xmrig | df5fef160f4fad381b42c846b90c5505035868f8054ed8899006075800d47366

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
Size

2.2MB
MD5

01e70e23260f4e9cb346b17767f9675b
SHA1

c17882d75e96fd443656b107b1daf854badce22d
SHA256

df5fef160f4fad381b42c846b90c5505035868f8054ed8899006075800d47366
SHA512

00a8079213480c9bcf819c0861b85f17b1819a9e9301f8dada75879377b25ebd54712df3ac6846a67f30352924f4e7f43e17c158d51128b6558cc3b99dc43995
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTWsuT9cbNs:NABa

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 26 IoCs

miner

resource	yara_rule
behavioral2/memory/2384-134-0x00007FF65E650000-0x00007FF65EA42000-memory.dmp	xmrig
behavioral2/memory/348-214-0x00007FF746A70000-0x00007FF746E62000-memory.dmp	xmrig
behavioral2/memory/4356-247-0x00007FF68E2E0000-0x00007FF68E6D2000-memory.dmp	xmrig
behavioral2/memory/4928-290-0x00007FF7B9740000-0x00007FF7B9B32000-memory.dmp	xmrig
behavioral2/memory/3936-311-0x00007FF607930000-0x00007FF607D22000-memory.dmp	xmrig
behavioral2/memory/2220-316-0x00007FF6A0D30000-0x00007FF6A1122000-memory.dmp	xmrig
behavioral2/memory/4112-319-0x00007FF6F30B0000-0x00007FF6F34A2000-memory.dmp	xmrig
behavioral2/memory/1656-323-0x00007FF75FB30000-0x00007FF75FF22000-memory.dmp	xmrig
behavioral2/memory/4876-322-0x00007FF7272C0000-0x00007FF7276B2000-memory.dmp	xmrig
behavioral2/memory/1908-321-0x00007FF6C62D0000-0x00007FF6C66C2000-memory.dmp	xmrig
behavioral2/memory/1528-320-0x00007FF7E2F20000-0x00007FF7E3312000-memory.dmp	xmrig
behavioral2/memory/3000-244-0x00007FF73B190000-0x00007FF73B582000-memory.dmp	xmrig
behavioral2/memory/592-238-0x00007FF6A6EA0000-0x00007FF6A7292000-memory.dmp	xmrig
behavioral2/memory/5068-237-0x00007FF7E5EE0000-0x00007FF7E62D2000-memory.dmp	xmrig
behavioral2/memory/1676-200-0x00007FF6DAFF0000-0x00007FF6DB3E2000-memory.dmp	xmrig
behavioral2/memory/3004-180-0x00007FF71DA60000-0x00007FF71DE52000-memory.dmp	xmrig
behavioral2/memory/64-124-0x00007FF765D60000-0x00007FF766152000-memory.dmp	xmrig
behavioral2/memory/4588-105-0x00007FF7C1840000-0x00007FF7C1C32000-memory.dmp	xmrig
behavioral2/memory/4984-79-0x00007FF6529B0000-0x00007FF652DA2000-memory.dmp	xmrig
behavioral2/memory/3108-38-0x00007FF640FB0000-0x00007FF6413A2000-memory.dmp	xmrig
behavioral2/memory/2536-15-0x00007FF7309F0000-0x00007FF730DE2000-memory.dmp	xmrig
behavioral2/memory/4080-3478-0x00007FF628820000-0x00007FF628C12000-memory.dmp	xmrig
behavioral2/memory/3672-3476-0x00007FF6C6CD0000-0x00007FF6C70C2000-memory.dmp	xmrig
behavioral2/memory/3108-3474-0x00007FF640FB0000-0x00007FF6413A2000-memory.dmp	xmrig
behavioral2/memory/1440-3471-0x00007FF688760000-0x00007FF688B52000-memory.dmp	xmrig
behavioral2/memory/2536-3469-0x00007FF7309F0000-0x00007FF730DE2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	3420	powershell.exe
12	3420	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3420	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2536	mvUclCu.exe
1440	lPYLemV.exe
4112	ajtEUmg.exe
3108	FxHtUMP.exe
3672	aOxvhxM.exe
4080	LmJWQZs.exe
4984	hnNhIRt.exe
4588	ycjdSGS.exe
1528	CFrizyw.exe
64	BZpOmJJ.exe
2384	DTyjHQf.exe
1908	WFbEFpX.exe
3004	kZzqiFa.exe
1676	SHhPcRy.exe
348	djmpCrv.exe
5068	mETvCip.exe
4876	LSsvhVT.exe
592	HlHixog.exe
3000	WZxBCEg.exe
1656	WuEvTFZ.exe
4356	IzcNbAi.exe
4928	uQMpHJl.exe
3936	XYWNlne.exe
2220	goLlMJp.exe
2152	QnrLHpV.exe
1752	DncXSpU.exe
2764	vgWxLez.exe
528	RyXajCq.exe
4424	JGFaJBD.exe
1772	SPGEsxt.exe
3184	StZvhNY.exe
3564	DhUJexP.exe
2360	nryKyqJ.exe
5004	jenTYfo.exe
752	qsEFXds.exe
2408	djjptgu.exe
3272	dWcWiUU.exe
4300	UOQmyrv.exe
3864	yEzYPaf.exe
232	tJsHsek.exe
3692	aYVzBQz.exe
4824	daXswIt.exe
4708	SQcqTUo.exe
4644	TxmXhZp.exe
1584	wGlpuEG.exe
3144	jRJMuEM.exe
2364	CzglSgN.exe
1168	NKeulff.exe
4616	RePVhrr.exe
4880	nQdeFpV.exe
4268	fjSFADd.exe
4132	IZtUAYh.exe
4872	IjVyzhE.exe
976	sUfFgYJ.exe
1920	kOuRfzc.exe
2228	yakCjoL.exe
1436	BAgOVLF.exe
3112	vEnOGZG.exe
1008	Kuxiiap.exe
4912	IsrQMiA.exe
4784	XCxdpOq.exe
5088	bSATDlo.exe
4704	FMBmgnV.exe
1096	PrhuamO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1664-0-0x00007FF64EFA0000-0x00007FF64F392000-memory.dmp	upx
behavioral2/files/0x00070000000234d6-6.dat	upx
behavioral2/memory/1440-26-0x00007FF688760000-0x00007FF688B52000-memory.dmp	upx
behavioral2/files/0x00070000000234db-37.dat	upx
behavioral2/files/0x00070000000234e1-70.dat	upx
behavioral2/files/0x00070000000234dd-92.dat	upx
behavioral2/files/0x00070000000234ec-123.dat	upx
behavioral2/memory/2384-134-0x00007FF65E650000-0x00007FF65EA42000-memory.dmp	upx
behavioral2/files/0x00070000000234f1-171.dat	upx
behavioral2/files/0x00070000000234fa-198.dat	upx
behavioral2/memory/348-214-0x00007FF746A70000-0x00007FF746E62000-memory.dmp	upx
behavioral2/memory/4356-247-0x00007FF68E2E0000-0x00007FF68E6D2000-memory.dmp	upx
behavioral2/memory/4928-290-0x00007FF7B9740000-0x00007FF7B9B32000-memory.dmp	upx
behavioral2/memory/3936-311-0x00007FF607930000-0x00007FF607D22000-memory.dmp	upx
behavioral2/memory/2220-316-0x00007FF6A0D30000-0x00007FF6A1122000-memory.dmp	upx
behavioral2/memory/4112-319-0x00007FF6F30B0000-0x00007FF6F34A2000-memory.dmp	upx
behavioral2/memory/1656-323-0x00007FF75FB30000-0x00007FF75FF22000-memory.dmp	upx
behavioral2/memory/4876-322-0x00007FF7272C0000-0x00007FF7276B2000-memory.dmp	upx
behavioral2/memory/1908-321-0x00007FF6C62D0000-0x00007FF6C66C2000-memory.dmp	upx
behavioral2/memory/1528-320-0x00007FF7E2F20000-0x00007FF7E3312000-memory.dmp	upx
behavioral2/memory/3000-244-0x00007FF73B190000-0x00007FF73B582000-memory.dmp	upx
behavioral2/memory/592-238-0x00007FF6A6EA0000-0x00007FF6A7292000-memory.dmp	upx
behavioral2/memory/5068-237-0x00007FF7E5EE0000-0x00007FF7E62D2000-memory.dmp	upx
behavioral2/memory/1676-200-0x00007FF6DAFF0000-0x00007FF6DB3E2000-memory.dmp	upx
behavioral2/files/0x00070000000234f9-197.dat	upx
behavioral2/files/0x00080000000234ef-196.dat	upx
behavioral2/files/0x00070000000234f6-190.dat	upx
behavioral2/files/0x00070000000234f5-187.dat	upx
behavioral2/files/0x00070000000234e8-186.dat	upx
behavioral2/files/0x00070000000234ed-183.dat	upx
behavioral2/files/0x00070000000234f4-182.dat	upx
behavioral2/memory/3004-180-0x00007FF71DA60000-0x00007FF71DE52000-memory.dmp	upx
behavioral2/files/0x00070000000234f3-179.dat	upx
behavioral2/files/0x00070000000234f2-178.dat	upx
behavioral2/files/0x00070000000234eb-176.dat	upx
behavioral2/files/0x00070000000234f0-168.dat	upx
behavioral2/files/0x00070000000234f8-195.dat	upx
behavioral2/files/0x00070000000234f7-192.dat	upx
behavioral2/files/0x00070000000234ee-149.dat	upx
behavioral2/files/0x00070000000234e9-145.dat	upx
behavioral2/files/0x00070000000234e7-142.dat	upx
behavioral2/files/0x00070000000234ea-152.dat	upx
behavioral2/files/0x00070000000234e5-128.dat	upx
behavioral2/files/0x00070000000234e4-127.dat	upx
behavioral2/memory/64-124-0x00007FF765D60000-0x00007FF766152000-memory.dmp	upx
behavioral2/files/0x00070000000234e6-131.dat	upx
behavioral2/files/0x00070000000234e3-120.dat	upx
behavioral2/memory/4588-105-0x00007FF7C1840000-0x00007FF7C1C32000-memory.dmp	upx
behavioral2/files/0x00070000000234df-108.dat	upx
behavioral2/files/0x00070000000234e2-97.dat	upx
behavioral2/files/0x00070000000234de-94.dat	upx
behavioral2/files/0x00070000000234dc-83.dat	upx
behavioral2/files/0x00070000000234e0-80.dat	upx
behavioral2/files/0x00070000000234d9-69.dat	upx
behavioral2/memory/4984-79-0x00007FF6529B0000-0x00007FF652DA2000-memory.dmp	upx
behavioral2/memory/4080-64-0x00007FF628820000-0x00007FF628C12000-memory.dmp	upx
behavioral2/files/0x00070000000234d8-49.dat	upx
behavioral2/memory/3672-45-0x00007FF6C6CD0000-0x00007FF6C70C2000-memory.dmp	upx
behavioral2/files/0x00070000000234da-39.dat	upx
behavioral2/memory/3108-38-0x00007FF640FB0000-0x00007FF6413A2000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-25.dat	upx
behavioral2/memory/2536-15-0x00007FF7309F0000-0x00007FF730DE2000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-18.dat	upx
behavioral2/files/0x000b0000000234c9-8.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HacguhL.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\dUwwGOV.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\KAnHhmS.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\OcOPing.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\AiyjMzU.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\sVAKUol.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\FTIXFZU.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\xOPrBNZ.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\fPHFeTC.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\YggiIek.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\fHCLnwx.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\oqVMUDr.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\wCxKYZg.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\ftHwotG.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\JEtArVw.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\UjXlzKn.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\yxXtxYY.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\BkvIkig.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\crwtyYN.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\uFgbyXn.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\RsAOMHG.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\qCclHYM.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\cwzytad.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\CMxcyWB.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\JaEKcOw.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\evaSvYZ.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\MEWBQhN.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\IJzLdWC.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\DccmHDL.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\UKciuPM.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\soWLyCi.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\LPkYyKz.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\XjVYwLH.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\JXYkRrF.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\dQstXAa.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\CUnclVo.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\FiLKScU.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\PpuXUFq.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\EwxfQDv.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\cNjZOYt.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\ZSTHbQq.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\dJSEhKm.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\zBREnSx.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\ZAgSgCK.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\HMDbezh.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\jMQTUIw.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\UbdsfQj.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\WCCEzIO.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\yExMVkh.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\EYlxmgN.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\wAHVmyv.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\fIcWjnh.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\nuYbUpm.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\NuuymbN.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\atDdgSH.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\pIoCfUQ.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\Oejafck.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\WmWkyTa.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\qZYDWtN.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\beWuzfT.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\gJKsyeV.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\CiDnMnm.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\iNrTsyv.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
File created	C:\Windows\System\QnrLHpV.exe	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3420	powershell.exe
3420	powershell.exe
3420	powershell.exe
3420	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
868	Process not Found
13404	Process not Found
13468	Process not Found
13448	Process not Found
13532	Process not Found
13964	Process not Found
13600	Process not Found
13724	Process not Found
13660	Process not Found
14084	Process not Found
13976	Process not Found
14048	Process not Found
14004	Process not Found
14020	Process not Found
14104	Process not Found
14124	Process not Found
13368	Process not Found
14144	Process not Found
14232	Process not Found
14256	Process not Found
14300	Process not Found
14328	Process not Found
14296	Process not Found
13380	Process not Found
13428	Process not Found
13492	Process not Found
13544	Process not Found
13868	Process not Found
4620	Process not Found
2128	Process not Found
2948	Process not Found
2840	Process not Found
2988	Process not Found
3100	Process not Found
784	Process not Found
3208	Process not Found
3236	Process not Found
3296	Process not Found
2500	Process not Found
4236	Process not Found
4104	Process not Found
3736	Process not Found
13880	Process not Found
3128	Process not Found
2372	Process not Found
456	Process not Found
