xmrig | a8bf14e05981fe410aa14f794a9f92d782c93ab6554c22947043a7e22bdaba6c

Analysis

max time kernel
140s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
Size

1.4MB
MD5

0ebd28e354ae8437d1959f67aa080958
SHA1

02f4ab00070f3ba84f4260a30d76bc0b508e7e2e
SHA256

a8bf14e05981fe410aa14f794a9f92d782c93ab6554c22947043a7e22bdaba6c
SHA512

11a901d6f69d9ce2eecaf59fb7ac59039aa9a43a37be5e4f857242e2e108fca5c9284303d0eff2c7d9680812b947e35bcf8599769ec240248ca124ec78684a92
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwmv:Lz071uv4BPMkibTIA5CJvv

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 15 IoCs

miner

resource	yara_rule
behavioral2/memory/3804-322-0x00007FF755790000-0x00007FF755B82000-memory.dmp	xmrig
behavioral2/memory/400-282-0x00007FF674610000-0x00007FF674A02000-memory.dmp	xmrig
behavioral2/memory/2988-860-0x00007FF73E380000-0x00007FF73E772000-memory.dmp	xmrig
behavioral2/memory/4272-1383-0x00007FF694170000-0x00007FF694562000-memory.dmp	xmrig
behavioral2/memory/5116-629-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp	xmrig
behavioral2/memory/3252-573-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp	xmrig
behavioral2/memory/3124-569-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp	xmrig
behavioral2/memory/4460-3067-0x00007FF625C20000-0x00007FF626012000-memory.dmp	xmrig
behavioral2/memory/4272-3070-0x00007FF694170000-0x00007FF694562000-memory.dmp	xmrig
behavioral2/memory/400-3073-0x00007FF674610000-0x00007FF674A02000-memory.dmp	xmrig
behavioral2/memory/3124-3075-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp	xmrig
behavioral2/memory/3804-3079-0x00007FF755790000-0x00007FF755B82000-memory.dmp	xmrig
behavioral2/memory/5116-3082-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp	xmrig
behavioral2/memory/2988-3085-0x00007FF73E380000-0x00007FF73E772000-memory.dmp	xmrig
behavioral2/memory/3252-3087-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
220	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4460	ZTLdgPs.exe
2952	KRPGenA.exe
400	kxZapah.exe
3804	WnwEqXA.exe
3124	UPGjXqC.exe
3252	KCAjVqV.exe
5116	OgSTpsH.exe
2988	hkeDOAu.exe
4272	fMpwywX.exe
4468	kEtpeCT.exe
5044	LnmFsEw.exe
1412	RHRnVpr.exe
1448	XCqfcpG.exe
1700	KLMCdlx.exe
4164	gMUzrPL.exe
3060	FVFyucK.exe
4504	dbFoCZN.exe
2712	VOjDYao.exe
3740	rdcHTZL.exe
516	AdWDyGm.exe
3584	ehSDtmR.exe
4656	loKwLOX.exe
456	VirdqPF.exe
5000	jGxoLzp.exe
4032	OQCdiQG.exe
2736	qeQFIhs.exe
2088	xgxFZVt.exe
4904	aSuAwzk.exe
368	IKCCYJl.exe
4472	PJDvZuu.exe
4712	MQTVWhE.exe
4008	IVrCYdv.exe
2868	PawemJC.exe
4112	wSNNVAn.exe
1556	tCucVLs.exe
1096	CyabTIk.exe
1108	dQvlIHN.exe
1160	jFnIsPk.exe
4780	CqBBHCY.exe
60	uUdxqYu.exe
3784	LTmpTrk.exe
3832	Nkzjynr.exe
5076	AYOoOUw.exe
3720	gPkAXsW.exe
876	bCiWwDG.exe
3752	RcBzSmp.exe
412	WEYVYGc.exe
1920	yrKOAUU.exe
4260	NfehJlG.exe
2028	SchURGp.exe
3248	SPXQqbI.exe
5024	EfWOwLB.exe
956	ZBcvMuy.exe
1788	AQpNrwt.exe
5016	mfEQkPH.exe
832	HsqaWUp.exe
768	GAHzEPM.exe
2444	kWfrlfz.exe
1444	IMUAUst.exe
4072	KHcHqry.exe
3328	ncMeuqL.exe
392	wGCqduV.exe
1004	QPUKVMO.exe
1176	UdrnRwP.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1664-0-0x00007FF62ACD0000-0x00007FF62B0C2000-memory.dmp	upx
behavioral2/memory/4460-14-0x00007FF625C20000-0x00007FF626012000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-54.dat	upx
behavioral2/files/0x000a000000023ba2-96.dat	upx
behavioral2/files/0x000a000000023baa-134.dat	upx
behavioral2/files/0x000a000000023ba9-130.dat	upx
behavioral2/files/0x000a000000023b9f-127.dat	upx
behavioral2/files/0x000a000000023bb5-200.dat	upx
behavioral2/files/0x000a000000023bb4-186.dat	upx
behavioral2/files/0x000a000000023ba7-120.dat	upx
behavioral2/files/0x000a000000023ba6-116.dat	upx
behavioral2/files/0x000a000000023bb1-177.dat	upx
behavioral2/files/0x000a000000023b9e-109.dat	upx
behavioral2/files/0x000a000000023ba5-104.dat	upx
behavioral2/files/0x000a000000023ba4-171.dat	upx
behavioral2/files/0x000a000000023bac-166.dat	upx
behavioral2/files/0x000a000000023b9b-160.dat	upx
behavioral2/files/0x000a000000023bb7-203.dat	upx
behavioral2/files/0x000a000000023ba1-214.dat	upx
behavioral2/memory/3804-322-0x00007FF755790000-0x00007FF755B82000-memory.dmp	upx
behavioral2/memory/400-282-0x00007FF674610000-0x00007FF674A02000-memory.dmp	upx
behavioral2/files/0x000a000000023ba0-211.dat	upx
behavioral2/memory/2988-860-0x00007FF73E380000-0x00007FF73E772000-memory.dmp	upx
behavioral2/memory/4272-1383-0x00007FF694170000-0x00007FF694562000-memory.dmp	upx
behavioral2/memory/5116-629-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp	upx
behavioral2/memory/3252-573-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp	upx
behavioral2/memory/3124-569-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp	upx
behavioral2/files/0x000a000000023bb6-201.dat	upx
behavioral2/files/0x000a000000023bb0-176.dat	upx
behavioral2/files/0x000a000000023baf-175.dat	upx
behavioral2/files/0x000a000000023bae-172.dat	upx
behavioral2/files/0x000a000000023bad-170.dat	upx
behavioral2/files/0x000a000000023b9c-161.dat	upx
behavioral2/files/0x000a000000023bab-158.dat	upx
behavioral2/files/0x000a000000023bba-208.dat	upx
behavioral2/files/0x000a000000023bb9-205.dat	upx
behavioral2/files/0x000a000000023b96-138.dat	upx
behavioral2/files/0x000a000000023bb8-204.dat	upx
behavioral2/files/0x000a000000023b9a-148.dat	upx
behavioral2/files/0x000a000000023b95-146.dat	upx
behavioral2/files/0x000a000000023b99-135.dat	upx
behavioral2/files/0x000a000000023ba8-126.dat	upx
behavioral2/files/0x000a000000023b94-83.dat	upx
behavioral2/files/0x000a000000023b93-81.dat	upx
behavioral2/files/0x000a000000023b92-71.dat	upx
behavioral2/files/0x000a000000023b9d-69.dat	upx
behavioral2/files/0x000a000000023ba3-99.dat	upx
behavioral2/files/0x000a000000023b97-58.dat	upx
behavioral2/files/0x000a000000023b98-50.dat	upx
behavioral2/files/0x000a000000023b91-46.dat	upx
behavioral2/files/0x000c000000023b7a-6.dat	upx
behavioral2/memory/4460-3067-0x00007FF625C20000-0x00007FF626012000-memory.dmp	upx
behavioral2/memory/4272-3070-0x00007FF694170000-0x00007FF694562000-memory.dmp	upx
behavioral2/memory/400-3073-0x00007FF674610000-0x00007FF674A02000-memory.dmp	upx
behavioral2/memory/3124-3075-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp	upx
behavioral2/memory/3804-3079-0x00007FF755790000-0x00007FF755B82000-memory.dmp	upx
behavioral2/memory/5116-3082-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp	upx
behavioral2/memory/2988-3085-0x00007FF73E380000-0x00007FF73E772000-memory.dmp	upx
behavioral2/memory/3252-3087-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mrxnuIJ.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\MLFITwY.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\IeSSGaf.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\YJUjoDP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\yiKJqRP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\KQVNnBb.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\nPRGpiM.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\yxeANxP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\sQGWevZ.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\FYxENDK.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ETgtptc.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\HFVGeZE.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\jueRXvP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\zqcpSBh.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\jytfJXv.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\zZbyxji.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ShgGFTM.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\rVSRfhU.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\sqZCDof.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\mklNaRg.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\QtjkBCy.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\HsqaWUp.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\cezXdbU.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\GFMcOJO.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\wMDuPlQ.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ffMDLiP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\Tgbmfwa.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\bBZqQjF.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\afqsXIT.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\zxxoEEu.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\nuPPIIo.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\lrYjywV.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\nvSwxbr.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ZjUPkVC.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\naHKjhU.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\RajJCTM.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\iLAHHYv.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\GGgzMLv.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\aaRSBcY.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\juFxkhc.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\RRjYJue.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\vuCBWXX.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\pQduQup.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\YvKsHcV.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\YXVtKwV.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\yaGOSuf.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\BNvKJVG.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\FtqyTej.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\apElzHH.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\UZlZhfP.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\kBGduHr.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\vOGKcSk.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ugvAiwH.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\wSNNVAn.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\CiFdgSS.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\mpSYgTE.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\ZkcVMcw.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\nkvOrpA.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\yAQDfcC.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\pSJNDVh.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\UHYlcne.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\BpfgbOL.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\cZJRXuY.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
File created	C:\Windows\System\XOEHcMM.exe	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
220	powershell.exe
220	powershell.exe
220	powershell.exe
220	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
Token: SeDebugPrivilege	220	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 220	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	86
PID 1664 wrote to memory of 220	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	86
PID 1664 wrote to memory of 4460	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	87
PID 1664 wrote to memory of 4460	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	87
PID 1664 wrote to memory of 2952	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	88
PID 1664 wrote to memory of 2952	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	88
PID 1664 wrote to memory of 400	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	89
PID 1664 wrote to memory of 400	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	89
PID 1664 wrote to memory of 3804	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	90
PID 1664 wrote to memory of 3804	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	90
PID 1664 wrote to memory of 3124	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	91
PID 1664 wrote to memory of 3124	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	91
PID 1664 wrote to memory of 3252	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	92
PID 1664 wrote to memory of 3252	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	92
PID 1664 wrote to memory of 5116	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	93
PID 1664 wrote to memory of 5116	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	93
PID 1664 wrote to memory of 2988	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	94
PID 1664 wrote to memory of 2988	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	94
PID 1664 wrote to memory of 4272	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	95
PID 1664 wrote to memory of 4272	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	95
PID 1664 wrote to memory of 4468	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	96
PID 1664 wrote to memory of 4468	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	96
PID 1664 wrote to memory of 5044	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	97
