xmrig | 499099814d838592ea0df39fb8d408a3cd64e5c1e1a05892346a14df5b7a6a3c

Analysis

max time kernel
130s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
Size

2.0MB
MD5

224e57fbadf6b2a5f81c5ea8a7b22485
SHA1

c9453e924abc7e77d5297d2e5fbf6299fcf03021
SHA256

499099814d838592ea0df39fb8d408a3cd64e5c1e1a05892346a14df5b7a6a3c
SHA512

4adc27ed82faf49cd44aa9134becbab48ea920c2a6d6fb8f09d33988347acd7b3d187d60594c58e2bc53d28053c73d18a6baa279321c4f2c1b5d914c26a7cf59
SSDEEP

49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQzA9Mv:NABN

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3312-262-0x00007FF72BFE0000-0x00007FF72C3D2000-memory.dmp	xmrig
behavioral2/memory/3248-321-0x00007FF6E6870000-0x00007FF6E6C62000-memory.dmp	xmrig
behavioral2/memory/4608-340-0x00007FF6C4340000-0x00007FF6C4732000-memory.dmp	xmrig
behavioral2/memory/4680-352-0x00007FF6833E0000-0x00007FF6837D2000-memory.dmp	xmrig
behavioral2/memory/4712-358-0x00007FF6B3A30000-0x00007FF6B3E22000-memory.dmp	xmrig
behavioral2/memory/1348-381-0x00007FF704630000-0x00007FF704A22000-memory.dmp	xmrig
behavioral2/memory/2884-391-0x00007FF7D5D60000-0x00007FF7D6152000-memory.dmp	xmrig
behavioral2/memory/4948-390-0x00007FF7FF6D0000-0x00007FF7FFAC2000-memory.dmp	xmrig
behavioral2/memory/776-389-0x00007FF71E530000-0x00007FF71E922000-memory.dmp	xmrig
behavioral2/memory/840-356-0x00007FF671040000-0x00007FF671432000-memory.dmp	xmrig
behavioral2/memory/4348-355-0x00007FF663590000-0x00007FF663982000-memory.dmp	xmrig
behavioral2/memory/4648-354-0x00007FF7D41E0000-0x00007FF7D45D2000-memory.dmp	xmrig
behavioral2/memory/2880-351-0x00007FF7D4C40000-0x00007FF7D5032000-memory.dmp	xmrig
behavioral2/memory/2736-282-0x00007FF757990000-0x00007FF757D82000-memory.dmp	xmrig
behavioral2/memory/1608-243-0x00007FF666EB0000-0x00007FF6672A2000-memory.dmp	xmrig
behavioral2/memory/2220-207-0x00007FF6AC770000-0x00007FF6ACB62000-memory.dmp	xmrig
behavioral2/memory/1060-197-0x00007FF713550000-0x00007FF713942000-memory.dmp	xmrig
behavioral2/memory/676-2724-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp	xmrig
behavioral2/memory/840-2727-0x00007FF671040000-0x00007FF671432000-memory.dmp	xmrig
behavioral2/memory/676-2729-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp	xmrig
behavioral2/memory/2716-2733-0x00007FF741270000-0x00007FF741662000-memory.dmp	xmrig
behavioral2/memory/1856-2732-0x00007FF76F7C0000-0x00007FF76FBB2000-memory.dmp	xmrig
behavioral2/memory/776-2746-0x00007FF71E530000-0x00007FF71E922000-memory.dmp	xmrig
behavioral2/memory/4708-2749-0x00007FF7E7A30000-0x00007FF7E7E22000-memory.dmp	xmrig
behavioral2/memory/1060-2753-0x00007FF713550000-0x00007FF713942000-memory.dmp	xmrig
behavioral2/memory/1608-2757-0x00007FF666EB0000-0x00007FF6672A2000-memory.dmp	xmrig
behavioral2/memory/4948-2755-0x00007FF7FF6D0000-0x00007FF7FFAC2000-memory.dmp	xmrig
behavioral2/memory/4348-2761-0x00007FF663590000-0x00007FF663982000-memory.dmp	xmrig
behavioral2/memory/2736-2760-0x00007FF757990000-0x00007FF757D82000-memory.dmp	xmrig
behavioral2/memory/1348-2748-0x00007FF704630000-0x00007FF704A22000-memory.dmp	xmrig
behavioral2/memory/4712-2742-0x00007FF6B3A30000-0x00007FF6B3E22000-memory.dmp	xmrig
behavioral2/memory/4900-2738-0x00007FF6D2D70000-0x00007FF6D3162000-memory.dmp	xmrig
behavioral2/memory/4648-2751-0x00007FF7D41E0000-0x00007FF7D45D2000-memory.dmp	xmrig
behavioral2/memory/3312-2736-0x00007FF72BFE0000-0x00007FF72C3D2000-memory.dmp	xmrig
behavioral2/memory/4692-2744-0x00007FF65F130000-0x00007FF65F522000-memory.dmp	xmrig
behavioral2/memory/2220-2740-0x00007FF6AC770000-0x00007FF6ACB62000-memory.dmp	xmrig
behavioral2/memory/3248-2763-0x00007FF6E6870000-0x00007FF6E6C62000-memory.dmp	xmrig
behavioral2/memory/2884-2782-0x00007FF7D5D60000-0x00007FF7D6152000-memory.dmp	xmrig
behavioral2/memory/4680-2771-0x00007FF6833E0000-0x00007FF6837D2000-memory.dmp	xmrig
behavioral2/memory/3124-2770-0x00007FF743E70000-0x00007FF744262000-memory.dmp	xmrig
behavioral2/memory/4608-2768-0x00007FF6C4340000-0x00007FF6C4732000-memory.dmp	xmrig
behavioral2/memory/2880-2766-0x00007FF7D4C40000-0x00007FF7D5032000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	1876	powershell.exe
11	1876	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1876	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
676	UqSXsrT.exe
840	tSQtNIg.exe
1856	FlXKStL.exe
2716	XlOKdHP.exe
4900	RjmTNPT.exe
4708	ftpWGxb.exe
4712	qKQAEtZ.exe
1348	MeePtCW.exe
4692	TRvHAAe.exe
3124	zfhTFEj.exe
776	xjiOYHI.exe
1060	UDJMiJg.exe
2220	zIGEOjn.exe
1608	omLMevE.exe
4948	eyCJQrZ.exe
3312	JGmnjRX.exe
2736	iRHKsyL.exe
3248	lVTvHPr.exe
4608	PifnPRX.exe
2880	FScxDxF.exe
4680	lkpusAq.exe
2884	hBIxgFt.exe
4648	tRlNJMf.exe
4348	YrgOeDw.exe
4404	mbbfrCL.exe
4452	ORFXWPh.exe
1408	XvnPgUi.exe
1904	WPOslJf.exe
4808	TRsEYIw.exe
2260	yaQixiF.exe
1924	AivifkE.exe
2396	YltbkAZ.exe
4568	NLscOqE.exe
920	UNXEKmn.exe
3256	aXZNsDL.exe
2292	KSLOcBT.exe
4612	QfIwaHJ.exe
5000	ogQhwTJ.exe
1744	gssdNPi.exe
1512	BMbxKtr.exe
1612	ImmadTd.exe
4544	wNZKUEq.exe
848	MZTYvVh.exe
3768	fTRGKLm.exe
4080	rNcASaN.exe
3680	mQCXNCm.exe
2708	evYfLkr.exe
3776	xokafTL.exe
4756	LyxqPpo.exe
4560	uqVkKVp.exe
3184	AGSoQpT.exe
844	LKEquix.exe
1288	yiMNIzf.exe
2332	CzHUzGJ.exe
4376	KPWYVYp.exe
1436	AtbRliv.exe
748	cmeLCgY.exe
1072	nNkFSiq.exe
4856	DRoZnqj.exe
5072	HOBRlKX.exe
3228	pnhYHvs.exe
2008	RUlDPOn.exe
3996	IkIiukN.exe
2252	VWYVNQB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/428-0-0x00007FF7A1320000-0x00007FF7A1712000-memory.dmp	upx
behavioral2/files/0x000a000000023ba3-76.dat	upx
behavioral2/files/0x000a000000023bba-153.dat	upx
behavioral2/files/0x000a000000023bae-194.dat	upx
behavioral2/memory/3312-262-0x00007FF72BFE0000-0x00007FF72C3D2000-memory.dmp	upx
behavioral2/memory/3248-321-0x00007FF6E6870000-0x00007FF6E6C62000-memory.dmp	upx
behavioral2/memory/4608-340-0x00007FF6C4340000-0x00007FF6C4732000-memory.dmp	upx
behavioral2/memory/4680-352-0x00007FF6833E0000-0x00007FF6837D2000-memory.dmp	upx
behavioral2/memory/4712-358-0x00007FF6B3A30000-0x00007FF6B3E22000-memory.dmp	upx
behavioral2/memory/1348-381-0x00007FF704630000-0x00007FF704A22000-memory.dmp	upx
behavioral2/memory/2884-391-0x00007FF7D5D60000-0x00007FF7D6152000-memory.dmp	upx
behavioral2/memory/4948-390-0x00007FF7FF6D0000-0x00007FF7FFAC2000-memory.dmp	upx
behavioral2/memory/776-389-0x00007FF71E530000-0x00007FF71E922000-memory.dmp	upx
behavioral2/memory/840-356-0x00007FF671040000-0x00007FF671432000-memory.dmp	upx
behavioral2/memory/4348-355-0x00007FF663590000-0x00007FF663982000-memory.dmp	upx
behavioral2/memory/4648-354-0x00007FF7D41E0000-0x00007FF7D45D2000-memory.dmp	upx
behavioral2/memory/2880-351-0x00007FF7D4C40000-0x00007FF7D5032000-memory.dmp	upx
behavioral2/memory/2736-282-0x00007FF757990000-0x00007FF757D82000-memory.dmp	upx
behavioral2/memory/1608-243-0x00007FF666EB0000-0x00007FF6672A2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc1-212.dat	upx
behavioral2/memory/2220-207-0x00007FF6AC770000-0x00007FF6ACB62000-memory.dmp	upx
behavioral2/files/0x0031000000023bbe-202.dat	upx
behavioral2/files/0x000a000000023bb0-199.dat	upx
behavioral2/memory/1060-197-0x00007FF713550000-0x00007FF713942000-memory.dmp	upx
behavioral2/files/0x0031000000023bbd-196.dat	upx
behavioral2/files/0x000b000000023bb3-193.dat	upx
behavioral2/files/0x000a000000023bad-186.dat	upx
behavioral2/files/0x000a000000023bac-181.dat	upx
behavioral2/files/0x000a000000023bab-173.dat	upx
behavioral2/files/0x000a000000023bb4-169.dat	upx
behavioral2/files/0x000a000000023bc0-209.dat	upx
behavioral2/files/0x000a000000023ba9-159.dat	upx
behavioral2/files/0x000a000000023bbf-203.dat	upx
behavioral2/files/0x000a000000023bbb-158.dat	upx
behavioral2/files/0x000a000000023baf-157.dat	upx
behavioral2/memory/3124-154-0x00007FF743E70000-0x00007FF744262000-memory.dmp	upx
behavioral2/files/0x000a000000023bb9-152.dat	upx
behavioral2/files/0x000a000000023bb8-147.dat	upx
behavioral2/files/0x000a000000023bb7-146.dat	upx
behavioral2/files/0x000a000000023ba7-144.dat	upx
behavioral2/files/0x000a000000023bb6-143.dat	upx
behavioral2/files/0x000a000000023bb5-142.dat	upx
behavioral2/files/0x0031000000023bbc-167.dat	upx
behavioral2/files/0x000a000000023ba5-137.dat	upx
behavioral2/files/0x000a000000023bb1-130.dat	upx
behavioral2/memory/4692-122-0x00007FF65F130000-0x00007FF65F522000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-120.dat	upx
behavioral2/files/0x000a000000023ba6-105.dat	upx
behavioral2/files/0x000a000000023ba2-103.dat	upx
behavioral2/files/0x000a000000023baa-141.dat	upx
behavioral2/files/0x000a000000023ba0-91.dat	upx
behavioral2/files/0x000a000000023ba4-79.dat	upx
behavioral2/files/0x000a000000023ba1-78.dat	upx
behavioral2/memory/4708-71-0x00007FF7E7A30000-0x00007FF7E7E22000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-85.dat	upx
behavioral2/memory/4900-55-0x00007FF6D2D70000-0x00007FF6D3162000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-52.dat	upx
behavioral2/files/0x000a000000023b9e-57.dat	upx
behavioral2/files/0x000a000000023b9d-38.dat	upx
behavioral2/memory/2716-35-0x00007FF741270000-0x00007FF741662000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-34.dat	upx
behavioral2/memory/1856-30-0x00007FF76F7C0000-0x00007FF76FBB2000-memory.dmp	upx
behavioral2/files/0x000c000000023b91-24.dat	upx
behavioral2/memory/676-19-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CtHLSPC.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\rGnoCvE.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\SZTTTNJ.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\bGQEKtR.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\IRSLlcQ.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\ILnvXGA.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\tXyJPFt.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\QNamZuW.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\uIipTaT.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\aEMqUAH.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\LkeatfR.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\ydCPVAU.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\uBhCMfp.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\WEzEIRG.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\rrhqAtE.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\vaHbZVs.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\EucvQtB.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\TqYPjBL.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\BBziymR.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\MYLcfYt.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\OKLgxaI.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\kiwGrHc.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\bEBGdAt.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\ZsGjrWv.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\lshOntG.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\MHgNWHH.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\fJNTYFD.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\lCvboCb.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\aeCaRez.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\YByrckK.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\bTthcuB.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\lczTYYM.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\AuyBpEb.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\yEYspHM.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\XlOKdHP.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\ndnYvim.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\cZhfQds.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\SBPagSi.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\DOsLOdb.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\cCOdvGD.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\YWbhzKl.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\EeCLNXB.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\MomqJqD.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\GARCVFo.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\pzyLJYZ.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\SNrhAiw.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\mmLVNrh.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\mkSdPhc.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\fXXZPWl.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\yRcreSk.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\zpDIZiz.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\RRAubUJ.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\RPKDodi.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\dGrWaYP.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\unUJYsG.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\NblBuwO.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\qhdhPvO.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\YDZZSYA.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\Igfpacw.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\rsbRCNy.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\SIudkFw.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\wkahObZ.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\xGzrmql.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