3572	Process not Found
3796	Process not Found
4776	Process not Found
3708	Process not Found
3504	Process not Found
2448	Process not Found
3752	Process not Found
3816	Process not Found
3956	Process not Found
3696	Process not Found
4100	Process not Found
4752	Process not Found
3636	Process not Found
3984	Process not Found
2316	Process not Found
1296	Process not Found
4024	Process not Found
3716	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
Token: SeDebugPrivilege	3420	powershell.exe
Token: SeCreateGlobalPrivilege	4196	dwm.exe
Token: SeChangeNotifyPrivilege	4196	dwm.exe
Token: 33	4196	dwm.exe
Token: SeIncBasePriorityPrivilege	4196	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 3420	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	84
PID 1664 wrote to memory of 3420	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	84
PID 1664 wrote to memory of 2536	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	85
PID 1664 wrote to memory of 2536	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	85
PID 1664 wrote to memory of 1440	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	86
PID 1664 wrote to memory of 1440	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	86
PID 1664 wrote to memory of 4112	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	87
PID 1664 wrote to memory of 4112	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	87
PID 1664 wrote to memory of 3108	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	88
PID 1664 wrote to memory of 3108	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	88
PID 1664 wrote to memory of 3672	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	89
PID 1664 wrote to memory of 3672	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	89
PID 1664 wrote to memory of 4080	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	90
PID 1664 wrote to memory of 4080	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	90
PID 1664 wrote to memory of 4984	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	91
PID 1664 wrote to memory of 4984	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	91
PID 1664 wrote to memory of 4588	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	92
PID 1664 wrote to memory of 4588	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	92
PID 1664 wrote to memory of 1528	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	93
PID 1664 wrote to memory of 1528	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	93
PID 1664 wrote to memory of 64	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	94
PID 1664 wrote to memory of 64	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	94
PID 1664 wrote to memory of 2384	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	95
PID 1664 wrote to memory of 2384	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	95
PID 1664 wrote to memory of 1908	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	96
PID 1664 wrote to memory of 1908	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	96
PID 1664 wrote to memory of 3004	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	97
PID 1664 wrote to memory of 3004	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	97
PID 1664 wrote to memory of 1676	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	98
PID 1664 wrote to memory of 1676	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	98
PID 1664 wrote to memory of 348	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	99
PID 1664 wrote to memory of 348	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	99
PID 1664 wrote to memory of 5068	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	100
PID 1664 wrote to memory of 5068	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	100
PID 1664 wrote to memory of 4876	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	101
PID 1664 wrote to memory of 4876	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	101
PID 1664 wrote to memory of 592	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	102
PID 1664 wrote to memory of 592	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	102
PID 1664 wrote to memory of 3000	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	103
PID 1664 wrote to memory of 3000	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	103
PID 1664 wrote to memory of 1656	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	104
PID 1664 wrote to memory of 1656	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	104
PID 1664 wrote to memory of 4356	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	105
PID 1664 wrote to memory of 4356	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	105
PID 1664 wrote to memory of 4928	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	106
PID 1664 wrote to memory of 4928	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	106
PID 1664 wrote to memory of 3936	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	107
PID 1664 wrote to memory of 3936	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	107
PID 1664 wrote to memory of 2220	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	108
PID 1664 wrote to memory of 2220	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	108
PID 1664 wrote to memory of 2152	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	109
PID 1664 wrote to memory of 2152	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	109
PID 1664 wrote to memory of 1752	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	110
PID 1664 wrote to memory of 1752	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	110
PID 1664 wrote to memory of 2764	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	111
PID 1664 wrote to memory of 2764	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	111
PID 1664 wrote to memory of 528	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	112
PID 1664 wrote to memory of 528	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	112
PID 1664 wrote to memory of 4424	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	113
PID 1664 wrote to memory of 4424	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	113
PID 1664 wrote to memory of 1772	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	114
PID 1664 wrote to memory of 1772	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	114
PID 1664 wrote to memory of 3184	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	115
PID 1664 wrote to memory of 3184	1664	01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01e70e23260f4e9cb346b17767f9675b_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3420
- C:\Windows\System\mvUclCu.exe
  C:\Windows\System\mvUclCu.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\lPYLemV.exe
  C:\Windows\System\lPYLemV.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ajtEUmg.exe
  C:\Windows\System\ajtEUmg.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\FxHtUMP.exe
  C:\Windows\System\FxHtUMP.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\aOxvhxM.exe
  C:\Windows\System\aOxvhxM.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\LmJWQZs.exe
  C:\Windows\System\LmJWQZs.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\hnNhIRt.exe
  C:\Windows\System\hnNhIRt.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\ycjdSGS.exe
  C:\Windows\System\ycjdSGS.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\CFrizyw.exe
  C:\Windows\System\CFrizyw.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\BZpOmJJ.exe
  C:\Windows\System\BZpOmJJ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\DTyjHQf.exe
  C:\Windows\System\DTyjHQf.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\WFbEFpX.exe
  C:\Windows\System\WFbEFpX.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\kZzqiFa.exe
  C:\Windows\System\kZzqiFa.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\SHhPcRy.exe
  C:\Windows\System\SHhPcRy.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\djmpCrv.exe
  C:\Windows\System\djmpCrv.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\mETvCip.exe
  C:\Windows\System\mETvCip.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\LSsvhVT.exe
  C:\Windows\System\LSsvhVT.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\HlHixog.exe
  C:\Windows\System\HlHixog.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\WZxBCEg.exe
  C:\Windows\System\WZxBCEg.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\WuEvTFZ.exe
  C:\Windows\System\WuEvTFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\IzcNbAi.exe
  C:\Windows\System\IzcNbAi.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\uQMpHJl.exe
  C:\Windows\System\uQMpHJl.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XYWNlne.exe
  C:\Windows\System\XYWNlne.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\goLlMJp.exe
  C:\Windows\System\goLlMJp.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\QnrLHpV.exe
  C:\Windows\System\QnrLHpV.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\DncXSpU.exe
  C:\Windows\System\DncXSpU.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vgWxLez.exe
  C:\Windows\System\vgWxLez.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\RyXajCq.exe
  C:\Windows\System\RyXajCq.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\JGFaJBD.exe
  C:\Windows\System\JGFaJBD.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\SPGEsxt.exe
  C:\Windows\System\SPGEsxt.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\StZvhNY.exe
  C:\Windows\System\StZvhNY.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\DhUJexP.exe
  C:\Windows\System\DhUJexP.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\nryKyqJ.exe
  C:\Windows\System\nryKyqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\jenTYfo.exe
  C:\Windows\System\jenTYfo.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\qsEFXds.exe
  C:\Windows\System\qsEFXds.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\djjptgu.exe
  C:\Windows\System\djjptgu.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\dWcWiUU.exe
  C:\Windows\System\dWcWiUU.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\UOQmyrv.exe
  C:\Windows\System\UOQmyrv.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\yEzYPaf.exe
  C:\Windows\System\yEzYPaf.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\tJsHsek.exe
  C:\Windows\System\tJsHsek.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\aYVzBQz.exe
  C:\Windows\System\aYVzBQz.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\daXswIt.exe
  C:\Windows\System\daXswIt.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\SQcqTUo.exe
  C:\Windows\System\SQcqTUo.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\TxmXhZp.exe
  C:\Windows\System\TxmXhZp.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\fjSFADd.exe
  C:\Windows\System\fjSFADd.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\wGlpuEG.exe
  C:\Windows\System\wGlpuEG.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\jRJMuEM.exe
  C:\Windows\System\jRJMuEM.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\CzglSgN.exe
  C:\Windows\System\CzglSgN.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\NKeulff.exe
  C:\Windows\System\NKeulff.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\RePVhrr.exe
  C:\Windows\System\RePVhrr.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\nQdeFpV.exe
  C:\Windows\System\nQdeFpV.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\IZtUAYh.exe
  C:\Windows\System\IZtUAYh.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\IjVyzhE.exe
  C:\Windows\System\IjVyzhE.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\sUfFgYJ.exe
  C:\Windows\System\sUfFgYJ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\kOuRfzc.exe
  C:\Windows\System\kOuRfzc.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\yakCjoL.exe
  C:\Windows\System\yakCjoL.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\BAgOVLF.exe
  C:\Windows\System\BAgOVLF.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\vEnOGZG.exe
  C:\Windows\System\vEnOGZG.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\Kuxiiap.exe
  C:\Windows\System\Kuxiiap.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\IsrQMiA.exe
  C:\Windows\System\IsrQMiA.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\XCxdpOq.exe
  C:\Windows\System\XCxdpOq.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\bSATDlo.exe
  C:\Windows\System\bSATDlo.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\FMBmgnV.exe
  C:\Windows\System\FMBmgnV.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\EjSRJJJ.exe
  C:\Windows\System\EjSRJJJ.exe
  2⤵
  PID:4264
- C:\Windows\System\PrhuamO.exe
  C:\Windows\System\PrhuamO.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\QxsXHNN.exe
  C:\Windows\System\QxsXHNN.exe
  2⤵
  PID:4188
- C:\Windows\System\WZxqflm.exe
  C:\Windows\System\WZxqflm.exe
  2⤵
  PID:4932
- C:\Windows\System\lSDemQe.exe
  C:\Windows\System\lSDemQe.exe
  2⤵
  PID:4280
- C:\Windows\System\yvkqfQC.exe
  C:\Windows\System\yvkqfQC.exe
  2⤵
  PID:2924
- C:\Windows\System\gAoMcws.exe
  C:\Windows\System\gAoMcws.exe
  2⤵
  PID:2772
- C:\Windows\System\NKmkOCW.exe
  C:\Windows\System\NKmkOCW.exe
  2⤵
  PID:4816
- C:\Windows\System\yvbztDW.exe
  C:\Windows\System\yvbztDW.exe