PID 1664 wrote to memory of 5044	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	97
PID 1664 wrote to memory of 1412	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	98
PID 1664 wrote to memory of 1412	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	98
PID 1664 wrote to memory of 1448	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	99
PID 1664 wrote to memory of 1448	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	99
PID 1664 wrote to memory of 1700	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	100
PID 1664 wrote to memory of 1700	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	100
PID 1664 wrote to memory of 4164	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	101
PID 1664 wrote to memory of 4164	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	101
PID 1664 wrote to memory of 4656	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	102
PID 1664 wrote to memory of 4656	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	102
PID 1664 wrote to memory of 3060	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	103
PID 1664 wrote to memory of 3060	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	103
PID 1664 wrote to memory of 4504	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	104
PID 1664 wrote to memory of 4504	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	104
PID 1664 wrote to memory of 2712	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	105
PID 1664 wrote to memory of 2712	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	105
PID 1664 wrote to memory of 3740	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	106
PID 1664 wrote to memory of 3740	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	106
PID 1664 wrote to memory of 516	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	107
PID 1664 wrote to memory of 516	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	107
PID 1664 wrote to memory of 4712	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	108
PID 1664 wrote to memory of 4712	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	108
PID 1664 wrote to memory of 3584	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	109
PID 1664 wrote to memory of 3584	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	109
PID 1664 wrote to memory of 456	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	110
PID 1664 wrote to memory of 456	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	110
PID 1664 wrote to memory of 5000	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	111
PID 1664 wrote to memory of 5000	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	111
PID 1664 wrote to memory of 4032	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	112
PID 1664 wrote to memory of 4032	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	112
PID 1664 wrote to memory of 2736	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	113
PID 1664 wrote to memory of 2736	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	113
PID 1664 wrote to memory of 2088	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	114
PID 1664 wrote to memory of 2088	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	114
PID 1664 wrote to memory of 4904	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	115
PID 1664 wrote to memory of 4904	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	115
PID 1664 wrote to memory of 368	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	116
PID 1664 wrote to memory of 368	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	116
PID 1664 wrote to memory of 4472	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	117
PID 1664 wrote to memory of 4472	1664	0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ebd28e354ae8437d1959f67aa080958_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:220
- C:\Windows\System\ZTLdgPs.exe
  C:\Windows\System\ZTLdgPs.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\KRPGenA.exe
  C:\Windows\System\KRPGenA.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\kxZapah.exe
  C:\Windows\System\kxZapah.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\WnwEqXA.exe
  C:\Windows\System\WnwEqXA.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\UPGjXqC.exe
  C:\Windows\System\UPGjXqC.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\KCAjVqV.exe
  C:\Windows\System\KCAjVqV.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\OgSTpsH.exe
  C:\Windows\System\OgSTpsH.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\hkeDOAu.exe
  C:\Windows\System\hkeDOAu.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\fMpwywX.exe
  C:\Windows\System\fMpwywX.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\kEtpeCT.exe
  C:\Windows\System\kEtpeCT.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\LnmFsEw.exe
  C:\Windows\System\LnmFsEw.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\RHRnVpr.exe
  C:\Windows\System\RHRnVpr.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\XCqfcpG.exe
  C:\Windows\System\XCqfcpG.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\KLMCdlx.exe
  C:\Windows\System\KLMCdlx.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\gMUzrPL.exe
  C:\Windows\System\gMUzrPL.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\loKwLOX.exe
  C:\Windows\System\loKwLOX.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\FVFyucK.exe
  C:\Windows\System\FVFyucK.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\dbFoCZN.exe
  C:\Windows\System\dbFoCZN.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\VOjDYao.exe
  C:\Windows\System\VOjDYao.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\rdcHTZL.exe
  C:\Windows\System\rdcHTZL.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\AdWDyGm.exe
  C:\Windows\System\AdWDyGm.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\MQTVWhE.exe
  C:\Windows\System\MQTVWhE.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\ehSDtmR.exe
  C:\Windows\System\ehSDtmR.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\VirdqPF.exe
  C:\Windows\System\VirdqPF.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\jGxoLzp.exe
  C:\Windows\System\jGxoLzp.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\OQCdiQG.exe
  C:\Windows\System\OQCdiQG.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\qeQFIhs.exe
  C:\Windows\System\qeQFIhs.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\xgxFZVt.exe
  C:\Windows\System\xgxFZVt.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\aSuAwzk.exe
  C:\Windows\System\aSuAwzk.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\IKCCYJl.exe
  C:\Windows\System\IKCCYJl.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\PJDvZuu.exe
  C:\Windows\System\PJDvZuu.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\IVrCYdv.exe
  C:\Windows\System\IVrCYdv.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\PawemJC.exe
  C:\Windows\System\PawemJC.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\wSNNVAn.exe
  C:\Windows\System\wSNNVAn.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\tCucVLs.exe
  C:\Windows\System\tCucVLs.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\ZBcvMuy.exe
  C:\Windows\System\ZBcvMuy.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\AQpNrwt.exe
  C:\Windows\System\AQpNrwt.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\CyabTIk.exe
  C:\Windows\System\CyabTIk.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\dQvlIHN.exe
  C:\Windows\System\dQvlIHN.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\jFnIsPk.exe
  C:\Windows\System\jFnIsPk.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\CqBBHCY.exe
  C:\Windows\System\CqBBHCY.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\uUdxqYu.exe
  C:\Windows\System\uUdxqYu.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\LTmpTrk.exe
  C:\Windows\System\LTmpTrk.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\Nkzjynr.exe
  C:\Windows\System\Nkzjynr.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\AYOoOUw.exe
  C:\Windows\System\AYOoOUw.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\gPkAXsW.exe
  C:\Windows\System\gPkAXsW.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\bCiWwDG.exe
  C:\Windows\System\bCiWwDG.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\HNLagUW.exe
  C:\Windows\System\HNLagUW.exe
  2⤵
  PID:4020
- C:\Windows\System\RcBzSmp.exe
  C:\Windows\System\RcBzSmp.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\WEYVYGc.exe
  C:\Windows\System\WEYVYGc.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\yrKOAUU.exe
  C:\Windows\System\yrKOAUU.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\NfehJlG.exe
  C:\Windows\System\NfehJlG.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\SchURGp.exe
  C:\Windows\System\SchURGp.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\SPXQqbI.exe
  C:\Windows\System\SPXQqbI.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\EfWOwLB.exe
  C:\Windows\System\EfWOwLB.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\mfEQkPH.exe
  C:\Windows\System\mfEQkPH.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\HsqaWUp.exe
  C:\Windows\System\HsqaWUp.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\GAHzEPM.exe
  C:\Windows\System\GAHzEPM.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\kWfrlfz.exe
  C:\Windows\System\kWfrlfz.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\IMUAUst.exe
  C:\Windows\System\IMUAUst.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\KHcHqry.exe
  C:\Windows\System\KHcHqry.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\ncMeuqL.exe
  C:\Windows\System\ncMeuqL.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\wGCqduV.exe
  C:\Windows\System\wGCqduV.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\QPUKVMO.exe
  C:\Windows\System\QPUKVMO.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\UdrnRwP.exe
  C:\Windows\System\UdrnRwP.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\BzCnUek.exe
  C:\Windows\System\BzCnUek.exe
  2⤵
  PID:2076
- C:\Windows\System\ZOChtpk.exe
  C:\Windows\System\ZOChtpk.exe
  2⤵
  PID:4860
- C:\Windows\System\gWzYlyy.exe
  C:\Windows\System\gWzYlyy.exe
  2⤵
  PID:1728
- C:\Windows\System\JKeGrNU.exe
  C:\Windows\System\JKeGrNU.exe
  2⤵
  PID:2876
- C:\Windows\System\qmgXHPq.exe
  C:\Windows\System\qmgXHPq.exe
  2⤵
  PID:4844
- C:\Windows\System\ATUptJC.exe
  C:\Windows\System\ATUptJC.exe
  2⤵
  PID:4432
- C:\Windows\System\KQJngOJ.exe
  C:\Windows\System\KQJngOJ.exe
  2⤵
  PID:1952
- C:\Windows\System\nuPPIIo.exe
  C:\Windows\System\nuPPIIo.exe
  2⤵
  PID:3776
- C:\Windows\System\BCiejYw.exe
  C:\Windows\System\BCiejYw.exe
  2⤵
  PID:4452
- C:\Windows\System\sRAQKBg.exe
  C:\Windows\System\sRAQKBg.exe
  2⤵
  PID:1488
- C:\Windows\System\TjetFBS.exe
  C:\Windows\System\TjetFBS.exe
  2⤵
  PID:3552
- C:\Windows\System\gdyJlQD.exe
  C:\Windows\System\gdyJlQD.exe
  2⤵
  PID:5124
- C:\Windows\System\SVCCUJS.exe
  C:\Windows\System\SVCCUJS.exe
  2⤵
  PID:5148
- C:\Windows\System\wVSLeZt.exe
  C:\Windows\System\wVSLeZt.exe
  2⤵
  PID:5164
- C:\Windows\System\gzAYMXU.exe
  C:\Windows\System\gzAYMXU.exe
  2⤵
  PID:5184
- C:\Windows\System\qBGtTKZ.exe
  C:\Windows\System\qBGtTKZ.exe
  2⤵
  PID:5200
- C:\Windows\System\MDMbCKv.exe
  C:\Windows\System\MDMbCKv.exe
  2⤵
  PID:5220
- C:\Windows\System\nSWIUFQ.exe
  C:\Windows\System\nSWIUFQ.exe
  2⤵
  PID:5240
- C:\Windows\System\lTONwom.exe
  C:\Windows\System\lTONwom.exe
  2⤵
  PID:5256
- C:\Windows\System\DVtpOrC.exe
  C:\Windows\System\DVtpOrC.exe
  2⤵
  PID:5272
- C:\Windows\System\iopFoXN.exe
  C:\Windows\System\iopFoXN.exe
  2⤵
  PID:5288
- C:\Windows\System\LXSKVph.exe
  C:\Windows\System\LXSKVph.exe
  2⤵
  PID:5308
- C:\Windows\System\ZMVqaXe.exe
  C:\Windows\System\ZMVqaXe.exe
  2⤵
  PID:5324
- C:\Windows\System\yiKJqRP.exe
  C:\Windows\System\yiKJqRP.exe
  2⤵
  PID:5340
- C:\Windows\System\XsJoOSq.exe
  C:\Windows\System\XsJoOSq.exe
  2⤵
  PID:5364
- C:\Windows\System\pvLqlgY.exe
  C:\Windows\System\pvLqlgY.exe
  2⤵
  PID:5380
- C:\Windows\System\JxkwWEB.exe
  C:\Windows\System\JxkwWEB.exe
  2⤵
  PID:5420
- C:\Windows\System\LfmXjxT.exe
  C:\Windows\System\LfmXjxT.exe
  2⤵
  PID:5444
- C:\Windows\System\OpOvgmf.exe
  C:\Windows\System\OpOvgmf.exe
  2⤵
  PID:5460
- C:\Windows\System\RHirUOQ.exe
  C:\Windows\System\RHirUOQ.exe
  2⤵
  PID:5488
- C:\Windows\System\SJfxmHR.exe
  C:\Windows\System\SJfxmHR.exe
  2⤵
  PID:5504
- C:\Windows\System\OFRvHaj.exe
  C:\Windows\System\OFRvHaj.exe
  2⤵
  PID:5528
- C:\Windows\System\BNvKJVG.exe
  C:\Windows\System\BNvKJVG.exe
  2⤵
  PID:5548
- C:\Windows\System\PzNefAC.exe
  C:\Windows\System\PzNefAC.exe
  2⤵
  PID:5572
- C:\Windows\System\HzjphaZ.exe
  C:\Windows\System\HzjphaZ.exe
  2⤵
  PID:5596
- C:\Windows\System\cmgqCjk.exe