File created	C:\Windows\System\KymaxCa.exe	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1876	powershell.exe
1876	powershell.exe
1876	powershell.exe
1876	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
Token: SeDebugPrivilege	1876	powershell.exe
Token: SeLockMemoryPrivilege	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 1876	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	84
PID 428 wrote to memory of 1876	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	84
PID 428 wrote to memory of 676	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	85
PID 428 wrote to memory of 676	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	85
PID 428 wrote to memory of 840	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	86
PID 428 wrote to memory of 840	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	86
PID 428 wrote to memory of 4900	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	87
PID 428 wrote to memory of 4900	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	87
PID 428 wrote to memory of 1856	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	88
PID 428 wrote to memory of 1856	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	88
PID 428 wrote to memory of 2716	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	89
PID 428 wrote to memory of 2716	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	89
PID 428 wrote to memory of 4708	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	90
PID 428 wrote to memory of 4708	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	90
PID 428 wrote to memory of 4692	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	91
PID 428 wrote to memory of 4692	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	91
PID 428 wrote to memory of 4712	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	92
PID 428 wrote to memory of 4712	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	92
PID 428 wrote to memory of 1348	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	93
PID 428 wrote to memory of 1348	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	93
PID 428 wrote to memory of 3124	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	94
PID 428 wrote to memory of 3124	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	94
PID 428 wrote to memory of 4948	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	95
PID 428 wrote to memory of 4948	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	95
PID 428 wrote to memory of 776	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	96
PID 428 wrote to memory of 776	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	96
PID 428 wrote to memory of 1060	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	97
PID 428 wrote to memory of 1060	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	97
PID 428 wrote to memory of 2220	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	98
PID 428 wrote to memory of 2220	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	98
PID 428 wrote to memory of 1608	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	99
PID 428 wrote to memory of 1608	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	99
PID 428 wrote to memory of 3312	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	100
PID 428 wrote to memory of 3312	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	100
PID 428 wrote to memory of 2736	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	101
PID 428 wrote to memory of 2736	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	101
PID 428 wrote to memory of 4404	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	102
PID 428 wrote to memory of 4404	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	102
PID 428 wrote to memory of 3248	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	103
PID 428 wrote to memory of 3248	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	103
PID 428 wrote to memory of 4608	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	104
PID 428 wrote to memory of 4608	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	104
PID 428 wrote to memory of 2880	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	105
PID 428 wrote to memory of 2880	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	105
PID 428 wrote to memory of 4680	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	106
PID 428 wrote to memory of 4680	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	106
PID 428 wrote to memory of 2396	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	107
PID 428 wrote to memory of 2396	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	107
PID 428 wrote to memory of 2884	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	108
PID 428 wrote to memory of 2884	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	108
PID 428 wrote to memory of 4648	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	109
PID 428 wrote to memory of 4648	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	109
PID 428 wrote to memory of 4348	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	110
PID 428 wrote to memory of 4348	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	110
PID 428 wrote to memory of 4452	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	111
PID 428 wrote to memory of 4452	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	111
PID 428 wrote to memory of 1408	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	112
PID 428 wrote to memory of 1408	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	112
PID 428 wrote to memory of 1904	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	113
PID 428 wrote to memory of 1904	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	113
PID 428 wrote to memory of 4808	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	114
PID 428 wrote to memory of 4808	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	114
PID 428 wrote to memory of 2260	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	115
PID 428 wrote to memory of 2260	428	224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1876
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1876" "2968" "2900" "2972" "0" "0" "2976" "0" "0" "0" "0" "0"
    3⤵
    PID:12380
- C:\Windows\System\UqSXsrT.exe
  C:\Windows\System\UqSXsrT.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\tSQtNIg.exe
  C:\Windows\System\tSQtNIg.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\RjmTNPT.exe
  C:\Windows\System\RjmTNPT.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\FlXKStL.exe
  C:\Windows\System\FlXKStL.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\XlOKdHP.exe
  C:\Windows\System\XlOKdHP.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ftpWGxb.exe
  C:\Windows\System\ftpWGxb.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\TRvHAAe.exe
  C:\Windows\System\TRvHAAe.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\qKQAEtZ.exe
  C:\Windows\System\qKQAEtZ.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\MeePtCW.exe
  C:\Windows\System\MeePtCW.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\zfhTFEj.exe
  C:\Windows\System\zfhTFEj.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\eyCJQrZ.exe
  C:\Windows\System\eyCJQrZ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\xjiOYHI.exe
  C:\Windows\System\xjiOYHI.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\UDJMiJg.exe
  C:\Windows\System\UDJMiJg.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\zIGEOjn.exe
  C:\Windows\System\zIGEOjn.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\omLMevE.exe
  C:\Windows\System\omLMevE.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\JGmnjRX.exe
  C:\Windows\System\JGmnjRX.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\iRHKsyL.exe
  C:\Windows\System\iRHKsyL.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\mbbfrCL.exe
  C:\Windows\System\mbbfrCL.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\lVTvHPr.exe
  C:\Windows\System\lVTvHPr.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\PifnPRX.exe
  C:\Windows\System\PifnPRX.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\FScxDxF.exe
  C:\Windows\System\FScxDxF.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\lkpusAq.exe
  C:\Windows\System\lkpusAq.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\YltbkAZ.exe
  C:\Windows\System\YltbkAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\hBIxgFt.exe
  C:\Windows\System\hBIxgFt.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\tRlNJMf.exe
  C:\Windows\System\tRlNJMf.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\YrgOeDw.exe
  C:\Windows\System\YrgOeDw.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\ORFXWPh.exe
  C:\Windows\System\ORFXWPh.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\XvnPgUi.exe
  C:\Windows\System\XvnPgUi.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\WPOslJf.exe
  C:\Windows\System\WPOslJf.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\TRsEYIw.exe
  C:\Windows\System\TRsEYIw.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\yaQixiF.exe
  C:\Windows\System\yaQixiF.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\AivifkE.exe
  C:\Windows\System\AivifkE.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\NLscOqE.exe
  C:\Windows\System\NLscOqE.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\UNXEKmn.exe
  C:\Windows\System\UNXEKmn.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\aXZNsDL.exe
  C:\Windows\System\aXZNsDL.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\KSLOcBT.exe
  C:\Windows\System\KSLOcBT.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\QfIwaHJ.exe
  C:\Windows\System\QfIwaHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\ogQhwTJ.exe
  C:\Windows\System\ogQhwTJ.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\gssdNPi.exe
  C:\Windows\System\gssdNPi.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\BMbxKtr.exe
  C:\Windows\System\BMbxKtr.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ImmadTd.exe
  C:\Windows\System\ImmadTd.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\wNZKUEq.exe
  C:\Windows\System\wNZKUEq.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\MZTYvVh.exe
  C:\Windows\System\MZTYvVh.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\fTRGKLm.exe
  C:\Windows\System\fTRGKLm.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\rNcASaN.exe
  C:\Windows\System\rNcASaN.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\mQCXNCm.exe
  C:\Windows\System\mQCXNCm.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\evYfLkr.exe
  C:\Windows\System\evYfLkr.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\xokafTL.exe
  C:\Windows\System\xokafTL.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\LyxqPpo.exe
  C:\Windows\System\LyxqPpo.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\uqVkKVp.exe
  C:\Windows\System\uqVkKVp.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\AGSoQpT.exe
  C:\Windows\System\AGSoQpT.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\RUlDPOn.exe
  C:\Windows\System\RUlDPOn.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LKEquix.exe
  C:\Windows\System\LKEquix.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\yiMNIzf.exe
  C:\Windows\System\yiMNIzf.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\CzHUzGJ.exe
  C:\Windows\System\CzHUzGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\KPWYVYp.exe
  C:\Windows\System\KPWYVYp.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\AtbRliv.exe
  C:\Windows\System\AtbRliv.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\cmeLCgY.exe
  C:\Windows\System\cmeLCgY.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\nNkFSiq.exe
  C:\Windows\System\nNkFSiq.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\IkIiukN.exe
  C:\Windows\System\IkIiukN.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\DRoZnqj.exe
  C:\Windows\System\DRoZnqj.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\HOBRlKX.exe
  C:\Windows\System\HOBRlKX.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\pnhYHvs.exe
  C:\Windows\System\pnhYHvs.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\VWYVNQB.exe
  C:\Windows\System\VWYVNQB.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\MAQqYGd.exe
  C:\Windows\System\MAQqYGd.exe
  2⤵
  PID:2360
- C:\Windows\System\rVhMBug.exe
  C:\Windows\System\rVhMBug.exe
  2⤵
  PID:3700
- C:\Windows\System\aAXMUil.exe
  C:\Windows\System\aAXMUil.exe
  2⤵
  PID:2760
- C:\Windows\System\gkIyKSa.exe
  C:\Windows\System\gkIyKSa.exe
  2⤵
  PID:664
- C:\Windows\System\kiwGrHc.exe
  C:\Windows\System\kiwGrHc.exe
  2⤵
  PID:1448
- C:\Windows\System\WTvdWgq.exe
  C:\Windows\System\WTvdWgq.exe
  2⤵
  PID:3056
- C:\Windows\System\uPdbZnh.exe
  C:\Windows\System\uPdbZnh.exe
  2⤵
  PID:3328
- C:\Windows\System\Zljptsy.exe
  C:\Windows\System\Zljptsy.exe
  2⤵
  PID:3236
- C:\Windows\System\bcgrdQI.exe
  C:\Windows\System\bcgrdQI.exe
  2⤵
  PID:3504
- C:\Windows\System\NVBTaqf.exe
  C:\Windows\System\NVBTaqf.exe
  2⤵
  PID:5048
- C:\Windows\System\YByrckK.exe
  C:\Windows\System\YByrckK.exe
  2⤵
  PID:5128
- C:\Windows\System\lbEBjGL.exe
  C:\Windows\System\lbEBjGL.exe
  2⤵
  PID:5156
- C:\Windows\System\nUWIcJA.exe
