xmrig | 3772d9aa8e5415095942d19c65b30b73c60199df6f9726484dd575f2cfc4a6d6

Analysis

max time kernel
85s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
Size

1.5MB
MD5

33f425ff6299242b231b2bcd4717c302
SHA1

cfb45642d29da8a68dc9dd1be345fa5df3e3dcf5
SHA256

3772d9aa8e5415095942d19c65b30b73c60199df6f9726484dd575f2cfc4a6d6
SHA512

ae781128d4cb0620960cf7d123cce3c09e6766faa8473a892f1d6a03e9dac64c4186eb00958e68c32343663f9141d7af27b07a5e08a8331d22dea6e15647ceaa
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwmvcB90:Lz071uv4BPMkibTIA5CJv5

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4476-20-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp	xmrig
behavioral2/memory/4908-38-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp	xmrig
behavioral2/memory/4140-60-0x00007FF6E80A0000-0x00007FF6E8492000-memory.dmp	xmrig
behavioral2/memory/4756-70-0x00007FF755480000-0x00007FF755872000-memory.dmp	xmrig
behavioral2/memory/2224-73-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	xmrig
behavioral2/memory/1184-71-0x00007FF698360000-0x00007FF698752000-memory.dmp	xmrig
behavioral2/memory/1596-86-0x00007FF677230000-0x00007FF677622000-memory.dmp	xmrig
behavioral2/memory/2516-102-0x00007FF797200000-0x00007FF7975F2000-memory.dmp	xmrig
behavioral2/memory/4196-107-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp	xmrig
behavioral2/memory/3208-108-0x00007FF6E6C30000-0x00007FF6E7022000-memory.dmp	xmrig
behavioral2/memory/1864-110-0x00007FF725A90000-0x00007FF725E82000-memory.dmp	xmrig
behavioral2/memory/2112-313-0x00007FF75C500000-0x00007FF75C8F2000-memory.dmp	xmrig
behavioral2/memory/1788-312-0x00007FF73D9E0000-0x00007FF73DDD2000-memory.dmp	xmrig
behavioral2/memory/3732-314-0x00007FF730A10000-0x00007FF730E02000-memory.dmp	xmrig
behavioral2/memory/4496-315-0x00007FF636CD0000-0x00007FF6370C2000-memory.dmp	xmrig
behavioral2/memory/1288-317-0x00007FF684790000-0x00007FF684B82000-memory.dmp	xmrig
behavioral2/memory/1400-322-0x00007FF7A04D0000-0x00007FF7A08C2000-memory.dmp	xmrig
behavioral2/memory/4928-324-0x00007FF7B1D00000-0x00007FF7B20F2000-memory.dmp	xmrig
behavioral2/memory/4492-325-0x00007FF6E9840000-0x00007FF6E9C32000-memory.dmp	xmrig
behavioral2/memory/4532-321-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp	xmrig
behavioral2/memory/4180-90-0x00007FF615400000-0x00007FF6157F2000-memory.dmp	xmrig
behavioral2/memory/4032-506-0x00007FF6FC780000-0x00007FF6FCB72000-memory.dmp	xmrig
behavioral2/memory/1124-1279-0x00007FF694A40000-0x00007FF694E32000-memory.dmp	xmrig
behavioral2/memory/4476-1993-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp	xmrig
behavioral2/memory/4180-1996-0x00007FF615400000-0x00007FF6157F2000-memory.dmp	xmrig
behavioral2/memory/4196-2180-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp	xmrig
behavioral2/memory/4908-2192-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp	xmrig
behavioral2/memory/4140-2245-0x00007FF6E80A0000-0x00007FF6E8492000-memory.dmp	xmrig
behavioral2/memory/1124-2255-0x00007FF694A40000-0x00007FF694E32000-memory.dmp	xmrig
behavioral2/memory/2224-2274-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	xmrig
behavioral2/memory/4756-2277-0x00007FF755480000-0x00007FF755872000-memory.dmp	xmrig
behavioral2/memory/4860-2300-0x00007FF7898F0000-0x00007FF789CE2000-memory.dmp	xmrig
behavioral2/memory/1788-2351-0x00007FF73D9E0000-0x00007FF73DDD2000-memory.dmp	xmrig
behavioral2/memory/1556-2376-0x00007FF77DFB0000-0x00007FF77E3A2000-memory.dmp	xmrig
behavioral2/memory/1864-2375-0x00007FF725A90000-0x00007FF725E82000-memory.dmp	xmrig
behavioral2/memory/4928-2407-0x00007FF7B1D00000-0x00007FF7B20F2000-memory.dmp	xmrig
behavioral2/memory/4492-2413-0x00007FF6E9840000-0x00007FF6E9C32000-memory.dmp	xmrig
behavioral2/memory/1400-2404-0x00007FF7A04D0000-0x00007FF7A08C2000-memory.dmp	xmrig
behavioral2/memory/4532-2397-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp	xmrig
behavioral2/memory/4496-2394-0x00007FF636CD0000-0x00007FF6370C2000-memory.dmp	xmrig
behavioral2/memory/1288-2389-0x00007FF684790000-0x00007FF684B82000-memory.dmp	xmrig
behavioral2/memory/3208-2385-0x00007FF6E6C30000-0x00007FF6E7022000-memory.dmp	xmrig
behavioral2/memory/3732-2384-0x00007FF730A10000-0x00007FF730E02000-memory.dmp	xmrig
behavioral2/memory/2516-2383-0x00007FF797200000-0x00007FF7975F2000-memory.dmp	xmrig
behavioral2/memory/2112-2380-0x00007FF75C500000-0x00007FF75C8F2000-memory.dmp	xmrig
behavioral2/memory/1596-2350-0x00007FF677230000-0x00007FF677622000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

Processes:

powershell.exe

flow pid process

3 3980 powershell.exe
6 3980 powershell.exe
16 3980 powershell.exe
17 3980 powershell.exe
19 3980 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3980 powershell.exe

flow	pid	process
3	3980	powershell.exe
6	3980	powershell.exe
16	3980	powershell.exe
17	3980	powershell.exe
19	3980	powershell.exe

pid	process
3980	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

ciUXyLj.exeulTBqnp.exeMSVsbIO.exekFxShny.exeIMLDNtG.exeGHTPQQb.exekfLeROf.exeGuVhZjq.exeRfmlgES.exeoPqcbYR.exeYNDstst.exezOHHdVr.exeMlRdaPr.exesvjvvaa.exezncxmBe.exepZapYKs.exeOcSsoTt.exeLonICuy.exeQTmeRQp.exeZUNYAER.exeUGrtowg.exeYFmEnnl.exeiqXRdeD.exeiKEKeOK.exeRrsuzrV.exeXKHZDBQ.exeDNUHDrz.exeGFvLoNW.exeXFWfhMV.exeYqInCbi.exeHTQhGtr.exesQUYmXj.exeoUPHUym.exeEXuGBCn.exeBuBFVYz.exeFFavaPq.exexjXXFwj.exehdIxcUp.exevyKeRgt.exeeAUhENd.exegHVqzSy.exeWZOOlXH.exeYJRzlMQ.exeOPAEJMR.exeacWoFOo.exeKQXnyjE.exewhktVVv.exetLLpysR.exevvFugOr.exeETJVVhF.exewxObgew.exeFVKFlpl.exebTxSeyz.exeLzCnqvK.exejnuFIkT.exexgJfRoP.exeUoBNPjS.exeOlsXUVS.exegKHKVAi.exeBuyuoRp.exePoRxAQs.exevWzjtHI.exeFaxXDtP.exeqUQVCHW.exe

pid	process
4180	ciUXyLj.exe
4476	ulTBqnp.exe
4196	MSVsbIO.exe
4908	kFxShny.exe
4032	IMLDNtG.exe
1124	GHTPQQb.exe
4140	kfLeROf.exe
4756	GuVhZjq.exe
2224	RfmlgES.exe
4860	oPqcbYR.exe
1596	YNDstst.exe
2516	zOHHdVr.exe
3208	MlRdaPr.exe
1556	svjvvaa.exe
1864	zncxmBe.exe
1788	pZapYKs.exe
2112	OcSsoTt.exe
3732	LonICuy.exe
4496	QTmeRQp.exe
1288	ZUNYAER.exe
4532	UGrtowg.exe
1400	YFmEnnl.exe
4928	iqXRdeD.exe
4492	iKEKeOK.exe
2160	RrsuzrV.exe
4436	XKHZDBQ.exe
1568	DNUHDrz.exe
2024	GFvLoNW.exe
4468	XFWfhMV.exe
2056	YqInCbi.exe
3492	HTQhGtr.exe
4136	sQUYmXj.exe
3504	oUPHUym.exe
2116	EXuGBCn.exe
2844	BuBFVYz.exe
116	FFavaPq.exe
4308	xjXXFwj.exe
1512	hdIxcUp.exe
3500	vyKeRgt.exe
4488	eAUhENd.exe
724	gHVqzSy.exe
1432	WZOOlXH.exe
3816	YJRzlMQ.exe
3412	OPAEJMR.exe
3436	acWoFOo.exe
4924	KQXnyjE.exe
4408	whktVVv.exe
2184	tLLpysR.exe
3324	vvFugOr.exe
3748	ETJVVhF.exe
2120	wxObgew.exe
4128	FVKFlpl.exe
2308	bTxSeyz.exe
3320	LzCnqvK.exe
4576	jnuFIkT.exe
3992	xgJfRoP.exe
224	UoBNPjS.exe
524	OlsXUVS.exe
3584	gKHKVAi.exe
5144	BuyuoRp.exe
5172	PoRxAQs.exe
5216	vWzjtHI.exe
5244	FaxXDtP.exe
5272	qUQVCHW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1184-0-0x00007FF698360000-0x00007FF698752000-memory.dmp	upx
C:\Windows\System\ciUXyLj.exe	upx
behavioral2/memory/4180-9-0x00007FF615400000-0x00007FF6157F2000-memory.dmp	upx
C:\Windows\System\ulTBqnp.exe	upx
C:\Windows\System\MSVsbIO.exe	upx
behavioral2/memory/4476-20-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp	upx
behavioral2/memory/4196-21-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp	upx
C:\Windows\System\kFxShny.exe	upx
behavioral2/memory/4908-38-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp	upx
C:\Windows\System\IMLDNtG.exe	upx
behavioral2/memory/4032-43-0x00007FF6FC780000-0x00007FF6FCB72000-memory.dmp	upx
C:\Windows\System\GHTPQQb.exe	upx
C:\Windows\System\kfLeROf.exe	upx
behavioral2/memory/1124-51-0x00007FF694A40000-0x00007FF694E32000-memory.dmp	upx
C:\Windows\System\GuVhZjq.exe	upx
behavioral2/memory/4140-60-0x00007FF6E80A0000-0x00007FF6E8492000-memory.dmp	upx
C:\Windows\System\RfmlgES.exe	upx
behavioral2/memory/4756-70-0x00007FF755480000-0x00007FF755872000-memory.dmp	upx
C:\Windows\System\oPqcbYR.exe	upx
behavioral2/memory/2224-73-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	upx
behavioral2/memory/4860-74-0x00007FF7898F0000-0x00007FF789CE2000-memory.dmp	upx
behavioral2/memory/1184-71-0x00007FF698360000-0x00007FF698752000-memory.dmp	upx
C:\Windows\System\YNDstst.exe	upx
C:\Windows\System\zOHHdVr.exe	upx
behavioral2/memory/1596-86-0x00007FF677230000-0x00007FF677622000-memory.dmp	upx
C:\Windows\System\svjvvaa.exe	upx
C:\Windows\System\MlRdaPr.exe	upx
behavioral2/memory/2516-102-0x00007FF797200000-0x00007FF7975F2000-memory.dmp	upx
behavioral2/memory/1556-105-0x00007FF77DFB0000-0x00007FF77E3A2000-memory.dmp	upx
behavioral2/memory/4196-107-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp	upx
behavioral2/memory/3208-108-0x00007FF6E6C30000-0x00007FF6E7022000-memory.dmp	upx
behavioral2/memory/1864-110-0x00007FF725A90000-0x00007FF725E82000-memory.dmp	upx
C:\Windows\System\zncxmBe.exe	upx
C:\Windows\System\pZapYKs.exe	upx
C:\Windows\System\OcSsoTt.exe	upx
C:\Windows\System\QTmeRQp.exe	upx
C:\Windows\System\ZUNYAER.exe	upx
C:\Windows\System\YFmEnnl.exe	upx
C:\Windows\System\RrsuzrV.exe	upx
C:\Windows\System\XKHZDBQ.exe	upx
C:\Windows\System\GFvLoNW.exe	upx
C:\Windows\System\YqInCbi.exe	upx
behavioral2/memory/2112-313-0x00007FF75C500000-0x00007FF75C8F2000-memory.dmp	upx
behavioral2/memory/1788-312-0x00007FF73D9E0000-0x00007FF73DDD2000-memory.dmp	upx
behavioral2/memory/3732-314-0x00007FF730A10000-0x00007FF730E02000-memory.dmp	upx
behavioral2/memory/4496-315-0x00007FF636CD0000-0x00007FF6370C2000-memory.dmp	upx
behavioral2/memory/1288-317-0x00007FF684790000-0x00007FF684B82000-memory.dmp	upx
behavioral2/memory/1400-322-0x00007FF7A04D0000-0x00007FF7A08C2000-memory.dmp	upx
behavioral2/memory/4928-324-0x00007FF7B1D00000-0x00007FF7B20F2000-memory.dmp	upx
behavioral2/memory/4492-325-0x00007FF6E9840000-0x00007FF6E9C32000-memory.dmp	upx
behavioral2/memory/4532-321-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp	upx
C:\Windows\System\sQUYmXj.exe	upx
C:\Windows\System\HTQhGtr.exe	upx
C:\Windows\System\XFWfhMV.exe	upx
C:\Windows\System\DNUHDrz.exe	upx
C:\Windows\System\iKEKeOK.exe	upx
C:\Windows\System\iqXRdeD.exe	upx
C:\Windows\System\UGrtowg.exe	upx
C:\Windows\System\LonICuy.exe	upx
behavioral2/memory/4180-90-0x00007FF615400000-0x00007FF6157F2000-memory.dmp	upx
behavioral2/memory/4032-506-0x00007FF6FC780000-0x00007FF6FCB72000-memory.dmp	upx
behavioral2/memory/1124-1279-0x00007FF694A40000-0x00007FF694E32000-memory.dmp	upx
behavioral2/memory/4476-1993-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp	upx
behavioral2/memory/4180-1996-0x00007FF615400000-0x00007FF6157F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
3 raw.githubusercontent.com

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\rCvUGwe.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\jDsrrRL.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\aevzvIw.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\sQzzFUE.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\YAuVBBV.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\AsRvYQp.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\xgHdqTb.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\rWQRxLs.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\AvJdBPU.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\jSFSwMd.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\TavItDq.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\IMLDNtG.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\GZkUuZw.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\TdRjLSR.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\gkFjpUd.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\QsbFyBU.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\hkFpFRB.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\BEeolFo.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\hdIxcUp.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\tGPRYCL.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\jGvumzn.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\snucVWm.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\LQFivkG.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\ejGjQRp.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\lgtgtTA.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\YMOyyhs.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\pnZmugL.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\UbnIPGI.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\jBdJiwb.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\MolkJWy.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\xbagGxJ.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\GihvrTC.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\aUYoWoN.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\xOCDMfK.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\LmzvdMx.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\qCjOQcm.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\hrHeLrv.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\APuhvjX.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\mUStlSt.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\HZhQVSh.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\oJZLFEn.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\XuOvICu.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\pZXreWP.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\FBtmizS.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\brCIhdx.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\qoYmMCT.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\vtLgpis.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\ZwfdChJ.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\YNCDZzG.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\RqUjtbf.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\jTOAUwJ.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\ghzagYa.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\Ykgqmsj.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\EWKOuXC.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\DrIvSTF.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\TEpUWnc.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\tUrFRGZ.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\BVzfXqr.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\DLTTNND.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\MKTidJD.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\sofTENM.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\KQXnyjE.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\kcoNGDH.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
File created	C:\Windows\System\BDkYdAp.exe	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

3980 powershell.exe
3980 powershell.exe

pid	process
3980	powershell.exe
3980	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
Token: SeDebugPrivilege	3980	powershell.exe
Token: SeLockMemoryPrivilege	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe

description	pid	process	target process
PID 1184 wrote to memory of 3980	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	powershell.exe
PID 1184 wrote to memory of 3980	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	powershell.exe
PID 1184 wrote to memory of 4180	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ciUXyLj.exe
PID 1184 wrote to memory of 4180	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ciUXyLj.exe
PID 1184 wrote to memory of 4476	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ulTBqnp.exe
PID 1184 wrote to memory of 4476	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ulTBqnp.exe
PID 1184 wrote to memory of 4196	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	MSVsbIO.exe
PID 1184 wrote to memory of 4196	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	MSVsbIO.exe
PID 1184 wrote to memory of 4908	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	kFxShny.exe
PID 1184 wrote to memory of 4908	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	kFxShny.exe
PID 1184 wrote to memory of 4032	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	IMLDNtG.exe
PID 1184 wrote to memory of 4032	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	IMLDNtG.exe
PID 1184 wrote to memory of 1124	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GHTPQQb.exe
PID 1184 wrote to memory of 1124	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GHTPQQb.exe
PID 1184 wrote to memory of 4140	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	kfLeROf.exe
PID 1184 wrote to memory of 4140	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	kfLeROf.exe
PID 1184 wrote to memory of 4756	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GuVhZjq.exe
PID 1184 wrote to memory of 4756	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GuVhZjq.exe
PID 1184 wrote to memory of 2224	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	RfmlgES.exe
PID 1184 wrote to memory of 2224	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	RfmlgES.exe
PID 1184 wrote to memory of 4860	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	oPqcbYR.exe
PID 1184 wrote to memory of 4860	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	oPqcbYR.exe
PID 1184 wrote to memory of 1596	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YNDstst.exe
PID 1184 wrote to memory of 1596	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YNDstst.exe
PID 1184 wrote to memory of 2516	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	zOHHdVr.exe
PID 1184 wrote to memory of 2516	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	zOHHdVr.exe
PID 1184 wrote to memory of 3208	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	MlRdaPr.exe
PID 1184 wrote to memory of 3208	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	MlRdaPr.exe
PID 1184 wrote to memory of 1556	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	svjvvaa.exe
PID 1184 wrote to memory of 1556	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	svjvvaa.exe
PID 1184 wrote to memory of 1864	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	zncxmBe.exe
PID 1184 wrote to memory of 1864	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	zncxmBe.exe
PID 1184 wrote to memory of 1788	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	pZapYKs.exe
PID 1184 wrote to memory of 1788	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	pZapYKs.exe
PID 1184 wrote to memory of 2112	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	OcSsoTt.exe
PID 1184 wrote to memory of 2112	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	OcSsoTt.exe
PID 1184 wrote to memory of 3732	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	LonICuy.exe
PID 1184 wrote to memory of 3732	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	LonICuy.exe
PID 1184 wrote to memory of 4496	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	QTmeRQp.exe
PID 1184 wrote to memory of 4496	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	QTmeRQp.exe
PID 1184 wrote to memory of 1288	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ZUNYAER.exe
PID 1184 wrote to memory of 1288	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	ZUNYAER.exe
PID 1184 wrote to memory of 4532	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	UGrtowg.exe
PID 1184 wrote to memory of 4532	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	UGrtowg.exe
PID 1184 wrote to memory of 1400	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YFmEnnl.exe
PID 1184 wrote to memory of 1400	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YFmEnnl.exe
PID 1184 wrote to memory of 4928	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	iqXRdeD.exe
PID 1184 wrote to memory of 4928	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	iqXRdeD.exe
PID 1184 wrote to memory of 4492	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	iKEKeOK.exe
PID 1184 wrote to memory of 4492	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	iKEKeOK.exe
PID 1184 wrote to memory of 2160	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	RrsuzrV.exe
PID 1184 wrote to memory of 2160	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	RrsuzrV.exe
PID 1184 wrote to memory of 4436	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	XKHZDBQ.exe
PID 1184 wrote to memory of 4436	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	XKHZDBQ.exe
PID 1184 wrote to memory of 1568	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	DNUHDrz.exe
PID 1184 wrote to memory of 1568	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	DNUHDrz.exe
PID 1184 wrote to memory of 2024	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GFvLoNW.exe
PID 1184 wrote to memory of 2024	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	GFvLoNW.exe
PID 1184 wrote to memory of 4468	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	XFWfhMV.exe
PID 1184 wrote to memory of 4468	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	XFWfhMV.exe
PID 1184 wrote to memory of 2056	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YqInCbi.exe
PID 1184 wrote to memory of 2056	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	YqInCbi.exe
PID 1184 wrote to memory of 3492	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	HTQhGtr.exe
PID 1184 wrote to memory of 3492	1184	33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe	HTQhGtr.exe

C:\Users\Admin\AppData\Local\Temp\33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\33f425ff6299242b231b2bcd4717c302_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1184

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3980

C:\Windows\System\ciUXyLj.exe
C:\Windows\System\ciUXyLj.exe
2⤵
- Executes dropped EXE
PID:4180

C:\Windows\System\ulTBqnp.exe
C:\Windows\System\ulTBqnp.exe
2⤵
- Executes dropped EXE
PID:4476

C:\Windows\System\MSVsbIO.exe
C:\Windows\System\MSVsbIO.exe
2⤵
- Executes dropped EXE
PID:4196

C:\Windows\System\kFxShny.exe
C:\Windows\System\kFxShny.exe
2⤵
- Executes dropped EXE
PID:4908