  C:\Windows\System\cmgqCjk.exe
  2⤵
  PID:5612
- C:\Windows\System\TiTuHuO.exe
  C:\Windows\System\TiTuHuO.exe
  2⤵
  PID:5636
- C:\Windows\System\KRDHvfE.exe
  C:\Windows\System\KRDHvfE.exe
  2⤵
  PID:5652
- C:\Windows\System\BWzMbjR.exe
  C:\Windows\System\BWzMbjR.exe
  2⤵
  PID:5680
- C:\Windows\System\wKaBkow.exe
  C:\Windows\System\wKaBkow.exe
  2⤵
  PID:5696
- C:\Windows\System\bFzTzej.exe
  C:\Windows\System\bFzTzej.exe
  2⤵
  PID:5716
- C:\Windows\System\HHYuxXB.exe
  C:\Windows\System\HHYuxXB.exe
  2⤵
  PID:5740
- C:\Windows\System\JtnuKyG.exe
  C:\Windows\System\JtnuKyG.exe
  2⤵
  PID:5832
- C:\Windows\System\KPQuNqs.exe
  C:\Windows\System\KPQuNqs.exe
  2⤵
  PID:5848
- C:\Windows\System\uLQUZzy.exe
  C:\Windows\System\uLQUZzy.exe
  2⤵
  PID:5864
- C:\Windows\System\IukxYKu.exe
  C:\Windows\System\IukxYKu.exe
  2⤵
  PID:5880
- C:\Windows\System\RbAqGMn.exe
  C:\Windows\System\RbAqGMn.exe
  2⤵
  PID:5896
- C:\Windows\System\aknUwUJ.exe
  C:\Windows\System\aknUwUJ.exe
  2⤵
  PID:5912
- C:\Windows\System\acpHTEJ.exe
  C:\Windows\System\acpHTEJ.exe
  2⤵
  PID:5948
- C:\Windows\System\JojXOtD.exe
  C:\Windows\System\JojXOtD.exe
  2⤵
  PID:5964
- C:\Windows\System\yRBGzsb.exe
  C:\Windows\System\yRBGzsb.exe
  2⤵
  PID:5980
- C:\Windows\System\RmsnCuZ.exe
  C:\Windows\System\RmsnCuZ.exe
  2⤵
  PID:5996
- C:\Windows\System\kvNjiCm.exe
  C:\Windows\System\kvNjiCm.exe
  2⤵
  PID:6032
- C:\Windows\System\mTspLpo.exe
  C:\Windows\System\mTspLpo.exe
  2⤵
  PID:6056
- C:\Windows\System\PFdxpkW.exe
  C:\Windows\System\PFdxpkW.exe
  2⤵
  PID:6104
- C:\Windows\System\DWhWfhG.exe
  C:\Windows\System\DWhWfhG.exe
  2⤵
  PID:3188
- C:\Windows\System\LLdjUEE.exe
  C:\Windows\System\LLdjUEE.exe
  2⤵
  PID:2956
- C:\Windows\System\FtqyTej.exe
  C:\Windows\System\FtqyTej.exe
  2⤵
  PID:3704
- C:\Windows\System\SfWwIZQ.exe
  C:\Windows\System\SfWwIZQ.exe
  2⤵
  PID:2520
- C:\Windows\System\IQJlHmA.exe
  C:\Windows\System\IQJlHmA.exe
  2⤵
  PID:4476
- C:\Windows\System\zuDjBuI.exe
  C:\Windows\System\zuDjBuI.exe
  2⤵
  PID:2688
- C:\Windows\System\mjCJtad.exe
  C:\Windows\System\mjCJtad.exe
  2⤵
  PID:1268
- C:\Windows\System\JelWMmo.exe
  C:\Windows\System\JelWMmo.exe
  2⤵
  PID:5052
- C:\Windows\System\kgkCAmR.exe
  C:\Windows\System\kgkCAmR.exe
  2⤵
  PID:428
- C:\Windows\System\jfywfMs.exe
  C:\Windows\System\jfywfMs.exe
  2⤵
  PID:3172
- C:\Windows\System\nJvyRLB.exe
  C:\Windows\System\nJvyRLB.exe
  2⤵
  PID:4364
- C:\Windows\System\apElzHH.exe
  C:\Windows\System\apElzHH.exe
  2⤵
  PID:4276
- C:\Windows\System\wWtgOED.exe
  C:\Windows\System\wWtgOED.exe
  2⤵
  PID:3736
- C:\Windows\System\DVWkIVa.exe
  C:\Windows\System\DVWkIVa.exe
  2⤵
  PID:2324
- C:\Windows\System\GuyfuzT.exe
  C:\Windows\System\GuyfuzT.exe
  2⤵
  PID:5660
- C:\Windows\System\cezXdbU.exe
  C:\Windows\System\cezXdbU.exe
  2⤵
  PID:5628
- C:\Windows\System\HMzDcOM.exe
  C:\Windows\System\HMzDcOM.exe
  2⤵
  PID:5556
- C:\Windows\System\oZLBhKJ.exe
  C:\Windows\System\oZLBhKJ.exe
  2⤵
  PID:5500
- C:\Windows\System\MhZGUMJ.exe
  C:\Windows\System\MhZGUMJ.exe
  2⤵
  PID:5440
- C:\Windows\System\FeQwQHU.exe
  C:\Windows\System\FeQwQHU.exe
  2⤵
  PID:5372
- C:\Windows\System\HalOqAm.exe
  C:\Windows\System\HalOqAm.exe
  2⤵
  PID:5316
- C:\Windows\System\KSESxeO.exe
  C:\Windows\System\KSESxeO.exe
  2⤵
  PID:5268
- C:\Windows\System\xZRljdX.exe
  C:\Windows\System\xZRljdX.exe
  2⤵
  PID:5232
- C:\Windows\System\mwFNKwh.exe
  C:\Windows\System\mwFNKwh.exe
  2⤵
  PID:5160
- C:\Windows\System\zQxsRxf.exe
  C:\Windows\System\zQxsRxf.exe
  2⤵
  PID:3044
- C:\Windows\System\NgPsSyu.exe
  C:\Windows\System\NgPsSyu.exe
  2⤵
  PID:1912
- C:\Windows\System\vcMQkAh.exe
  C:\Windows\System\vcMQkAh.exe
  2⤵
  PID:2148
- C:\Windows\System\WoCIDkN.exe
  C:\Windows\System\WoCIDkN.exe
  2⤵
  PID:2136
- C:\Windows\System\dCOqvLS.exe
  C:\Windows\System\dCOqvLS.exe
  2⤵
  PID:2748
- C:\Windows\System\MlvSIjM.exe
  C:\Windows\System\MlvSIjM.exe
  2⤵
  PID:1540
- C:\Windows\System\jYfdzeb.exe
  C:\Windows\System\jYfdzeb.exe
  2⤵
  PID:1584
- C:\Windows\System\vHPOxOj.exe
  C:\Windows\System\vHPOxOj.exe
  2⤵
  PID:2360
- C:\Windows\System\kJsqnZj.exe
  C:\Windows\System\kJsqnZj.exe
  2⤵
  PID:5688
- C:\Windows\System\vuCBWXX.exe
  C:\Windows\System\vuCBWXX.exe
  2⤵
  PID:5728
- C:\Windows\System\xhRWiSo.exe
  C:\Windows\System\xhRWiSo.exe
  2⤵
  PID:6164
- C:\Windows\System\dmVIxcY.exe
  C:\Windows\System\dmVIxcY.exe
  2⤵
  PID:6180
- C:\Windows\System\OEtdOyk.exe
  C:\Windows\System\OEtdOyk.exe
  2⤵
  PID:6200
- C:\Windows\System\ktbZmCE.exe
  C:\Windows\System\ktbZmCE.exe
  2⤵
  PID:6236
- C:\Windows\System\XsuFULt.exe
  C:\Windows\System\XsuFULt.exe
  2⤵
  PID:6260
- C:\Windows\System\GOfbFtY.exe
  C:\Windows\System\GOfbFtY.exe
  2⤵
  PID:6284
- C:\Windows\System\bnLBftX.exe
  C:\Windows\System\bnLBftX.exe
  2⤵
  PID:6388
- C:\Windows\System\YOzZKdZ.exe
  C:\Windows\System\YOzZKdZ.exe
  2⤵
  PID:6404
- C:\Windows\System\zzfTJsZ.exe
  C:\Windows\System\zzfTJsZ.exe
  2⤵
  PID:6420
- C:\Windows\System\dSIIfUw.exe
  C:\Windows\System\dSIIfUw.exe
  2⤵
  PID:6436
- C:\Windows\System\aRrEWmv.exe
  C:\Windows\System\aRrEWmv.exe
  2⤵
  PID:6452
- C:\Windows\System\IFtFtVg.exe
  C:\Windows\System\IFtFtVg.exe
  2⤵
  PID:6476
- C:\Windows\System\SeJOfoJ.exe
  C:\Windows\System\SeJOfoJ.exe
  2⤵
  PID:6492
- C:\Windows\System\IQPjOaG.exe
  C:\Windows\System\IQPjOaG.exe
  2⤵
  PID:6512
- C:\Windows\System\XiEtQdo.exe
  C:\Windows\System\XiEtQdo.exe
  2⤵
  PID:6528
- C:\Windows\System\dbbMMcp.exe
  C:\Windows\System\dbbMMcp.exe
  2⤵
  PID:6548
- C:\Windows\System\CiFdgSS.exe
  C:\Windows\System\CiFdgSS.exe
  2⤵
  PID:6572
- C:\Windows\System\RmUhHPH.exe
  C:\Windows\System\RmUhHPH.exe
  2⤵
  PID:6588
- C:\Windows\System\bBZqQjF.exe
  C:\Windows\System\bBZqQjF.exe
  2⤵
  PID:6608
- C:\Windows\System\cueVhXK.exe
  C:\Windows\System\cueVhXK.exe
  2⤵
  PID:6624
- C:\Windows\System\gOkZuDl.exe
  C:\Windows\System\gOkZuDl.exe
  2⤵
  PID:6644
- C:\Windows\System\myRJwJu.exe
  C:\Windows\System\myRJwJu.exe
  2⤵
  PID:6660
- C:\Windows\System\HLtWrJh.exe
  C:\Windows\System\HLtWrJh.exe
  2⤵
  PID:6688
- C:\Windows\System\xXOzdDe.exe
  C:\Windows\System\xXOzdDe.exe
  2⤵
  PID:6708
- C:\Windows\System\CjGrcJO.exe
  C:\Windows\System\CjGrcJO.exe
  2⤵
  PID:6724
- C:\Windows\System\YKpLDij.exe
  C:\Windows\System\YKpLDij.exe
  2⤵
  PID:6752
- C:\Windows\System\JidyTuB.exe
  C:\Windows\System\JidyTuB.exe
  2⤵
  PID:6776
- C:\Windows\System\GHserzv.exe
  C:\Windows\System\GHserzv.exe
  2⤵
  PID:6808
- C:\Windows\System\lKgNUQS.exe
  C:\Windows\System\lKgNUQS.exe
  2⤵
  PID:6844
- C:\Windows\System\GFMcOJO.exe
  C:\Windows\System\GFMcOJO.exe
  2⤵
  PID:6868
- C:\Windows\System\QjJgLcn.exe
  C:\Windows\System\QjJgLcn.exe
  2⤵
  PID:6964
- C:\Windows\System\NEGKkZB.exe
  C:\Windows\System\NEGKkZB.exe
  2⤵
  PID:6984
- C:\Windows\System\YqwPstg.exe
  C:\Windows\System\YqwPstg.exe
  2⤵
  PID:7012
- C:\Windows\System\tSpMOQf.exe
  C:\Windows\System\tSpMOQf.exe
  2⤵
  PID:7028
- C:\Windows\System\APmjIpz.exe
  C:\Windows\System\APmjIpz.exe
  2⤵
  PID:7052
- C:\Windows\System\UDbhKdF.exe
  C:\Windows\System\UDbhKdF.exe
  2⤵
  PID:7068
- C:\Windows\System\cBXsmks.exe
  C:\Windows\System\cBXsmks.exe
  2⤵
  PID:7092
- C:\Windows\System\oCohXLE.exe
  C:\Windows\System\oCohXLE.exe
  2⤵
  PID:7108
- C:\Windows\System\pWiKdFj.exe
  C:\Windows\System\pWiKdFj.exe
  2⤵
  PID:7128
- C:\Windows\System\PVgnpCG.exe
  C:\Windows\System\PVgnpCG.exe
  2⤵
  PID:7160
- C:\Windows\System\YRWuhyz.exe
  C:\Windows\System\YRWuhyz.exe
  2⤵
  PID:3724
- C:\Windows\System\RTdyzuL.exe
  C:\Windows\System\RTdyzuL.exe
  2⤵
  PID:3104
- C:\Windows\System\ecvYybf.exe
  C:\Windows\System\ecvYybf.exe
  2⤵
  PID:3756
- C:\Windows\System\EckhTFA.exe
  C:\Windows\System\EckhTFA.exe
  2⤵
  PID:5592
- C:\Windows\System\ZlqmGfQ.exe
  C:\Windows\System\ZlqmGfQ.exe
  2⤵
  PID:5452
- C:\Windows\System\BxAxbII.exe
  C:\Windows\System\BxAxbII.exe
  2⤵
  PID:5336
- C:\Windows\System\HJzozpQ.exe
  C:\Windows\System\HJzozpQ.exe
  2⤵
  PID:5252
- C:\Windows\System\ZzXYqwE.exe
  C:\Windows\System\ZzXYqwE.exe
  2⤵
  PID:5136
- C:\Windows\System\OayLvAc.exe
  C:\Windows\System\OayLvAc.exe
  2⤵
  PID:1692
- C:\Windows\System\YdrcsmZ.exe
  C:\Windows\System\YdrcsmZ.exe
  2⤵
  PID:3588
- C:\Windows\System\xITaTjp.exe
  C:\Windows\System\xITaTjp.exe
  2⤵
  PID:5092
- C:\Windows\System\uPlQRxy.exe
  C:\Windows\System\uPlQRxy.exe
  2⤵
  PID:1056
- C:\Windows\System\CttyOOX.exe
  C:\Windows\System\CttyOOX.exe
  2⤵
  PID:1956
- C:\Windows\System\ymteHIA.exe
  C:\Windows\System\ymteHIA.exe
  2⤵
  PID:6556
- C:\Windows\System\oDYQueM.exe
  C:\Windows\System\oDYQueM.exe
  2⤵
  PID:4604
- C:\Windows\System\QUZUTmy.exe
  C:\Windows\System\QUZUTmy.exe
  2⤵
  PID:1928
- C:\Windows\System\dMlTAav.exe
  C:\Windows\System\dMlTAav.exe
  2⤵
  PID:3524
- C:\Windows\System\cFPjASj.exe
  C:\Windows\System\cFPjASj.exe
  2⤵
  PID:808
- C:\Windows\System\hcjKozr.exe
  C:\Windows\System\hcjKozr.exe
  2⤵
  PID:6680
- C:\Windows\System\KUfIztr.exe
  C:\Windows\System\KUfIztr.exe
  2⤵
  PID:4648
- C:\Windows\System\kFxhnQN.exe
  C:\Windows\System\kFxhnQN.exe
  2⤵
  PID:6744
- C:\Windows\System\DMExRpu.exe
  C:\Windows\System\DMExRpu.exe
  2⤵
  PID:6772
- C:\Windows\System\WluUmmr.exe
  C:\Windows\System\WluUmmr.exe
  2⤵
  PID:6828
- C:\Windows\System\RajJCTM.exe
  C:\Windows\System\RajJCTM.exe
  2⤵
  PID:2132
- C:\Windows\System\LATYsBm.exe
  C:\Windows\System\LATYsBm.exe
  2⤵
  PID:4820
- C:\Windows\System\BTqVmal.exe
  C:\Windows\System\BTqVmal.exe
  2⤵
  PID:5072
- C:\Windows\System\bcLyeTi.exe
  C:\Windows\System\bcLyeTi.exe
  2⤵
  PID:5468
- C:\Windows\System\OYGEKfE.exe
  C:\Windows\System\OYGEKfE.exe
  2⤵
  PID:4772
- C:\Windows\System\FVknPtJ.exe
  C:\Windows\System\FVknPtJ.exe
  2⤵
  PID:6992
- C:\Windows\System\EFeXkGk.exe
  C:\Windows\System\EFeXkGk.exe
  2⤵
  PID:7004
- C:\Windows\System\rlJXVaG.exe
  C:\Windows\System\rlJXVaG.exe
  2⤵
  PID:7064
- C:\Windows\System\lJzoWcN.exe
  C:\Windows\System\lJzoWcN.exe
  2⤵
  PID:7080
- C:\Windows\System\IEISrcS.exe
  C:\Windows\System\IEISrcS.exe
  2⤵
  PID:6192
- C:\Windows\System\gMKHcrt.exe
  C:\Windows\System\gMKHcrt.exe
  2⤵
  PID:7172
- C:\Windows\System\jiJOixk.exe
  C:\Windows\System\jiJOixk.exe
  2⤵
  PID:7192
- C:\Windows\System\pooZBeg.exe
  C:\Windows\System\pooZBeg.exe
  2⤵
  PID:7216
- C:\Windows\System\nbfZOaJ.exe
  C:\Windows\System\nbfZOaJ.exe
  2⤵
  PID:7240
- C:\Windows\System\SpywGZN.exe
  C:\Windows\System\SpywGZN.exe
  2⤵
  PID:7256
- C:\Windows\System\JpjKxCP.exe
  C:\Windows\System\JpjKxCP.exe
  2⤵
  PID:7284
- C:\Windows\System\pbCcGVk.exe
  C:\Windows\System\pbCcGVk.exe
  2⤵
  PID:7308
- C:\Windows\System\vuBbqll.exe
  C:\Windows\System\vuBbqll.exe
  2⤵
  PID:7324
- C:\Windows\System\tyOhPxg.exe
  C:\Windows\System\tyOhPxg.exe
  2⤵
  PID:7348
- C:\Windows\System\FQcyrkP.exe
  C:\Windows\System\FQcyrkP.exe
  2⤵
  PID:7372
- C:\Windows\System\mJIOYcp.exe
  C:\Windows\System\mJIOYcp.exe
  2⤵
  PID:7392
- C:\Windows\System\xmJVaRL.exe
  C:\Windows\System\xmJVaRL.exe
  2⤵
  PID:7412
- C:\Windows\System\lwVLBBt.exe
  C:\Windows\System\lwVLBBt.exe
  2⤵
  PID:7432
- C:\Windows\System\cKuEVSY.exe
  C:\Windows\System\cKuEVSY.exe
  2⤵
  PID:7456
- C:\Windows\System\dHZqkUd.exe
  C:\Windows\System\dHZqkUd.exe
  2⤵
  PID:7472
- C:\Windows\System\FnBRapH.exe
  C:\Windows\System\FnBRapH.exe
  2⤵
  PID:7492
- C:\Windows\System\FHaxusX.exe
  C:\Windows\System\FHaxusX.exe
  2⤵
  PID:7512
- C:\Windows\System\VApfgJT.exe
  C:\Windows\System\VApfgJT.exe
  2⤵
  PID:7536
- C:\Windows\System\YrFmXFT.exe
  C:\Windows\System\YrFmXFT.exe
  2⤵
  PID:7560
- C:\Windows\System\McgebBP.exe
  C:\Windows\System\McgebBP.exe
  2⤵
  PID:7576
- C:\Windows\System\bbnuImb.exe
  C:\Windows\System\bbnuImb.exe
  2⤵
  PID:7604
- C:\Windows\System\gsjiFAa.exe
  C:\Windows\System\gsjiFAa.exe
  2⤵
  PID:7620
- C:\Windows\System\vfeTMpI.exe
  C:\Windows\System\vfeTMpI.exe
  2⤵
  PID:7644
- C:\Windows\System\hENuJXO.exe
  C:\Windows\System\hENuJXO.exe
  2⤵
  PID:7664
- C:\Windows\System\HFVGeZE.exe
  C:\Windows\System\HFVGeZE.exe
  2⤵
  PID:7688
- C:\Windows\System\yrVSuQk.exe
  C:\Windows\System\yrVSuQk.exe
  2⤵
  PID:7708
- C:\Windows\System\YEooVJV.exe
  C:\Windows\System\YEooVJV.exe
  2⤵
  PID:7732
- C:\Windows\System\mJhgavG.exe
  C:\Windows\System\mJhgavG.exe
  2⤵
  PID:7748
- C:\Windows\System\uLvvFYI.exe
  C:\Windows\System\uLvvFYI.exe
  2⤵
  PID:7768
- C:\Windows\System\RcRvkHI.exe
  C:\Windows\System\RcRvkHI.exe
  2⤵
  PID:7788
- C:\Windows\System\hVRgwUh.exe
  C:\Windows\System\hVRgwUh.exe
  2⤵
  PID:7812
- C:\Windows\System\jLVdtLK.exe
  C:\Windows\System\jLVdtLK.exe
  2⤵
  PID:7832
- C:\Windows\System\bMbkYKC.exe
  C:\Windows\System\bMbkYKC.exe
  2⤵