  C:\Windows\System\nUWIcJA.exe
  2⤵
  PID:5180
- C:\Windows\System\TRgnpEd.exe
  C:\Windows\System\TRgnpEd.exe
  2⤵
  PID:5224
- C:\Windows\System\DWoXNEV.exe
  C:\Windows\System\DWoXNEV.exe
  2⤵
  PID:5248
- C:\Windows\System\ipOjHbF.exe
  C:\Windows\System\ipOjHbF.exe
  2⤵
  PID:5272
- C:\Windows\System\oBDZlzK.exe
  C:\Windows\System\oBDZlzK.exe
  2⤵
  PID:5292
- C:\Windows\System\wUocKrL.exe
  C:\Windows\System\wUocKrL.exe
  2⤵
  PID:5324
- C:\Windows\System\pjarSPL.exe
  C:\Windows\System\pjarSPL.exe
  2⤵
  PID:5344
- C:\Windows\System\tJRqZXJ.exe
  C:\Windows\System\tJRqZXJ.exe
  2⤵
  PID:5360
- C:\Windows\System\dguJEiJ.exe
  C:\Windows\System\dguJEiJ.exe
  2⤵
  PID:5376
- C:\Windows\System\ezVOlli.exe
  C:\Windows\System\ezVOlli.exe
  2⤵
  PID:5496
- C:\Windows\System\WGXRnHC.exe
  C:\Windows\System\WGXRnHC.exe
  2⤵
  PID:5512
- C:\Windows\System\ZagAEKh.exe
  C:\Windows\System\ZagAEKh.exe
  2⤵
  PID:5532
- C:\Windows\System\LKOLXVX.exe
  C:\Windows\System\LKOLXVX.exe
  2⤵
  PID:5548
- C:\Windows\System\oJDArqR.exe
  C:\Windows\System\oJDArqR.exe
  2⤵
  PID:5564
- C:\Windows\System\pnHgNAT.exe
  C:\Windows\System\pnHgNAT.exe
  2⤵
  PID:5580
- C:\Windows\System\fzUnlTK.exe
  C:\Windows\System\fzUnlTK.exe
  2⤵
  PID:5604
- C:\Windows\System\RLLNWgS.exe
  C:\Windows\System\RLLNWgS.exe
  2⤵
  PID:5624
- C:\Windows\System\SIudkFw.exe
  C:\Windows\System\SIudkFw.exe
  2⤵
  PID:5860
- C:\Windows\System\UsnjdOT.exe
  C:\Windows\System\UsnjdOT.exe
  2⤵
  PID:5880
- C:\Windows\System\puAzdwc.exe
  C:\Windows\System\puAzdwc.exe
  2⤵
  PID:5904
- C:\Windows\System\vbgQhHi.exe
  C:\Windows\System\vbgQhHi.exe
  2⤵
  PID:5920
- C:\Windows\System\qmXZCYM.exe
  C:\Windows\System\qmXZCYM.exe
  2⤵
  PID:5936
- C:\Windows\System\XDNDGuy.exe
  C:\Windows\System\XDNDGuy.exe
  2⤵
  PID:1892
- C:\Windows\System\mbnOftZ.exe
  C:\Windows\System\mbnOftZ.exe
  2⤵
  PID:4260
- C:\Windows\System\CFfDGcF.exe
  C:\Windows\System\CFfDGcF.exe
  2⤵
  PID:568
- C:\Windows\System\szMAfJk.exe
  C:\Windows\System\szMAfJk.exe
  2⤵
  PID:2868
- C:\Windows\System\bCynPgK.exe
  C:\Windows\System\bCynPgK.exe
  2⤵
  PID:388
- C:\Windows\System\PpVYYnY.exe
  C:\Windows\System\PpVYYnY.exe
  2⤵
  PID:2936
- C:\Windows\System\jYJdWyM.exe
  C:\Windows\System\jYJdWyM.exe
  2⤵
  PID:2328
- C:\Windows\System\norhvAI.exe
  C:\Windows\System\norhvAI.exe
  2⤵
  PID:5192
- C:\Windows\System\CZNZJEg.exe
  C:\Windows\System\CZNZJEg.exe
  2⤵
  PID:5264
- C:\Windows\System\UjQDDuX.exe
  C:\Windows\System\UjQDDuX.exe
  2⤵
  PID:5400
- C:\Windows\System\yFhcAah.exe
  C:\Windows\System\yFhcAah.exe
  2⤵
  PID:5368
- C:\Windows\System\zMxIJpi.exe
  C:\Windows\System\zMxIJpi.exe
  2⤵
  PID:5168
- C:\Windows\System\YcsaNcw.exe
  C:\Windows\System\YcsaNcw.exe
  2⤵
  PID:5388
- C:\Windows\System\nsWZhyP.exe
  C:\Windows\System\nsWZhyP.exe
  2⤵
  PID:5476
- C:\Windows\System\HgUvfsy.exe
  C:\Windows\System\HgUvfsy.exe
  2⤵
  PID:5528
- C:\Windows\System\IhdPFWN.exe
  C:\Windows\System\IhdPFWN.exe
  2⤵
  PID:4804
- C:\Windows\System\Xzddgln.exe
  C:\Windows\System\Xzddgln.exe
  2⤵
  PID:5616
- C:\Windows\System\ZJZGFzM.exe
  C:\Windows\System\ZJZGFzM.exe
  2⤵
  PID:5708
- C:\Windows\System\UJcRoFU.exe
  C:\Windows\System\UJcRoFU.exe
  2⤵
  PID:4668
- C:\Windows\System\gTzFDvv.exe
  C:\Windows\System\gTzFDvv.exe
  2⤵
  PID:5832
- C:\Windows\System\coFcbCX.exe
  C:\Windows\System\coFcbCX.exe
  2⤵
  PID:5888
- C:\Windows\System\tXFkVVW.exe
  C:\Windows\System\tXFkVVW.exe
  2⤵
  PID:5932
- C:\Windows\System\maBFERl.exe
  C:\Windows\System\maBFERl.exe
  2⤵
  PID:6020
- C:\Windows\System\hsmBFkb.exe
  C:\Windows\System\hsmBFkb.exe
  2⤵
  PID:6104
- C:\Windows\System\rATJvBm.exe
  C:\Windows\System\rATJvBm.exe
  2⤵
  PID:1112
- C:\Windows\System\DPmlAHw.exe
  C:\Windows\System\DPmlAHw.exe
  2⤵
  PID:4652
- C:\Windows\System\CLNPchS.exe
  C:\Windows\System\CLNPchS.exe
  2⤵
  PID:704
- C:\Windows\System\uZToCUk.exe
  C:\Windows\System\uZToCUk.exe
  2⤵
  PID:2380
- C:\Windows\System\AarFmql.exe
  C:\Windows\System\AarFmql.exe
  2⤵
  PID:1368
- C:\Windows\System\fGWtZdg.exe
  C:\Windows\System\fGWtZdg.exe
  2⤵
  PID:1140
- C:\Windows\System\oHSpuVO.exe
  C:\Windows\System\oHSpuVO.exe
  2⤵
  PID:4220
- C:\Windows\System\ApgrZse.exe
  C:\Windows\System\ApgrZse.exe
  2⤵
  PID:1884
- C:\Windows\System\mjuHCVB.exe
  C:\Windows\System\mjuHCVB.exe
  2⤵
  PID:2232
- C:\Windows\System\yrPDMJt.exe
  C:\Windows\System\yrPDMJt.exe
  2⤵
  PID:3820
- C:\Windows\System\LgmAmyj.exe
  C:\Windows\System\LgmAmyj.exe
  2⤵
  PID:736
- C:\Windows\System\MYLcfYt.exe
  C:\Windows\System\MYLcfYt.exe
  2⤵
  PID:2368
- C:\Windows\System\NUkLYUy.exe
  C:\Windows\System\NUkLYUy.exe
  2⤵
  PID:5056
- C:\Windows\System\LtNdmFU.exe
  C:\Windows\System\LtNdmFU.exe
  2⤵
  PID:2200
- C:\Windows\System\GmgYETZ.exe
  C:\Windows\System\GmgYETZ.exe
  2⤵
  PID:3440
- C:\Windows\System\WtptkYt.exe
  C:\Windows\System\WtptkYt.exe
  2⤵
  PID:5760
- C:\Windows\System\zpCXDwE.exe
  C:\Windows\System\zpCXDwE.exe
  2⤵
  PID:6080
- C:\Windows\System\GDwsVzh.exe
  C:\Windows\System\GDwsVzh.exe
  2⤵
  PID:4700
- C:\Windows\System\wvnCeBM.exe
  C:\Windows\System\wvnCeBM.exe
  2⤵
  PID:4656
- C:\Windows\System\AhHaKQH.exe
  C:\Windows\System\AhHaKQH.exe
  2⤵
  PID:5080
- C:\Windows\System\nJjXSPw.exe
  C:\Windows\System\nJjXSPw.exe
  2⤵
  PID:5148
- C:\Windows\System\ZFGdjxg.exe
  C:\Windows\System\ZFGdjxg.exe
  2⤵
  PID:652
- C:\Windows\System\ylwyzBc.exe
  C:\Windows\System\ylwyzBc.exe
  2⤵
  PID:5308
- C:\Windows\System\CSJEhow.exe
  C:\Windows\System\CSJEhow.exe
  2⤵
  PID:5456
- C:\Windows\System\DWBWJvH.exe
  C:\Windows\System\DWBWJvH.exe
  2⤵
  PID:5824
- C:\Windows\System\cMpxOam.exe
  C:\Windows\System\cMpxOam.exe
  2⤵
  PID:5916
- C:\Windows\System\csrDsXy.exe
  C:\Windows\System\csrDsXy.exe
  2⤵
  PID:6048
- C:\Windows\System\OSXqbUB.exe
  C:\Windows\System\OSXqbUB.exe
  2⤵
  PID:5876
- C:\Windows\System\cjFMEjx.exe
  C:\Windows\System\cjFMEjx.exe
  2⤵
  PID:1740
- C:\Windows\System\gpmRwjm.exe
  C:\Windows\System\gpmRwjm.exe
  2⤵
  PID:6120
- C:\Windows\System\ZahezNu.exe
  C:\Windows\System\ZahezNu.exe
  2⤵
  PID:1332
- C:\Windows\System\uMUVMYm.exe
  C:\Windows\System\uMUVMYm.exe
  2⤵
  PID:2300
- C:\Windows\System\uXsroct.exe
  C:\Windows\System\uXsroct.exe
  2⤵
  PID:4148
- C:\Windows\System\ydXlQCa.exe
  C:\Windows\System\ydXlQCa.exe
  2⤵
  PID:832
- C:\Windows\System\Xcownze.exe
  C:\Windows\System\Xcownze.exe
  2⤵
  PID:4892
- C:\Windows\System\CjAXeED.exe
  C:\Windows\System\CjAXeED.exe
  2⤵
  PID:2968
- C:\Windows\System\OFcrDzT.exe
  C:\Windows\System\OFcrDzT.exe
  2⤵
  PID:5952
- C:\Windows\System\XPTuLsR.exe
  C:\Windows\System\XPTuLsR.exe
  2⤵
  PID:5576
- C:\Windows\System\RHFnjRe.exe
  C:\Windows\System\RHFnjRe.exe
  2⤵
  PID:6088
- C:\Windows\System\phqRiqP.exe
  C:\Windows\System\phqRiqP.exe
  2⤵
  PID:5656
- C:\Windows\System\upIAhRi.exe
  C:\Windows\System\upIAhRi.exe
  2⤵
  PID:6160
- C:\Windows\System\KHlnlvz.exe
  C:\Windows\System\KHlnlvz.exe
  2⤵
  PID:6184
- C:\Windows\System\ewmYSta.exe
  C:\Windows\System\ewmYSta.exe
  2⤵
  PID:6204
- C:\Windows\System\FeuIUUm.exe
  C:\Windows\System\FeuIUUm.exe
  2⤵
  PID:6228
- C:\Windows\System\SzGCDJR.exe
  C:\Windows\System\SzGCDJR.exe
  2⤵
  PID:6256
- C:\Windows\System\MVvYhAX.exe
  C:\Windows\System\MVvYhAX.exe
  2⤵
  PID:6276
- C:\Windows\System\eqBwCvr.exe
  C:\Windows\System\eqBwCvr.exe
  2⤵
  PID:6300
- C:\Windows\System\BkQbbYE.exe
  C:\Windows\System\BkQbbYE.exe
  2⤵
  PID:6324
- C:\Windows\System\TyKpSKZ.exe
  C:\Windows\System\TyKpSKZ.exe
  2⤵
  PID:6340
- C:\Windows\System\EnIdegO.exe
  C:\Windows\System\EnIdegO.exe
  2⤵
  PID:6360
- C:\Windows\System\SCwciiS.exe
  C:\Windows\System\SCwciiS.exe
  2⤵
  PID:6384
- C:\Windows\System\zYBmXtx.exe
  C:\Windows\System\zYBmXtx.exe
  2⤵
  PID:6400
- C:\Windows\System\ShlSZab.exe
  C:\Windows\System\ShlSZab.exe
  2⤵
  PID:6428
- C:\Windows\System\fkXDzKo.exe
  C:\Windows\System\fkXDzKo.exe
  2⤵
  PID:6452
- C:\Windows\System\vqjYRRn.exe
  C:\Windows\System\vqjYRRn.exe
  2⤵
  PID:6468
- C:\Windows\System\MGBEsSv.exe
  C:\Windows\System\MGBEsSv.exe
  2⤵
  PID:6500
- C:\Windows\System\dtHGLhA.exe
  C:\Windows\System\dtHGLhA.exe
  2⤵
  PID:6516
- C:\Windows\System\VKrisdJ.exe
  C:\Windows\System\VKrisdJ.exe
  2⤵
  PID:6540
- C:\Windows\System\QRjvLIX.exe
  C:\Windows\System\QRjvLIX.exe
  2⤵
  PID:6560
- C:\Windows\System\nUTRAlB.exe
  C:\Windows\System\nUTRAlB.exe
  2⤵
  PID:6580
- C:\Windows\System\qEoBFfQ.exe
  C:\Windows\System\qEoBFfQ.exe
  2⤵
  PID:6608
- C:\Windows\System\uwgGBOQ.exe
  C:\Windows\System\uwgGBOQ.exe
  2⤵
  PID:6628
- C:\Windows\System\grkXddF.exe
  C:\Windows\System\grkXddF.exe
  2⤵
  PID:6648
- C:\Windows\System\IMpVEsv.exe
  C:\Windows\System\IMpVEsv.exe
  2⤵
  PID:6672
- C:\Windows\System\VkSPkrL.exe
  C:\Windows\System\VkSPkrL.exe
  2⤵
  PID:6692
- C:\Windows\System\TuypBkZ.exe
  C:\Windows\System\TuypBkZ.exe
  2⤵
  PID:6716
- C:\Windows\System\WnpwlkC.exe
  C:\Windows\System\WnpwlkC.exe
  2⤵
  PID:6736
- C:\Windows\System\mYCQtsR.exe
  C:\Windows\System\mYCQtsR.exe
  2⤵
  PID:6760
- C:\Windows\System\YhiazGt.exe
  C:\Windows\System\YhiazGt.exe
  2⤵
  PID:6776
- C:\Windows\System\DETfdDU.exe
  C:\Windows\System\DETfdDU.exe
  2⤵
  PID:6800
- C:\Windows\System\oQldbLC.exe
  C:\Windows\System\oQldbLC.exe
  2⤵
  PID:6820
- C:\Windows\System\PKfgRtB.exe
  C:\Windows\System\PKfgRtB.exe
  2⤵
  PID:6848
- C:\Windows\System\ggpxRsd.exe
  C:\Windows\System\ggpxRsd.exe
  2⤵
  PID:6868
- C:\Windows\System\YxsEtSO.exe
  C:\Windows\System\YxsEtSO.exe
  2⤵
  PID:6892
- C:\Windows\System\sIKBANv.exe
  C:\Windows\System\sIKBANv.exe
  2⤵
  PID:6908
- C:\Windows\System\ndnYvim.exe
  C:\Windows\System\ndnYvim.exe
  2⤵
  PID:6928
- C:\Windows\System\MGxAlfP.exe
  C:\Windows\System\MGxAlfP.exe
  2⤵
  PID:6948
- C:\Windows\System\XjarQLn.exe
  C:\Windows\System\XjarQLn.exe
  2⤵
  PID:6980
- C:\Windows\System\tzABgZx.exe
  C:\Windows\System\tzABgZx.exe
  2⤵
  PID:6996
- C:\Windows\System\JaUuFyz.exe
  C:\Windows\System\JaUuFyz.exe
  2⤵
  PID:7024
- C:\Windows\System\lvMOSJM.exe
  C:\Windows\System\lvMOSJM.exe
  2⤵
  PID:7040
- C:\Windows\System\SPUAVNq.exe
  C:\Windows\System\SPUAVNq.exe
  2⤵
  PID:7064
- C:\Windows\System\fvWCQJG.exe
  C:\Windows\System\fvWCQJG.exe
  2⤵
  PID:7092
- C:\Windows\System\oJYTwNb.exe
  C:\Windows\System\oJYTwNb.exe
  2⤵
  PID:7112
- C:\Windows\System\TAOXOIf.exe
  C:\Windows\System\TAOXOIf.exe
  2⤵
  PID:7136
- C:\Windows\System\uaxWPuY.exe
  C:\Windows\System\uaxWPuY.exe
  2⤵
  PID:7152
- C:\Windows\System\cZhfQds.exe
  C:\Windows\System\cZhfQds.exe
  2⤵
  PID:5956
- C:\Windows\System\NesLQdi.exe
  C:\Windows\System\NesLQdi.exe
  2⤵
  PID:3376
- C:\Windows\System\sjvIpTx.exe
  C:\Windows\System\sjvIpTx.exe
  2⤵
  PID:6224
- C:\Windows\System\ubltBvy.exe
  C:\Windows\System\ubltBvy.exe
  2⤵
  PID:4788
- C:\Windows\System\oRThtwU.exe
  C:\Windows\System\oRThtwU.exe
  2⤵
  PID:5668
- C:\Windows\System\bJefnRX.exe
  C:\Windows\System\bJefnRX.exe
  2⤵
  PID:6356
- C:\Windows\System\mnlHWFk.exe
  C:\Windows\System\mnlHWFk.exe
  2⤵
  PID:6408
- C:\Windows\System\olItpXM.exe
  C:\Windows\System\olItpXM.exe
  2⤵
  PID:4076
- C:\Windows\System\DXAOxxE.exe
  C:\Windows\System\DXAOxxE.exe
  2⤵
  PID:6624
- C:\Windows\System\OZVwdxF.exe
  C:\Windows\System\OZVwdxF.exe
  2⤵
  PID:6684
- C:\Windows\System\RoUpnJh.exe
  C:\Windows\System\RoUpnJh.exe
  2⤵
  PID:6712
- C:\Windows\System\OUnPOsF.exe
  C:\Windows\System\OUnPOsF.exe
  2⤵
  PID:6436
- C:\Windows\System\XnUzIFP.exe
  C:\Windows\System\XnUzIFP.exe
  2⤵
  PID:332
- C:\Windows\System\GlEJXgm.exe
  C:\Windows\System\GlEJXgm.exe
  2⤵
  PID:6524
- C:\Windows\System\cCOdvGD.exe
  C:\Windows\System\cCOdvGD.exe
  2⤵
  PID:6536
- C:\Windows\System\sqKYtHX.exe
  C:\Windows\System\sqKYtHX.exe
  2⤵
  PID:6644
- C:\Windows\System\oGTMGOq.exe
  C:\Windows\System\oGTMGOq.exe
  2⤵
  PID:6992
- C:\Windows\System\PtskGTK.exe
  C:\Windows\System\PtskGTK.exe
  2⤵
  PID:7036
- C:\Windows\System\HoOjroT.exe
  C:\Windows\System\HoOjroT.exe
  2⤵
  PID:7076
- C:\Windows\System\DsMxgSY.exe
  C:\Windows\System\DsMxgSY.exe
  2⤵
  PID:7176
- C:\Windows\System\gVhADSp.exe
  C:\Windows\System\gVhADSp.exe
  2⤵
  PID:7200
- C:\Windows\System\yZhwKNv.exe
  C:\Windows\System\yZhwKNv.exe
  2⤵
  PID:7220
- C:\Windows\System\VwzRytU.exe
  C:\Windows\System\VwzRytU.exe
  2⤵
  PID:7248
- C:\Windows\System\LqjYiRf.exe
  C:\Windows\System\LqjYiRf.exe
  2⤵
  PID:7264
- C:\Windows\System\NPykbRB.exe
  C:\Windows\System\NPykbRB.exe
  2⤵
  PID:7288
- C:\Windows\System\ZDBzqfh.exe
  C:\Windows\System\ZDBzqfh.exe
  2⤵
  PID:7312
- C:\Windows\System\NtqPDEj.exe
  C:\Windows\System\NtqPDEj.exe
  2⤵
  PID:7332
- C:\Windows\System\tzlfHjR.exe
  C:\Windows\System\tzlfHjR.exe
  2⤵
  PID:7356
- C:\Windows\System\oiLmUVU.exe
  C:\Windows\System\oiLmUVU.exe
  2⤵
  PID:7376
- C:\Windows\System\cPNpPLT.exe
  C:\Windows\System\cPNpPLT.exe
  2⤵
  PID:7400
- C:\Windows\System\DSvXsph.exe
  C:\Windows\System\DSvXsph.exe
  2⤵
  PID:7424
- C:\Windows\System\WPPndxP.exe
  C:\Windows\System\WPPndxP.exe
  2⤵
  PID:7444
- C:\Windows\System\IDfpRMc.exe
  C:\Windows\System\IDfpRMc.exe
  2⤵
  PID:7464
- C:\Windows\System\rxZBbby.exe