C:\Windows\System\IMLDNtG.exe
C:\Windows\System\IMLDNtG.exe
2⤵
- Executes dropped EXE
PID:4032

C:\Windows\System\GHTPQQb.exe
C:\Windows\System\GHTPQQb.exe
2⤵
- Executes dropped EXE
PID:1124

C:\Windows\System\kfLeROf.exe
C:\Windows\System\kfLeROf.exe
2⤵
- Executes dropped EXE
PID:4140

C:\Windows\System\GuVhZjq.exe
C:\Windows\System\GuVhZjq.exe
2⤵
- Executes dropped EXE
PID:4756

C:\Windows\System\RfmlgES.exe
C:\Windows\System\RfmlgES.exe
2⤵
- Executes dropped EXE
PID:2224

C:\Windows\System\oPqcbYR.exe
C:\Windows\System\oPqcbYR.exe
2⤵
- Executes dropped EXE
PID:4860

C:\Windows\System\YNDstst.exe
C:\Windows\System\YNDstst.exe
2⤵
- Executes dropped EXE
PID:1596

C:\Windows\System\zOHHdVr.exe
C:\Windows\System\zOHHdVr.exe
2⤵
- Executes dropped EXE
PID:2516

C:\Windows\System\MlRdaPr.exe
C:\Windows\System\MlRdaPr.exe
2⤵
- Executes dropped EXE
PID:3208

C:\Windows\System\svjvvaa.exe
C:\Windows\System\svjvvaa.exe
2⤵
- Executes dropped EXE
PID:1556

C:\Windows\System\zncxmBe.exe
C:\Windows\System\zncxmBe.exe
2⤵
- Executes dropped EXE
PID:1864

C:\Windows\System\pZapYKs.exe
C:\Windows\System\pZapYKs.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\OcSsoTt.exe
C:\Windows\System\OcSsoTt.exe
2⤵
- Executes dropped EXE
PID:2112

C:\Windows\System\LonICuy.exe
C:\Windows\System\LonICuy.exe
2⤵
- Executes dropped EXE
PID:3732

C:\Windows\System\QTmeRQp.exe
C:\Windows\System\QTmeRQp.exe
2⤵
- Executes dropped EXE
PID:4496

C:\Windows\System\ZUNYAER.exe
C:\Windows\System\ZUNYAER.exe
2⤵
- Executes dropped EXE
PID:1288

C:\Windows\System\UGrtowg.exe
C:\Windows\System\UGrtowg.exe
2⤵
- Executes dropped EXE
PID:4532

C:\Windows\System\YFmEnnl.exe
C:\Windows\System\YFmEnnl.exe
2⤵
- Executes dropped EXE
PID:1400

C:\Windows\System\iqXRdeD.exe
C:\Windows\System\iqXRdeD.exe
2⤵
- Executes dropped EXE
PID:4928

C:\Windows\System\iKEKeOK.exe
C:\Windows\System\iKEKeOK.exe
2⤵
- Executes dropped EXE
PID:4492

C:\Windows\System\RrsuzrV.exe
C:\Windows\System\RrsuzrV.exe
2⤵
- Executes dropped EXE
PID:2160

C:\Windows\System\XKHZDBQ.exe
C:\Windows\System\XKHZDBQ.exe
2⤵
- Executes dropped EXE
PID:4436

C:\Windows\System\DNUHDrz.exe
C:\Windows\System\DNUHDrz.exe
2⤵
- Executes dropped EXE
PID:1568

C:\Windows\System\GFvLoNW.exe
C:\Windows\System\GFvLoNW.exe
2⤵
- Executes dropped EXE
PID:2024

C:\Windows\System\XFWfhMV.exe
C:\Windows\System\XFWfhMV.exe
2⤵
- Executes dropped EXE
PID:4468

C:\Windows\System\YqInCbi.exe
C:\Windows\System\YqInCbi.exe
2⤵
- Executes dropped EXE
PID:2056

C:\Windows\System\HTQhGtr.exe
C:\Windows\System\HTQhGtr.exe
2⤵
- Executes dropped EXE
PID:3492

C:\Windows\System\sQUYmXj.exe
C:\Windows\System\sQUYmXj.exe
2⤵
- Executes dropped EXE
PID:4136

C:\Windows\System\oUPHUym.exe
C:\Windows\System\oUPHUym.exe
2⤵
- Executes dropped EXE
PID:3504

C:\Windows\System\EXuGBCn.exe
C:\Windows\System\EXuGBCn.exe
2⤵
- Executes dropped EXE
PID:2116

C:\Windows\System\BuBFVYz.exe
C:\Windows\System\BuBFVYz.exe
2⤵
- Executes dropped EXE
PID:2844

C:\Windows\System\FFavaPq.exe
C:\Windows\System\FFavaPq.exe
2⤵
- Executes dropped EXE
PID:116

C:\Windows\System\xjXXFwj.exe
C:\Windows\System\xjXXFwj.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\hdIxcUp.exe
C:\Windows\System\hdIxcUp.exe
2⤵
- Executes dropped EXE
PID:1512

C:\Windows\System\vyKeRgt.exe
C:\Windows\System\vyKeRgt.exe
2⤵
- Executes dropped EXE
PID:3500

C:\Windows\System\eAUhENd.exe
C:\Windows\System\eAUhENd.exe
2⤵
- Executes dropped EXE
PID:4488

C:\Windows\System\gHVqzSy.exe
C:\Windows\System\gHVqzSy.exe
2⤵
- Executes dropped EXE
PID:724

C:\Windows\System\WZOOlXH.exe
C:\Windows\System\WZOOlXH.exe
2⤵
- Executes dropped EXE
PID:1432

C:\Windows\System\YJRzlMQ.exe
C:\Windows\System\YJRzlMQ.exe
2⤵
- Executes dropped EXE
PID:3816

C:\Windows\System\OPAEJMR.exe
C:\Windows\System\OPAEJMR.exe
2⤵
- Executes dropped EXE
PID:3412

C:\Windows\System\acWoFOo.exe
C:\Windows\System\acWoFOo.exe
2⤵
- Executes dropped EXE
PID:3436

C:\Windows\System\KQXnyjE.exe
C:\Windows\System\KQXnyjE.exe
2⤵
- Executes dropped EXE
PID:4924

C:\Windows\System\whktVVv.exe
C:\Windows\System\whktVVv.exe
2⤵
- Executes dropped EXE
PID:4408

C:\Windows\System\tLLpysR.exe
C:\Windows\System\tLLpysR.exe
2⤵
- Executes dropped EXE
PID:2184

C:\Windows\System\vvFugOr.exe
C:\Windows\System\vvFugOr.exe
2⤵
- Executes dropped EXE
PID:3324

C:\Windows\System\ETJVVhF.exe
C:\Windows\System\ETJVVhF.exe
2⤵
- Executes dropped EXE
PID:3748

C:\Windows\System\wxObgew.exe
C:\Windows\System\wxObgew.exe
2⤵
- Executes dropped EXE
PID:2120

C:\Windows\System\FVKFlpl.exe
C:\Windows\System\FVKFlpl.exe
2⤵
- Executes dropped EXE
PID:4128

C:\Windows\System\bTxSeyz.exe
C:\Windows\System\bTxSeyz.exe
2⤵
- Executes dropped EXE
PID:2308

C:\Windows\System\LzCnqvK.exe
C:\Windows\System\LzCnqvK.exe
2⤵
- Executes dropped EXE
PID:3320

C:\Windows\System\jnuFIkT.exe
C:\Windows\System\jnuFIkT.exe
2⤵
- Executes dropped EXE
PID:4576

C:\Windows\System\xgJfRoP.exe
C:\Windows\System\xgJfRoP.exe
2⤵
- Executes dropped EXE
PID:3992

C:\Windows\System\UoBNPjS.exe
C:\Windows\System\UoBNPjS.exe
2⤵
- Executes dropped EXE
PID:224

C:\Windows\System\OlsXUVS.exe
C:\Windows\System\OlsXUVS.exe
2⤵
- Executes dropped EXE
PID:524

C:\Windows\System\gKHKVAi.exe
C:\Windows\System\gKHKVAi.exe
2⤵
- Executes dropped EXE
PID:3584

C:\Windows\System\BuyuoRp.exe
C:\Windows\System\BuyuoRp.exe
2⤵
- Executes dropped EXE
PID:5144

C:\Windows\System\PoRxAQs.exe
C:\Windows\System\PoRxAQs.exe
2⤵
- Executes dropped EXE
PID:5172

C:\Windows\System\vWzjtHI.exe
C:\Windows\System\vWzjtHI.exe
2⤵
- Executes dropped EXE
PID:5216

C:\Windows\System\FaxXDtP.exe
C:\Windows\System\FaxXDtP.exe
2⤵
- Executes dropped EXE
PID:5244

C:\Windows\System\qUQVCHW.exe
C:\Windows\System\qUQVCHW.exe
2⤵
- Executes dropped EXE
PID:5272