  PID:7856
- C:\Windows\System\lUAjKSZ.exe
  C:\Windows\System\lUAjKSZ.exe
  2⤵
  PID:7876
- C:\Windows\System\BfMANri.exe
  C:\Windows\System\BfMANri.exe
  2⤵
  PID:7896
- C:\Windows\System\wMDuPlQ.exe
  C:\Windows\System\wMDuPlQ.exe
  2⤵
  PID:7912
- C:\Windows\System\wiApAlW.exe
  C:\Windows\System\wiApAlW.exe
  2⤵
  PID:7940
- C:\Windows\System\oeRNvtG.exe
  C:\Windows\System\oeRNvtG.exe
  2⤵
  PID:7960
- C:\Windows\System\JFWsLFv.exe
  C:\Windows\System\JFWsLFv.exe
  2⤵
  PID:7976
- C:\Windows\System\KdOmRHD.exe
  C:\Windows\System\KdOmRHD.exe
  2⤵
  PID:8000
- C:\Windows\System\qzfobrZ.exe
  C:\Windows\System\qzfobrZ.exe
  2⤵
  PID:8020
- C:\Windows\System\UgAZotW.exe
  C:\Windows\System\UgAZotW.exe
  2⤵
  PID:8040
- C:\Windows\System\WQyOTdl.exe
  C:\Windows\System\WQyOTdl.exe
  2⤵
  PID:8064
- C:\Windows\System\HxrxTln.exe
  C:\Windows\System\HxrxTln.exe
  2⤵
  PID:8084
- C:\Windows\System\AmxVJwY.exe
  C:\Windows\System\AmxVJwY.exe
  2⤵
  PID:8108
- C:\Windows\System\yqRVIxx.exe
  C:\Windows\System\yqRVIxx.exe
  2⤵
  PID:8128
- C:\Windows\System\mkyCMZz.exe
  C:\Windows\System\mkyCMZz.exe
  2⤵
  PID:8152
- C:\Windows\System\ORSAUMi.exe
  C:\Windows\System\ORSAUMi.exe
  2⤵
  PID:8172
- C:\Windows\System\BKxrQBo.exe
  C:\Windows\System\BKxrQBo.exe
  2⤵
  PID:8188
- C:\Windows\System\fofxVWW.exe
  C:\Windows\System\fofxVWW.exe
  2⤵
  PID:6004
- C:\Windows\System\IcReQsE.exe
  C:\Windows\System\IcReQsE.exe
  2⤵
  PID:5960
- C:\Windows\System\AdNyecO.exe
  C:\Windows\System\AdNyecO.exe
  2⤵
  PID:5928
- C:\Windows\System\CaQCQsu.exe
  C:\Windows\System\CaQCQsu.exe
  2⤵
  PID:5892
- C:\Windows\System\JPaWfJX.exe
  C:\Windows\System\JPaWfJX.exe
  2⤵
  PID:6088
- C:\Windows\System\lrmPbzs.exe
  C:\Windows\System\lrmPbzs.exe
  2⤵
  PID:4060
- C:\Windows\System\jiDtdzQ.exe
  C:\Windows\System\jiDtdzQ.exe
  2⤵
  PID:6400
- C:\Windows\System\eHpKxBX.exe
  C:\Windows\System\eHpKxBX.exe
  2⤵
  PID:6432
- C:\Windows\System\GhEpVQd.exe
  C:\Windows\System\GhEpVQd.exe
  2⤵
  PID:3308
- C:\Windows\System\oiFfpyP.exe
  C:\Windows\System\oiFfpyP.exe
  2⤵
  PID:3204
- C:\Windows\System\zePhMiJ.exe
  C:\Windows\System\zePhMiJ.exe
  2⤵
  PID:5540
- C:\Windows\System\sxNubvZ.exe
  C:\Windows\System\sxNubvZ.exe
  2⤵
  PID:6616
- C:\Windows\System\jeNepcY.exe
  C:\Windows\System\jeNepcY.exe
  2⤵
  PID:3924
- C:\Windows\System\kJmxvES.exe
  C:\Windows\System\kJmxvES.exe
  2⤵
  PID:8196
- C:\Windows\System\EHUYlgz.exe
  C:\Windows\System\EHUYlgz.exe
  2⤵
  PID:8216
- C:\Windows\System\DJdcXcO.exe
  C:\Windows\System\DJdcXcO.exe
  2⤵
  PID:8232
- C:\Windows\System\hBtuqfi.exe
  C:\Windows\System\hBtuqfi.exe
  2⤵
  PID:8252
- C:\Windows\System\eGANvpk.exe
  C:\Windows\System\eGANvpk.exe
  2⤵
  PID:8272
- C:\Windows\System\gfGxPjl.exe
  C:\Windows\System\gfGxPjl.exe
  2⤵
  PID:8292
- C:\Windows\System\qyUQGPB.exe
  C:\Windows\System\qyUQGPB.exe
  2⤵
  PID:8316
- C:\Windows\System\cAUEdah.exe
  C:\Windows\System\cAUEdah.exe
  2⤵
  PID:8344
- C:\Windows\System\AJFOnCl.exe
  C:\Windows\System\AJFOnCl.exe
  2⤵
  PID:8364
- C:\Windows\System\uwAYZMh.exe
  C:\Windows\System\uwAYZMh.exe
  2⤵
  PID:8380
- C:\Windows\System\CShaVlE.exe
  C:\Windows\System\CShaVlE.exe
  2⤵
  PID:8400
- C:\Windows\System\qALLaAW.exe
  C:\Windows\System\qALLaAW.exe
  2⤵
  PID:8420
- C:\Windows\System\cUElNPw.exe
  C:\Windows\System\cUElNPw.exe
  2⤵
  PID:8440
- C:\Windows\System\iajClkQ.exe
  C:\Windows\System\iajClkQ.exe
  2⤵
  PID:8460
- C:\Windows\System\KHEgfpB.exe
  C:\Windows\System\KHEgfpB.exe
  2⤵
  PID:8480
- C:\Windows\System\pETbIie.exe
  C:\Windows\System\pETbIie.exe
  2⤵
  PID:8496
- C:\Windows\System\skgHGlA.exe
  C:\Windows\System\skgHGlA.exe
  2⤵
  PID:8516
- C:\Windows\System\KCTOhpx.exe
  C:\Windows\System\KCTOhpx.exe
  2⤵
  PID:8532
- C:\Windows\System\TvpPqpJ.exe
  C:\Windows\System\TvpPqpJ.exe
  2⤵
  PID:8552
- C:\Windows\System\qPJjpRe.exe
  C:\Windows\System\qPJjpRe.exe
  2⤵
  PID:8568
- C:\Windows\System\WGenFBm.exe
  C:\Windows\System\WGenFBm.exe
  2⤵
  PID:8588
- C:\Windows\System\unOnwAE.exe
  C:\Windows\System\unOnwAE.exe
  2⤵
  PID:8608
- C:\Windows\System\iecrOiO.exe
  C:\Windows\System\iecrOiO.exe
  2⤵
  PID:8632
- C:\Windows\System\tRlhCKN.exe
  C:\Windows\System\tRlhCKN.exe
  2⤵
  PID:8652
- C:\Windows\System\STFOVNn.exe
  C:\Windows\System\STFOVNn.exe
  2⤵
  PID:8672
- C:\Windows\System\FhJJrxh.exe
  C:\Windows\System\FhJJrxh.exe
  2⤵
  PID:8700
- C:\Windows\System\OPirkjd.exe
  C:\Windows\System\OPirkjd.exe
  2⤵
  PID:8724
- C:\Windows\System\qBkVHud.exe
  C:\Windows\System\qBkVHud.exe
  2⤵
  PID:8740
- C:\Windows\System\swiwKWo.exe
  C:\Windows\System\swiwKWo.exe
  2⤵
  PID:8764
- C:\Windows\System\QyAlIxb.exe
  C:\Windows\System\QyAlIxb.exe
  2⤵
  PID:8788
- C:\Windows\System\NeIbQdq.exe
  C:\Windows\System\NeIbQdq.exe
  2⤵
  PID:8804
- C:\Windows\System\VZekBhI.exe
  C:\Windows\System\VZekBhI.exe
  2⤵
  PID:8824
- C:\Windows\System\pSJNDVh.exe
  C:\Windows\System\pSJNDVh.exe
  2⤵
  PID:8844
- C:\Windows\System\wvyDWtG.exe
  C:\Windows\System\wvyDWtG.exe
  2⤵
  PID:8864
- C:\Windows\System\SWvqIXR.exe
  C:\Windows\System\SWvqIXR.exe
  2⤵
  PID:8888
- C:\Windows\System\rlwYOUn.exe
  C:\Windows\System\rlwYOUn.exe
  2⤵
  PID:8904
- C:\Windows\System\ytFSoLo.exe
  C:\Windows\System\ytFSoLo.exe
  2⤵
  PID:8928
- C:\Windows\System\SaJqfAQ.exe
  C:\Windows\System\SaJqfAQ.exe
  2⤵
  PID:8952
- C:\Windows\System\dFsxeBY.exe
  C:\Windows\System\dFsxeBY.exe
  2⤵
  PID:8980
- C:\Windows\System\pqsrWkz.exe
  C:\Windows\System\pqsrWkz.exe
  2⤵
  PID:8996
- C:\Windows\System\rysMtGc.exe
  C:\Windows\System\rysMtGc.exe
  2⤵
  PID:9024
- C:\Windows\System\MSFwgtQ.exe
  C:\Windows\System\MSFwgtQ.exe
  2⤵
  PID:9044
- C:\Windows\System\pRpRUOh.exe
  C:\Windows\System\pRpRUOh.exe
  2⤵
  PID:9064
- C:\Windows\System\OFFWOMA.exe
  C:\Windows\System\OFFWOMA.exe
  2⤵
  PID:9084
- C:\Windows\System\fQEcPza.exe
  C:\Windows\System\fQEcPza.exe
  2⤵
  PID:9108
- C:\Windows\System\cFBQCKq.exe
  C:\Windows\System\cFBQCKq.exe
  2⤵
  PID:9124
- C:\Windows\System\gAjfLPR.exe
  C:\Windows\System\gAjfLPR.exe
  2⤵
  PID:9144
- C:\Windows\System\noHeptM.exe
  C:\Windows\System\noHeptM.exe
  2⤵
  PID:9160
- C:\Windows\System\OXvHMYJ.exe
  C:\Windows\System\OXvHMYJ.exe
  2⤵
  PID:9184
- C:\Windows\System\QMRoclH.exe
  C:\Windows\System\QMRoclH.exe
  2⤵
  PID:9200
- C:\Windows\System\rGPEBes.exe
  C:\Windows\System\rGPEBes.exe
  2⤵
  PID:3772
- C:\Windows\System\QWCmuZN.exe
  C:\Windows\System\QWCmuZN.exe
  2⤵
  PID:6152
- C:\Windows\System\WzjpHtl.exe
  C:\Windows\System\WzjpHtl.exe
  2⤵
  PID:4068
- C:\Windows\System\FxVzKBu.exe
  C:\Windows\System\FxVzKBu.exe
  2⤵
  PID:4848
- C:\Windows\System\KmXaEKj.exe
  C:\Windows\System\KmXaEKj.exe
  2⤵
  PID:6980
- C:\Windows\System\QucleuJ.exe
  C:\Windows\System\QucleuJ.exe
  2⤵
  PID:7024
- C:\Windows\System\UytMjDk.exe
  C:\Windows\System\UytMjDk.exe
  2⤵
  PID:6196
- C:\Windows\System\ChftXMU.exe
  C:\Windows\System\ChftXMU.exe
  2⤵
  PID:7264
- C:\Windows\System\aTxwrOj.exe
  C:\Windows\System\aTxwrOj.exe
  2⤵
  PID:6220
- C:\Windows\System\vIxWoAF.exe
  C:\Windows\System\vIxWoAF.exe
  2⤵
  PID:6280
- C:\Windows\System\jVCDxam.exe
  C:\Windows\System\jVCDxam.exe
  2⤵
  PID:7356
- C:\Windows\System\JOitmMT.exe
  C:\Windows\System\JOitmMT.exe
  2⤵
  PID:7448
- C:\Windows\System\DPaPmLL.exe
  C:\Windows\System\DPaPmLL.exe
  2⤵
  PID:6448
- C:\Windows\System\HcOVoIq.exe
  C:\Windows\System\HcOVoIq.exe
  2⤵
  PID:6504
- C:\Windows\System\ZnYIEnp.exe
  C:\Windows\System\ZnYIEnp.exe
  2⤵
  PID:7568
- C:\Windows\System\WnzBYTS.exe
  C:\Windows\System\WnzBYTS.exe
  2⤵
  PID:7628
- C:\Windows\System\eOhMMvW.exe
  C:\Windows\System\eOhMMvW.exe
  2⤵
  PID:7676
- C:\Windows\System\CBlJzpg.exe
  C:\Windows\System\CBlJzpg.exe
  2⤵
  PID:5392
- C:\Windows\System\bIaWvlK.exe
  C:\Windows\System\bIaWvlK.exe
  2⤵
  PID:7840
- C:\Windows\System\kjnuVok.exe
  C:\Windows\System\kjnuVok.exe
  2⤵
  PID:9232
- C:\Windows\System\oatjhxP.exe
  C:\Windows\System\oatjhxP.exe
  2⤵
  PID:9248
- C:\Windows\System\qiFCzrG.exe
  C:\Windows\System\qiFCzrG.exe
  2⤵
  PID:9272
- C:\Windows\System\tIGORTK.exe
  C:\Windows\System\tIGORTK.exe
  2⤵
  PID:9292
- C:\Windows\System\nvDDrLK.exe
  C:\Windows\System\nvDDrLK.exe
  2⤵
  PID:9316
- C:\Windows\System\SSlbZCv.exe
  C:\Windows\System\SSlbZCv.exe
  2⤵
  PID:9336
- C:\Windows\System\huFoOEG.exe
  C:\Windows\System\huFoOEG.exe
  2⤵
  PID:9352
- C:\Windows\System\DKFQQMB.exe
  C:\Windows\System\DKFQQMB.exe
  2⤵
  PID:9380
- C:\Windows\System\rFyXNek.exe
  C:\Windows\System\rFyXNek.exe
  2⤵
  PID:9400
- C:\Windows\System\NTWDRYP.exe
  C:\Windows\System\NTWDRYP.exe
  2⤵
  PID:9416
- C:\Windows\System\LuFLWXP.exe
  C:\Windows\System\LuFLWXP.exe
  2⤵
  PID:9432
- C:\Windows\System\kMKcNWp.exe
  C:\Windows\System\kMKcNWp.exe
  2⤵
  PID:9464
- C:\Windows\System\yVEVLQU.exe
  C:\Windows\System\yVEVLQU.exe
  2⤵
  PID:9484
- C:\Windows\System\pvMKtjf.exe
  C:\Windows\System\pvMKtjf.exe
  2⤵
  PID:9504
- C:\Windows\System\djENCHX.exe
  C:\Windows\System\djENCHX.exe
  2⤵
  PID:9520
- C:\Windows\System\gVNAhDZ.exe
  C:\Windows\System\gVNAhDZ.exe
  2⤵
  PID:9548
- C:\Windows\System\dgVczoX.exe
  C:\Windows\System\dgVczoX.exe
  2⤵
  PID:9572
- C:\Windows\System\sPFuPuJ.exe
  C:\Windows\System\sPFuPuJ.exe
  2⤵
  PID:9596
- C:\Windows\System\SVVUUSL.exe
  C:\Windows\System\SVVUUSL.exe
  2⤵
  PID:9612
- C:\Windows\System\zoLhStc.exe
  C:\Windows\System\zoLhStc.exe
  2⤵
  PID:9632
- C:\Windows\System\eqoBdCq.exe
  C:\Windows\System\eqoBdCq.exe
  2⤵
  PID:9660
- C:\Windows\System\UYpKhrF.exe
  C:\Windows\System\UYpKhrF.exe
  2⤵
  PID:9680
- C:\Windows\System\hdyGhgE.exe
  C:\Windows\System\hdyGhgE.exe
  2⤵
  PID:9708
- C:\Windows\System\VYFMiNi.exe
  C:\Windows\System\VYFMiNi.exe
  2⤵
  PID:9736
- C:\Windows\System\WydXwLj.exe
  C:\Windows\System\WydXwLj.exe
  2⤵
  PID:9764
- C:\Windows\System\CfBCzlB.exe
  C:\Windows\System\CfBCzlB.exe
  2⤵
  PID:9784
- C:\Windows\System\muLCxSK.exe
  C:\Windows\System\muLCxSK.exe
  2⤵
  PID:9804
- C:\Windows\System\AEdzCSC.exe
  C:\Windows\System\AEdzCSC.exe
  2⤵
  PID:9824
- C:\Windows\System\LkjDqiP.exe
  C:\Windows\System\LkjDqiP.exe
  2⤵
  PID:9840
- C:\Windows\System\pmEOKnO.exe
  C:\Windows\System\pmEOKnO.exe
  2⤵
  PID:9864
- C:\Windows\System\bscYvhm.exe
  C:\Windows\System\bscYvhm.exe
  2⤵
  PID:9884
- C:\Windows\System\bjjetcE.exe
  C:\Windows\System\bjjetcE.exe
  2⤵
  PID:9908
- C:\Windows\System\xgEnVJS.exe
  C:\Windows\System\xgEnVJS.exe
  2⤵
  PID:9932
- C:\Windows\System\oFqjIdM.exe
  C:\Windows\System\oFqjIdM.exe
  2⤵
  PID:9956
- C:\Windows\System\tbcqzgo.exe
  C:\Windows\System\tbcqzgo.exe
  2⤵
  PID:9980
- C:\Windows\System\CAVGTWK.exe
  C:\Windows\System\CAVGTWK.exe
  2⤵
  PID:10000
- C:\Windows\System\UQLhXot.exe
  C:\Windows\System\UQLhXot.exe
  2⤵
  PID:10016
- C:\Windows\System\ffMDLiP.exe
  C:\Windows\System\ffMDLiP.exe
  2⤵
  PID:10044
- C:\Windows\System\KQVNnBb.exe
  C:\Windows\System\KQVNnBb.exe
  2⤵
  PID:10072
- C:\Windows\System\zEnDBKf.exe
  C:\Windows\System\zEnDBKf.exe
  2⤵
  PID:10088
- C:\Windows\System\xcNUoIM.exe
  C:\Windows\System\xcNUoIM.exe
  2⤵
  PID:10108
- C:\Windows\System\eXlMJqH.exe
  C:\Windows\System\eXlMJqH.exe
  2⤵
  PID:10128
- C:\Windows\System\FWCQgzb.exe
  C:\Windows\System\FWCQgzb.exe
  2⤵
  PID:10152
- C:\Windows\System\AjKOJDI.exe
  C:\Windows\System\AjKOJDI.exe
  2⤵
  PID:10172
- C:\Windows\System\JVgDtmg.exe
  C:\Windows\System\JVgDtmg.exe
  2⤵
  PID:10192
- C:\Windows\System\pasBdNb.exe
  C:\Windows\System\pasBdNb.exe
  2⤵
  PID:10212
- C:\Windows\System\myxiIwG.exe
  C:\Windows\System\myxiIwG.exe
  2⤵
  PID:10232
- C:\Windows\System\MWeUAfd.exe
  C:\Windows\System\MWeUAfd.exe
  2⤵
  PID:7888
- C:\Windows\System\iZKpwRt.exe
  C:\Windows\System\iZKpwRt.exe
  2⤵
  PID:7928
- C:\Windows\System\hcmJIoh.exe
  C:\Windows\System\hcmJIoh.exe
  2⤵
  PID:5284
- C:\Windows\System\SYqdjAe.exe
  C:\Windows\System\SYqdjAe.exe
  2⤵
  PID:7984
- C:\Windows\System\wuTwcyl.exe
  C:\Windows\System\wuTwcyl.exe
  2⤵
  PID:8016
- C:\Windows\System\GFxbdtl.exe
  C:\Windows\System\GFxbdtl.exe
  2⤵
  PID:3092
- C:\Windows\System\rGqfjNS.exe
  C:\Windows\System\rGqfjNS.exe
  2⤵
  PID:5060
- C:\Windows\System\fcwjwcW.exe
  C:\Windows\System\fcwjwcW.exe
  2⤵
  PID:5932
- C:\Windows\System\hXPLEYk.exe
  C:\Windows\System\hXPLEYk.exe
  2⤵
  PID:4516
- C:\Windows\System\HGjoXzR.exe
  C:\Windows\System\HGjoXzR.exe
  2⤵
  PID:6604
- C:\Windows\System\sfmntzL.exe
  C:\Windows\System\sfmntzL.exe
  2⤵
  PID:6832
- C:\Windows\System\koUdMVe.exe
  C:\Windows\System\koUdMVe.exe
  2⤵
  PID:8228
- C:\Windows\System\xyZCdxF.exe
  C:\Windows\System\xyZCdxF.exe
  2⤵
  PID:6428
- C:\Windows\System\apSYyue.exe
  C:\Windows\System\apSYyue.exe
  2⤵
  PID:6544
