C:\Windows\System\cBRVrie.exe
  C:\Windows\System\cBRVrie.exe
  2⤵
  PID:6904
- C:\Windows\System\tFMMNiO.exe
  C:\Windows\System\tFMMNiO.exe
  2⤵
  PID:6932
- C:\Windows\System\IIKqyOx.exe
  C:\Windows\System\IIKqyOx.exe
  2⤵
  PID:6952
- C:\Windows\System\wwNhebx.exe
  C:\Windows\System\wwNhebx.exe
  2⤵
  PID:6980
- C:\Windows\System\gfutfte.exe
  C:\Windows\System\gfutfte.exe
  2⤵
  PID:7000
- C:\Windows\System\SDmhewN.exe
  C:\Windows\System\SDmhewN.exe
  2⤵
  PID:7028
- C:\Windows\System\sFHaTKX.exe
  C:\Windows\System\sFHaTKX.exe
  2⤵
  PID:7048
- C:\Windows\System\fGSvJkH.exe
  C:\Windows\System\fGSvJkH.exe
  2⤵
  PID:7068
- C:\Windows\System\jbKMOUL.exe
  C:\Windows\System\jbKMOUL.exe
  2⤵
  PID:7096
- C:\Windows\System\kUDRFLb.exe
  C:\Windows\System\kUDRFLb.exe
  2⤵
  PID:7116
- C:\Windows\System\xZkEAPE.exe
  C:\Windows\System\xZkEAPE.exe
  2⤵
  PID:7136
- C:\Windows\System\uEEGiWX.exe
  C:\Windows\System\uEEGiWX.exe
  2⤵
  PID:5080
- C:\Windows\System\vBihoDm.exe
  C:\Windows\System\vBihoDm.exe
  2⤵
  PID:5460
- C:\Windows\System\ZWxtKZc.exe
  C:\Windows\System\ZWxtKZc.exe
  2⤵
  PID:4060
- C:\Windows\System\pgzzwqH.exe
  C:\Windows\System\pgzzwqH.exe
  2⤵
  PID:5700
- C:\Windows\System\tKvTnJw.exe
  C:\Windows\System\tKvTnJw.exe
  2⤵
  PID:3720
- C:\Windows\System\dcHGIbE.exe
  C:\Windows\System\dcHGIbE.exe
  2⤵
  PID:3996
- C:\Windows\System\QBHBqjA.exe
  C:\Windows\System\QBHBqjA.exe
  2⤵
  PID:5876
- C:\Windows\System\vdLpysI.exe
  C:\Windows\System\vdLpysI.exe
  2⤵
  PID:4120
- C:\Windows\System\ivRCvCl.exe
  C:\Windows\System\ivRCvCl.exe
  2⤵
  PID:6316
- C:\Windows\System\oUftazW.exe
  C:\Windows\System\oUftazW.exe
  2⤵
  PID:5108
- C:\Windows\System\tlluarS.exe
  C:\Windows\System\tlluarS.exe
  2⤵
  PID:6444
- C:\Windows\System\ANRVDXk.exe
  C:\Windows\System\ANRVDXk.exe
  2⤵
  PID:4124
- C:\Windows\System\yhEbift.exe
  C:\Windows\System\yhEbift.exe
  2⤵
  PID:6552
- C:\Windows\System\MJoAWpm.exe
  C:\Windows\System\MJoAWpm.exe
  2⤵
  PID:3032
- C:\Windows\System\WCPTxpA.exe
  C:\Windows\System\WCPTxpA.exe
  2⤵
  PID:6676
- C:\Windows\System\EAHahyW.exe
  C:\Windows\System\EAHahyW.exe
  2⤵
  PID:6728
- C:\Windows\System\LyRlwIS.exe
  C:\Windows\System\LyRlwIS.exe
  2⤵
  PID:6276
- C:\Windows\System\eGcMSYM.exe
  C:\Windows\System\eGcMSYM.exe
  2⤵
  PID:6864
- C:\Windows\System\RUCOrgd.exe
  C:\Windows\System\RUCOrgd.exe
  2⤵
  PID:6424
- C:\Windows\System\PhgpmCB.exe
  C:\Windows\System\PhgpmCB.exe
  2⤵
  PID:7172
- C:\Windows\System\zoQvNXA.exe
  C:\Windows\System\zoQvNXA.exe
  2⤵
  PID:7192
- C:\Windows\System\WQuPKut.exe
  C:\Windows\System\WQuPKut.exe
  2⤵
  PID:7212
- C:\Windows\System\uabeIPH.exe
  C:\Windows\System\uabeIPH.exe
  2⤵
  PID:7236
- C:\Windows\System\fjGUnjm.exe
  C:\Windows\System\fjGUnjm.exe
  2⤵
  PID:7256
- C:\Windows\System\lBqtuaz.exe
  C:\Windows\System\lBqtuaz.exe
  2⤵
  PID:7284
- C:\Windows\System\NWcnJdL.exe
  C:\Windows\System\NWcnJdL.exe
  2⤵
  PID:7300
- C:\Windows\System\CSqeGah.exe
  C:\Windows\System\CSqeGah.exe
  2⤵
  PID:7328
- C:\Windows\System\ZxjnlKr.exe
  C:\Windows\System\ZxjnlKr.exe
  2⤵
  PID:7348
- C:\Windows\System\CDvZfQL.exe
  C:\Windows\System\CDvZfQL.exe
  2⤵
  PID:7372
- C:\Windows\System\wgxnrMZ.exe
  C:\Windows\System\wgxnrMZ.exe
  2⤵
  PID:7396
- C:\Windows\System\OEdHvsN.exe
  C:\Windows\System\OEdHvsN.exe
  2⤵
  PID:7416
- C:\Windows\System\WiAtWch.exe
  C:\Windows\System\WiAtWch.exe
  2⤵
  PID:7444
- C:\Windows\System\ySuZApr.exe
  C:\Windows\System\ySuZApr.exe
  2⤵
  PID:7464
- C:\Windows\System\baAUFth.exe
  C:\Windows\System\baAUFth.exe
  2⤵
  PID:7484
- C:\Windows\System\IDMeQbs.exe
  C:\Windows\System\IDMeQbs.exe
  2⤵
  PID:7512
- C:\Windows\System\hgzsTLx.exe
  C:\Windows\System\hgzsTLx.exe
  2⤵
  PID:7536
- C:\Windows\System\XWmJZcM.exe
  C:\Windows\System\XWmJZcM.exe
  2⤵
  PID:7552
- C:\Windows\System\AFvNjmf.exe
  C:\Windows\System\AFvNjmf.exe
  2⤵
  PID:7576
- C:\Windows\System\IbTzSbq.exe
  C:\Windows\System\IbTzSbq.exe
  2⤵
  PID:7604
- C:\Windows\System\mwGfhtf.exe
  C:\Windows\System\mwGfhtf.exe
  2⤵
  PID:7620
- C:\Windows\System\NgbvkXI.exe
  C:\Windows\System\NgbvkXI.exe
  2⤵
  PID:7652
- C:\Windows\System\LVEPsCW.exe
  C:\Windows\System\LVEPsCW.exe
  2⤵
  PID:7668
- C:\Windows\System\lrLLxRu.exe
  C:\Windows\System\lrLLxRu.exe
  2⤵
  PID:7692
- C:\Windows\System\IeItSII.exe
  C:\Windows\System\IeItSII.exe
  2⤵
  PID:7724
- C:\Windows\System\YkJYqVw.exe
  C:\Windows\System\YkJYqVw.exe
  2⤵
  PID:7740
- C:\Windows\System\UZGyFta.exe
  C:\Windows\System\UZGyFta.exe
  2⤵
  PID:7772
- C:\Windows\System\OgkFTlp.exe
  C:\Windows\System\OgkFTlp.exe
  2⤵
  PID:7792
- C:\Windows\System\LrEtgFY.exe
  C:\Windows\System\LrEtgFY.exe
  2⤵
  PID:7816
- C:\Windows\System\WdlEMBc.exe
  C:\Windows\System\WdlEMBc.exe
  2⤵
  PID:7844
- C:\Windows\System\FkRvpUr.exe
  C:\Windows\System\FkRvpUr.exe
  2⤵
  PID:7864
- C:\Windows\System\tixVVdt.exe
  C:\Windows\System\tixVVdt.exe
  2⤵
  PID:7888
- C:\Windows\System\lYQMpfP.exe
  C:\Windows\System\lYQMpfP.exe
  2⤵
  PID:7916
- C:\Windows\System\mmSCkYW.exe
  C:\Windows\System\mmSCkYW.exe
  2⤵
  PID:7944
- C:\Windows\System\xiJPbfP.exe
  C:\Windows\System\xiJPbfP.exe
  2⤵
  PID:7968
- C:\Windows\System\HiPdcjO.exe
  C:\Windows\System\HiPdcjO.exe
  2⤵
  PID:7996
- C:\Windows\System\ygfYtft.exe
  C:\Windows\System\ygfYtft.exe
  2⤵
  PID:8028
- C:\Windows\System\yLvOrUr.exe
  C:\Windows\System\yLvOrUr.exe
  2⤵
  PID:8056
- C:\Windows\System\trGsPpc.exe
  C:\Windows\System\trGsPpc.exe
  2⤵
  PID:8072
- C:\Windows\System\jIoKgto.exe
  C:\Windows\System\jIoKgto.exe
  2⤵
  PID:8096
- C:\Windows\System\Yfqmjur.exe
  C:\Windows\System\Yfqmjur.exe
  2⤵
  PID:8116
- C:\Windows\System\KZWHzVJ.exe
  C:\Windows\System\KZWHzVJ.exe
  2⤵
  PID:8136
- C:\Windows\System\XzVDLAA.exe
  C:\Windows\System\XzVDLAA.exe
  2⤵
  PID:8156
- C:\Windows\System\pgqxOce.exe
  C:\Windows\System\pgqxOce.exe
  2⤵
  PID:8180
- C:\Windows\System\wfHWDjR.exe
  C:\Windows\System\wfHWDjR.exe
  2⤵
  PID:6960
- C:\Windows\System\gwXLteu.exe
  C:\Windows\System\gwXLteu.exe
  2⤵
  PID:6972
- C:\Windows\System\gUMCVGT.exe
  C:\Windows\System\gUMCVGT.exe
  2⤵
  PID:6532
- C:\Windows\System\GwogqXp.exe
  C:\Windows\System\GwogqXp.exe
  2⤵
  PID:7060
- C:\Windows\System\QDYolld.exe
  C:\Windows\System\QDYolld.exe
  2⤵
  PID:7108
- C:\Windows\System\TJZzHjQ.exe
  C:\Windows\System\TJZzHjQ.exe
  2⤵
  PID:6624
- C:\Windows\System\yCDZsne.exe
  C:\Windows\System\yCDZsne.exe
  2⤵
  PID:6648
- C:\Windows\System\KGtbujb.exe
  C:\Windows\System\KGtbujb.exe
  2⤵
  PID:6236
- C:\Windows\System\YgYmYKL.exe
  C:\Windows\System\YgYmYKL.exe
  2⤵
  PID:5980
- C:\Windows\System\SJjAbSw.exe
  C:\Windows\System\SJjAbSw.exe
  2⤵
  PID:6296
- C:\Windows\System\zKbSYbJ.exe
  C:\Windows\System\zKbSYbJ.exe
  2⤵
  PID:3108
- C:\Windows\System\AmDIHGv.exe
  C:\Windows\System\AmDIHGv.exe
  2⤵
  PID:6756
- C:\Windows\System\AGtMOIm.exe
  C:\Windows\System\AGtMOIm.exe
  2⤵
  PID:7204
- C:\Windows\System\gbFWcmb.exe
  C:\Windows\System\gbFWcmb.exe
  2⤵
  PID:6944
- C:\Windows\System\OcXPrwi.exe
  C:\Windows\System\OcXPrwi.exe
  2⤵
  PID:7296
- C:\Windows\System\NwOylWL.exe
  C:\Windows\System\NwOylWL.exe
  2⤵
  PID:7020
- C:\Windows\System\KWatjsf.exe
  C:\Windows\System\KWatjsf.exe
  2⤵
  PID:6584
- C:\Windows\System\uFXpBCV.exe
  C:\Windows\System\uFXpBCV.exe
  2⤵
  PID:7456
- C:\Windows\System\zBIaZKA.exe
  C:\Windows\System\zBIaZKA.exe
  2⤵
  PID:7160
- C:\Windows\System\SuSqQar.exe
  C:\Windows\System\SuSqQar.exe
  2⤵
  PID:6120
- C:\Windows\System\ifenDqs.exe
  C:\Windows\System\ifenDqs.exe
  2⤵
  PID:3200
- C:\Windows\System\bwdFDZL.exe
  C:\Windows\System\bwdFDZL.exe
  2⤵
  PID:7688
- C:\Windows\System\cJBhIka.exe
  C:\Windows\System\cJBhIka.exe
  2⤵
  PID:7736
- C:\Windows\System\fKNTQoW.exe
  C:\Windows\System\fKNTQoW.exe
  2⤵
  PID:6812
- C:\Windows\System\PrbzhUS.exe
  C:\Windows\System\PrbzhUS.exe
  2⤵
  PID:7856
- C:\Windows\System\uySJsKZ.exe
  C:\Windows\System\uySJsKZ.exe
  2⤵
  PID:7952
- C:\Windows\System\cjpHMCH.exe
  C:\Windows\System\cjpHMCH.exe
  2⤵
  PID:6892
- C:\Windows\System\eOqpJCf.exe
  C:\Windows\System\eOqpJCf.exe
  2⤵
  PID:7180
- C:\Windows\System\uelziKH.exe
  C:\Windows\System\uelziKH.exe
  2⤵
  PID:8212
- C:\Windows\System\hWuNjpx.exe
  C:\Windows\System\hWuNjpx.exe
  2⤵
  PID:8240
- C:\Windows\System\rSZgMwQ.exe
  C:\Windows\System\rSZgMwQ.exe
  2⤵
  PID:8260
- C:\Windows\System\epVJfvy.exe
  C:\Windows\System\epVJfvy.exe
  2⤵
  PID:8284
- C:\Windows\System\APhKVfw.exe
  C:\Windows\System\APhKVfw.exe
  2⤵
  PID:8308
- C:\Windows\System\IysqJxq.exe
  C:\Windows\System\IysqJxq.exe
  2⤵
  PID:8328
- C:\Windows\System\jDsdUUN.exe
  C:\Windows\System\jDsdUUN.exe