C:\Windows\System\zNrnczb.exe
C:\Windows\System\zNrnczb.exe
2⤵
PID:5300

C:\Windows\System\kPchBLF.exe
C:\Windows\System\kPchBLF.exe
2⤵
PID:5316

C:\Windows\System\wlLXsXg.exe
C:\Windows\System\wlLXsXg.exe
2⤵
PID:5344

C:\Windows\System\ayXSFZQ.exe
C:\Windows\System\ayXSFZQ.exe
2⤵
PID:5380

C:\Windows\System\rfwzrNp.exe
C:\Windows\System\rfwzrNp.exe
2⤵
PID:5436

C:\Windows\System\XUgCnit.exe
C:\Windows\System\XUgCnit.exe
2⤵
PID:5484

C:\Windows\System\UIIyawM.exe
C:\Windows\System\UIIyawM.exe
2⤵
PID:5544

C:\Windows\System\jGvumzn.exe
C:\Windows\System\jGvumzn.exe
2⤵
PID:5572

C:\Windows\System\fetZogC.exe
C:\Windows\System\fetZogC.exe
2⤵
PID:5596

C:\Windows\System\sNKeYla.exe
C:\Windows\System\sNKeYla.exe
2⤵
PID:5644

C:\Windows\System\pSBGcBl.exe
C:\Windows\System\pSBGcBl.exe
2⤵
PID:5676

C:\Windows\System\YMsYGtA.exe
C:\Windows\System\YMsYGtA.exe
2⤵
PID:5696

C:\Windows\System\SxEvhon.exe
C:\Windows\System\SxEvhon.exe
2⤵
PID:5732

C:\Windows\System\IjfkRnO.exe
C:\Windows\System\IjfkRnO.exe
2⤵
PID:5760

C:\Windows\System\OyTPXVE.exe
C:\Windows\System\OyTPXVE.exe
2⤵
PID:5788

C:\Windows\System\hQkghpB.exe
C:\Windows\System\hQkghpB.exe
2⤵
PID:5808

C:\Windows\System\hNmWtiR.exe
C:\Windows\System\hNmWtiR.exe
2⤵
PID:5832

C:\Windows\System\ZSXCyJf.exe
C:\Windows\System\ZSXCyJf.exe
2⤵
PID:5860

C:\Windows\System\YzKEVdX.exe
C:\Windows\System\YzKEVdX.exe
2⤵
PID:5888

C:\Windows\System\NhFYpWd.exe
C:\Windows\System\NhFYpWd.exe
2⤵
PID:5916

C:\Windows\System\VbuSSXw.exe
C:\Windows\System\VbuSSXw.exe
2⤵
PID:5968

C:\Windows\System\NcsUlPq.exe
C:\Windows\System\NcsUlPq.exe
2⤵
PID:5984

C:\Windows\System\wuePipQ.exe
C:\Windows\System\wuePipQ.exe
2⤵
PID:6008

C:\Windows\System\mohFAJV.exe
C:\Windows\System\mohFAJV.exe
2⤵
PID:6052

C:\Windows\System\NGtJnrR.exe
C:\Windows\System\NGtJnrR.exe
2⤵
PID:6084

C:\Windows\System\HZbmAWw.exe
C:\Windows\System\HZbmAWw.exe
2⤵
PID:6100

C:\Windows\System\LiiEdpu.exe
C:\Windows\System\LiiEdpu.exe
2⤵
PID:6120

C:\Windows\System\piCHsEz.exe
C:\Windows\System\piCHsEz.exe
2⤵
PID:3108

C:\Windows\System\UTATGUT.exe
C:\Windows\System\UTATGUT.exe
2⤵
PID:4668

C:\Windows\System\piqDFYn.exe
C:\Windows\System\piqDFYn.exe
2⤵
PID:5132

C:\Windows\System\aBUQioI.exe
C:\Windows\System\aBUQioI.exe
2⤵
PID:4332

C:\Windows\System\KppTHNV.exe
C:\Windows\System\KppTHNV.exe
2⤵
PID:4600

C:\Windows\System\NSWxvxX.exe
C:\Windows\System\NSWxvxX.exe
2⤵
PID:5280

C:\Windows\System\ypzgNXD.exe
C:\Windows\System\ypzgNXD.exe
2⤵
PID:3616

C:\Windows\System\FFkKPtb.exe
C:\Windows\System\FFkKPtb.exe
2⤵
PID:5360

C:\Windows\System\aUYoWoN.exe
C:\Windows\System\aUYoWoN.exe
2⤵
PID:2000

C:\Windows\System\uXubeUC.exe
C:\Windows\System\uXubeUC.exe
2⤵
PID:4940

C:\Windows\System\YcABbtk.exe
C:\Windows\System\YcABbtk.exe
2⤵
PID:4528

C:\Windows\System\IYdxlZg.exe
C:\Windows\System\IYdxlZg.exe
2⤵
PID:3596

C:\Windows\System\rbqdCZT.exe
C:\Windows\System\rbqdCZT.exe
2⤵
PID:4604

C:\Windows\System\PjKCgQl.exe
C:\Windows\System\PjKCgQl.exe
2⤵
PID:5564

C:\Windows\System\sRgoWCA.exe
C:\Windows\System\sRgoWCA.exe
2⤵
PID:5592

C:\Windows\System\HoxxTkf.exe
C:\Windows\System\HoxxTkf.exe
2⤵
PID:5624

C:\Windows\System\oGzgIyt.exe
C:\Windows\System\oGzgIyt.exe
2⤵
PID:5744

C:\Windows\System\EnFMZZC.exe
C:\Windows\System\EnFMZZC.exe
2⤵
PID:2680

C:\Windows\System\KVdAvST.exe
C:\Windows\System\KVdAvST.exe
2⤵
PID:5768

C:\Windows\System\xvTjVSe.exe
C:\Windows\System\xvTjVSe.exe
2⤵
PID:5848

C:\Windows\System\PUYAeuy.exe
C:\Windows\System\PUYAeuy.exe
2⤵
PID:5904

C:\Windows\System\RvxhqVj.exe
C:\Windows\System\RvxhqVj.exe
2⤵
PID:5948

C:\Windows\System\NMheuuH.exe
C:\Windows\System\NMheuuH.exe
2⤵
PID:5632

C:\Windows\System\xpWMtMg.exe
C:\Windows\System\xpWMtMg.exe
2⤵
PID:5996

C:\Windows\System\YsexOwF.exe
C:\Windows\System\YsexOwF.exe
2⤵
PID:5140

C:\Windows\System\JlfPQEG.exe
C:\Windows\System\JlfPQEG.exe
2⤵
PID:5536

C:\Windows\System\fZslwYw.exe
C:\Windows\System\fZslwYw.exe
2⤵
PID:5188

C:\Windows\System\WICLbYT.exe
C:\Windows\System\WICLbYT.exe
2⤵
PID:5284

C:\Windows\System\oeLAYEf.exe
C:\Windows\System\oeLAYEf.exe
2⤵
PID:5328

C:\Windows\System\VzwoIJt.exe
C:\Windows\System\VzwoIJt.exe
2⤵
PID:5516

C:\Windows\System\khnZrgG.exe
C:\Windows\System\khnZrgG.exe
2⤵
PID:4304

C:\Windows\System\GZkUuZw.exe
C:\Windows\System\GZkUuZw.exe
2⤵
PID:3652

C:\Windows\System\hdHZjqB.exe
C:\Windows\System\hdHZjqB.exe
2⤵
PID:5752

C:\Windows\System\BGTLiWM.exe
C:\Windows\System\BGTLiWM.exe
2⤵
PID:5472

C:\Windows\System\haPPiZL.exe
C:\Windows\System\haPPiZL.exe
2⤵
PID:5804

C:\Windows\System\zWUrjlB.exe
C:\Windows\System\zWUrjlB.exe
2⤵
PID:4424

C:\Windows\System\CPfhnAc.exe
C:\Windows\System\CPfhnAc.exe
2⤵
PID:4060

C:\Windows\System\TdRjLSR.exe
C:\Windows\System\TdRjLSR.exe
2⤵
PID:5264

C:\Windows\System\vtJleVj.exe
C:\Windows\System\vtJleVj.exe
2⤵
PID:2012

C:\Windows\System\wQPujIm.exe
C:\Windows\System\wQPujIm.exe
2⤵
PID:5480

C:\Windows\System\eogEFms.exe
C:\Windows\System\eogEFms.exe
2⤵
PID:5376

C:\Windows\System\OZmvLIL.exe
C:\Windows\System\OZmvLIL.exe
2⤵
PID:5820

C:\Windows\System\FeYkxXd.exe
C:\Windows\System\FeYkxXd.exe
2⤵
PID:6108

C:\Windows\System\TfwogqC.exe
C:\Windows\System\TfwogqC.exe
2⤵
PID:5324

C:\Windows\System\bgRXdsH.exe
C:\Windows\System\bgRXdsH.exe
2⤵
PID:6148

C:\Windows\System\oasUzQL.exe
C:\Windows\System\oasUzQL.exe
2⤵
PID:6176

C:\Windows\System\Ysytgrz.exe
C:\Windows\System\Ysytgrz.exe
2⤵
PID:6196

C:\Windows\System\eDTZtQZ.exe
C:\Windows\System\eDTZtQZ.exe
2⤵
PID:6228

C:\Windows\System\vMZUjHn.exe
C:\Windows\System\vMZUjHn.exe
2⤵
PID:6252

C:\Windows\System\FXsWKTW.exe
C:\Windows\System\FXsWKTW.exe
2⤵
PID:6268

C:\Windows\System\JBPRcDo.exe
C:\Windows\System\JBPRcDo.exe
2⤵
PID:6312

C:\Windows\System\OPRTgyX.exe
C:\Windows\System\OPRTgyX.exe
2⤵
PID:6328

C:\Windows\System\cbEPICp.exe
C:\Windows\System\cbEPICp.exe
2⤵
PID:6356

C:\Windows\System\KklLust.exe
C:\Windows\System\KklLust.exe
2⤵
PID:6372

C:\Windows\System\OHotpGH.exe
C:\Windows\System\OHotpGH.exe
2⤵
PID:6400

C:\Windows\System\VvrkszQ.exe
C:\Windows\System\VvrkszQ.exe
2⤵
PID:6448

C:\Windows\System\EHlyitu.exe
C:\Windows\System\EHlyitu.exe
2⤵
PID:6472

C:\Windows\System\dPDTTAC.exe
C:\Windows\System\dPDTTAC.exe
2⤵
PID:6492

C:\Windows\System\TRZUXst.exe
C:\Windows\System\TRZUXst.exe
2⤵
PID:6512

C:\Windows\System\EAcIUfW.exe
C:\Windows\System\EAcIUfW.exe
2⤵
PID:6556

C:\Windows\System\VCPJlZL.exe
C:\Windows\System\VCPJlZL.exe
2⤵
PID:6572

C:\Windows\System\EWKOuXC.exe
C:\Windows\System\EWKOuXC.exe
2⤵
PID:6596

C:\Windows\System\HXYAqQE.exe
C:\Windows\System\HXYAqQE.exe
2⤵
PID:6628

C:\Windows\System\cbZeEcU.exe
C:\Windows\System\cbZeEcU.exe
2⤵
PID:6644

C:\Windows\System\SBkdNvm.exe
C:\Windows\System\SBkdNvm.exe
2⤵
PID:6672

C:\Windows\System\WlXnxXX.exe
C:\Windows\System\WlXnxXX.exe
2⤵
PID:6692

C:\Windows\System\oGTSkkV.exe
C:\Windows\System\oGTSkkV.exe
2⤵
PID:6716

C:\Windows\System\rMrairr.exe
C:\Windows\System\rMrairr.exe
2⤵
PID:6740

C:\Windows\System\PBrbmIi.exe
C:\Windows\System\PBrbmIi.exe
2⤵
PID:6760

C:\Windows\System\xmAFxVh.exe
C:\Windows\System\xmAFxVh.exe
2⤵
PID:6780

C:\Windows\System\lzOsoFv.exe
C:\Windows\System\lzOsoFv.exe
2⤵
PID:6856

C:\Windows\System\FgVXLfV.exe
C:\Windows\System\FgVXLfV.exe
2⤵
PID:6892

C:\Windows\System\plIUSVB.exe
C:\Windows\System\plIUSVB.exe
2⤵
PID:6912

C:\Windows\System\vnLTZdL.exe
C:\Windows\System\vnLTZdL.exe
2⤵
PID:6932

C:\Windows\System\ByUkWzM.exe
C:\Windows\System\ByUkWzM.exe
2⤵
PID:6948

C:\Windows\System\YzuTctF.exe
C:\Windows\System\YzuTctF.exe
2⤵
PID:6996

C:\Windows\System\MKlVqLR.exe
C:\Windows\System\MKlVqLR.exe
2⤵
PID:7044

C:\Windows\System\JsaMWOM.exe
C:\Windows\System\JsaMWOM.exe
2⤵
PID:7080

C:\Windows\System\KdAnMrs.exe
C:\Windows\System\KdAnMrs.exe
2⤵
PID:7104

C:\Windows\System\hLXQvqO.exe
C:\Windows\System\hLXQvqO.exe
2⤵
PID:7136

C:\Windows\System\YqVrnCu.exe
C:\Windows\System\YqVrnCu.exe
2⤵
PID:7156

C:\Windows\System\PqepEJr.exe
C:\Windows\System\PqepEJr.exe
2⤵
PID:5532

C:\Windows\System\krlHIsQ.exe
C:\Windows\System\krlHIsQ.exe
2⤵
PID:6172

C:\Windows\System\BGBhqmF.exe
C:\Windows\System\BGBhqmF.exe
2⤵
PID:6212

C:\Windows\System\tpGzXeG.exe
C:\Windows\System\tpGzXeG.exe
2⤵
PID:6224

C:\Windows\System\JJzozrs.exe
C:\Windows\System\JJzozrs.exe
2⤵
PID:6352

C:\Windows\System\rNXLegB.exe
C:\Windows\System\rNXLegB.exe
2⤵
PID:6416

C:\Windows\System\SJAedHe.exe
C:\Windows\System\SJAedHe.exe
2⤵
PID:6524

C:\Windows\System\JKOprOX.exe
C:\Windows\System\JKOprOX.exe
2⤵
PID:6568

C:\Windows\System\oLeZYnU.exe
C:\Windows\System\oLeZYnU.exe
2⤵
PID:6636

C:\Windows\System\BZwxyYP.exe
C:\Windows\System\BZwxyYP.exe
2⤵
PID:6688

C:\Windows\System\TfGTzEU.exe
C:\Windows\System\TfGTzEU.exe
2⤵
PID:6728

C:\Windows\System\IkxqyJL.exe
C:\Windows\System\IkxqyJL.exe
2⤵
PID:6768

C:\Windows\System\kYiJKup.exe
C:\Windows\System\kYiJKup.exe
2⤵
PID:6772

C:\Windows\System\mtvTcqR.exe
C:\Windows\System\mtvTcqR.exe
2⤵
PID:6924

C:\Windows\System\FjZeMXC.exe
C:\Windows\System\FjZeMXC.exe
2⤵
PID:7120

C:\Windows\System\rELHCnH.exe
C:\Windows\System\rELHCnH.exe
2⤵
PID:7132

C:\Windows\System\vLzaOpi.exe
C:\Windows\System\vLzaOpi.exe
2⤵
PID:6184

C:\Windows\System\JTthfkn.exe
C:\Windows\System\JTthfkn.exe
2⤵
PID:6484

C:\Windows\System\fIearII.exe
C:\Windows\System\fIearII.exe
2⤵
PID:6616

C:\Windows\System\edwOpeI.exe
C:\Windows\System\edwOpeI.exe
2⤵
PID:6904

C:\Windows\System\mEDlxJM.exe
C:\Windows\System\mEDlxJM.exe
2⤵
PID:7056

C:\Windows\System\hDQrmYI.exe
C:\Windows\System\hDQrmYI.exe
2⤵
PID:6156

C:\Windows\System\sqgusPG.exe
C:\Windows\System\sqgusPG.exe
2⤵
PID:6540

C:\Windows\System\soAFFbF.exe
C:\Windows\System\soAFFbF.exe
2⤵
PID:6864

C:\Windows\System\lbZoizk.exe
C:\Windows\System\lbZoizk.exe
2⤵
PID:5252

C:\Windows\System\pbfAswN.exe
C:\Windows\System\pbfAswN.exe
2⤵
PID:7148

C:\Windows\System\XYvtdQd.exe
C:\Windows\System\XYvtdQd.exe
2⤵
PID:7180

C:\Windows\System\IbFVJfS.exe
C:\Windows\System\IbFVJfS.exe
2⤵
PID:7232

C:\Windows\System\rdhiTLp.exe
C:\Windows\System\rdhiTLp.exe
2⤵
PID:7260

C:\Windows\System\jNBsajn.exe
C:\Windows\System\jNBsajn.exe
2⤵
PID:7276

C:\Windows\System\aHnsgxP.exe
C:\Windows\System\aHnsgxP.exe
2⤵
PID:7300

C:\Windows\System\gZFuIGn.exe
C:\Windows\System\gZFuIGn.exe
2⤵
PID:7332

C:\Windows\System\XautqUY.exe
C:\Windows\System\XautqUY.exe
2⤵
PID:7360

C:\Windows\System\sQhfLcL.exe
C:\Windows\System\sQhfLcL.exe
2⤵
PID:7396

C:\Windows\System\pdmFRGA.exe
C:\Windows\System\pdmFRGA.exe
2⤵
PID:7424

C:\Windows\System\EhQepJY.exe
C:\Windows\System\EhQepJY.exe
2⤵
PID:7444

C:\Windows\System\BpTjYiz.exe
C:\Windows\System\BpTjYiz.exe
2⤵
PID:7464

C:\Windows\System\wXqtWFS.exe
C:\Windows\System\wXqtWFS.exe
2⤵
PID:7504

C:\Windows\System\qmpAVoQ.exe
C:\Windows\System\qmpAVoQ.exe
2⤵
PID:7528

C:\Windows\System\Akoromc.exe
C:\Windows\System\Akoromc.exe
2⤵
PID:7580

C:\Windows\System\qCAhWec.exe
C:\Windows\System\qCAhWec.exe
2⤵
PID:7596

C:\Windows\System\wMZBpQF.exe
C:\Windows\System\wMZBpQF.exe
2⤵
PID:7652

C:\Windows\System\OIZgtkF.exe
C:\Windows\System\OIZgtkF.exe
2⤵
PID:7676

C:\Windows\System\lfyhbLn.exe
C:\Windows\System\lfyhbLn.exe
2⤵
PID:7736

C:\Windows\System\sPlvqPZ.exe
C:\Windows\System\sPlvqPZ.exe
2⤵
PID:7756

C:\Windows\System\PgSWuVH.exe
C:\Windows\System\PgSWuVH.exe
2⤵
PID:7792

C:\Windows\System\RHlwuBN.exe
C:\Windows\System\RHlwuBN.exe
2⤵
PID:7828

C:\Windows\System\VGGymaa.exe
C:\Windows\System\VGGymaa.exe
2⤵
PID:7844

C:\Windows\System\oeDUpXU.exe
C:\Windows\System\oeDUpXU.exe
2⤵
PID:7896

C:\Windows\System\BxzvvYU.exe
C:\Windows\System\BxzvvYU.exe
2⤵
PID:7948

C:\Windows\System\XBxiOuT.exe
C:\Windows\System\XBxiOuT.exe
2⤵
PID:7968

C:\Windows\System\ldegIFy.exe
C:\Windows\System\ldegIFy.exe
2⤵
PID:7992

C:\Windows\System\vHFVzgY.exe
C:\Windows\System\vHFVzgY.exe
2⤵
PID:8032

C:\Windows\System\kwpPMJe.exe
C:\Windows\System\kwpPMJe.exe
2⤵
PID:8048

C:\Windows\System\dCuBCuD.exe
C:\Windows\System\dCuBCuD.exe
2⤵
PID:8096

C:\Windows\System\OYojaWj.exe
C:\Windows\System\OYojaWj.exe
2⤵
PID:8120

C:\Windows\System\QntcuDc.exe
C:\Windows\System\QntcuDc.exe
2⤵
PID:8136

C:\Windows\System\BZjBFDN.exe
C:\Windows\System\BZjBFDN.exe
2⤵
PID:7220

C:\Windows\System\dFnvYcn.exe
C:\Windows\System\dFnvYcn.exe
2⤵
PID:7312

C:\Windows\System\xEBxkPN.exe
C:\Windows\System\xEBxkPN.exe
2⤵
PID:7416

C:\Windows\System\tfRxzjd.exe
C:\Windows\System\tfRxzjd.exe
2⤵
PID:7516

C:\Windows\System\kNpnhGo.exe
C:\Windows\System\kNpnhGo.exe
2⤵
PID:7560

C:\Windows\System\ABxPJVg.exe
C:\Windows\System\ABxPJVg.exe
2⤵
PID:7484

C:\Windows\System\rUvUGnJ.exe
C:\Windows\System\rUvUGnJ.exe
2⤵
PID:7604

C:\Windows\System\qoYmMCT.exe
C:\Windows\System\qoYmMCT.exe
2⤵
PID:7696

C:\Windows\System\NHhlqSl.exe
C:\Windows\System\NHhlqSl.exe
2⤵
PID:6976

C:\Windows\System\mvKwPKj.exe
C:\Windows\System\mvKwPKj.exe
2⤵
PID:7836

C:\Windows\System\uJSnTPY.exe
C:\Windows\System\uJSnTPY.exe
2⤵
PID:8116

C:\Windows\System\vQFZdtz.exe
C:\Windows\System\vQFZdtz.exe
2⤵
PID:7432

C:\Windows\System\ZRVVcva.exe
C:\Windows\System\ZRVVcva.exe
2⤵
PID:7904

C:\Windows\System\vIfknQY.exe
C:\Windows\System\vIfknQY.exe
2⤵
PID:8156

C:\Windows\System\dtczITZ.exe
C:\Windows\System\dtczITZ.exe
2⤵
PID:8176

C:\Windows\System\HdmbZIC.exe
C:\Windows\System\HdmbZIC.exe
2⤵
PID:8188

C:\Windows\System\NaTUTsb.exe
C:\Windows\System\NaTUTsb.exe
2⤵
PID:8000

C:\Windows\System\GEEijsu.exe
C:\Windows\System\GEEijsu.exe
2⤵
PID:7940

C:\Windows\System\xFlplsV.exe
C:\Windows\System\xFlplsV.exe
2⤵
PID:7980

C:\Windows\System\ibrsIIG.exe
C:\Windows\System\ibrsIIG.exe
2⤵
PID:7212

C:\Windows\System\EBUJIdA.exe
C:\Windows\System\EBUJIdA.exe
2⤵
PID:7328

C:\Windows\System\shoIhnT.exe
C:\Windows\System\shoIhnT.exe
2⤵
PID:7500

C:\Windows\System\HSOfBnV.exe
C:\Windows\System\HSOfBnV.exe
2⤵
PID:7216

C:\Windows\System\ItQOYuA.exe
C:\Windows\System\ItQOYuA.exe
2⤵
PID:7816

C:\Windows\System\nTDWRWF.exe
C:\Windows\System\nTDWRWF.exe
2⤵
PID:8040

C:\Windows\System\qXMbzLk.exe
C:\Windows\System\qXMbzLk.exe
2⤵
PID:7496

C:\Windows\System\tjFviaE.exe
C:\Windows\System\tjFviaE.exe
2⤵
PID:7628

C:\Windows\System\jwHNskT.exe
C:\Windows\System\jwHNskT.exe
2⤵
PID:1996

C:\Windows\System\AcYJzxV.exe
C:\Windows\System\AcYJzxV.exe
2⤵
PID:7888

C:\Windows\System\oQeesEd.exe
C:\Windows\System\oQeesEd.exe
2⤵
PID:7172

C:\Windows\System\IJkdhTP.exe
C:\Windows\System\IJkdhTP.exe
2⤵
PID:8256

C:\Windows\System\EEqlClg.exe
C:\Windows\System\EEqlClg.exe
2⤵
PID:8276

C:\Windows\System\oQavnhy.exe
C:\Windows\System\oQavnhy.exe
2⤵