- C:\Windows\System\gzLqnLh.exe
  C:\Windows\System\gzLqnLh.exe
  2⤵
  PID:1900
- C:\Windows\System\tfYODWx.exe
  C:\Windows\System\tfYODWx.exe
  2⤵
  PID:8376
- C:\Windows\System\ASNUGXY.exe
  C:\Windows\System\ASNUGXY.exe
  2⤵
  PID:8408
- C:\Windows\System\BnRzyci.exe
  C:\Windows\System\BnRzyci.exe
  2⤵
  PID:8468
- C:\Windows\System\IPBYpLJ.exe
  C:\Windows\System\IPBYpLJ.exe
  2⤵
  PID:5644
- C:\Windows\System\NwYhime.exe
  C:\Windows\System\NwYhime.exe
  2⤵
  PID:8548
- C:\Windows\System\EFXVmDp.exe
  C:\Windows\System\EFXVmDp.exe
  2⤵
  PID:940
- C:\Windows\System\eYstOBV.exe
  C:\Windows\System\eYstOBV.exe
  2⤵
  PID:8628
- C:\Windows\System\vaWEXRR.exe
  C:\Windows\System\vaWEXRR.exe
  2⤵
  PID:8688
- C:\Windows\System\FmfXJkE.exe
  C:\Windows\System\FmfXJkE.exe
  2⤵
  PID:8716
- C:\Windows\System\xQjXBKR.exe
  C:\Windows\System\xQjXBKR.exe
  2⤵
  PID:8752
- C:\Windows\System\pQaRPZE.exe
  C:\Windows\System\pQaRPZE.exe
  2⤵
  PID:8916
- C:\Windows\System\qJzJwHi.exe
  C:\Windows\System\qJzJwHi.exe
  2⤵
  PID:10252
- C:\Windows\System\csELGSw.exe
  C:\Windows\System\csELGSw.exe
  2⤵
  PID:10280
- C:\Windows\System\LRHKEbP.exe
  C:\Windows\System\LRHKEbP.exe
  2⤵
  PID:10296
- C:\Windows\System\AnoniPc.exe
  C:\Windows\System\AnoniPc.exe
  2⤵
  PID:10320
- C:\Windows\System\jrteNew.exe
  C:\Windows\System\jrteNew.exe
  2⤵
  PID:10336
- C:\Windows\System\SpNOLqA.exe
  C:\Windows\System\SpNOLqA.exe
  2⤵
  PID:10360
- C:\Windows\System\CcJiPai.exe
  C:\Windows\System\CcJiPai.exe
  2⤵
  PID:10384
- C:\Windows\System\oKBjxqK.exe
  C:\Windows\System\oKBjxqK.exe
  2⤵
  PID:10408
- C:\Windows\System\waVspSC.exe
  C:\Windows\System\waVspSC.exe
  2⤵
  PID:10424
- C:\Windows\System\mpSYgTE.exe
  C:\Windows\System\mpSYgTE.exe
  2⤵
  PID:10444
- C:\Windows\System\qItRKku.exe
  C:\Windows\System\qItRKku.exe
  2⤵
  PID:10468
- C:\Windows\System\KWTdXDb.exe
  C:\Windows\System\KWTdXDb.exe
  2⤵
  PID:10488
- C:\Windows\System\XmUdkdH.exe
  C:\Windows\System\XmUdkdH.exe
  2⤵
  PID:10508
- C:\Windows\System\tWTtmCL.exe
  C:\Windows\System\tWTtmCL.exe
  2⤵
  PID:10532
- C:\Windows\System\pUlwDKL.exe
  C:\Windows\System\pUlwDKL.exe
  2⤵
  PID:10552
- C:\Windows\System\sxWBGES.exe
  C:\Windows\System\sxWBGES.exe
  2⤵
  PID:10572
- C:\Windows\System\uaxrnxF.exe
  C:\Windows\System\uaxrnxF.exe
  2⤵
  PID:10596
- C:\Windows\System\CvOUCAd.exe
  C:\Windows\System\CvOUCAd.exe
  2⤵
  PID:10616
- C:\Windows\System\MFINluI.exe
  C:\Windows\System\MFINluI.exe
  2⤵
  PID:10640
- C:\Windows\System\AbfpTXS.exe
  C:\Windows\System\AbfpTXS.exe
  2⤵
  PID:10664
- C:\Windows\System\EXStGwO.exe
  C:\Windows\System\EXStGwO.exe
  2⤵
  PID:10680
- C:\Windows\System\FJPrTPL.exe
  C:\Windows\System\FJPrTPL.exe
  2⤵
  PID:10708
- C:\Windows\System\lsqyZOr.exe
  C:\Windows\System\lsqyZOr.exe
  2⤵
  PID:10724
- C:\Windows\System\UZlZhfP.exe
  C:\Windows\System\UZlZhfP.exe
  2⤵
  PID:10752
- C:\Windows\System\lrYjywV.exe
  C:\Windows\System\lrYjywV.exe
  2⤵
  PID:10776
- C:\Windows\System\qypViNY.exe
  C:\Windows\System\qypViNY.exe
  2⤵
  PID:10792
- C:\Windows\System\wAdioHJ.exe
  C:\Windows\System\wAdioHJ.exe
  2⤵
  PID:10812
- C:\Windows\System\ykoERmg.exe
  C:\Windows\System\ykoERmg.exe
  2⤵
  PID:10836
- C:\Windows\System\WIDNEQd.exe
  C:\Windows\System\WIDNEQd.exe
  2⤵
  PID:10856
- C:\Windows\System\EMnfZbD.exe
  C:\Windows\System\EMnfZbD.exe
  2⤵
  PID:10876
- C:\Windows\System\IMsrlgf.exe
  C:\Windows\System\IMsrlgf.exe
  2⤵
  PID:10900
- C:\Windows\System\GCFcbwx.exe
  C:\Windows\System\GCFcbwx.exe
  2⤵
  PID:10920
- C:\Windows\System\GwyfsZT.exe
  C:\Windows\System\GwyfsZT.exe
  2⤵
  PID:10936
- C:\Windows\System\CnaHFfJ.exe
  C:\Windows\System\CnaHFfJ.exe
  2⤵
  PID:10952
- C:\Windows\System\ANggORF.exe
  C:\Windows\System\ANggORF.exe
  2⤵
  PID:10972
- C:\Windows\System\nvSwxbr.exe
  C:\Windows\System\nvSwxbr.exe
  2⤵
  PID:10992
- C:\Windows\System\bJBLaiF.exe
  C:\Windows\System\bJBLaiF.exe
  2⤵
  PID:11012
- C:\Windows\System\mHOAFOk.exe
  C:\Windows\System\mHOAFOk.exe
  2⤵
  PID:11032
- C:\Windows\System\iMnErIw.exe
  C:\Windows\System\iMnErIw.exe
  2⤵
  PID:11052
- C:\Windows\System\XwBcRtX.exe
  C:\Windows\System\XwBcRtX.exe
  2⤵
  PID:11076
- C:\Windows\System\xXXmwpw.exe
  C:\Windows\System\xXXmwpw.exe
  2⤵
  PID:11100
- C:\Windows\System\letSjwv.exe
  C:\Windows\System\letSjwv.exe
  2⤵
  PID:11120
- C:\Windows\System\OUEuBBH.exe
  C:\Windows\System\OUEuBBH.exe
  2⤵
  PID:11144
- C:\Windows\System\VzDoGuf.exe
  C:\Windows\System\VzDoGuf.exe
  2⤵
  PID:11164
- C:\Windows\System\cKkaEtx.exe
  C:\Windows\System\cKkaEtx.exe
  2⤵
  PID:11184
- C:\Windows\System\kCSqcPo.exe
  C:\Windows\System\kCSqcPo.exe
  2⤵
  PID:11204
- C:\Windows\System\wMSoEnw.exe
  C:\Windows\System\wMSoEnw.exe
  2⤵
  PID:11224
- C:\Windows\System\dVxJqRS.exe
  C:\Windows\System\dVxJqRS.exe
  2⤵
  PID:11248
- C:\Windows\System\qcOKgzM.exe
  C:\Windows\System\qcOKgzM.exe
  2⤵
  PID:9056
- C:\Windows\System\VNIavoy.exe
  C:\Windows\System\VNIavoy.exe
  2⤵
  PID:9096
- C:\Windows\System\mrxnuIJ.exe
  C:\Windows\System\mrxnuIJ.exe
  2⤵
  PID:7424
- C:\Windows\System\pNvGRgb.exe
  C:\Windows\System\pNvGRgb.exe
  2⤵
  PID:9212
- C:\Windows\System\nrlogZb.exe
  C:\Windows\System\nrlogZb.exe
  2⤵
  PID:2780
- C:\Windows\System\mqXCrvW.exe
  C:\Windows\System\mqXCrvW.exe
  2⤵
  PID:6268
- C:\Windows\System\ZTMqjSZ.exe
  C:\Windows\System\ZTMqjSZ.exe
  2⤵
  PID:7444
- C:\Windows\System\qyQJJJX.exe
  C:\Windows\System\qyQJJJX.exe
  2⤵
  PID:2080
- C:\Windows\System\umIYpsN.exe
  C:\Windows\System\umIYpsN.exe
  2⤵
  PID:7612
- C:\Windows\System\sivRYul.exe
  C:\Windows\System\sivRYul.exe
  2⤵
  PID:7724
- C:\Windows\System\pcXTEvo.exe
  C:\Windows\System\pcXTEvo.exe
  2⤵
  PID:7848
- C:\Windows\System\nPRGpiM.exe
  C:\Windows\System\nPRGpiM.exe
  2⤵
  PID:9240
- C:\Windows\System\Etcfzae.exe
  C:\Windows\System\Etcfzae.exe
  2⤵
  PID:9332
- C:\Windows\System\EfzIJDW.exe
  C:\Windows\System\EfzIJDW.exe
  2⤵
  PID:4196
- C:\Windows\System\wVCnIup.exe
  C:\Windows\System\wVCnIup.exe
  2⤵
  PID:9472
- C:\Windows\System\CKbgcZn.exe
  C:\Windows\System\CKbgcZn.exe
  2⤵
  PID:9500
- C:\Windows\System\ZVcFSdm.exe
  C:\Windows\System\ZVcFSdm.exe
  2⤵
  PID:8144
- C:\Windows\System\aNpwcCX.exe
  C:\Windows\System\aNpwcCX.exe
  2⤵
  PID:9620
- C:\Windows\System\ELncvTO.exe
  C:\Windows\System\ELncvTO.exe
  2⤵
  PID:5908
- C:\Windows\System\MiQoIlt.exe
  C:\Windows\System\MiQoIlt.exe
  2⤵
  PID:1672
- C:\Windows\System\FyPakjT.exe
  C:\Windows\System\FyPakjT.exe
  2⤵
  PID:9780
- C:\Windows\System\CVimJEe.exe
  C:\Windows\System\CVimJEe.exe
  2⤵
  PID:9820
- C:\Windows\System\dmCwjbz.exe
  C:\Windows\System\dmCwjbz.exe
  2⤵
  PID:9928
- C:\Windows\System\HXeeEas.exe
  C:\Windows\System\HXeeEas.exe
  2⤵
  PID:11284
- C:\Windows\System\dqwsgdM.exe
  C:\Windows\System\dqwsgdM.exe
  2⤵
  PID:11316
- C:\Windows\System\DdIRzew.exe
  C:\Windows\System\DdIRzew.exe
  2⤵
  PID:11332
- C:\Windows\System\ItSpvfN.exe
  C:\Windows\System\ItSpvfN.exe
  2⤵
  PID:11352
- C:\Windows\System\grgTQcq.exe
  C:\Windows\System\grgTQcq.exe
  2⤵
  PID:11372
- C:\Windows\System\eTdIMch.exe
  C:\Windows\System\eTdIMch.exe
  2⤵
  PID:11392
- C:\Windows\System\IpzYsjg.exe
  C:\Windows\System\IpzYsjg.exe
  2⤵
  PID:11416
- C:\Windows\System\qDvKrAT.exe
  C:\Windows\System\qDvKrAT.exe
  2⤵
  PID:11436
- C:\Windows\System\aFVQmiw.exe
  C:\Windows\System\aFVQmiw.exe
  2⤵
  PID:11452
- C:\Windows\System\gSNLSMu.exe
  C:\Windows\System\gSNLSMu.exe
  2⤵
  PID:11476
- C:\Windows\System\nvWbWEO.exe
  C:\Windows\System\nvWbWEO.exe
  2⤵
  PID:11500
- C:\Windows\System\buxNkyU.exe
  C:\Windows\System\buxNkyU.exe
  2⤵
  PID:11516
- C:\Windows\System\oTmTUjt.exe
  C:\Windows\System\oTmTUjt.exe
  2⤵
  PID:11536
- C:\Windows\System\vjpapqe.exe
  C:\Windows\System\vjpapqe.exe
  2⤵
  PID:11560
- C:\Windows\System\dLAwEER.exe
  C:\Windows\System\dLAwEER.exe
  2⤵
  PID:11580
- C:\Windows\System\uWruHfe.exe
  C:\Windows\System\uWruHfe.exe
  2⤵
  PID:11604
- C:\Windows\System\wCuDXjI.exe
  C:\Windows\System\wCuDXjI.exe
  2⤵
  PID:11624
- C:\Windows\System\MvNmELD.exe
  C:\Windows\System\MvNmELD.exe
  2⤵
  PID:11644
- C:\Windows\System\HeXtPpv.exe
  C:\Windows\System\HeXtPpv.exe
  2⤵
  PID:11664
- C:\Windows\System\kNhxKCS.exe
  C:\Windows\System\kNhxKCS.exe
  2⤵
  PID:11680
- C:\Windows\System\WhQiYzw.exe
  C:\Windows\System\WhQiYzw.exe
  2⤵
  PID:11700
- C:\Windows\System\ZpsLAwi.exe
  C:\Windows\System\ZpsLAwi.exe
  2⤵
  PID:11720
- C:\Windows\System\MLFITwY.exe
  C:\Windows\System\MLFITwY.exe
  2⤵
  PID:11744
- C:\Windows\System\ZTqffCS.exe
  C:\Windows\System\ZTqffCS.exe
  2⤵
  PID:7332
- C:\Windows\System\ckHFVhR.exe
  C:\Windows\System\ckHFVhR.exe
  2⤵
  PID:9140
- C:\Windows\System\cPWkiYL.exe
  C:\Windows\System\cPWkiYL.exe
  2⤵
  PID:10456
- C:\Windows\System\EBjOocG.exe
  C:\Windows\System\EBjOocG.exe
  2⤵
  PID:10480
- C:\Windows\System\WgCZwTL.exe
  C:\Windows\System\WgCZwTL.exe
  2⤵
  PID:2648
- C:\Windows\System\YvToGTz.exe
  C:\Windows\System\YvToGTz.exe
  2⤵
  PID:10612
- C:\Windows\System\lUrmyom.exe
  C:\Windows\System\lUrmyom.exe
  2⤵
  PID:7796
- C:\Windows\System\ltjhTMn.exe
  C:\Windows\System\ltjhTMn.exe
  2⤵
  PID:8008
- C:\Windows\System\dqkhwVX.exe
  C:\Windows\System\dqkhwVX.exe
  2⤵
  PID:9412
- C:\Windows\System\FDNHowQ.exe
  C:\Windows\System\FDNHowQ.exe
  2⤵
  PID:8116
- C:\Windows\System\MAcyEyQ.exe
  C:\Windows\System\MAcyEyQ.exe
  2⤵
  PID:5844
- C:\Windows\System\gzOGFea.exe
  C:\Windows\System\gzOGFea.exe
  2⤵
  PID:6072
- C:\Windows\System\PAhnegH.exe
  C:\Windows\System\PAhnegH.exe
  2⤵
  PID:6048
- C:\Windows\System\iHMLAvu.exe
  C:\Windows\System\iHMLAvu.exe
  2⤵
  PID:6584
- C:\Windows\System\RczeEnC.exe
  C:\Windows\System\RczeEnC.exe
  2⤵
  PID:9492
- C:\Windows\System\wKoLreP.exe
  C:\Windows\System\wKoLreP.exe
  2⤵
  PID:9896
- C:\Windows\System\rVSRfhU.exe
  C:\Windows\System\rVSRfhU.exe
  2⤵
  PID:11268
- C:\Windows\System\soMWUHm.exe
  C:\Windows\System\soMWUHm.exe
  2⤵
  PID:11296
- C:\Windows\System\rThnkeV.exe
  C:\Windows\System\rThnkeV.exe
  2⤵
  PID:10084
- C:\Windows\System\GpUXjcx.exe
  C:\Windows\System\GpUXjcx.exe
  2⤵
  PID:11552
- C:\Windows\System\aOEfXlL.exe
  C:\Windows\System\aOEfXlL.exe
  2⤵
  PID:7956
- C:\Windows\System\JysrUSx.exe
  C:\Windows\System\JysrUSx.exe
  2⤵
  PID:11788
- C:\Windows\System\HLNPcEw.exe
  C:\Windows\System\HLNPcEw.exe
  2⤵
  PID:4548
- C:\Windows\System\ZkcVMcw.exe
  C:\Windows\System\ZkcVMcw.exe
  2⤵
  PID:12312
- C:\Windows\System\PEhhNcJ.exe
  C:\Windows\System\PEhhNcJ.exe
  2⤵
  PID:12328
- C:\Windows\System\AlYPPED.exe
  C:\Windows\System\AlYPPED.exe
  2⤵
  PID:12372
- C:\Windows\System\nimKWFh.exe
  C:\Windows\System\nimKWFh.exe
  2⤵
  PID:12396
- C:\Windows\System\jDUNdoc.exe
  C:\Windows\System\jDUNdoc.exe
  2⤵
  PID:12416
- C:\Windows\System\YwmUuPt.exe
  C:\Windows\System\YwmUuPt.exe
  2⤵
  PID:12432
- C:\Windows\System\HHZBAEY.exe
  C:\Windows\System\HHZBAEY.exe
  2⤵
  PID:12448
- C:\Windows\System\pDsuWAf.exe
  C:\Windows\System\pDsuWAf.exe
  2⤵
  PID:12464
- C:\Windows\System\qKaUJme.exe
  C:\Windows\System\qKaUJme.exe
  2⤵
  PID:12484
- C:\Windows\System\vuDYtcU.exe
  C:\Windows\System\vuDYtcU.exe
  2⤵
  PID:12500
- C:\Windows\System\scOHDsI.exe
  C:\Windows\System\scOHDsI.exe
  2⤵
  PID:12516
- C:\Windows\System\DSfUsYT.exe
  C:\Windows\System\DSfUsYT.exe
  2⤵
  PID:12532
- C:\Windows\System\AOLtQwS.exe
  C:\Windows\System\AOLtQwS.exe
  2⤵
  PID:12548
- C:\Windows\System\Hvegbje.exe
  C:\Windows\System\Hvegbje.exe
  2⤵
  PID:12564
- C:\Windows\System\ZrKXXDE.exe
  C:\Windows\System\ZrKXXDE.exe
  2⤵
  PID:12584
- C:\Windows\System\vRKHNaS.exe
  C:\Windows\System\vRKHNaS.exe
  2⤵
  PID:12604
- C:\Windows\System\AvmAetG.exe
  C:\Windows\System\AvmAetG.exe
  2⤵
  PID:12628
- C:\Windows\System\nUAjhOH.exe
  C:\Windows\System\nUAjhOH.exe
  2⤵
  PID:12664
- C:\Windows\System\rwtpOPF.exe
  C:\Windows\System\rwtpOPF.exe
  2⤵
  PID:12688
- C:\Windows\System\psSXqcD.exe
  C:\Windows\System\psSXqcD.exe
  2⤵
  PID:12708
- C:\Windows\System\dQPeYiH.exe
  C:\Windows\System\dQPeYiH.exe
  2⤵
  PID:12752
- C:\Windows\System\XnZncJZ.exe
  C:\Windows\System\XnZncJZ.exe
  2⤵
  PID:12772
- C:\Windows\System\kRpUvQB.exe
  C:\Windows\System\kRpUvQB.exe
  2⤵
  PID:12800
- C:\Windows\System\NLmInAn.exe
  C:\Windows\System\NLmInAn.exe
  2⤵
  PID:12824
- C:\Windows\System\wViISki.exe
  C:\Windows\System\wViISki.exe
  2⤵
  PID:12852
- C:\Windows\System\XCRDJoj.exe
  C:\Windows\System\XCRDJoj.exe
  2⤵
  PID:12868
- C:\Windows\System\xscTIFO.exe
  C:\Windows\System\xscTIFO.exe
  2⤵
  PID:12884
- C:\Windows\System\kQTKxUc.exe
  C:\Windows\System\kQTKxUc.exe
  2⤵
  PID:12908
- C:\Windows\System\QjLqLxW.exe
  C:\Windows\System\QjLqLxW.exe
  2⤵
  PID:12928
- C:\Windows\System\fimEfGo.exe