  C:\Windows\System\rxZBbby.exe
  2⤵
  PID:7480
- C:\Windows\System\gRoxrMS.exe
  C:\Windows\System\gRoxrMS.exe
  2⤵
  PID:7508
- C:\Windows\System\SuiLapZ.exe
  C:\Windows\System\SuiLapZ.exe
  2⤵
  PID:7532
- C:\Windows\System\dHJMWTU.exe
  C:\Windows\System\dHJMWTU.exe
  2⤵
  PID:7552
- C:\Windows\System\SxMXgYn.exe
  C:\Windows\System\SxMXgYn.exe
  2⤵
  PID:7576
- C:\Windows\System\QcoipOc.exe
  C:\Windows\System\QcoipOc.exe
  2⤵
  PID:7596
- C:\Windows\System\NAtzmGD.exe
  C:\Windows\System\NAtzmGD.exe
  2⤵
  PID:7620
- C:\Windows\System\ebBoDLV.exe
  C:\Windows\System\ebBoDLV.exe
  2⤵
  PID:7640
- C:\Windows\System\ayXbTjM.exe
  C:\Windows\System\ayXbTjM.exe
  2⤵
  PID:7668
- C:\Windows\System\hCMsatW.exe
  C:\Windows\System\hCMsatW.exe
  2⤵
  PID:7688
- C:\Windows\System\XIeGnqq.exe
  C:\Windows\System\XIeGnqq.exe
  2⤵
  PID:7708
- C:\Windows\System\dFRwvOI.exe
  C:\Windows\System\dFRwvOI.exe
  2⤵
  PID:7732
- C:\Windows\System\tXyJPFt.exe
  C:\Windows\System\tXyJPFt.exe
  2⤵
  PID:7752
- C:\Windows\System\AoegSUg.exe
  C:\Windows\System\AoegSUg.exe
  2⤵
  PID:7772
- C:\Windows\System\Qczkyzo.exe
  C:\Windows\System\Qczkyzo.exe
  2⤵
  PID:7796
- C:\Windows\System\QNamZuW.exe
  C:\Windows\System\QNamZuW.exe
  2⤵
  PID:7820
- C:\Windows\System\nNtQtSK.exe
  C:\Windows\System\nNtQtSK.exe
  2⤵
  PID:7836
- C:\Windows\System\oifCwST.exe
  C:\Windows\System\oifCwST.exe
  2⤵
  PID:7860
- C:\Windows\System\nXNdDMX.exe
  C:\Windows\System\nXNdDMX.exe
  2⤵
  PID:7884
- C:\Windows\System\fKOYzIU.exe
  C:\Windows\System\fKOYzIU.exe
  2⤵
  PID:7900
- C:\Windows\System\KONAFKf.exe
  C:\Windows\System\KONAFKf.exe
  2⤵
  PID:7924
- C:\Windows\System\jvKyFbL.exe
  C:\Windows\System\jvKyFbL.exe
  2⤵
  PID:7948
- C:\Windows\System\FPXjhcH.exe
  C:\Windows\System\FPXjhcH.exe
  2⤵
  PID:7972
- C:\Windows\System\sMWPrkl.exe
  C:\Windows\System\sMWPrkl.exe
  2⤵
  PID:7992
- C:\Windows\System\JOGNazf.exe
  C:\Windows\System\JOGNazf.exe
  2⤵
  PID:8012
- C:\Windows\System\ovOculw.exe
  C:\Windows\System\ovOculw.exe
  2⤵
  PID:8032
- C:\Windows\System\jqWtLJq.exe
  C:\Windows\System\jqWtLJq.exe
  2⤵
  PID:8056
- C:\Windows\System\RRAubUJ.exe
  C:\Windows\System\RRAubUJ.exe
  2⤵
  PID:8088
- C:\Windows\System\JApElrj.exe
  C:\Windows\System\JApElrj.exe
  2⤵
  PID:8108
- C:\Windows\System\bvmAPax.exe
  C:\Windows\System\bvmAPax.exe
  2⤵
  PID:8136
- C:\Windows\System\iNzarSV.exe
  C:\Windows\System\iNzarSV.exe
  2⤵
  PID:8156
- C:\Windows\System\uwcVDWo.exe
  C:\Windows\System\uwcVDWo.exe
  2⤵
  PID:8180
- C:\Windows\System\WkDhTFW.exe
  C:\Windows\System\WkDhTFW.exe
  2⤵
  PID:7144
- C:\Windows\System\OKLgxaI.exe
  C:\Windows\System\OKLgxaI.exe
  2⤵
  PID:6484
- C:\Windows\System\pNnWSWt.exe
  C:\Windows\System\pNnWSWt.exe
  2⤵
  PID:6552
- C:\Windows\System\XIfptdP.exe
  C:\Windows\System\XIfptdP.exe
  2⤵
  PID:6352
- C:\Windows\System\wkahObZ.exe
  C:\Windows\System\wkahObZ.exe
  2⤵
  PID:6572
- C:\Windows\System\InyTbBZ.exe
  C:\Windows\System\InyTbBZ.exe
  2⤵
  PID:6876
- C:\Windows\System\mYFPhno.exe
  C:\Windows\System\mYFPhno.exe
  2⤵
  PID:6620
- C:\Windows\System\xbFOdIJ.exe
  C:\Windows\System\xbFOdIJ.exe
  2⤵
  PID:3712
- C:\Windows\System\sYxuLeN.exe
  C:\Windows\System\sYxuLeN.exe
  2⤵
  PID:5432
- C:\Windows\System\SvQBfkS.exe
  C:\Windows\System\SvQBfkS.exe
  2⤵
  PID:6988
- C:\Windows\System\myIOljj.exe
  C:\Windows\System\myIOljj.exe
  2⤵
  PID:6768
- C:\Windows\System\tvzIWXN.exe
  C:\Windows\System\tvzIWXN.exe
  2⤵
  PID:7208
- C:\Windows\System\BYVghOn.exe
  C:\Windows\System\BYVghOn.exe
  2⤵
  PID:7120
- C:\Windows\System\qHUjVzq.exe
  C:\Windows\System\qHUjVzq.exe
  2⤵
  PID:7148
- C:\Windows\System\LXToLNj.exe
  C:\Windows\System\LXToLNj.exe
  2⤵
  PID:7368
- C:\Windows\System\ChihkAh.exe
  C:\Windows\System\ChihkAh.exe
  2⤵
  PID:7388
- C:\Windows\System\jnWJyUr.exe
  C:\Windows\System\jnWJyUr.exe
  2⤵
  PID:6920
- C:\Windows\System\ONMdamt.exe
  C:\Windows\System\ONMdamt.exe
  2⤵
  PID:7452
- C:\Windows\System\jYnLtot.exe
  C:\Windows\System\jYnLtot.exe
  2⤵
  PID:7060
- C:\Windows\System\ArejQyk.exe
  C:\Windows\System\ArejQyk.exe
  2⤵
  PID:6748
- C:\Windows\System\PYuBbzz.exe
  C:\Windows\System\PYuBbzz.exe
  2⤵
  PID:7680
- C:\Windows\System\wVdRWih.exe
  C:\Windows\System\wVdRWih.exe
  2⤵
  PID:8216
- C:\Windows\System\EMfGQWc.exe
  C:\Windows\System\EMfGQWc.exe
  2⤵
  PID:8240
- C:\Windows\System\RsMsbZq.exe
  C:\Windows\System\RsMsbZq.exe
  2⤵
  PID:8268
- C:\Windows\System\vLsVdyg.exe
  C:\Windows\System\vLsVdyg.exe
  2⤵
  PID:8292
- C:\Windows\System\yRlExya.exe
  C:\Windows\System\yRlExya.exe
  2⤵
  PID:8320
- C:\Windows\System\qyzqmfr.exe
  C:\Windows\System\qyzqmfr.exe
  2⤵
  PID:8340
- C:\Windows\System\BuZmHkI.exe
  C:\Windows\System\BuZmHkI.exe
  2⤵
  PID:8364
- C:\Windows\System\ZWkMBWQ.exe
  C:\Windows\System\ZWkMBWQ.exe
  2⤵
  PID:8384
- C:\Windows\System\JreQQif.exe
  C:\Windows\System\JreQQif.exe
  2⤵
  PID:8408
- C:\Windows\System\OjHqQLT.exe
  C:\Windows\System\OjHqQLT.exe
  2⤵
  PID:8428
- C:\Windows\System\UwZLTEH.exe
  C:\Windows\System\UwZLTEH.exe
  2⤵
  PID:8448
- C:\Windows\System\fGzzzGC.exe
  C:\Windows\System\fGzzzGC.exe
  2⤵
  PID:8472
- C:\Windows\System\OiMWHzG.exe
  C:\Windows\System\OiMWHzG.exe
  2⤵
  PID:8492
- C:\Windows\System\WqewCGw.exe
  C:\Windows\System\WqewCGw.exe
  2⤵
  PID:8512
- C:\Windows\System\RPKDodi.exe
  C:\Windows\System\RPKDodi.exe
  2⤵
  PID:8540
- C:\Windows\System\VWvxVNA.exe
  C:\Windows\System\VWvxVNA.exe
  2⤵
  PID:8560
- C:\Windows\System\uIipTaT.exe
  C:\Windows\System\uIipTaT.exe
  2⤵
  PID:8584
- C:\Windows\System\LtmnaKT.exe
  C:\Windows\System\LtmnaKT.exe
  2⤵
  PID:8608
- C:\Windows\System\AqWDBig.exe
  C:\Windows\System\AqWDBig.exe
  2⤵
  PID:8628
- C:\Windows\System\xtBVLWT.exe
  C:\Windows\System\xtBVLWT.exe
  2⤵
  PID:8656
- C:\Windows\System\HaJczjd.exe
  C:\Windows\System\HaJczjd.exe
  2⤵
  PID:8672
- C:\Windows\System\XKULAmV.exe
  C:\Windows\System\XKULAmV.exe
  2⤵
  PID:8704
- C:\Windows\System\aEMqUAH.exe
  C:\Windows\System\aEMqUAH.exe
  2⤵
  PID:8720
- C:\Windows\System\RJcuWcI.exe
  C:\Windows\System\RJcuWcI.exe
  2⤵
  PID:8740
- C:\Windows\System\sDUjTjX.exe
  C:\Windows\System\sDUjTjX.exe
  2⤵
  PID:8760
- C:\Windows\System\wZWQuwC.exe
  C:\Windows\System\wZWQuwC.exe
  2⤵
  PID:8788
- C:\Windows\System\JCoTCDE.exe
  C:\Windows\System\JCoTCDE.exe
  2⤵
  PID:8816
- C:\Windows\System\iSqCJzT.exe
  C:\Windows\System\iSqCJzT.exe
  2⤵
  PID:8832
- C:\Windows\System\XOwhjMi.exe
  C:\Windows\System\XOwhjMi.exe
  2⤵
  PID:8856
- C:\Windows\System\ppjwMou.exe
  C:\Windows\System\ppjwMou.exe
  2⤵
  PID:8880
- C:\Windows\System\sJhGGKu.exe
  C:\Windows\System\sJhGGKu.exe
  2⤵
  PID:8900
- C:\Windows\System\lSEhJTH.exe
  C:\Windows\System\lSEhJTH.exe
  2⤵
  PID:8920
- C:\Windows\System\qDdUylS.exe
  C:\Windows\System\qDdUylS.exe
  2⤵
  PID:8948
- C:\Windows\System\RBSfTFc.exe
  C:\Windows\System\RBSfTFc.exe
  2⤵
  PID:8964
- C:\Windows\System\vVIKvtz.exe
  C:\Windows\System\vVIKvtz.exe
  2⤵
  PID:8988
- C:\Windows\System\gSTTIQA.exe
  C:\Windows\System\gSTTIQA.exe
  2⤵
  PID:9016
- C:\Windows\System\yELAtsu.exe
  C:\Windows\System\yELAtsu.exe
  2⤵
  PID:9044
- C:\Windows\System\sVhOXum.exe
  C:\Windows\System\sVhOXum.exe
  2⤵
  PID:9064
- C:\Windows\System\wNygNDl.exe
  C:\Windows\System\wNygNDl.exe
  2⤵
  PID:9092
- C:\Windows\System\unUJYsG.exe
  C:\Windows\System\unUJYsG.exe
  2⤵
  PID:9116
- C:\Windows\System\DtcufqL.exe
  C:\Windows\System\DtcufqL.exe
  2⤵
  PID:9132
- C:\Windows\System\rmokHPP.exe
  C:\Windows\System\rmokHPP.exe
  2⤵
  PID:9156
- C:\Windows\System\tvMIMuw.exe
  C:\Windows\System\tvMIMuw.exe
  2⤵
  PID:9180
- C:\Windows\System\NblBuwO.exe
  C:\Windows\System\NblBuwO.exe
  2⤵
  PID:9200
- C:\Windows\System\HynzlVI.exe
  C:\Windows\System\HynzlVI.exe
  2⤵
  PID:7724
- C:\Windows\System\bepoRCk.exe
  C:\Windows\System\bepoRCk.exe
  2⤵
  PID:7880
- C:\Windows\System\jBCHmdI.exe
  C:\Windows\System\jBCHmdI.exe
  2⤵
  PID:8068
- C:\Windows\System\xGzrmql.exe
  C:\Windows\System\xGzrmql.exe
  2⤵
  PID:7296
- C:\Windows\System\avYbeWO.exe
  C:\Windows\System\avYbeWO.exe
  2⤵
  PID:7328
- C:\Windows\System\rfmIiGN.exe
  C:\Windows\System\rfmIiGN.exe
  2⤵
  PID:5556
- C:\Windows\System\TiHPjsR.exe
  C:\Windows\System\TiHPjsR.exe
  2⤵
  PID:5640
- C:\Windows\System\tIUHIru.exe
  C:\Windows\System\tIUHIru.exe
  2⤵
  PID:6396
- C:\Windows\System\pwaEzUE.exe
  C:\Windows\System\pwaEzUE.exe
  2⤵
  PID:6656
- C:\Windows\System\uMKVDcw.exe
  C:\Windows\System\uMKVDcw.exe
  2⤵
  PID:6724
- C:\Windows\System\VFmzjxB.exe
  C:\Windows\System\VFmzjxB.exe
  2⤵
  PID:6368
- C:\Windows\System\xeXoOGQ.exe
  C:\Windows\System\xeXoOGQ.exe
  2⤵
  PID:7568
- C:\Windows\System\wbsyZdI.exe
  C:\Windows\System\wbsyZdI.exe
  2⤵
  PID:6944
- C:\Windows\System\EBwbyIb.exe
  C:\Windows\System\EBwbyIb.exe
  2⤵
  PID:7628
- C:\Windows\System\xUuCrzb.exe
  C:\Windows\System\xUuCrzb.exe
  2⤵
  PID:8260
- C:\Windows\System\ZDedCYN.exe
  C:\Windows\System\ZDedCYN.exe
  2⤵
  PID:8280
- C:\Windows\System\bEBGdAt.exe
  C:\Windows\System\bEBGdAt.exe
  2⤵
  PID:7956
- C:\Windows\System\ETQVFOg.exe
  C:\Windows\System\ETQVFOg.exe
  2⤵
  PID:8356
- C:\Windows\System\WPawZmh.exe
  C:\Windows\System\WPawZmh.exe
  2⤵
  PID:8396
- C:\Windows\System\AGfGvEa.exe
  C:\Windows\System\AGfGvEa.exe
  2⤵
  PID:8100
- C:\Windows\System\ARRipEC.exe
  C:\Windows\System\ARRipEC.exe
  2⤵
  PID:7340
- C:\Windows\System\LkeatfR.exe
  C:\Windows\System\LkeatfR.exe
  2⤵
  PID:8552
- C:\Windows\System\sgLVAPW.exe
  C:\Windows\System\sgLVAPW.exe
  2⤵
  PID:8624
- C:\Windows\System\ikrbJNb.exe
  C:\Windows\System\ikrbJNb.exe
  2⤵
  PID:6348
- C:\Windows\System\ZrfMbzT.exe
  C:\Windows\System\ZrfMbzT.exe
  2⤵
  PID:9232
- C:\Windows\System\mkSdPhc.exe
  C:\Windows\System\mkSdPhc.exe
  2⤵
  PID:9256
- C:\Windows\System\bVaypLA.exe
  C:\Windows\System\bVaypLA.exe
  2⤵
  PID:9276
- C:\Windows\System\RlLTRng.exe
  C:\Windows\System\RlLTRng.exe
  2⤵
  PID:9320
- C:\Windows\System\YXSyvJY.exe
  C:\Windows\System\YXSyvJY.exe
  2⤵
  PID:9356
- C:\Windows\System\psJUqVQ.exe
  C:\Windows\System\psJUqVQ.exe
  2⤵
  PID:9384
- C:\Windows\System\FdvKXqa.exe
  C:\Windows\System\FdvKXqa.exe
  2⤵
  PID:9408
- C:\Windows\System\BIAhCCj.exe
  C:\Windows\System\BIAhCCj.exe
  2⤵
  PID:9428
- C:\Windows\System\WNsiPOH.exe
  C:\Windows\System\WNsiPOH.exe
  2⤵
  PID:9448
- C:\Windows\System\XZEOwey.exe
  C:\Windows\System\XZEOwey.exe
  2⤵
  PID:9468
- C:\Windows\System\mtGlbDB.exe
  C:\Windows\System\mtGlbDB.exe
  2⤵
  PID:9484
- C:\Windows\System\cBizRzY.exe
  C:\Windows\System\cBizRzY.exe
  2⤵
  PID:9512
- C:\Windows\System\ETgvbYu.exe
  C:\Windows\System\ETgvbYu.exe
  2⤵
  PID:9540
- C:\Windows\System\OTxVjRs.exe
  C:\Windows\System\OTxVjRs.exe
  2⤵
  PID:9560
- C:\Windows\System\aaEKsbB.exe
  C:\Windows\System\aaEKsbB.exe
  2⤵
  PID:9580
- C:\Windows\System\rehJnVS.exe
  C:\Windows\System\rehJnVS.exe
  2⤵
  PID:9604
- C:\Windows\System\cwteBcu.exe
  C:\Windows\System\cwteBcu.exe
  2⤵
  PID:9620
- C:\Windows\System\mYyUmMk.exe
  C:\Windows\System\mYyUmMk.exe
  2⤵
  PID:9640
- C:\Windows\System\ORGviif.exe
  C:\Windows\System\ORGviif.exe
  2⤵
  PID:9660
- C:\Windows\System\NWekkUi.exe
  C:\Windows\System\NWekkUi.exe
  2⤵
  PID:9680
- C:\Windows\System\YxOGyEM.exe
  C:\Windows\System\YxOGyEM.exe
  2⤵
  PID:9712
- C:\Windows\System\HEdWqkC.exe
  C:\Windows\System\HEdWqkC.exe
  2⤵
  PID:9732
- C:\Windows\System\OzPlsJF.exe
  C:\Windows\System\OzPlsJF.exe
  2⤵
  PID:9752
- C:\Windows\System\zFCDCbN.exe
  C:\Windows\System\zFCDCbN.exe
  2⤵
  PID:9776
- C:\Windows\System\zrJHuVC.exe
  C:\Windows\System\zrJHuVC.exe
  2⤵
  PID:9800
- C:\Windows\System\MGzHCGR.exe
  C:\Windows\System\MGzHCGR.exe
  2⤵
  PID:9820
- C:\Windows\System\XSXudQN.exe
  C:\Windows\System\XSXudQN.exe
  2⤵
  PID:9844
- C:\Windows\System\QecLceF.exe
  C:\Windows\System\QecLceF.exe
  2⤵
  PID:9868
- C:\Windows\System\NYlTOIg.exe
  C:\Windows\System\NYlTOIg.exe
  2⤵
  PID:9892
- C:\Windows\System\nogVoZn.exe
  C:\Windows\System\nogVoZn.exe
  2⤵
  PID:9912
- C:\Windows\System\rBchCjZ.exe
  C:\Windows\System\rBchCjZ.exe
  2⤵
  PID:9940
- C:\Windows\System\xNvEVJl.exe
  C:\Windows\System\xNvEVJl.exe
  2⤵
  PID:9956
- C:\Windows\System\CjTflYZ.exe
  C:\Windows\System\CjTflYZ.exe
  2⤵
  PID:9980
- C:\Windows\System\NoZMhFQ.exe
  C:\Windows\System\NoZMhFQ.exe
  2⤵
  PID:10000
- C:\Windows\System\qaScQdy.exe
  C:\Windows\System\qaScQdy.exe
  2⤵
  PID:10016
- C:\Windows\System\rRMPqJA.exe
  C:\Windows\System\rRMPqJA.exe
  2⤵
  PID:10040
- C:\Windows\System\jXXgUDb.exe
  C:\Windows\System\jXXgUDb.exe
  2⤵
  PID:10064
- C:\Windows\System\DhwBonL.exe
  C:\Windows\System\DhwBonL.exe
  2⤵
  PID:10084
- C:\Windows\System\cZJnUSW.exe
  C:\Windows\System\cZJnUSW.exe
  2⤵
  PID:10116
- C:\Windows\System\bsqDybA.exe
  C:\Windows\System\bsqDybA.exe
  2⤵
  PID:10140
- C:\Windows\System\aYCkRDF.exe
  C:\Windows\System\aYCkRDF.exe
  2⤵
  PID:10164
- C:\Windows\System\ajBSOQO.exe
  C:\Windows\System\ajBSOQO.exe
  2⤵
  PID:10184
- C:\Windows\System\iPnkvYp.exe
  C:\Windows\System\iPnkvYp.exe
  2⤵
  PID:10208
- C:\Windows\System\zkZuZMZ.exe
  C:\Windows\System\zkZuZMZ.exe
  2⤵
  PID:10232