  2⤵
  PID:5100
- C:\Windows\System\LckpdGd.exe
  C:\Windows\System\LckpdGd.exe
  2⤵
  PID:2436
- C:\Windows\System\GLVHvGZ.exe
  C:\Windows\System\GLVHvGZ.exe
  2⤵
  PID:2204
- C:\Windows\System\tsHkXAu.exe
  C:\Windows\System\tsHkXAu.exe
  2⤵
  PID:4844
- C:\Windows\System\iNleZgs.exe
  C:\Windows\System\iNleZgs.exe
  2⤵
  PID:4304
- C:\Windows\System\SBCYoUh.exe
  C:\Windows\System\SBCYoUh.exe
  2⤵
  PID:1188
- C:\Windows\System\uvTJtHR.exe
  C:\Windows\System\uvTJtHR.exe
  2⤵
  PID:1896
- C:\Windows\System\vfozkvr.exe
  C:\Windows\System\vfozkvr.exe
  2⤵
  PID:3932
- C:\Windows\System\ndDHvZw.exe
  C:\Windows\System\ndDHvZw.exe
  2⤵
  PID:2968
- C:\Windows\System\tBvPsyi.exe
  C:\Windows\System\tBvPsyi.exe
  2⤵
  PID:1848
- C:\Windows\System\cQOfIOz.exe
  C:\Windows\System\cQOfIOz.exe
  2⤵
  PID:1732
- C:\Windows\System\tWNsVvn.exe
  C:\Windows\System\tWNsVvn.exe
  2⤵
  PID:2680
- C:\Windows\System\YbMRPrg.exe
  C:\Windows\System\YbMRPrg.exe
  2⤵
  PID:5108
- C:\Windows\System\YcNMCVO.exe
  C:\Windows\System\YcNMCVO.exe
  2⤵
  PID:4836
- C:\Windows\System\EohlYhQ.exe
  C:\Windows\System\EohlYhQ.exe
  2⤵
  PID:4716
- C:\Windows\System\RadjJXT.exe
  C:\Windows\System\RadjJXT.exe
  2⤵
  PID:1880
- C:\Windows\System\dEWcvNg.exe
  C:\Windows\System\dEWcvNg.exe
  2⤵
  PID:1808
- C:\Windows\System\yVqJDvx.exe
  C:\Windows\System\yVqJDvx.exe
  2⤵
  PID:2996
- C:\Windows\System\evbRqms.exe
  C:\Windows\System\evbRqms.exe
  2⤵
  PID:3084
- C:\Windows\System\zwbsGZG.exe
  C:\Windows\System\zwbsGZG.exe
  2⤵
  PID:2960
- C:\Windows\System\nloYNnB.exe
  C:\Windows\System\nloYNnB.exe
  2⤵
  PID:5084
- C:\Windows\System\MWLRMvQ.exe
  C:\Windows\System\MWLRMvQ.exe
  2⤵
  PID:5140
- C:\Windows\System\PGzxyQk.exe
  C:\Windows\System\PGzxyQk.exe
  2⤵
  PID:5164
- C:\Windows\System\oviHsFG.exe
  C:\Windows\System\oviHsFG.exe
  2⤵
  PID:5196
- C:\Windows\System\FxRJkGZ.exe
  C:\Windows\System\FxRJkGZ.exe
  2⤵
  PID:5220
- C:\Windows\System\XVRjTeR.exe
  C:\Windows\System\XVRjTeR.exe
  2⤵
  PID:5236
- C:\Windows\System\WrGqTmY.exe
  C:\Windows\System\WrGqTmY.exe
  2⤵
  PID:5260
- C:\Windows\System\SNbOQga.exe
  C:\Windows\System\SNbOQga.exe
  2⤵
  PID:5284
- C:\Windows\System\kjZtDnY.exe
  C:\Windows\System\kjZtDnY.exe
  2⤵
  PID:5312
- C:\Windows\System\zUQeIJc.exe
  C:\Windows\System\zUQeIJc.exe
  2⤵
  PID:5328
- C:\Windows\System\VONGOVu.exe
  C:\Windows\System\VONGOVu.exe
  2⤵
  PID:5352
- C:\Windows\System\rAQXIZm.exe
  C:\Windows\System\rAQXIZm.exe
  2⤵
  PID:5376
- C:\Windows\System\afbFQro.exe
  C:\Windows\System\afbFQro.exe
  2⤵
  PID:5408
- C:\Windows\System\UXpuSGN.exe
  C:\Windows\System\UXpuSGN.exe
  2⤵
  PID:5444
- C:\Windows\System\UVwukLH.exe
  C:\Windows\System\UVwukLH.exe
  2⤵
  PID:5468
- C:\Windows\System\TvmsyZW.exe
  C:\Windows\System\TvmsyZW.exe
  2⤵
  PID:5492
- C:\Windows\System\YVEBDOz.exe
  C:\Windows\System\YVEBDOz.exe
  2⤵
  PID:5516
- C:\Windows\System\hakGYuE.exe
  C:\Windows\System\hakGYuE.exe
  2⤵
  PID:5540
- C:\Windows\System\FKznRvG.exe
  C:\Windows\System\FKznRvG.exe
  2⤵
  PID:5556
- C:\Windows\System\sDRogva.exe
  C:\Windows\System\sDRogva.exe
  2⤵
  PID:5580
- C:\Windows\System\FctTOlW.exe
  C:\Windows\System\FctTOlW.exe
  2⤵
  PID:5604
- C:\Windows\System\iaSwsfF.exe
  C:\Windows\System\iaSwsfF.exe
  2⤵
  PID:5632
- C:\Windows\System\xDcyWxu.exe
  C:\Windows\System\xDcyWxu.exe
  2⤵
  PID:5652
- C:\Windows\System\WgQBVFw.exe
  C:\Windows\System\WgQBVFw.exe
  2⤵
  PID:5668
- C:\Windows\System\tdntFpb.exe
  C:\Windows\System\tdntFpb.exe
  2⤵
  PID:5688
- C:\Windows\System\eVHXhoC.exe
  C:\Windows\System\eVHXhoC.exe
  2⤵
  PID:5708
- C:\Windows\System\WmWkyTa.exe
  C:\Windows\System\WmWkyTa.exe
  2⤵
  PID:5728
- C:\Windows\System\zQKjZvO.exe
  C:\Windows\System\zQKjZvO.exe
  2⤵
  PID:5752
- C:\Windows\System\gRZZUYO.exe
  C:\Windows\System\gRZZUYO.exe
  2⤵
  PID:5772
- C:\Windows\System\hKwUBeu.exe
  C:\Windows\System\hKwUBeu.exe
  2⤵
  PID:5792
- C:\Windows\System\MYXydoP.exe
  C:\Windows\System\MYXydoP.exe
  2⤵
  PID:5816
- C:\Windows\System\JKreYAC.exe
  C:\Windows\System\JKreYAC.exe
  2⤵
  PID:5840
- C:\Windows\System\jrftoAB.exe
  C:\Windows\System\jrftoAB.exe
  2⤵
  PID:5868
- C:\Windows\System\GlaDiwT.exe
  C:\Windows\System\GlaDiwT.exe
  2⤵
  PID:5916
- C:\Windows\System\CJdIMOs.exe
  C:\Windows\System\CJdIMOs.exe
  2⤵
  PID:5936
- C:\Windows\System\uULhIKK.exe
  C:\Windows\System\uULhIKK.exe
  2⤵
  PID:5952
- C:\Windows\System\gNMrusJ.exe
  C:\Windows\System\gNMrusJ.exe
  2⤵
  PID:5972
- C:\Windows\System\PsKZwFR.exe
  C:\Windows\System\PsKZwFR.exe
  2⤵
  PID:5996
- C:\Windows\System\MplOvpc.exe
  C:\Windows\System\MplOvpc.exe
  2⤵
  PID:6032
- C:\Windows\System\GRiiBcP.exe
  C:\Windows\System\GRiiBcP.exe
  2⤵
  PID:6056
- C:\Windows\System\rIkcMVL.exe
  C:\Windows\System\rIkcMVL.exe
  2⤵
  PID:6080
- C:\Windows\System\rvhIcrL.exe
  C:\Windows\System\rvhIcrL.exe
  2⤵
  PID:6104
- C:\Windows\System\duXHdSG.exe
  C:\Windows\System\duXHdSG.exe
  2⤵
  PID:6124
- C:\Windows\System\UVCfJiK.exe
  C:\Windows\System\UVCfJiK.exe
  2⤵
  PID:2224
- C:\Windows\System\ncJVVwd.exe
  C:\Windows\System\ncJVVwd.exe
  2⤵
  PID:5048
- C:\Windows\System\iYAZxlr.exe
  C:\Windows\System\iYAZxlr.exe
  2⤵
  PID:3132
- C:\Windows\System\HfaKfCY.exe
  C:\Windows\System\HfaKfCY.exe
  2⤵
  PID:3700
- C:\Windows\System\swaQuUq.exe
  C:\Windows\System\swaQuUq.exe
  2⤵
  PID:5092
- C:\Windows\System\ZFPtNJm.exe
  C:\Windows\System\ZFPtNJm.exe
  2⤵
  PID:4316
- C:\Windows\System\oyUQoCo.exe
  C:\Windows\System\oyUQoCo.exe
  2⤵
  PID:2504
- C:\Windows\System\oDRsGoS.exe
  C:\Windows\System\oDRsGoS.exe
  2⤵
  PID:5104
- C:\Windows\System\bzqtiop.exe
  C:\Windows\System\bzqtiop.exe
  2⤵
  PID:5152
- C:\Windows\System\oMRfTUP.exe
  C:\Windows\System\oMRfTUP.exe
  2⤵
  PID:5188
- C:\Windows\System\FrlRnZr.exe
  C:\Windows\System\FrlRnZr.exe
  2⤵
  PID:5252
- C:\Windows\System\hIRfScp.exe
  C:\Windows\System\hIRfScp.exe
  2⤵
  PID:5292
- C:\Windows\System\EIjDnPB.exe
  C:\Windows\System\EIjDnPB.exe
  2⤵
  PID:5336
- C:\Windows\System\dVhwFYJ.exe
  C:\Windows\System\dVhwFYJ.exe
  2⤵
  PID:5388
- C:\Windows\System\VLvGnat.exe
  C:\Windows\System\VLvGnat.exe
  2⤵
  PID:5640
- C:\Windows\System\KMiaWLY.exe
  C:\Windows\System\KMiaWLY.exe
  2⤵
  PID:5788
- C:\Windows\System\yEAuSMi.exe
  C:\Windows\System\yEAuSMi.exe
  2⤵
  PID:5596
- C:\Windows\System\nimOuQm.exe
  C:\Windows\System\nimOuQm.exe
  2⤵
  PID:5524
- C:\Windows\System\SstwZXb.exe
  C:\Windows\System\SstwZXb.exe
  2⤵
  PID:5948
- C:\Windows\System\NAgyIPc.exe
  C:\Windows\System\NAgyIPc.exe
  2⤵
  PID:5864
- C:\Windows\System\cRFhkxp.exe
  C:\Windows\System\cRFhkxp.exe
  2⤵
  PID:5700
- C:\Windows\System\bohiMqv.exe
  C:\Windows\System\bohiMqv.exe
  2⤵
  PID:5736
- C:\Windows\System\LFTmvAC.exe
  C:\Windows\System\LFTmvAC.exe
  2⤵
  PID:5824
- C:\Windows\System\IZzcuaM.exe
  C:\Windows\System\IZzcuaM.exe
  2⤵
  PID:4472
- C:\Windows\System\wiNALjC.exe
  C:\Windows\System\wiNALjC.exe
  2⤵
  PID:5924
- C:\Windows\System\OXkIhnZ.exe
  C:\Windows\System\OXkIhnZ.exe
  2⤵
  PID:6076
- C:\Windows\System\ncPoeoW.exe
  C:\Windows\System\ncPoeoW.exe
  2⤵
  PID:6120
- C:\Windows\System\imiFolv.exe
  C:\Windows\System\imiFolv.exe
  2⤵
  PID:2740
- C:\Windows\System\WxzCLPL.exe
  C:\Windows\System\WxzCLPL.exe
  2⤵
  PID:6152
- C:\Windows\System\BLvWpjH.exe
  C:\Windows\System\BLvWpjH.exe
  2⤵
  PID:6176
- C:\Windows\System\OIqyzCw.exe
  C:\Windows\System\OIqyzCw.exe
  2⤵
  PID:6200
- C:\Windows\System\VHqMDFf.exe
  C:\Windows\System\VHqMDFf.exe
  2⤵
  PID:6220
- C:\Windows\System\ErsgZCa.exe
  C:\Windows\System\ErsgZCa.exe
  2⤵
  PID:6244
- C:\Windows\System\vzAqmov.exe
  C:\Windows\System\vzAqmov.exe
  2⤵
  PID:6268
- C:\Windows\System\wCxKYZg.exe
  C:\Windows\System\wCxKYZg.exe
  2⤵
  PID:6288
- C:\Windows\System\jemHjZY.exe
  C:\Windows\System\jemHjZY.exe
  2⤵
  PID:6316
- C:\Windows\System\gQqSpzj.exe
  C:\Windows\System\gQqSpzj.exe
  2⤵
  PID:6340
- C:\Windows\System\wZigPsl.exe
  C:\Windows\System\wZigPsl.exe
  2⤵
  PID:6360
- C:\Windows\System\kfQWKBi.exe
  C:\Windows\System\kfQWKBi.exe
  2⤵
  PID:6388
- C:\Windows\System\BOkecEE.exe
  C:\Windows\System\BOkecEE.exe
  2⤵
  PID:6424
- C:\Windows\System\HyxGvUi.exe
  C:\Windows\System\HyxGvUi.exe
  2⤵
  PID:6444
- C:\Windows\System\FovXaLH.exe
  C:\Windows\System\FovXaLH.exe
  2⤵
  PID:6476
- C:\Windows\System\SjTYvZg.exe
  C:\Windows\System\SjTYvZg.exe
  2⤵
  PID:6492
- C:\Windows\System\LrDplkU.exe
  C:\Windows\System\LrDplkU.exe
  2⤵
  PID:6520
- C:\Windows\System\dGxEsVC.exe
  C:\Windows\System\dGxEsVC.exe
  2⤵
  PID:6544
- C:\Windows\System\dYpeCYi.exe
  C:\Windows\System\dYpeCYi.exe
  2⤵
  PID:6568
- C:\Windows\System\xlyqOXX.exe
  C:\Windows\System\xlyqOXX.exe
  2⤵
  PID:6588
- C:\Windows\System\TpQXEke.exe
  C:\Windows\System\TpQXEke.exe
  2⤵
  PID:6612
- C:\Windows\System\BXNbdZp.exe
  C:\Windows\System\BXNbdZp.exe
  2⤵
  PID:6636
- C:\Windows\System\WeBLMHE.exe
  C:\Windows\System\WeBLMHE.exe
  2⤵
  PID:6664
- C:\Windows\System\fRfEYXk.exe
  C:\Windows\System\fRfEYXk.exe
  2⤵
  PID:6692
- C:\Windows\System\CLBZfbx.exe
  C:\Windows\System\CLBZfbx.exe
  2⤵
  PID:6712
- C:\Windows\System\ooaxBZj.exe
  C:\Windows\System\ooaxBZj.exe
  2⤵
  PID:6740
- C:\Windows\System\MSQkusz.exe
  C:\Windows\System\MSQkusz.exe
  2⤵
  PID:6764
- C:\Windows\System\uCkkmhw.exe
  C:\Windows\System\uCkkmhw.exe
  2⤵
  PID:6788
- C:\Windows\System\IstTilp.exe
  C:\Windows\System\IstTilp.exe
  2⤵
  PID:6804
- C:\Windows\System\GUNMbTg.exe
  C:\Windows\System\GUNMbTg.exe
  2⤵
  PID:6840
- C:\Windows\System\YQkvCon.exe
  C:\Windows\System\YQkvCon.exe
  2⤵
  PID:6860
- C:\Windows\System\qtKNPqt.exe
  C:\Windows\System\qtKNPqt.exe
  2⤵
  PID:6888
- C:\Windows\System\gfpouAz.exe
  C:\Windows\System\gfpouAz.exe
  2⤵
  PID:6904
- C:\Windows\System\zsxRCPh.exe
  C:\Windows\System\zsxRCPh.exe
  2⤵
  PID:6928
- C:\Windows\System\XikwiFh.exe
  C:\Windows\System\XikwiFh.exe
  2⤵
  PID:6944
- C:\Windows\System\oMvFvWp.exe
  C:\Windows\System\oMvFvWp.exe
  2⤵
  PID:6968
- C:\Windows\System\cEOTWpF.exe
  C:\Windows\System\cEOTWpF.exe
  2⤵
  PID:6992
- C:\Windows\System\GtSkJYH.exe
  C:\Windows\System\GtSkJYH.exe
  2⤵
  PID:7008
- C:\Windows\System\FTBVBQs.exe
  C:\Windows\System\FTBVBQs.exe
  2⤵
  PID:7040
- C:\Windows\System\YrISEGH.exe
  C:\Windows\System\YrISEGH.exe
  2⤵
  PID:7060
- C:\Windows\System\gJpcJPL.exe
  C:\Windows\System\gJpcJPL.exe
  2⤵
  PID:7084
- C:\Windows\System\reijjwU.exe
  C:\Windows\System\reijjwU.exe
  2⤵
  PID:7104
- C:\Windows\System\SNwBjFh.exe
  C:\Windows\System\SNwBjFh.exe
  2⤵
  PID:7124
- C:\Windows\System\zaXIjhK.exe
  C:\Windows\System\zaXIjhK.exe
  2⤵
  PID:7148
- C:\Windows\System\WzeMIKw.exe
  C:\Windows\System\WzeMIKw.exe
  2⤵
  PID:4224
- C:\Windows\System\hTrBJso.exe
  C:\Windows\System\hTrBJso.exe
  2⤵
  PID:5552
- C:\Windows\System\vBwNWUu.exe
  C:\Windows\System\vBwNWUu.exe
  2⤵
  PID:5348
- C:\Windows\System\IGbfSPJ.exe
  C:\Windows\System\IGbfSPJ.exe
  2⤵
  PID:5760
- C:\Windows\System\KbLqavT.exe
  C:\Windows\System\KbLqavT.exe
  2⤵
  PID:3120
- C:\Windows\System\klKSrUj.exe
  C:\Windows\System\klKSrUj.exe
  2⤵
  PID:3720
- C:\Windows\System\EzEgGir.exe
  C:\Windows\System\EzEgGir.exe
  2⤵
  PID:4744
- C:\Windows\System\GwrfjLp.exe
  C:\Windows\System\GwrfjLp.exe
  2⤵
  PID:5208
- C:\Windows\System\REysNji.exe
  C:\Windows\System\REysNji.exe
  2⤵
  PID:5320
- C:\Windows\System\xHzmYfn.exe
  C:\Windows\System\xHzmYfn.exe
  2⤵
  PID:5664
- C:\Windows\System\uOsjDUU.exe
  C:\Windows\System\uOsjDUU.exe
  2⤵
  PID:5440
- C:\Windows\System\GOIIneS.exe
  C:\Windows\System\GOIIneS.exe
  2⤵
  PID:6604
- C:\Windows\System\NceqlTb.exe
  C:\Windows\System\NceqlTb.exe
  2⤵
  PID:6256
- C:\Windows\System\aoFSoBU.exe
  C:\Windows\System\aoFSoBU.exe
  2⤵
  PID:5624
- C:\Windows\System\SPBhomy.exe
  C:\Windows\System\SPBhomy.exe
  2⤵
  PID:5720
- C:\Windows\System\TxIvTGL.exe
  C:\Windows\System\TxIvTGL.exe
  2⤵
  PID:5932
- C:\Windows\System\qEPLBim.exe
  C:\Windows\System\qEPLBim.exe
  2⤵
  PID:6828
- C:\Windows\System\cYxiHnk.exe
  C:\Windows\System\cYxiHnk.exe
  2⤵
  PID:6296
- C:\Windows\System\djtyYtK.exe
  C:\Windows\System\djtyYtK.exe
  2⤵
  PID:7184
- C:\Windows\System\xHxnsYZ.exe
  C:\Windows\System\xHxnsYZ.exe
  2⤵
  PID:7208
- C:\Windows\System\bvEjQxm.exe
  C:\Windows\System\bvEjQxm.exe
  2⤵
  PID:7240
- C:\Windows\System\zaFYxuo.exe
  C:\Windows\System\zaFYxuo.exe
  2⤵
  PID:7260
- C:\Windows\System\petoISo.exe
  C:\Windows\System\petoISo.exe
  2⤵
  PID:7284
- C:\Windows\System\ZmJoKzv.exe
  C:\Windows\System\ZmJoKzv.exe
  2⤵
  PID:7316
- C:\Windows\System\bPuPpsF.exe
  C:\Windows\System\bPuPpsF.exe
  2⤵
  PID:7336
- C:\Windows\System\PXApvtw.exe
  C:\Windows\System\PXApvtw.exe
  2⤵
  PID:7360
- C:\Windows\System\FBCSfJi.exe
  C:\Windows\System\FBCSfJi.exe
  2⤵
  PID:7392
- C:\Windows\System\rqVzCPV.exe
  C:\Windows\System\rqVzCPV.exe
  2⤵
  PID:7412
- C:\Windows\System\vRCjtIh.exe
  C:\Windows\System\vRCjtIh.exe
  2⤵
  PID:7432
- C:\Windows\System\KXrSKhz.exe
  C:\Windows\System\KXrSKhz.exe
  2⤵
  PID:7452
- C:\Windows\System\KZrNWgS.exe
  C:\Windows\System\KZrNWgS.exe
  2⤵
  PID:7476
- C:\Windows\System\HdmOOcw.exe
  C:\Windows\System\HdmOOcw.exe