  2⤵
  PID:8356
- C:\Windows\System\zMbiomO.exe
  C:\Windows\System\zMbiomO.exe
  2⤵
  PID:8380
- C:\Windows\System\Glljesl.exe
  C:\Windows\System\Glljesl.exe
  2⤵
  PID:8404
- C:\Windows\System\HbMbUMN.exe
  C:\Windows\System\HbMbUMN.exe
  2⤵
  PID:8424
- C:\Windows\System\aPHNhbB.exe
  C:\Windows\System\aPHNhbB.exe
  2⤵
  PID:8448
- C:\Windows\System\DTEZMjU.exe
  C:\Windows\System\DTEZMjU.exe
  2⤵
  PID:8472
- C:\Windows\System\QbqdlBf.exe
  C:\Windows\System\QbqdlBf.exe
  2⤵
  PID:8500
- C:\Windows\System\FhvsEey.exe
  C:\Windows\System\FhvsEey.exe
  2⤵
  PID:8524
- C:\Windows\System\QMoKSoK.exe
  C:\Windows\System\QMoKSoK.exe
  2⤵
  PID:8548
- C:\Windows\System\ELEnDjF.exe
  C:\Windows\System\ELEnDjF.exe
  2⤵
  PID:8568
- C:\Windows\System\kpXkXqB.exe
  C:\Windows\System\kpXkXqB.exe
  2⤵
  PID:8584
- C:\Windows\System\zZUyRzD.exe
  C:\Windows\System\zZUyRzD.exe
  2⤵
  PID:8600
- C:\Windows\System\mHaPaQi.exe
  C:\Windows\System\mHaPaQi.exe
  2⤵
  PID:8620
- C:\Windows\System\kmjhmUe.exe
  C:\Windows\System\kmjhmUe.exe
  2⤵
  PID:8636
- C:\Windows\System\YXxCKfQ.exe
  C:\Windows\System\YXxCKfQ.exe
  2⤵
  PID:8660
- C:\Windows\System\jsehjfT.exe
  C:\Windows\System\jsehjfT.exe
  2⤵
  PID:8688
- C:\Windows\System\aGwFmaq.exe
  C:\Windows\System\aGwFmaq.exe
  2⤵
  PID:8708
- C:\Windows\System\zwpekTb.exe
  C:\Windows\System\zwpekTb.exe
  2⤵
  PID:8732
- C:\Windows\System\THGrCFc.exe
  C:\Windows\System\THGrCFc.exe
  2⤵
  PID:8756
- C:\Windows\System\gbbplND.exe
  C:\Windows\System\gbbplND.exe
  2⤵
  PID:8772
- C:\Windows\System\IvLKrts.exe
  C:\Windows\System\IvLKrts.exe
  2⤵
  PID:8796
- C:\Windows\System\AhpNtoZ.exe
  C:\Windows\System\AhpNtoZ.exe
  2⤵
  PID:8820
- C:\Windows\System\QcZAyeu.exe
  C:\Windows\System\QcZAyeu.exe
  2⤵
  PID:8840
- C:\Windows\System\WylVBMQ.exe
  C:\Windows\System\WylVBMQ.exe
  2⤵
  PID:8872
- C:\Windows\System\WSgiBxq.exe
  C:\Windows\System\WSgiBxq.exe
  2⤵
  PID:8896
- C:\Windows\System\jOWEnAW.exe
  C:\Windows\System\jOWEnAW.exe
  2⤵
  PID:8916
- C:\Windows\System\GvQeNTb.exe
  C:\Windows\System\GvQeNTb.exe
  2⤵
  PID:8940
- C:\Windows\System\NTICgPa.exe
  C:\Windows\System\NTICgPa.exe
  2⤵
  PID:8960
- C:\Windows\System\OOjzlfF.exe
  C:\Windows\System\OOjzlfF.exe
  2⤵
  PID:8988
- C:\Windows\System\UeyxGiJ.exe
  C:\Windows\System\UeyxGiJ.exe
  2⤵
  PID:9008
- C:\Windows\System\aZmOWFz.exe
  C:\Windows\System\aZmOWFz.exe
  2⤵
  PID:9028
- C:\Windows\System\owZShUn.exe
  C:\Windows\System\owZShUn.exe
  2⤵
  PID:9052
- C:\Windows\System\ZYUuJhr.exe
  C:\Windows\System\ZYUuJhr.exe
  2⤵
  PID:9072
- C:\Windows\System\ilPMoLb.exe
  C:\Windows\System\ilPMoLb.exe
  2⤵
  PID:9096
- C:\Windows\System\TYSRQsu.exe
  C:\Windows\System\TYSRQsu.exe
  2⤵
  PID:9128
- C:\Windows\System\VSoiJSX.exe
  C:\Windows\System\VSoiJSX.exe
  2⤵
  PID:9148
- C:\Windows\System\tAXhVFF.exe
  C:\Windows\System\tAXhVFF.exe
  2⤵
  PID:9164
- C:\Windows\System\VexEdbx.exe
  C:\Windows\System\VexEdbx.exe
  2⤵
  PID:9188
- C:\Windows\System\efwAyiL.exe
  C:\Windows\System\efwAyiL.exe
  2⤵
  PID:9208
- C:\Windows\System\ZUFrccM.exe
  C:\Windows\System\ZUFrccM.exe
  2⤵
  PID:8068
- C:\Windows\System\TiYKCXy.exe
  C:\Windows\System\TiYKCXy.exe
  2⤵
  PID:8092
- C:\Windows\System\bwBjKEc.exe
  C:\Windows\System\bwBjKEc.exe
  2⤵
  PID:7320
- C:\Windows\System\kUijQmT.exe
  C:\Windows\System\kUijQmT.exe
  2⤵
  PID:7092
- C:\Windows\System\rPnsNpW.exe
  C:\Windows\System\rPnsNpW.exe
  2⤵
  PID:7424
- C:\Windows\System\kQhTHRM.exe
  C:\Windows\System\kQhTHRM.exe
  2⤵
  PID:7432
- C:\Windows\System\uXpTXnF.exe
  C:\Windows\System\uXpTXnF.exe
  2⤵
  PID:6736
- C:\Windows\System\egUYRBu.exe
  C:\Windows\System\egUYRBu.exe
  2⤵
  PID:7568
- C:\Windows\System\QgovmBF.exe
  C:\Windows\System\QgovmBF.exe
  2⤵
  PID:7612
- C:\Windows\System\CXqnvEP.exe
  C:\Windows\System\CXqnvEP.exe
  2⤵
  PID:7388
- C:\Windows\System\lQOcWpf.exe
  C:\Windows\System\lQOcWpf.exe
  2⤵
  PID:6420
- C:\Windows\System\RMpfiDA.exe
  C:\Windows\System\RMpfiDA.exe
  2⤵
  PID:1672
- C:\Windows\System\XbANcXC.exe
  C:\Windows\System\XbANcXC.exe
  2⤵
  PID:7876
- C:\Windows\System\tuEBLTh.exe
  C:\Windows\System\tuEBLTh.exe
  2⤵
  PID:6712
- C:\Windows\System\mMtfDJi.exe
  C:\Windows\System\mMtfDJi.exe
  2⤵
  PID:8208
- C:\Windows\System\FLJfHwM.exe
  C:\Windows\System\FLJfHwM.exe
  2⤵
  PID:6032
- C:\Windows\System\SPWXGoc.exe
  C:\Windows\System\SPWXGoc.exe
  2⤵
  PID:7276
- C:\Windows\System\wHvrOYi.exe
  C:\Windows\System\wHvrOYi.exe
  2⤵
  PID:8352
- C:\Windows\System\ZdSSMQD.exe
  C:\Windows\System\ZdSSMQD.exe
  2⤵
  PID:8420
- C:\Windows\System\rZdnabD.exe
  C:\Windows\System\rZdnabD.exe
  2⤵
  PID:8456
- C:\Windows\System\xLzwRTm.exe
  C:\Windows\System\xLzwRTm.exe
  2⤵
  PID:8488
- C:\Windows\System\pAOjCZU.exe
  C:\Windows\System\pAOjCZU.exe
  2⤵
  PID:4840
- C:\Windows\System\OAOmivj.exe
  C:\Windows\System\OAOmivj.exe
  2⤵
  PID:8540
- C:\Windows\System\ZbpgFxu.exe
  C:\Windows\System\ZbpgFxu.exe
  2⤵
  PID:9232
- C:\Windows\System\eSmdnwU.exe
  C:\Windows\System\eSmdnwU.exe
  2⤵
  PID:9256
- C:\Windows\System\cjPlhDt.exe
  C:\Windows\System\cjPlhDt.exe
  2⤵
  PID:9276
- C:\Windows\System\sGOjTzV.exe
  C:\Windows\System\sGOjTzV.exe
  2⤵
  PID:9300
- C:\Windows\System\snkOlUo.exe
  C:\Windows\System\snkOlUo.exe
  2⤵
  PID:9320
- C:\Windows\System\HdgDVpm.exe
  C:\Windows\System\HdgDVpm.exe
  2⤵
  PID:9344
- C:\Windows\System\LRPuUKd.exe
  C:\Windows\System\LRPuUKd.exe
  2⤵
  PID:9368
- C:\Windows\System\qWKJITe.exe
  C:\Windows\System\qWKJITe.exe
  2⤵
  PID:9396
- C:\Windows\System\oayUGOo.exe
  C:\Windows\System\oayUGOo.exe
  2⤵
  PID:9420
- C:\Windows\System\wCameXG.exe
  C:\Windows\System\wCameXG.exe
  2⤵
  PID:9444
- C:\Windows\System\yJenruC.exe
  C:\Windows\System\yJenruC.exe
  2⤵
  PID:9468
- C:\Windows\System\NGrIxAl.exe
  C:\Windows\System\NGrIxAl.exe
  2⤵
  PID:9488
- C:\Windows\System\xLHqCrC.exe
  C:\Windows\System\xLHqCrC.exe
  2⤵
  PID:9508
- C:\Windows\System\mkBYrOF.exe
  C:\Windows\System\mkBYrOF.exe
  2⤵
  PID:9524
- C:\Windows\System\LhjifEz.exe
  C:\Windows\System\LhjifEz.exe
  2⤵
  PID:9544
- C:\Windows\System\PfIQEji.exe
  C:\Windows\System\PfIQEji.exe
  2⤵
  PID:9560
- C:\Windows\System\IvRUojC.exe
  C:\Windows\System\IvRUojC.exe
  2⤵
  PID:9584
- C:\Windows\System\GzDjPzw.exe
  C:\Windows\System\GzDjPzw.exe
  2⤵
  PID:9604
- C:\Windows\System\JOtuVYh.exe
  C:\Windows\System\JOtuVYh.exe
  2⤵
  PID:9652
- C:\Windows\System\wyxMoEU.exe
  C:\Windows\System\wyxMoEU.exe
  2⤵
  PID:9672
- C:\Windows\System\ptThJQm.exe
  C:\Windows\System\ptThJQm.exe
  2⤵
  PID:9696
- C:\Windows\System\rDTThlo.exe
  C:\Windows\System\rDTThlo.exe
  2⤵
  PID:9724
- C:\Windows\System\bICSwiU.exe
  C:\Windows\System\bICSwiU.exe
  2⤵
  PID:9744
- C:\Windows\System\XuwBVRk.exe
  C:\Windows\System\XuwBVRk.exe
  2⤵
  PID:9768
- C:\Windows\System\ngOoebp.exe
  C:\Windows\System\ngOoebp.exe
  2⤵
  PID:9788
- C:\Windows\System\hJvtDNK.exe
  C:\Windows\System\hJvtDNK.exe
  2⤵
  PID:9808
- C:\Windows\System\VGbTTdz.exe
  C:\Windows\System\VGbTTdz.exe
  2⤵
  PID:9836
- C:\Windows\System\FncwXBY.exe
  C:\Windows\System\FncwXBY.exe
  2⤵
  PID:9864
- C:\Windows\System\bRjJGnL.exe
  C:\Windows\System\bRjJGnL.exe
  2⤵
  PID:9892
- C:\Windows\System\mCnhnJv.exe
  C:\Windows\System\mCnhnJv.exe
  2⤵
  PID:9916
- C:\Windows\System\PONUXLV.exe
  C:\Windows\System\PONUXLV.exe
  2⤵
  PID:9936
- C:\Windows\System\uSYHIXY.exe
  C:\Windows\System\uSYHIXY.exe
  2⤵
  PID:9960
- C:\Windows\System\OwYaxSQ.exe
  C:\Windows\System\OwYaxSQ.exe
  2⤵
  PID:5600
- C:\Windows\System\TkjxRMB.exe
  C:\Windows\System\TkjxRMB.exe
  2⤵
  PID:7600
- C:\Windows\System\CjBSQRS.exe
  C:\Windows\System\CjBSQRS.exe
  2⤵
  PID:7720
- C:\Windows\System\smNmCNz.exe
  C:\Windows\System\smNmCNz.exe
  2⤵
  PID:8984
- C:\Windows\System\TAmNFOH.exe
  C:\Windows\System\TAmNFOH.exe
  2⤵
  PID:9144
- C:\Windows\System\dWxoJMi.exe
  C:\Windows\System\dWxoJMi.exe
  2⤵
  PID:7980
- C:\Windows\System\XSWraym.exe
  C:\Windows\System\XSWraym.exe
  2⤵
  PID:6440
- C:\Windows\System\hQfweDP.exe
  C:\Windows\System\hQfweDP.exe
  2⤵
  PID:8112
- C:\Windows\System\oiwsptC.exe
  C:\Windows\System\oiwsptC.exe
  2⤵
  PID:8276
- C:\Windows\System\jvyTdYL.exe
  C:\Windows\System\jvyTdYL.exe
  2⤵
  PID:9264
- C:\Windows\System\PcyVVzw.exe
  C:\Windows\System\PcyVVzw.exe
  2⤵
  PID:9352
- C:\Windows\System\gVzLNUU.exe
  C:\Windows\System\gVzLNUU.exe
  2⤵
  PID:6256
- C:\Windows\System\lFahdbk.exe
  C:\Windows\System\lFahdbk.exe
  2⤵
  PID:8804
- C:\Windows\System\jWzJsjc.exe
  C:\Windows\System\jWzJsjc.exe
  2⤵
  PID:6920
- C:\Windows\System\UQbgVYE.exe
  C:\Windows\System\UQbgVYE.exe
  2⤵
  PID:9576
- C:\Windows\System\vxLLchg.exe