- C:\Windows\System\tOjpUZu.exe
  C:\Windows\System\tOjpUZu.exe
  2⤵
  PID:6888
- C:\Windows\System\aFVnzuq.exe
  C:\Windows\System\aFVnzuq.exe
  2⤵
  PID:9028
- C:\Windows\System\CBSoTOd.exe
  C:\Windows\System\CBSoTOd.exe
  2⤵
  PID:9056
- C:\Windows\System\HqSiGko.exe
  C:\Windows\System\HqSiGko.exe
  2⤵
  PID:9088
- C:\Windows\System\TqISmDX.exe
  C:\Windows\System\TqISmDX.exe
  2⤵
  PID:9128
- C:\Windows\System\aJlFWOo.exe
  C:\Windows\System\aJlFWOo.exe
  2⤵
  PID:8380
- C:\Windows\System\YJTCNiJ.exe
  C:\Windows\System\YJTCNiJ.exe
  2⤵
  PID:7192
- C:\Windows\System\NvGIRbk.exe
  C:\Windows\System\NvGIRbk.exe
  2⤵
  PID:8488
- C:\Windows\System\OjRVvBV.exe
  C:\Windows\System\OjRVvBV.exe
  2⤵
  PID:8028
- C:\Windows\System\bBoVwuh.exe
  C:\Windows\System\bBoVwuh.exe
  2⤵
  PID:10052
- C:\Windows\System\AfsBpUw.exe
  C:\Windows\System\AfsBpUw.exe
  2⤵
  PID:9648
- C:\Windows\System\toiXrkg.exe
  C:\Windows\System\toiXrkg.exe
  2⤵
  PID:9396
- C:\Windows\System\fQkJsFt.exe
  C:\Windows\System\fQkJsFt.exe
  2⤵
  PID:9572
- C:\Windows\System\hSekbvK.exe
  C:\Windows\System\hSekbvK.exe
  2⤵
  PID:9784
- C:\Windows\System\WZWUqWf.exe
  C:\Windows\System\WZWUqWf.exe
  2⤵
  PID:9948
- C:\Windows\System\eDOYclA.exe
  C:\Windows\System\eDOYclA.exe
  2⤵
  PID:10100
- C:\Windows\System\DxJrWBh.exe
  C:\Windows\System\DxJrWBh.exe
  2⤵
  PID:9076
- C:\Windows\System\kuYNHPZ.exe
  C:\Windows\System\kuYNHPZ.exe
  2⤵
  PID:9268
- C:\Windows\System\zQHiQCN.exe
  C:\Windows\System\zQHiQCN.exe
  2⤵
  PID:8732
- C:\Windows\System\hghjJcv.exe
  C:\Windows\System\hghjJcv.exe
  2⤵
  PID:8840
- C:\Windows\System\qLNSYcA.exe
  C:\Windows\System\qLNSYcA.exe
  2⤵
  PID:7868
- C:\Windows\System\wDjpqFc.exe
  C:\Windows\System\wDjpqFc.exe
  2⤵
  PID:10260
- C:\Windows\System\ohyoIZC.exe
  C:\Windows\System\ohyoIZC.exe
  2⤵
  PID:10276
- C:\Windows\System\nsfAXSY.exe
  C:\Windows\System\nsfAXSY.exe
  2⤵
  PID:10296
- C:\Windows\System\mLXJTNI.exe
  C:\Windows\System\mLXJTNI.exe
  2⤵
  PID:10320
- C:\Windows\System\eUfYlzR.exe
  C:\Windows\System\eUfYlzR.exe
  2⤵
  PID:10340
- C:\Windows\System\qFLNtmQ.exe
  C:\Windows\System\qFLNtmQ.exe
  2⤵
  PID:10372
- C:\Windows\System\mnVNJRd.exe
  C:\Windows\System\mnVNJRd.exe
  2⤵
  PID:10392
- C:\Windows\System\IGGBDcQ.exe
  C:\Windows\System\IGGBDcQ.exe
  2⤵
  PID:10416
- C:\Windows\System\UEWstKD.exe
  C:\Windows\System\UEWstKD.exe
  2⤵
  PID:10440
- C:\Windows\System\yQFuuYh.exe
  C:\Windows\System\yQFuuYh.exe
  2⤵
  PID:10472
- C:\Windows\System\MVXzrHj.exe
  C:\Windows\System\MVXzrHj.exe
  2⤵
  PID:10496
- C:\Windows\System\TukLhAL.exe
  C:\Windows\System\TukLhAL.exe
  2⤵
  PID:10520
- C:\Windows\System\kkoSwkv.exe
  C:\Windows\System\kkoSwkv.exe
  2⤵
  PID:10540
- C:\Windows\System\RNQupxK.exe
  C:\Windows\System\RNQupxK.exe
  2⤵
  PID:10564
- C:\Windows\System\uhdrOrz.exe
  C:\Windows\System\uhdrOrz.exe
  2⤵
  PID:10580
- C:\Windows\System\KPETflD.exe
  C:\Windows\System\KPETflD.exe
  2⤵
  PID:10608
- C:\Windows\System\LhyGPvu.exe
  C:\Windows\System\LhyGPvu.exe
  2⤵
  PID:10636
- C:\Windows\System\ngSLsvA.exe
  C:\Windows\System\ngSLsvA.exe
  2⤵
  PID:10660
- C:\Windows\System\VsyzQmI.exe
  C:\Windows\System\VsyzQmI.exe
  2⤵
  PID:10692
- C:\Windows\System\teyBfTF.exe
  C:\Windows\System\teyBfTF.exe
  2⤵
  PID:10716
- C:\Windows\System\zpazLwq.exe
  C:\Windows\System\zpazLwq.exe
  2⤵
  PID:10748
- C:\Windows\System\mfzgtpC.exe
  C:\Windows\System\mfzgtpC.exe
  2⤵
  PID:10776
- C:\Windows\System\KluLGjx.exe
  C:\Windows\System\KluLGjx.exe
  2⤵
  PID:10836
- C:\Windows\System\WyMnJKj.exe
  C:\Windows\System\WyMnJKj.exe
  2⤵
  PID:10868
- C:\Windows\System\frHyXhz.exe
  C:\Windows\System\frHyXhz.exe
  2⤵
  PID:10888
- C:\Windows\System\wUUhIZO.exe
  C:\Windows\System\wUUhIZO.exe
  2⤵
  PID:10912
- C:\Windows\System\MGNCoqX.exe
  C:\Windows\System\MGNCoqX.exe
  2⤵
  PID:10940
- C:\Windows\System\JLqnIFW.exe
  C:\Windows\System\JLqnIFW.exe
  2⤵
  PID:10968
- C:\Windows\System\bweRiZP.exe
  C:\Windows\System\bweRiZP.exe
  2⤵
  PID:10992
- C:\Windows\System\qhdhPvO.exe
  C:\Windows\System\qhdhPvO.exe
  2⤵
  PID:11012
- C:\Windows\System\MRDXHBc.exe
  C:\Windows\System\MRDXHBc.exe
  2⤵
  PID:11028
- C:\Windows\System\UjeFNyJ.exe
  C:\Windows\System\UjeFNyJ.exe
  2⤵
  PID:11044
- C:\Windows\System\KymaxCa.exe
  C:\Windows\System\KymaxCa.exe
  2⤵
  PID:11060
- C:\Windows\System\KxKUPvU.exe
  C:\Windows\System\KxKUPvU.exe
  2⤵
  PID:11076
- C:\Windows\System\gMZqdJZ.exe
  C:\Windows\System\gMZqdJZ.exe
  2⤵
  PID:11092
- C:\Windows\System\zZjjQyK.exe
  C:\Windows\System\zZjjQyK.exe
  2⤵
  PID:11108
- C:\Windows\System\xNztUzj.exe
  C:\Windows\System\xNztUzj.exe
  2⤵
  PID:11124
- C:\Windows\System\nXcORtX.exe
  C:\Windows\System\nXcORtX.exe
  2⤵
  PID:11148
- C:\Windows\System\HCCRxGX.exe
  C:\Windows\System\HCCRxGX.exe
  2⤵
  PID:11172
- C:\Windows\System\vboghxA.exe
  C:\Windows\System\vboghxA.exe
  2⤵
  PID:11192
- C:\Windows\System\JoudNIi.exe
  C:\Windows\System\JoudNIi.exe
  2⤵
  PID:11216
- C:\Windows\System\LXskUIc.exe
  C:\Windows\System\LXskUIc.exe
  2⤵
  PID:11232
- C:\Windows\System\UJUWyOr.exe
  C:\Windows\System\UJUWyOr.exe
  2⤵
  PID:11260
- C:\Windows\System\TozenRR.exe
  C:\Windows\System\TozenRR.exe
  2⤵
  PID:9996
- C:\Windows\System\uYrWXBN.exe
  C:\Windows\System\uYrWXBN.exe
  2⤵
  PID:6904
- C:\Windows\System\sQqaKJb.exe
  C:\Windows\System\sQqaKJb.exe
  2⤵
  PID:6860
- C:\Windows\System\MdjgsYT.exe
  C:\Windows\System\MdjgsYT.exe
  2⤵
  PID:9392
- C:\Windows\System\iSpmiKP.exe
  C:\Windows\System\iSpmiKP.exe
  2⤵
  PID:10152
- C:\Windows\System\yTxtoSw.exe
  C:\Windows\System\yTxtoSw.exe
  2⤵
  PID:8592
- C:\Windows\System\UOwfXzH.exe
  C:\Windows\System\UOwfXzH.exe
  2⤵
  PID:9904
- C:\Windows\System\lsqphWG.exe
  C:\Windows\System\lsqphWG.exe
  2⤵
  PID:9224
- C:\Windows\System\YWbhzKl.exe
  C:\Windows\System\YWbhzKl.exe
  2⤵
  PID:9420
- C:\Windows\System\pCfJTrM.exe
  C:\Windows\System\pCfJTrM.exe
  2⤵
  PID:9500
- C:\Windows\System\yVGjBHs.exe
  C:\Windows\System\yVGjBHs.exe
  2⤵
  PID:11288
- C:\Windows\System\HjpQnwE.exe
  C:\Windows\System\HjpQnwE.exe
  2⤵
  PID:11316
- C:\Windows\System\oqDCnab.exe
  C:\Windows\System\oqDCnab.exe
  2⤵
  PID:11372
- C:\Windows\System\KNmsftE.exe
  C:\Windows\System\KNmsftE.exe
  2⤵
  PID:11396
- C:\Windows\System\VgFeLxq.exe
  C:\Windows\System\VgFeLxq.exe
  2⤵
  PID:11420
- C:\Windows\System\zpZnnNa.exe
  C:\Windows\System\zpZnnNa.exe
  2⤵
  PID:11448
- C:\Windows\System\jJTZEjY.exe
  C:\Windows\System\jJTZEjY.exe
  2⤵
  PID:11468
- C:\Windows\System\EeCLNXB.exe
  C:\Windows\System\EeCLNXB.exe
  2⤵
  PID:11488
- C:\Windows\System\rsFlGGj.exe
  C:\Windows\System\rsFlGGj.exe
  2⤵
  PID:11516
- C:\Windows\System\pgKNBZN.exe
  C:\Windows\System\pgKNBZN.exe
  2⤵
  PID:11536
- C:\Windows\System\VodDaJu.exe
  C:\Windows\System\VodDaJu.exe
  2⤵
  PID:11556
- C:\Windows\System\dZIaDrX.exe
  C:\Windows\System\dZIaDrX.exe
  2⤵
  PID:11576
- C:\Windows\System\vzSYjjp.exe
  C:\Windows\System\vzSYjjp.exe
  2⤵
  PID:11600
- C:\Windows\System\IadFrGz.exe
  C:\Windows\System\IadFrGz.exe
  2⤵
  PID:11620
- C:\Windows\System\sayEKjL.exe
  C:\Windows\System\sayEKjL.exe
  2⤵
  PID:11644
- C:\Windows\System\VsQHflZ.exe
  C:\Windows\System\VsQHflZ.exe
  2⤵
  PID:11672
- C:\Windows\System\ihUhKTZ.exe
  C:\Windows\System\ihUhKTZ.exe
  2⤵
  PID:11696
- C:\Windows\System\hRMnBcJ.exe
  C:\Windows\System\hRMnBcJ.exe
  2⤵
  PID:11716
- C:\Windows\System\QIIXLmX.exe
  C:\Windows\System\QIIXLmX.exe
  2⤵
  PID:11744
- C:\Windows\System\lnFDXZc.exe
  C:\Windows\System\lnFDXZc.exe
  2⤵
  PID:11772
- C:\Windows\System\kYwRpCW.exe
  C:\Windows\System\kYwRpCW.exe
  2⤵
  PID:11792
- C:\Windows\System\Hwpvnhq.exe
  C:\Windows\System\Hwpvnhq.exe
  2⤵
  PID:11820
- C:\Windows\System\mtRnZNc.exe
  C:\Windows\System\mtRnZNc.exe
  2⤵
  PID:11844
- C:\Windows\System\kNqSNDy.exe
  C:\Windows\System\kNqSNDy.exe
  2⤵
  PID:11868
- C:\Windows\System\vXxGRJz.exe
  C:\Windows\System\vXxGRJz.exe
  2⤵
  PID:11892
- C:\Windows\System\cRcFOlN.exe
  C:\Windows\System\cRcFOlN.exe
  2⤵
  PID:11916
- C:\Windows\System\jzGyhaG.exe
  C:\Windows\System\jzGyhaG.exe
  2⤵
  PID:11932
- C:\Windows\System\vOjJKAT.exe
  C:\Windows\System\vOjJKAT.exe
  2⤵
  PID:11956
- C:\Windows\System\qIHxGQq.exe
  C:\Windows\System\qIHxGQq.exe
  2⤵
  PID:11980
- C:\Windows\System\dBXSWiU.exe
  C:\Windows\System\dBXSWiU.exe
  2⤵
  PID:12008
- C:\Windows\System\VrWezXt.exe
  C:\Windows\System\VrWezXt.exe
  2⤵
  PID:12036
- C:\Windows\System\VrLnkLD.exe
  C:\Windows\System\VrLnkLD.exe
  2⤵
  PID:12052
- C:\Windows\System\bXYLgji.exe
  C:\Windows\System\bXYLgji.exe
  2⤵
  PID:12080
- C:\Windows\System\gSsdznK.exe
  C:\Windows\System\gSsdznK.exe
  2⤵
  PID:12104
- C:\Windows\System\CfeOgTZ.exe
  C:\Windows\System\CfeOgTZ.exe
  2⤵
  PID:12124
- C:\Windows\System\SclmGOU.exe
  C:\Windows\System\SclmGOU.exe
  2⤵
  PID:12148
- C:\Windows\System\cIYnLuX.exe
  C:\Windows\System\cIYnLuX.exe
  2⤵
  PID:12176
- C:\Windows\System\nlzRKgM.exe
  C:\Windows\System\nlzRKgM.exe
  2⤵
  PID:12192
- C:\Windows\System\hTAXIEm.exe
  C:\Windows\System\hTAXIEm.exe
  2⤵
  PID:12208
- C:\Windows\System\quPsAAv.exe
  C:\Windows\System\quPsAAv.exe
  2⤵
  PID:12224
- C:\Windows\System\itLJSsu.exe
  C:\Windows\System\itLJSsu.exe
  2⤵
  PID:12248
- C:\Windows\System\eeRlpFE.exe
  C:\Windows\System\eeRlpFE.exe
  2⤵
  PID:12264
- C:\Windows\System\kBwxphq.exe
  C:\Windows\System\kBwxphq.exe
  2⤵
  PID:12280
- C:\Windows\System\ngUtoAv.exe
  C:\Windows\System\ngUtoAv.exe
  2⤵
  PID:9772
- C:\Windows\System\QClZxVo.exe
  C:\Windows\System\QClZxVo.exe
  2⤵
  PID:8536
- C:\Windows\System\FtftiWJ.exe
  C:\Windows\System\FtftiWJ.exe
  2⤵
  PID:10360
- C:\Windows\System\QKoXqTB.exe
  C:\Windows\System\QKoXqTB.exe
  2⤵
  PID:10436
- C:\Windows\System\FvWPNGJ.exe
  C:\Windows\System\FvWPNGJ.exe
  2⤵
  PID:10528
- C:\Windows\System\xhPnAhI.exe
  C:\Windows\System\xhPnAhI.exe
  2⤵
  PID:10132
- C:\Windows\System\AWBJJBz.exe
  C:\Windows\System\AWBJJBz.exe
  2⤵
  PID:10204
- C:\Windows\System\KYWvhnD.exe
  C:\Windows\System\KYWvhnD.exe
  2⤵
  PID:8808
- C:\Windows\System\YJkYHlW.exe
  C:\Windows\System\YJkYHlW.exe
  2⤵
  PID:10644
- C:\Windows\System\KoMDBmY.exe
  C:\Windows\System\KoMDBmY.exe
  2⤵
  PID:8224
- C:\Windows\System\RaxGVbJ.exe
  C:\Windows\System\RaxGVbJ.exe
  2⤵
  PID:10768
- C:\Windows\System\uThZUjo.exe
  C:\Windows\System\uThZUjo.exe
  2⤵
  PID:10908
- C:\Windows\System\BMFaoXd.exe
  C:\Windows\System\BMFaoXd.exe
  2⤵
  PID:10952
- C:\Windows\System\bWXdump.exe
  C:\Windows\System\bWXdump.exe
  2⤵
  PID:7592
- C:\Windows\System\DCLNGjM.exe
  C:\Windows\System\DCLNGjM.exe
  2⤵
  PID:11100
- C:\Windows\System\YDZZSYA.exe
  C:\Windows\System\YDZZSYA.exe
  2⤵
  PID:11184
- C:\Windows\System\ejXnEcG.exe
  C:\Windows\System\ejXnEcG.exe
  2⤵
  PID:9972
- C:\Windows\System\WlzyFEB.exe
  C:\Windows\System\WlzyFEB.exe
  2⤵
  PID:12300
- C:\Windows\System\ixweQec.exe
  C:\Windows\System\ixweQec.exe
  2⤵
  PID:12320
- C:\Windows\System\TpfKqhA.exe
  C:\Windows\System\TpfKqhA.exe
  2⤵
  PID:12344
- C:\Windows\System\gRJIiQo.exe
  C:\Windows\System\gRJIiQo.exe
  2⤵
  PID:12372
- C:\Windows\System\xyavXHP.exe
  C:\Windows\System\xyavXHP.exe
  2⤵
  PID:12404
- C:\Windows\System\MHDYwcl.exe
  C:\Windows\System\MHDYwcl.exe
  2⤵
  PID:12420
- C:\Windows\System\MBxfvXh.exe
  C:\Windows\System\MBxfvXh.exe
  2⤵
  PID:12444
- C:\Windows\System\jXGZNgd.exe
  C:\Windows\System\jXGZNgd.exe
  2⤵
  PID:12468
- C:\Windows\System\lRKYYkO.exe
  C:\Windows\System\lRKYYkO.exe
  2⤵
  PID:12492
- C:\Windows\System\QWSudWf.exe
  C:\Windows\System\QWSudWf.exe
  2⤵
  PID:12512
- C:\Windows\System\voNUNWC.exe
  C:\Windows\System\voNUNWC.exe
  2⤵
  PID:12536
- C:\Windows\System\FLqgjeq.exe
  C:\Windows\System\FLqgjeq.exe
  2⤵
  PID:12564
- C:\Windows\System\TbrXehp.exe
  C:\Windows\System\TbrXehp.exe
  2⤵
  PID:12584
- C:\Windows\System\fLiSlvb.exe
  C:\Windows\System\fLiSlvb.exe
  2⤵
  PID:12608
- C:\Windows\System\KLxzVpW.exe
  C:\Windows\System\KLxzVpW.exe
  2⤵
  PID:12644
- C:\Windows\System\eeDjfmd.exe
  C:\Windows\System\eeDjfmd.exe
  2⤵
  PID:12660
- C:\Windows\System\MyAvGVl.exe
  C:\Windows\System\MyAvGVl.exe
  2⤵
  PID:12676
- C:\Windows\System\pnXPKEU.exe
  C:\Windows\System\pnXPKEU.exe
  2⤵
  PID:12692
- C:\Windows\System\XltYLKh.exe
  C:\Windows\System\XltYLKh.exe
  2⤵
  PID:13132
- C:\Windows\System\evABaSp.exe
  C:\Windows\System\evABaSp.exe
  2⤵
  PID:13156
- C:\Windows\System\vEeSsqx.exe
  C:\Windows\System\vEeSsqx.exe
  2⤵
  PID:13180
- C:\Windows\System\GMHBpeh.exe
  C:\Windows\System\GMHBpeh.exe
  2⤵
  PID:13212
- C:\Windows\System\CcNjzIT.exe
  C:\Windows\System\CcNjzIT.exe
  2⤵
  PID:13232
- C:\Windows\System\OlGPEdb.exe
  C:\Windows\System\OlGPEdb.exe
  2⤵
  PID:13264
- C:\Windows\System\oXliBGw.exe
  C:\Windows\System\oXliBGw.exe
  2⤵
  PID:13284
- C:\Windows\System\LDMjRwX.exe
  C:\Windows\System\LDMjRwX.exe
  2⤵
  PID:8048
- C:\Windows\System\krzTEEQ.exe
  C:\Windows\System\krzTEEQ.exe
  2⤵
  PID:8464
- C:\Windows\System\SBXcKBH.exe
  C:\Windows\System\SBXcKBH.exe
  2⤵
  PID:9444
- C:\Windows\System\CtHLSPC.exe
  C:\Windows\System\CtHLSPC.exe
  2⤵
  PID:9344
- C:\Windows\System\QLuYqrM.exe