  2⤵
  PID:7500
- C:\Windows\System\nGtPsMT.exe
  C:\Windows\System\nGtPsMT.exe
  2⤵
  PID:7528
- C:\Windows\System\FkAMKOw.exe
  C:\Windows\System\FkAMKOw.exe
  2⤵
  PID:7544
- C:\Windows\System\merTcsY.exe
  C:\Windows\System\merTcsY.exe
  2⤵
  PID:7568
- C:\Windows\System\pQWxMyS.exe
  C:\Windows\System\pQWxMyS.exe
  2⤵
  PID:7592
- C:\Windows\System\AVjQmOi.exe
  C:\Windows\System\AVjQmOi.exe
  2⤵
  PID:7616
- C:\Windows\System\FGrpxeQ.exe
  C:\Windows\System\FGrpxeQ.exe
  2⤵
  PID:7640
- C:\Windows\System\cYPAkVI.exe
  C:\Windows\System\cYPAkVI.exe
  2⤵
  PID:7668
- C:\Windows\System\svaYFut.exe
  C:\Windows\System\svaYFut.exe
  2⤵
  PID:7692
- C:\Windows\System\WbjEnDG.exe
  C:\Windows\System\WbjEnDG.exe
  2⤵
  PID:7708
- C:\Windows\System\SNLYhqX.exe
  C:\Windows\System\SNLYhqX.exe
  2⤵
  PID:7732
- C:\Windows\System\pxBsPHB.exe
  C:\Windows\System\pxBsPHB.exe
  2⤵
  PID:7760
- C:\Windows\System\PPJZFPd.exe
  C:\Windows\System\PPJZFPd.exe
  2⤵
  PID:7776
- C:\Windows\System\kIMubFa.exe
  C:\Windows\System\kIMubFa.exe
  2⤵
  PID:7804
- C:\Windows\System\AhqTlLY.exe
  C:\Windows\System\AhqTlLY.exe
  2⤵
  PID:7832
- C:\Windows\System\QqvkDSb.exe
  C:\Windows\System\QqvkDSb.exe
  2⤵
  PID:7860
- C:\Windows\System\yqEwkDZ.exe
  C:\Windows\System\yqEwkDZ.exe
  2⤵
  PID:7888
- C:\Windows\System\IfVLcyI.exe
  C:\Windows\System\IfVLcyI.exe
  2⤵
  PID:7916
- C:\Windows\System\xFOlcfN.exe
  C:\Windows\System\xFOlcfN.exe
  2⤵
  PID:7936
- C:\Windows\System\ZVNHdrC.exe
  C:\Windows\System\ZVNHdrC.exe
  2⤵
  PID:7956
- C:\Windows\System\LOJWClW.exe
  C:\Windows\System\LOJWClW.exe
  2⤵
  PID:7976
- C:\Windows\System\qPhxfUy.exe
  C:\Windows\System\qPhxfUy.exe
  2⤵
  PID:8012
- C:\Windows\System\wYSYJjF.exe
  C:\Windows\System\wYSYJjF.exe
  2⤵
  PID:8028
- C:\Windows\System\CgPRdbx.exe
  C:\Windows\System\CgPRdbx.exe
  2⤵
  PID:8056
- C:\Windows\System\JfzGdFi.exe
  C:\Windows\System\JfzGdFi.exe
  2⤵
  PID:8080
- C:\Windows\System\ujIQACq.exe
  C:\Windows\System\ujIQACq.exe
  2⤵
  PID:6556
- C:\Windows\System\mlVDpoO.exe
  C:\Windows\System\mlVDpoO.exe
  2⤵
  PID:6580
- C:\Windows\System\TlKtnRH.exe
  C:\Windows\System\TlKtnRH.exe
  2⤵
  PID:6868
- C:\Windows\System\gvkshpd.exe
  C:\Windows\System\gvkshpd.exe
  2⤵
  PID:6896
- C:\Windows\System\zpCuqgW.exe
  C:\Windows\System\zpCuqgW.exe
  2⤵
  PID:5968
- C:\Windows\System\HqQhvcL.exe
  C:\Windows\System\HqQhvcL.exe
  2⤵
  PID:7072
- C:\Windows\System\BdlyxCb.exe
  C:\Windows\System\BdlyxCb.exe
  2⤵
  PID:6688
- C:\Windows\System\TAzTZEs.exe
  C:\Windows\System\TAzTZEs.exe
  2⤵
  PID:6724
- C:\Windows\System\VjDFmWQ.exe
  C:\Windows\System\VjDFmWQ.exe
  2⤵
  PID:7204
- C:\Windows\System\rMkWpWE.exe
  C:\Windows\System\rMkWpWE.exe
  2⤵
  PID:6756
- C:\Windows\System\WzYKXQA.exe
  C:\Windows\System\WzYKXQA.exe
  2⤵
  PID:4732
- C:\Windows\System\WNxmjCd.exe
  C:\Windows\System\WNxmjCd.exe
  2⤵
  PID:7448
- C:\Windows\System\BMiQRaA.exe
  C:\Windows\System\BMiQRaA.exe
  2⤵
  PID:7472
- C:\Windows\System\RVnDyod.exe
  C:\Windows\System\RVnDyod.exe
  2⤵
  PID:5476
- C:\Windows\System\WFstFmM.exe
  C:\Windows\System\WFstFmM.exe
  2⤵
  PID:6308
- C:\Windows\System\UbEnBkn.exe
  C:\Windows\System\UbEnBkn.exe
  2⤵
  PID:6988
- C:\Windows\System\oNyooBu.exe
  C:\Windows\System\oNyooBu.exe
  2⤵
  PID:6240
- C:\Windows\System\LitDjVF.exe
  C:\Windows\System\LitDjVF.exe
  2⤵
  PID:7704
- C:\Windows\System\tbEAzwh.exe
  C:\Windows\System\tbEAzwh.exe
  2⤵
  PID:7876
- C:\Windows\System\otCNWSD.exe
  C:\Windows\System\otCNWSD.exe
  2⤵
  PID:7144
- C:\Windows\System\KealoUh.exe
  C:\Windows\System\KealoUh.exe
  2⤵
  PID:6168
- C:\Windows\System\wayinFu.exe
  C:\Windows\System\wayinFu.exe
  2⤵
  PID:7468
- C:\Windows\System\rKQdQBy.exe
  C:\Windows\System\rKQdQBy.exe
  2⤵
  PID:7608
- C:\Windows\System\osTCPsH.exe
  C:\Windows\System\osTCPsH.exe
  2⤵
  PID:6252
- C:\Windows\System\ILnPyYm.exe
  C:\Windows\System\ILnPyYm.exe
  2⤵
  PID:7744
- C:\Windows\System\KzAlQKT.exe
  C:\Windows\System\KzAlQKT.exe
  2⤵
  PID:6700
- C:\Windows\System\ESTzyPK.exe
  C:\Windows\System\ESTzyPK.exe
  2⤵
  PID:7852
- C:\Windows\System\pCXqAKd.exe
  C:\Windows\System\pCXqAKd.exe
  2⤵
  PID:7908
- C:\Windows\System\YvMwDxI.exe
  C:\Windows\System\YvMwDxI.exe
  2⤵
  PID:7424
- C:\Windows\System\NmoCpJt.exe
  C:\Windows\System\NmoCpJt.exe
  2⤵
  PID:8216
- C:\Windows\System\jKCvjPP.exe
  C:\Windows\System\jKCvjPP.exe
  2⤵
  PID:8240
- C:\Windows\System\RrKSXwK.exe
  C:\Windows\System\RrKSXwK.exe
  2⤵
  PID:8264
- C:\Windows\System\cIOqbwZ.exe
  C:\Windows\System\cIOqbwZ.exe
  2⤵
  PID:8284
- C:\Windows\System\saHsWmk.exe
  C:\Windows\System\saHsWmk.exe
  2⤵
  PID:8300
- C:\Windows\System\nOuCWGk.exe
  C:\Windows\System\nOuCWGk.exe
  2⤵
  PID:8324
- C:\Windows\System\pKwGhPz.exe
  C:\Windows\System\pKwGhPz.exe
  2⤵
  PID:8348
- C:\Windows\System\Umwehfm.exe
  C:\Windows\System\Umwehfm.exe
  2⤵
  PID:8368
- C:\Windows\System\IkiKpDo.exe
  C:\Windows\System\IkiKpDo.exe
  2⤵
  PID:8392
- C:\Windows\System\LZbnHnM.exe
  C:\Windows\System\LZbnHnM.exe
  2⤵
  PID:8408
- C:\Windows\System\TSFYlbx.exe
  C:\Windows\System\TSFYlbx.exe
  2⤵
  PID:8432
- C:\Windows\System\ImiBRxo.exe
  C:\Windows\System\ImiBRxo.exe
  2⤵
  PID:8456
- C:\Windows\System\mrbYeDU.exe
  C:\Windows\System\mrbYeDU.exe
  2⤵
  PID:8476
- C:\Windows\System\vKUWQuo.exe
  C:\Windows\System\vKUWQuo.exe
  2⤵
  PID:8504
- C:\Windows\System\uFizwEw.exe
  C:\Windows\System\uFizwEw.exe
  2⤵
  PID:8532
- C:\Windows\System\zpVuGVD.exe
  C:\Windows\System\zpVuGVD.exe
  2⤵
  PID:8560
- C:\Windows\System\SwXOxOS.exe
  C:\Windows\System\SwXOxOS.exe
  2⤵
  PID:8584
- C:\Windows\System\VcEEDhn.exe
  C:\Windows\System\VcEEDhn.exe
  2⤵
  PID:8604
- C:\Windows\System\JPJuLiF.exe
  C:\Windows\System\JPJuLiF.exe
  2⤵
  PID:8628
- C:\Windows\System\zakCLAd.exe
  C:\Windows\System\zakCLAd.exe
  2⤵
  PID:8648
- C:\Windows\System\BYlCtgZ.exe
  C:\Windows\System\BYlCtgZ.exe
  2⤵
  PID:8680
- C:\Windows\System\ZyMcIXL.exe
  C:\Windows\System\ZyMcIXL.exe
  2⤵
  PID:8708
- C:\Windows\System\ziwSqwa.exe
  C:\Windows\System\ziwSqwa.exe
  2⤵
  PID:8728
- C:\Windows\System\nPFzSwa.exe
  C:\Windows\System\nPFzSwa.exe
  2⤵
  PID:8748
- C:\Windows\System\BUVtDmo.exe
  C:\Windows\System\BUVtDmo.exe
  2⤵
  PID:8776
- C:\Windows\System\LpThCyk.exe
  C:\Windows\System\LpThCyk.exe
  2⤵
  PID:8796
- C:\Windows\System\rXyfppq.exe
  C:\Windows\System\rXyfppq.exe
  2⤵
  PID:8824
- C:\Windows\System\PfVEvtA.exe
  C:\Windows\System\PfVEvtA.exe
  2⤵
  PID:8852
- C:\Windows\System\OVDPlUG.exe
  C:\Windows\System\OVDPlUG.exe
  2⤵
  PID:8876
- C:\Windows\System\GFgyujk.exe
  C:\Windows\System\GFgyujk.exe
  2⤵
  PID:8904
- C:\Windows\System\bLVEGuy.exe
  C:\Windows\System\bLVEGuy.exe
  2⤵
  PID:8920
- C:\Windows\System\LeAuLjQ.exe
  C:\Windows\System\LeAuLjQ.exe
  2⤵
  PID:8940
- C:\Windows\System\uXgJyau.exe
  C:\Windows\System\uXgJyau.exe
  2⤵
  PID:8960
- C:\Windows\System\UmGfZfC.exe
  C:\Windows\System\UmGfZfC.exe
  2⤵
  PID:8976
- C:\Windows\System\IBZBtYm.exe
  C:\Windows\System\IBZBtYm.exe
  2⤵
  PID:8992
- C:\Windows\System\ixlqvGF.exe
  C:\Windows\System\ixlqvGF.exe
  2⤵
  PID:9016
- C:\Windows\System\BAUuKqG.exe
  C:\Windows\System\BAUuKqG.exe
  2⤵
  PID:9044
- C:\Windows\System\FQRMoWV.exe
  C:\Windows\System\FQRMoWV.exe
  2⤵
  PID:9064
- C:\Windows\System\rLDfiyw.exe
  C:\Windows\System\rLDfiyw.exe
  2⤵
  PID:9088
- C:\Windows\System\WQouBNc.exe
  C:\Windows\System\WQouBNc.exe
  2⤵
  PID:3820
- C:\Windows\System\INYyiAJ.exe
  C:\Windows\System\INYyiAJ.exe
  2⤵
  PID:7164
- C:\Windows\System\gZxIwii.exe
  C:\Windows\System\gZxIwii.exe
  2⤵
  PID:6780
- C:\Windows\System\rQdFyXx.exe
  C:\Windows\System\rQdFyXx.exe
  2⤵
  PID:7512
- C:\Windows\System\IrjHddG.exe
  C:\Windows\System\IrjHddG.exe
  2⤵
  PID:1108
- C:\Windows\System\jkdsNqK.exe
  C:\Windows\System\jkdsNqK.exe
  2⤵
  PID:7140
- C:\Windows\System\BxrzDIO.exe
  C:\Windows\System\BxrzDIO.exe
  2⤵
  PID:7584
- C:\Windows\System\LEaDQoD.exe
  C:\Windows\System\LEaDQoD.exe
  2⤵
  PID:7820
- C:\Windows\System\sHrJbMl.exe
  C:\Windows\System\sHrJbMl.exe
  2⤵
  PID:6336
- C:\Windows\System\eyKbXcu.exe
  C:\Windows\System\eyKbXcu.exe
  2⤵
  PID:5764
- C:\Windows\System\OLDfYFZ.exe
  C:\Windows\System\OLDfYFZ.exe
  2⤵
  PID:8252
- C:\Windows\System\GYLeGOC.exe
  C:\Windows\System\GYLeGOC.exe
  2⤵
  PID:8320
- C:\Windows\System\RBeUEZr.exe
  C:\Windows\System\RBeUEZr.exe
  2⤵
  PID:8092
- C:\Windows\System\MhDKlAJ.exe
  C:\Windows\System\MhDKlAJ.exe
  2⤵
  PID:8116
- C:\Windows\System\ZwBcCEC.exe
  C:\Windows\System\ZwBcCEC.exe
  2⤵
  PID:6208
- C:\Windows\System\ksggRFq.exe
  C:\Windows\System\ksggRFq.exe
  2⤵
  PID:8696
- C:\Windows\System\LKkELBA.exe
  C:\Windows\System\LKkELBA.exe
  2⤵
  PID:2144
- C:\Windows\System\XSqJIdM.exe
  C:\Windows\System\XSqJIdM.exe
  2⤵
  PID:8804
- C:\Windows\System\nKIzxmx.exe
  C:\Windows\System\nKIzxmx.exe
  2⤵
  PID:8968
- C:\Windows\System\NQkJZSo.exe
  C:\Windows\System\NQkJZSo.exe
  2⤵
  PID:8208
- C:\Windows\System\oKKNzkf.exe
  C:\Windows\System\oKKNzkf.exe
  2⤵
  PID:8376
- C:\Windows\System\ylnOxTv.exe
  C:\Windows\System\ylnOxTv.exe
  2⤵
  PID:8416
- C:\Windows\System\LaavOdG.exe
  C:\Windows\System\LaavOdG.exe
  2⤵
  PID:6924
- C:\Windows\System\UJgfMOH.exe
  C:\Windows\System\UJgfMOH.exe
  2⤵
  PID:6720
- C:\Windows\System\aMBEgca.exe
  C:\Windows\System\aMBEgca.exe
  2⤵
  PID:7332
- C:\Windows\System\HIJgwVd.exe
  C:\Windows\System\HIJgwVd.exe
  2⤵
  PID:7032
- C:\Windows\System\cTrALGP.exe
  C:\Windows\System\cTrALGP.exe
  2⤵
  PID:7440
- C:\Windows\System\ZGoXjdE.exe
  C:\Windows\System\ZGoXjdE.exe
  2⤵
  PID:7648
- C:\Windows\System\sEuzeDr.exe
  C:\Windows\System\sEuzeDr.exe
  2⤵
  PID:9220
- C:\Windows\System\EyiUhZx.exe
  C:\Windows\System\EyiUhZx.exe
  2⤵
  PID:9240
- C:\Windows\System\aFMoYvS.exe
  C:\Windows\System\aFMoYvS.exe
  2⤵
  PID:9256
- C:\Windows\System\NWriUZP.exe
  C:\Windows\System\NWriUZP.exe
  2⤵
  PID:9280
- C:\Windows\System\VSLksue.exe
  C:\Windows\System\VSLksue.exe
  2⤵
  PID:9304
- C:\Windows\System\HnLVzhH.exe
  C:\Windows\System\HnLVzhH.exe
  2⤵
  PID:9324
- C:\Windows\System\jafqQzo.exe
  C:\Windows\System\jafqQzo.exe
  2⤵
  PID:9348
- C:\Windows\System\jOuqbeG.exe
  C:\Windows\System\jOuqbeG.exe
  2⤵
  PID:9372
- C:\Windows\System\QimbOFu.exe
  C:\Windows\System\QimbOFu.exe
  2⤵
  PID:9400
- C:\Windows\System\VNKUKzF.exe
  C:\Windows\System\VNKUKzF.exe
  2⤵
  PID:9432
- C:\Windows\System\FEfsfgD.exe
  C:\Windows\System\FEfsfgD.exe
  2⤵
  PID:9448
- C:\Windows\System\eSpCFdB.exe
  C:\Windows\System\eSpCFdB.exe
  2⤵
  PID:9476
- C:\Windows\System\ePgjZwQ.exe
  C:\Windows\System\ePgjZwQ.exe
  2⤵
  PID:9500
- C:\Windows\System\fhsiMaj.exe
  C:\Windows\System\fhsiMaj.exe
  2⤵
  PID:9516
- C:\Windows\System\FhFNWmr.exe
  C:\Windows\System\FhFNWmr.exe
  2⤵
  PID:9540
- C:\Windows\System\FJYPfxa.exe
  C:\Windows\System\FJYPfxa.exe
  2⤵
  PID:9564
- C:\Windows\System\ToiZvXZ.exe
  C:\Windows\System\ToiZvXZ.exe
  2⤵
  PID:9600
- C:\Windows\System\XXnRrpG.exe
  C:\Windows\System\XXnRrpG.exe
  2⤵
  PID:9624
- C:\Windows\System\pBQvscg.exe
  C:\Windows\System\pBQvscg.exe
  2⤵
  PID:9660
- C:\Windows\System\gtdlzca.exe
  C:\Windows\System\gtdlzca.exe
  2⤵
  PID:9680
- C:\Windows\System\GETfTsy.exe
  C:\Windows\System\GETfTsy.exe
  2⤵
  PID:9712
- C:\Windows\System\CpZOgkw.exe
  C:\Windows\System\CpZOgkw.exe
  2⤵
  PID:9736
- C:\Windows\System\AEyHpcn.exe
  C:\Windows\System\AEyHpcn.exe
  2⤵
  PID:9772
- C:\Windows\System\JnhJYzq.exe
  C:\Windows\System\JnhJYzq.exe
  2⤵
  PID:9792
- C:\Windows\System\UigSSOm.exe
  C:\Windows\System\UigSSOm.exe
  2⤵
  PID:9820
- C:\Windows\System\yOnCCkK.exe
  C:\Windows\System\yOnCCkK.exe
  2⤵
  PID:9840
- C:\Windows\System\AOFEmLd.exe
  C:\Windows\System\AOFEmLd.exe
  2⤵
  PID:9864
- C:\Windows\System\BEAIKZW.exe
  C:\Windows\System\BEAIKZW.exe
  2⤵
  PID:9888
- C:\Windows\System\mOIiFra.exe
  C:\Windows\System\mOIiFra.exe
  2⤵
  PID:9916
- C:\Windows\System\wQIKTFS.exe
  C:\Windows\System\wQIKTFS.exe
  2⤵
  PID:9944
- C:\Windows\System\dwRmWRF.exe
  C:\Windows\System\dwRmWRF.exe
  2⤵
  PID:9968
- C:\Windows\System\btoIQjX.exe
  C:\Windows\System\btoIQjX.exe
  2⤵
  PID:9992
- C:\Windows\System\BwftaUq.exe
  C:\Windows\System\BwftaUq.exe
  2⤵
  PID:10020
- C:\Windows\System\qUPmHSc.exe
  C:\Windows\System\qUPmHSc.exe
  2⤵
  PID:10040
- C:\Windows\System\paSuLMr.exe
  C:\Windows\System\paSuLMr.exe
  2⤵
  PID:10068
- C:\Windows\System\sbGfExp.exe
  C:\Windows\System\sbGfExp.exe
  2⤵
  PID:10088
- C:\Windows\System\CgIaMWH.exe
  C:\Windows\System\CgIaMWH.exe
  2⤵
  PID:10108
- C:\Windows\System\tpZOkAr.exe
  C:\Windows\System\tpZOkAr.exe
  2⤵
  PID:10132
- C:\Windows\System\pWZbDPm.exe
  C:\Windows\System\pWZbDPm.exe
  2⤵
  PID:10160
- C:\Windows\System\TrVmdSu.exe
  C:\Windows\System\TrVmdSu.exe
  2⤵
  PID:10188
- C:\Windows\System\NkLKEmx.exe
  C:\Windows\System\NkLKEmx.exe
  2⤵
  PID:10208
- C:\Windows\System\lJqoGFi.exe
  C:\Windows\System\lJqoGFi.exe
  2⤵
  PID:10236
- C:\Windows\System\xojSWYw.exe
  C:\Windows\System\xojSWYw.exe
  2⤵
  PID:9024
- C:\Windows\System\ibnIRsW.exe
  C:\Windows\System\ibnIRsW.exe
  2⤵
  PID:9076
- C:\Windows\System\HstWvTi.exe