  C:\Windows\System\fimEfGo.exe
  2⤵
  PID:12968
- C:\Windows\System\lKoGofe.exe
  C:\Windows\System\lKoGofe.exe
  2⤵
  PID:12984
- C:\Windows\System\CXdXNTV.exe
  C:\Windows\System\CXdXNTV.exe
  2⤵
  PID:13016
- C:\Windows\System\vbtcsEc.exe
  C:\Windows\System\vbtcsEc.exe
  2⤵
  PID:13036
- C:\Windows\System\sCIjbJP.exe
  C:\Windows\System\sCIjbJP.exe
  2⤵
  PID:13060
- C:\Windows\System\znZZcZv.exe
  C:\Windows\System\znZZcZv.exe
  2⤵
  PID:13080
- C:\Windows\System\uEVYGGe.exe
  C:\Windows\System\uEVYGGe.exe
  2⤵
  PID:13104
- C:\Windows\System\ANvtqVZ.exe
  C:\Windows\System\ANvtqVZ.exe
  2⤵
  PID:13132
- C:\Windows\System\LMHrgeD.exe
  C:\Windows\System\LMHrgeD.exe
  2⤵
  PID:13148
- C:\Windows\System\BwnWYQV.exe
  C:\Windows\System\BwnWYQV.exe
  2⤵
  PID:13168
- C:\Windows\System\gheTJVZ.exe
  C:\Windows\System\gheTJVZ.exe
  2⤵
  PID:13192
- C:\Windows\System\GPGktxS.exe
  C:\Windows\System\GPGktxS.exe
  2⤵
  PID:13212
- C:\Windows\System\OqdUvfV.exe
  C:\Windows\System\OqdUvfV.exe
  2⤵
  PID:13232
- C:\Windows\System\tWuOJgU.exe
  C:\Windows\System\tWuOJgU.exe
  2⤵
  PID:13248
- C:\Windows\System\ZrRZxSk.exe
  C:\Windows\System\ZrRZxSk.exe
  2⤵
  PID:13280
- C:\Windows\System\GxduxXe.exe
  C:\Windows\System\GxduxXe.exe
  2⤵
  PID:13300
- C:\Windows\System\Ghjlpxd.exe
  C:\Windows\System\Ghjlpxd.exe
  2⤵
  PID:8720
- C:\Windows\System\rhfbPbc.exe
  C:\Windows\System\rhfbPbc.exe
  2⤵
  PID:8796
- C:\Windows\System\rDOBcbX.exe
  C:\Windows\System\rDOBcbX.exe
  2⤵
  PID:11924
- C:\Windows\System\SmyhcNb.exe
  C:\Windows\System\SmyhcNb.exe
  2⤵
  PID:7228
- C:\Windows\System\nkvOrpA.exe
  C:\Windows\System\nkvOrpA.exe
  2⤵
  PID:8944
- C:\Windows\System\OiSncwR.exe
  C:\Windows\System\OiSncwR.exe
  2⤵
  PID:8988
- C:\Windows\System\vTYXNon.exe
  C:\Windows\System\vTYXNon.exe
  2⤵
  PID:9100
- C:\Windows\System\vJnswRn.exe
  C:\Windows\System\vJnswRn.exe
  2⤵
  PID:7784
- C:\Windows\System\LcpZQaG.exe
  C:\Windows\System\LcpZQaG.exe
  2⤵
  PID:9344
- C:\Windows\System\dLWSvQy.exe
  C:\Windows\System\dLWSvQy.exe
  2⤵
  PID:7156
- C:\Windows\System\gGZBcMX.exe
  C:\Windows\System\gGZBcMX.exe
  2⤵
  PID:11816
- C:\Windows\System\GTQhgpC.exe
  C:\Windows\System\GTQhgpC.exe
  2⤵
  PID:2740
- C:\Windows\System\znyAzvy.exe
  C:\Windows\System\znyAzvy.exe
  2⤵
  PID:9848
- C:\Windows\System\BLyzRGq.exe
  C:\Windows\System\BLyzRGq.exe
  2⤵
  PID:9800
- C:\Windows\System\lRSsolL.exe
  C:\Windows\System\lRSsolL.exe
  2⤵
  PID:9876
- C:\Windows\System\kEIjNFr.exe
  C:\Windows\System\kEIjNFr.exe
  2⤵
  PID:9968
- C:\Windows\System\ZWqZIed.exe
  C:\Windows\System\ZWqZIed.exe
  2⤵
  PID:13316
- C:\Windows\System\PJuhkRh.exe
  C:\Windows\System\PJuhkRh.exe
  2⤵
  PID:13336
- C:\Windows\System\IqqGBtv.exe
  C:\Windows\System\IqqGBtv.exe
  2⤵
  PID:11952
- C:\Windows\System\fmSBCrj.exe
  C:\Windows\System\fmSBCrj.exe
  2⤵
  PID:13288
- C:\Windows\System\lrHMKFP.exe
  C:\Windows\System\lrHMKFP.exe
  2⤵
  PID:12104
- C:\Windows\System\xOyWWYh.exe
  C:\Windows\System\xOyWWYh.exe
  2⤵
  PID:8976
- C:\Windows\System\cUNCkZm.exe
  C:\Windows\System\cUNCkZm.exe
  2⤵
  PID:12192
- C:\Windows\System\PpbbQqF.exe
  C:\Windows\System\PpbbQqF.exe
  2⤵
  PID:10908
- C:\Windows\System\ebzJzDI.exe
  C:\Windows\System\ebzJzDI.exe
  2⤵
  PID:10036
- C:\Windows\System\esgYMsP.exe
  C:\Windows\System\esgYMsP.exe
  2⤵
  PID:11044
- C:\Windows\System\hNMdioh.exe
  C:\Windows\System\hNMdioh.exe
  2⤵
  PID:1248
- C:\Windows\System\oVRLUKI.exe
  C:\Windows\System\oVRLUKI.exe
  2⤵
  PID:14156
- C:\Windows\System\gvnieRF.exe
  C:\Windows\System\gvnieRF.exe
  2⤵
  PID:7524
- C:\Windows\System\hYQGqbO.exe
  C:\Windows\System\hYQGqbO.exe
  2⤵
  PID:11240
- C:\Windows\System\IUJjuwH.exe
  C:\Windows\System\IUJjuwH.exe
  2⤵
  PID:11736
- C:\Windows\System\vVHZYhs.exe
  C:\Windows\System\vVHZYhs.exe
  2⤵
  PID:10440
- C:\Windows\System\goADNAy.exe
  C:\Windows\System\goADNAy.exe
  2⤵
  PID:13328
- C:\Windows\System\cZJRXuY.exe
  C:\Windows\System\cZJRXuY.exe
  2⤵
  PID:13392
- C:\Windows\System\kjLKkTb.exe
  C:\Windows\System\kjLKkTb.exe
  2⤵
  PID:13424
- C:\Windows\System\YhYSyVP.exe
  C:\Windows\System\YhYSyVP.exe
  2⤵
  PID:12440
- C:\Windows\System\DoJfFBG.exe
  C:\Windows\System\DoJfFBG.exe
  2⤵
  PID:12580
- C:\Windows\System\CjcRkOU.exe
  C:\Windows\System\CjcRkOU.exe
  2⤵
  PID:12840
- C:\Windows\System\znKcslt.exe
  C:\Windows\System\znKcslt.exe
  2⤵
  PID:12880
- C:\Windows\System\GBnWSxm.exe
  C:\Windows\System\GBnWSxm.exe
  2⤵
  PID:12920
- C:\Windows\System\gWuAjYP.exe
  C:\Windows\System\gWuAjYP.exe
  2⤵
  PID:12980
- C:\Windows\System\qVgiklc.exe
  C:\Windows\System\qVgiklc.exe
  2⤵
  PID:13048
- C:\Windows\System\ZKhxcQd.exe
  C:\Windows\System\ZKhxcQd.exe
  2⤵
  PID:13100
- C:\Windows\System\bnGNzmk.exe
  C:\Windows\System\bnGNzmk.exe
  2⤵
  PID:13164
- C:\Windows\System\VSEyyBi.exe
  C:\Windows\System\VSEyyBi.exe
  2⤵
  PID:13204
- C:\Windows\System\OMUroBj.exe
  C:\Windows\System\OMUroBj.exe
  2⤵
  PID:14072
- C:\Windows\System\qYZgSyE.exe
  C:\Windows\System\qYZgSyE.exe
  2⤵
  PID:5664
- C:\Windows\System\ECOWDPk.exe
  C:\Windows\System\ECOWDPk.exe
  2⤵
  PID:10652
- C:\Windows\System\fSeGmQd.exe
  C:\Windows\System\fSeGmQd.exe
  2⤵
  PID:10760
- C:\Windows\System\aaRSBcY.exe
  C:\Windows\System\aaRSBcY.exe
  2⤵
  PID:9348
- C:\Windows\System\XInboNL.exe
  C:\Windows\System\XInboNL.exe
  2⤵
  PID:13980
- C:\Windows\System\OotzrnG.exe
  C:\Windows\System\OotzrnG.exe
  2⤵
  PID:9992
- C:\Windows\System\jQtRnMC.exe
  C:\Windows\System\jQtRnMC.exe
  2⤵
  PID:11432
- C:\Windows\System\iVSrJhp.exe
  C:\Windows\System\iVSrJhp.exe
  2⤵
  PID:5936
- C:\Windows\System\CLzCOtd.exe
  C:\Windows\System\CLzCOtd.exe
  2⤵
  PID:11824
- C:\Windows\System\ZPCJUCY.exe
  C:\Windows\System\ZPCJUCY.exe
  2⤵
  PID:14004
- C:\Windows\System\ODbGsGE.exe
  C:\Windows\System\ODbGsGE.exe
  2⤵
  PID:13632
- C:\Windows\System\gTANgsc.exe
  C:\Windows\System\gTANgsc.exe
  2⤵
  PID:11408
- C:\Windows\System\lBKklEw.exe
  C:\Windows\System\lBKklEw.exe
  2⤵
  PID:14168
- C:\Windows\System\LnGtKmf.exe
  C:\Windows\System\LnGtKmf.exe
  2⤵
  PID:13976
- C:\Windows\System\XlsUYHQ.exe
  C:\Windows\System\XlsUYHQ.exe
  2⤵
  PID:13924
- C:\Windows\System\qYNHhkr.exe
  C:\Windows\System\qYNHhkr.exe
  2⤵
  PID:13896
- C:\Windows\System\bTmtBJT.exe
  C:\Windows\System\bTmtBJT.exe
  2⤵
  PID:13856
- C:\Windows\System\YgOvGCn.exe
  C:\Windows\System\YgOvGCn.exe
  2⤵
  PID:13812
- C:\Windows\System\OPHfYnH.exe
  C:\Windows\System\OPHfYnH.exe
  2⤵
  PID:13764
- C:\Windows\System\usbzgTs.exe
  C:\Windows\System\usbzgTs.exe
  2⤵
  PID:13712
- C:\Windows\System\adnWtUc.exe
  C:\Windows\System\adnWtUc.exe
  2⤵
  PID:13668
- C:\Windows\System\yssMggz.exe
  C:\Windows\System\yssMggz.exe
  2⤵
  PID:13644
- C:\Windows\System\nnjCbYi.exe
  C:\Windows\System\nnjCbYi.exe
  2⤵
  PID:13604
- C:\Windows\System\hPSdDcC.exe
  C:\Windows\System\hPSdDcC.exe
  2⤵
  PID:13568
- C:\Windows\System\mAJktkq.exe
  C:\Windows\System\mAJktkq.exe
  2⤵
  PID:13548
- C:\Windows\System\HRjGTJv.exe
  C:\Windows\System\HRjGTJv.exe
  2⤵
  PID:13516
- C:\Windows\System\XjbIRCD.exe
  C:\Windows\System\XjbIRCD.exe
  2⤵
  PID:13472
- C:\Windows\System\SvnIcsP.exe
  C:\Windows\System\SvnIcsP.exe
  2⤵
  PID:13428
- C:\Windows\System\AFvDDUQ.exe
  C:\Windows\System\AFvDDUQ.exe
  2⤵
  PID:13360
- C:\Windows\System\iwgcYIY.exe
  C:\Windows\System\iwgcYIY.exe
  2⤵
  PID:14252
- C:\Windows\System\rwqttJe.exe
  C:\Windows\System\rwqttJe.exe
  2⤵
  PID:10292
- C:\Windows\System\GRKhTzm.exe
  C:\Windows\System\GRKhTzm.exe
  2⤵
  PID:10672
- C:\Windows\System\YvKsHcV.exe
  C:\Windows\System\YvKsHcV.exe
  2⤵
  PID:11588
- C:\Windows\System\GBdrhDw.exe
  C:\Windows\System\GBdrhDw.exe
  2⤵
  PID:14268
- C:\Windows\System\KTUpGRB.exe
  C:\Windows\System\KTUpGRB.exe
  2⤵
  PID:10804
- C:\Windows\System\HOvGsEt.exe
  C:\Windows\System\HOvGsEt.exe
  2⤵
  PID:3232
- C:\Windows\System\xgddSNO.exe
  C:\Windows\System\xgddSNO.exe
  2⤵
  PID:13736
- C:\Windows\System\FlmJcSY.exe
  C:\Windows\System\FlmJcSY.exe
  2⤵
  PID:10932
- C:\Windows\System\WPtXiwU.exe
  C:\Windows\System\WPtXiwU.exe
  2⤵
  PID:4016
- C:\Windows\System\Wvkywfw.exe
  C:\Windows\System\Wvkywfw.exe
  2⤵
  PID:9328
- C:\Windows\System\letJpXx.exe
  C:\Windows\System\letJpXx.exe
  2⤵
  PID:8668
- C:\Windows\System\OXFHjrM.exe
  C:\Windows\System\OXFHjrM.exe
  2⤵
  PID:10344
- C:\Windows\System\CrNWUgV.exe
  C:\Windows\System\CrNWUgV.exe
  2⤵
  PID:10676
- C:\Windows\System\heUmnih.exe
  C:\Windows\System\heUmnih.exe
  2⤵
  PID:11460
- C:\Windows\System\YqTjcTm.exe
  C:\Windows\System\YqTjcTm.exe
  2⤵
  PID:10868
- C:\Windows\System\HFxfaup.exe
  C:\Windows\System\HFxfaup.exe
  2⤵
  PID:6468
- C:\Windows\System\AdBdIWW.exe
  C:\Windows\System\AdBdIWW.exe
  2⤵
  PID:9152
- C:\Windows\System\vaYpzIH.exe
  C:\Windows\System\vaYpzIH.exe
  2⤵
  PID:12204
- C:\Windows\System\YBnGvbo.exe
  C:\Windows\System\YBnGvbo.exe
  2⤵
  PID:11180
- C:\Windows\System\lCyfZDc.exe
  C:\Windows\System\lCyfZDc.exe
  2⤵
  PID:10500
- C:\Windows\System\kqFsoha.exe
  C:\Windows\System\kqFsoha.exe
  2⤵
  PID:11716
- C:\Windows\System\pJsOgwY.exe
  C:\Windows\System\pJsOgwY.exe
  2⤵
  PID:12512
- C:\Windows\System\OmGiHGp.exe
  C:\Windows\System\OmGiHGp.exe
  2⤵
  PID:1244
- C:\Windows\System\WFDXpoT.exe
  C:\Windows\System\WFDXpoT.exe
  2⤵
  PID:13748
- C:\Windows\System\WHVNQFq.exe
  C:\Windows\System\WHVNQFq.exe
  2⤵
  PID:6700
- C:\Windows\System\NeomdCV.exe
  C:\Windows\System\NeomdCV.exe
  2⤵
  PID:8508
- C:\Windows\System\RVYyxJy.exe
  C:\Windows\System\RVYyxJy.exe
  2⤵
  PID:11340
- C:\Windows\System\IjxyYst.exe
  C:\Windows\System\IjxyYst.exe
  2⤵
  PID:13088
- C:\Windows\System\GvtMCxM.exe
  C:\Windows\System\GvtMCxM.exe
  2⤵
  PID:12072
- C:\Windows\System\WFfmUiF.exe
  C:\Windows\System\WFfmUiF.exe
  2⤵
  PID:4296
- C:\Windows\System\zxxoEEu.exe
  C:\Windows\System\zxxoEEu.exe
  2⤵
  PID:11156
- C:\Windows\System\QZfCGNR.exe
  C:\Windows\System\QZfCGNR.exe
  2⤵
  PID:4884
- C:\Windows\System\pUmEsUm.exe
  C:\Windows\System\pUmEsUm.exe
  2⤵
  PID:11292
- C:\Windows\System\ycPzgaD.exe
  C:\Windows\System\ycPzgaD.exe
  2⤵
  PID:1188
- C:\Windows\System\vdxDXWn.exe
  C:\Windows\System\vdxDXWn.exe
  2⤵
  PID:11528
- C:\Windows\System\xLipsIt.exe
  C:\Windows\System\xLipsIt.exe
  2⤵
  PID:12876
- C:\Windows\System\veyxNoP.exe
  C:\Windows\System\veyxNoP.exe
  2⤵
  PID:13032
- C:\Windows\System\dIRKfup.exe
  C:\Windows\System\dIRKfup.exe
  2⤵
  PID:10244
- C:\Windows\System\ShgGFTM.exe
  C:\Windows\System\ShgGFTM.exe
  2⤵
  PID:5872
- C:\Windows\System\IPdCneC.exe
  C:\Windows\System\IPdCneC.exe
  2⤵
  PID:7116
- C:\Windows\System\fPiitcE.exe
  C:\Windows\System\fPiitcE.exe
  2⤵
  PID:13984
- C:\Windows\System\ScvYNad.exe
  C:\Windows\System\ScvYNad.exe
  2⤵
  PID:764
- C:\Windows\System\sEkeZUX.exe
  C:\Windows\System\sEkeZUX.exe
  2⤵
  PID:7892
- C:\Windows\System\TMYPKCb.exe
  C:\Windows\System\TMYPKCb.exe
  2⤵
  PID:5732
- C:\Windows\System\ETgtptc.exe
  C:\Windows\System\ETgtptc.exe
  2⤵
  PID:12168
- C:\Windows\System\hPIIHrZ.exe
  C:\Windows\System\hPIIHrZ.exe
  2⤵
  PID:8936
- C:\Windows\System\EgaMpex.exe
  C:\Windows\System\EgaMpex.exe
  2⤵
  PID:4520
- C:\Windows\System\LLRRxYe.exe
  C:\Windows\System\LLRRxYe.exe
  2⤵
  PID:13244
- C:\Windows\System\ZPrUXIJ.exe
  C:\Windows\System\ZPrUXIJ.exe
  2⤵
  PID:4372
- C:\Windows\System\efKmYsy.exe
  C:\Windows\System\efKmYsy.exe
  2⤵
  PID:12496
- C:\Windows\System\EIciTmd.exe
  C:\Windows\System\EIciTmd.exe
  2⤵
  PID:13156
- C:\Windows\System\QxaEaFI.exe
  C:\Windows\System\QxaEaFI.exe
  2⤵
  PID:7592
- C:\Windows\System\lRMKJwW.exe
  C:\Windows\System\lRMKJwW.exe
  2⤵
  PID:11848
- C:\Windows\System\WEvwFjv.exe
  C:\Windows\System\WEvwFjv.exe
  2⤵
  PID:12780
- C:\Windows\System\yrAMLbx.exe
  C:\Windows\System\yrAMLbx.exe
  2⤵
  PID:13464
- C:\Windows\System\HNfMowh.exe
  C:\Windows\System\HNfMowh.exe
  2⤵
  PID:12748
- C:\Windows\System\xMVoBpG.exe
  C:\Windows\System\xMVoBpG.exe
  2⤵
  PID:13860
- C:\Windows\System\qkwPbMy.exe
  C:\Windows\System\qkwPbMy.exe
  2⤵
  PID:9880
- C:\Windows\System\ylwyoQA.exe
  C:\Windows\System\ylwyoQA.exe
  2⤵
  PID:5196
- C:\Windows\System\IaCzJKN.exe
  C:\Windows\System\IaCzJKN.exe
  2⤵
  PID:10692
- C:\Windows\System\mPfnWbl.exe
  C:\Windows\System\mPfnWbl.exe
  2⤵
  PID:7120
- C:\Windows\System\tIVSIOF.exe
  C:\Windows\System\tIVSIOF.exe
  2⤵
  PID:3196
- C:\Windows\System\vHeNqNY.exe
  C:\Windows\System\vHeNqNY.exe
  2⤵
  PID:13732
- C:\Windows\System\NTKtmnR.exe
  C:\Windows\System\NTKtmnR.exe
  2⤵
  PID:5400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:13736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0ycfqoq3.isg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AdWDyGm.exe