  C:\Windows\System\vxLLchg.exe
  2⤵
  PID:9596
- C:\Windows\System\RfPxkQT.exe
  C:\Windows\System\RfPxkQT.exe
  2⤵
  PID:4988
- C:\Windows\System\QgQBxjL.exe
  C:\Windows\System\QgQBxjL.exe
  2⤵
  PID:7784
- C:\Windows\System\QOqEXeN.exe
  C:\Windows\System\QOqEXeN.exe
  2⤵
  PID:8132
- C:\Windows\System\neZHkDE.exe
  C:\Windows\System\neZHkDE.exe
  2⤵
  PID:6292
- C:\Windows\System\JTbbVIG.exe
  C:\Windows\System\JTbbVIG.exe
  2⤵
  PID:8440
- C:\Windows\System\VEQpnit.exe
  C:\Windows\System\VEQpnit.exe
  2⤵
  PID:9360
- C:\Windows\System\hHKyiZl.exe
  C:\Windows\System\hHKyiZl.exe
  2⤵
  PID:9532
- C:\Windows\System\oILScjZ.exe
  C:\Windows\System\oILScjZ.exe
  2⤵
  PID:9680
- C:\Windows\System\eHhvnOM.exe
  C:\Windows\System\eHhvnOM.exe
  2⤵
  PID:9764
- C:\Windows\System\EARtEFB.exe
  C:\Windows\System\EARtEFB.exe
  2⤵
  PID:9084
- C:\Windows\System\JdXivee.exe
  C:\Windows\System\JdXivee.exe
  2⤵
  PID:3924
- C:\Windows\System\zBFpQEV.exe
  C:\Windows\System\zBFpQEV.exe
  2⤵
  PID:9848
- C:\Windows\System\BvvhEIb.exe
  C:\Windows\System\BvvhEIb.exe
  2⤵
  PID:9900
- C:\Windows\System\WhleylX.exe
  C:\Windows\System\WhleylX.exe
  2⤵
  PID:9956
- C:\Windows\System\NimCRRC.exe
  C:\Windows\System\NimCRRC.exe
  2⤵
  PID:8024
- C:\Windows\System\MlgeUuH.exe
  C:\Windows\System\MlgeUuH.exe
  2⤵
  PID:8252
- C:\Windows\System\BjVQZEl.exe
  C:\Windows\System\BjVQZEl.exe
  2⤵
  PID:10256
- C:\Windows\System\amzBCxX.exe
  C:\Windows\System\amzBCxX.exe
  2⤵
  PID:10280
- C:\Windows\System\GtDshSg.exe
  C:\Windows\System\GtDshSg.exe
  2⤵
  PID:10304
- C:\Windows\System\HDkZYOB.exe
  C:\Windows\System\HDkZYOB.exe
  2⤵
  PID:10324
- C:\Windows\System\KnUDBZf.exe
  C:\Windows\System\KnUDBZf.exe
  2⤵
  PID:10344
- C:\Windows\System\llmvppW.exe
  C:\Windows\System\llmvppW.exe
  2⤵
  PID:10400
- C:\Windows\System\ivWYnMP.exe
  C:\Windows\System\ivWYnMP.exe
  2⤵
  PID:10436
- C:\Windows\System\uvqtPjI.exe
  C:\Windows\System\uvqtPjI.exe
  2⤵
  PID:10468
- C:\Windows\System\vGeYbqv.exe
  C:\Windows\System\vGeYbqv.exe
  2⤵
  PID:10488
- C:\Windows\System\tnZoTqz.exe
  C:\Windows\System\tnZoTqz.exe
  2⤵
  PID:10520
- C:\Windows\System\VMxgmwZ.exe
  C:\Windows\System\VMxgmwZ.exe
  2⤵
  PID:10572
- C:\Windows\System\FSXywzn.exe
  C:\Windows\System\FSXywzn.exe
  2⤵
  PID:10592
- C:\Windows\System\eTxnUVb.exe
  C:\Windows\System\eTxnUVb.exe
  2⤵
  PID:10616
- C:\Windows\System\CdgxvFO.exe
  C:\Windows\System\CdgxvFO.exe
  2⤵
  PID:10632
- C:\Windows\System\CaXqJGB.exe
  C:\Windows\System\CaXqJGB.exe
  2⤵
  PID:10660
- C:\Windows\System\SqaKMPy.exe
  C:\Windows\System\SqaKMPy.exe
  2⤵
  PID:10688
- C:\Windows\System\WwZEUZG.exe
  C:\Windows\System\WwZEUZG.exe
  2⤵
  PID:10708
- C:\Windows\System\fqHKguL.exe
  C:\Windows\System\fqHKguL.exe
  2⤵
  PID:10736
- C:\Windows\System\AlQCSbb.exe
  C:\Windows\System\AlQCSbb.exe
  2⤵
  PID:10752
- C:\Windows\System\LJkwZna.exe
  C:\Windows\System\LJkwZna.exe
  2⤵
  PID:10776
- C:\Windows\System\rxxaqzG.exe
  C:\Windows\System\rxxaqzG.exe
  2⤵
  PID:10796
- C:\Windows\System\HtwAoeU.exe
  C:\Windows\System\HtwAoeU.exe
  2⤵
  PID:10816
- C:\Windows\System\PtcsGVd.exe
  C:\Windows\System\PtcsGVd.exe
  2⤵
  PID:10840
- C:\Windows\System\miUorGr.exe
  C:\Windows\System\miUorGr.exe
  2⤵
  PID:10856
- C:\Windows\System\KEnxwyh.exe
  C:\Windows\System\KEnxwyh.exe
  2⤵
  PID:10884
- C:\Windows\System\XcsriFR.exe
  C:\Windows\System\XcsriFR.exe
  2⤵
  PID:10904
- C:\Windows\System\sBYgaVR.exe
  C:\Windows\System\sBYgaVR.exe
  2⤵
  PID:10940
- C:\Windows\System\SpRBEkp.exe
  C:\Windows\System\SpRBEkp.exe
  2⤵
  PID:10956
- C:\Windows\System\KiLnxUu.exe
  C:\Windows\System\KiLnxUu.exe
  2⤵
  PID:10984
- C:\Windows\System\HAMeivw.exe
  C:\Windows\System\HAMeivw.exe
  2⤵
  PID:11012
- C:\Windows\System\zezaWWG.exe
  C:\Windows\System\zezaWWG.exe
  2⤵
  PID:11032
- C:\Windows\System\ClHphZS.exe
  C:\Windows\System\ClHphZS.exe
  2⤵
  PID:11048
- C:\Windows\System\ZeiUOsi.exe
  C:\Windows\System\ZeiUOsi.exe
  2⤵
  PID:11068
- C:\Windows\System\kFYqKmO.exe
  C:\Windows\System\kFYqKmO.exe
  2⤵
  PID:11092
- C:\Windows\System\xIwRlkm.exe
  C:\Windows\System\xIwRlkm.exe
  2⤵
  PID:11116
- C:\Windows\System\BIbMphY.exe
  C:\Windows\System\BIbMphY.exe
  2⤵
  PID:11140
- C:\Windows\System\kJnAptD.exe
  C:\Windows\System\kJnAptD.exe
  2⤵
  PID:11164
- C:\Windows\System\kzThQDY.exe
  C:\Windows\System\kzThQDY.exe
  2⤵
  PID:11192
- C:\Windows\System\XUBZHsE.exe
  C:\Windows\System\XUBZHsE.exe
  2⤵
  PID:11220
- C:\Windows\System\pTuEifN.exe
  C:\Windows\System\pTuEifN.exe
  2⤵
  PID:11236
- C:\Windows\System\UFgpZxi.exe
  C:\Windows\System\UFgpZxi.exe
  2⤵
  PID:7544
- C:\Windows\System\wirxIGD.exe
  C:\Windows\System\wirxIGD.exe
  2⤵
  PID:6516
- C:\Windows\System\IZfMsjJ.exe
  C:\Windows\System\IZfMsjJ.exe
  2⤵
  PID:10024
- C:\Windows\System\XLcosJR.exe
  C:\Windows\System\XLcosJR.exe
  2⤵
  PID:8164
- C:\Windows\System\bIjVMJw.exe
  C:\Windows\System\bIjVMJw.exe
  2⤵
  PID:8632
- C:\Windows\System\LSomGWh.exe
  C:\Windows\System\LSomGWh.exe
  2⤵
  PID:10136
- C:\Windows\System\OQhPfdB.exe
  C:\Windows\System\OQhPfdB.exe
  2⤵
  PID:9404
- C:\Windows\System\QpWTgeG.exe
  C:\Windows\System\QpWTgeG.exe
  2⤵
  PID:9436
- C:\Windows\System\rVIjTZa.exe
  C:\Windows\System\rVIjTZa.exe
  2⤵
  PID:9476
- C:\Windows\System\LroZcCi.exe
  C:\Windows\System\LroZcCi.exe
  2⤵
  PID:8864
- C:\Windows\System\EnfvKZD.exe
  C:\Windows\System\EnfvKZD.exe
  2⤵
  PID:9024
- C:\Windows\System\UVozzfL.exe
  C:\Windows\System\UVozzfL.exe
  2⤵
  PID:2244
- C:\Windows\System\CwCKRxl.exe
  C:\Windows\System\CwCKRxl.exe
  2⤵
  PID:8724
- C:\Windows\System\Ofqwxlj.exe
  C:\Windows\System\Ofqwxlj.exe
  2⤵
  PID:8972
- C:\Windows\System\bkwMGtP.exe
  C:\Windows\System\bkwMGtP.exe
  2⤵
  PID:9740
- C:\Windows\System\kTrFAMD.exe
  C:\Windows\System\kTrFAMD.exe
  2⤵
  PID:9804
- C:\Windows\System\WfeNGyJ.exe
  C:\Windows\System\WfeNGyJ.exe
  2⤵
  PID:8272
- C:\Windows\System\CZclokf.exe
  C:\Windows\System\CZclokf.exe
  2⤵
  PID:8392
- C:\Windows\System\ukNNqhU.exe
  C:\Windows\System\ukNNqhU.exe
  2⤵
  PID:8668
- C:\Windows\System\XRsIdGw.exe
  C:\Windows\System\XRsIdGw.exe
  2⤵
  PID:6468
- C:\Windows\System\syKrxQS.exe
  C:\Windows\System\syKrxQS.exe
  2⤵
  PID:8908
- C:\Windows\System\netTyXP.exe
  C:\Windows\System\netTyXP.exe
  2⤵
  PID:9428
- C:\Windows\System\lgtDgHG.exe
  C:\Windows\System\lgtDgHG.exe
  2⤵
  PID:9708
- C:\Windows\System\FZVNQqr.exe
  C:\Windows\System\FZVNQqr.exe
  2⤵
  PID:7664
- C:\Windows\System\TYJUhyi.exe
  C:\Windows\System\TYJUhyi.exe
  2⤵
  PID:9932
- C:\Windows\System\JnEOFRY.exe
  C:\Windows\System\JnEOFRY.exe
  2⤵
  PID:8088
- C:\Windows\System\FYNzQuz.exe
  C:\Windows\System\FYNzQuz.exe
  2⤵
  PID:5336
- C:\Windows\System\mtWERDI.exe
  C:\Windows\System\mtWERDI.exe
  2⤵
  PID:7592
- C:\Windows\System\dlLwtuN.exe
  C:\Windows\System\dlLwtuN.exe
  2⤵
  PID:6840
- C:\Windows\System\LXJJgmD.exe
  C:\Windows\System\LXJJgmD.exe
  2⤵
  PID:9252
- C:\Windows\System\bZBvfzC.exe
  C:\Windows\System\bZBvfzC.exe
  2⤵
  PID:8480
- C:\Windows\System\yWYEgbS.exe
  C:\Windows\System\yWYEgbS.exe
  2⤵
  PID:9536
- C:\Windows\System\UpyZBXE.exe
  C:\Windows\System\UpyZBXE.exe
  2⤵
  PID:1728
- C:\Windows\System\AVAFKHq.exe
  C:\Windows\System\AVAFKHq.exe
  2⤵
  PID:8608
- C:\Windows\System\MGjYYOb.exe
  C:\Windows\System\MGjYYOb.exe
  2⤵
  PID:7936
- C:\Windows\System\gCCOIkn.exe
  C:\Windows\System\gCCOIkn.exe
  2⤵
  PID:10608
- C:\Windows\System\AxJnAjT.exe
  C:\Windows\System\AxJnAjT.exe
  2⤵
  PID:10676
- C:\Windows\System\uMQIbIE.exe
  C:\Windows\System\uMQIbIE.exe
  2⤵
  PID:10724
- C:\Windows\System\IEufvOF.exe
  C:\Windows\System\IEufvOF.exe
  2⤵
  PID:9312
- C:\Windows\System\mzuXDem.exe
  C:\Windows\System\mzuXDem.exe
  2⤵
  PID:10832
- C:\Windows\System\TMhcftX.exe
  C:\Windows\System\TMhcftX.exe
  2⤵
  PID:9844
- C:\Windows\System\wmrrxvn.exe
  C:\Windows\System\wmrrxvn.exe
  2⤵
  PID:11276
- C:\Windows\System\QRIdTZl.exe
  C:\Windows\System\QRIdTZl.exe
  2⤵
  PID:11300
- C:\Windows\System\ljWsqwS.exe
  C:\Windows\System\ljWsqwS.exe
  2⤵
  PID:11324
- C:\Windows\System\SXNbOKb.exe
  C:\Windows\System\SXNbOKb.exe
  2⤵
  PID:11344
- C:\Windows\System\zFvQFbM.exe
  C:\Windows\System\zFvQFbM.exe
  2⤵
  PID:11368
- C:\Windows\System\fGCCYaD.exe
  C:\Windows\System\fGCCYaD.exe
  2⤵
  PID:11392
- C:\Windows\System\OHaBMEN.exe
  C:\Windows\System\OHaBMEN.exe
  2⤵
  PID:11412
- C:\Windows\System\DdbkmPD.exe
  C:\Windows\System\DdbkmPD.exe
  2⤵
  PID:11432
- C:\Windows\System\szpdWue.exe
  C:\Windows\System\szpdWue.exe
  2⤵
  PID:11456
- C:\Windows\System\fmTYZdJ.exe
  C:\Windows\System\fmTYZdJ.exe
  2⤵
  PID:11480
- C:\Windows\System\qfWSBun.exe