  C:\Windows\System\HstWvTi.exe
  2⤵
  PID:8308
- C:\Windows\System\PZODfxb.exe
  C:\Windows\System\PZODfxb.exe
  2⤵
  PID:7772
- C:\Windows\System\xduyreJ.exe
  C:\Windows\System\xduyreJ.exe
  2⤵
  PID:8548
- C:\Windows\System\JvoUGDs.exe
  C:\Windows\System\JvoUGDs.exe
  2⤵
  PID:8580
- C:\Windows\System\gyJqkzi.exe
  C:\Windows\System\gyJqkzi.exe
  2⤵
  PID:8236
- C:\Windows\System\vchCZuq.exe
  C:\Windows\System\vchCZuq.exe
  2⤵
  PID:8076
- C:\Windows\System\dmYLzln.exe
  C:\Windows\System\dmYLzln.exe
  2⤵
  PID:8624
- C:\Windows\System\LvCPFWq.exe
  C:\Windows\System\LvCPFWq.exe
  2⤵
  PID:8644
- C:\Windows\System\ZEThPfO.exe
  C:\Windows\System\ZEThPfO.exe
  2⤵
  PID:8812
- C:\Windows\System\qAOTNlO.exe
  C:\Windows\System\qAOTNlO.exe
  2⤵
  PID:8868
- C:\Windows\System\ClrWmKl.exe
  C:\Windows\System\ClrWmKl.exe
  2⤵
  PID:8932
- C:\Windows\System\bnSDCFH.exe
  C:\Windows\System\bnSDCFH.exe
  2⤵
  PID:8984
- C:\Windows\System\DWZPZqN.exe
  C:\Windows\System\DWZPZqN.exe
  2⤵
  PID:9288
- C:\Windows\System\SUZjnla.exe
  C:\Windows\System\SUZjnla.exe
  2⤵
  PID:9364
- C:\Windows\System\MVQrpjR.exe
  C:\Windows\System\MVQrpjR.exe
  2⤵
  PID:9408
- C:\Windows\System\OEVJFML.exe
  C:\Windows\System\OEVJFML.exe
  2⤵
  PID:7256
- C:\Windows\System\hEYnYEI.exe
  C:\Windows\System\hEYnYEI.exe
  2⤵
  PID:7740
- C:\Windows\System\GQMkqoF.exe
  C:\Windows\System\GQMkqoF.exe
  2⤵
  PID:6212
- C:\Windows\System\cHAtwLZ.exe
  C:\Windows\System\cHAtwLZ.exe
  2⤵
  PID:8292
- C:\Windows\System\nGQDBjK.exe
  C:\Windows\System\nGQDBjK.exe
  2⤵
  PID:9744
- C:\Windows\System\KdJxmQe.exe
  C:\Windows\System\KdJxmQe.exe
  2⤵
  PID:8612
- C:\Windows\System\LGIRoin.exe
  C:\Windows\System\LGIRoin.exe
  2⤵
  PID:8664
- C:\Windows\System\htTGRAM.exe
  C:\Windows\System\htTGRAM.exe
  2⤵
  PID:9896
- C:\Windows\System\kiiroKR.exe
  C:\Windows\System\kiiroKR.exe
  2⤵
  PID:9928
- C:\Windows\System\rrrtllO.exe
  C:\Windows\System\rrrtllO.exe
  2⤵
  PID:8464
- C:\Windows\System\nxBTMMD.exe
  C:\Windows\System\nxBTMMD.exe
  2⤵
  PID:10004
- C:\Windows\System\xOnqZSF.exe
  C:\Windows\System\xOnqZSF.exe
  2⤵
  PID:10076
- C:\Windows\System\EvlynhP.exe
  C:\Windows\System\EvlynhP.exe
  2⤵
  PID:10116
- C:\Windows\System\mTingfb.exe
  C:\Windows\System\mTingfb.exe
  2⤵
  PID:9228
- C:\Windows\System\zskqHcH.exe
  C:\Windows\System\zskqHcH.exe
  2⤵
  PID:10268
- C:\Windows\System\zAQppyj.exe
  C:\Windows\System\zAQppyj.exe
  2⤵
  PID:10296
- C:\Windows\System\cnUOjsv.exe
  C:\Windows\System\cnUOjsv.exe
  2⤵
  PID:10320
- C:\Windows\System\WTJrXHY.exe
  C:\Windows\System\WTJrXHY.exe
  2⤵
  PID:10344
- C:\Windows\System\RfMhBLY.exe
  C:\Windows\System\RfMhBLY.exe
  2⤵
  PID:10368
- C:\Windows\System\HlNrmWy.exe
  C:\Windows\System\HlNrmWy.exe
  2⤵
  PID:10388
- C:\Windows\System\PVOqOki.exe
  C:\Windows\System\PVOqOki.exe
  2⤵
  PID:10408
- C:\Windows\System\qbXivAq.exe
  C:\Windows\System\qbXivAq.exe
  2⤵
  PID:10432
- C:\Windows\System\DqJhpkY.exe
  C:\Windows\System\DqJhpkY.exe
  2⤵
  PID:10452
- C:\Windows\System\FSOSmwc.exe
  C:\Windows\System\FSOSmwc.exe
  2⤵
  PID:10472
- C:\Windows\System\NIrltiT.exe
  C:\Windows\System\NIrltiT.exe
  2⤵
  PID:10500
- C:\Windows\System\vPPOPHG.exe
  C:\Windows\System\vPPOPHG.exe
  2⤵
  PID:10520
- C:\Windows\System\EMqRXWP.exe
  C:\Windows\System\EMqRXWP.exe
  2⤵
  PID:10548
- C:\Windows\System\wAtipsc.exe
  C:\Windows\System\wAtipsc.exe
  2⤵
  PID:10568
- C:\Windows\System\TtKnmyl.exe
  C:\Windows\System\TtKnmyl.exe
  2⤵
  PID:10592
- C:\Windows\System\sCbZeFN.exe
  C:\Windows\System\sCbZeFN.exe
  2⤵
  PID:10616
- C:\Windows\System\hbTSFyb.exe
  C:\Windows\System\hbTSFyb.exe
  2⤵
  PID:10636
- C:\Windows\System\TaPZRvH.exe
  C:\Windows\System\TaPZRvH.exe
  2⤵
  PID:10656
- C:\Windows\System\KBzMjHd.exe
  C:\Windows\System\KBzMjHd.exe
  2⤵
  PID:10680
- C:\Windows\System\JlJUrbL.exe
  C:\Windows\System\JlJUrbL.exe
  2⤵
  PID:10704
- C:\Windows\System\bDOemFR.exe
  C:\Windows\System\bDOemFR.exe
  2⤵
  PID:10728
- C:\Windows\System\wfAmjZi.exe
  C:\Windows\System\wfAmjZi.exe
  2⤵
  PID:10748
- C:\Windows\System\qjNtuvf.exe
  C:\Windows\System\qjNtuvf.exe
  2⤵
  PID:10764
- C:\Windows\System\ubcOWXg.exe
  C:\Windows\System\ubcOWXg.exe
  2⤵
  PID:10780
- C:\Windows\System\nAFgFkD.exe
  C:\Windows\System\nAFgFkD.exe
  2⤵
  PID:10796
- C:\Windows\System\EeQHJJY.exe
  C:\Windows\System\EeQHJJY.exe
  2⤵
  PID:10812
- C:\Windows\System\QbMAmjD.exe
  C:\Windows\System\QbMAmjD.exe
  2⤵
  PID:10828
- C:\Windows\System\CTldoHY.exe
  C:\Windows\System\CTldoHY.exe
  2⤵
  PID:10844
- C:\Windows\System\rrUGgMo.exe
  C:\Windows\System\rrUGgMo.exe
  2⤵
  PID:10864
- C:\Windows\System\UidUbXA.exe
  C:\Windows\System\UidUbXA.exe
  2⤵
  PID:10892
- C:\Windows\System\dniGHeq.exe
  C:\Windows\System\dniGHeq.exe
  2⤵
  PID:10912
- C:\Windows\System\YkHPtpe.exe
  C:\Windows\System\YkHPtpe.exe
  2⤵
  PID:10932
- C:\Windows\System\eWOUjBo.exe
  C:\Windows\System\eWOUjBo.exe
  2⤵
  PID:10960
- C:\Windows\System\ipAtLgJ.exe
  C:\Windows\System\ipAtLgJ.exe
  2⤵
  PID:10988
- C:\Windows\System\ceADAFb.exe
  C:\Windows\System\ceADAFb.exe
  2⤵
  PID:11008
- C:\Windows\System\LPhVmOL.exe
  C:\Windows\System\LPhVmOL.exe
  2⤵
  PID:11036
- C:\Windows\System\Gbcdepw.exe
  C:\Windows\System\Gbcdepw.exe
  2⤵
  PID:11056
- C:\Windows\System\DoUeHkK.exe
  C:\Windows\System\DoUeHkK.exe
  2⤵
  PID:11080
- C:\Windows\System\xcKCMNS.exe
  C:\Windows\System\xcKCMNS.exe
  2⤵
  PID:11108
- C:\Windows\System\aPkpVTm.exe
  C:\Windows\System\aPkpVTm.exe
  2⤵
  PID:11128
- C:\Windows\System\FHSadKB.exe
  C:\Windows\System\FHSadKB.exe
  2⤵
  PID:11152
- C:\Windows\System\KOpQqhD.exe
  C:\Windows\System\KOpQqhD.exe
  2⤵
  PID:11172
- C:\Windows\System\ZqzcZBk.exe
  C:\Windows\System\ZqzcZBk.exe
  2⤵
  PID:11200
- C:\Windows\System\zMcWnMn.exe
  C:\Windows\System\zMcWnMn.exe
  2⤵
  PID:11224
- C:\Windows\System\bERgTCn.exe
  C:\Windows\System\bERgTCn.exe
  2⤵
  PID:11244
- C:\Windows\System\LZtWUXu.exe
  C:\Windows\System\LZtWUXu.exe
  2⤵
  PID:9272
- C:\Windows\System\aUqklLz.exe
  C:\Windows\System\aUqklLz.exe
  2⤵
  PID:9428
- C:\Windows\System\ghATXLq.exe
  C:\Windows\System\ghATXLq.exe
  2⤵
  PID:2556
- C:\Windows\System\UPLiSey.exe
  C:\Windows\System\UPLiSey.exe
  2⤵
  PID:8136
- C:\Windows\System\NOrVXlN.exe
  C:\Windows\System\NOrVXlN.exe
  2⤵
  PID:10216
- C:\Windows\System\yLVIeNA.exe
  C:\Windows\System\yLVIeNA.exe
  2⤵
  PID:9060
- C:\Windows\System\cmIiKAF.exe
  C:\Windows\System\cmIiKAF.exe
  2⤵
  PID:5172
- C:\Windows\System\FSZfGYw.exe
  C:\Windows\System\FSZfGYw.exe
  2⤵
  PID:8620
- C:\Windows\System\XbUcOnM.exe
  C:\Windows\System\XbUcOnM.exe
  2⤵
  PID:10468
- C:\Windows\System\FVaGSYY.exe
  C:\Windows\System\FVaGSYY.exe
  2⤵
  PID:10652
- C:\Windows\System\rOYYyHj.exe
  C:\Windows\System\rOYYyHj.exe
  2⤵
  PID:10804
- C:\Windows\System\diCfhJA.exe
  C:\Windows\System\diCfhJA.exe
  2⤵
  PID:3428
- C:\Windows\System\usQHkuN.exe
  C:\Windows\System\usQHkuN.exe
  2⤵
  PID:5572
- C:\Windows\System\JqQkdEo.exe
  C:\Windows\System\JqQkdEo.exe
  2⤵
  PID:9704
- C:\Windows\System\qDimZNZ.exe
  C:\Windows\System\qDimZNZ.exe
  2⤵
  PID:10000
- C:\Windows\System\XcdMXaa.exe
  C:\Windows\System\XcdMXaa.exe
  2⤵
  PID:10204
- C:\Windows\System\KbnPTnE.exe
  C:\Windows\System\KbnPTnE.exe
  2⤵
  PID:10304
- C:\Windows\System\qOpOeYY.exe
  C:\Windows\System\qOpOeYY.exe
  2⤵
  PID:9212
- C:\Windows\System\DQyECDw.exe
  C:\Windows\System\DQyECDw.exe
  2⤵
  PID:10648
- C:\Windows\System\EHmVNnQ.exe
  C:\Windows\System\EHmVNnQ.exe
  2⤵
  PID:9340
- C:\Windows\System\yeqCWEC.exe
  C:\Windows\System\yeqCWEC.exe
  2⤵
  PID:10528
- C:\Windows\System\pRGIChP.exe
  C:\Windows\System\pRGIChP.exe
  2⤵
  PID:10444
- C:\Windows\System\iFQOPGN.exe
  C:\Windows\System\iFQOPGN.exe
  2⤵
  PID:10376
- C:\Windows\System\cMgPNIo.exe
  C:\Windows\System\cMgPNIo.exe
  2⤵
  PID:10128
- C:\Windows\System\MVGGDAe.exe
  C:\Windows\System\MVGGDAe.exe
  2⤵
  PID:8468
- C:\Windows\System\BsBdsAp.exe
  C:\Windows\System\BsBdsAp.exe
  2⤵
  PID:9532
- C:\Windows\System\YeAnVct.exe
  C:\Windows\System\YeAnVct.exe
  2⤵
  PID:10584
- C:\Windows\System\GlGyrwc.exe
  C:\Windows\System\GlGyrwc.exe
  2⤵
  PID:10612
- C:\Windows\System\bStPfoI.exe
  C:\Windows\System\bStPfoI.exe
  2⤵
  PID:10664
- C:\Windows\System\ozUjYWh.exe
  C:\Windows\System\ozUjYWh.exe
  2⤵
  PID:10696
- C:\Windows\System\HIZhymF.exe
  C:\Windows\System\HIZhymF.exe
  2⤵
  PID:10724
- C:\Windows\System\SxSUhdC.exe
  C:\Windows\System\SxSUhdC.exe
  2⤵
  PID:10840
- C:\Windows\System\jYHjpGD.exe
  C:\Windows\System\jYHjpGD.exe
  2⤵
  PID:10904
- C:\Windows\System\uFtvzsd.exe
  C:\Windows\System\uFtvzsd.exe
  2⤵
  PID:10952
- C:\Windows\System\CtlpLjz.exe
  C:\Windows\System\CtlpLjz.exe
  2⤵
  PID:11000
- C:\Windows\System\qUDTjuu.exe
  C:\Windows\System\qUDTjuu.exe
  2⤵
  PID:11052
- C:\Windows\System\ecHVGEH.exe
  C:\Windows\System\ecHVGEH.exe
  2⤵
  PID:11100
- C:\Windows\System\OjFGliV.exe
  C:\Windows\System\OjFGliV.exe
  2⤵
  PID:11160
- C:\Windows\System\UKciuPM.exe
  C:\Windows\System\UKciuPM.exe
  2⤵
  PID:11212
- C:\Windows\System\PsJZzlp.exe
  C:\Windows\System\PsJZzlp.exe
  2⤵
  PID:11260
- C:\Windows\System\RBKHJwg.exe
  C:\Windows\System\RBKHJwg.exe
  2⤵
  PID:9444
- C:\Windows\System\GrwSyrK.exe
  C:\Windows\System\GrwSyrK.exe
  2⤵
  PID:3288
- C:\Windows\System\HacguhL.exe
  C:\Windows\System\HacguhL.exe
  2⤵
  PID:11276
- C:\Windows\System\RFryUNF.exe
  C:\Windows\System\RFryUNF.exe
  2⤵
  PID:11304
- C:\Windows\System\dUwwGOV.exe
  C:\Windows\System\dUwwGOV.exe
  2⤵
  PID:11328
- C:\Windows\System\XjurhyD.exe
  C:\Windows\System\XjurhyD.exe
  2⤵
  PID:11356
- C:\Windows\System\LEZvEtF.exe
  C:\Windows\System\LEZvEtF.exe
  2⤵
  PID:11376
- C:\Windows\System\OwFsKtN.exe
  C:\Windows\System\OwFsKtN.exe
  2⤵
  PID:11396
- C:\Windows\System\nPoCbBo.exe
  C:\Windows\System\nPoCbBo.exe
  2⤵
  PID:11412
- C:\Windows\System\fZpandD.exe
  C:\Windows\System\fZpandD.exe
  2⤵
  PID:11436
- C:\Windows\System\HlCAtOZ.exe
  C:\Windows\System\HlCAtOZ.exe
  2⤵
  PID:11460
- C:\Windows\System\SnReZfD.exe
  C:\Windows\System\SnReZfD.exe
  2⤵
  PID:11484
- C:\Windows\System\jofjCIJ.exe
  C:\Windows\System\jofjCIJ.exe
  2⤵
  PID:11508
- C:\Windows\System\wmUvGZm.exe
  C:\Windows\System\wmUvGZm.exe
  2⤵
  PID:11532
- C:\Windows\System\cUPMjGj.exe
  C:\Windows\System\cUPMjGj.exe
  2⤵
  PID:11564
- C:\Windows\System\tmYzDOw.exe
  C:\Windows\System\tmYzDOw.exe
  2⤵
  PID:11584
- C:\Windows\System\beKYgBl.exe
  C:\Windows\System\beKYgBl.exe
  2⤵
  PID:11604
- C:\Windows\System\KcqyNqj.exe
  C:\Windows\System\KcqyNqj.exe
  2⤵
  PID:11628
- C:\Windows\System\PImJnSw.exe
  C:\Windows\System\PImJnSw.exe
  2⤵
  PID:11656
- C:\Windows\System\dyPQiIx.exe
  C:\Windows\System\dyPQiIx.exe
  2⤵
  PID:11680
- C:\Windows\System\IVzSxun.exe
  C:\Windows\System\IVzSxun.exe
  2⤵
  PID:11704
- C:\Windows\System\eVUOOqn.exe
  C:\Windows\System\eVUOOqn.exe
  2⤵
  PID:11736
- C:\Windows\System\eyriNBI.exe
  C:\Windows\System\eyriNBI.exe
  2⤵
  PID:11760
- C:\Windows\System\zKpBRGM.exe
  C:\Windows\System\zKpBRGM.exe
  2⤵
  PID:11780
- C:\Windows\System\PpLSvKx.exe
  C:\Windows\System\PpLSvKx.exe
  2⤵
  PID:11800
- C:\Windows\System\RfTkbdy.exe
  C:\Windows\System\RfTkbdy.exe
  2⤵
  PID:11824
- C:\Windows\System\cJGQqFY.exe
  C:\Windows\System\cJGQqFY.exe
  2⤵
  PID:11848
- C:\Windows\System\weEiFBz.exe
  C:\Windows\System\weEiFBz.exe
  2⤵
  PID:11872
- C:\Windows\System\yBzzMTr.exe
  C:\Windows\System\yBzzMTr.exe
  2⤵
  PID:11900
- C:\Windows\System\xHJIsbH.exe
  C:\Windows\System\xHJIsbH.exe
  2⤵
  PID:11924
- C:\Windows\System\MNiHHdO.exe
  C:\Windows\System\MNiHHdO.exe
  2⤵
  PID:11948
- C:\Windows\System\lmziJYf.exe
  C:\Windows\System\lmziJYf.exe
  2⤵
  PID:11968
- C:\Windows\System\QQkcQwJ.exe
  C:\Windows\System\QQkcQwJ.exe
  2⤵
  PID:11988
- C:\Windows\System\TCaImuN.exe
  C:\Windows\System\TCaImuN.exe
  2⤵
  PID:12004
- C:\Windows\System\CfCoDUd.exe
  C:\Windows\System\CfCoDUd.exe
  2⤵
  PID:12020
- C:\Windows\System\tjoCOLm.exe
  C:\Windows\System\tjoCOLm.exe
  2⤵
  PID:12040
- C:\Windows\System\yxPKyji.exe
  C:\Windows\System\yxPKyji.exe
  2⤵
  PID:12056
- C:\Windows\System\GmWMyZd.exe
  C:\Windows\System\GmWMyZd.exe
  2⤵
  PID:12072
- C:\Windows\System\JhydkwB.exe
  C:\Windows\System\JhydkwB.exe
  2⤵
  PID:12092
- C:\Windows\System\kSKApFV.exe
  C:\Windows\System\kSKApFV.exe
  2⤵
  PID:12124
- C:\Windows\System\usmZGWo.exe
  C:\Windows\System\usmZGWo.exe
  2⤵
  PID:12144
- C:\Windows\System\QsjVQME.exe
  C:\Windows\System\QsjVQME.exe
  2⤵
  PID:12168
- C:\Windows\System\zsJSSJw.exe
  C:\Windows\System\zsJSSJw.exe
  2⤵
  PID:12188
- C:\Windows\System\jCctHZS.exe
  C:\Windows\System\jCctHZS.exe
  2⤵
  PID:12212
- C:\Windows\System\SPvVxfM.exe
  C:\Windows\System\SPvVxfM.exe
  2⤵
  PID:12236
- C:\Windows\System\ZOQSZwE.exe
  C:\Windows\System\ZOQSZwE.exe
  2⤵
  PID:12260
- C:\Windows\System\ftdoahU.exe
  C:\Windows\System\ftdoahU.exe
  2⤵
  PID:12284
- C:\Windows\System\DrDpkdw.exe
  C:\Windows\System\DrDpkdw.exe
  2⤵
  PID:12312
- C:\Windows\System\kGBOwAb.exe
  C:\Windows\System\kGBOwAb.exe
  2⤵
  PID:12336
- C:\Windows\System\bQaEwoI.exe