Filesize
1.4MB

MD5
536e84d855c2621aa9e8beece9bf441d

SHA1
dbee408c00c47c882a1739b46dd1325c3eb8b2b6

SHA256
fd714a9881edf1cb9440fdf4c8ea275d930fa5eb7e5b235471d8fc0ef5bd7db1

SHA512
448a1826d1571c863adbe71d63aca48d9321c6d0a978e198a0dbad358e4e6faf7af11f7aa382c0cd5fbb9f440ed936a595806b60c5147dbefc0f5fcec4cd3c8e

Download Submit
C:\Windows\System\CqBBHCY.exe

Filesize
1.4MB

MD5
50bd962238051a44691c6e847f92bd01

SHA1
bc0f495d5e82d63bd758b1b32a5a174566aac743

SHA256
1d66cd544edf137a7d69fa43982e1dfaf06af0ab43c502da6be57f2566abe0ec

SHA512
0d237b6486ea93a071b3c743eb282e5402fa8e3be18081802034ee0c38795218f6bb239c47f1d2bc7ac64044147371adf0025938fbab0939b03d200dd5e2a87b

Download Submit
C:\Windows\System\CyabTIk.exe

Filesize
1.4MB

MD5
de464b2059ac0ccf3172f5db18fd1fd3

SHA1
a9f8cf02696ae2bff9dec4c6a65a32fd95d1a298

SHA256
216b689a98cefe0a7ed6556c151ee64fa1611b69f22f495c0604e3fb41546d63

SHA512
a2dfb87b2ec6b6677fd25bd2326751d64177c801143e68c33a173e8d5e360f861a5bf0b4ca05ae07810f835f3b6f8e331b0485c8fa65f993259d8d96a66fc79f

Download Submit
C:\Windows\System\FVFyucK.exe

Filesize
1.4MB

MD5
0288ded56770bb0e2b8d582b2d70fd52

SHA1
7e0a37d9bca9d648edd5044a788796005988fd98

SHA256
d983f89f3f93714ca138e7291f1dc92fcc2427dca6ea650a39be613edd2f9017

SHA512
9e3ae556c5401d426af34a776fb13ac53ffd82e8977e7dc8881e401320f57bb11991c80bf8f8b905f9df869f645cd2763c203226d5091bd504fa2dcce2b48de2

Download Submit
C:\Windows\System\IKCCYJl.exe

Filesize
1.4MB

MD5
ec2edfbe426515ee43a472a17d5bd119

SHA1
c3b6ec240fa061580c065f3a09fd5f47be22f13d

SHA256
c998194bad8161d11c207faab60f2a15915ee84c431aacda7b2ffa1d5103ecd8

SHA512
85a0ec9d1744e1df57c6166b49002985f64ca18afabc92f42ec483777bd796a2bb9f491098bf0263de6095dc5b553bb4d2f52d4a651447eefbbb84c9a3bcb557

Download Submit
C:\Windows\System\IVrCYdv.exe

Filesize
1.4MB

MD5
1020200405362efa5d80216747a4bc6b

SHA1
547570dcd9f764c5266f2ec155b453093c11452d

SHA256
00bd19212f660c5701200dcd6e468d0785b51c6c9b74eab603d31d6759c7ab1e

SHA512
45b6b75d8dab3550141d2af7e5c49ebcd1063ac32239ffe139cd6d35b61f4671db02a1ee08856e99b4af646d4f6a99194c4de4a34383e58652eb2fe09a4ebf8a

Download Submit
C:\Windows\System\KCAjVqV.exe

Filesize
1.4MB

MD5
3a0051c9ae207c866df1724cdb7bc2a2

SHA1
ccebd8769fd4cef20c86222036e069aa5fb793eb

SHA256
04103267d954723217deb18c6f715ee0fd1f11aba592d44570ec8d0e2acf2d42

SHA512
419f8b4d820e28a7aa24371063e7b0d9e689f244e612d81e00c5dea5de57b6c207bf2042f90723e874f8b63ddb7113efa1973b0d042d4ed5465336a60c0614ab

Download Submit
C:\Windows\System\KLMCdlx.exe

Filesize
1.4MB

MD5
c24da522edc2963ddaf9231064ae436e

SHA1
76020f3fbf025fdb3947459377e350c7f0f03c6f

SHA256
4ab9452f5ab7c789620123f1aca0d1b5dfe4b82931817bb7a74ac1287b50825b

SHA512
aa04f083bc869d09de7bc25e5a74ec5b444bd2e9d8c1f9ef69b433d09587edbbc0b45a5d2b63e0a98cb0a16d1a1ea7967be8e72318aaf3f47f598d01441e52de

Download Submit
C:\Windows\System\KRPGenA.exe

Filesize
1.4MB

MD5
013bcebc724ca02299c6316730dc65b6

SHA1
d0ab2e15681ad712d7d97375ab5caaefb0dec5fc

SHA256
d15f80b910ce45610bf9dbb41a1fc853c7393b170efec87f7e7783ace1e00687

SHA512
80cf8ab3fc17727886d3d89b74eab119fb850bb6dcceeb2cad114debdeaa60bc3a22c61311bb5c8aee9b6b8b61f43f6c850b38efb376fea60d86b3d1e4981e23

Download Submit
C:\Windows\System\LTmpTrk.exe

Filesize
1.4MB

MD5
b840220c0beb847f74900890dfb8348e

SHA1
7c0b85701af54899b61e52f813a73bb08703b641

SHA256
a6cd6c8601d8c188941b94d54733e1333eeeddaab80637455b52d8953c9a10c0

SHA512
b6dd9e6bcaa5a75bb83fd95c540af1d9919987cd0ca3ad32ef1d758e985913cd651f8c70990d2f2de321f2d0df283c16fac288b61e62bb3648468d3019ac5d1c

Download Submit
C:\Windows\System\LnmFsEw.exe

Filesize
1.4MB

MD5
d6590033eaa81a427072055c8718ec3b

SHA1
f8df5ea7a500c397bf95e6df8dbbf7ad5ec8a357

SHA256
dc8fff239336e8db505d0ae90a41164edd775782674c13c155156cde76c1708e

SHA512
7db63923df6ebd5a58f4e6d4be583f06096d5fd4eb211fb1f2eaa180dce8ac84b4bf1a7119acb7af99e8e621101267880b7db8e990a43e5e44cd08e4c8dabcfe

Download Submit
C:\Windows\System\MQTVWhE.exe

Filesize
1.4MB

MD5
fa43b7c034b2a7919b3095c206d17cba

SHA1
2cb3749922ebc1746048098a9a5f0b1435338003

SHA256
085850e4e935050a4b8f3db5fd52946a49385c044a091faff2a1424bb7d07f20

SHA512
1080083187faa9bb2ef01bbf1bddae01c606ca0d9b1f9399f4e6b31317ea7446d5d79135376e67b67878caabcb44539e14b5e80075e29d137a49336d5cdd3378

Download Submit
C:\Windows\System\Nkzjynr.exe

Filesize
1.4MB

MD5
82701123376b431ad81b717e5ba12225

SHA1
43904f006d6e963e5dc463a4e43f413dcdde7906

SHA256
0ad44b65017e1da0880bd30363058c1c654ea8a1576edbe08aa79001430db090

SHA512
f2d735e4e64b9b717872904ec0a5c8bd2ed0b74bfdaa15bc6ae09d8b1a9fd61ac1455ad02f41af68037eeec08f3187538bd0b9f8a3304a9ac6b688f2c812d72a

Download Submit
C:\Windows\System\OQCdiQG.exe

Filesize
1.4MB

MD5
36c9c37037c642666c5abdc02395287f

SHA1
d93346390420c7e24b9673bc42e6d7cccef692e1

SHA256
dbf54c78a944558238be5bdbdbe336ad9a6d6c92273f451c20b289d8b85ec936

SHA512
5a45631eb28e578bc7ccd28c0f7bddd8c0ecc1481d5ed47424a871ed2090ea0a91c530e28a1ae7c53bdc0c6e1a766b75328dc71beebc205f8dc0fca4afac0675

Download Submit
C:\Windows\System\OgSTpsH.exe

Filesize
1.4MB

MD5
d6667d510bd85cfe71d8fe634103262f

SHA1
89b636aa5c5f69b4e999088f03e0455637be039c

SHA256
0e6d626014cb95829268444cf35993444d8952fafcededb5d620df5173d935a8

SHA512
7f6b5f55a7de2bc2af3fdc9e9a98da90c0509c09caf031ed61258f8f72b9aba2f73f6337cefd748ef1ea74840f8cd030ad3d83650a8b7a4af4081b3308fa9f78

Download Submit
C:\Windows\System\PJDvZuu.exe

Filesize
1.4MB

MD5
d836167a49915182a5084ff2e1be52b1

SHA1
43f60ff47fad1aabf05cee28d54735282c1c8bf9

SHA256
b9b2e730d70b5487dc2ae4fc22a51138219d633cdc829b9f0e768f9f0b7034a8

SHA512
649bc062571bc7e48d20a5cfc61ffa808f1f412198edd7a8dc90e65008b5d616362db94ea635e2a8ec93cc5ea6a67d14f9e1dfd2bd4d99d953eed6e6579a4297

Download Submit
C:\Windows\System\PawemJC.exe

Filesize
1.4MB

MD5
2137c87034fcef7f55be15ed87cf7b70

SHA1
95b326039eae90a0878d29b5ba87de56275f13a0

SHA256
203192f3c867b8b9fac5bcb00005dbe6838b22f4f0d42c41bc647c4a59cc5be4

SHA512
6bcc0fb625dbe486ca71efa08dba5b37a6061cafedd572704f4a1c159413c1e8e25c75a4920fe66ccb67cb4eb87ac33dbddf485b54135876690e2d29e0b98829

Download Submit
C:\Windows\System\RHRnVpr.exe

Filesize
1.4MB

MD5
21ddc682bafd0b17ab5f3cbb2493c29d

SHA1
c7f91b3f7397290fbbff5f792bd224cb1d012a51

SHA256
f956ae0ed7d1b5df8a086010940717ef2625fb22efcb72f3e024dca2b69e755b

SHA512
51f63089964a594b8b4463ed246be288d7d6b9dc99929043523f8063463abfce5376fa0e544b1090afb56358f053bccff3cfe4db4330870d4cd5753127d849a4