  C:\Windows\System\qfWSBun.exe
  2⤵
  PID:11504
- C:\Windows\System\FgJEgZp.exe
  C:\Windows\System\FgJEgZp.exe
  2⤵
  PID:11528
- C:\Windows\System\UQjrKVI.exe
  C:\Windows\System\UQjrKVI.exe
  2⤵
  PID:11552
- C:\Windows\System\OekmWbc.exe
  C:\Windows\System\OekmWbc.exe
  2⤵
  PID:11576
- C:\Windows\System\uFBedaf.exe
  C:\Windows\System\uFBedaf.exe
  2⤵
  PID:11600
- C:\Windows\System\XtnPfBN.exe
  C:\Windows\System\XtnPfBN.exe
  2⤵
  PID:11624
- C:\Windows\System\oRJzHKz.exe
  C:\Windows\System\oRJzHKz.exe
  2⤵
  PID:11648
- C:\Windows\System\XzZrlQF.exe
  C:\Windows\System\XzZrlQF.exe
  2⤵
  PID:11668
- C:\Windows\System\NlgIgcr.exe
  C:\Windows\System\NlgIgcr.exe
  2⤵
  PID:11688
- C:\Windows\System\loKGQgE.exe
  C:\Windows\System\loKGQgE.exe
  2⤵
  PID:11716
- C:\Windows\System\NiEVmim.exe
  C:\Windows\System\NiEVmim.exe
  2⤵
  PID:11736
- C:\Windows\System\iCIFqss.exe
  C:\Windows\System\iCIFqss.exe
  2⤵
  PID:11760
- C:\Windows\System\SViXZkW.exe
  C:\Windows\System\SViXZkW.exe
  2⤵
  PID:11780
- C:\Windows\System\fBrqBIn.exe
  C:\Windows\System\fBrqBIn.exe
  2⤵
  PID:11808
- C:\Windows\System\TyYrmGA.exe
  C:\Windows\System\TyYrmGA.exe
  2⤵
  PID:11828
- C:\Windows\System\yTZZRwN.exe
  C:\Windows\System\yTZZRwN.exe
  2⤵
  PID:11844
- C:\Windows\System\BBdiMBT.exe
  C:\Windows\System\BBdiMBT.exe
  2⤵
  PID:11860
- C:\Windows\System\dZhVerc.exe
  C:\Windows\System\dZhVerc.exe
  2⤵
  PID:11880
- C:\Windows\System\TgfJaCW.exe
  C:\Windows\System\TgfJaCW.exe
  2⤵
  PID:11896
- C:\Windows\System\vQuWZFg.exe
  C:\Windows\System\vQuWZFg.exe
  2⤵
  PID:11916
- C:\Windows\System\irSWyIH.exe
  C:\Windows\System\irSWyIH.exe
  2⤵
  PID:11932
- C:\Windows\System\bAaKQIK.exe
  C:\Windows\System\bAaKQIK.exe
  2⤵
  PID:11948
- C:\Windows\System\VXIujwv.exe
  C:\Windows\System\VXIujwv.exe
  2⤵
  PID:11964
- C:\Windows\System\czWaoDZ.exe
  C:\Windows\System\czWaoDZ.exe
  2⤵
  PID:11980
- C:\Windows\System\jcXIexz.exe
  C:\Windows\System\jcXIexz.exe
  2⤵
  PID:12004
- C:\Windows\System\orOUBmH.exe
  C:\Windows\System\orOUBmH.exe
  2⤵
  PID:12024
- C:\Windows\System\dEeqKkF.exe
  C:\Windows\System\dEeqKkF.exe
  2⤵
  PID:12044
- C:\Windows\System\rWRLjfm.exe
  C:\Windows\System\rWRLjfm.exe
  2⤵
  PID:12068
- C:\Windows\System\onIuKdt.exe
  C:\Windows\System\onIuKdt.exe
  2⤵
  PID:12096
- C:\Windows\System\scewfgw.exe
  C:\Windows\System\scewfgw.exe
  2⤵
  PID:12116
- C:\Windows\System\BCuSURH.exe
  C:\Windows\System\BCuSURH.exe
  2⤵
  PID:12136
- C:\Windows\System\oCRenLb.exe
  C:\Windows\System\oCRenLb.exe
  2⤵
  PID:12160
- C:\Windows\System\uxDkufh.exe
  C:\Windows\System\uxDkufh.exe
  2⤵
  PID:12184
- C:\Windows\System\TbPjxxJ.exe
  C:\Windows\System\TbPjxxJ.exe
  2⤵
  PID:12216
- C:\Windows\System\NRizMBr.exe
  C:\Windows\System\NRizMBr.exe
  2⤵
  PID:12240
- C:\Windows\System\SaFtQHs.exe
  C:\Windows\System\SaFtQHs.exe
  2⤵
  PID:12268
- C:\Windows\System\UyjwbuG.exe
  C:\Windows\System\UyjwbuG.exe
  2⤵
  PID:12284
- C:\Windows\System\wptpWCo.exe
  C:\Windows\System\wptpWCo.exe
  2⤵
  PID:11024
- C:\Windows\System\WEJdEuD.exe
  C:\Windows\System\WEJdEuD.exe
  2⤵
  PID:11076
- C:\Windows\System\MvUwBFu.exe
  C:\Windows\System\MvUwBFu.exe
  2⤵
  PID:11136
- C:\Windows\System\mWnIuvQ.exe
  C:\Windows\System\mWnIuvQ.exe
  2⤵
  PID:11212
- C:\Windows\System\JOWEjzn.exe
  C:\Windows\System\JOWEjzn.exe
  2⤵
  PID:6028
- C:\Windows\System\WsSfhrK.exe
  C:\Windows\System\WsSfhrK.exe
  2⤵
  PID:10180
- C:\Windows\System\IQnbApT.exe
  C:\Windows\System\IQnbApT.exe
  2⤵
  PID:10208
- C:\Windows\System\InIqokz.exe
  C:\Windows\System\InIqokz.exe
  2⤵
  PID:7548
- C:\Windows\System\AspoIPm.exe
  C:\Windows\System\AspoIPm.exe
  2⤵
  PID:8868
- C:\Windows\System\bGLixrq.exe
  C:\Windows\System\bGLixrq.exe
  2⤵
  PID:7924
- C:\Windows\System\wZpfwYS.exe
  C:\Windows\System\wZpfwYS.exe
  2⤵
  PID:12292
- C:\Windows\System\OiYHVzR.exe
  C:\Windows\System\OiYHVzR.exe
  2⤵
  PID:12312
- C:\Windows\System\WNLrklX.exe
  C:\Windows\System\WNLrklX.exe
  2⤵
  PID:12340
- C:\Windows\System\zCavEnN.exe
  C:\Windows\System\zCavEnN.exe
  2⤵
  PID:12360
- C:\Windows\System\UPxJSJb.exe
  C:\Windows\System\UPxJSJb.exe
  2⤵
  PID:12380
- C:\Windows\System\iCfPJOF.exe
  C:\Windows\System\iCfPJOF.exe
  2⤵
  PID:12404
- C:\Windows\System\zJsWIDS.exe
  C:\Windows\System\zJsWIDS.exe
  2⤵
  PID:12920
- C:\Windows\System\LhbgjKx.exe
  C:\Windows\System\LhbgjKx.exe
  2⤵
  PID:12936
- C:\Windows\System\oMSnegT.exe
  C:\Windows\System\oMSnegT.exe
  2⤵
  PID:12968
- C:\Windows\System\mWNOEbf.exe
  C:\Windows\System\mWNOEbf.exe
  2⤵
  PID:12992
- C:\Windows\System\mPKOlRv.exe
  C:\Windows\System\mPKOlRv.exe
  2⤵
  PID:13012
- C:\Windows\System\ashMMNw.exe
  C:\Windows\System\ashMMNw.exe
  2⤵
  PID:12040
- C:\Windows\System\JeRHysq.exe
  C:\Windows\System\JeRHysq.exe
  2⤵
  PID:10340
- C:\Windows\System\mTPomoh.exe
  C:\Windows\System\mTPomoh.exe
  2⤵
  PID:6916
- C:\Windows\System\TOEzbzt.exe
  C:\Windows\System\TOEzbzt.exe
  2⤵
  PID:1608
- C:\Windows\System\TlYONSt.exe
  C:\Windows\System\TlYONSt.exe
  2⤵
  PID:12112
- C:\Windows\System\jBQcusC.exe
  C:\Windows\System\jBQcusC.exe
  2⤵
  PID:11360
- C:\Windows\System\hkHPjDQ.exe
  C:\Windows\System\hkHPjDQ.exe
  2⤵
  PID:8536
- C:\Windows\System\FXCtdJr.exe
  C:\Windows\System\FXCtdJr.exe
  2⤵
  PID:10276
- C:\Windows\System\WBuzvpC.exe
  C:\Windows\System\WBuzvpC.exe
  2⤵
  PID:9928
- C:\Windows\System\CvGeDiW.exe
  C:\Windows\System\CvGeDiW.exe
  2⤵
  PID:13040
- C:\Windows\System\OUrPEIm.exe
  C:\Windows\System\OUrPEIm.exe
  2⤵
  PID:13056
- C:\Windows\System\kMGVoPx.exe
  C:\Windows\System\kMGVoPx.exe
  2⤵
  PID:12544
- C:\Windows\System\NawqxHv.exe
  C:\Windows\System\NawqxHv.exe
  2⤵
  PID:11596
- C:\Windows\System\gPhQblu.exe
  C:\Windows\System\gPhQblu.exe
  2⤵
  PID:6180
- C:\Windows\System\EReDpbj.exe
  C:\Windows\System\EReDpbj.exe
  2⤵
  PID:10872
- C:\Windows\System\nBbUaIa.exe
  C:\Windows\System\nBbUaIa.exe
  2⤵
  PID:13176
- C:\Windows\System\AYEKUbV.exe
  C:\Windows\System\AYEKUbV.exe
  2⤵
  PID:12804
- C:\Windows\System\VjtQZJe.exe
  C:\Windows\System\VjtQZJe.exe
  2⤵
  PID:12052
- C:\Windows\System\ZNDrakc.exe
  C:\Windows\System\ZNDrakc.exe
  2⤵
  PID:11204
- C:\Windows\System\ycAWbeO.exe
  C:\Windows\System\ycAWbeO.exe
  2⤵
  PID:12788
- C:\Windows\System\MCqcUbx.exe
  C:\Windows\System\MCqcUbx.exe
  2⤵
  PID:12412
- C:\Windows\System\XdoUpeI.exe
  C:\Windows\System\XdoUpeI.exe
  2⤵
  PID:12784
- C:\Windows\System\FHxvVPe.exe
  C:\Windows\System\FHxvVPe.exe
  2⤵
  PID:12176
- C:\Windows\System\SeYRMfD.exe
  C:\Windows\System\SeYRMfD.exe
  2⤵
  PID:11888
- C:\Windows\System\YpeTmJq.exe
  C:\Windows\System\YpeTmJq.exe
  2⤵
  PID:12476
- C:\Windows\System\FPSOQEF.exe
  C:\Windows\System\FPSOQEF.exe
  2⤵
  PID:10248
- C:\Windows\System\duQDcth.exe
  C:\Windows\System\duQDcth.exe
  2⤵
  PID:6092
- C:\Windows\System\jxljEUL.exe
  C:\Windows\System\jxljEUL.exe
  2⤵
  PID:2744
- C:\Windows\System\gdmsnzQ.exe
  C:\Windows\System\gdmsnzQ.exe
  2⤵
  PID:12792
- C:\Windows\System\JvFszxu.exe
  C:\Windows\System\JvFszxu.exe
  2⤵
  PID:11476
- C:\Windows\System\emfVlsu.exe
  C:\Windows\System\emfVlsu.exe
  2⤵
  PID:12872
- C:\Windows\System\xFSpjOT.exe
  C:\Windows\System\xFSpjOT.exe
  2⤵
  PID:11636
- C:\Windows\System\rxjHDeT.exe
  C:\Windows\System\rxjHDeT.exe
  2⤵
  PID:11892
- C:\Windows\System\XvoUuVF.exe
  C:\Windows\System\XvoUuVF.exe
  2⤵
  PID:11992
- C:\Windows\System\mLTNbiI.exe
  C:\Windows\System\mLTNbiI.exe
  2⤵
  PID:7560
- C:\Windows\System\ZQnQrst.exe
  C:\Windows\System\ZQnQrst.exe
  2⤵
  PID:8628
- C:\Windows\System\nVWUqcp.exe
  C:\Windows\System\nVWUqcp.exe
  2⤵
  PID:3636
- C:\Windows\System\yxGrJkG.exe
  C:\Windows\System\yxGrJkG.exe
  2⤵
  PID:10812
- C:\Windows\System\wGdUSFk.exe
  C:\Windows\System\wGdUSFk.exe
  2⤵
  PID:11944
- C:\Windows\System\uHWZung.exe
  C:\Windows\System\uHWZung.exe
  2⤵
  PID:11704
- C:\Windows\System\dRhobhm.exe
  C:\Windows\System\dRhobhm.exe
  2⤵
  PID:6124
- C:\Windows\System\mwPsfPI.exe
  C:\Windows\System\mwPsfPI.exe
  2⤵
  PID:11284
- C:\Windows\System\tiVsMTM.exe
  C:\Windows\System\tiVsMTM.exe
  2⤵
  PID:10972
- C:\Windows\System\qYJnOGW.exe
  C:\Windows\System\qYJnOGW.exe
  2⤵
  PID:11796
- C:\Windows\System\bCaEKxX.exe
  C:\Windows\System\bCaEKxX.exe
  2⤵
  PID:11748
- C:\Windows\System\pmLAVGw.exe
  C:\Windows\System\pmLAVGw.exe
  2⤵
  PID:11976
- C:\Windows\System\evsAqhy.exe
  C:\Windows\System\evsAqhy.exe
  2⤵
  PID:12236
- C:\Windows\System\ipuOdtY.exe
  C:\Windows\System\ipuOdtY.exe
  2⤵
  PID:6336
- C:\Windows\System\XKjCWwE.exe
  C:\Windows\System\XKjCWwE.exe
  2⤵
  PID:8324
- C:\Windows\System\yqLXupR.exe
  C:\Windows\System\yqLXupR.exe
  2⤵
  PID:6068