  C:\Windows\System\bQaEwoI.exe
  2⤵
  PID:12364
- C:\Windows\System\MBEZPxe.exe
  C:\Windows\System\MBEZPxe.exe
  2⤵
  PID:12392
- C:\Windows\System\EVONikt.exe
  C:\Windows\System\EVONikt.exe
  2⤵
  PID:12412
- C:\Windows\System\RfmQXZs.exe
  C:\Windows\System\RfmQXZs.exe
  2⤵
  PID:12432
- C:\Windows\System\qPdFMoG.exe
  C:\Windows\System\qPdFMoG.exe
  2⤵
  PID:12468
- C:\Windows\System\pTIqvOk.exe
  C:\Windows\System\pTIqvOk.exe
  2⤵
  PID:12500
- C:\Windows\System\OESGWHF.exe
  C:\Windows\System\OESGWHF.exe
  2⤵
  PID:12520
- C:\Windows\System\UQNYSrv.exe
  C:\Windows\System\UQNYSrv.exe
  2⤵
  PID:12552
- C:\Windows\System\dfJXqjH.exe
  C:\Windows\System\dfJXqjH.exe
  2⤵
  PID:12572
- C:\Windows\System\EZbDoqR.exe
  C:\Windows\System\EZbDoqR.exe
  2⤵
  PID:12608
- C:\Windows\System\qhjeDcm.exe
  C:\Windows\System\qhjeDcm.exe
  2⤵
  PID:12636
- C:\Windows\System\qQsAFIc.exe
  C:\Windows\System\qQsAFIc.exe
  2⤵
  PID:12660
- C:\Windows\System\YIHEDUH.exe
  C:\Windows\System\YIHEDUH.exe
  2⤵
  PID:12684
- C:\Windows\System\EFJDdgh.exe
  C:\Windows\System\EFJDdgh.exe
  2⤵
  PID:12704
- C:\Windows\System\sPKnwBU.exe
  C:\Windows\System\sPKnwBU.exe
  2⤵
  PID:12736
- C:\Windows\System\OovqrEI.exe
  C:\Windows\System\OovqrEI.exe
  2⤵
  PID:12752
- C:\Windows\System\DVBmHDj.exe
  C:\Windows\System\DVBmHDj.exe
  2⤵
  PID:12800
- C:\Windows\System\uKAGQRp.exe
  C:\Windows\System\uKAGQRp.exe
  2⤵
  PID:10564
- C:\Windows\System\wPMkgff.exe
  C:\Windows\System\wPMkgff.exe
  2⤵
  PID:13252
- C:\Windows\System\NHcwylC.exe
  C:\Windows\System\NHcwylC.exe
  2⤵
  PID:12628
- C:\Windows\System\FTIXFZU.exe
  C:\Windows\System\FTIXFZU.exe
  2⤵
  PID:12656
- C:\Windows\System\PSqqSUQ.exe
  C:\Windows\System\PSqqSUQ.exe
  2⤵
  PID:12700
- C:\Windows\System\kJcMkGC.exe
  C:\Windows\System\kJcMkGC.exe
  2⤵
  PID:13272
- C:\Windows\System\EhqQqNn.exe
  C:\Windows\System\EhqQqNn.exe
  2⤵
  PID:10756
- C:\Windows\System\QRjFMke.exe
  C:\Windows\System\QRjFMke.exe
  2⤵
  PID:12784
- C:\Windows\System\fqyTdgA.exe
  C:\Windows\System\fqyTdgA.exe
  2⤵
  PID:12816
- C:\Windows\System\RAlpZhy.exe
  C:\Windows\System\RAlpZhy.exe
  2⤵
  PID:12828
- C:\Windows\System\eAjEluU.exe
  C:\Windows\System\eAjEluU.exe
  2⤵
  PID:12852
- C:\Windows\System\wNkmcfs.exe
  C:\Windows\System\wNkmcfs.exe
  2⤵
  PID:9460
- C:\Windows\System\DZJleNL.exe
  C:\Windows\System\DZJleNL.exe
  2⤵
  PID:12952
- C:\Windows\System\scZlLxs.exe
  C:\Windows\System\scZlLxs.exe
  2⤵
  PID:11296
- C:\Windows\System\AyMHPfZ.exe
  C:\Windows\System\AyMHPfZ.exe
  2⤵
  PID:11516
- C:\Windows\System\dUHQuHA.exe
  C:\Windows\System\dUHQuHA.exe
  2⤵
  PID:11692
- C:\Windows\System\nxCKVzG.exe
  C:\Windows\System\nxCKVzG.exe
  2⤵
  PID:12032
- C:\Windows\System\QnQyCfN.exe
  C:\Windows\System\QnQyCfN.exe
  2⤵
  PID:10312
- C:\Windows\System\gtojRTX.exe
  C:\Windows\System\gtojRTX.exe
  2⤵
  PID:9508
- C:\Windows\System\JfGANey.exe
  C:\Windows\System\JfGANey.exe
  2⤵
  PID:12596
- C:\Windows\System\cbMqStI.exe
  C:\Windows\System\cbMqStI.exe
  2⤵
  PID:6708
- C:\Windows\System\cWwnKFq.exe
  C:\Windows\System\cWwnKFq.exe
  2⤵
  PID:12832
- C:\Windows\System\DNwsQYA.exe
  C:\Windows\System\DNwsQYA.exe
  2⤵
  PID:12840
- C:\Windows\System\WGqhMnT.exe
  C:\Windows\System\WGqhMnT.exe
  2⤵
  PID:10688
- C:\Windows\System\eVRdKjC.exe
  C:\Windows\System\eVRdKjC.exe
  2⤵
  PID:10880
- C:\Windows\System\HGZxBnV.exe
  C:\Windows\System\HGZxBnV.exe
  2⤵
  PID:10980
- C:\Windows\System\wQpSNkZ.exe
  C:\Windows\System\wQpSNkZ.exe
  2⤵
  PID:11096
- C:\Windows\System\QYZUYcB.exe
  C:\Windows\System\QYZUYcB.exe
  2⤵
  PID:13084
- C:\Windows\System\WSojxZC.exe
  C:\Windows\System\WSojxZC.exe
  2⤵
  PID:11648
- C:\Windows\System\YXSNaKB.exe
  C:\Windows\System\YXSNaKB.exe
  2⤵
  PID:13132
- C:\Windows\System\UMQknJM.exe
  C:\Windows\System\UMQknJM.exe
  2⤵
  PID:11908
- C:\Windows\System\eEfVVdx.exe
  C:\Windows\System\eEfVVdx.exe
  2⤵
  PID:13172
- C:\Windows\System\OAgkmDd.exe
  C:\Windows\System\OAgkmDd.exe
  2⤵
  PID:13192
- C:\Windows\System\WZiAhgI.exe
  C:\Windows\System\WZiAhgI.exe
  2⤵
  PID:12196
- C:\Windows\System\JxKOaqF.exe
  C:\Windows\System\JxKOaqF.exe
  2⤵
  PID:13208
- C:\Windows\System\ofkjtsH.exe
  C:\Windows\System\ofkjtsH.exe
  2⤵
  PID:13220
- C:\Windows\System\ELovlyI.exe
  C:\Windows\System\ELovlyI.exe
  2⤵
  PID:12540
- C:\Windows\System\zAOgiTE.exe
  C:\Windows\System\zAOgiTE.exe
  2⤵
  PID:9488
- C:\Windows\System\lBzQzeB.exe
  C:\Windows\System\lBzQzeB.exe
  2⤵
  PID:9156
- C:\Windows\System\OZrnXZv.exe
  C:\Windows\System\OZrnXZv.exe
  2⤵
  PID:12944
- C:\Windows\System\YHuMIKN.exe
  C:\Windows\System\YHuMIKN.exe
  2⤵
  PID:11044
- C:\Windows\System\NMqRRKR.exe
  C:\Windows\System\NMqRRKR.exe
  2⤵
  PID:12352
- C:\Windows\System\nkXhjzC.exe
  C:\Windows\System\nkXhjzC.exe
  2⤵
  PID:13076
- C:\Windows\System\JfLGibd.exe
  C:\Windows\System\JfLGibd.exe
  2⤵
  PID:8556
- C:\Windows\System\LDjnQqV.exe
  C:\Windows\System\LDjnQqV.exe
  2⤵
  PID:12772
- C:\Windows\System\ZZLRKcd.exe
  C:\Windows\System\ZZLRKcd.exe
  2⤵
  PID:12184
- C:\Windows\System\LlQRAPA.exe
  C:\Windows\System\LlQRAPA.exe
  2⤵
  PID:13052
- C:\Windows\System\shMoDOY.exe
  C:\Windows\System\shMoDOY.exe
  2⤵
  PID:8444
- C:\Windows\System\SrvnJDm.exe
  C:\Windows\System\SrvnJDm.exe
  2⤵
  PID:11544
- C:\Windows\System\qNUDzgd.exe
  C:\Windows\System\qNUDzgd.exe
  2⤵
  PID:11352
- C:\Windows\System\xstTZbZ.exe
  C:\Windows\System\xstTZbZ.exe
  2⤵
  PID:11728
- C:\Windows\System\TILvrhZ.exe
  C:\Windows\System\TILvrhZ.exe
  2⤵
  PID:13120
- C:\Windows\System\ipLvaLZ.exe
  C:\Windows\System\ipLvaLZ.exe
  2⤵
  PID:11284
- C:\Windows\System\bARYRIn.exe
  C:\Windows\System\bARYRIn.exe
  2⤵
  PID:12088
- C:\Windows\System\cReAadR.exe
  C:\Windows\System\cReAadR.exe
  2⤵
  PID:11092
- C:\Windows\System\exAGNGh.exe
  C:\Windows\System\exAGNGh.exe
  2⤵
  PID:12872
- C:\Windows\System\PpRtpwa.exe
  C:\Windows\System\PpRtpwa.exe
  2⤵
  PID:12616
- C:\Windows\System\TLCzRLQ.exe
  C:\Windows\System\TLCzRLQ.exe
  2⤵
  PID:2896
- C:\Windows\System\NQIsakn.exe
  C:\Windows\System\NQIsakn.exe
  2⤵
  PID:11580
- C:\Windows\System\rpQiNPX.exe
  C:\Windows\System\rpQiNPX.exe
  2⤵
  PID:720
- C:\Windows\System\TXjLAjj.exe
  C:\Windows\System\TXjLAjj.exe
  2⤵
  PID:10496
- C:\Windows\System\lsgrRSR.exe
  C:\Windows\System\lsgrRSR.exe
  2⤵
  PID:10836
- C:\Windows\System\vKSGBNT.exe
  C:\Windows\System\vKSGBNT.exe
  2⤵
  PID:9572
- C:\Windows\System\sUWeKfD.exe
  C:\Windows\System\sUWeKfD.exe
  2⤵
  PID:11888
- C:\Windows\System\cLKeKfl.exe
  C:\Windows\System\cLKeKfl.exe
  2⤵
  PID:11956
- C:\Windows\System\ALAvzZu.exe
  C:\Windows\System\ALAvzZu.exe
  2⤵
  PID:13224
- C:\Windows\System\ePjefBl.exe
  C:\Windows\System\ePjefBl.exe
  2⤵
  PID:11552
- C:\Windows\System\giZbIRI.exe
  C:\Windows\System\giZbIRI.exe
  2⤵
  PID:12836
- C:\Windows\System\xpCHotx.exe
  C:\Windows\System\xpCHotx.exe
  2⤵
  PID:11344
- C:\Windows\System\UhmDltm.exe
  C:\Windows\System\UhmDltm.exe
  2⤵
  PID:13008
- C:\Windows\System\NCbjnAA.exe
  C:\Windows\System\NCbjnAA.exe
  2⤵
  PID:10928
- C:\Windows\System\XDqaxMX.exe
  C:\Windows\System\XDqaxMX.exe
  2⤵
  PID:13164
- C:\Windows\System\CddtvKK.exe
  C:\Windows\System\CddtvKK.exe
  2⤵
  PID:3224
- C:\Windows\System\qyEWJfj.exe
  C:\Windows\System\qyEWJfj.exe
  2⤵
  PID:3332
- C:\Windows\System\aNcIHKF.exe
  C:\Windows\System\aNcIHKF.exe
  2⤵
  PID:11444
- C:\Windows\System\uaThqet.exe
  C:\Windows\System\uaThqet.exe
  2⤵
  PID:10384
- C:\Windows\System\tgyUipK.exe
  C:\Windows\System\tgyUipK.exe
  2⤵
  PID:8792
- C:\Windows\System\qcjcqAd.exe
  C:\Windows\System\qcjcqAd.exe
  2⤵
  PID:12012
- C:\Windows\System\NjlgaSZ.exe
  C:\Windows\System\NjlgaSZ.exe
  2⤵
  PID:3848
- C:\Windows\System\WPvxfUW.exe
  C:\Windows\System\WPvxfUW.exe
  2⤵
  PID:12516
- C:\Windows\System\KrlFVCt.exe
  C:\Windows\System\KrlFVCt.exe
  2⤵
  PID:12960
- C:\Windows\System\jMKlook.exe
  C:\Windows\System\jMKlook.exe
  2⤵
  PID:2976
- C:\Windows\System\wiDgPjN.exe
  C:\Windows\System\wiDgPjN.exe
  2⤵
  PID:12564
- C:\Windows\System\PQfMonP.exe
  C:\Windows\System\PQfMonP.exe
  2⤵
  PID:13180
- C:\Windows\System\pLPzmqJ.exe
  C:\Windows\System\pLPzmqJ.exe
  2⤵
  PID:5040
- C:\Windows\System\bRNiDgE.exe
  C:\Windows\System\bRNiDgE.exe
  2⤵
  PID:8224
- C:\Windows\System\ZemMKpI.exe
  C:\Windows\System\ZemMKpI.exe
  2⤵
  PID:860
- C:\Windows\System\HAbDJeq.exe
  C:\Windows\System\HAbDJeq.exe
  2⤵
  PID:2848
- C:\Windows\System\QnVNezy.exe
  C:\Windows\System\QnVNezy.exe
  2⤵
  PID:788
- C:\Windows\System\VzkLgKE.exe
  C:\Windows\System\VzkLgKE.exe
  2⤵
  PID:2928
- C:\Windows\System\mYeZBwd.exe
  C:\Windows\System\mYeZBwd.exe
  2⤵
  PID:4560
- C:\Windows\System\olzJvqp.exe
  C:\Windows\System\olzJvqp.exe
  2⤵
  PID:4972
- C:\Windows\System\ZNzlkNw.exe
  C:\Windows\System\ZNzlkNw.exe
  2⤵
  PID:4044
- C:\Windows\System\IpmzXVo.exe
  C:\Windows\System\IpmzXVo.exe
  2⤵
  PID:4120
- C:\Windows\System\FwbHXoO.exe
  C:\Windows\System\FwbHXoO.exe
  2⤵
  PID:3460
- C:\Windows\System\fvcFhYO.exe
  C:\Windows\System\fvcFhYO.exe
  2⤵
  PID:3784
- C:\Windows\System\aQeOtRW.exe
  C:\Windows\System\aQeOtRW.exe
  2⤵
  PID:4068
- C:\Windows\System\UyJDfwL.exe
  C:\Windows\System\UyJDfwL.exe
  2⤵
  PID:864
- C:\Windows\System\bgqBhhN.exe
  C:\Windows\System\bgqBhhN.exe
  2⤵
  PID:872
- C:\Windows\System\soSPVSs.exe
  C:\Windows\System\soSPVSs.exe
  2⤵
  PID:4028
- C:\Windows\System\fAvTgzo.exe
  C:\Windows\System\fAvTgzo.exe
  2⤵
  PID:2712
- C:\Windows\System\sMOWUak.exe
  C:\Windows\System\sMOWUak.exe
  2⤵
  PID:2024
- C:\Windows\System\PPAevyu.exe
  C:\Windows\System\PPAevyu.exe
  2⤵
  PID:5112
- C:\Windows\System\HoHbGed.exe
  C:\Windows\System\HoHbGed.exe
  2⤵
  PID:4328
- C:\Windows\System\xavpNJq.exe
  C:\Windows\System\xavpNJq.exe
  2⤵
  PID:2812
- C:\Windows\System\IlHyAzk.exe
  C:\Windows\System\IlHyAzk.exe
  2⤵
  PID:4432
- C:\Windows\System\MispRLd.exe
  C:\Windows\System\MispRLd.exe
  2⤵
  PID:2868
- C:\Windows\System\uCHAsNn.exe
  C:\Windows\System\uCHAsNn.exe
  2⤵
  PID:800
- C:\Windows\System\EOKtqkS.exe
  C:\Windows\System\EOKtqkS.exe
  2⤵
  PID:1208
- C:\Windows\System\gIIAvwo.exe
  C:\Windows\System\gIIAvwo.exe
  2⤵
  PID:1876
- C:\Windows\System\JpasHVJ.exe
  C:\Windows\System\JpasHVJ.exe
  2⤵
  PID:3292
- C:\Windows\System\vmIgBUf.exe
  C:\Windows\System\vmIgBUf.exe
  2⤵
  PID:3812
- C:\Windows\System\AxjzqJR.exe
  C:\Windows\System\AxjzqJR.exe
  2⤵
  PID:4156
- C:\Windows\System\TDVEVCt.exe
  C:\Windows\System\TDVEVCt.exe
  2⤵
  PID:220
- C:\Windows\System\TUoWxRc.exe
  C:\Windows\System\TUoWxRc.exe
  2⤵
  PID:11528
- C:\Windows\System\zBjzGRc.exe
  C:\Windows\System\zBjzGRc.exe
  2⤵
  PID:4048
- C:\Windows\System\SOzTdDy.exe
  C:\Windows\System\SOzTdDy.exe
  2⤵
  PID:13320
- C:\Windows\System\xqtFRiP.exe
  C:\Windows\System\xqtFRiP.exe
  2⤵
  PID:13400
- C:\Windows\System\YXzNKrU.exe
  C:\Windows\System\YXzNKrU.exe
  2⤵
  PID:13416
- C:\Windows\System\VwyPYLS.exe
  C:\Windows\System\VwyPYLS.exe
  2⤵
  PID:13432
- C:\Windows\System\LdWoWCh.exe
  C:\Windows\System\LdWoWCh.exe
  2⤵
  PID:13448
- C:\Windows\System\ZwJTowQ.exe
  C:\Windows\System\ZwJTowQ.exe
  2⤵
  PID:13468
- C:\Windows\System\UjXlzKn.exe
  C:\Windows\System\UjXlzKn.exe
  2⤵
  PID:13528
- C:\Windows\System\rDurulD.exe
  C:\Windows\System\rDurulD.exe
  2⤵
  PID:13552
- C:\Windows\System\ofNRpsB.exe
  C:\Windows\System\ofNRpsB.exe
  2⤵
  PID:13596
- C:\Windows\System\ZRMEnWh.exe
  C:\Windows\System\ZRMEnWh.exe
  2⤵
  PID:13656
- C:\Windows\System\lLLCeWM.exe
  C:\Windows\System\lLLCeWM.exe
  2⤵
  PID:13720
- C:\Windows\System\dZkfBqv.exe
  C:\Windows\System\dZkfBqv.exe
  2⤵
  PID:13960
- C:\Windows\System\rAamZCd.exe
  C:\Windows\System\rAamZCd.exe
  2⤵
  PID:13976
- C:\Windows\System\iLBCtNR.exe
  C:\Windows\System\iLBCtNR.exe
  2⤵
  PID:14004
- C:\Windows\System\eONmFsH.exe
  C:\Windows\System\eONmFsH.exe
  2⤵
  PID:14020
- C:\Windows\System\wBlVbri.exe
  C:\Windows\System\wBlVbri.exe
  2⤵
  PID:14048
- C:\Windows\System\DobcmOx.exe
  C:\Windows\System\DobcmOx.exe
  2⤵
  PID:14080
- C:\Windows\System\JcIyNvd.exe
  C:\Windows\System\JcIyNvd.exe
  2⤵
  PID:14104
- C:\Windows\System\LCLAAra.exe
  C:\Windows\System\LCLAAra.exe
  2⤵
  PID:14124
- C:\Windows\System\NtEHcQr.exe
  C:\Windows\System\NtEHcQr.exe
  2⤵
  PID:14144
- C:\Windows\System\BWokgAl.exe
  C:\Windows\System\BWokgAl.exe
  2⤵
  PID:14184
- C:\Windows\System\alKqURg.exe
  C:\Windows\System\alKqURg.exe
  2⤵
  PID:14228
- C:\Windows\System\AlnnVrY.exe
  C:\Windows\System\AlnnVrY.exe
  2⤵
  PID:14252
- C:\Windows\System\rqmtlCb.exe
  C:\Windows\System\rqmtlCb.exe
  2⤵
  PID:14296
- C:\Windows\System\MFNuHdw.exe
  C:\Windows\System\MFNuHdw.exe
  2⤵
  PID:14324
- C:\Windows\System\RmmWSmT.exe
  C:\Windows\System\RmmWSmT.exe
  2⤵
  PID:4276
- C:\Windows\System\RiUSvWf.exe
  C:\Windows\System\RiUSvWf.exe
  2⤵
  PID:4832
- C:\Windows\System\hBPUnjI.exe
  C:\Windows\System\hBPUnjI.exe
  2⤵
  PID:13380
- C:\Windows\System\GjQCykY.exe
  C:\Windows\System\GjQCykY.exe
  2⤵
  PID:13428
- C:\Windows\System\mavdQYo.exe
  C:\Windows\System\mavdQYo.exe
  2⤵
  PID:13492
- C:\Windows\System\VgwIPYn.exe
  C:\Windows\System\VgwIPYn.exe
  2⤵
  PID:13544