Download Submit
C:\Windows\System\UPGjXqC.exe

Filesize
1.4MB

MD5
cf4495335bd6c2ef07ef5941a28ef099

SHA1
7de625b4404d28a92c73fbe009e0afd09741ba69

SHA256
e7a128de1ba8e4bf0a2ea79d61d55f8dd3c3b08ff78500c8553d8064bd9836b4

SHA512
f1ac16283c0716543a8945fe5017d1bb327f64cb67169c8a5570970920b415935f541058021ca3568f2d05ede81f153d91761d21df2c568b13287817957222ad

Download Submit
C:\Windows\System\VOjDYao.exe

Filesize
1.4MB

MD5
3eecf0dc776b9c76b233e44c1b19808b

SHA1
63705c7ba4e4814d259a2e18bd19b312c486b77a

SHA256
922d74271d15b1d205778131b1744f8262a6d9057aeec051ccae7492d4cce029

SHA512
27e4d47ed851cc1c7e1b6f05a19a3485f2c02637b6450ec2250a910d62248b2dd0ebc0e4ef5c9e3eeb5497814aa7f6e31348afb87c2ef7f8478bd53a412be432

Download Submit
C:\Windows\System\VirdqPF.exe

Filesize
1.4MB

MD5
b50fb5bb024b5d3ee771d3ca5ccd701f

SHA1
3e03e75ec7204bf89ccc4a07ab5c7c7931d0f8b5

SHA256
44b87d3a2576fdf0d1b5df5a8681ee11b30ef511e8c1acfab67aaec107819866

SHA512
da487b0adc0c0a4b6b0961fbef1833683aee0f490dc336e40578be81ef75b18ed150166626162c3eb1f44797ea9a85590ad597de1b0a43d6c8c81436f6ef7818

Download Submit
C:\Windows\System\WnwEqXA.exe

Filesize
1.4MB

MD5
519a21cfe87bb3c780a9b43e355a8d30

SHA1
ee5890dc9616902621afe03ca51f154ffdffe1b4

SHA256
d8fe1b331de40d943770e2b2d30d2b1f7b1380e6d276cee84ce7e3f709c1d732

SHA512
7fdc46fb3ea07848fd10fffd16bff9c6fb3eb005e83de601902a89efaa9201192b6f4d34245b799d06ee60c8b52c46c4038af303b567d2dadbfd3d80ee8b633d

Download Submit
C:\Windows\System\XCqfcpG.exe

Filesize
1.4MB

MD5
4bdc1864b3010df09b1129b9e487935c

SHA1
00efa9d055607fd1d175a509d71af20d6ca2a0c7

SHA256
4a273766c797fae40675a18cfaec876d0b1ad970d13dc6f61443ab960f0e5d17

SHA512
5eb67d8a13f8a52b1c8cb88f2c821552f9339cbe79e09975de25fc7b8068d52dd54883f223fa2f01b016087897b2575f1df7d5ed81281c64cec8d85290a82559

Download Submit
C:\Windows\System\ZTLdgPs.exe

Filesize
1.4MB

MD5
045e2dd279232ac0272ce38cacf8ab03

SHA1
3b1715dea547e46c699095f0e67b034bfd736b91

SHA256
06c4fe8506f3015d34a0e8aae918241aec591a0f03ffd5bce140e5e40e190aab

SHA512
2d4443d718b3b1b400b21d63a1763f3b3b92df4f02c64a65cbc33aca23e88d5d091565358ae9b9ee4e8ffaee791c2caff84f43cb8f8b6a9a130a6c113eb599e4

Download Submit
C:\Windows\System\aSuAwzk.exe

Filesize
1.4MB

MD5
0fc72aadc404c754970cefe8f31e8ce5

SHA1
56f3ff172178bdbd30ff937334f4bcab66d5b701

SHA256
04f43d01dcabffa566b16139549ff5102ad582de218c87340867b4839f3902e4

SHA512
e56531257e9303777b464835b7a38e36d90f2d048b40839175c027cf0bea47a1860c10495784bd02ca62447182c653c11a539b47d81fdf7cc221eff0b2f3549d

Download Submit
C:\Windows\System\dQvlIHN.exe

Filesize
1.4MB

MD5
30137e5c8b6147154e4c6d0c1575f343

SHA1
ffaed9e285968370c34000d4e26acdbd6978b43a

SHA256
9167455440c5d8c508f2cba60694a66943f52c7f97c479094af02eb28a80dd56

SHA512
e708692ca03e9a26d88b391b82d82a021d6414a0603ad8e88cd7c4f7203490b26011b51238ac01b149121f5628fcf833f935fa8ab4256195d27a4fa451374573

Download Submit
C:\Windows\System\dbFoCZN.exe

Filesize
1.4MB

MD5
1fb7951d5d892a44c279c030e3bdb48e

SHA1
724f3a8eb0360e31981d3687a3ce7a74ab43a334

SHA256
5c0f738f748d24ae14841af9ed23114c44aeacb92fc8f1b991cdf6b3f74cc1bd

SHA512
d6cadd219bfc55491e2c4dafb1ff7dd8a1d478d63c8069187b99e353c64f2d44c9988410c8317cf88712edf373abbb44187833ffffd342ae32cf4b89a881883f

Download Submit
C:\Windows\System\ehSDtmR.exe

Filesize
1.4MB

MD5
8da446bd08138d43b910ae4656739501

SHA1
e2aa8aaea38cda72d0f160d5f3283f83154df95b

SHA256
2d8b56f777e5e1ee00ed1973c39b0dd20e8bdd8282e947d93e5d6d49e4853362

SHA512
d80c4dcfcafe20cf37a79fe359922f30e910b5b8190109fcaecfe8ccc62ca06d63f0c3ba1f171f03418931f5976d559f2c677de48c2ccde7a49fbe9745ca898f

Download Submit
C:\Windows\System\fMpwywX.exe

Filesize
1.4MB

MD5
9fc00916ecc0d51c915cb667c3e6e0b5

SHA1
0e0b0646dabe08a486c3c28fb656d6c92dc00a24

SHA256
ffa8503305e4601849cd77716152b5fe5d9a3d7a98574dd3852bccbf3497179e

SHA512
39379308f1d270c2b3d2b2a097a0ac8d06aeac5f34508afe8b27308e6ba8744b5f5c2dfe0908b0bf9f260cbaf4d8e4af18a1f15aea9272e8f3b20ca0a8bf8a33

Download Submit
C:\Windows\System\gMUzrPL.exe

Filesize
1.4MB

MD5
86d698d14c51fda4ac517047e34de98e

SHA1
7beef0bc29b33a0cbf364e93fb6e679a52690241

SHA256
6b501a922fd96c2a40625ddb64df12f4834711fc26b869758cbdaadfbeaef8b2

SHA512
83cdc2d159b47f7abc931e2f0d08f443ba430530597974c0d03f57599f70288fe312757b024b1bbc311072e0fd59a8abfbeb3e7ceb5144d28397f1a4954e3e3a

Download Submit
C:\Windows\System\hkeDOAu.exe

Filesize
1.4MB

MD5
63339dd52d7a0bad81a77be4661f2da5

SHA1
d5c3207f1691a098b348bf2b9b6323de3bff7ff7

SHA256
950cfd29798dc735f54e4c61a6ca725343b29b6a9941a07681448fd554570ad2

SHA512
73b4caeabe872d38360ba2806c0458879fe5baf5f6b7dbe94a79ecbc8070d84a593134c128318a434e29cf4644ccaa5308f95db77263e415cb619bcaa9ef1731

Download Submit
C:\Windows\System\jFnIsPk.exe

Filesize
1.4MB

MD5
cd3f58395555d1d5b96bd75ccf87cceb

SHA1
3f79f71a7acf3519002a6126633f073407550392

SHA256
89aa4cfb714d7f8307cbcf942cd854a6359921de248e1aeb5836f4b3cab62608

SHA512
0428c735989216d38494dbcbb472811809a58a207ff03dcc5c0ab2916c4d5de9eeac581949ee53d30d95c211cfca74bb31058e36db920ded57f90418ebe4bd3b

Download Submit
C:\Windows\System\jGxoLzp.exe

Filesize
1.4MB

MD5
667240d4cf27810941f6d12e597c46fb

SHA1
98bb845121284519b06942c7d908fe98a27e8ffe

SHA256
1f3cb0997e08d9467a62f6be4b7662f87f51882e4a7c06148b6654a531b71253

SHA512
50a2d2711c62faaaabd1f3d5a3fbef9e69bdcbab0fb59974a5d73a282e08a7d81b6d129c068fd2ea4b6792e6271950815c4338d7f0f6201d874229262ddc6cd0

Download Submit
C:\Windows\System\kEtpeCT.exe

Filesize
1.4MB

MD5
5d0de0f2bdaf52ada7eaaea5aa86c0e5

SHA1
596df28bd4af38d0d8c9a25dce66c905be61cb2a

SHA256
720a3d811775cad8f9c6099c07ebc186942aa633568fa5838c22d9043edd4f8a

SHA512
42dc6002e70b57b51ffae768454afd78ce2fe225be1d741eedd07e650d2181be6b90c9db6e9b1a8aba481dc8ccf6ff65d0245658a1f7523955006809d1b5620a

Download Submit
C:\Windows\System\kxZapah.exe

Filesize
1.4MB

MD5
80adfdc9d0076254a80f2f3e05f68a9f

SHA1
849437ed28b2dd9860c16c9d641ee712914fc52f

SHA256
ec72480cb4c6928d402fd19fee524b20d69b8ed52b9a00a9b6a194ff7267bef3

SHA512
4b6941d9f9d1f78044c7b9ac90dbf306a7751d121cdc8b1e4997a79b9245e1cd29420c2d2ef3586b7b2d3329ccf4a5e304a62f9fce1fb1f8490b10a24fd25908

Download Submit
C:\Windows\System\loKwLOX.exe

Filesize
1.4MB

MD5
4bf3096f9e9e1951dc59fc7b5dbcd34c

SHA1
f3999f21f57d7ff9deaa4b791b7b28aece2528d0

SHA256
797a9eea3a61919f8c363ef0452126bc35a845253c3a0572c10c1b6769e1050a

SHA512
9087afe5c01f8893b46c55e0ea46379f7ae385bcd81e29c203dc59760ec62f3c6ccb58af49582c3d163ebb20935bbe43fb0c5e81e1dc7b4e8305b9946ffa682b

Download Submit
C:\Windows\System\qeQFIhs.exe

Filesize
1.4MB

MD5
b9a1de37331af5466ab59fd544949613

SHA1
28ff023c93cabd62e2a9f3135df73cc68fde7716

SHA256
de503a9bef096552016efc94a20fbe4e5266f4b977d3ce428bb1202ce00395c1

SHA512
7c64d37d8bdaed2e3b46d477d5bb018aaa7453f257d95aca1f3aa46b2f397cb7b8a8a6032f8dc9e63ec1b8c0f60737c59519c7d19a26cc2549b4e4722c68b261

Download Submit
C:\Windows\System\rdcHTZL.exe

Filesize
1.4MB

MD5
930836b67f44b49b71cee71cebf5d884

SHA1
1bb529e63dca04ea68287dd14a8afcb3f8c1dfd6

SHA256
37eb90e9f0c821c44630bc3e0dcf5ee8250e77fca61fc47f3e9a1883cb8028ce

SHA512
40d71dacb8682c3c6195545cebcd29736b52752fb49d9265a93d5aaa8f27752abea84a5fae6ad05a0e14c902df375acf63b4b712ce8d5d0db065e01a05bd7fe4

Download Submit
C:\Windows\System\tCucVLs.exe

Filesize
1.4MB

MD5
f3f6f8f668a97b7b7f56ced712929470

SHA1
23fab47c4816467e8cb0bd0c24473a05f6b22f45

SHA256
a80eed9b16247fd1a220bdb6f1093fa37b72240c540ee17c7d152fb3d666a9fa

SHA512
bf175d2adaa8ffa22fd6baf808504630fb2285f4509021d6f315238da4e996127ec77665254d148179f7ff921f165439aaf014ff4a2c35045e5cb7ca4349f85f

Download Submit
C:\Windows\System\uUdxqYu.exe

Filesize
1.4MB

MD5
e3e2f75d9685c2d37325fdf5a650d22e

SHA1
9db81a1f71d303fe32ca2dd9f809e32995aaa577

SHA256
dbfdbc691dbca76b86fc6add7de1cd5be5d1c53638e7979ee42fefdd371cad6d

SHA512
b897566d669d5feff11376838e4c9209d54ea04bfb8899ecf468885e3e37e5619f2fece54f12286b2ee5cb708a7ea6f7b41a4ad4c75b3598c3e6515eb046f4c9

Download Submit
C:\Windows\System\uZmPGBp.exe

Filesize
8B

MD5
8a9416a5ba3f4513ce86ee25fcd9ed2c

SHA1
a36f3dd1333c8cfee404b646d4c6809d7e653313

SHA256
fb7dd3a16f87fe8b7e98987069f2b605508df1550402bd2a9bfdec4856b1a59a

SHA512
c747d417c3e282ae9ec82b691c8fea9cb7d0729d1dda54d2144fa9c71dd39f2ab11cee5a6768a89cb91fd4a7ae6e579302cb4e4de8d6384014994320074580a4

Download Submit
C:\Windows\System\wSNNVAn.exe

Filesize
1.4MB

MD5
9f1db6833eda5bc8bb8f8627e7ec4e4b

SHA1
ddd8d6f9a7c346ad8bf19d12154031ecc7248a0d

SHA256
bfad66197057d2827ff00288628dee0cbf479e08b558a40555699f5b01c5a975

SHA512
272b00b9e3ed8679be1ee0f6fca06ac3258ee6828bab146708b0106520cdd60122e70c6e9277c36218fa1944dfac7246870b5db3a6e378d668314faa7029398f

Download Submit
C:\Windows\System\xgxFZVt.exe

Filesize
1.4MB

MD5
7121ee54c664faeebc86e63ead03567b

SHA1
c1c5a4a9ffd8c2a5914952d7544f2334bee5f631

SHA256
6144096f9e27e200942eb1180e51263b8672c431642c8d34ed91aa8ff9548509

SHA512
17b5eccd355cd83c391ae916eda93ae2134c33671e92bf701464282bf04b740d0732ca78ef64733aaa7b581849053c040f1abd6aff33f4b7d3536aaaafe2e40f

Download Submit
memory/220-9-0x00007FFA968B3000-0x00007FFA968B5000-memory.dmp

Filesize
8KB

Download
memory/220-2559-0x00007FFA968B0000-0x00007FFA97371000-memory.dmp

Filesize
10.8MB

Download
memory/220-197-0x00007FFA968B0000-0x00007FFA97371000-memory.dmp

Filesize
10.8MB

Download
memory/220-75-0x00007FFA968B0000-0x00007FFA97371000-memory.dmp

Filesize
10.8MB

Download
memory/220-378-0x0000022BE7260000-0x0000022BE7282000-memory.dmp

Filesize
136KB

Download
memory/400-3073-0x00007FF674610000-0x00007FF674A02000-memory.dmp

Filesize
3.9MB

Download
memory/400-282-0x00007FF674610000-0x00007FF674A02000-memory.dmp

Filesize
3.9MB

Download
memory/1664-1-0x000002367F220000-0x000002367F230000-memory.dmp

Filesize
64KB

Download
memory/1664-0-0x00007FF62ACD0000-0x00007FF62B0C2000-memory.dmp

Filesize
3.9MB

Download
memory/2988-3085-0x00007FF73E380000-0x00007FF73E772000-memory.dmp

Filesize
3.9MB

Download
memory/2988-860-0x00007FF73E380000-0x00007FF73E772000-memory.dmp

Filesize
3.9MB

Download
memory/3124-569-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp

Filesize
3.9MB

Download
memory/3124-3075-0x00007FF7E3E50000-0x00007FF7E4242000-memory.dmp

Filesize
3.9MB

Download
memory/3252-573-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp

Filesize
3.9MB

Download
memory/3252-3087-0x00007FF7A8FB0000-0x00007FF7A93A2000-memory.dmp

Filesize
3.9MB

Download
memory/3804-3079-0x00007FF755790000-0x00007FF755B82000-memory.dmp

Filesize
3.9MB

Download
memory/3804-322-0x00007FF755790000-0x00007FF755B82000-memory.dmp

Filesize
3.9MB

Download
memory/4272-3070-0x00007FF694170000-0x00007FF694562000-memory.dmp

Filesize
3.9MB

Download
memory/4272-1383-0x00007FF694170000-0x00007FF694562000-memory.dmp

Filesize
3.9MB

Download
memory/4460-14-0x00007FF625C20000-0x00007FF626012000-memory.dmp

Filesize
3.9MB

Download
memory/4460-3067-0x00007FF625C20000-0x00007FF626012000-memory.dmp

Filesize
3.9MB

Download
memory/5116-629-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp

Filesize
3.9MB

Download
memory/5116-3082-0x00007FF69A740000-0x00007FF69AB32000-memory.dmp

Filesize
3.9MB

Download