- C:\Windows\System\BuSgEBq.exe
  C:\Windows\System\BuSgEBq.exe
  2⤵
  PID:13004
- C:\Windows\System\gCldFKJ.exe
  C:\Windows\System\gCldFKJ.exe
  2⤵
  PID:11408
- C:\Windows\System\tmyCPxG.exe
  C:\Windows\System\tmyCPxG.exe
  2⤵
  PID:6996
- C:\Windows\System\oFLFRED.exe
  C:\Windows\System\oFLFRED.exe
  2⤵
  PID:10336
- C:\Windows\System\kPVtxPK.exe
  C:\Windows\System\kPVtxPK.exe
  2⤵
  PID:12588
- C:\Windows\System\HChSSZF.exe
  C:\Windows\System\HChSSZF.exe
  2⤵
  PID:9644
- C:\Windows\System\UedQKib.exe
  C:\Windows\System\UedQKib.exe
  2⤵
  PID:10808
- C:\Windows\System\PvJOvcy.exe
  C:\Windows\System\PvJOvcy.exe
  2⤵
  PID:11380
- C:\Windows\System\PfeLyNH.exe
  C:\Windows\System\PfeLyNH.exe
  2⤵
  PID:13072
- C:\Windows\System\GuOLAAW.exe
  C:\Windows\System\GuOLAAW.exe
  2⤵
  PID:10916
- C:\Windows\System\kKvSjoY.exe
  C:\Windows\System\kKvSjoY.exe
  2⤵
  PID:11428
- C:\Windows\System\hOvBCUU.exe
  C:\Windows\System\hOvBCUU.exe
  2⤵
  PID:1208
- C:\Windows\System\YEDqeEq.exe
  C:\Windows\System\YEDqeEq.exe
  2⤵
  PID:13084
- C:\Windows\System\kZPIRTy.exe
  C:\Windows\System\kZPIRTy.exe
  2⤵
  PID:11852
- C:\Windows\System\ZkCSBvG.exe
  C:\Windows\System\ZkCSBvG.exe
  2⤵
  PID:3864
- C:\Windows\System\aQDjVXv.exe
  C:\Windows\System\aQDjVXv.exe
  2⤵
  PID:10516
- C:\Windows\System\DziWJxM.exe
  C:\Windows\System\DziWJxM.exe
  2⤵
  PID:11996
- C:\Windows\System\eqmsZjy.exe
  C:\Windows\System\eqmsZjy.exe
  2⤵
  PID:13140
- C:\Windows\System\xHfprdr.exe
  C:\Windows\System\xHfprdr.exe
  2⤵
  PID:12016
- C:\Windows\System\baexVjy.exe
  C:\Windows\System\baexVjy.exe
  2⤵
  PID:9068
- C:\Windows\System\YHVOdFv.exe
  C:\Windows\System\YHVOdFv.exe
  2⤵
  PID:10288
- C:\Windows\System\ldKvkFL.exe
  C:\Windows\System\ldKvkFL.exe
  2⤵
  PID:12700
- C:\Windows\System\JAwRlXB.exe
  C:\Windows\System\JAwRlXB.exe
  2⤵
  PID:11296
- C:\Windows\System\HbXNZAo.exe
  C:\Windows\System\HbXNZAo.exe
  2⤵
  PID:9484
- C:\Windows\System\NgAjdYp.exe
  C:\Windows\System\NgAjdYp.exe
  2⤵
  PID:2724
- C:\Windows\System\CWRldsh.exe
  C:\Windows\System\CWRldsh.exe
  2⤵
  PID:3848
- C:\Windows\System\LcFfPYa.exe
  C:\Windows\System\LcFfPYa.exe
  2⤵
  PID:11744
- C:\Windows\System\aZyyRwP.exe
  C:\Windows\System\aZyyRwP.exe
  2⤵
  PID:11788
- C:\Windows\System\uYmDGLQ.exe
  C:\Windows\System\uYmDGLQ.exe
  2⤵
  PID:12768
- C:\Windows\System\VTrjstn.exe
  C:\Windows\System\VTrjstn.exe
  2⤵
  PID:10188
- C:\Windows\System\DLtyUpF.exe
  C:\Windows\System\DLtyUpF.exe
  2⤵
  PID:11376
- C:\Windows\System\bKdzmCg.exe
  C:\Windows\System\bKdzmCg.exe
  2⤵
  PID:11728
- C:\Windows\System\pdRWGyS.exe
  C:\Windows\System\pdRWGyS.exe
  2⤵
  PID:12452
- C:\Windows\System\isCWNGB.exe
  C:\Windows\System\isCWNGB.exe
  2⤵
  PID:2096
- C:\Windows\System\JTHHtLt.exe
  C:\Windows\System\JTHHtLt.exe
  2⤵
  PID:13216
- C:\Windows\System\bnNwVaD.exe
  C:\Windows\System\bnNwVaD.exe
  2⤵
  PID:12660
- C:\Windows\System\iZlauco.exe
  C:\Windows\System\iZlauco.exe
  2⤵
  PID:1388
- C:\Windows\System\MvBzeLy.exe
  C:\Windows\System\MvBzeLy.exe
  2⤵
  PID:4816
- C:\Windows\System\qHMjeqU.exe
  C:\Windows\System\qHMjeqU.exe
  2⤵
  PID:2260
- C:\Windows\System\PvLzxss.exe
  C:\Windows\System\PvLzxss.exe
  2⤵
  PID:2492
- C:\Windows\System\gSyXEPm.exe
  C:\Windows\System\gSyXEPm.exe
  2⤵
  PID:6140
- C:\Windows\System\qwNjCqB.exe
  C:\Windows\System\qwNjCqB.exe
  2⤵
  PID:3388
- C:\Windows\System\UXhGRon.exe
  C:\Windows\System\UXhGRon.exe
  2⤵
  PID:4428
- C:\Windows\System\GshQUTR.exe
  C:\Windows\System\GshQUTR.exe
  2⤵
  PID:12152
- C:\Windows\System\UHcIdvR.exe
  C:\Windows\System\UHcIdvR.exe
  2⤵
  PID:13052
- C:\Windows\System\jOYFYWy.exe
  C:\Windows\System\jOYFYWy.exe
  2⤵
  PID:13044
- C:\Windows\System\gNxqOmi.exe
  C:\Windows\System\gNxqOmi.exe
  2⤵
  PID:13324
- C:\Windows\System\GcDsgzd.exe
  C:\Windows\System\GcDsgzd.exe
  2⤵
  PID:13520
- C:\Windows\System\XVPOELu.exe
  C:\Windows\System\XVPOELu.exe
  2⤵
  PID:13544
- C:\Windows\System\xhotGGf.exe
  C:\Windows\System\xhotGGf.exe
  2⤵
  PID:13840
- C:\Windows\System\pBXZXOg.exe
  C:\Windows\System\pBXZXOg.exe
  2⤵
  PID:13864
- C:\Windows\System\mlSSJXI.exe
  C:\Windows\System\mlSSJXI.exe
  2⤵
  PID:13884
- C:\Windows\System\MfnkJxr.exe
  C:\Windows\System\MfnkJxr.exe
  2⤵
  PID:13904
- C:\Windows\System\ONxYDdG.exe
  C:\Windows\System\ONxYDdG.exe
  2⤵
  PID:13924
- C:\Windows\System\MpRTMXj.exe
  C:\Windows\System\MpRTMXj.exe
  2⤵
  PID:14244
- C:\Windows\System\ZyTNoDc.exe
  C:\Windows\System\ZyTNoDc.exe
  2⤵
  PID:14284
- C:\Windows\System\rHwYVcN.exe
  C:\Windows\System\rHwYVcN.exe
  2⤵
  PID:14304
- C:\Windows\System\NwIcTVz.exe
  C:\Windows\System\NwIcTVz.exe
  2⤵
  PID:13736
- C:\Windows\System\uovGkHj.exe
  C:\Windows\System\uovGkHj.exe
  2⤵
  PID:5044
- C:\Windows\System\PjTNAnh.exe
  C:\Windows\System\PjTNAnh.exe
  2⤵
  PID:13772
- C:\Windows\System\RJzsfQg.exe
  C:\Windows\System\RJzsfQg.exe
  2⤵
  PID:580
- C:\Windows\System\NtgIqqq.exe
  C:\Windows\System\NtgIqqq.exe
  2⤵
  PID:13816
- C:\Windows\System\ENeESSS.exe
  C:\Windows\System\ENeESSS.exe
  2⤵
  PID:1256
- C:\Windows\System\bMRrtMQ.exe
  C:\Windows\System\bMRrtMQ.exe
  2⤵
  PID:1288
- C:\Windows\System\bROCcXh.exe
  C:\Windows\System\bROCcXh.exe
  2⤵
  PID:1840
- C:\Windows\System\xKAjQhy.exe
  C:\Windows\System\xKAjQhy.exe
  2⤵
  PID:13860
- C:\Windows\System\pJIexBw.exe
  C:\Windows\System\pJIexBw.exe
  2⤵
  PID:13856
- C:\Windows\System\bJlnPpj.exe
  C:\Windows\System\bJlnPpj.exe
  2⤵
  PID:13956
- C:\Windows\System\VGPuiXY.exe
  C:\Windows\System\VGPuiXY.exe
  2⤵
  PID:14020
- C:\Windows\System\FkabPCX.exe
  C:\Windows\System\FkabPCX.exe
  2⤵
  PID:14036
- C:\Windows\System\QjTdcVa.exe
  C:\Windows\System\QjTdcVa.exe
  2⤵
  PID:14060
- C:\Windows\System\PiBTtyB.exe
  C:\Windows\System\PiBTtyB.exe
  2⤵
  PID:14108
- C:\Windows\System\AxQyLzO.exe
  C:\Windows\System\AxQyLzO.exe
  2⤵
  PID:14124
- C:\Windows\System\HGUPcxH.exe
  C:\Windows\System\HGUPcxH.exe
  2⤵
  PID:1016
- C:\Windows\System\eDZWJux.exe
  C:\Windows\System\eDZWJux.exe
  2⤵
  PID:14212
- C:\Windows\System\uThlmpV.exe
  C:\Windows\System\uThlmpV.exe
  2⤵
  PID:3084
- C:\Windows\System\SbhEhDK.exe
  C:\Windows\System\SbhEhDK.exe
  2⤵
  PID:14192
- C:\Windows\System\vacTawh.exe
  C:\Windows\System\vacTawh.exe
  2⤵
  PID:780
- C:\Windows\System\tvKnAXY.exe
  C:\Windows\System\tvKnAXY.exe
  2⤵
  PID:3856
- C:\Windows\System\jMbsnZc.exe
  C:\Windows\System\jMbsnZc.exe
  2⤵
  PID:4132
- C:\Windows\System\JjBrzVx.exe
  C:\Windows\System\JjBrzVx.exe
  2⤵
  PID:14216
- C:\Windows\System\aloJrPy.exe
  C:\Windows\System\aloJrPy.exe
  2⤵
  PID:2620
- C:\Windows\System\jzVXkAx.exe
  C:\Windows\System\jzVXkAx.exe
  2⤵
  PID:13348
- C:\Windows\System\lPxOhtY.exe
  C:\Windows\System\lPxOhtY.exe
  2⤵
  PID:336
- C:\Windows\System\sWfkdKO.exe
  C:\Windows\System\sWfkdKO.exe
  2⤵
  PID:1200
- C:\Windows\System\iBAhWwn.exe
  C:\Windows\System\iBAhWwn.exe
  2⤵
  PID:13400
- C:\Windows\System\ulRdihb.exe
  C:\Windows\System\ulRdihb.exe
  2⤵
  PID:13440
- C:\Windows\System\aASzEDy.exe
  C:\Windows\System\aASzEDy.exe
  2⤵
  PID:13436
- C:\Windows\System\KJoHigW.exe
  C:\Windows\System\KJoHigW.exe
  2⤵
  PID:13572
- C:\Windows\System\ToXaCQN.exe
  C:\Windows\System\ToXaCQN.exe
  2⤵
  PID:13508
- C:\Windows\System\SgMkOtn.exe
  C:\Windows\System\SgMkOtn.exe
  2⤵
  PID:13528
- C:\Windows\System\wVnhGUR.exe
  C:\Windows\System\wVnhGUR.exe
  2⤵
  PID:13628
- C:\Windows\System\Mzgyvpr.exe
  C:\Windows\System\Mzgyvpr.exe
  2⤵
  PID:13648
- C:\Windows\System\tKdiBXO.exe
  C:\Windows\System\tKdiBXO.exe
  2⤵
  PID:13532
- C:\Windows\System\ckFTDpu.exe
  C:\Windows\System\ckFTDpu.exe
  2⤵
  PID:2828
- C:\Windows\System\gzfWVSg.exe
  C:\Windows\System\gzfWVSg.exe
  2⤵
  PID:4144
- C:\Windows\System\BVjGgRK.exe
  C:\Windows\System\BVjGgRK.exe
  2⤵
  PID:13720
- C:\Windows\System\dbBPsSq.exe
  C:\Windows\System\dbBPsSq.exe
  2⤵
  PID:4244
- C:\Windows\System\RccdihW.exe
  C:\Windows\System\RccdihW.exe
  2⤵
  PID:524
- C:\Windows\System\uumczaX.exe
  C:\Windows\System\uumczaX.exe
  2⤵
  PID:4068
- C:\Windows\System\pfjNlCO.exe
  C:\Windows\System\pfjNlCO.exe
  2⤵
  PID:3196
- C:\Windows\System\wHSvcAf.exe
  C:\Windows\System\wHSvcAf.exe
  2⤵
  PID:13340
- C:\Windows\System\ZhCRQpe.exe
  C:\Windows\System\ZhCRQpe.exe
  2⤵
  PID:13468
- C:\Windows\System\JRSTyYA.exe
  C:\Windows\System\JRSTyYA.exe
  2⤵
  PID:13584
- C:\Windows\System\RKrDNDO.exe
  C:\Windows\System\RKrDNDO.exe
  2⤵
  PID:4312
- C:\Windows\System\wMSKFkN.exe
  C:\Windows\System\wMSKFkN.exe
  2⤵
  PID:4328
- C:\Windows\System\uIezIZk.exe
  C:\Windows\System\uIezIZk.exe
  2⤵
  PID:4388
- C:\Windows\System\WvNMnPW.exe
  C:\Windows\System\WvNMnPW.exe
  2⤵
  PID:4944