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4196

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:11932

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:808

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2928

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:12292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dhb30mqu.qh1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BZpOmJJ.exe

Filesize
2.2MB

MD5
c276047730ee1e6d88639b5e3842d8de

SHA1
d299be78c292ab424f822907f3ef09c9d1bc3e18

SHA256
38e55b49b493cd891c98dab2984106ee84c3e2cc791b85869d039afbbd35da9b

SHA512
fceb4f15aff0e3ca0d1b8716cf07e00b04d6296d8dc7ed139aca4a8d1923cbb7f3b03fcedb92cabc86b5b32717bc1776bc3dc27a9b38fcd3bb249a0d87e1ab70

Download Submit
C:\Windows\System\CFrizyw.exe

Filesize
2.2MB

MD5
b9e0691ab3e3bd780581142d99f94620

SHA1
f428bdb5516963af1861428440f9d6c41ec4acd2

SHA256
42165daf49ef4ab655f8430b766349ed7cb74e97664dccd4b900837901ccfa15

SHA512
82d28c9ea556ad43da78177e8d637d98e87f542768e3f726c527eb6fe8082d030b4767afdaffbc2a25bd38349c4d0e01cc1ec7b3cc0cf2e22665bc903d97fd50

Download Submit
C:\Windows\System\CUnclVo.exe

Filesize
8B

MD5
30a9dfceb37577cb23b97b50ee0ca790

SHA1
b56360a546aafbfa7ce003cd05916a7ab7239259

SHA256
44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4

SHA512
f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

Download Submit
C:\Windows\System\DTyjHQf.exe

Filesize
2.2MB

MD5
3f05c801b30408e1a82a6b31b782ba7d

SHA1
9f9078c4e6ae3786964ca4e7e3fa77eea80267ba

SHA256
8c8bf079206c7a0dc3f752e9d58c538275635e739b5e572b154522d0912e94b6

SHA512
904e243ededb79a1fff4e33202cffd1648edd7c186dfe521d9aebdcfbf89e89cf60dac4e7560ad0cdc949f4d63a5aa6892b32e9261792634bcc4139007789a0a

Download Submit
C:\Windows\System\DhUJexP.exe

Filesize
2.2MB

MD5
35ca09ee7d1e57cd4e085b3950480037

SHA1
39342546ef0dc07dbbf8f2d26c685d440613dbe4

SHA256
110fcf8521115b9fa8b9a522dc0631bd1574e6f568b9c859cce1415b24a18c69

SHA512
c845a08a5f1d002fb96be04202491d990865113e7c36890dd44ccade306c3f9d377f63f47516f08f8d4d9005543b0fd978d68012f86d3ee48dd2763730ec49e0

Download Submit
C:\Windows\System\DncXSpU.exe

Filesize
2.2MB

MD5
6f753b3161ac515bdd17b9226d796012

SHA1
c7b16107175cd3e1cf1ebc389127e1387d4f1083

SHA256
dc97ed7d7f3e6d4566368c1576846a19e9e434e80492f240805c725090d87683

SHA512
3f33003d0ceb2822fb00df06dc06572939d174f29a84dfbfe8c2da2229d1e27ed7ef7ec3969ea6a46aaf29cf8185da80f91236586f90682d75504ce55c41f3fb

Download Submit
C:\Windows\System\FxHtUMP.exe

Filesize
2.2MB

MD5
927ef592abdde2a4a943d5c4fe6e0023

SHA1
557a4ab67a205e8ea53d9b09002648075b3a0d8d

SHA256
1b6e76cb7e4982a8753028a5bac748aef85e52591562f9534c853cc13fe6e18e

SHA512
24968451440648acab17073fc0eb1ea09f08ce2f71f65a42666c16af8246db75759ada5f251a37b07f496e288c550927c7e3b159ae222f19a4dadf4cc79996ef

Download Submit
C:\Windows\System\HlHixog.exe

Filesize
2.2MB

MD5
0721529d74d02b31718a2d577c8cf75d

SHA1
c9a39d197417307d42f6735e0e6c230b9757a81b

SHA256
007c3cb255712acd962188a63656e4ad5607baecbb25600d80fef8b5fd4a62b1

SHA512
9a5425b7460f049e1be7a9bf7634b988a54b16cf74cf9156c75a79a36dca097adfb8ca05a72db6adf67b3f69cae7ac1c6a21ea3454b13310513ee44c9cb2dd5c

Download Submit
C:\Windows\System\IzcNbAi.exe

Filesize
2.2MB

MD5
772118208eef6d1364905eff4eb87863

SHA1
c33d3f269f86ff0dc7caae9a8c7b67fa68eabc2b

SHA256
cc9c180cd7be0743f4a42e82b438cbb706eed14e9c91221eda1d617bd884ba3d

SHA512
a7ea376264314c053e20244a8e4b7cbb466813628de9476da1a1b61a5f3bd06f7ee57f6e12af1fe54e8a256b4135ee922c30718f69ce8ed6bd621a8ff221ffb7

Download Submit
C:\Windows\System\JGFaJBD.exe

Filesize
2.2MB

MD5
f047eebdbded4804b6097c671636d213

SHA1
c44bd9a9ea92bf1c617939d6deb5f7402f133b55

SHA256
ff4c407ec25ce5b4beb40fccac9718d4983713bfcfbc03e80cbf2284199c272a

SHA512
d7c0f2fafa10138a79b1afe4876c6a5a9b5aa98919bfbead64f001158b3145d1e7cf1c93a7ad0c8c575469df854c184a9fe282afa3df72d329b15b8dca384ff4

Download Submit
C:\Windows\System\LSsvhVT.exe

Filesize
2.2MB

MD5
36828f291eec4688edb476560e41e1ff

SHA1
4c5f75b6e42c85095ab564c2cfd3b72878936987

SHA256
12549b1dd96ce8de37aa065a0e5fb18ce1d1ec96436fc47f35307203d670546d

SHA512
3ef2a7769c82bfca53ad9ba56bd529c6104253617f70d8db327f10fb7f2e23f4df8cdca8ac49eb0f29650ee046c54b542bd3805dac903673a781243b6ff288cb

Download Submit
C:\Windows\System\LmJWQZs.exe

Filesize
2.2MB

MD5
dba595d3451ba7c94b59e0ee0b036aea

SHA1
ce313ab300eae67b286ddc8a8611c57dc87833ea

SHA256
8714af167a9ee637d39512a19582262bfde613400cedf1ad87a3516a0450018e

SHA512
a28111db2ba2abd64a5e5a9ce28c58cb9d6942441ef2311287f713135d7476c08d1b648ebae83a214a9e31180bb35c8a1a1c0853a4ba61eb04f5bda76c677966

Download Submit
C:\Windows\System\QnrLHpV.exe

Filesize
2.2MB

MD5
f712ee082bf22aa1a129d0d5e6f17d1f

SHA1
1a0b825b7f255d84a20a31d9c914c0caf1884710

SHA256
b0b6725ff80e5571ae9920796d605c25297e3ad59498d3ad72a67fee3dedb03f

SHA512
f1b2f57558c5f4f715d9677884f176513733e2b3eb684c9099ce5a021cba023873910e8efa7b799d933422442fc38dff2ff9845fa2328e27d8277705423d1f72

Download Submit
C:\Windows\System\RyXajCq.exe

Filesize
2.2MB

MD5
6186d7ebe9d745447a9386bd5a218041

SHA1
27cf0a6507975c3347e79f61a50ec1b31e8a6477

SHA256
b31b8c34544b5bf428fca2f170d8df30f1692f79eb257fced5e2d549a2869b76

SHA512
cee60db59fd459db0b8c8469a46ba7b9bc1927ba0017077c15c5f0ee1c2c566e3daf12c41688a7928fd8d1f29e352cd4232c8e28eaea7d40f25e463152610c63

Download Submit
C:\Windows\System\SHhPcRy.exe

Filesize
2.2MB

MD5
dc752db24bc4bd85de8cdf4c71359e01

SHA1
910cd692bc26f3262a117bb8140c237e406c9ea0

SHA256
b7e5e03f0a07fe0be301e29b4a8c83d7c9ba37e2589ab4431a935e93d9fcb154

SHA512
11c99bf600a91a1c49884c9eca2fb8fe86cc43dda9b86570b26705cdc504c74ed2325b030799ed930dd287508c91e0206dcad48cae231b547e46e3b470bfe8fb

Download Submit
C:\Windows\System\SPGEsxt.exe

Filesize
2.2MB

MD5
ddb418401b7e9271941cd1e1389ca616

SHA1
c18ac443dc259220414e2fb9c1a45ff7b9454e1f

SHA256
1c4f8318d836524ce7dd92106a02385285777b704e802f2814b0aa793459f96b

SHA512
e39439371d7cbe2e904591894d29a908ebae1b41ba74a04cbf1bd5f314b4a4548eb8c136aba21f27a06d2f75c51aad569b5860973c639f49c76411d9e844d3e9

Download Submit
C:\Windows\System\StZvhNY.exe

Filesize
2.2MB

MD5
00d6ea7d3a48663e72e855a90aac5947

SHA1
4aef0c9abd1e7185b5e718856c5d6a32c9b25c54

SHA256
87ccfb0c9d1540b1bbac56537d745e5f757f7c63acd6ae468c3dd7e76870dafa

SHA512
92a2270d46da17a34264d64368243d9baa992e07246ff2598000db4b4118be344073fa6d5635b76782975e64c78e8763e0ede346d903590d559cf84ca0161ebb