PID:8300

C:\Windows\System\aGylbyR.exe
C:\Windows\System\aGylbyR.exe
2⤵
PID:8316

C:\Windows\System\udGMVvA.exe
C:\Windows\System\udGMVvA.exe
2⤵
PID:8344

C:\Windows\System\jguanqs.exe
C:\Windows\System\jguanqs.exe
2⤵
PID:8364

C:\Windows\System\nHkMaAa.exe
C:\Windows\System\nHkMaAa.exe
2⤵
PID:8392

C:\Windows\System\DrIvSTF.exe
C:\Windows\System\DrIvSTF.exe
2⤵
PID:8408

C:\Windows\System\sQzzFUE.exe
C:\Windows\System\sQzzFUE.exe
2⤵
PID:8448

C:\Windows\System\iQQwDfe.exe
C:\Windows\System\iQQwDfe.exe
2⤵
PID:8512

C:\Windows\System\KxihXLj.exe
C:\Windows\System\KxihXLj.exe
2⤵
PID:8532

C:\Windows\System\ypTaCZe.exe
C:\Windows\System\ypTaCZe.exe
2⤵
PID:8548

C:\Windows\System\gLuqYtO.exe
C:\Windows\System\gLuqYtO.exe
2⤵
PID:8568

C:\Windows\System\HjFdFgX.exe
C:\Windows\System\HjFdFgX.exe
2⤵
PID:8656

C:\Windows\System\SLtppuk.exe
C:\Windows\System\SLtppuk.exe
2⤵
PID:8712

C:\Windows\System\jJsIkFn.exe
C:\Windows\System\jJsIkFn.exe
2⤵
PID:8736

C:\Windows\System\DdKShEP.exe
C:\Windows\System\DdKShEP.exe
2⤵
PID:8760

C:\Windows\System\LavbPiJ.exe
C:\Windows\System\LavbPiJ.exe
2⤵
PID:8788

C:\Windows\System\ccYWaXK.exe
C:\Windows\System\ccYWaXK.exe
2⤵
PID:8812

C:\Windows\System\fClejiu.exe
C:\Windows\System\fClejiu.exe
2⤵
PID:8840

C:\Windows\System\KESGQbX.exe
C:\Windows\System\KESGQbX.exe
2⤵
PID:8860

C:\Windows\System\GHwCadc.exe
C:\Windows\System\GHwCadc.exe
2⤵
PID:8876

C:\Windows\System\HiiBxzN.exe
C:\Windows\System\HiiBxzN.exe
2⤵
PID:8892

C:\Windows\System\aTenSUS.exe
C:\Windows\System\aTenSUS.exe
2⤵
PID:8908

C:\Windows\System\GEjpfAU.exe
C:\Windows\System\GEjpfAU.exe
2⤵
PID:8928

C:\Windows\System\RvNWwlX.exe
C:\Windows\System\RvNWwlX.exe
2⤵
PID:8944

C:\Windows\System\UNazDcE.exe
C:\Windows\System\UNazDcE.exe
2⤵
PID:8964

C:\Windows\System\knrpmNo.exe
C:\Windows\System\knrpmNo.exe
2⤵
PID:8980

C:\Windows\System\jNitLQp.exe
C:\Windows\System\jNitLQp.exe
2⤵
PID:9008

C:\Windows\System\PGpfOnF.exe
C:\Windows\System\PGpfOnF.exe
2⤵
PID:9036

C:\Windows\System\ChdUDPw.exe
C:\Windows\System\ChdUDPw.exe
2⤵
PID:9124

C:\Windows\System\xoRYaTM.exe
C:\Windows\System\xoRYaTM.exe
2⤵
PID:8232

C:\Windows\System\JEfsvyV.exe
C:\Windows\System\JEfsvyV.exe
2⤵
PID:7620

C:\Windows\System\heYymAg.exe
C:\Windows\System\heYymAg.exe
2⤵
PID:6848

C:\Windows\System\vhwVIUD.exe
C:\Windows\System\vhwVIUD.exe
2⤵
PID:8444

C:\Windows\System\xPPeAsR.exe
C:\Windows\System\xPPeAsR.exe
2⤵
PID:8480

C:\Windows\System\WWnCMQF.exe
C:\Windows\System\WWnCMQF.exe
2⤵
PID:8476

C:\Windows\System\fgIddcT.exe
C:\Windows\System\fgIddcT.exe
2⤵
PID:8608

C:\Windows\System\ugCbkOn.exe
C:\Windows\System\ugCbkOn.exe
2⤵
PID:8692

C:\Windows\System\bOJzqHp.exe
C:\Windows\System\bOJzqHp.exe
2⤵
PID:8728

C:\Windows\System\koLohbA.exe
C:\Windows\System\koLohbA.exe
2⤵
PID:8756

C:\Windows\System\JaOYKpa.exe
C:\Windows\System\JaOYKpa.exe
2⤵
PID:8648

C:\Windows\System\gVACvcT.exe
C:\Windows\System\gVACvcT.exe
2⤵
PID:8684

C:\Windows\System\qCmDEBB.exe
C:\Windows\System\qCmDEBB.exe
2⤵
PID:9004

C:\Windows\System\ARKUGLS.exe
C:\Windows\System\ARKUGLS.exe
2⤵
PID:8996

C:\Windows\System\oSOEKbb.exe
C:\Windows\System\oSOEKbb.exe
2⤵
PID:9076

C:\Windows\System\bthMAoV.exe
C:\Windows\System\bthMAoV.exe
2⤵
PID:9000

C:\Windows\System\AvKvLLE.exe
C:\Windows\System\AvKvLLE.exe
2⤵
PID:9100

C:\Windows\System\GleoGQt.exe
C:\Windows\System\GleoGQt.exe
2⤵
PID:8240

C:\Windows\System\WarGtvL.exe
C:\Windows\System\WarGtvL.exe
2⤵
PID:8620

C:\Windows\System\XNeOuLo.exe
C:\Windows\System\XNeOuLo.exe
2⤵
PID:8680

C:\Windows\System\AOucaLp.exe
C:\Windows\System\AOucaLp.exe
2⤵
PID:9024

C:\Windows\System\xCmkjpD.exe
C:\Windows\System\xCmkjpD.exe
2⤵
PID:9160

C:\Windows\System\FzDOdQk.exe
C:\Windows\System\FzDOdQk.exe
2⤵
PID:9208

C:\Windows\System\mUStlSt.exe
C:\Windows\System\mUStlSt.exe
2⤵
PID:9096

C:\Windows\System\XXfLkca.exe
C:\Windows\System\XXfLkca.exe
2⤵
PID:8336

C:\Windows\System\lNMaYjZ.exe
C:\Windows\System\lNMaYjZ.exe
2⤵
PID:2500

C:\Windows\System\eFiSMws.exe
C:\Windows\System\eFiSMws.exe
2⤵
PID:8804

C:\Windows\System\HIHVyjs.exe
C:\Windows\System\HIHVyjs.exe
2⤵
PID:8972

C:\Windows\System\aFRvPJi.exe
C:\Windows\System\aFRvPJi.exe
2⤵
PID:9068

C:\Windows\System\FtwUYYP.exe
C:\Windows\System\FtwUYYP.exe
2⤵
PID:8596

C:\Windows\System\mRXhWjg.exe
C:\Windows\System\mRXhWjg.exe
2⤵
PID:2456

C:\Windows\System\LZdXTAo.exe
C:\Windows\System\LZdXTAo.exe
2⤵
PID:7964

C:\Windows\System\EaxbFSc.exe
C:\Windows\System\EaxbFSc.exe
2⤵
PID:9088

C:\Windows\System\qACDKbi.exe
C:\Windows\System\qACDKbi.exe
2⤵
PID:9220

C:\Windows\System\HdDnZcY.exe
C:\Windows\System\HdDnZcY.exe
2⤵
PID:9264

C:\Windows\System\ZwfdChJ.exe
C:\Windows\System\ZwfdChJ.exe
2⤵
PID:9292

C:\Windows\System\HpLjtHT.exe
C:\Windows\System\HpLjtHT.exe
2⤵
PID:9316

C:\Windows\System\jXgYGBJ.exe
C:\Windows\System\jXgYGBJ.exe
2⤵
PID:9360

C:\Windows\System\KiWhnhR.exe
C:\Windows\System\KiWhnhR.exe
2⤵
PID:9380

C:\Windows\System\EMYQwjt.exe
C:\Windows\System\EMYQwjt.exe
2⤵
PID:9400

C:\Windows\System\kOiQNbZ.exe
C:\Windows\System\kOiQNbZ.exe
2⤵
PID:9420

C:\Windows\System\mkxGOWW.exe
C:\Windows\System\mkxGOWW.exe
2⤵
PID:9444

C:\Windows\System\dWvtyTS.exe
C:\Windows\System\dWvtyTS.exe
2⤵
PID:9476

C:\Windows\System\uXTVifs.exe
C:\Windows\System\uXTVifs.exe
2⤵
PID:9504

C:\Windows\System\BTOundU.exe
C:\Windows\System\BTOundU.exe
2⤵
PID:9576

C:\Windows\System\UlZzhHE.exe
C:\Windows\System\UlZzhHE.exe
2⤵
PID:9616

C:\Windows\System\OTZGXtb.exe
C:\Windows\System\OTZGXtb.exe
2⤵
PID:9636

C:\Windows\System\EvZmWst.exe
C:\Windows\System\EvZmWst.exe
2⤵
PID:9656

C:\Windows\System\hkFpFRB.exe
C:\Windows\System\hkFpFRB.exe
2⤵
PID:9700

C:\Windows\System\rZLIzBg.exe
C:\Windows\System\rZLIzBg.exe
2⤵
PID:9720

C:\Windows\System\VtjayHR.exe
C:\Windows\System\VtjayHR.exe
2⤵
PID:9744

C:\Windows\System\BCuNNuP.exe
C:\Windows\System\BCuNNuP.exe
2⤵
PID:9764

C:\Windows\System\FhsnlTE.exe
C:\Windows\System\FhsnlTE.exe
2⤵
PID:9780

C:\Windows\System\qdLwuJz.exe
C:\Windows\System\qdLwuJz.exe
2⤵
PID:9808

C:\Windows\System\LUdHust.exe
C:\Windows\System\LUdHust.exe
2⤵
PID:9840

C:\Windows\System\znjoWuO.exe
C:\Windows\System\znjoWuO.exe
2⤵
PID:9860

C:\Windows\System\PaseAMR.exe
C:\Windows\System\PaseAMR.exe
2⤵
PID:9880

C:\Windows\System\FoyPRNm.exe
C:\Windows\System\FoyPRNm.exe
2⤵
PID:9936

C:\Windows\System\DMIllMt.exe
C:\Windows\System\DMIllMt.exe
2⤵
PID:9988

C:\Windows\System\dnAWqjR.exe
C:\Windows\System\dnAWqjR.exe
2⤵
PID:10008

C:\Windows\System\MXbuqnK.exe
C:\Windows\System\MXbuqnK.exe
2⤵
PID:10032

C:\Windows\System\VdzDdRU.exe
C:\Windows\System\VdzDdRU.exe
2⤵
PID:10056

C:\Windows\System\RWBDFRS.exe
C:\Windows\System\RWBDFRS.exe
2⤵
PID:10080

C:\Windows\System\FuPQjPt.exe
C:\Windows\System\FuPQjPt.exe
2⤵
PID:10112

C:\Windows\System\lqEfNWY.exe
C:\Windows\System\lqEfNWY.exe
2⤵
PID:10136

C:\Windows\System\SmpfHWR.exe
C:\Windows\System\SmpfHWR.exe
2⤵
PID:10156

C:\Windows\System\mtIUDtH.exe
C:\Windows\System\mtIUDtH.exe
2⤵
PID:10176

C:\Windows\System\OsRYLIO.exe
C:\Windows\System\OsRYLIO.exe
2⤵
PID:10204

C:\Windows\System\rciYruV.exe
C:\Windows\System\rciYruV.exe
2⤵
PID:10220

C:\Windows\System\TEpUWnc.exe
C:\Windows\System\TEpUWnc.exe
2⤵
PID:1800

C:\Windows\System\rOhDXVi.exe
C:\Windows\System\rOhDXVi.exe
2⤵
PID:9236

C:\Windows\System\QfNIaQZ.exe
C:\Windows\System\QfNIaQZ.exe
2⤵
PID:9308

C:\Windows\System\GcBgUZt.exe
C:\Windows\System\GcBgUZt.exe
2⤵
PID:9372

C:\Windows\System\adbfASV.exe
C:\Windows\System\adbfASV.exe
2⤵
PID:9608

C:\Windows\System\YbSDTCY.exe
C:\Windows\System\YbSDTCY.exe
2⤵
PID:9696

C:\Windows\System\EAGZQFv.exe
C:\Windows\System\EAGZQFv.exe
2⤵
PID:9736

C:\Windows\System\YHFEhco.exe
C:\Windows\System\YHFEhco.exe
2⤵
PID:9772

C:\Windows\System\CwLJWzn.exe
C:\Windows\System\CwLJWzn.exe
2⤵
PID:9832

C:\Windows\System\KYanIsv.exe
C:\Windows\System\KYanIsv.exe
2⤵
PID:9972

C:\Windows\System\FZOHjHQ.exe
C:\Windows\System\FZOHjHQ.exe
2⤵
PID:10044

C:\Windows\System\ZJDbpjk.exe
C:\Windows\System\ZJDbpjk.exe
2⤵
PID:10168

C:\Windows\System\uIjHzlC.exe
C:\Windows\System\uIjHzlC.exe
2⤵
PID:10104

C:\Windows\System\CiNhvDq.exe
C:\Windows\System\CiNhvDq.exe
2⤵
PID:8172

C:\Windows\System\IqkDcKD.exe
C:\Windows\System\IqkDcKD.exe
2⤵
PID:9600

C:\Windows\System\TuHwWSh.exe
C:\Windows\System\TuHwWSh.exe
2⤵
PID:9496

C:\Windows\System\leIEejf.exe
C:\Windows\System\leIEejf.exe
2⤵
PID:9816

C:\Windows\System\zFqvnBT.exe
C:\Windows\System\zFqvnBT.exe
2⤵
PID:10028

C:\Windows\System\IepRZQW.exe
C:\Windows\System\IepRZQW.exe
2⤵
PID:10004

C:\Windows\System\WEYrRMh.exe
C:\Windows\System\WEYrRMh.exe
2⤵
PID:10216

C:\Windows\System\xOCDMfK.exe
C:\Windows\System\xOCDMfK.exe
2⤵
PID:9528

C:\Windows\System\EatHCZE.exe
C:\Windows\System\EatHCZE.exe
2⤵
PID:9716

C:\Windows\System\aevzvIw.exe
C:\Windows\System\aevzvIw.exe
2⤵
PID:9912

C:\Windows\System\JUJWzXg.exe
C:\Windows\System\JUJWzXg.exe
2⤵
PID:10252

C:\Windows\System\daDyVHV.exe
C:\Windows\System\daDyVHV.exe
2⤵
PID:10288

C:\Windows\System\TEyPZFz.exe
C:\Windows\System\TEyPZFz.exe
2⤵
PID:10320

C:\Windows\System\qFnnBcD.exe
C:\Windows\System\qFnnBcD.exe
2⤵
PID:10336

C:\Windows\System\YAuVBBV.exe
C:\Windows\System\YAuVBBV.exe
2⤵
PID:10360

C:\Windows\System\axscrzG.exe
C:\Windows\System\axscrzG.exe
2⤵
PID:10400

C:\Windows\System\iyeidIO.exe
C:\Windows\System\iyeidIO.exe
2⤵
PID:10452

C:\Windows\System\EZzJpBx.exe
C:\Windows\System\EZzJpBx.exe
2⤵
PID:10476

C:\Windows\System\qfQUrvV.exe
C:\Windows\System\qfQUrvV.exe
2⤵
PID:10500

C:\Windows\System\kBvQpxS.exe
C:\Windows\System\kBvQpxS.exe
2⤵
PID:10532

C:\Windows\System\zZNTTDa.exe
C:\Windows\System\zZNTTDa.exe
2⤵
PID:10556

C:\Windows\System\wcapNIW.exe
C:\Windows\System\wcapNIW.exe
2⤵
PID:10612

C:\Windows\System\RmJljdh.exe
C:\Windows\System\RmJljdh.exe
2⤵
PID:10628

C:\Windows\System\JnHEDgt.exe
C:\Windows\System\JnHEDgt.exe
2⤵
PID:10648

C:\Windows\System\EHUOkwC.exe
C:\Windows\System\EHUOkwC.exe
2⤵
PID:10676

C:\Windows\System\snucVWm.exe
C:\Windows\System\snucVWm.exe
2⤵
PID:10704

C:\Windows\System\CyBNcfU.exe
C:\Windows\System\CyBNcfU.exe
2⤵
PID:10724

C:\Windows\System\gexIMHF.exe
C:\Windows\System\gexIMHF.exe
2⤵
PID:10764

C:\Windows\System\sZhuleU.exe
C:\Windows\System\sZhuleU.exe
2⤵
PID:10796

C:\Windows\System\iODHaXq.exe
C:\Windows\System\iODHaXq.exe
2⤵
PID:10820

C:\Windows\System\mSCnQSa.exe
C:\Windows\System\mSCnQSa.exe
2⤵
PID:10844

C:\Windows\System\CawRAZN.exe
C:\Windows\System\CawRAZN.exe
2⤵
PID:10864

C:\Windows\System\yPnOLGZ.exe
C:\Windows\System\yPnOLGZ.exe
2⤵
PID:10880

C:\Windows\System\QlzPrNm.exe
C:\Windows\System\QlzPrNm.exe
2⤵
PID:10908

C:\Windows\System\iaOfPLO.exe
C:\Windows\System\iaOfPLO.exe
2⤵
PID:10940

C:\Windows\System\qWGWzEd.exe
C:\Windows\System\qWGWzEd.exe
2⤵
PID:10960

C:\Windows\System\pmyjyOT.exe
C:\Windows\System\pmyjyOT.exe
2⤵
PID:11008

C:\Windows\System\XDYdozG.exe
C:\Windows\System\XDYdozG.exe
2⤵
PID:11028

C:\Windows\System\EFUuIWk.exe
C:\Windows\System\EFUuIWk.exe
2⤵
PID:11084

C:\Windows\System\KGFsmvh.exe
C:\Windows\System\KGFsmvh.exe
2⤵
PID:11100

C:\Windows\System\locAVhq.exe
C:\Windows\System\locAVhq.exe
2⤵
PID:11124

C:\Windows\System\JGFgWaI.exe
C:\Windows\System\JGFgWaI.exe
2⤵
PID:11144

C:\Windows\System\RJebaFl.exe
C:\Windows\System\RJebaFl.exe
2⤵
PID:11164

C:\Windows\System\PwlKtzt.exe
C:\Windows\System\PwlKtzt.exe
2⤵
PID:11192

C:\Windows\System\dsbTcrp.exe
C:\Windows\System\dsbTcrp.exe
2⤵
PID:11212

C:\Windows\System\oSlSWYm.exe
C:\Windows\System\oSlSWYm.exe
2⤵
PID:11232

C:\Windows\System\GTpzhDX.exe
C:\Windows\System\GTpzhDX.exe
2⤵
PID:11248

C:\Windows\System\mpKWwCa.exe
C:\Windows\System\mpKWwCa.exe
2⤵
PID:10316

C:\Windows\System\XzdLTVB.exe
C:\Windows\System\XzdLTVB.exe
2⤵
PID:10392

C:\Windows\System\UXtuiIy.exe
C:\Windows\System\UXtuiIy.exe
2⤵
PID:9612

C:\Windows\System\XCoEPtK.exe
C:\Windows\System\XCoEPtK.exe
2⤵
PID:10520

C:\Windows\System\FBtmizS.exe
C:\Windows\System\FBtmizS.exe
2⤵
PID:10584

C:\Windows\System\RSyodJq.exe
C:\Windows\System\RSyodJq.exe
2⤵
PID:10644

C:\Windows\System\PdxNlYu.exe
C:\Windows\System\PdxNlYu.exe
2⤵
PID:3624

C:\Windows\System\tUrFRGZ.exe
C:\Windows\System\tUrFRGZ.exe
2⤵
PID:10856

C:\Windows\System\joVxXSi.exe
C:\Windows\System\joVxXSi.exe
2⤵
PID:10900

C:\Windows\System\TJnaiVp.exe
C:\Windows\System\TJnaiVp.exe
2⤵
PID:10932

C:\Windows\System\LJnTemc.exe
C:\Windows\System\LJnTemc.exe
2⤵
PID:10952

C:\Windows\System\AhvAGLZ.exe
C:\Windows\System\AhvAGLZ.exe
2⤵
PID:11052

C:\Windows\System\QbSyYek.exe
C:\Windows\System\QbSyYek.exe
2⤵
PID:11108

C:\Windows\System\zhZLGZJ.exe
C:\Windows\System\zhZLGZJ.exe
2⤵
PID:11096

C:\Windows\System\XsYCjsq.exe
C:\Windows\System\XsYCjsq.exe
2⤵
PID:11200

C:\Windows\System\LrqbBBD.exe
C:\Windows\System\LrqbBBD.exe
2⤵
PID:11228

C:\Windows\System\EwaNJOo.exe
C:\Windows\System\EwaNJOo.exe
2⤵
PID:10264

C:\Windows\System\hHpVwBd.exe
C:\Windows\System\hHpVwBd.exe
2⤵
PID:10688

C:\Windows\System\OcsiyNO.exe
C:\Windows\System\OcsiyNO.exe
2⤵
PID:10484

C:\Windows\System\tYTzOUz.exe
C:\Windows\System\tYTzOUz.exe
2⤵
PID:3160

C:\Windows\System\ZfnBwjX.exe
C:\Windows\System\ZfnBwjX.exe
2⤵
PID:10888

C:\Windows\System\WQdbGVU.exe
C:\Windows\System\WQdbGVU.exe
2⤵
PID:11016

C:\Windows\System\HBhRPMa.exe
C:\Windows\System\HBhRPMa.exe
2⤵
PID:11160

C:\Windows\System\RJuvpwP.exe
C:\Windows\System\RJuvpwP.exe
2⤵
PID:10492

C:\Windows\System\koWHjWs.exe
C:\Windows\System\koWHjWs.exe
2⤵
PID:10540

C:\Windows\System\PmOMuCP.exe
C:\Windows\System\PmOMuCP.exe
2⤵
PID:11288

C:\Windows\System\KCeoxVV.exe
C:\Windows\System\KCeoxVV.exe
2⤵
PID:11340

C:\Windows\System\xokErBc.exe
C:\Windows\System\xokErBc.exe
2⤵
PID:11376

C:\Windows\System\OfkdYkG.exe
C:\Windows\System\OfkdYkG.exe
2⤵
PID:11396

C:\Windows\System\iRUrcby.exe
C:\Windows\System\iRUrcby.exe
2⤵
PID:11456

C:\Windows\System\hlmHkuV.exe
C:\Windows\System\hlmHkuV.exe
2⤵
PID:11476

C:\Windows\System\NRvviaW.exe
C:\Windows\System\NRvviaW.exe
2⤵
PID:11504

C:\Windows\System\VLIUjmo.exe
C:\Windows\System\VLIUjmo.exe
2⤵
PID:11520

C:\Windows\System\GOdBMPE.exe
C:\Windows\System\GOdBMPE.exe
2⤵
PID:11568

C:\Windows\System\YHDfZkK.exe
C:\Windows\System\YHDfZkK.exe
2⤵
PID:11600

C:\Windows\System\LmzvdMx.exe
C:\Windows\System\LmzvdMx.exe
2⤵
PID:11624

C:\Windows\System\ymLMSyd.exe
C:\Windows\System\ymLMSyd.exe
2⤵
PID:11672

C:\Windows\System\faLznNR.exe
C:\Windows\System\faLznNR.exe
2⤵
PID:11696

C:\Windows\System\YJQbTyf.exe
C:\Windows\System\YJQbTyf.exe
2⤵
PID:11712

C:\Windows\System\TIWynMg.exe