  C:\Windows\System\QLuYqrM.exe
  2⤵
  PID:11464
- C:\Windows\System\xKkQDqq.exe
  C:\Windows\System\xKkQDqq.exe
  2⤵
  PID:11508
- C:\Windows\System\biNxnmv.exe
  C:\Windows\System\biNxnmv.exe
  2⤵
  PID:11548
- C:\Windows\System\gqiuYst.exe
  C:\Windows\System\gqiuYst.exe
  2⤵
  PID:11596
- C:\Windows\System\WNhKmnE.exe
  C:\Windows\System\WNhKmnE.exe
  2⤵
  PID:11660
- C:\Windows\System\tcsrIxc.exe
  C:\Windows\System\tcsrIxc.exe
  2⤵
  PID:11688
- C:\Windows\System\aHzdcam.exe
  C:\Windows\System\aHzdcam.exe
  2⤵
  PID:11732
- C:\Windows\System\giCrtWJ.exe
  C:\Windows\System\giCrtWJ.exe
  2⤵
  PID:10628
- C:\Windows\System\XymiDOc.exe
  C:\Windows\System\XymiDOc.exe
  2⤵
  PID:12060
- C:\Windows\System\RBoYfgk.exe
  C:\Windows\System\RBoYfgk.exe
  2⤵
  PID:9760
- C:\Windows\System\lUcrjYZ.exe
  C:\Windows\System\lUcrjYZ.exe
  2⤵
  PID:10884
- C:\Windows\System\hyosOHO.exe
  C:\Windows\System\hyosOHO.exe
  2⤵
  PID:10080
- C:\Windows\System\vTGUTcB.exe
  C:\Windows\System\vTGUTcB.exe
  2⤵
  PID:9964
- C:\Windows\System\dWTIKId.exe
  C:\Windows\System\dWTIKId.exe
  2⤵
  PID:11224
- C:\Windows\System\mqDyywt.exe
  C:\Windows\System\mqDyywt.exe
  2⤵
  PID:10200
- C:\Windows\System\esafXMF.exe
  C:\Windows\System\esafXMF.exe
  2⤵
  PID:7716
- C:\Windows\System\pGbNjcm.exe
  C:\Windows\System\pGbNjcm.exe
  2⤵
  PID:2248
- C:\Windows\System\Gltoxvo.exe
  C:\Windows\System\Gltoxvo.exe
  2⤵
  PID:12688
- C:\Windows\System\pdDtwsz.exe
  C:\Windows\System\pdDtwsz.exe
  2⤵
  PID:11752
- C:\Windows\System\JHkmmmr.exe
  C:\Windows\System\JHkmmmr.exe
  2⤵
  PID:10864
- C:\Windows\System\thAcUZN.exe
  C:\Windows\System\thAcUZN.exe
  2⤵
  PID:4548
- C:\Windows\System\ScFHTKl.exe
  C:\Windows\System\ScFHTKl.exe
  2⤵
  PID:9496
- C:\Windows\System\eRCJfvx.exe
  C:\Windows\System\eRCJfvx.exe
  2⤵
  PID:10764
- C:\Windows\System\OsfbKpr.exe
  C:\Windows\System\OsfbKpr.exe
  2⤵
  PID:12412
- C:\Windows\System\CtxGEBJ.exe
  C:\Windows\System\CtxGEBJ.exe
  2⤵
  PID:12452
- C:\Windows\System\ZsGjrWv.exe
  C:\Windows\System\ZsGjrWv.exe
  2⤵
  PID:12508
- C:\Windows\System\PRyrRdG.exe
  C:\Windows\System\PRyrRdG.exe
  2⤵
  PID:12260
- C:\Windows\System\FOOFUAu.exe
  C:\Windows\System\FOOFUAu.exe
  2⤵
  PID:12572
- C:\Windows\System\ifDjmqH.exe
  C:\Windows\System\ifDjmqH.exe
  2⤵
  PID:12632
- C:\Windows\System\yRcreSk.exe
  C:\Windows\System\yRcreSk.exe
  2⤵
  PID:12956
- C:\Windows\System\ScSDwGa.exe
  C:\Windows\System\ScSDwGa.exe
  2⤵
  PID:13252
- C:\Windows\System\CWYaJMJ.exe
  C:\Windows\System\CWYaJMJ.exe
  2⤵
  PID:1164
- C:\Windows\System\EJLXaUl.exe
  C:\Windows\System\EJLXaUl.exe
  2⤵
  PID:8928
- C:\Windows\System\iCIwjvz.exe
  C:\Windows\System\iCIwjvz.exe
  2⤵
  PID:11496
- C:\Windows\System\bXxHWMt.exe
  C:\Windows\System\bXxHWMt.exe
  2⤵
  PID:10292
- C:\Windows\System\ETskdcs.exe
  C:\Windows\System\ETskdcs.exe
  2⤵
  PID:10600
- C:\Windows\System\MqJXYEu.exe
  C:\Windows\System\MqJXYEu.exe
  2⤵
  PID:10956
- C:\Windows\System\HMFDiHE.exe
  C:\Windows\System\HMFDiHE.exe
  2⤵
  PID:11784
- C:\Windows\System\wxQSrhU.exe
  C:\Windows\System\wxQSrhU.exe
  2⤵
  PID:12120
- C:\Windows\System\kvnBuCO.exe
  C:\Windows\System\kvnBuCO.exe
  2⤵
  PID:11408
- C:\Windows\System\uBhCMfp.exe
  C:\Windows\System\uBhCMfp.exe
  2⤵
  PID:13144
- C:\Windows\System\bqYIYJl.exe
  C:\Windows\System\bqYIYJl.exe
  2⤵
  PID:8124
- C:\Windows\System\AbEKpCU.exe
  C:\Windows\System\AbEKpCU.exe
  2⤵
  PID:9900
- C:\Windows\System\WEzEIRG.exe
  C:\Windows\System\WEzEIRG.exe
  2⤵
  PID:12340
- C:\Windows\System\BgPHVjz.exe
  C:\Windows\System\BgPHVjz.exe
  2⤵
  PID:10948
- C:\Windows\System\GiCmxCA.exe
  C:\Windows\System\GiCmxCA.exe
  2⤵
  PID:12908
- C:\Windows\System\OtBlOil.exe
  C:\Windows\System\OtBlOil.exe
  2⤵
  PID:12480
- C:\Windows\System\zbdmKDC.exe
  C:\Windows\System\zbdmKDC.exe
  2⤵
  PID:1888
- C:\Windows\System\jjINzFr.exe
  C:\Windows\System\jjINzFr.exe
  2⤵
  PID:11364
- C:\Windows\System\iMQPyEb.exe
  C:\Windows\System\iMQPyEb.exe
  2⤵
  PID:12668
- C:\Windows\System\qNwePJA.exe
  C:\Windows\System\qNwePJA.exe
  2⤵
  PID:10352
- C:\Windows\System\DAHlTof.exe
  C:\Windows\System\DAHlTof.exe
  2⤵
  PID:11888
- C:\Windows\System\EyQKolE.exe
  C:\Windows\System\EyQKolE.exe
  2⤵
  PID:5052
- C:\Windows\System\WzgLMHI.exe
  C:\Windows\System\WzgLMHI.exe
  2⤵
  PID:11912
- C:\Windows\System\bTthcuB.exe
  C:\Windows\System\bTthcuB.exe
  2⤵
  PID:2088
- C:\Windows\System\YYcITyh.exe
  C:\Windows\System\YYcITyh.exe
  2⤵
  PID:1672
- C:\Windows\System\nxaviAT.exe
  C:\Windows\System\nxaviAT.exe
  2⤵
  PID:13188
- C:\Windows\System\DGzNsax.exe
  C:\Windows\System\DGzNsax.exe
  2⤵
  PID:2916
- C:\Windows\System\NKSceff.exe
  C:\Windows\System\NKSceff.exe
  2⤵
  PID:2308
- C:\Windows\System\IaGiWnN.exe
  C:\Windows\System\IaGiWnN.exe
  2⤵
  PID:9208
- C:\Windows\System\iGsGSLF.exe
  C:\Windows\System\iGsGSLF.exe
  2⤵
  PID:6252
- C:\Windows\System\xbjIIRd.exe
  C:\Windows\System\xbjIIRd.exe
  2⤵
  PID:8128
- C:\Windows\System\tIMEaSH.exe
  C:\Windows\System\tIMEaSH.exe
  2⤵
  PID:4144
- C:\Windows\System\hjivUSE.exe
  C:\Windows\System\hjivUSE.exe
  2⤵
  PID:4388
- C:\Windows\System\SEjgnhc.exe
  C:\Windows\System\SEjgnhc.exe
  2⤵
  PID:13140
- C:\Windows\System\eVnyAvn.exe
  C:\Windows\System\eVnyAvn.exe
  2⤵
  PID:9576
- C:\Windows\System\sEiCpBp.exe
  C:\Windows\System\sEiCpBp.exe
  2⤵
  PID:3388
- C:\Windows\System\MqtEPvo.exe
  C:\Windows\System\MqtEPvo.exe
  2⤵
  PID:1264
- C:\Windows\System\KBUzJWC.exe
  C:\Windows\System\KBUzJWC.exe
  2⤵
  PID:4380
- C:\Windows\System\kUgmJmP.exe
  C:\Windows\System\kUgmJmP.exe
  2⤵
  PID:1760
- C:\Windows\System\QXOuSVL.exe
  C:\Windows\System\QXOuSVL.exe
  2⤵
  PID:3960
- C:\Windows\System\TRjCZPA.exe
  C:\Windows\System\TRjCZPA.exe
  2⤵
  PID:13124
- C:\Windows\System\VJBvOWi.exe
  C:\Windows\System\VJBvOWi.exe
  2⤵
  PID:11632
- C:\Windows\System\OYDKoBw.exe
  C:\Windows\System\OYDKoBw.exe
  2⤵
  PID:900
- C:\Windows\System\HkxkeCn.exe
  C:\Windows\System\HkxkeCn.exe
  2⤵
  PID:9692
- C:\Windows\System\OciIkJL.exe
  C:\Windows\System\OciIkJL.exe
  2⤵
  PID:11436
- C:\Windows\System\lsGdIkd.exe
  C:\Windows\System\lsGdIkd.exe
  2⤵
  PID:1228
- C:\Windows\System\wNeaJJM.exe
  C:\Windows\System\wNeaJJM.exe
  2⤵
  PID:720
- C:\Windows\System\YDnvqqx.exe
  C:\Windows\System\YDnvqqx.exe
  2⤵
  PID:11864
- C:\Windows\System\eLwXtuO.exe
  C:\Windows\System\eLwXtuO.exe
  2⤵
  PID:2628
- C:\Windows\System\GoyfdCO.exe
  C:\Windows\System\GoyfdCO.exe
  2⤵
  PID:4128
- C:\Windows\System\fqrYezt.exe
  C:\Windows\System\fqrYezt.exe
  2⤵
  PID:13164
- C:\Windows\System\QJGhweG.exe
  C:\Windows\System\QJGhweG.exe
  2⤵
  PID:10932
- C:\Windows\System\wnnzgVp.exe
  C:\Windows\System\wnnzgVp.exe
  2⤵
  PID:792
- C:\Windows\System\vUIScdZ.exe
  C:\Windows\System\vUIScdZ.exe
  2⤵
  PID:3948
- C:\Windows\System\crUkdmh.exe
  C:\Windows\System\crUkdmh.exe
  2⤵
  PID:13324
- C:\Windows\System\rrhqAtE.exe
  C:\Windows\System\rrhqAtE.exe
  2⤵
  PID:13340
- C:\Windows\System\AavlzPy.exe
  C:\Windows\System\AavlzPy.exe
  2⤵
  PID:13356
- C:\Windows\System\ppNTqfl.exe
  C:\Windows\System\ppNTqfl.exe
  2⤵
  PID:13372
- C:\Windows\System\MsJaCvN.exe
  C:\Windows\System\MsJaCvN.exe
  2⤵
  PID:13388
- C:\Windows\System\NInEymu.exe
  C:\Windows\System\NInEymu.exe
  2⤵
  PID:13404
- C:\Windows\System\vaHbZVs.exe
  C:\Windows\System\vaHbZVs.exe
  2⤵
  PID:13420
- C:\Windows\System\UJMuyEQ.exe
  C:\Windows\System\UJMuyEQ.exe
  2⤵
  PID:13436
- C:\Windows\System\rwyUOoY.exe
  C:\Windows\System\rwyUOoY.exe
  2⤵
  PID:13456
- C:\Windows\System\CNChGHJ.exe
  C:\Windows\System\CNChGHJ.exe
  2⤵
  PID:13472
- C:\Windows\System\GhDpZEo.exe
  C:\Windows\System\GhDpZEo.exe
  2⤵
  PID:13488
- C:\Windows\System\AxhlaaW.exe
  C:\Windows\System\AxhlaaW.exe
  2⤵
  PID:13504
- C:\Windows\System\XvbICXR.exe
  C:\Windows\System\XvbICXR.exe
  2⤵
  PID:13520
- C:\Windows\System\MHgNWHH.exe
  C:\Windows\System\MHgNWHH.exe
  2⤵
  PID:13536
- C:\Windows\System\DvkCEbG.exe
  C:\Windows\System\DvkCEbG.exe
  2⤵
  PID:13552
- C:\Windows\System\BKhQbGo.exe
  C:\Windows\System\BKhQbGo.exe
  2⤵
  PID:13568
- C:\Windows\System\IGwXEFa.exe
  C:\Windows\System\IGwXEFa.exe
  2⤵
  PID:13584
- C:\Windows\System\wPwPVkn.exe
  C:\Windows\System\wPwPVkn.exe
  2⤵
  PID:13600
- C:\Windows\System\lczTYYM.exe
  C:\Windows\System\lczTYYM.exe
  2⤵
  PID:13616
- C:\Windows\System\JSoWZns.exe
  C:\Windows\System\JSoWZns.exe
  2⤵
  PID:13632
- C:\Windows\System\kWdyTqH.exe
  C:\Windows\System\kWdyTqH.exe
  2⤵
  PID:13664
- C:\Windows\System\kOgdBJU.exe
  C:\Windows\System\kOgdBJU.exe
  2⤵
  PID:13680
- C:\Windows\System\SITxnjq.exe
  C:\Windows\System\SITxnjq.exe
  2⤵
  PID:13696
- C:\Windows\System\mmLVNrh.exe
  C:\Windows\System\mmLVNrh.exe
  2⤵
  PID:13712
- C:\Windows\System\hpKnPBw.exe
  C:\Windows\System\hpKnPBw.exe
  2⤵
  PID:13728
- C:\Windows\System\oCqwwRj.exe
  C:\Windows\System\oCqwwRj.exe
  2⤵
  PID:13744
- C:\Windows\System\DeEfrZL.exe
  C:\Windows\System\DeEfrZL.exe
  2⤵
  PID:13760
- C:\Windows\System\pCdkWIl.exe
  C:\Windows\System\pCdkWIl.exe
  2⤵
  PID:13776
- C:\Windows\System\EYGhVkq.exe
  C:\Windows\System\EYGhVkq.exe
  2⤵
  PID:13792
- C:\Windows\System\rIhtivk.exe
  C:\Windows\System\rIhtivk.exe
  2⤵
  PID:13808
- C:\Windows\System\jbnrSLW.exe
  C:\Windows\System\jbnrSLW.exe
  2⤵
  PID:13824
- C:\Windows\System\OWmRnag.exe
  C:\Windows\System\OWmRnag.exe
  2⤵
  PID:13840
- C:\Windows\System\RfhfTCH.exe
  C:\Windows\System\RfhfTCH.exe
  2⤵
  PID:13856
- C:\Windows\System\eyBZikX.exe
  C:\Windows\System\eyBZikX.exe
  2⤵
  PID:13872
- C:\Windows\System\sjMVNhO.exe
  C:\Windows\System\sjMVNhO.exe
  2⤵
  PID:13888
- C:\Windows\System\gvjUBCO.exe
  C:\Windows\System\gvjUBCO.exe
  2⤵
  PID:13904
- C:\Windows\System\zewtDAG.exe
  C:\Windows\System\zewtDAG.exe
  2⤵
  PID:13920
- C:\Windows\System\WJXyiAU.exe
  C:\Windows\System\WJXyiAU.exe
  2⤵
  PID:13936
- C:\Windows\System\AyZBTsX.exe
  C:\Windows\System\AyZBTsX.exe
  2⤵
  PID:13952
- C:\Windows\System\eKnXwiJ.exe
  C:\Windows\System\eKnXwiJ.exe
  2⤵
  PID:13976
- C:\Windows\System\yUSpuOc.exe
  C:\Windows\System\yUSpuOc.exe
  2⤵
  PID:13992
- C:\Windows\System\QFfGLEQ.exe
  C:\Windows\System\QFfGLEQ.exe
  2⤵
  PID:14016
- C:\Windows\System\oVaYZcL.exe
  C:\Windows\System\oVaYZcL.exe
  2⤵
  PID:14032
- C:\Windows\System\SBuHuHm.exe
  C:\Windows\System\SBuHuHm.exe
  2⤵
  PID:14048
- C:\Windows\System\qdaQiys.exe
  C:\Windows\System\qdaQiys.exe
  2⤵
  PID:14064
- C:\Windows\System\gRfVnkA.exe
  C:\Windows\System\gRfVnkA.exe
  2⤵
  PID:14080
- C:\Windows\System\jPBFhJs.exe
  C:\Windows\System\jPBFhJs.exe
  2⤵
  PID:14100
- C:\Windows\System\QgyeHJm.exe
  C:\Windows\System\QgyeHJm.exe
  2⤵
  PID:14116
- C:\Windows\System\aBIoURT.exe
  C:\Windows\System\aBIoURT.exe
  2⤵
  PID:14132
- C:\Windows\System\ZnWgzpH.exe
  C:\Windows\System\ZnWgzpH.exe
  2⤵
  PID:14148
- C:\Windows\System\cQCfbBo.exe
  C:\Windows\System\cQCfbBo.exe
  2⤵
  PID:14164
- C:\Windows\System\NTmYWBJ.exe
  C:\Windows\System\NTmYWBJ.exe
  2⤵
  PID:14180
- C:\Windows\System\LLyWVVw.exe
  C:\Windows\System\LLyWVVw.exe
  2⤵
  PID:14196
- C:\Windows\System\zJOTxJS.exe
  C:\Windows\System\zJOTxJS.exe
  2⤵
  PID:14212
- C:\Windows\System\wKDkxUj.exe
  C:\Windows\System\wKDkxUj.exe
  2⤵
  PID:14228
- C:\Windows\System\lbWwpOx.exe
  C:\Windows\System\lbWwpOx.exe
  2⤵
  PID:14244
- C:\Windows\System\UHlIlRZ.exe
  C:\Windows\System\UHlIlRZ.exe
  2⤵
  PID:14260
- C:\Windows\System\YNpNnZz.exe
  C:\Windows\System\YNpNnZz.exe
  2⤵
  PID:14276
- C:\Windows\System\SFGHHgd.exe
  C:\Windows\System\SFGHHgd.exe
  2⤵
  PID:14292
- C:\Windows\System\eteNWIz.exe
  C:\Windows\System\eteNWIz.exe
  2⤵
  PID:14308
- C:\Windows\System\lncLRtn.exe
  C:\Windows\System\lncLRtn.exe
  2⤵
  PID:14324
- C:\Windows\System\UILtpqv.exe
  C:\Windows\System\UILtpqv.exe
  2⤵
  PID:13320
- C:\Windows\System\izzTjym.exe
  C:\Windows\System\izzTjym.exe
  2⤵
  PID:13352
- C:\Windows\System\rbnQzEY.exe
  C:\Windows\System\rbnQzEY.exe
  2⤵
  PID:13380
- C:\Windows\System\AlLldKa.exe
  C:\Windows\System\AlLldKa.exe
  2⤵
  PID:13416
- C:\Windows\System\UjhHzjr.exe
  C:\Windows\System\UjhHzjr.exe
  2⤵
  PID:13464
- C:\Windows\System\rZFWBGA.exe
  C:\Windows\System\rZFWBGA.exe
  2⤵
  PID:13484
- C:\Windows\System\egzJtrs.exe
  C:\Windows\System\egzJtrs.exe
  2⤵
  PID:13516
- C:\Windows\System\mwIXutx.exe
  C:\Windows\System\mwIXutx.exe
  2⤵
  PID:13548
- C:\Windows\System\YpiqauS.exe
  C:\Windows\System\YpiqauS.exe
  2⤵
  PID:13592
- C:\Windows\System\pYkygIm.exe
  C:\Windows\System\pYkygIm.exe
  2⤵
  PID:13624
- C:\Windows\System\yEPkIrl.exe
  C:\Windows\System\yEPkIrl.exe
  2⤵
  PID:13672
- C:\Windows\System\RSTMlIS.exe
  C:\Windows\System\RSTMlIS.exe
  2⤵
  PID:13704
- C:\Windows\System\NynZtWU.exe
  C:\Windows\System\NynZtWU.exe
  2⤵
  PID:13736
- C:\Windows\System\uANNZfe.exe
  C:\Windows\System\uANNZfe.exe
  2⤵
  PID:13768
- C:\Windows\System\OoXogXk.exe
  C:\Windows\System\OoXogXk.exe
  2⤵
  PID:13800
- C:\Windows\System\kOgaTca.exe
  C:\Windows\System\kOgaTca.exe
  2⤵
  PID:13880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bhgdytk3.xw5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AivifkE.exe