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13848

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14316

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13456

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:7900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:8300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wszosmpu.c0l.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ALFAFDO.exe

Filesize
2.2MB

MD5
d899f82d6d1e3abe9ae3c4ce4a250775

SHA1
f42f57a0eb9708d018be2fc4d6287a64cdb31700

SHA256
79840c0bc94cd6d218703cfc0bd2fdee1201e447840d3c5cf127f920d314771a

SHA512
8a1a971efd387575a467d4853ea4bb42b7258b852964b6ca919e77b509f9552ba8bd41fd9f075263e5ab5fbb68ea0c29497eb9aebf6765e8342c402b14f829d2

Download Submit
C:\Windows\System\BoLydQM.exe

Filesize
2.2MB

MD5
a3c234a8713444b70d8a42119ec2d775

SHA1
8f13a34c10f7f01b7ebe3a5e3a78a440cdad2fd6

SHA256
97c8da47235a49be0b82638424eb5e556fe07e2d62ca7456e85ef96c9dd6fd6d

SHA512
9cc279528ec7cc7706ae677595f268f0b64fb4c7307e0677aecb1ab2e7096c603ccc9eeb3785c1c69e531b28bf750db9abe4d7cff41d65371e97ef72a6c442b8

Download Submit
C:\Windows\System\BxIgBFQ.exe

Filesize
2.2MB

MD5
2e6b8b36fc5505993b4fad82da10086e

SHA1
fa03735068d9574f4b262c090daf3481ea5a3367

SHA256
807a2541db42355e5f48b8e26028f9961eaaac61689d656671dec55c729d1d80

SHA512
cfecc5568ccd88be21367e4c0c48238988e787b97b5aa0caf15dfc2b63d33706c2ad245e8f81132add7fab3aee20a57fb966c6c9763cbbb49259318a980a0cc9