C:\Windows\System\TIWynMg.exe
2⤵
PID:11740

C:\Windows\System\vuzNpBJ.exe
C:\Windows\System\vuzNpBJ.exe
2⤵
PID:11756

C:\Windows\System\fohPcXF.exe
C:\Windows\System\fohPcXF.exe
2⤵
PID:11784

C:\Windows\System\TMRdFZp.exe
C:\Windows\System\TMRdFZp.exe
2⤵
PID:11820

C:\Windows\System\BrXmBiF.exe
C:\Windows\System\BrXmBiF.exe
2⤵
PID:11844

C:\Windows\System\MnqqWoA.exe
C:\Windows\System\MnqqWoA.exe
2⤵
PID:11868

C:\Windows\System\foIkLzb.exe
C:\Windows\System\foIkLzb.exe
2⤵
PID:11944

C:\Windows\System\MJtprhG.exe
C:\Windows\System\MJtprhG.exe
2⤵
PID:11964

C:\Windows\System\woNBRBL.exe
C:\Windows\System\woNBRBL.exe
2⤵
PID:12036

C:\Windows\System\XpDMWGU.exe
C:\Windows\System\XpDMWGU.exe
2⤵
PID:12052

C:\Windows\System\jFpbmPr.exe
C:\Windows\System\jFpbmPr.exe
2⤵
PID:12084

C:\Windows\System\aCHLZAf.exe
C:\Windows\System\aCHLZAf.exe
2⤵
PID:12100

C:\Windows\System\wscpxHO.exe
C:\Windows\System\wscpxHO.exe
2⤵
PID:12132

C:\Windows\System\fqRVyou.exe
C:\Windows\System\fqRVyou.exe
2⤵
PID:12148

C:\Windows\System\ueWuSsK.exe
C:\Windows\System\ueWuSsK.exe
2⤵
PID:12176

C:\Windows\System\YrzupiV.exe
C:\Windows\System\YrzupiV.exe
2⤵
PID:12200

C:\Windows\System\BAkLyet.exe
C:\Windows\System\BAkLyet.exe
2⤵
PID:12236

C:\Windows\System\udrHXcK.exe
C:\Windows\System\udrHXcK.exe
2⤵
PID:12256

C:\Windows\System\EAcgmIL.exe
C:\Windows\System\EAcgmIL.exe
2⤵
PID:11208

C:\Windows\System\SniwJhz.exe
C:\Windows\System\SniwJhz.exe
2⤵
PID:10668

C:\Windows\System\lgBpSyF.exe
C:\Windows\System\lgBpSyF.exe
2⤵
PID:11284

C:\Windows\System\FWZZPmK.exe
C:\Windows\System\FWZZPmK.exe
2⤵
PID:10956

C:\Windows\System\vwxQfkV.exe
C:\Windows\System\vwxQfkV.exe
2⤵
PID:10736

C:\Windows\System\IaRkDSZ.exe
C:\Windows\System\IaRkDSZ.exe
2⤵
PID:5556

C:\Windows\System\KYvAUpq.exe
C:\Windows\System\KYvAUpq.exe
2⤵
PID:11080

C:\Windows\System\HeiXtNk.exe
C:\Windows\System\HeiXtNk.exe
2⤵
PID:11416

C:\Windows\System\JJTrdmS.exe
C:\Windows\System\JJTrdmS.exe
2⤵
PID:11468

C:\Windows\System\YdAieXc.exe
C:\Windows\System\YdAieXc.exe
2⤵
PID:11492

C:\Windows\System\GelLUnI.exe
C:\Windows\System\GelLUnI.exe
2⤵
PID:11596

C:\Windows\System\WmeFhND.exe
C:\Windows\System\WmeFhND.exe
2⤵
PID:11748

C:\Windows\System\VApPokb.exe
C:\Windows\System\VApPokb.exe
2⤵
PID:11776

C:\Windows\System\dbKfaVW.exe
C:\Windows\System\dbKfaVW.exe
2⤵
PID:11732

C:\Windows\System\ZNWDIEn.exe
C:\Windows\System\ZNWDIEn.exe
2⤵
PID:11856

C:\Windows\System\SZDBbVh.exe
C:\Windows\System\SZDBbVh.exe
2⤵
PID:11904

C:\Windows\System\iJyyGxV.exe
C:\Windows\System\iJyyGxV.exe
2⤵
PID:11976

C:\Windows\System\MrcYfqq.exe
C:\Windows\System\MrcYfqq.exe
2⤵
PID:12044

C:\Windows\System\fAMmYBq.exe
C:\Windows\System\fAMmYBq.exe
2⤵
PID:12140

C:\Windows\System\jVGJBmb.exe
C:\Windows\System\jVGJBmb.exe
2⤵
PID:12192

C:\Windows\System\OjonkVh.exe
C:\Windows\System\OjonkVh.exe
2⤵
PID:10444

C:\Windows\System\ZrHHZSE.exe
C:\Windows\System\ZrHHZSE.exe
2⤵
PID:10816

C:\Windows\System\gZVvLYR.exe
C:\Windows\System\gZVvLYR.exe
2⤵
PID:11560

C:\Windows\System\cBpdHKM.exe
C:\Windows\System\cBpdHKM.exe
2⤵
PID:11512

C:\Windows\System\pnZmugL.exe
C:\Windows\System\pnZmugL.exe
2⤵
PID:11640

C:\Windows\System\zcsLIjL.exe
C:\Windows\System\zcsLIjL.exe
2⤵
PID:11684

C:\Windows\System\pTOYPSN.exe
C:\Windows\System\pTOYPSN.exe
2⤵
PID:11892

C:\Windows\System\qCjOQcm.exe
C:\Windows\System\qCjOQcm.exe
2⤵
PID:11812

C:\Windows\System\oheZoId.exe
C:\Windows\System\oheZoId.exe
2⤵
PID:3528

C:\Windows\System\tfLiPhR.exe
C:\Windows\System\tfLiPhR.exe
2⤵
PID:12196

C:\Windows\System\ZdyNefN.exe
C:\Windows\System\ZdyNefN.exe
2⤵
PID:10788

C:\Windows\System\IQKerBP.exe
C:\Windows\System\IQKerBP.exe
2⤵
PID:844

C:\Windows\System\FFTioyd.exe
C:\Windows\System\FFTioyd.exe
2⤵
PID:10972

C:\Windows\System\BEsjSiH.exe
C:\Windows\System\BEsjSiH.exe
2⤵
PID:3904

C:\Windows\System\omyAzOh.exe
C:\Windows\System\omyAzOh.exe
2⤵
PID:11728

C:\Windows\System\KHSBJeu.exe
C:\Windows\System\KHSBJeu.exe
2⤵
PID:12284

C:\Windows\System\LQFivkG.exe
C:\Windows\System\LQFivkG.exe
2⤵
PID:11280

C:\Windows\System\ANejahC.exe
C:\Windows\System\ANejahC.exe
2⤵
PID:12292

C:\Windows\System\upiOKVu.exe
C:\Windows\System\upiOKVu.exe
2⤵
PID:12320

C:\Windows\System\lHgGkdS.exe
C:\Windows\System\lHgGkdS.exe
2⤵
PID:12340

C:\Windows\System\FWCdhjo.exe
C:\Windows\System\FWCdhjo.exe
2⤵
PID:12368

C:\Windows\System\QESZggg.exe
C:\Windows\System\QESZggg.exe
2⤵
PID:12452

C:\Windows\System\PyqNnXZ.exe
C:\Windows\System\PyqNnXZ.exe
2⤵
PID:12484

C:\Windows\System\zuVGytc.exe
C:\Windows\System\zuVGytc.exe
2⤵
PID:12504

C:\Windows\System\YgIVPTw.exe
C:\Windows\System\YgIVPTw.exe
2⤵
PID:12520

C:\Windows\System\hpkBTWe.exe
C:\Windows\System\hpkBTWe.exe
2⤵
PID:12548

C:\Windows\System\YTLEUVK.exe
C:\Windows\System\YTLEUVK.exe
2⤵
PID:12564

C:\Windows\System\bYaIixf.exe
C:\Windows\System\bYaIixf.exe
2⤵
PID:12584

C:\Windows\System\LFEBKMW.exe
C:\Windows\System\LFEBKMW.exe
2⤵
PID:12608

C:\Windows\System\CknFJvh.exe
C:\Windows\System\CknFJvh.exe
2⤵
PID:12624

C:\Windows\System\aJktTsT.exe
C:\Windows\System\aJktTsT.exe
2⤵
PID:12676

C:\Windows\System\AfwpZzf.exe
C:\Windows\System\AfwpZzf.exe
2⤵
PID:12712

C:\Windows\System\xxatJbf.exe
C:\Windows\System\xxatJbf.exe
2⤵
PID:12736

C:\Windows\System\GUpAabY.exe
C:\Windows\System\GUpAabY.exe
2⤵
PID:12780

C:\Windows\System\JuRYoFz.exe
C:\Windows\System\JuRYoFz.exe
2⤵
PID:12796

C:\Windows\System\GJVesmQ.exe
C:\Windows\System\GJVesmQ.exe
2⤵
PID:12848

C:\Windows\System\BDhcjZd.exe
C:\Windows\System\BDhcjZd.exe
2⤵
PID:12880

C:\Windows\System\FtLakGg.exe
C:\Windows\System\FtLakGg.exe
2⤵
PID:12896

C:\Windows\System\lcQZnLP.exe
C:\Windows\System\lcQZnLP.exe
2⤵
PID:12912

C:\Windows\System\TlGsbrn.exe
C:\Windows\System\TlGsbrn.exe
2⤵
PID:12936

C:\Windows\System\lUFPniG.exe
C:\Windows\System\lUFPniG.exe
2⤵
PID:12980

C:\Windows\System\UnbPACA.exe
C:\Windows\System\UnbPACA.exe
2⤵
PID:13000

C:\Windows\System\HeWUjLW.exe
C:\Windows\System\HeWUjLW.exe
2⤵
PID:13024

C:\Windows\System\TyhZlkP.exe
C:\Windows\System\TyhZlkP.exe
2⤵
PID:13044

C:\Windows\System\evqUhAv.exe
C:\Windows\System\evqUhAv.exe
2⤵
PID:13080

C:\Windows\System\iSuWNLo.exe
C:\Windows\System\iSuWNLo.exe
2⤵
PID:13108

C:\Windows\System\ztHrHvD.exe
C:\Windows\System\ztHrHvD.exe
2⤵
PID:13136

C:\Windows\System\ohNlLMR.exe
C:\Windows\System\ohNlLMR.exe
2⤵
PID:13156

C:\Windows\System\vttduCO.exe
C:\Windows\System\vttduCO.exe
2⤵
PID:13176

C:\Windows\System\fCirGHM.exe
C:\Windows\System\fCirGHM.exe
2⤵
PID:13200

C:\Windows\System\rdqJZIj.exe
C:\Windows\System\rdqJZIj.exe
2⤵
PID:13216

C:\Windows\System\LlBeSgb.exe
C:\Windows\System\LlBeSgb.exe
2⤵
PID:13252

C:\Windows\System\GPDTpZe.exe
C:\Windows\System\GPDTpZe.exe
2⤵
PID:13304

C:\Windows\System\iErIdii.exe
C:\Windows\System\iErIdii.exe
2⤵
PID:2548

C:\Windows\System\STuUoVQ.exe
C:\Windows\System\STuUoVQ.exe
2⤵
PID:12336

C:\Windows\System\wHYBllA.exe
C:\Windows\System\wHYBllA.exe
2⤵
PID:12360

C:\Windows\System\mVUAgKT.exe
C:\Windows\System\mVUAgKT.exe
2⤵
PID:12792

C:\Windows\System\gukbVob.exe
C:\Windows\System\gukbVob.exe
2⤵
PID:12560

C:\Windows\System\OIpLvYS.exe
C:\Windows\System\OIpLvYS.exe
2⤵
PID:12732

C:\Windows\System\fvInNXL.exe
C:\Windows\System\fvInNXL.exe
2⤵
PID:12772

C:\Windows\System\QgLLHJQ.exe
C:\Windows\System\QgLLHJQ.exe
2⤵
PID:12904

C:\Windows\System\dQSZSnu.exe
C:\Windows\System\dQSZSnu.exe
2⤵
PID:12892

C:\Windows\System\mRIRFok.exe
C:\Windows\System\mRIRFok.exe
2⤵
PID:11992

C:\Windows\System\CeiVzSh.exe
C:\Windows\System\CeiVzSh.exe
2⤵
PID:5944

C:\Windows\System\HznqRtC.exe
C:\Windows\System\HznqRtC.exe
2⤵
PID:11644

C:\Windows\System\IHAvGYA.exe
C:\Windows\System\IHAvGYA.exe
2⤵
PID:11276

C:\Windows\System\WgZhese.exe
C:\Windows\System\WgZhese.exe
2⤵
PID:5636

C:\Windows\System\wlLQyFX.exe
C:\Windows\System\wlLQyFX.exe
2⤵
PID:2504

C:\Windows\System\RUzHQlx.exe
C:\Windows\System\RUzHQlx.exe
2⤵
PID:12708

C:\Windows\System\uVFKVsO.exe
C:\Windows\System\uVFKVsO.exe
2⤵
PID:4312

C:\Windows\System\rWQRxLs.exe
C:\Windows\System\rWQRxLs.exe
2⤵
PID:8088

C:\Windows\System\BQcpcMY.exe
C:\Windows\System\BQcpcMY.exe
2⤵
PID:5992

C:\Windows\System\bQkMzvS.exe
C:\Windows\System\bQkMzvS.exe
2⤵
PID:12996

C:\Windows\System\stmPFth.exe
C:\Windows\System\stmPFth.exe
2⤵
PID:2436

C:\Windows\System\SLpdLnl.exe
C:\Windows\System\SLpdLnl.exe
2⤵
PID:13152

C:\Windows\System\vxGgqVp.exe
C:\Windows\System\vxGgqVp.exe
2⤵
PID:13192

C:\Windows\System\ixDNres.exe
C:\Windows\System\ixDNres.exe
2⤵
PID:6072

C:\Windows\System\moYiTpB.exe
C:\Windows\System\moYiTpB.exe
2⤵
PID:5932

C:\Windows\System\qVdSwiC.exe
C:\Windows\System\qVdSwiC.exe
2⤵
PID:3048

C:\Windows\System\HZhQVSh.exe
C:\Windows\System\HZhQVSh.exe
2⤵
PID:3896

C:\Windows\System\CFkvMKi.exe
C:\Windows\System\CFkvMKi.exe
2⤵
PID:12928

C:\Windows\System\MxZSbFj.exe
C:\Windows\System\MxZSbFj.exe
2⤵
PID:4996

C:\Windows\System\PfIphnW.exe
C:\Windows\System\PfIphnW.exe
2⤵
PID:12492

C:\Windows\System\qGOeSzJ.exe
C:\Windows\System\qGOeSzJ.exe
2⤵
PID:12704

C:\Windows\System\lKDDzOH.exe
C:\Windows\System\lKDDzOH.exe
2⤵
PID:12576

C:\Windows\System\FIoBnKo.exe
C:\Windows\System\FIoBnKo.exe
2⤵
PID:12544

C:\Windows\System\bWFoARN.exe
C:\Windows\System\bWFoARN.exe
2⤵
PID:4676

C:\Windows\System\FCIcDVD.exe
C:\Windows\System\FCIcDVD.exe
2⤵
PID:13128

C:\Windows\System\MSHOkLq.exe
C:\Windows\System\MSHOkLq.exe
2⤵
PID:2332

C:\Windows\System\KOKfcxg.exe
C:\Windows\System\KOKfcxg.exe
2⤵
PID:2060

C:\Windows\System\ufPGqXU.exe
C:\Windows\System\ufPGqXU.exe
2⤵
PID:13148

C:\Windows\System\kUCsipA.exe
C:\Windows\System\kUCsipA.exe
2⤵
PID:12540

C:\Windows\System\yHwpGBD.exe
C:\Windows\System\yHwpGBD.exe
2⤵
PID:13244

C:\Windows\System\AzXaaYC.exe
C:\Windows\System\AzXaaYC.exe
2⤵
PID:13020

C:\Windows\System\kIFRhTz.exe
C:\Windows\System\kIFRhTz.exe
2⤵
PID:13296

C:\Windows\System\VyoqoUq.exe
C:\Windows\System\VyoqoUq.exe
2⤵
PID:3924

C:\Windows\System\TBEibvD.exe
C:\Windows\System\TBEibvD.exe
2⤵
PID:5336

C:\Windows\System\CAmPUjT.exe
C:\Windows\System\CAmPUjT.exe
2⤵
PID:4356

C:\Windows\System\JvYgoCz.exe
C:\Windows\System\JvYgoCz.exe
2⤵
PID:928

C:\Windows\System\IDsaZHg.exe
C:\Windows\System\IDsaZHg.exe
2⤵
PID:4640

C:\Windows\System\QUbeDSY.exe
C:\Windows\System\QUbeDSY.exe
2⤵
PID:1752

C:\Windows\System\IUtFbJH.exe
C:\Windows\System\IUtFbJH.exe
2⤵
PID:1972

C:\Windows\System\rvXySLD.exe
C:\Windows\System\rvXySLD.exe
2⤵
PID:12992

C:\Windows\System\uvRsCwL.exe
C:\Windows\System\uvRsCwL.exe
2⤵
PID:4564

C:\Windows\System\dTkUxwB.exe
C:\Windows\System\dTkUxwB.exe
2⤵
PID:2764

C:\Windows\System\ebujMVt.exe
C:\Windows\System\ebujMVt.exe
2⤵
PID:12476

C:\Windows\System\xNQPlBi.exe
C:\Windows\System\xNQPlBi.exe
2⤵
PID:3740

C:\Windows\System\IzprbkT.exe
C:\Windows\System\IzprbkT.exe
2⤵
PID:5424

C:\Windows\System\DVIFIIx.exe
C:\Windows\System\DVIFIIx.exe
2⤵
PID:1940

C:\Windows\System\PiUxAdQ.exe
C:\Windows\System\PiUxAdQ.exe
2⤵
PID:12976

C:\Windows\System\bHVAgVh.exe
C:\Windows\System\bHVAgVh.exe
2⤵
PID:2084

C:\Windows\System\JTbfAMK.exe
C:\Windows\System\JTbfAMK.exe
2⤵
PID:5020

C:\Windows\System\dkhbAyh.exe
C:\Windows\System\dkhbAyh.exe
2⤵
PID:13012

C:\Windows\System\Dnodtoh.exe
C:\Windows\System\Dnodtoh.exe
2⤵
PID:13300

C:\Windows\System\cruOOpU.exe
C:\Windows\System\cruOOpU.exe
2⤵
PID:1620

C:\Windows\System\dbGOfkr.exe
C:\Windows\System\dbGOfkr.exe
2⤵
PID:3576

C:\Windows\System\NUsxcVp.exe
C:\Windows\System\NUsxcVp.exe
2⤵
PID:3000

C:\Windows\System\lAtnaTN.exe
C:\Windows\System\lAtnaTN.exe
2⤵
PID:1980

C:\Windows\System\OVdvmeT.exe
C:\Windows\System\OVdvmeT.exe
2⤵
PID:3864

C:\Windows\System\uBltsvb.exe
C:\Windows\System\uBltsvb.exe
2⤵
PID:4320

C:\Windows\System\JgwRwNm.exe
C:\Windows\System\JgwRwNm.exe
2⤵
PID:13340

C:\Windows\System\uyiqTXh.exe
C:\Windows\System\uyiqTXh.exe
2⤵
PID:13568

C:\Windows\System\nTkgCXI.exe
C:\Windows\System\nTkgCXI.exe
2⤵
PID:13600

C:\Windows\System\PaLKXfT.exe
C:\Windows\System\PaLKXfT.exe
2⤵
PID:13616

C:\Windows\System\YTgmAFL.exe
C:\Windows\System\YTgmAFL.exe
2⤵
PID:13636

C:\Windows\System\QRiqHXN.exe
C:\Windows\System\QRiqHXN.exe
2⤵
PID:13664

C:\Windows\System\diiEojW.exe
C:\Windows\System\diiEojW.exe
2⤵
PID:13820

C:\Windows\System\nMaXkcB.exe
C:\Windows\System\nMaXkcB.exe
2⤵
PID:13836

C:\Windows\System\fQFAyNz.exe
C:\Windows\System\fQFAyNz.exe
2⤵
PID:13856

C:\Windows\System\CtkEQPi.exe
C:\Windows\System\CtkEQPi.exe
2⤵
PID:13876

C:\Windows\System\NhHofob.exe
C:\Windows\System\NhHofob.exe
2⤵
PID:13896

C:\Windows\System\qevxvCR.exe
C:\Windows\System\qevxvCR.exe
2⤵
PID:13924

C:\Windows\System\LJzpVGI.exe
C:\Windows\System\LJzpVGI.exe
2⤵
PID:14048

C:\Windows\System\HZbHban.exe
C:\Windows\System\HZbHban.exe
2⤵
PID:14148

C:\Windows\System\PkQsdmu.exe
C:\Windows\System\PkQsdmu.exe
2⤵
PID:14232

C:\Windows\System\gkFjpUd.exe
C:\Windows\System\gkFjpUd.exe
2⤵
PID:14280

C:\Windows\System\GStbohN.exe
C:\Windows\System\GStbohN.exe
2⤵
PID:12312

C:\Windows\System\MLYKnrf.exe
C:\Windows\System\MLYKnrf.exe
2⤵
PID:13208

C:\Windows\System\BthiiHK.exe
C:\Windows\System\BthiiHK.exe
2⤵
PID:3544

C:\Windows\System\fbzyEgI.exe
C:\Windows\System\fbzyEgI.exe
2⤵
PID:2324

C:\Windows\System\uyDRUgW.exe
C:\Windows\System\uyDRUgW.exe
2⤵
PID:5728

C:\Windows\System\WFSReWt.exe
C:\Windows\System\WFSReWt.exe
2⤵
PID:13316

C:\Windows\System\xUMmHsX.exe
C:\Windows\System\xUMmHsX.exe
2⤵
PID:13480

C:\Windows\System\OQuKvPk.exe
C:\Windows\System\OQuKvPk.exe
2⤵
PID:4472

C:\Windows\System\cGIPkqp.exe
C:\Windows\System\cGIPkqp.exe
2⤵
PID:13912

C:\Windows\System\MsdpkqG.exe
C:\Windows\System\MsdpkqG.exe
2⤵
PID:13948

C:\Windows\System\LGcAfzL.exe
C:\Windows\System\LGcAfzL.exe
2⤵
PID:13852

C:\Windows\System\xHeKYnM.exe
C:\Windows\System\xHeKYnM.exe
2⤵
PID:14004

C:\Windows\System\ChYpYHC.exe
C:\Windows\System\ChYpYHC.exe
2⤵
PID:13940

C:\Windows\System\AiJOcrV.exe
C:\Windows\System\AiJOcrV.exe
2⤵
PID:14028

C:\Windows\System\kfhwYxD.exe
C:\Windows\System\kfhwYxD.exe
2⤵
PID:14096

C:\Windows\System\GAKrbKP.exe
C:\Windows\System\GAKrbKP.exe
2⤵
PID:14112

C:\Windows\System\rDEhhrk.exe
C:\Windows\System\rDEhhrk.exe
2⤵
PID:14128

C:\Windows\System\xafEfwU.exe
C:\Windows\System\xafEfwU.exe
2⤵
PID:14156

C:\Windows\System\sofTENM.exe
C:\Windows\System\sofTENM.exe
2⤵
PID:14216

C:\Windows\System\VnXdoPV.exe
C:\Windows\System\VnXdoPV.exe
2⤵
PID:14320

C:\Windows\System\wzhYbDQ.exe
C:\Windows\System\wzhYbDQ.exe
2⤵
PID:14316

C:\Windows\System\JqupcFZ.exe
C:\Windows\System\JqupcFZ.exe
2⤵
PID:5088

C:\Windows\System\fWbbzMN.exe