Filesize
2.0MB

MD5
df6b8aeca59c118c553108a885f0020f

SHA1
cad14d0ae22b29d9322715ab67ed8fb60b62af3e

SHA256
bdfccfffb7aaca8f96fb2fe63fd4d1e759468110cc92a8819b88fc47a7809183

SHA512
262b7e09d6f1c8bf520dbe12ca122cdc4bd56f2d677461f66ce1468ee933350c339ea08f90684f7db1aff368890c4f212317d6bc038756252c3ca6310efac454

Download Submit
C:\Windows\System\BMbxKtr.exe

Filesize
2.0MB

MD5
0468beb8efba9645f7ec40fc1a20f3a8

SHA1
7ee6a3ced7fa67552c2658a9f7784b0e96b05dda

SHA256
d048f8e0fb242659feaea327b83bc1c93903d583ef01f25b7d9c2064cd914830

SHA512
acbb9bf434865b7eeb6d926ff51a3b19a179151a3e69c796a4bae57f582aba3222dcef2c8c585cf412d1f2b53f0c74532c87c2876a3242e7f3d9dece0ca02833

Download Submit
C:\Windows\System\FScxDxF.exe

Filesize
2.0MB

MD5
7d5a442ca469304cefba9e1dc756eac9

SHA1
204540d6686c833ff2a62520a673decfd651d26a

SHA256
4cc764de95cf99e95cc8c27ad56664a81ddf48c6752deaeb6660f61fe63b6cb3

SHA512
d34a54bb97fdc5f9402b072e6a711adcb25aab37ffc1a3de7d75329b67e2d7276cfa19007b9cbff82f63c2c3340648d6e28ad3d8d467ec2dcdd81cec578c75bf

Download Submit
C:\Windows\System\FlXKStL.exe

Filesize
2.0MB

MD5
e3267314a1b07722e4e0fc6b43aea920

SHA1
34b046124a745f3fd7b9ef6dc15b5bd7c05a7e63

SHA256
6d05de9196406d776b6361bc0be3e641742acfb9ae3d4540b8c5eb14a65c0710

SHA512
ce6d59d4493270246a2f359db0e0ccef39a4005e0edc22931ba6de9188973c79585e3ffe44fd9648a8f20df44b32eb5cd70aacd9f8483ff4c52f12d6637fc8aa

Download Submit
C:\Windows\System\JGmnjRX.exe

Filesize
2.0MB

MD5
2a6d9d8ea227f945e5a2cbef3833363b

SHA1
4495aed42e87a4c043e703c2f0b666335ef760c7

SHA256
9a766e764b1a6e9944da678aa4007f98efeddace71fdf58b801aaa4930dabdaa

SHA512
1d4d63dfc83ed5c8d1b42279370bd090c59abcab985118886417d845cacc03cf38567b2d471e1a3a897f958c63197e0844899e11d007819a5f0570e4b92550a7

Download Submit
C:\Windows\System\KJAoQYq.exe

Filesize
8B

MD5
d8f939ee099285eb5299be97436baa4d

SHA1
e982a1f84114c575869e996a9a214509ee9e0e66

SHA256
e7c262920797c23676b4311de18f70723dfd833b4d38ec2d89ac9d49b2f67690

SHA512
e31bd5edb5ca774adb6b49128eb293ef2a9394fca94c3def6901a7d4903de06386842bbd81ce1630fc901df52644e493a263be2bc59bd514aa7a1f110b251fe2

Download Submit
C:\Windows\System\KSLOcBT.exe

Filesize
2.0MB

MD5
2c8ccc6365632e081981353b9af6f148

SHA1
5899702b76e309c48b4c137a07ecc440ad71e3fa

SHA256
cddcfd1fca427417a38df2f1f165f4f407fc0f694a4525cd37f5a25d05ee4229

SHA512
d3174be0283bfe9e283d9deedf199450eb87c2e0a54043db4cfb3b352a96635ac0567af62d9a44ce4bb56df5e15e08005a41b703c22563c616060658047b8b17

Download Submit
C:\Windows\System\MeePtCW.exe

Filesize
2.0MB

MD5
28be24ddd409355a0a366870b12e63cc

SHA1
63e838a7ede7e61a5a3ce8c1b79fb0d66a38f7cb

SHA256
14b5a3f8bc0f133b1ddb7e6a10df9ce514163b7cc485be4a389a814edc1585d9

SHA512
5cedf94ba2ff3562837fb857d5dd2de7a0e99850c2e35412b460ef1ef8feb42ebd5f253b6f29915d5bc6024689736ea849dde449dc36fff3c2932ced4c7183be

Download Submit
C:\Windows\System\NLscOqE.exe

Filesize
2.0MB

MD5
dfbb3975c85c77bdc3e93925c90354dd

SHA1
99b2a1e32fd8c3a10676b0436e19c3645a7efd89

SHA256
d7de01da27897349e621eb9b6435e0d7b5c6bd36a9f2d7f35bc3c5d4f6f76882

SHA512
9fc99d8f11ba2db0788ad1a5f0283338b69ea209355d276e1bd08535f962406b9f1132049b0760821ffd33ee96217e1b4c476497d4652117559ad88f98e9478b

Download Submit
C:\Windows\System\ORFXWPh.exe

Filesize
2.0MB

MD5
8dc6bff472ddf410d6dd4ab08c7cc84b

SHA1
6032a8457585672a60083c9e86d40bc4c94cf0c5

SHA256
c7a562331264458d59ac2efc7ef9eb8b4d8dfdd654d05fa082bce66145354fea

SHA512
a7b4b98239ea8e389e90f91f76bbe76c44c733debbd57f9f6123b3613d5485863137dc4239be18195cd9347d073944cb263655d66445f71d7d729a038164b2a8

Download Submit
C:\Windows\System\PifnPRX.exe

Filesize
2.0MB

MD5
4666a8f7a028b79b94ce600b75dcb5d6

SHA1
4917cdb85f3bdb4d9a2f8f1385caf622e7ef8076

SHA256
aa5e02eb91c76ca9e355a14e88dd60ad4ecc9c40f209613e77ffd42b03c068fe

SHA512
b080ddfa17edeee5e227424105385e2de5dbb5b33884932d77465790885710dddeeed9a8f1e0039526dc10035119c2def1f8d8290ec6bbf55e59b84a5b70e514

Download Submit
C:\Windows\System\QfIwaHJ.exe

Filesize
2.0MB

MD5
69a19572990b256dc91eda0ef3689a85

SHA1
1d444c0dd8a0d7ceb7860b40571dc78acbfe247a

SHA256
416abe10057eb1b242294cf59fdfeac8a8bc1c2667b61db6d2aa450f61667d18

SHA512
edd7c67e9b0e4448da1749979c3a5b2aeaae40e6cc1ba09952c0f1bd54db2b15fd5f7a1bcf37d8edc699caf767aa2fc27d354caa5433946dbec03b04f766b24d

Download Submit
C:\Windows\System\RjmTNPT.exe

Filesize
2.0MB

MD5
150da6cb48b79d9d0c38cd8b75bc8cc6

SHA1
14ff0a9f46b99aee2cdcf68a3f962719c99a026c

SHA256
97597c5de7c09f301b8e9d24392a54abc5b82115c930f3aa4979c999bf93dfea

SHA512
27d2393f553b99d738a0f36bd4eb9c52ba9d5303cd8e1f51f76fb3bb049c9dbaa806c57b4529cdb69a61f8fe3e82898088bb00caa658726e6bc0ae1b075843b6

Download Submit
C:\Windows\System\TRsEYIw.exe

Filesize
2.0MB

MD5
11e02840564e67f4ac27fdc66931968f

SHA1
2f7b677b8730d8f8b8621a7b1d5b578c71404675

SHA256
676d55835dd8b4b1eb6101246660d761ba748165bdccb3791247912ac7efd1ca

SHA512
54a86474f2390218a4088d641b297cb32f2d2d92f1e3759dae6e5340d2ea96728c349d04fee8da8cb3fc139d20382d9470b9fc2909774f657814ca58a5555743

Download Submit
C:\Windows\System\TRvHAAe.exe

Filesize
2.0MB

MD5
cad50700df42c9e8264ce53f0fffba16

SHA1
bb9bb164099d667111264b70e3a39478b29f396d

SHA256
bfded25418c0f7a7f7e702e309e32f506da496e8c2fbcc077a1fb19682a2681c

SHA512
71f1697b26d0c254b6329bd905cad24d30e30401f65a912a9a31f125dd3bd6a4b961701cdb87067cac1adb83ca89d2035a951e8021e77d9550897568b68cb57c

Download Submit
C:\Windows\System\UDJMiJg.exe

Filesize
2.0MB

MD5
a82d377bce515827e3ec5ce79dfc42f8

SHA1
39d71035be563574a6960b45511175fc806af734

SHA256
ae0d65732d008e221882806d5a20ac11f39d58af1e1b59fd401337b28ecfb1d1

SHA512
5cb51b6be2a7875d09aded8f60ef6127ef74ba9d7489a8d53040c1da7dce720ad99ba141bbd0d2c3a2e7b809593782fcb7edccc78bc7c3c61502690874275259

Download Submit
C:\Windows\System\UNXEKmn.exe

Filesize
2.0MB

MD5
736df13ff60216fd8ca1e06cd2379cef

SHA1
4a714e222fb8ea57f48a8c77e0918f54b3a15498

SHA256
35511cb2f1af8e34ac73f6d75642475f08716af49bff3dfa2c633b49df1f5c91

SHA512
712ddbeef2c8ee2c83a68b2b2272efad1f9524581a97f6ac6de0c77fa1517832231e5f257b40e07a1121787e7edab35338e06d60c38917b7b732baeccecd44ed

Download Submit
C:\Windows\System\UqSXsrT.exe

Filesize
2.0MB

MD5
e74a73c4cf541e0f965ed84710f40eba

SHA1
27ed4050ed6400ce8feb7f45f40e442eed7c4b5d

SHA256
c24b250baa1758922a41fb708f91eae050842529725cfcd887ee5b45964ed319

SHA512
38965d83ba0633ed23148a2340d018c845d3172ac639c44783c22a951b5069935caa1fc0f1e9ed4dc1702c5ed65bab1602080750a772e31fa36e53c231ffd013

Download Submit
C:\Windows\System\WPOslJf.exe

Filesize
2.0MB

MD5
11fe9ab421de418725d73842e02e4e7a

SHA1
8819554e56779a6d82efa99bbdd9be2e6550f650

SHA256
a0862ae0e98a20d86ef514f08d3768eacf301ce65f8d409db8a67ac8a2afc10d

SHA512
3e31da63de883786430fae6c617a181d5824971e1a7a6af0f1cb685820fa58030b799c64f10074cd318aaa711ab3d8825e7f8c0638d8bb637bcb52c0d11f8151

Download Submit
C:\Windows\System\XlOKdHP.exe

Filesize
2.0MB

MD5
d30e10a22ca739268cea5b310db37a97

SHA1
c9aed8bab164c4e830019242d802ab881eca1206

SHA256
9688bc36a4c1bb37cdfdcf43cd7e056f6bb788b140240221eafe17dbb832cf41

SHA512
10b06e69de8bfdc0c15295a9206f61fde5db6c979c37f920b752d71537ba7431e008eb1c6314e0f19addb95e402b5fdf8fce6525f7f2fdc20f8e4f45ce863ee3

Download Submit
C:\Windows\System\XvnPgUi.exe

Filesize
2.0MB

MD5
f8ecf1fbe790c71a68aecb4e93bb94fd

SHA1
850431d23ad90afe1215d20190c025b41710d21d

SHA256
554739295c95a338a68f2c719f2925291a066b3105c78858b2e743712b51d87b

SHA512
d2cde53631678338fa3dc52b1dfa1b30dd7d1f9ae6ee3f26d82caa21ff3a8f179f729e6871b7176620be2318b58c760641df2444dbb4fc1ab6df34b7ddff6e83

Download Submit
C:\Windows\System\YltbkAZ.exe

Filesize
2.0MB

MD5
41866b43d7cb24849166ddd99e00a308

SHA1
57df281f18ac271623d714966163ad4b5e05c7b4

SHA256
e010cfd4c54ad6735c7588af1eb9a4f5fb1306a88fbc85d45b6e0729cd2070ca

SHA512
9f102fe017ffa16bb14e3bf677d655965aac97de3d9147f34348d27a7e9ddcd8c62fdea5fdd2ce0db6c0cc4fc8cb4c93d9aafe7732e218160e79e82476adb2c9