Download Submit
C:\Windows\System\DGuUisR.exe

Filesize
2.2MB

MD5
2a9db9d4520edc95f8617243a6ed1901

SHA1
3e29e2fb779f7c6b9ac46fb503995d9b28487563

SHA256
8d8cb93f08ecfcc09418db07a7fb531e5dbdea12544e32e90d144d4d54f16f09

SHA512
9772cbe03d74b52191ce0f9de936fb4ea01ec1994e5c9679d59218bd7de47fe96d454036fbd8dc9e3fa7ffa00aa3039b1db09e215ef475deed48232694389a47

Download Submit
C:\Windows\System\DwIqUoz.exe

Filesize
2.2MB

MD5
8dfb371ddbd5c5e7463ea88af5050af6

SHA1
93e280ddbcb9ff632b32436915b37e0c5eacebe6

SHA256
ab73649f8eca299c359e2c3bcaa3de795b1810e7efbe7bbc3684fe6c5c13eeef

SHA512
09b80d3fecc4d79cd7d3a4bf0fd52fa13979592e69212747673af40eec7bdab0ba29db4e1c14baa31af3e86e5c004ec686471f3218051e1b6318c902dcd3a0f6

Download Submit
C:\Windows\System\FEdiHQE.exe

Filesize
2.2MB

MD5
e559f854d9b02a4e75f129783bc67d50

SHA1
ce49cb25e5e3f0f07f8c8d88b9361c11145b2f93

SHA256
2f83c3323adadd23273998f463f388bc4e13346b18e33c17eae4f755e60e9b84

SHA512
232122884bf4a42203ada44e301f073cbb485f3f8b870d89b363f06a6912a9725428a7ae6f47ec26edc3d4cffe7d1c46194b8f833bbf50452347e5bacd1d1565

Download Submit
C:\Windows\System\FjiaICE.exe

Filesize
2.2MB

MD5
79cf03b9c5868da819e92d71a7550699

SHA1
fe19c7e174567ea75b1b1f35ccf3eaf7c63e90e9

SHA256
7f36d48032afa6b62e1400cc036e34cb46c2001e3ae5a751d389758b5d2d3ee7

SHA512
700e478848789f215154322924d8d71f2805966e819b23ef61547e9eb97b045e24ef99bf196fe9f9ffc6fddcb5acb029faf7383b37e34a1379742bb2bcc4f30b

Download Submit
C:\Windows\System\GfKVqhO.exe

Filesize
2.2MB

MD5
7b90b3ab04e2fceee41430a673774249

SHA1
689624234ef213f5ff61624ef0bd5e9dfe34ef55

SHA256
577d4f49fe36e155cee8b2474604a2dd33249ed9853bba64007a40ef17e52bff

SHA512
718d2774c1094935401a1545a5aeae80c03a65fab251da403e30d0ef9af0029096b1a9633031710d1082e7bad1538bf2db48daae6a6aa080b76d248e5af672a1

Download Submit
C:\Windows\System\GnDlbgD.exe

Filesize
2.2MB

MD5
d457829e0e2683c98767042377474b0c

SHA1
490cf17049a3a0ee6990edec6a2d9b11f42ca302

SHA256
5e9b213830df17af4fcf0c0bc7f90105ad8d0d658846ad9ec912cd2ad6cc9cc7

SHA512
784b6a4f2433e113d5cc56e7299e88a90148c81d9bc91029535980524947641e30222f3f8cb09bd3f0c2138ae0ec236f7944508f9b5fc10fdb1207521e7e2afd

Download Submit
C:\Windows\System\GqkpQyP.exe

Filesize
2.2MB

MD5
1bfc5dffe3b11f3f9508accbe606ac98

SHA1
0d1ddb38b4873976f39545a47c0eea2892cebb84

SHA256
230cc049bbaf590ed3ce93cf01fa20942fc14086dc50d1508f4973db92ed7236

SHA512
9922f1400463afd48eada43ace5dc8585e3bacba73955447c0f591a29b4ba46d13e7cea6851e0f8389c0f3dea23d5d6ee8eb0b25124f0bfcf3e23de801707327

Download Submit
C:\Windows\System\HAgTPSt.exe

Filesize
8B

MD5
408407fe49e2a1bd1de2fb4f4e1c1e4e

SHA1
6781f0ed16b9f9a0e8a861848782ae1a9b183885

SHA256
413c20c52ba69478c63daee39bcd70926f09cbc71ce3aa1577802440938b324a

SHA512
51204da6f17b6725f4e9b8b9381f34a7ed365926b3780a3bfe9e8d70ab81ec8caad96b3f0838e87a0f0c0c6baeed1ea2ea2f5c7ee1fa6a13b720a1ec69c3f3fd

Download Submit
C:\Windows\System\IDAaOXd.exe

Filesize
2.2MB

MD5
3a3e2d0e91541f6b61a5a8a0bc70a55b

SHA1
f5ecaf9652931f2462d081e26b7963a4e2f72b47

SHA256
9ae01ffd294f56e512d333dd086cfba7871e3a17a32487271431c27e3ff1b1ac

SHA512
f10b23c98dadf54cb7c82c23a9a03a87353fcd27969ec30bebb92b66c9c7ac3cf0cf81cd200651d919a7e7fee6869a8b21500a288e1f067246a595adcd438fc8

Download Submit
C:\Windows\System\JaELvxb.exe

Filesize
2.2MB

MD5
401d5c88ec65687fecbfb37b1a38020e

SHA1
d782e60eb5b5b127dcfd639d6673b2d308147686

SHA256
9862fcf4124ec6ce1c4eb7a8c561cc6b5bc20d81b847b231460677659ca70f19

SHA512
7c1d5dcc038fcbaef7023dc494a715fe69a1a25660fff5019c92de7db25ea6b68d67d82fa0c750814e521a26c220da84b1faec1a54d1051007c5df882375a2d9

Download Submit
C:\Windows\System\NpDxdUq.exe

Filesize
2.2MB

MD5
28af71fdf9f3fab3147e87806e0e7936

SHA1
e157a31c5ffd5f2ddf88978a4cc9e69df89d7218

SHA256
4455c2f1f36fadcd14bfebe3cca651281a6acc1c270dbfaed4af7a156e874eff

SHA512
61dbf68522eb061899fdad06c8e38a431cd16cbce5e94b6db81005e26ae9bd98bb50ddb5239f8c7ca76527c33aabcc4b396eb941d794fec1c0997990ba7edd0a

Download Submit
C:\Windows\System\PAZLBol.exe

Filesize
2.2MB

MD5
37c5df515b3f7858469234fa92856528

SHA1
f4e0355be423bf06c93a7ea722cfcc84eceed86e

SHA256
1ad1d7d4fff4ccefb7e5a4b1a5c860d5236548488430007c02401ae44fe45076

SHA512
87c6bc9c392ea5ab7088b88eaf6b29e444c74d7cebc4eb7ca737e1e90355c8ed998fcb87ee36ae8d0dc1def5e4e1b3e1ec8b88f4264668e8a7814a778fc003a0

Download Submit
C:\Windows\System\SXjzdOx.exe

Filesize
2.2MB

MD5
5fa3c516146e9d94b76ccd1eb1b6eba4

SHA1
576e91dbac1b066f1bb006e3cbf4dffff321ddd1

SHA256
8d17fa2d7c426847fd0c2fb61b9e77a4b96543edc571ba503f101397be4b9b9f

SHA512
8b9188500e32f83b34b228b4b7a27c44dc46ad4f1d57dc86a9e01e4d793b4150e89197a5c206106f540bff1a53783f6df98ae50d40b5fe96c8c9faca6bbd6c2b

Download Submit
C:\Windows\System\WWOrPvP.exe

Filesize
2.2MB

MD5
e387e3213f3c6dae6750eec9988ac707

SHA1
d30755358939ac8e5a62860f332de80d76ee1906

SHA256
03b9fbf7a374c9b8c1a2710bd5d21a4cc325a02fc36c1b0875a67fe25cd853e3

SHA512
95cc13b5eaa3c7d486303d2f104c53455e335ae58edfcea6df7d101b25fca08dc7efe31e7cdeabedaa2383fff7dbeee30f2df14d9f87ff6037289121a79c4219

Download Submit
C:\Windows\System\XJvocak.exe

Filesize
2.2MB

MD5
978c90d45607672be2f62ff362e3696e

SHA1
55442b34d85f2d612037158554e35647360ea08d

SHA256
3e1b1a2c2feb5bf98c97789c2ef4120043287322e46bca705cf78cb0b759dc80

SHA512
d6af39a2a3f0b43aded960d39b97a9b6537e37db2f8d155f511bd1ca50083410f14182fa7c277af25426e4f2c8406a973534290a3624f453010675ea847a52a9

Download Submit
C:\Windows\System\XeovhzQ.exe

Filesize
2.2MB

MD5
f6ee26792de1df6d3eaa8c4a512a03a8

SHA1
92a69a39f228014a34843a6d0f79b7906bda8f5d

SHA256
b56736590be8a9821c4cabbc4aeff80c6324e60546a96990815489c6bc70c37e

SHA512
94edce9a732421a1191bebcb070df2f2b0da1a4e6fcedb7763ebab6a70850fddc25420142be65c0b319a27afab1a1a708f0c30b4439feb4cc620bed6b929cee4

Download Submit
C:\Windows\System\YdOjvBQ.exe

Filesize
2.2MB

MD5
d1be0ead0cb8c89aeef8c727e856f167

SHA1
4d0460d3a979f34fe5a77b4e516e2ee9b5e9d789

SHA256
2a24c2dadc5a7c251647109b840bf6307d35d987dec3024023192b3d7064881f

SHA512
f9e34a486bd6f7c9aa78ff08c2ea826a94381506fe915afea3ef53f36914b4c9708dc5ed1ffa0037ae7fd966920cf07ef50706bfecbb72ead42228a706f1a940

Download Submit
C:\Windows\System\aoqrLSf.exe

Filesize
2.2MB

MD5
85a439d6b495e771210d8cb51560e8df

SHA1
c647d4433e50e80c7018bff33964e704fc7b3784

SHA256
674eb9e8546bbfe0b41b01d4d39c48b63efaee28a8e7b698a8c9b75d2a480258

SHA512
722fd0dfa958c1fadd800ba28b18068a11872652ccc0b7336943037bdbb4b42a843b8d5c6c3d220265a7b1f59b78490a2ddf907b4f53cdbb072b24a6b4ef967c

Download Submit
C:\Windows\System\cQvcjHr.exe

Filesize
2.2MB

MD5
6247ef8ef111ec656c53505ef5b492b2

SHA1
edb867c4dd1e6a0f19e5cd642bc97a040d8d9abe

SHA256
96c05c85a8bf85ea30f35a8abb29d6c55ed0efbe80e67cfb2eb8bcc74b5988ab

SHA512
855b2606ceea38899ac11831af655dfe60eff98271112c875e860079ee250f46c8fd0987db54557988498ea7f6d5103a323f30e34b510e2cc4088de1bd893e3d

Download Submit
C:\Windows\System\evhGLpR.exe

Filesize
2.2MB

MD5
cb3e05e2c6f4c34648f0292659b6bbe7

SHA1
34a0919ddc3e47b629b37659c1e4ae714a92c195

SHA256
58fc3e84032f74e64e2d1ea130799b2ecb14f6885a0a87bd921a9efa925df6c5

SHA512
42fb549a7d99ca4a455bde9adc001a23cc94660d315b16b3d57543af0f0a1ff2d86eecf027bdbc3fc96755598263022b75e18ce3426ab2a5ef0f28ad25c2c8d6

Download Submit
C:\Windows\System\fEiglqm.exe

Filesize
2.2MB

MD5
f9719b6e049861f7884e7adaeda273f8

SHA1
5371dc41e26a2ae157fbe8cb40403adc6c92d73d

SHA256
fa4ed6d496599bd2b4cfcb05950c3ca23f0993e3d4960bd4db771b27629393f4

SHA512
4fbba025650bd524383a13bc261602edb513d543e9eca1246fbb6c3822144bd3411e64c559709fb0e3d0f99f913b8be4f1b32b21d0ef89378acf7fd80e767ba7