C:\Windows\System\fWbbzMN.exe
2⤵
PID:12728

C:\Windows\System\GALZUxC.exe
C:\Windows\System\GALZUxC.exe
2⤵
PID:4548

C:\Windows\System\NGSaJmg.exe
C:\Windows\System\NGSaJmg.exe
2⤵
PID:13336

C:\Windows\System\nhsqIRI.exe
C:\Windows\System\nhsqIRI.exe
2⤵
PID:13736

C:\Windows\System\DjRVoeD.exe
C:\Windows\System\DjRVoeD.exe
2⤵
PID:5368

C:\Windows\System\YmBxbju.exe
C:\Windows\System\YmBxbju.exe
2⤵
PID:13796

C:\Windows\System\uersDrN.exe
C:\Windows\System\uersDrN.exe
2⤵
PID:14040

C:\Windows\System\yFtYWuJ.exe
C:\Windows\System\yFtYWuJ.exe
2⤵
PID:13392

C:\Windows\System\eYtcTGb.exe
C:\Windows\System\eYtcTGb.exe
2⤵
PID:5884

C:\Windows\System\EznqPEq.exe
C:\Windows\System\EznqPEq.exe
2⤵
PID:7208

C:\Windows\System\hHzhoYJ.exe
C:\Windows\System\hHzhoYJ.exe
2⤵
PID:14044

C:\Windows\System\JvvoDog.exe
C:\Windows\System\JvvoDog.exe
2⤵
PID:12672

C:\Windows\System\mIkSJgz.exe
C:\Windows\System\mIkSJgz.exe
2⤵
PID:13512

C:\Windows\System\LvyLiIP.exe
C:\Windows\System\LvyLiIP.exe
2⤵
PID:13372

C:\Windows\System\KfegAsL.exe
C:\Windows\System\KfegAsL.exe
2⤵
PID:14136

C:\Windows\System\mSOPlPG.exe
C:\Windows\System\mSOPlPG.exe
2⤵
PID:13328

C:\Windows\System\TwDjooy.exe
C:\Windows\System\TwDjooy.exe
2⤵
PID:3532

C:\Windows\System\jkBybDf.exe
C:\Windows\System\jkBybDf.exe
2⤵
PID:3948

C:\Windows\System\NTppyHQ.exe
C:\Windows\System\NTppyHQ.exe
2⤵
PID:13724

C:\Windows\System\GjAVaTZ.exe
C:\Windows\System\GjAVaTZ.exe
2⤵
PID:2688

C:\Windows\System\DEHrnPg.exe
C:\Windows\System\DEHrnPg.exe
2⤵
PID:13448

C:\Windows\System\wDmXhCz.exe
C:\Windows\System\wDmXhCz.exe
2⤵
PID:13596

C:\Windows\System\GgtMdxj.exe
C:\Windows\System\GgtMdxj.exe
2⤵
PID:5240

C:\Windows\System\qADudRc.exe
C:\Windows\System\qADudRc.exe
2⤵
PID:13868

C:\Windows\System\nwNZVtb.exe
C:\Windows\System\nwNZVtb.exe
2⤵
PID:812

C:\Windows\System\yluUQQx.exe
C:\Windows\System\yluUQQx.exe
2⤵
PID:13692

C:\Windows\System\OiBGMbl.exe
C:\Windows\System\OiBGMbl.exe
2⤵
PID:5512

C:\Windows\System\LXuxLtL.exe
C:\Windows\System\LXuxLtL.exe
2⤵
PID:5656

C:\Windows\System\hHosHUq.exe
C:\Windows\System\hHosHUq.exe
2⤵
PID:6116

C:\Windows\System\MdFixRi.exe
C:\Windows\System\MdFixRi.exe
2⤵
PID:6092

C:\Windows\System\eRRydPi.exe
C:\Windows\System\eRRydPi.exe
2⤵
PID:5716

C:\Windows\System\gJovvxr.exe
C:\Windows\System\gJovvxr.exe
2⤵
PID:5528

C:\Windows\System\bbAMTqv.exe
C:\Windows\System\bbAMTqv.exe
2⤵
PID:1376

C:\Windows\System\ntarzXx.exe
C:\Windows\System\ntarzXx.exe
2⤵
PID:5128

C:\Windows\System\sjhJxBO.exe
C:\Windows\System\sjhJxBO.exe
2⤵
PID:8768

C:\Windows\System\jBdJiwb.exe
C:\Windows\System\jBdJiwb.exe
2⤵
PID:648

C:\Windows\System\BALCOfZ.exe
C:\Windows\System\BALCOfZ.exe
2⤵
PID:5928

C:\Windows\System\FAtyOiA.exe
C:\Windows\System\FAtyOiA.exe
2⤵
PID:14184

C:\Windows\System\rmjHPKr.exe
C:\Windows\System\rmjHPKr.exe
2⤵
PID:5412

C:\Windows\System\oooBGNX.exe
C:\Windows\System\oooBGNX.exe
2⤵
PID:2396

C:\Windows\System\KtiFsQE.exe
C:\Windows\System\KtiFsQE.exe
2⤵
PID:13752

C:\Windows\System\QKDJYAm.exe
C:\Windows\System\QKDJYAm.exe
2⤵
PID:13892

C:\Windows\System\xrqIsMr.exe
C:\Windows\System\xrqIsMr.exe
2⤵
PID:5684

C:\Windows\System\VzIxfwZ.exe
C:\Windows\System\VzIxfwZ.exe
2⤵
PID:6132

C:\Windows\System\AtGOmoZ.exe
C:\Windows\System\AtGOmoZ.exe
2⤵
PID:6076

C:\Windows\System\RqUjtbf.exe
C:\Windows\System\RqUjtbf.exe
2⤵
PID:14288

C:\Windows\System\DYumFFn.exe
C:\Windows\System\DYumFFn.exe
2⤵
PID:14208

C:\Windows\System\xWQPlqs.exe
C:\Windows\System\xWQPlqs.exe
2⤵
PID:5444

C:\Windows\System\XAKyCKw.exe
C:\Windows\System\XAKyCKw.exe
2⤵
PID:1056

C:\Windows\System\PkKOxlK.exe
C:\Windows\System\PkKOxlK.exe
2⤵
PID:14024

C:\Windows\System\CqFurxv.exe
C:\Windows\System\CqFurxv.exe
2⤵
PID:5540

C:\Windows\System\rlxhcUZ.exe
C:\Windows\System\rlxhcUZ.exe
2⤵
PID:5460

C:\Windows\System\WhAqvLu.exe
C:\Windows\System\WhAqvLu.exe
2⤵
PID:3712

C:\Windows\System\jpjLzgl.exe
C:\Windows\System\jpjLzgl.exe
2⤵
PID:4300

C:\Windows\System\veIWtDN.exe
C:\Windows\System\veIWtDN.exe
2⤵
PID:13696

C:\Windows\System\VJKUKqG.exe
C:\Windows\System\VJKUKqG.exe
2⤵
PID:4880

C:\Windows\System\pHCEpmq.exe
C:\Windows\System\pHCEpmq.exe
2⤵
PID:4216

C:\Windows\System\Mvjrdiw.exe
C:\Windows\System\Mvjrdiw.exe
2⤵
PID:13704

C:\Windows\System\MjBfwrx.exe
C:\Windows\System\MjBfwrx.exe
2⤵
PID:13428

C:\Windows\System\wJNAVdu.exe
C:\Windows\System\wJNAVdu.exe
2⤵
PID:5160

C:\Windows\System\FeAxLqX.exe
C:\Windows\System\FeAxLqX.exe
2⤵
PID:5876

C:\Windows\System\ApJDeXW.exe
C:\Windows\System\ApJDeXW.exe
2⤵
PID:13116

C:\Windows\System\SZlJVly.exe
C:\Windows\System\SZlJVly.exe
2⤵
PID:5164

C:\Windows\System\sEckFQP.exe
C:\Windows\System\sEckFQP.exe
2⤵
PID:14120

C:\Windows\System\vIHloqF.exe
C:\Windows\System\vIHloqF.exe
2⤵
PID:5428

C:\Windows\System\VhjEFoO.exe
C:\Windows\System\VhjEFoO.exe
2⤵
PID:5156

C:\Windows\System\RTctBXC.exe
C:\Windows\System\RTctBXC.exe
2⤵
PID:14260

C:\Windows\System\uhBFTJb.exe
C:\Windows\System\uhBFTJb.exe
2⤵
PID:10144

C:\Windows\System\HFpHUVG.exe
C:\Windows\System\HFpHUVG.exe
2⤵
PID:9060

C:\Windows\System\WHNMZvY.exe
C:\Windows\System\WHNMZvY.exe
2⤵
PID:13492

C:\Windows\System\oQzeZAQ.exe
C:\Windows\System\oQzeZAQ.exe
2⤵
PID:6064

C:\Windows\System\ruWiLgP.exe
C:\Windows\System\ruWiLgP.exe
2⤵
PID:14212

C:\Windows\System\hNxTFpi.exe
C:\Windows\System\hNxTFpi.exe
2⤵
PID:12596

C:\Windows\System\cSURozX.exe
C:\Windows\System\cSURozX.exe
2⤵
PID:9596

C:\Windows\System\XDbsVuR.exe
C:\Windows\System\XDbsVuR.exe
2⤵
PID:9788

C:\Windows\System\ONyoWXr.exe
C:\Windows\System\ONyoWXr.exe
2⤵
PID:2248

C:\Windows\System\VeAAvZl.exe
C:\Windows\System\VeAAvZl.exe
2⤵
PID:5456

C:\Windows\System\XssuVJB.exe
C:\Windows\System\XssuVJB.exe
2⤵
PID:6344

C:\Windows\System\fGMjhRO.exe
C:\Windows\System\fGMjhRO.exe
2⤵
PID:6824

C:\Windows\System\mvQWLUI.exe
C:\Windows\System\mvQWLUI.exe
2⤵
PID:6972

C:\Windows\System\mLlKFNH.exe
C:\Windows\System\mLlKFNH.exe
2⤵
PID:4632

C:\Windows\System\RlAdheh.exe
C:\Windows\System\RlAdheh.exe
2⤵
PID:7040

C:\Windows\System\jobuygM.exe
C:\Windows\System\jobuygM.exe
2⤵
PID:9624

C:\Windows\System\WNnLAmk.exe
C:\Windows\System\WNnLAmk.exe
2⤵
PID:6244

C:\Windows\System\oVJDygE.exe
C:\Windows\System\oVJDygE.exe
2⤵
PID:6876

C:\Windows\System\mgPVeGQ.exe
C:\Windows\System\mgPVeGQ.exe
2⤵
PID:6680

C:\Windows\System\BdwDcgU.exe
C:\Windows\System\BdwDcgU.exe
2⤵
PID:5268

C:\Windows\System\mYzKhEq.exe
C:\Windows\System\mYzKhEq.exe
2⤵
PID:10212

C:\Windows\System\brCIhdx.exe
C:\Windows\System\brCIhdx.exe
2⤵
PID:10260

C:\Windows\System\QVWbueG.exe
C:\Windows\System\QVWbueG.exe
2⤵
PID:10372

C:\Windows\System\wSKXbAv.exe
C:\Windows\System\wSKXbAv.exe
2⤵
PID:2796

C:\Windows\System\IUAzZAx.exe
C:\Windows\System\IUAzZAx.exe
2⤵
PID:9824

C:\Windows\System\fmrtcKb.exe
C:\Windows\System\fmrtcKb.exe
2⤵
PID:6468

C:\Windows\System\elaVbac.exe
C:\Windows\System\elaVbac.exe
2⤵
PID:1584

C:\Windows\System\YtBkUKR.exe
C:\Windows\System\YtBkUKR.exe
2⤵
PID:10572

C:\Windows\System\FTtRCCQ.exe
C:\Windows\System\FTtRCCQ.exe
2⤵
PID:10732

C:\Windows\System\QuDUePE.exe
C:\Windows\System\QuDUePE.exe
2⤵
PID:11036

C:\Windows\System\BEeolFo.exe
C:\Windows\System\BEeolFo.exe
2⤵
PID:11068

C:\Windows\System\ZCUGZpc.exe
C:\Windows\System\ZCUGZpc.exe
2⤵
PID:11220

C:\Windows\System\kxldHbg.exe
C:\Windows\System\kxldHbg.exe
2⤵
PID:14264

C:\Windows\System\wEsoTah.exe
C:\Windows\System\wEsoTah.exe
2⤵
PID:10196

C:\Windows\System\rzsqztm.exe
C:\Windows\System\rzsqztm.exe
2⤵
PID:5692

C:\Windows\System\yZQPKtM.exe
C:\Windows\System\yZQPKtM.exe
2⤵
PID:7320

C:\Windows\System\ctAqQwp.exe
C:\Windows\System\ctAqQwp.exe
2⤵
PID:5448

C:\Windows\System\ZKsSJEo.exe
C:\Windows\System\ZKsSJEo.exe
2⤵
PID:9376

C:\Windows\System\XwnWdoX.exe
C:\Windows\System\XwnWdoX.exe
2⤵
PID:13808

C:\Windows\System\jbkJdHl.exe
C:\Windows\System\jbkJdHl.exe
2⤵
PID:6488

C:\Windows\System\kcWdMxH.exe
C:\Windows\System\kcWdMxH.exe
2⤵
PID:10124

C:\Windows\System\cgEPwnU.exe
C:\Windows\System\cgEPwnU.exe
2⤵
PID:3824

C:\Windows\System\MSrHfah.exe
C:\Windows\System\MSrHfah.exe
2⤵
PID:13980

C:\Windows\System\aQIFVFb.exe
C:\Windows\System\aQIFVFb.exe
2⤵
PID:11180

C:\Windows\System\HFFPNyS.exe
C:\Windows\System\HFFPNyS.exe
2⤵
PID:10552

C:\Windows\System\hoWmVCw.exe
C:\Windows\System\hoWmVCw.exe
2⤵
PID:10696

C:\Windows\System\HNLhraY.exe
C:\Windows\System\HNLhraY.exe
2⤵
PID:6368

C:\Windows\System\gnXLJty.exe
C:\Windows\System\gnXLJty.exe
2⤵
PID:6420

C:\Windows\System\aQXRWFm.exe
C:\Windows\System\aQXRWFm.exe
2⤵
PID:7684

C:\Windows\System\NaMuOvb.exe
C:\Windows\System\NaMuOvb.exe
2⤵
PID:7372

C:\Windows\System\vpYRLdx.exe
C:\Windows\System\vpYRLdx.exe
2⤵
PID:9664

C:\Windows\System\QTzhdvd.exe
C:\Windows\System\QTzhdvd.exe
2⤵
PID:10384

C:\Windows\System\bOacOuo.exe
C:\Windows\System\bOacOuo.exe
2⤵
PID:6940

C:\Windows\System\kDJTqVC.exe
C:\Windows\System\kDJTqVC.exe
2⤵
PID:10512

C:\Windows\System\bqmbZQx.exe
C:\Windows\System\bqmbZQx.exe
2⤵
PID:13624

C:\Windows\System\QtkLHQO.exe
C:\Windows\System\QtkLHQO.exe
2⤵
PID:7128

C:\Windows\System\mTSwkMx.exe
C:\Windows\System\mTSwkMx.exe
2⤵
PID:7540

C:\Windows\System\xCjuedv.exe
C:\Windows\System\xCjuedv.exe
2⤵
PID:6336

C:\Windows\System\RxJSlGm.exe
C:\Windows\System\RxJSlGm.exe
2⤵
PID:7256

C:\Windows\System\NJeffcH.exe
C:\Windows\System\NJeffcH.exe
2⤵
PID:7988

C:\Windows\System\RzKnXUk.exe
C:\Windows\System\RzKnXUk.exe
2⤵
PID:2900

C:\Windows\System\RzDeYKF.exe
C:\Windows\System\RzDeYKF.exe
2⤵
PID:756

C:\Windows\System\kPRSrPi.exe
C:\Windows\System\kPRSrPi.exe
2⤵
PID:7100

C:\Windows\System\fxwnmcG.exe
C:\Windows\System\fxwnmcG.exe
2⤵
PID:7568

C:\Windows\System\XuOvICu.exe
C:\Windows\System\XuOvICu.exe
2⤵
PID:7704

C:\Windows\System\kNZitAI.exe
C:\Windows\System\kNZitAI.exe
2⤵
PID:6988

C:\Windows\System\tpLSovB.exe
C:\Windows\System\tpLSovB.exe
2⤵
PID:7636

C:\Windows\System\FJXvOVH.exe
C:\Windows\System\FJXvOVH.exe
2⤵
PID:9856

C:\Windows\System\yWyEaAr.exe
C:\Windows\System\yWyEaAr.exe
2⤵
PID:7808

C:\Windows\System\omKXPeX.exe
C:\Windows\System\omKXPeX.exe
2⤵
PID:10744

C:\Windows\System\yRgMueX.exe
C:\Windows\System\yRgMueX.exe
2⤵
PID:6408

C:\Windows\System\lKPqXCg.exe
C:\Windows\System\lKPqXCg.exe
2⤵
PID:6832

C:\Windows\System\imTxjwf.exe
C:\Windows\System\imTxjwf.exe
2⤵
PID:10992

C:\Windows\System\oCcmdpq.exe
C:\Windows\System\oCcmdpq.exe
2⤵
PID:9272

C:\Windows\System\TWQpCTU.exe
C:\Windows\System\TWQpCTU.exe
2⤵
PID:3844

C:\Windows\System\QxHIkPh.exe
C:\Windows\System\QxHIkPh.exe
2⤵
PID:6392

C:\Windows\System\dLTCLXn.exe
C:\Windows\System\dLTCLXn.exe
2⤵
PID:10976

C:\Windows\System\DecCtQJ.exe
C:\Windows\System\DecCtQJ.exe
2⤵
PID:7288

C:\Windows\System\UaRHvcN.exe
C:\Windows\System\UaRHvcN.exe
2⤵
PID:6300

C:\Windows\System\mZFEzeq.exe
C:\Windows\System\mZFEzeq.exe
2⤵
PID:7196

C:\Windows\System\yzRuyrT.exe
C:\Windows\System\yzRuyrT.exe
2⤵
PID:8108

C:\Windows\System\jWEEZLS.exe
C:\Windows\System\jWEEZLS.exe
2⤵
PID:11320

C:\Windows\System\xlmFWLz.exe
C:\Windows\System\xlmFWLz.exe
2⤵
PID:7800

C:\Windows\System\DieTiBk.exe
C:\Windows\System\DieTiBk.exe
2⤵
PID:9932

C:\Windows\System\zhaSYiL.exe
C:\Windows\System\zhaSYiL.exe
2⤵
PID:6816

C:\Windows\System\IxaNkPj.exe
C:\Windows\System\IxaNkPj.exe
2⤵
PID:11588

C:\Windows\System\QmddUtu.exe
C:\Windows\System\QmddUtu.exe
2⤵
PID:6796

C:\Windows\System\aMYmShI.exe
C:\Windows\System\aMYmShI.exe
2⤵
PID:12224

C:\Windows\System\GOwDVaN.exe
C:\Windows\System\GOwDVaN.exe
2⤵
PID:12264

C:\Windows\System\SbYuDZX.exe
C:\Windows\System\SbYuDZX.exe
2⤵
PID:10720

C:\Windows\System\hGRxAVZ.exe
C:\Windows\System\hGRxAVZ.exe
2⤵
PID:7408

C:\Windows\System\xbagGxJ.exe
C:\Windows\System\xbagGxJ.exe
2⤵
PID:13964

C:\Windows\System\nCuIFcc.exe
C:\Windows\System\nCuIFcc.exe
2⤵
PID:7716

C:\Windows\System\aROoJXa.exe
C:\Windows\System\aROoJXa.exe
2⤵
PID:7908

C:\Windows\System\tyucLlj.exe
C:\Windows\System\tyucLlj.exe
2⤵
PID:8208

C:\Windows\System\BwFKQJw.exe
C:\Windows\System\BwFKQJw.exe
2⤵
PID:9356

C:\Windows\System\oRBKlBS.exe
C:\Windows\System\oRBKlBS.exe
2⤵
PID:7544

C:\Windows\System\QBGzXSZ.exe
C:\Windows\System\QBGzXSZ.exe
2⤵
PID:11316

C:\Windows\System\tSYVeLy.exe
C:\Windows\System\tSYVeLy.exe
2⤵
PID:11056

C:\Windows\System\SIyMDaH.exe
C:\Windows\System\SIyMDaH.exe
2⤵
PID:11556

C:\Windows\System\kRuOKFe.exe
C:\Windows\System\kRuOKFe.exe
2⤵
PID:8352

C:\Windows\System\msCBExl.exe
C:\Windows\System\msCBExl.exe
2⤵
PID:8152

C:\Windows\System\twLLPjl.exe
C:\Windows\System\twLLPjl.exe
2⤵
PID:8340

C:\Windows\System\RmRvjEL.exe
C:\Windows\System\RmRvjEL.exe
2⤵
PID:11988

C:\Windows\System\sTqupjz.exe
C:\Windows\System\sTqupjz.exe
2⤵
PID:12028

C:\Windows\System\YXDiSfR.exe
C:\Windows\System\YXDiSfR.exe
2⤵
PID:8820

C:\Windows\System\wuLPxVG.exe
C:\Windows\System\wuLPxVG.exe
2⤵
PID:9136

C:\Windows\System\oNNNljm.exe
C:\Windows\System\oNNNljm.exe
2⤵
PID:9084

C:\Windows\System\lfKnRwl.exe
C:\Windows\System\lfKnRwl.exe
2⤵
PID:8540

C:\Windows\System\GifNsFd.exe
C:\Windows\System\GifNsFd.exe
2⤵
PID:8604

C:\Windows\System\MolkJWy.exe
C:\Windows\System\MolkJWy.exe
2⤵
PID:7644

C:\Windows\System\GNRXGJO.exe
C:\Windows\System\GNRXGJO.exe
2⤵
PID:8308

C:\Windows\System\ixeKfqj.exe
C:\Windows\System\ixeKfqj.exe
2⤵
PID:8228

C:\Windows\System\sKUUTWP.exe
C:\Windows\System\sKUUTWP.exe
2⤵
PID:11720

C:\Windows\System\NqhXuVv.exe
C:\Windows\System\NqhXuVv.exe
2⤵
PID:4064

C:\Windows\System\tYYaTdn.exe
C:\Windows\System\tYYaTdn.exe
2⤵
PID:9120

C:\Windows\System\XJAhbey.exe
C:\Windows\System\XJAhbey.exe
2⤵
PID:7376

C:\Windows\System\HMpkrbR.exe
C:\Windows\System\HMpkrbR.exe
2⤵
PID:8856

C:\Windows\System\RFYTgKR.exe
C:\Windows\System\RFYTgKR.exe
2⤵
PID:7768

C:\Windows\System\tWUzmyb.exe
C:\Windows\System\tWUzmyb.exe
2⤵
PID:7068

C:\Windows\System\MkRreHf.exe
C:\Windows\System\MkRreHf.exe
2⤵
PID:11584

C:\Windows\System\KAkxCOV.exe
C:\Windows\System\KAkxCOV.exe
2⤵
PID:12144

C:\Windows\System\BibBTXZ.exe
C:\Windows\System\BibBTXZ.exe
2⤵
PID:10304

C:\Windows\System\KGqNTKc.exe
C:\Windows\System\KGqNTKc.exe
2⤵
PID:8992

C:\Windows\System\IJcbDdm.exe
C:\Windows\System\IJcbDdm.exe
2⤵
PID:7188

C:\Windows\System\icTWCfD.exe
C:\Windows\System\icTWCfD.exe
2⤵
PID:8888

C:\Windows\System\kekLPoe.exe
C:\Windows\System\kekLPoe.exe
2⤵
PID:7772

C:\Windows\System\XttxOoe.exe
C:\Windows\System\XttxOoe.exe
2⤵
PID:8544

C:\Windows\System\MFzCeVf.exe
C:\Windows\System\MFzCeVf.exe
2⤵
PID:7572

C:\Windows\System\WPlmgrL.exe
C:\Windows\System\WPlmgrL.exe
2⤵
PID:8848

C:\Windows\System\GYpUpEI.exe