Download Submit
C:\Windows\System\UOQmyrv.exe

Filesize
2.2MB

MD5
92733fda208cf7da5fd416b46ae8ea5f

SHA1
01dac97b7ef16a15017bdd7598795b7700a04f50

SHA256
c6799e0c1e28d7aa90408b10633bd6d621a9917aadce19a0717468921e5ce39e

SHA512
421e6e0000a553eddad2fd28afc098c287739c60a8e0d6c4bedb72c8ad249c166728424e351168e92679c120ffcb774b8b1f58ef71f0d82f4588dcf17e14e69c

Download Submit
C:\Windows\System\WFbEFpX.exe

Filesize
2.2MB

MD5
c6498d0904ac8d1c38ebce83d3549e92

SHA1
15ab71bc5ed594b73f7aac0563fbe894f8358a42

SHA256
fa8f84123549ae0dd049ba82666412c9630dbbc6bba28850cb1d4c9a569e0a9d

SHA512
834891c787624ccdec0d274fb1f17abff94b94d0dad26c2a2de525df8125b7b0a250662dd639eb7108520965b3849792d0d627f15aca8d4afdae7b2fc6a0b373

Download Submit
C:\Windows\System\WZxBCEg.exe

Filesize
2.2MB

MD5
c7f9c97d9dcd6c7eef37c954ba58fc32

SHA1
88ca946d709ff163d51c89fe395dc352866023ac

SHA256
b87c2820a86440e1ed71275ca30c3e89d5a810142f6f7a11a8c56c0c773f76fb

SHA512
c5a7d2e5b1d0da7ae1ffb5063c5f055f2fe54b102032a2599975e43f3fe90ff44784dbaa0ab732c3f94c49fd88f462c10c66e854153d7709d124406694f17494

Download Submit
C:\Windows\System\WuEvTFZ.exe

Filesize
2.2MB

MD5
9e4fecff6ddc71723bebf4e6f341b077

SHA1
1096e87759c32524e139c139a6e27373a816fd94

SHA256
55c4645f723c65e0a4a0f01027ccf1f7303b5df16db8c200e0ba3db9ea9618c4

SHA512
2a0b5da877e272dcd9e2a2c5e88d6520dcd0d1a98b0b2e8e6f77ac9a981d74b42ab2da71e5f0d1532286259d42af9198d5c252563fa21f58b8ce8f86b6407bbe

Download Submit
C:\Windows\System\XYWNlne.exe

Filesize
2.2MB

MD5
4a0e8dd68905eebbec81732b2596315c

SHA1
45dc9c4b15b2474866fb55530a1efb724a08e02c

SHA256
ff236e4bf4a00bd2f66ed5743b82da3724a75a316126e2c313803d3187318a67

SHA512
00455433cd4af5cfcd1908c8253e60e2102c6e8149c8662e44a7db5dfdb04c4cd35366b10a7fbe41c8cb75ec94db332a777c14e6cc2c4beb11577cf2af7f38fa

Download Submit
C:\Windows\System\aOxvhxM.exe

Filesize
2.2MB

MD5
0c93b7446e2524597b280a44f18ef7a4

SHA1
614c9f7419bf558c851ee098ae2314077f703e5d

SHA256
611ca8df57e2e53260080f31a146cf160e767b6cf2363bd3b4697ebf4e29e2a7

SHA512
9f60bbedd38d26999ecf47b6687966c49c5166f2ff9c8d91606812b82b377abd0c97bbee33cb220e8c8c2d61590c848ef096504d5bbfdf348c3ef4de09c9686b

Download Submit
C:\Windows\System\ajtEUmg.exe

Filesize
2.2MB

MD5
0d558550b95dde58b414ef4777437bef

SHA1
38044e7a5899d387ec6b5d54704ec260463bf444

SHA256
492dba3593c2de27b1728a3a2972f7c9bb33efc561534e3433f33b88f4c68f81

SHA512
b65e9a2174209bfe43b8cd9b7ca9f0a5f4bbdada266746d8913f51bc1b6a454405f6ce9cd3226bc9d7dd32ed66e3e720b8a1e1e28e4674ded6112235f0df39ad

Download Submit
C:\Windows\System\dWcWiUU.exe

Filesize
2.2MB

MD5
f7bce57c5720f7beba9b085ba21e30bf

SHA1
3418519b2ec5302daf9113c53ee5bfea6c4ceb3d

SHA256
40702ac74d024bf54871828c8c31c340844b0c0de1d0cf61ab9cdd967cd28179

SHA512
caf05b0a86f1bd1e95466650fcab3fdf73a7980d9d6aac4236660a289122c5ff573d869554eaf708324ae0829c0472e0a128f2337f02aa2782d3cd2219198176

Download Submit
C:\Windows\System\djjptgu.exe

Filesize
2.2MB

MD5
88b63e5b3bccd45287b2dde3059e23e8

SHA1
9a65d8833a633ef81d3fd7a639a3282bbc1b5734

SHA256
e91f334c6dc8fa82d1cca9d23a5db050b3139d87274d60ad2d0a3905887a09e4

SHA512
64c244510a9cd55ab8f90f14ee0ce67f84648d31b2473fb5d0ade34c1db03502dbeefde75cf5643f7d2ecbd7b0cd0cc40a1c8f61f2b5d259d20888c4f8570fc6

Download Submit
C:\Windows\System\djmpCrv.exe

Filesize
2.2MB

MD5
a2e9109c31e57932bae480e03f36dc09

SHA1
a15cfd27ba23923b1d1bdc7817f99c5a340ecc3d

SHA256
85022642b1a930a9431ee144b13a617bc6297aec31e31129a567f51f92558e65

SHA512
81ad8d86e706d325689cdaa9cd51b5e1a20090ea6b07f2220a7425be815d86ffbb5a3b8cd67dc19cb773f16991279a589b9e12710ff26d07dca25ad2b27da000

Download Submit
C:\Windows\System\goLlMJp.exe

Filesize
2.2MB

MD5
374a86af23862db6cfc58bb67b474f72

SHA1
2350c79655fe2519e4702f8dd90b8a39ca6787f5

SHA256
338fc76e1d80b55d8d379813aaa7d5c1e79689dd3e678ae543cb6656a26afdd1

SHA512
a1f0d58f66e096fa1a981b8dedba30b568240392df2cc12d54e4e2095768eb47ba66e3decce5d36c84a22493ba5b4391059425cfb07e6e03e9daa438127ca350

Download Submit
C:\Windows\System\hnNhIRt.exe

Filesize
2.2MB

MD5
6cd7db05086143ce8dfaec949ad15cb4

SHA1
1e59871281459253bdbfae640be90e288c3e2755

SHA256
f05d8408e983c6279f463da819289ec81aac3586c376255c7966fab0e15ad342

SHA512
ec45d344cc057fd66c14a8213651aea8f307b145ebdf9612fab94bc461096f7dc614b577154f39e77e957e5c78ade06dc41528e1d50f2f01876da66aaa98d980

Download Submit
C:\Windows\System\jenTYfo.exe

Filesize
2.2MB

MD5
6f1885f5086bf6a972c318e0e0c32b67

SHA1
af2119167cc2719aae90a39b3a1b776fae33f1af

SHA256
1258e87c6df5b3894f62212c149aca7df60ac0ce6c68ca7d99757afcfc7d76ed

SHA512
17f725718eccb1acdadd4c295c52b13fa2dfb123684b37257a327274b465ffc9477cc435a9a96290f711235a301b1efa31c7383a4665f11d6c2bbd78d880afdb

Download Submit
C:\Windows\System\kZzqiFa.exe

Filesize
2.2MB

MD5
b3a8738c7c94514b1d94915d4fe7af8f

SHA1
0ec0a76dc33adfd2b3c68794203585f267432841

SHA256
5ac3ca3e5701a0554c357b99ec5b65ae6dd91dcdc04c04b7e4c4b48dbf215f74

SHA512
c42e3f06581f72eb97b5d2e2f720d5aad43979cbc39d5831971b00c229e59ffd3f830e99c6ff3c9e721d8b997d94b9f540f409009395689151ebc12ef3ddba0c

Download Submit
C:\Windows\System\lPYLemV.exe

Filesize
2.2MB

MD5
80e5c53fafcd754a1e28787b45cbcb70

SHA1
7e0977ae51e4d951556b342025b6d9ee97631345

SHA256
6b5da0606604daea57201ec3d96f693921d8278b554df7032f7b496de14b57a1

SHA512
0f4fb091e6a24af2fdcfe5cf0d73d3b5a331a00efea602f529981519d156e3ce23bbf1cac39ebd93a64c916d593fcd68eba5a5a1417bb57e659952908a25e7c9

Download Submit
C:\Windows\System\mETvCip.exe

Filesize
2.2MB

MD5
c8affc65230f37b5c8f055a28334a4fc

SHA1
9f44ae717726c64400eaa8d473ae9cd777ba1154

SHA256
4f0ea7f88c6cce05f5dbacf0641157833010c166cd09a163dc4fd2589b08ea53

SHA512
ff2765de5fa57389414d03a6a5f5097e8a1db4dcdf4b45fc5e4715640e5ff39743345db2fb074c34f383a0a06d4ef65b0ccde37a20f9e46f3bbbf4a166b812ca

Download Submit
C:\Windows\System\mvUclCu.exe

Filesize
2.2MB

MD5
5aa5b39ba8dca4a8a2f5c6f3aa3b8d44

SHA1
ea69a26079a19e854a4817a921f4afad5a22ea00

SHA256
3393eaab5fce53fff72848d5b9831c6c5c34c38af1e39c083102ddbb3409cf88

SHA512
2b9452469eafb90747f4eb4017ffa38470c8f544129440f62893c7adab521094fc1bbeae9f9dc637b63bcfd7b57826ffbfec795fb21aee0575fd3b89d6368015

Download Submit
C:\Windows\System\nryKyqJ.exe

Filesize
2.2MB

MD5
7b0f3747c0755239db56eb74c255f496

SHA1
1dd849100aaf646fa147e3c4e3e520d8a98b79bc

SHA256
80e33ef58a512403c10a08214e3fff2f1043f4698307288209d2940365c0c018

SHA512
322fae37c6c48aaa691812472138492bb7700ff1d113c4996cee9c88b66973be7c2023d57f189bd91b00850448a9cc02f170694ead48f8347b2c131c4e882fc0

Download Submit
C:\Windows\System\qsEFXds.exe

Filesize
2.2MB

MD5
450832e92f565a1d08bbf83d19bbb886

SHA1
0a2fbbd83fa2751f974f9360ed9040f48ff40fd9

SHA256
9b59ff2cd5c8a3640ec090a860e77c2095b1679015c49960277e21d233772aee

SHA512
50f0558836389da1c389c6dfbad15c96c5651bc49eb1ecb7f41421b07d77f1159ecc044ce7fdb53b899afaea6055c2d950ba3245f7be2fb12b4c164502ed9857

Download Submit
C:\Windows\System\uQMpHJl.exe

Filesize
2.2MB

MD5
60d94b13d1d7391c57ec1e70a9400704

SHA1
56ef3d9c142f4e11f7538845dc0b7318daa54e3a

SHA256
ed503b2c5de58e856be7b4a3933987e6c5c467f57c0af4cde76c41296b727306

SHA512
94a93ed1d992ed8a6914265dc76b1fb0e00d8cd67606d4dc9d6133663e5682648e93005d0f28d3ae96327e806aee632d91f130ab6d32d1e4f338644225092528

Download Submit
C:\Windows\System\vgWxLez.exe

Filesize
2.2MB

MD5
0d4e373d2a09f8167cafe92118da74a2

SHA1
b4c01b7c3ccfa619d31ed3a0955a60e77614f81f

SHA256
cf10234bad6ef10a5e2472d4b5847eee96eaf1c50c8eb12773f00522e3cfd41d

SHA512
db7845a56368ee61d6d8ad0e7e85c08f1d04c2261d13ff482f9e2e3250f29facf72a19d094e003572d9053a003957b31906fe18a1959aece44c548a717c7de06

Download Submit
C:\Windows\System\yEzYPaf.exe

Filesize
2.2MB

MD5
69357a1c048e3f5986de1ae0c00a7184

SHA1
b92043f67954d27fefdd05b7674ebc59201dc786

SHA256
c5c0e58caa84558ed59fd5ebb8ca470d7893d1de4ef6feb466b8971db1daa507

SHA512
f81c53d4ba3e13f6e15520970dbc452fa899cc5435acff798dd22cf6f0884005c5abcbf0f013451bb0b1f63b7eed632eb9fadf7c4d5b4d09e498882eb2663619

Download Submit
C:\Windows\System\ycjdSGS.exe

Filesize
2.2MB

MD5
1c08aaa7a002e25966dbb9e25d0129ff

SHA1
28d6fad2eafd59e9db23f4f2c35d305146c08ae6

SHA256
6772d302bccbbfe53a9e4a9614029f211a063fd3c317bd9b079d34baf3e96722

SHA512
1a21420582fd6b8ff535b1e2c5e45b731a557e5866cf6509aad02a5814fe68ecf31b2d53d73c6491ed5ee64c7ec4b12310551f2d6c398ba4cecb487e17f92136

Download Submit
memory/64-124-0x00007FF765D60000-0x00007FF766152000-memory.dmp

Filesize
3.9MB

Download
memory/348-214-0x00007FF746A70000-0x00007FF746E62000-memory.dmp

Filesize
3.9MB

Download
memory/592-238-0x00007FF6A6EA0000-0x00007FF6A7292000-memory.dmp

Filesize
3.9MB

Download
memory/1440-26-0x00007FF688760000-0x00007FF688B52000-memory.dmp

Filesize
3.9MB

Download
memory/1440-3471-0x00007FF688760000-0x00007FF688B52000-memory.dmp

Filesize
3.9MB

Download
memory/1528-320-0x00007FF7E2F20000-0x00007FF7E3312000-memory.dmp

Filesize
3.9MB

Download
memory/1656-323-0x00007FF75FB30000-0x00007FF75FF22000-memory.dmp

Filesize
3.9MB

Download
memory/1664-0-0x00007FF64EFA0000-0x00007FF64F392000-memory.dmp

Filesize
3.9MB

Download
memory/1664-1-0x000001D104FF0000-0x000001D105000000-memory.dmp

Filesize
64KB

Download
memory/1676-200-0x00007FF6DAFF0000-0x00007FF6DB3E2000-memory.dmp

Filesize
3.9MB

Download
memory/1908-321-0x00007FF6C62D0000-0x00007FF6C66C2000-memory.dmp

Filesize
3.9MB

Download
memory/2220-316-0x00007FF6A0D30000-0x00007FF6A1122000-memory.dmp

Filesize
3.9MB

Download
memory/2384-134-0x00007FF65E650000-0x00007FF65EA42000-memory.dmp

Filesize
3.9MB

Download
memory/2536-3469-0x00007FF7309F0000-0x00007FF730DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2536-15-0x00007FF7309F0000-0x00007FF730DE2000-memory.dmp

Filesize
3.9MB

Download
memory/3000-244-0x00007FF73B190000-0x00007FF73B582000-memory.dmp

Filesize
3.9MB

Download
memory/3004-180-0x00007FF71DA60000-0x00007FF71DE52000-memory.dmp

Filesize
3.9MB

Download
memory/3108-38-0x00007FF640FB0000-0x00007FF6413A2000-memory.dmp

Filesize
3.9MB

Download
memory/3108-3474-0x00007FF640FB0000-0x00007FF6413A2000-memory.dmp

Filesize
3.9MB

Download
memory/3420-318-0x00007FFAD1F50000-0x00007FFAD2A11000-memory.dmp

Filesize
10.8MB

Download
memory/3420-165-0x000002F556F60000-0x000002F556F82000-memory.dmp

Filesize
136KB

Download
memory/3420-16-0x00007FFAD1F53000-0x00007FFAD1F55000-memory.dmp

Filesize
8KB

Download
memory/3672-3476-0x00007FF6C6CD0000-0x00007FF6C70C2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-45-0x00007FF6C6CD0000-0x00007FF6C70C2000-memory.dmp

Filesize
3.9MB

Download
memory/3936-311-0x00007FF607930000-0x00007FF607D22000-memory.dmp

Filesize
3.9MB

Download
memory/4080-64-0x00007FF628820000-0x00007FF628C12000-memory.dmp

Filesize
3.9MB

Download
memory/4080-3478-0x00007FF628820000-0x00007FF628C12000-memory.dmp

Filesize
3.9MB

Download
memory/4112-319-0x00007FF6F30B0000-0x00007FF6F34A2000-memory.dmp

Filesize
3.9MB

Download
memory/4356-247-0x00007FF68E2E0000-0x00007FF68E6D2000-memory.dmp

Filesize
3.9MB

Download
memory/4588-105-0x00007FF7C1840000-0x00007FF7C1C32000-memory.dmp

Filesize
3.9MB

Download
memory/4876-322-0x00007FF7272C0000-0x00007FF7276B2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-290-0x00007FF7B9740000-0x00007FF7B9B32000-memory.dmp

Filesize
3.9MB

Download
memory/4984-79-0x00007FF6529B0000-0x00007FF652DA2000-memory.dmp

Filesize
3.9MB

Download
memory/5068-237-0x00007FF7E5EE0000-0x00007FF7E62D2000-memory.dmp

Filesize
3.9MB

Download