Download Submit
C:\Windows\System\YrgOeDw.exe

Filesize
2.0MB

MD5
2ca30daccb5cf9db848c70b44fc1359b

SHA1
f8b5ee366ffa13a0b2b4ebf87b4963752fa9d316

SHA256
7c019b2a6dc9d765defa02544d714b7e933edf3d10fdd31a625d89a07f9e9aaf

SHA512
8f8ae28003ef4003aa8a6f472e64eba5560ba3d57fed93e1b868ffb6a37365d8c167b70e51dea2df98f3b4a134438c6590604f4de8b074c4b5b0ee7df4e5f085

Download Submit
C:\Windows\System\aXZNsDL.exe

Filesize
2.0MB

MD5
ced54e458e8d1374aa44545534631fc2

SHA1
43f0093db0aca2b5cc736d12598008a79b18be48

SHA256
d33ae2f3c26cef1d8d49d0b9f46a72593c88047707ab78d19b5a7a3560e77a1f

SHA512
c61a633e67ee9f18013b41661ec8da99f2e4ee206583df4cf5484f2f50dc73e2cb4068c0924822b0008aef12f687fefd14181599f8ce546da4cdc7f429922f46

Download Submit
C:\Windows\System\eyCJQrZ.exe

Filesize
2.0MB

MD5
4bd98a77abd40a3702fd7ddbd0393ae9

SHA1
552610eadec8e1397d3512c9268547ba769f1744

SHA256
8356ff457261bddae1f9ab02bcae80254924fa10498f3fefac881b0fcbe55767

SHA512
c8d3308b18b1397d88643b0250b5fa34f4d8ba1b01004503720627396b0d6e217af9221e856265688fd3a56c175a5eabb8307bd5b91de5702f6307d74df4bd5c

Download Submit
C:\Windows\System\ftpWGxb.exe

Filesize
2.0MB

MD5
09c1d8574c689650b8591c90c8fbcf66

SHA1
1a9fede565f32557eae6ddf63225167a3c1b37cb

SHA256
2a282fb37e6564542a13308dbce266c522fa980fe30a53f78734da1e2fef9758

SHA512
22d2be59b285f7193c720c2bc8f72cd637929089f6a54e0f5d042987982dea51df10a1955de304b3fb1fe262023eb529a718517ac7ec6dd03145c64c489b5594

Download Submit
C:\Windows\System\gssdNPi.exe

Filesize
2.0MB

MD5
2ed401c3ff14b20cfd1d9e5d8c4ffc5b

SHA1
4d57673cd9aac11cfd32e1308be9b4f2c0f13050

SHA256
0e68fb4dc3c2819ce0d8d0969769abc33093ac2f184eaac84bbf4c6d69f042b0

SHA512
f2561e0e5fe8a19a42d5f8fa2fb2aba4e8f8ae89bbfb5ea040e88aa39f99ff600041d255e9501d36e1cd081cd33c416e0eb93e2b8f711026aee981e9cc5548b8

Download Submit
C:\Windows\System\hBIxgFt.exe

Filesize
2.0MB

MD5
aa10086a530b2eafbb13a2a9d4f0a069

SHA1
e34f485c96dd6b3d6cf8359b791b6c56b57ca0fe

SHA256
7de55e73d358f884ae0a1bae668991b4c24de3cebd45348ed0e11daf95811aff

SHA512
2bc2ed1735a146740f0d07d8327576f9c67d958ae21e2545e4a54de4757aedc5e5a54b9cfc19a51da40980ba9063b3b8a72371578c32b5ad56dbd5ad9edb48aa

Download Submit
C:\Windows\System\iRHKsyL.exe

Filesize
2.0MB

MD5
1dc83bd46fea740b6777aca5937dab8b

SHA1
dad60eb7280364b93c266545f488b8290c3d7cff

SHA256
f2691ca5e07185266eab8af1680cad05cb13efa5a150df0b32d9d83b750d240c

SHA512
397b23640ba5d52656218ddb78cd5905192f342b58f5339795f40933b25c2ad154921c3b36ae34d8317244bf77931217dbd988f7316ce36a413494a734a61085

Download Submit
C:\Windows\System\lVTvHPr.exe

Filesize
2.0MB

MD5
6c4b469dce1e829f890dbb388533efae

SHA1
8a78b4035e79859823d667697ebab7fc9e8396f1

SHA256
9b5137b377e7e9fbf2305f72cfa3d40d2c88f8476205c3cb0dd97cec389105c1

SHA512
cadd7be1f015fadb9f027c46cde7c38ab82ec94d6f35ed69a912b4a15ea5d6f0ef4fad91a4f83d7e1a75166564c937a971126e9e2e8f8b329f7aa605ff1fa58a

Download Submit
C:\Windows\System\lkpusAq.exe

Filesize
2.0MB

MD5
c8ecf1e0696fb8d4ec4037f86977a649

SHA1
dfb37b3e4427c6df3d243dc2032a4f57878d9ced

SHA256
01a69e684c86c05a58a9bb939e8c688c74e77a1746d370d18490add4a4cd94d4

SHA512
1e0567c6233dcefd38a1160909b3dde2ac5393ab7d9b1a8904b43ba6743e6615f838ee4acf485c75b96de34bddfb4e02fd761773f04e0ee0f7e81615f152469d

Download Submit
C:\Windows\System\mbbfrCL.exe

Filesize
2.0MB

MD5
15312c349a4e98d8128d416566a244ed

SHA1
f50e8f477e32d3e46fa9cd186f2291c690468bb1

SHA256
7f950d6f849aace852e8098a9ab6a0bf3a7ca2afdf599170a8cf18256630be76

SHA512
ff78b18b1477c3a101ec547cba01760d6fb714f06d2a47db2a6e6182b99d6e740f7d10b5c00f1476ade4c6d47220ba4251fd224b8db250ade7ee77de0e310313

Download Submit
C:\Windows\System\ogQhwTJ.exe

Filesize
2.0MB

MD5
4d649cde77bb21f59476fd18311a647f

SHA1
85fd807fa2f5e731ba27d609f735debfc1373a40

SHA256
78a315a447a3414d23a77f67d8624cd5493211419f00b0a20dc05d18f76d1ab8

SHA512
647f98bc2c848ffceebda754d94e48677deb25d5a70ee00e0fb2f47d0cc5aa2d484766274ea2ee8380b9bbaa4933c5447cbfd05f6f178815de2669b8a81864c0

Download Submit
C:\Windows\System\omLMevE.exe

Filesize
2.0MB

MD5
eeec5492357dacc9cd598eba61dfc4a9

SHA1
dea2f5d695876918ca313299742b0c5ba3010ac1

SHA256
68a0735adc045d6a755516edabbbac36409610f54a01f9a721dff3d349ed9120

SHA512
b9ffe3f96fc1eb265d3f564faf6525deeae8afbfeb775c72968c32c766b7da085583a63b723ec35d3c7692252b51039df9a5ce4ddd792706134d509a07de6899

Download Submit
C:\Windows\System\qKQAEtZ.exe

Filesize
2.0MB

MD5
b45cbec39e9dc567c4444b17d34bde6a

SHA1
d17b55f22795c6043dc9eac879512c445920a360

SHA256
682ca943ac99703b5a4f5663517a1543392415203e1a6cad7c616ab8f019d22f

SHA512
2f4cb75ecd6613177a038e4aa9a7a932628bff8357acedda1102bbc1b3e08ec23b077646c00337f7bd5939ea81cfd3e2150a4bd7f986b37ef76ed7c29395f490

Download Submit
C:\Windows\System\tRlNJMf.exe

Filesize
2.0MB

MD5
75d5de3601ceb509898fc24668c7a730

SHA1
2e1d3bb313e556c70a56f18039c622ba384e4eb3

SHA256
e17b7bfee222c8f921fecc4cb4c945a0aa18cb42003ec525f2707100a20850e3

SHA512
63e1ad38bdf3c71ae476675db1ab5a0f35d53860f6e049596a9164d22e49f3a630a553a34905811482336928b8a753624f41929bde36139f133da95d1f9ba198

Download Submit
C:\Windows\System\tSQtNIg.exe

Filesize
2.0MB

MD5
c9f63cbbcd3b4f6cc01d591809e9a3e1

SHA1
b94cf8ed914a4ee3afff4a1615abbff17aeb6b9c

SHA256
f666d799b292077515a010c6aced12b9ba19688d1fad0d0a6a434b03d7a1c5fc

SHA512
f242fc824b3b27ff94625bd51d0a68080214f87ca483b4c8584a36f509b72bcc16ab8f6039adba0fd1ae0aba8c38fc6b3a4f1155aca23d1c39f0b18be609108a

Download Submit
C:\Windows\System\xjiOYHI.exe

Filesize
2.0MB

MD5
2605be4ebc229372a859c1b71a74a5d8

SHA1
bdd9652187ff3332f89cbb2ef328467b6fd3716a

SHA256
88ea9985035046630c180e770b10b88662a8f02dd608286b4aea6c091829fa95

SHA512
1c15e62660c20b5a184ee062d51d540e500e049e8b445c0662472d27e33d881628b27f8841c0d071a4e7a41da69620f9c55394f8a841dd1bcf89338182087afe

Download Submit
C:\Windows\System\yaQixiF.exe

Filesize
2.0MB

MD5
2b9440b271b70821aa97c8815cae8e49

SHA1
dfb14aa1328d7ab0bc6de2ba0dbb04efaec1c4d4

SHA256
d9cfbe33fbbfdcb194e6e6f68dddb39c9fe36f8d0d2fbb5dd930db5d2faa6cbb

SHA512
1f630d2379f9dc672957b92008e0e6461b6990b5df379a6ec63f2d55df81cdf257c722b4595139d269d965b71a48aae1462337da833da59aea54c26b2aae85d2

Download Submit
C:\Windows\System\zIGEOjn.exe

Filesize
2.0MB

MD5
de6ea955dc8ab48dab4238e9d4278e45

SHA1
bd4eaed31d950cf8799676866961560cc664c111

SHA256
a40b5b3e3a3b5106f5fe8440169b4933aee6247aeeeff405e9c05d1c361ad8b5

SHA512
f28da093ff58372682d7cd47b811d172d8a3a150e5cf13dd5263367f59429c15a50166696a00bda1d2a339b620efe0feacad33fa91e238541b00619b1a44ae4d

Download Submit
C:\Windows\System\zfhTFEj.exe

Filesize
2.0MB

MD5
7da86809ab507906f9d344002c2e6e4c

SHA1
8506cc8e04a11040314961a6dd7dc7d413ae83c8

SHA256
05ea6e545986b7ff7cc0fb2399c19fc2fecca5171f03c15af6cddbd992af186b

SHA512
3529e4e6c69f28e604d767cef4fc41df4e24fdd91c810aa1ca7aa3adc3d914ee4ada4bfdbaf38476001ff323ed2f0d3e37a20b7b72a8b728024ad15c4d38d098

Download Submit
memory/428-0-0x00007FF7A1320000-0x00007FF7A1712000-memory.dmp

Filesize
3.9MB

Download
memory/428-1-0x000002743F1B0000-0x000002743F1C0000-memory.dmp

Filesize
64KB

Download
memory/676-2724-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp

Filesize
3.9MB

Download
memory/676-19-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp

Filesize
3.9MB

Download
memory/676-2729-0x00007FF69FC10000-0x00007FF6A0002000-memory.dmp

Filesize
3.9MB

Download
memory/776-389-0x00007FF71E530000-0x00007FF71E922000-memory.dmp

Filesize
3.9MB

Download
memory/776-2746-0x00007FF71E530000-0x00007FF71E922000-memory.dmp

Filesize
3.9MB

Download
memory/840-356-0x00007FF671040000-0x00007FF671432000-memory.dmp

Filesize
3.9MB

Download
memory/840-2727-0x00007FF671040000-0x00007FF671432000-memory.dmp

Filesize
3.9MB

Download
memory/1060-197-0x00007FF713550000-0x00007FF713942000-memory.dmp

Filesize
3.9MB

Download
memory/1060-2753-0x00007FF713550000-0x00007FF713942000-memory.dmp

Filesize
3.9MB

Download
memory/1348-381-0x00007FF704630000-0x00007FF704A22000-memory.dmp

Filesize
3.9MB

Download
memory/1348-2748-0x00007FF704630000-0x00007FF704A22000-memory.dmp

Filesize
3.9MB

Download
memory/1608-2757-0x00007FF666EB0000-0x00007FF6672A2000-memory.dmp

Filesize
3.9MB

Download
memory/1608-243-0x00007FF666EB0000-0x00007FF6672A2000-memory.dmp

Filesize
3.9MB

Download
memory/1856-2732-0x00007FF76F7C0000-0x00007FF76FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/1856-30-0x00007FF76F7C0000-0x00007FF76FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/1876-357-0x00007FFBB33A3000-0x00007FFBB33A5000-memory.dmp

Filesize
8KB

Download
memory/1876-398-0x000001D545830000-0x000001D545FD6000-memory.dmp

Filesize
7.6MB

Download
memory/1876-50-0x000001D544690000-0x000001D5446A0000-memory.dmp

Filesize
64KB

Download
memory/1876-49-0x000001D544690000-0x000001D5446A0000-memory.dmp

Filesize
64KB

Download
memory/1876-164-0x000001D544C30000-0x000001D544C52000-memory.dmp

Filesize
136KB

Download
memory/2220-207-0x00007FF6AC770000-0x00007FF6ACB62000-memory.dmp

Filesize
3.9MB

Download
memory/2220-2740-0x00007FF6AC770000-0x00007FF6ACB62000-memory.dmp

Filesize
3.9MB

Download
memory/2716-35-0x00007FF741270000-0x00007FF741662000-memory.dmp

Filesize
3.9MB

Download
memory/2716-2733-0x00007FF741270000-0x00007FF741662000-memory.dmp

Filesize
3.9MB

Download
memory/2736-282-0x00007FF757990000-0x00007FF757D82000-memory.dmp

Filesize
3.9MB

Download
memory/2736-2760-0x00007FF757990000-0x00007FF757D82000-memory.dmp

Filesize
3.9MB

Download
memory/2880-2766-0x00007FF7D4C40000-0x00007FF7D5032000-memory.dmp

Filesize
3.9MB

Download
memory/2880-351-0x00007FF7D4C40000-0x00007FF7D5032000-memory.dmp

Filesize
3.9MB

Download
memory/2884-391-0x00007FF7D5D60000-0x00007FF7D6152000-memory.dmp

Filesize
3.9MB

Download
memory/2884-2782-0x00007FF7D5D60000-0x00007FF7D6152000-memory.dmp

Filesize
3.9MB

Download
memory/3124-154-0x00007FF743E70000-0x00007FF744262000-memory.dmp

Filesize
3.9MB

Download
memory/3124-2770-0x00007FF743E70000-0x00007FF744262000-memory.dmp

Filesize
3.9MB

Download
memory/3248-321-0x00007FF6E6870000-0x00007FF6E6C62000-memory.dmp

Filesize
3.9MB

Download
memory/3248-2763-0x00007FF6E6870000-0x00007FF6E6C62000-memory.dmp

Filesize
3.9MB

Download
memory/3312-262-0x00007FF72BFE0000-0x00007FF72C3D2000-memory.dmp

Filesize
3.9MB

Download
memory/3312-2736-0x00007FF72BFE0000-0x00007FF72C3D2000-memory.dmp

Filesize
3.9MB

Download
memory/4348-355-0x00007FF663590000-0x00007FF663982000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2761-0x00007FF663590000-0x00007FF663982000-memory.dmp

Filesize
3.9MB

Download
memory/4608-340-0x00007FF6C4340000-0x00007FF6C4732000-memory.dmp

Filesize
3.9MB

Download
memory/4608-2768-0x00007FF6C4340000-0x00007FF6C4732000-memory.dmp

Filesize
3.9MB

Download
memory/4648-354-0x00007FF7D41E0000-0x00007FF7D45D2000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2751-0x00007FF7D41E0000-0x00007FF7D45D2000-memory.dmp

Filesize
3.9MB

Download
memory/4680-352-0x00007FF6833E0000-0x00007FF6837D2000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2771-0x00007FF6833E0000-0x00007FF6837D2000-memory.dmp

Filesize
3.9MB

Download
memory/4692-122-0x00007FF65F130000-0x00007FF65F522000-memory.dmp

Filesize
3.9MB

Download
memory/4692-2744-0x00007FF65F130000-0x00007FF65F522000-memory.dmp

Filesize
3.9MB

Download
memory/4708-71-0x00007FF7E7A30000-0x00007FF7E7E22000-memory.dmp

Filesize
3.9MB

Download
memory/4708-2749-0x00007FF7E7A30000-0x00007FF7E7E22000-memory.dmp

Filesize
3.9MB

Download
memory/4712-358-0x00007FF6B3A30000-0x00007FF6B3E22000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2742-0x00007FF6B3A30000-0x00007FF6B3E22000-memory.dmp

Filesize
3.9MB

Download
memory/4900-55-0x00007FF6D2D70000-0x00007FF6D3162000-memory.dmp

Filesize
3.9MB

Download
memory/4900-2738-0x00007FF6D2D70000-0x00007FF6D3162000-memory.dmp

Filesize
3.9MB

Download
memory/4948-390-0x00007FF7FF6D0000-0x00007FF7FFAC2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2755-0x00007FF7FF6D0000-0x00007FF7FFAC2000-memory.dmp

Filesize
3.9MB

Download