C:\Windows\System\GYpUpEI.exe
2⤵
PID:8752

C:\Windows\System\gjSbvmz.exe
C:\Windows\System\gjSbvmz.exe
2⤵
PID:7632

C:\Windows\System\tUQAQGc.exe
C:\Windows\System\tUQAQGc.exe
2⤵
PID:11040

C:\Windows\System\GpWnuEK.exe
C:\Windows\System\GpWnuEK.exe
2⤵
PID:12384

C:\Windows\System\lqyMfEl.exe
C:\Windows\System\lqyMfEl.exe
2⤵
PID:9212

C:\Windows\System\XUzrQuE.exe
C:\Windows\System\XUzrQuE.exe
2⤵
PID:13412

C:\Windows\System\XwIyRZG.exe
C:\Windows\System\XwIyRZG.exe
2⤵
PID:9836

C:\Windows\System\bCoSfDx.exe
C:\Windows\System\bCoSfDx.exe
2⤵
PID:3996

C:\Windows\System\kXJzOhb.exe
C:\Windows\System\kXJzOhb.exe
2⤵
PID:7688

C:\Windows\System\WScGTnn.exe
C:\Windows\System\WScGTnn.exe
2⤵
PID:10448

C:\Windows\System\jhrpzeb.exe
C:\Windows\System\jhrpzeb.exe
2⤵
PID:11832

C:\Windows\System\utotreD.exe
C:\Windows\System\utotreD.exe
2⤵
PID:7860

C:\Windows\System\mgEFpUi.exe
C:\Windows\System\mgEFpUi.exe
2⤵
PID:11980

C:\Windows\System\LDKnwbJ.exe
C:\Windows\System\LDKnwbJ.exe
2⤵
PID:8500

C:\Windows\System\eQpACTR.exe
C:\Windows\System\eQpACTR.exe
2⤵
PID:9368

C:\Windows\System\QvvKhLV.exe
C:\Windows\System\QvvKhLV.exe
2⤵
PID:9240

C:\Windows\System\NHcyYVU.exe
C:\Windows\System\NHcyYVU.exe
2⤵
PID:11952

C:\Windows\System\HRIMJrw.exe
C:\Windows\System\HRIMJrw.exe
2⤵
PID:9204

C:\Windows\System\YCQlXCC.exe
C:\Windows\System\YCQlXCC.exe
2⤵
PID:12048

C:\Windows\System\PfaiPJM.exe
C:\Windows\System\PfaiPJM.exe
2⤵
PID:8520

C:\Windows\System\DDMkNjX.exe
C:\Windows\System\DDMkNjX.exe
2⤵
PID:12652

C:\Windows\System\tmPVKgo.exe
C:\Windows\System\tmPVKgo.exe
2⤵
PID:12660

C:\Windows\System\jpkuwzX.exe
C:\Windows\System\jpkuwzX.exe
2⤵
PID:9520

C:\Windows\System\xeQNxrY.exe
C:\Windows\System\xeQNxrY.exe
2⤵
PID:6920

C:\Windows\System\FJGkzen.exe
C:\Windows\System\FJGkzen.exe
2⤵
PID:12276

C:\Windows\System\WfrRgZj.exe
C:\Windows\System\WfrRgZj.exe
2⤵
PID:11540

C:\Windows\System\vIJrVSz.exe
C:\Windows\System\vIJrVSz.exe
2⤵
PID:4884

C:\Windows\System\DoiJxOz.exe
C:\Windows\System\DoiJxOz.exe
2⤵
PID:12764

C:\Windows\System\cslKKZY.exe
C:\Windows\System\cslKKZY.exe
2⤵
PID:12832

C:\Windows\System\RPmlkHZ.exe
C:\Windows\System\RPmlkHZ.exe
2⤵
PID:12968

C:\Windows\System\IPulSPp.exe
C:\Windows\System\IPulSPp.exe
2⤵
PID:9148

C:\Windows\System\CfqMbZH.exe
C:\Windows\System\CfqMbZH.exe
2⤵
PID:9512

C:\Windows\System\ZfQoMUk.exe
C:\Windows\System\ZfQoMUk.exe
2⤵
PID:9048

C:\Windows\System\hdpQOVI.exe
C:\Windows\System\hdpQOVI.exe
2⤵
PID:9080

C:\Windows\System\jSFSwMd.exe
C:\Windows\System\jSFSwMd.exe
2⤵
PID:8356

C:\Windows\System\TzxPiSk.exe
C:\Windows\System\TzxPiSk.exe
2⤵
PID:12440

C:\Windows\System\XsJRiHF.exe
C:\Windows\System\XsJRiHF.exe
2⤵
PID:9896

C:\Windows\System\QCZsnHc.exe
C:\Windows\System\QCZsnHc.exe
2⤵
PID:8924

C:\Windows\System\FFOAMyV.exe
C:\Windows\System\FFOAMyV.exe
2⤵
PID:8504

C:\Windows\System\jrQfapB.exe
C:\Windows\System\jrQfapB.exe
2⤵
PID:12064

C:\Windows\System\eNnguJP.exe
C:\Windows\System\eNnguJP.exe
2⤵
PID:6828

C:\Windows\System\eGFAGLM.exe
C:\Windows\System\eGFAGLM.exe
2⤵
PID:6668

C:\Windows\System\nVLqbUb.exe
C:\Windows\System\nVLqbUb.exe
2⤵
PID:1492

C:\Windows\System\dGmUKoC.exe
C:\Windows\System\dGmUKoC.exe
2⤵
PID:13036

C:\Windows\System\yWwDuxz.exe
C:\Windows\System\yWwDuxz.exe
2⤵
PID:11336

C:\Windows\System\lcKyNWf.exe
C:\Windows\System\lcKyNWf.exe
2⤵
PID:13292

C:\Windows\System\YJvCKUi.exe
C:\Windows\System\YJvCKUi.exe
2⤵
PID:12408

C:\Windows\System\kIDwGzg.exe
C:\Windows\System\kIDwGzg.exe
2⤵
PID:14268

C:\Windows\System\slMTOWd.exe
C:\Windows\System\slMTOWd.exe
2⤵
PID:9324

C:\Windows\System\GNJeoXa.exe
C:\Windows\System\GNJeoXa.exe
2⤵
PID:11924

C:\Windows\System\MsFTadP.exe
C:\Windows\System\MsFTadP.exe
2⤵
PID:9460

C:\Windows\System\HxYAchZ.exe
C:\Windows\System\HxYAchZ.exe
2⤵
PID:12400

C:\Windows\System\SOOfvMz.exe
C:\Windows\System\SOOfvMz.exe
2⤵
PID:12272

C:\Windows\System\mNzHMvr.exe
C:\Windows\System\mNzHMvr.exe
2⤵
PID:12924

C:\Windows\System\aSwSrNo.exe
C:\Windows\System\aSwSrNo.exe
2⤵
PID:9156

C:\Windows\System\zBJilTx.exe
C:\Windows\System\zBJilTx.exe
2⤵
PID:6840

C:\Windows\System\SDbbwYz.exe
C:\Windows\System\SDbbwYz.exe
2⤵
PID:11708

C:\Windows\System\kWUIsMI.exe
C:\Windows\System\kWUIsMI.exe
2⤵
PID:10528

C:\Windows\System\FfeniFZ.exe
C:\Windows\System\FfeniFZ.exe
2⤵
PID:9152

C:\Windows\System\FwLsFMu.exe
C:\Windows\System\FwLsFMu.exe
2⤵
PID:9472

C:\Windows\System\CyxUqna.exe
C:\Windows\System\CyxUqna.exe
2⤵
PID:12032

C:\Windows\System\XukiCFm.exe
C:\Windows\System\XukiCFm.exe
2⤵
PID:11300

C:\Windows\System\bsRPhug.exe
C:\Windows\System\bsRPhug.exe
2⤵
PID:14440

C:\Windows\System\GihvrTC.exe
C:\Windows\System\GihvrTC.exe
2⤵
PID:14480

C:\Windows\System\NbCASLv.exe
C:\Windows\System\NbCASLv.exe
2⤵
PID:14508

C:\Windows\System\BccSrxw.exe
C:\Windows\System\BccSrxw.exe
2⤵
PID:14528

C:\Windows\System\sXYqeHW.exe
C:\Windows\System\sXYqeHW.exe
2⤵
PID:14552

C:\Windows\System\SKDwAle.exe
C:\Windows\System\SKDwAle.exe
2⤵
PID:14576

C:\Windows\System\buDyUYe.exe
C:\Windows\System\buDyUYe.exe
2⤵
PID:14600

C:\Windows\System\cfXVqLd.exe
C:\Windows\System\cfXVqLd.exe
2⤵
PID:14624

C:\Windows\System\woroSPA.exe
C:\Windows\System\woroSPA.exe
2⤵
PID:14648

C:\Windows\System\tcnKnwo.exe
C:\Windows\System\tcnKnwo.exe
2⤵
PID:14672

C:\Windows\System\WdgCxtg.exe
C:\Windows\System\WdgCxtg.exe
2⤵
PID:14700

C:\Windows\System\fLFniOv.exe
C:\Windows\System\fLFniOv.exe
2⤵
PID:14724

C:\Windows\System\XahYcKm.exe
C:\Windows\System\XahYcKm.exe
2⤵
PID:14744

C:\Windows\System\blMmYDy.exe
C:\Windows\System\blMmYDy.exe
2⤵
PID:14772

C:\Windows\System\bQtCnlW.exe
C:\Windows\System\bQtCnlW.exe
2⤵
PID:14792

C:\Windows\System\JUZoDKx.exe
C:\Windows\System\JUZoDKx.exe
2⤵
PID:14812

C:\Windows\System\binyskJ.exe
C:\Windows\System\binyskJ.exe
2⤵
PID:14840

C:\Windows\System\hwmHGkU.exe
C:\Windows\System\hwmHGkU.exe
2⤵
PID:14856

C:\Windows\System\ibJEUZz.exe
C:\Windows\System\ibJEUZz.exe
2⤵
PID:14876

C:\Windows\System\pekovtz.exe
C:\Windows\System\pekovtz.exe
2⤵
PID:14904

C:\Windows\System\jnGWKwO.exe
C:\Windows\System\jnGWKwO.exe
2⤵
PID:14924

C:\Windows\System\PHoCdDQ.exe
C:\Windows\System\PHoCdDQ.exe
2⤵
PID:15064

C:\Windows\System\pqltJEn.exe
C:\Windows\System\pqltJEn.exe
2⤵
PID:4048

C:\Windows\System\zueldQk.exe
C:\Windows\System\zueldQk.exe
2⤵
PID:14360

C:\Windows\System\qnTHVHE.exe
C:\Windows\System\qnTHVHE.exe
2⤵
PID:14544

C:\Windows\System\FwfYGzJ.exe
C:\Windows\System\FwfYGzJ.exe
2⤵
PID:14620

C:\Windows\System\vGhLEUu.exe
C:\Windows\System\vGhLEUu.exe
2⤵
PID:12416

C:\Windows\System\olcDCOa.exe
C:\Windows\System\olcDCOa.exe
2⤵
PID:14396

C:\Windows\System\EbuKGDf.exe
C:\Windows\System\EbuKGDf.exe
2⤵
PID:8016

C:\Windows\System\CNEuxBR.exe
C:\Windows\System\CNEuxBR.exe
2⤵
PID:14868

C:\Windows\System\dHbOJFZ.exe
C:\Windows\System\dHbOJFZ.exe
2⤵
PID:14916

C:\Windows\System\amOVANk.exe
C:\Windows\System\amOVANk.exe
2⤵
PID:14468

C:\Windows\System\HEDhOMf.exe
C:\Windows\System\HEDhOMf.exe
2⤵
PID:14492

C:\Windows\System\kXytuaT.exe
C:\Windows\System\kXytuaT.exe
2⤵
PID:14560

C:\Windows\System\hAaIXEn.exe
C:\Windows\System\hAaIXEn.exe
2⤵
PID:14636

C:\Windows\System\XPzrmxk.exe
C:\Windows\System\XPzrmxk.exe
2⤵
PID:14752

C:\Windows\System\qvdLcKH.exe
C:\Windows\System\qvdLcKH.exe
2⤵
PID:14764

C:\Windows\System\WQdDIor.exe
C:\Windows\System\WQdDIor.exe
2⤵
PID:14832

C:\Windows\System\FlKYMOX.exe
C:\Windows\System\FlKYMOX.exe
2⤵
PID:14896

C:\Windows\System\jVQaZRo.exe
C:\Windows\System\jVQaZRo.exe
2⤵
PID:14536

C:\Windows\System\jFdUCMr.exe
C:\Windows\System\jFdUCMr.exe
2⤵
PID:14584

C:\Windows\System\iMugdZG.exe
C:\Windows\System\iMugdZG.exe
2⤵
PID:14688

C:\Windows\System\piuyzoT.exe
C:\Windows\System\piuyzoT.exe
2⤵
PID:15164

C:\Windows\System\IOVGHDh.exe
C:\Windows\System\IOVGHDh.exe
2⤵
PID:14912

C:\Windows\System\rHRbqAk.exe
C:\Windows\System\rHRbqAk.exe
2⤵
PID:15180

C:\Windows\System\mkARofY.exe
C:\Windows\System\mkARofY.exe
2⤵
PID:15324

C:\Windows\System\EMUNfuL.exe
C:\Windows\System\EMUNfuL.exe
2⤵
PID:10432

C:\Windows\System\zyPcGQv.exe
C:\Windows\System\zyPcGQv.exe
2⤵
PID:15104

C:\Windows\System\MzOEmPs.exe
C:\Windows\System\MzOEmPs.exe
2⤵
PID:15276

C:\Windows\System\lEcsYAh.exe
C:\Windows\System\lEcsYAh.exe
2⤵
PID:15332

C:\Windows\System\iUSiNOR.exe
C:\Windows\System\iUSiNOR.exe
2⤵
PID:15344

C:\Windows\System\DEtvtXt.exe
C:\Windows\System\DEtvtXt.exe
2⤵
PID:10328

C:\Windows\System\nUFhokE.exe
C:\Windows\System\nUFhokE.exe
2⤵
PID:9680

C:\Windows\System\eYZAJtT.exe
C:\Windows\System\eYZAJtT.exe
2⤵
PID:9228

C:\Windows\System\kqTPyGs.exe
C:\Windows\System\kqTPyGs.exe
2⤵
PID:13280

C:\Windows\System\ZrnzrIk.exe
C:\Windows\System\ZrnzrIk.exe
2⤵
PID:15008

C:\Windows\System\hoqUimp.exe
C:\Windows\System\hoqUimp.exe
2⤵
PID:10244

C:\Windows\System\HRMJDAE.exe
C:\Windows\System\HRMJDAE.exe
2⤵
PID:9544

C:\Windows\System\aecrscI.exe
C:\Windows\System\aecrscI.exe
2⤵
PID:1776

C:\Windows\System\ZGjdnim.exe
C:\Windows\System\ZGjdnim.exe
2⤵
PID:8976

C:\Windows\System\QpfpBKK.exe
C:\Windows\System\QpfpBKK.exe
2⤵
PID:15196

C:\Windows\System\wwtnYLo.exe
C:\Windows\System\wwtnYLo.exe
2⤵
PID:9524

C:\Windows\System\ywHPPXi.exe
C:\Windows\System\ywHPPXi.exe
2⤵
PID:11332

C:\Windows\System\uwVvPWJ.exe
C:\Windows\System\uwVvPWJ.exe
2⤵
PID:1524

C:\Windows\System\Ykgqmsj.exe
C:\Windows\System\Ykgqmsj.exe
2⤵
PID:14932

C:\Windows\System\IlZnjnX.exe
C:\Windows\System\IlZnjnX.exe
2⤵
PID:4664

C:\Windows\System\pvMkXPH.exe
C:\Windows\System\pvMkXPH.exe
2⤵
PID:14524

C:\Windows\System\CiIXumz.exe
C:\Windows\System\CiIXumz.exe
2⤵
PID:15248

C:\Windows\System\NSuFuRB.exe
C:\Windows\System\NSuFuRB.exe
2⤵
PID:15124

C:\Windows\System\nbEUbxz.exe
C:\Windows\System\nbEUbxz.exe
2⤵
PID:14608

C:\Windows\System\MKTidJD.exe
C:\Windows\System\MKTidJD.exe
2⤵
PID:6732

C:\Windows\System\XurBfGu.exe
C:\Windows\System\XurBfGu.exe
2⤵
PID:15052

C:\Windows\System\drYkfss.exe
C:\Windows\System\drYkfss.exe
2⤵
PID:13076

C:\Windows\System\axMYtiB.exe
C:\Windows\System\axMYtiB.exe
2⤵
PID:5908

C:\Windows\System\tEDEyqj.exe
C:\Windows\System\tEDEyqj.exe
2⤵
PID:12856

C:\Windows\System\IKsdAHV.exe
C:\Windows\System\IKsdAHV.exe
2⤵
PID:14968

C:\Windows\System\vJypbXz.exe
C:\Windows\System\vJypbXz.exe
2⤵
PID:15156

C:\Windows\System\pHwYyGS.exe
C:\Windows\System\pHwYyGS.exe
2⤵
PID:15160

C:\Windows\System\aNkwgsn.exe
C:\Windows\System\aNkwgsn.exe
2⤵
PID:12016

C:\Windows\System\YMOyyhs.exe
C:\Windows\System\YMOyyhs.exe
2⤵
PID:15060

C:\Windows\System\nTHulPE.exe
C:\Windows\System\nTHulPE.exe
2⤵
PID:2220

C:\Windows\System\iZNkwwW.exe
C:\Windows\System\iZNkwwW.exe
2⤵
PID:10416

C:\Windows\System\wLuxgNT.exe
C:\Windows\System\wLuxgNT.exe
2⤵
PID:15204

C:\Windows\System\AEmRQlE.exe
C:\Windows\System\AEmRQlE.exe
2⤵
PID:8732

C:\Windows\System\ZLwreEt.exe
C:\Windows\System\ZLwreEt.exe
2⤵
PID:8220

C:\Windows\System\uUKUpPw.exe
C:\Windows\System\uUKUpPw.exe
2⤵
PID:12556

C:\Windows\System\iCtnHZA.exe
C:\Windows\System\iCtnHZA.exe
2⤵
PID:12908

C:\Windows\System\usgFUgq.exe
C:\Windows\System\usgFUgq.exe
2⤵
PID:2520

C:\Windows\System\xXLBvki.exe
C:\Windows\System\xXLBvki.exe
2⤵
PID:10672

C:\Windows\System\ljhdbRh.exe
C:\Windows\System\ljhdbRh.exe
2⤵
PID:11724

C:\Windows\System\bsDBZAI.exe
C:\Windows\System\bsDBZAI.exe
2⤵
PID:12512

C:\Windows\System\qgCkLph.exe
C:\Windows\System\qgCkLph.exe
2⤵
PID:11840

C:\Windows\System\MsezouO.exe
C:\Windows\System\MsezouO.exe
2⤵
PID:15252

C:\Windows\System\aQJiiPi.exe
C:\Windows\System\aQJiiPi.exe
2⤵
PID:12212

C:\Windows\System\dkNOFgI.exe
C:\Windows\System\dkNOFgI.exe
2⤵
PID:15136

C:\Windows\System\WtmbgaH.exe
C:\Windows\System\WtmbgaH.exe
2⤵
PID:15380

C:\Windows\System\bcjiCNl.exe
C:\Windows\System\bcjiCNl.exe
2⤵
PID:15404

C:\Windows\System\sQVKwHA.exe
C:\Windows\System\sQVKwHA.exe
2⤵
PID:15440

C:\Windows\System\XsImzRl.exe
C:\Windows\System\XsImzRl.exe
2⤵
PID:15480

C:\Windows\System\gpwHnQJ.exe
C:\Windows\System\gpwHnQJ.exe
2⤵
PID:15500

C:\Windows\System\rGlHtbc.exe
C:\Windows\System\rGlHtbc.exe
2⤵
PID:15520

C:\Windows\System\ARcYkwa.exe
C:\Windows\System\ARcYkwa.exe
2⤵
PID:15540

C:\Windows\System\AlAudoj.exe
C:\Windows\System\AlAudoj.exe
2⤵
PID:15568

C:\Windows\System\mmlFZlM.exe
C:\Windows\System\mmlFZlM.exe
2⤵
PID:15600

C:\Windows\System\FyECtqv.exe
C:\Windows\System\FyECtqv.exe
2⤵
PID:15620

C:\Windows\System\MklllhZ.exe
C:\Windows\System\MklllhZ.exe
2⤵
PID:15644

C:\Windows\System\vWRiJFu.exe
C:\Windows\System\vWRiJFu.exe
2⤵
PID:15664

C:\Windows\System\WjWciwu.exe
C:\Windows\System\WjWciwu.exe
2⤵
PID:15684

C:\Windows\System\xWzRtFE.exe
C:\Windows\System\xWzRtFE.exe
2⤵
PID:15708

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zywofkxk.bc0.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DNUHDrz.exe
Filesize
1.5MB

MD5
a9f4e87b8874241e08fafc627d421c77

SHA1
bdcbe8709baebc8fef9f53f08318dca288df4bdf

SHA256
9c62f7e13e99bcde662ebd5899c432d62199df5737dcc8190fe8cf7ecf24553c

SHA512
645cfe05b352e3bc8f7d0b04348b240af7b97dde08eec6f18d8f7e6e39c1245f6841b9fda7a9d46bd7f3e8bc0cac76b0802d2b8c7cca38c19e1cdbb451f4d963

Download Submit
C:\Windows\System\GFvLoNW.exe
Filesize
1.5MB

MD5
a861cd403bc5426e35ed5cb66b22f67e

SHA1
392e50bcbb8bdd9cc3f28f59b3744b5be3520c76

SHA256
23168c6db4f08a9b887627c592c07a49576b7c22727ad08071d3147fcc1543be

SHA512
5e5165cb930b24431d6f32723609cfaf34e81ed318bd86c8eac5416578f523c35f625854bbf64d02fb3aa0c363e4bffb0a8046f9c07b25d1017d60c007371ff9

Download Submit
C:\Windows\System\GHTPQQb.exe
Filesize
1.5MB

MD5
face5bb5cd50403ab8d7026a72c0c298

SHA1
e16de2a6487e9236581ebba8067a4d94527620b7

SHA256
9f93ac8a5af6365448d7adfd4838eb233a8fa94d7060abeae83bcc84791722a4

SHA512
abad7a81b535989addc95ce9579cb049f4cafda5595b8887f93057d6b8c4d2610a1be25919eadf74c1369a6d4afd3a2a15b7da7e78b2e8ad4b440753ffe47e03

Download Submit
C:\Windows\System\GuVhZjq.exe
Filesize
1.5MB

MD5
c901b8a121ee648c564fe58f684ff73f

SHA1
f1a184b127e102ae4baf647b6eba2a536d59edf5

SHA256
008e9bf896f89a7ed1ab320f2a27ff22d893ab2cf5ff34b63a0c12fbbc3706a1

SHA512
1f51ac9bbf9f441985c4f861adeb6f2dd887c94358af6ce22e6c9b3497296ffe52862a96df84f51bdbc6e8c84d4a489842eaaae8bf4ccda46fb64ce5806ed0da

Download Submit
C:\Windows\System\HTQhGtr.exe
Filesize
1.5MB

MD5
bbe075e320dfd763c5404d348b0e6537

SHA1
3d8a2e749814f1787f15b69cf9e957075868ea37

SHA256
698dafbc8645e179862806c96ed87f7a667993cc3fec3146d4432f51406d6073

SHA512
dbc34ce9c531f9a736539d5f6daf3ee498ae401adca26080b7e091eff8729a62c3600fd40088e76dc71283ff56ceff75ff0ed6fa99aab2b27b376fbb54a0316d