Download Submit
C:\Windows\System\fRjZMwq.exe

Filesize
2.2MB

MD5
d1bd39c0661a5321c3505a3fffa1bf8d

SHA1
b88a81d3f34668467bdba2b79efd53a83abba5f2

SHA256
cffe344f4f53d61a7237d39e3d5461bba8155e3580ec2e9f45ab08feb1bc7832

SHA512
2e8d9052bb76044f605ec7d8aad30c603a43bf697cc34a41ab65501557d542e8538e89617af49e01819a35b0622da45ec4c4d3a0bcaa92e24a0c8d3378212936

Download Submit
C:\Windows\System\hOIcAOQ.exe

Filesize
2.2MB

MD5
1e1eab99c254b635d5e82885e1b18228

SHA1
cead622ce258a273cbd391ae8856f3bcdedc212c

SHA256
9c89aa3c26f927f50274afc60a20725f677eab23c8d05fa6cef78f48a2de6a4d

SHA512
a81af66c1f9d6dde756781fb6670fb00b373146ed50c2d797a76364b35b61aeb9f8b94995e3e56daaa151c2df8ab11f86f3be268c3b275add35f39e2f2223a12

Download Submit
C:\Windows\System\hYOaQju.exe

Filesize
2.2MB

MD5
6365a2355d84039ed1780b4e7bc77f43

SHA1
9d718196842d700b4f5326af0c0674b6d5c71303

SHA256
4abda8b128e02333e1bc7f953fee3dd61f692eb95e81f62b48f8cfa5189ae0a7

SHA512
1486b31e8951bddddd52ed8d6da0a00d6af3c54395b20b25c08ead14eb1c75313cc8bb659cf66a08a83f9975358aa31327a566b231d5896a4c65bfd20015accf

Download Submit
C:\Windows\System\jANLymr.exe

Filesize
2.2MB

MD5
2db338e7e6b59916d36d3c284ef4ab05

SHA1
3528372c4e422343d38c87bdc8b07c2f231e8092

SHA256
62c97de1ee00003163ca44bce6fa62c6a7042bcfa6824d0ed75a75d2a5275bc0

SHA512
5264ea330a4e5e0c019797f23c3221838d178d239ee962a6d87654303e1d57ea57b52388b12838f9e5f57d25f62a4074e1983a6eca01ea896de1ea7f600eb2ad

Download Submit
C:\Windows\System\mkMyucq.exe

Filesize
2.2MB

MD5
25933b4b5c0b8d2ab29f3d3bd09ea792

SHA1
8fbe7e0bc65c6da4c8c7a4ee08bc441a59477840

SHA256
982a4c0f3ca57476c9b5474a8107bf266f0b935582dbfb0a8ca19aa3f9cb02a9

SHA512
b3b1aefe1d4457200d63c58c4cce99e67c2bc51b187610e03a7d80aae799f8ac13630e3fc98c2f2bc2b2e101d54b33736db49f3295bdf7596176d3488ff1ada1

Download Submit
C:\Windows\System\nxlWpFw.exe

Filesize
2.2MB

MD5
521d9ed3657f95584ce0b5096c17e030

SHA1
4f2b3c2c5174a42826bfd96c865ca1c686f327ca

SHA256
aa1e7773ba52f7d2f83394210e3965bf81dfbe2b0c0ba016bdfcf17c4717a9a5

SHA512
912aa549720366f75f11b758c2c8fb5c08ac35161a07ba6ab7fd11674e78d711fb37ddde6bd62e25d3faba8705045f615933a00e434ebbf8e425af06c9d0c838

Download Submit
C:\Windows\System\oLVtGhO.exe

Filesize
2.2MB

MD5
e969b4bfe89fc9cd090acb4774c68710

SHA1
3e03e40525598bb0752fa593c3bf31e5356e02e7

SHA256
1e47e8b947a4e7c1b8e9232d32d76675cb0717662c15f739a68fd4fc6e01554b

SHA512
205929534a74647a1f90cec90bd6dc666dba1c02254cc8079d008344006e4eb2631ef541d679097bbfcb53e82d47fbc01d0faeb877b7748c3ab1bd41e5e31865

Download Submit
C:\Windows\System\qTeSqIc.exe

Filesize
2.2MB

MD5
5bb7ced1a4b59fd719794f4ec5865e91

SHA1
da55dbb72a69767c43324840e98da9450298f6fa

SHA256
210caf2ecb94bfe8c9540284388640e7c7c933998c0c3ac264a846af8d0ff6c3

SHA512
c8cc1b8d9b90a9cb61108c211bb8c176972bd5bbae26be904d8142f8eb140786d92010d08cb4dcb1684b6eb95570cf9e15e61adc85c0873ff51945556dd8f9e3

Download Submit
C:\Windows\System\tuvWgdI.exe

Filesize
2.2MB

MD5
52b08cb82d94d06832b68359b8b707ad

SHA1
af8d2e26157540980a08bf1306bdb4ab1f29a4c9

SHA256
9e4f46c1f458553bb3b2ab0e0c77c3eb77b7983b0edc0ee83f84279dc582d44d

SHA512
7a583fa22e368a7bb9b4fa02e4904f945e41678f6b5588fb1114ea61a02252c9da28cca5d8027e53a030b5c9105334b049404190b34f6bc2df02cecb4a153410

Download Submit
C:\Windows\System\vBDSXjp.exe

Filesize
2.2MB

MD5
dc499a6e0715861befa97cd89f71b630

SHA1
a74e25d32eb4abb8246019009776c82b080ca9e4

SHA256
b50ea0f83f30ba82b4c8d13fb953bb52a9f82b47784e5a53375a5de39afaee78

SHA512
f8272aca56603cea4f53caf2cba6c5179a05379e8dc3f2f7b98e878917c479566481f431e09c5e5eb79a048751523035399206fbc230734f9491133a292cc7a0

Download Submit
C:\Windows\System\wWPyrvx.exe

Filesize
2.2MB

MD5
aada0772e2b9859edd6a6f5fd2f4c1d3

SHA1
a7610b313c9e26611097a4830d67e38d2c465c57

SHA256
dafd39111f6004840352a293e2b2cea195c3775ff6cebd3389e31f1179766703

SHA512
c3eaacedee3467802ab22ae6b69c4a872e1f76ae8f9ce61ee2624bf6868c6e88f9c2967c684f80f9dd2229566dfda37b4cca5fa4f4613c72ce379589a4f82b03

Download Submit
C:\Windows\System\xftapNV.exe

Filesize
2.2MB

MD5
f1d8dfee0ba48166bd6727e2530b5333

SHA1
5de33712d59393c13b3c03e232c3f61a1afebb64

SHA256
0b84851f2dcbcb1434b8be90a4d2d85a95884fc1491f6c41ff7f6628b7dab204

SHA512
09a4a23a1f339f03cb6acca053cce7fef4556c21b278f56fa6dbf0097e3d9c45dfccf07064855918ba1845bea133c83a119eae28c5b4f634eab1bf6a7ee90c99

Download Submit
C:\Windows\System\xhXNZvn.exe

Filesize
2.2MB

MD5
f0ce1dadd90169566a21471748370dd9

SHA1
eac8cf140055ab8d9d1173637c9fd7a6be6c332b

SHA256
16642236cbc7672a494b929923264e1fbc34e47a25a278f6c18a14e50115760d

SHA512
3ffd551a61640a72507956437594bf1eba9bdec98170c0c1b73ac6c90c6e1b757bebb1ed385084b3c1d8d4f09dbea8bd4923a7495f8e8347a5b20c07526138d2

Download Submit
C:\Windows\System\yGUTMEE.exe

Filesize
2.2MB

MD5
063f021489b9aec0ea49a797b08e4bd6

SHA1
f65917ea84bd0ca363294a06e37039b34f8f3d96

SHA256
f6f68dcce16b80e19652d63dbaa5146874481b86a38fc6d5b7b97987598729df

SHA512
d7a59164ece342a6bd5a8d3727e2e633fe27fc57b9028d0664d9040325d578a53a1b849a509790dc17f792bd5650d08e43a6eb2ff7ec00703f87a25e607bd52c

Download Submit
C:\Windows\System\zXviEWM.exe

Filesize
2.2MB

MD5
05cfd15ff4b7783eeb82667778e85145

SHA1
079123deda26a0ee24d801b26a4aff9d6ada4e5d

SHA256
cd967c7ce1934af90fbe4143e57fd95f96c7f24e0dd79b21103503eaa45accfd

SHA512
d2be7c19f4f0dcb2afe1739db4cd552f048d6b36f8c022173ecaae2dfdaa1389ea447b7baeb0d7587403c619a532e9783bb7cff529ab5b5e61c7dcb464e07450

Download Submit
memory/216-4838-0x00007FF7BD6F0000-0x00007FF7BDAE2000-memory.dmp

Filesize
3.9MB

Download
memory/216-0-0x00007FF7BD6F0000-0x00007FF7BDAE2000-memory.dmp

Filesize
3.9MB

Download
memory/216-1-0x0000023C44870000-0x0000023C44880000-memory.dmp

Filesize
64KB

Download
memory/424-396-0x00007FF7E3CA0000-0x00007FF7E4092000-memory.dmp

Filesize
3.9MB

Download
memory/652-395-0x00007FF751090000-0x00007FF751482000-memory.dmp

Filesize
3.9MB

Download
memory/804-394-0x00007FF625F70000-0x00007FF626362000-memory.dmp

Filesize
3.9MB

Download
memory/1076-390-0x00007FF738130000-0x00007FF738522000-memory.dmp

Filesize
3.9MB

Download
memory/1448-386-0x00007FF78D0A0000-0x00007FF78D492000-memory.dmp

Filesize
3.9MB

Download
memory/1520-53-0x00007FF69B8F0000-0x00007FF69BCE2000-memory.dmp

Filesize
3.9MB

Download
memory/1676-385-0x00007FF739F30000-0x00007FF73A322000-memory.dmp

Filesize
3.9MB

Download
memory/1736-312-0x00007FF777CB0000-0x00007FF7780A2000-memory.dmp

Filesize
3.9MB

Download
memory/1844-392-0x00007FF7F1690000-0x00007FF7F1A82000-memory.dmp

Filesize
3.9MB

Download
memory/1992-389-0x00007FF7758E0000-0x00007FF775CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2104-388-0x00007FF64F9E0000-0x00007FF64FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2424-256-0x00007FF72DF60000-0x00007FF72E352000-memory.dmp

Filesize
3.9MB

Download
memory/2528-133-0x00007FF724D00000-0x00007FF7250F2000-memory.dmp

Filesize
3.9MB

Download
memory/2528-4275-0x00007FF724D00000-0x00007FF7250F2000-memory.dmp

Filesize
3.9MB

Download
memory/2604-346-0x00007FF718B20000-0x00007FF718F12000-memory.dmp

Filesize
3.9MB

Download
memory/2756-213-0x00007FF7FA180000-0x00007FF7FA572000-memory.dmp

Filesize
3.9MB

Download
memory/2920-382-0x00007FF69D780000-0x00007FF69DB72000-memory.dmp

Filesize
3.9MB

Download
memory/3260-383-0x00007FF647E60000-0x00007FF648252000-memory.dmp

Filesize
3.9MB

Download
memory/3656-391-0x00007FF6ECD10000-0x00007FF6ED102000-memory.dmp

Filesize
3.9MB

Download
memory/3672-180-0x00007FF6294D0000-0x00007FF6298C2000-memory.dmp

Filesize
3.9MB

Download
memory/3676-136-0x00007FF761B20000-0x00007FF761F12000-memory.dmp

Filesize
3.9MB

Download
memory/4040-265-0x00007FF6BE350000-0x00007FF6BE742000-memory.dmp

Filesize
3.9MB

Download
memory/4596-387-0x00007FF7E1B20000-0x00007FF7E1F12000-memory.dmp

Filesize
3.9MB

Download
memory/4700-384-0x00007FF6CDA50000-0x00007FF6CDE42000-memory.dmp

Filesize
3.9MB

Download
memory/4964-393-0x00007FF7C49B0000-0x00007FF7C4DA2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-91-0x00007FFF37220000-0x00007FFF37CE1000-memory.dmp

Filesize
10.8MB

Download
memory/5016-34-0x00007FFF37220000-0x00007FFF37CE1000-memory.dmp

Filesize
10.8MB

Download
memory/5016-5-0x00007FFF37223000-0x00007FFF37225000-memory.dmp

Filesize
8KB

Download
memory/5016-243-0x00000268C0040000-0x00000268C0062000-memory.dmp

Filesize
136KB

Download