Download Submit
C:\Windows\System\IMLDNtG.exe
Filesize
1.5MB

MD5
9eeb87ffb1977cfe6b944f605dbc7a72

SHA1
424a2083582223d7f000c67ff903d4f780022959

SHA256
6e3ef8bb87392b5449cde594d84221d2d5edf2b59ee43e4144f943145fa6f513

SHA512
d71b23684d9fa6467b0b4e7d81cf37a56f613f00e3cb7f659df9421f9978a9a6d83f3a8b98bf0b19c28c0123ce6cf491b55f08f12233c401ff013807949e31e8

Download Submit
C:\Windows\System\LonICuy.exe
Filesize
1.5MB

MD5
6cff2fa2389416a3ce5b1c9b4e69ce7d

SHA1
07ad5e4c228760513925c3650c7969ad2bbdd12d

SHA256
69ef3b6f0814d3b8cd512909790bce07af365ba41d8bdae211e9d342774f320f

SHA512
6a3de1f127d21838c7471b5510c0b2eae960dc75a704255aa3e1a86510152e70479adf9f9d906434ca1983af4322354a16409db0ba41d767e11a9c588973efae

Download Submit
C:\Windows\System\MSVsbIO.exe
Filesize
1.5MB

MD5
36e03c43000f84450bf65c0252003235

SHA1
b9dd93284ccee0d448001efad2af1bda81996992

SHA256
e674f38454b59ff4a4b512b00c44cdde3255cc1e4f6c33f2a27dce5d184dedda

SHA512
f22096315194a66976ee66f6a59cd298be090faf756a46134da50b2c592f1963ea0465b8a0780bf28829b21fe115de3972ef2feffc893128c430a8d4fb786b0c

Download Submit
C:\Windows\System\MlRdaPr.exe
Filesize
1.5MB

MD5
4122e1bb044969ced84513a1be2c7b60

SHA1
ce899b137f6d94556ecac8fa257999916441d059

SHA256
9269fff95fee146bdaca59005f1c3a04d5183d290b0f094d160890dff2cb06aa

SHA512
fd92a51bdf54c4935c6bdfe91504ba3fc73c5e0b409c339092e1779f6c627fd47ca574ea6db1400876b05a0f3fc58f16e6da79b7ce08296e2123029e078d5ac4

Download Submit
C:\Windows\System\OcSsoTt.exe
Filesize
1.5MB

MD5
4b2cab6ff85d92d092921279ecf544c0

SHA1
90a7e67fd170c817e01055f3a49c4728a4eddcfd

SHA256
809863ada4ce47dfe4abd3660299f2a962c17fd2d7ef243d3cc8cb4ca6ed984b

SHA512
e23397f8bf7ba7bcfbe844e5423ede961dc78c0e2f1e8aa07778719ea4ec6636d8e45c8f449b7faa950b0d9bae1c80f4b8011dd1a5974fe9194f42293772a5a3

Download Submit
C:\Windows\System\QTmeRQp.exe
Filesize
1.5MB

MD5
4c760f079341039c3f92dead898058e0

SHA1
cccc87fde289294742d957780d27288e572f4d5d

SHA256
9f0a22f94a259f1d9279baef4421c7bc5410f1636865602a29b56cdb21aaaac3

SHA512
3eb5e207767aa00be8249d669cf6d4ea96bd50e33cf5510ee8e290572d542e911b12266224ef6926f6ab770990d6971d18aa8060e3d1c8167702e53e87300d6a

Download Submit
C:\Windows\System\RfmlgES.exe
Filesize
1.5MB

MD5
d3f7a2a719b5dcc8f9145aae5ead4127

SHA1
b5131a97d555985d4ff881ce062bc20b652c32bf

SHA256
fc2dafb72cc2dfc51f3d68db6e1fdf5d39945f983edad1bca13624f365f604cc

SHA512
24b38573971095d06c28c054c6d225311d1ba8da80129887afb1eb0d5e1d29b49f8d55359d3b1e4489fd0c816e96adcd65313c6bfeeab4dc81de768b9ac68f0c

Download Submit
C:\Windows\System\RrsuzrV.exe
Filesize
1.5MB

MD5
7483a4437ddc02926b5479477a271e2e

SHA1
d7440dbb7a29dfb62eca5505a2d884f84a428899

SHA256
0c425334421153ab1c0c9d0971e641dff2a9b5ad75c8fbc32d44b901f7323301

SHA512
40a635c01674a43439e2c0706c0e17f3670c0063f37ff2ce27552b13759f842adc00f452c1432b0cd880891ba57023e327ea5635325b1d1634abe027f3b43d1d

Download Submit
C:\Windows\System\UGrtowg.exe
Filesize
1.5MB

MD5
dcf7806eae5d48437cc3afe4fe2e9654

SHA1
491b0e38c3a089f57af7b68cd7d0121c9bf0508f

SHA256
f9f3cfdfc47e2c99f3c13f3bf159e932fd8ffbec04c381a1621336820d867c8f

SHA512
e8838136eb457cadfcced0ba729bdf921c98de370272e7ddf650b34eaca9ea0360a7b78cacb17b319fd9969152bf3a70394bdc40cfc21bb8d5edaa15f84620c5

Download Submit
C:\Windows\System\XFWfhMV.exe
Filesize
1.5MB

MD5
e0dbbbfafd53598f611566ee6df1d05f

SHA1
8ad866fb048c16d2f2718c598f93ed1c126d8070

SHA256
8b4146797be3a1bd63c36ae90e9a87d67dc5d08d07496189b1de6acffcff9702

SHA512
78c7fa6116a75c03d75aef71080cf6741e2ddbb6d8935c58d74f1ed22dd4566d5ab957a57de90f2c8b7a33076fe4c0ee3c9b6cbc43081fb7f8e8d78f1be1dd07

Download Submit
C:\Windows\System\XKHZDBQ.exe
Filesize
1.5MB

MD5
5ebae249f07a162c70c1d9ef4ed37ccb

SHA1
54560b60a4098198954a6678dfd27473ae8c4c11

SHA256
45e044646cabfefbb3c88197c05d4113fc0a6e7392dde9001a0328bcc99554dc

SHA512
ea9b21ca1586724f739d7bd70deddf4076e8f008d5a4e492989d0ab2a58b582398c22cfbd9b164020085f5310d3d6101718c2d589ad6eacc1a93cb500e2a7440

Download Submit
C:\Windows\System\YFmEnnl.exe
Filesize
1.5MB

MD5
d9b0faf85900cd012ea909555d3c88f0

SHA1
3eb11e6377d689f3537f87b3b10761f0ca8a5f37

SHA256
99b6a9c655d8c5bce4150554206cfddd7bd56d2586a9d778f850d52a89ad7578

SHA512
4c7da9683f69ec930a5f5715a15ce74455adeda1a7814c46637b5bd799dc00f4c6e8db27b97c95364a366bb2f2e3788f3286a658a00a7f5e25138aa3b89ab772

Download Submit
C:\Windows\System\YNDstst.exe
Filesize
1.5MB

MD5
5d344159976e14423f86297937212c85

SHA1
12af359a98d3efd32c614e5a39a0b05836286170

SHA256
d690d434ed54422abf480a3d87485c4b369fb3f11d05b52bbc7c3c3cfd648f43

SHA512
e170efa5c4d4695ed7768b5e2ab6e1ea232687468405ae50d48d47d7d5cbf5053301d55de425fef225353125bebc9fd46ac9da86a4fb4ab30acab5a7dcb0d702

Download Submit
C:\Windows\System\YqInCbi.exe
Filesize
1.5MB

MD5
65b7f66eff5da3fc11d37e2a68c1e5bd

SHA1
e3ed2b9f28fec7e1b4c5d24624eee11e5f5476db

SHA256
849002ccb8448ad91906c6c89ed1690a20111787d1ae7d14109214ecd529804e

SHA512
3d4fa8f02f160ada6c1b7b30fc8899f5c99c2bb7756d17a3dfa8d51c28334df2b53447c153063d294f6988d10d39a01da37c2e756850fd20b78ff6412ae173ff

Download Submit
C:\Windows\System\ZUNYAER.exe
Filesize
1.5MB

MD5
c21d9d09df67d7578987f34779c499a4

SHA1
cc2eae646ef50636d91bce91580f70acee9e8bd1

SHA256
1a38e8b70fd129661693444e27dd2e80788ee62dda41a303c74d2ea67bbe4b31

SHA512
aaa42072886ea9380df32fbdae5bd9fe3d543ab0074e4ad366ee7a03147949c6b519a79c287758f137d8f8f8687f9ab8788822403fbc9a1554c061ef39e87d93

Download Submit
C:\Windows\System\ciUXyLj.exe
Filesize
1.5MB

MD5
27f24cc09ef40100c8fe2722a2a799d9

SHA1
263f0bdf727690b27f13d57d4bad5c247b57312b

SHA256
db1564c539b97b3ebaa37e3d67ecb8e0c789c8f93fcd27be52613f176eb14411

SHA512
b5dd0f8b47803bbdaf5d8ce7a5d38914abe61a8aa8a98b58a878c092ca122228426c5893b5fac002364c2ec0625bc5db9386dda3747a766be375d4e3e2123065

Download Submit
C:\Windows\System\iKEKeOK.exe
Filesize
1.5MB

MD5
065c7d3e4c63ffb527e12282f770eceb

SHA1
4739fc0f0e688d94a8c0aae2acefa95575d9dc9a

SHA256
3f638c7dd51fd7af905905b7ddb0c2349cd0a9653251133eab6274ad3436f161

SHA512
7667977acce1a8b8baf9949a8ee27df2584323bf8bbbf7c1a5891b27e560cd02332b9b167bf05a178913713b927c459554d7bf4257a40a39cafb6c4f9267dbe8

Download Submit
C:\Windows\System\iqXRdeD.exe
Filesize
1.5MB

MD5
bd0048facd252afe65d1eb71f9f7a6e9

SHA1
dfe2e86c5771b83701c7a5ee6f0e7254ad253fd1

SHA256
b1b7c3ef5cb62e3079140011c7d0706ea00024ffcdd4973edbaf36a62bf14c03

SHA512
ac457c65809dfa02b778d6213aac99a4afbbcd47673ad7162d7b01a22e64119514498c6ac914e14d41b192690ca4104655bb3a844c053ee1a34298e33dd48a3c

Download Submit
C:\Windows\System\kFxShny.exe
Filesize
1.5MB

MD5
398ea375ca9135de19e181888cad1e94

SHA1
e0db85c89f10612c5134eb051668901ea33e2f08

SHA256
e97de8f35cd05f13f6d6ab9ff433cc03d65ef86ff7022b66e85b4c8a6e525918

SHA512
80f621b9d0f8064d2604127d621dfd8b902416d68da3594eb126caa351a06af1c97acd0d88c4d20bbac414b621537c2562f078fc9ce72be43c5a9fc3443e7a14

Download Submit
C:\Windows\System\kfLeROf.exe
Filesize
1.5MB

MD5
4c9d1f1ba7f8c4a3f45fd128e1b73b16

SHA1
b4a4f71b28d77fe145df4ecd2f64894c608acb25

SHA256
cb873bf3178dfe37d45ec65ae1de06e34acee4f7dbb7a2e368274ff1e39c6178

SHA512
ff9057a9858e4d0c615abf803e8386c87a34eb2b4e98b3c8027554e66255b1ae5389a843100b9b8d00eadfc110f8db426e87c18340e25e75d2dec3006f7786ba

Download Submit
C:\Windows\System\oPqcbYR.exe
Filesize
1.5MB

MD5
41c657884de4c45127655ff66f0f1a8e

SHA1
c3667b8fe447915823f8cd02f6932cefc9ef2a89

SHA256
5fe25a626fbf2a6c9e3da65c01074018c253f8e81338d8fc6eef0352e348e7c2

SHA512
6c3248bd93e0bd0581854c922fbceedafc869dd648eb3fce90fcc8c51b552565cb0a4194c463c6bc4f7bfb9c180a03325b01110802def9de3e585d7e33d9411c

Download Submit
C:\Windows\System\pZapYKs.exe
Filesize
1.5MB

MD5
a00ce7bcf37401af725cf5228e37aee1

SHA1
20b2d82e0831589d165d122cdb038f4bb4037f73

SHA256
61a77f45083b82916f4bc6715422db5735ec3babd9af6465572ccdecc7abe79b

SHA512
d0e11184e7347c6a1ec34a7fcccf2a2166ddabcd767369c5ec9b10aa1f90aca37fe35a6788892383dfc25fd72982e2f461a1e38b3f97dbea20dd087bd71abdb9

Download Submit
C:\Windows\System\sQUYmXj.exe
Filesize
1.5MB

MD5
61e43b930c7035fb9a89825dc66c65ae

SHA1
a22ec9cdd49debaed0dc5d38a7565c93f9fc2744

SHA256
de3bc551643ea0882788b0ddcaefb1d60b7d63ba26bd90652b5253d930e41aab

SHA512
3e06e9d66043b75fe2a60e3c74e8362ee535d7e2e75ddc041b3afbcc919ca76be11d1f87e9518b36817fa9a37941dd5a4e9655261072c9f30325150cc554b896

Download Submit
C:\Windows\System\svjvvaa.exe
Filesize
1.5MB

MD5
f7664caceae303897249d0abe4158a04

SHA1
138b347309343442e86e16354b10eb446a2a60df

SHA256
fec79933d338d65d1de98e257b5963d256ddc21bad1948665159a55f33cc373b

SHA512
3e53e9b940701deb7ddb8decaebc0913030a60e6f0462c2d5522424afafd3f994e017f30d91208bd421dc9178754690ec390ea9fa1d49573bff46a652c4c9206

Download Submit
C:\Windows\System\ulTBqnp.exe
Filesize
1.5MB

MD5
e7cb7a1f45096d5caaf0c2d9af865ed5

SHA1
022304ab3e153ad9b5b3f5c3461e7ab3a383fe88

SHA256
e73977af6323d9d331b362b0138aa8046dcb8f16bcd34a40cf5f63a9021463b6

SHA512
b876c52525116c4f6090aba058b7b87f334f8bceace7ab9c17c2e9398571a035ec22ba75c93054c65267920a45a3bb616ab035ba60942e7ea2204592bbef9665

Download Submit
C:\Windows\System\zOHHdVr.exe
Filesize
1.5MB

MD5
92361484aad7cfc403fa4a32b107923a

SHA1
1919a965ce916cc176da8ab4b123963907c6dd5b

SHA256
0a3fadd9a4be943071da514ab4a8fe59e7b09722cb4529bf5c8969e304dd4dd3

SHA512
27dd0031ba6615090c650d03442137f9a4d7aece7a33230c82dbf3fe10c0f1368366ec643144b69cce95d2db854df9011cc6331fe86f1e213cd9b8c2b3767f96

Download Submit
C:\Windows\System\zncxmBe.exe
Filesize
1.5MB

MD5
75fe11e1a78bafa233c073a0a5874005

SHA1
16b59fa75c369b6f797155437d862984c4bdc5cb

SHA256
3465872232de96bdd83d5a49ad8a749e030ffddc629c15a87c8e812813dd904f

SHA512
05da4ff9a95a586a5c3c32a05a77582f6bf7e6e18192433a6c603b6ed93125fc21ad3832615644aba6bc77c4e559fefbf194a5342eb39bb416b17e38f8b83fbc

Download Submit
memory/1124-51-0x00007FF694A40000-0x00007FF694E32000-memory.dmp

Filesize
3.9MB

Download
memory/1124-2255-0x00007FF694A40000-0x00007FF694E32000-memory.dmp

Filesize
3.9MB

Download
memory/1124-1279-0x00007FF694A40000-0x00007FF694E32000-memory.dmp

Filesize
3.9MB

Download
memory/1184-0-0x00007FF698360000-0x00007FF698752000-memory.dmp

Filesize
3.9MB

Download
memory/1184-1-0x000002946CEC0000-0x000002946CED0000-memory.dmp

Filesize
64KB

Download
memory/1184-71-0x00007FF698360000-0x00007FF698752000-memory.dmp

Filesize
3.9MB

Download
memory/1288-317-0x00007FF684790000-0x00007FF684B82000-memory.dmp

Filesize
3.9MB

Download
memory/1288-2389-0x00007FF684790000-0x00007FF684B82000-memory.dmp

Filesize
3.9MB

Download
memory/1400-2404-0x00007FF7A04D0000-0x00007FF7A08C2000-memory.dmp

Filesize
3.9MB

Download
memory/1400-322-0x00007FF7A04D0000-0x00007FF7A08C2000-memory.dmp

Filesize
3.9MB

Download
memory/1556-2376-0x00007FF77DFB0000-0x00007FF77E3A2000-memory.dmp

Filesize
3.9MB

Download
memory/1556-105-0x00007FF77DFB0000-0x00007FF77E3A2000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2350-0x00007FF677230000-0x00007FF677622000-memory.dmp

Filesize
3.9MB

Download
memory/1596-86-0x00007FF677230000-0x00007FF677622000-memory.dmp

Filesize
3.9MB

Download
memory/1788-312-0x00007FF73D9E0000-0x00007FF73DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/1788-2351-0x00007FF73D9E0000-0x00007FF73DDD2000-memory.dmp

Filesize
3.9MB

Download
memory/1864-2375-0x00007FF725A90000-0x00007FF725E82000-memory.dmp

Filesize
3.9MB

Download
memory/1864-110-0x00007FF725A90000-0x00007FF725E82000-memory.dmp

Filesize
3.9MB

Download
memory/2112-313-0x00007FF75C500000-0x00007FF75C8F2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-2380-0x00007FF75C500000-0x00007FF75C8F2000-memory.dmp

Filesize
3.9MB

Download
memory/2224-73-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2224-2274-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2516-102-0x00007FF797200000-0x00007FF7975F2000-memory.dmp

Filesize
3.9MB

Download
memory/2516-2383-0x00007FF797200000-0x00007FF7975F2000-memory.dmp

Filesize
3.9MB

Download
memory/3208-2385-0x00007FF6E6C30000-0x00007FF6E7022000-memory.dmp

Filesize
3.9MB

Download
memory/3208-108-0x00007FF6E6C30000-0x00007FF6E7022000-memory.dmp

Filesize
3.9MB

Download
memory/3732-2384-0x00007FF730A10000-0x00007FF730E02000-memory.dmp

Filesize
3.9MB

Download
memory/3732-314-0x00007FF730A10000-0x00007FF730E02000-memory.dmp

Filesize
3.9MB

Download
memory/3980-97-0x00007FF97B670000-0x00007FF97C131000-memory.dmp

Filesize
10.8MB

Download
memory/3980-18-0x0000024973B80000-0x0000024973BA2000-memory.dmp

Filesize
136KB

Download
memory/3980-19-0x00007FF97B670000-0x00007FF97C131000-memory.dmp

Filesize
10.8MB

Download
memory/3980-109-0x00007FF97B670000-0x00007FF97C131000-memory.dmp

Filesize
10.8MB

Download
memory/3980-133-0x0000024974860000-0x0000024975006000-memory.dmp

Filesize
7.6MB

Download
memory/3980-3-0x00007FF97B673000-0x00007FF97B675000-memory.dmp

Filesize
8KB

Download
memory/3980-79-0x00007FF97B673000-0x00007FF97B675000-memory.dmp

Filesize
8KB

Download
memory/4032-43-0x00007FF6FC780000-0x00007FF6FCB72000-memory.dmp

Filesize
3.9MB

Download
memory/4032-506-0x00007FF6FC780000-0x00007FF6FCB72000-memory.dmp

Filesize
3.9MB

Download
memory/4140-60-0x00007FF6E80A0000-0x00007FF6E8492000-memory.dmp

Filesize
3.9MB

Download
memory/4140-2245-0x00007FF6E80A0000-0x00007FF6E8492000-memory.dmp

Filesize
3.9MB

Download
memory/4180-1996-0x00007FF615400000-0x00007FF6157F2000-memory.dmp

Filesize
3.9MB

Download
memory/4180-9-0x00007FF615400000-0x00007FF6157F2000-memory.dmp

Filesize
3.9MB

Download
memory/4180-90-0x00007FF615400000-0x00007FF6157F2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-2180-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-107-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-21-0x00007FF6102E0000-0x00007FF6106D2000-memory.dmp

Filesize
3.9MB

Download
memory/4476-20-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp

Filesize
3.9MB

Download
memory/4476-1993-0x00007FF69FC50000-0x00007FF6A0042000-memory.dmp

Filesize
3.9MB

Download
memory/4492-325-0x00007FF6E9840000-0x00007FF6E9C32000-memory.dmp

Filesize
3.9MB

Download
memory/4492-2413-0x00007FF6E9840000-0x00007FF6E9C32000-memory.dmp

Filesize
3.9MB

Download
memory/4496-315-0x00007FF636CD0000-0x00007FF6370C2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-2394-0x00007FF636CD0000-0x00007FF6370C2000-memory.dmp

Filesize
3.9MB

Download
memory/4532-321-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4532-2397-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4756-2277-0x00007FF755480000-0x00007FF755872000-memory.dmp

Filesize
3.9MB

Download
memory/4756-70-0x00007FF755480000-0x00007FF755872000-memory.dmp

Filesize
3.9MB

Download
memory/4860-74-0x00007FF7898F0000-0x00007FF789CE2000-memory.dmp

Filesize
3.9MB

Download
memory/4860-2300-0x00007FF7898F0000-0x00007FF789CE2000-memory.dmp

Filesize
3.9MB

Download
memory/4908-38-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp

Filesize
3.9MB

Download
memory/4908-2192-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2407-0x00007FF7B1D00000-0x00007FF7B20F2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-324-0x00007FF7B1D00000-0x00007FF7B20F2000-memory.dmp

Filesize
3.9MB

Download