xmrig | dd77c4b8cc17bca424666bcc6f13d3797f1bf90a22d32d669463e7836f8ff059

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
Size

1.7MB
MD5

04c38fc68bf4453f99a5c08f87296ef3
SHA1

22976c364134d26a2399304167cc4b58689c7eb1
SHA256

dd77c4b8cc17bca424666bcc6f13d3797f1bf90a22d32d669463e7836f8ff059
SHA512

61ef83082dbc15db3fffc4182d5f14fdffe3e6a63ef9860baa5bc5099b8ef096fa255d423e4a3fc18aed27a25ee536c8bec66a8f447926e31d4df1436de2a8b2
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXeu9:NABV

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/3004-265-0x00007FF730040000-0x00007FF730432000-memory.dmp	xmrig
behavioral2/memory/4608-308-0x00007FF7F67C0000-0x00007FF7F6BB2000-memory.dmp	xmrig
behavioral2/memory/2308-351-0x00007FF688E50000-0x00007FF689242000-memory.dmp	xmrig
behavioral2/memory/1508-398-0x00007FF73FFB0000-0x00007FF7403A2000-memory.dmp	xmrig
behavioral2/memory/688-409-0x00007FF7A0B30000-0x00007FF7A0F22000-memory.dmp	xmrig
behavioral2/memory/2780-423-0x00007FF60DAF0000-0x00007FF60DEE2000-memory.dmp	xmrig
behavioral2/memory/1528-433-0x00007FF642540000-0x00007FF642932000-memory.dmp	xmrig
behavioral2/memory/2884-432-0x00007FF7AC9F0000-0x00007FF7ACDE2000-memory.dmp	xmrig
behavioral2/memory/3648-413-0x00007FF71F4E0000-0x00007FF71F8D2000-memory.dmp	xmrig
behavioral2/memory/3864-412-0x00007FF6E27B0000-0x00007FF6E2BA2000-memory.dmp	xmrig
behavioral2/memory/452-397-0x00007FF7A5AF0000-0x00007FF7A5EE2000-memory.dmp	xmrig
behavioral2/memory/4888-350-0x00007FF762700000-0x00007FF762AF2000-memory.dmp	xmrig
behavioral2/memory/64-341-0x00007FF7DF4F0000-0x00007FF7DF8E2000-memory.dmp	xmrig
behavioral2/memory/1384-337-0x00007FF7BDA50000-0x00007FF7BDE42000-memory.dmp	xmrig
behavioral2/memory/1436-260-0x00007FF6E36D0000-0x00007FF6E3AC2000-memory.dmp	xmrig
behavioral2/memory/2556-204-0x00007FF62A510000-0x00007FF62A902000-memory.dmp	xmrig
behavioral2/memory/5008-166-0x00007FF7103A0000-0x00007FF710792000-memory.dmp	xmrig
behavioral2/memory/4468-162-0x00007FF62B1A0000-0x00007FF62B592000-memory.dmp	xmrig
behavioral2/memory/1736-137-0x00007FF66C4B0000-0x00007FF66C8A2000-memory.dmp	xmrig
behavioral2/memory/468-3089-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	xmrig
behavioral2/memory/3932-3091-0x00007FF7AF5D0000-0x00007FF7AF9C2000-memory.dmp	xmrig
behavioral2/memory/3628-3093-0x00007FF710E10000-0x00007FF711202000-memory.dmp	xmrig
behavioral2/memory/2780-3095-0x00007FF60DAF0000-0x00007FF60DEE2000-memory.dmp	xmrig
behavioral2/memory/3004-3108-0x00007FF730040000-0x00007FF730432000-memory.dmp	xmrig
behavioral2/memory/4468-3111-0x00007FF62B1A0000-0x00007FF62B592000-memory.dmp	xmrig
behavioral2/memory/5008-3110-0x00007FF7103A0000-0x00007FF710792000-memory.dmp	xmrig
behavioral2/memory/1384-3118-0x00007FF7BDA50000-0x00007FF7BDE42000-memory.dmp	xmrig
behavioral2/memory/1436-3124-0x00007FF6E36D0000-0x00007FF6E3AC2000-memory.dmp	xmrig
behavioral2/memory/4888-3126-0x00007FF762700000-0x00007FF762AF2000-memory.dmp	xmrig
behavioral2/memory/4608-3122-0x00007FF7F67C0000-0x00007FF7F6BB2000-memory.dmp	xmrig
behavioral2/memory/1528-3120-0x00007FF642540000-0x00007FF642932000-memory.dmp	xmrig
behavioral2/memory/64-3115-0x00007FF7DF4F0000-0x00007FF7DF8E2000-memory.dmp	xmrig
behavioral2/memory/2556-3113-0x00007FF62A510000-0x00007FF62A902000-memory.dmp	xmrig
behavioral2/memory/3648-3106-0x00007FF71F4E0000-0x00007FF71F8D2000-memory.dmp	xmrig
behavioral2/memory/2884-3102-0x00007FF7AC9F0000-0x00007FF7ACDE2000-memory.dmp	xmrig
behavioral2/memory/2128-3100-0x00007FF6B01F0000-0x00007FF6B05E2000-memory.dmp	xmrig
behavioral2/memory/1092-3104-0x00007FF755CA0000-0x00007FF756092000-memory.dmp	xmrig
behavioral2/memory/1736-3098-0x00007FF66C4B0000-0x00007FF66C8A2000-memory.dmp	xmrig
behavioral2/memory/688-3155-0x00007FF7A0B30000-0x00007FF7A0F22000-memory.dmp	xmrig
behavioral2/memory/1508-3153-0x00007FF73FFB0000-0x00007FF7403A2000-memory.dmp	xmrig
behavioral2/memory/452-3150-0x00007FF7A5AF0000-0x00007FF7A5EE2000-memory.dmp	xmrig
behavioral2/memory/2308-3149-0x00007FF688E50000-0x00007FF689242000-memory.dmp	xmrig
behavioral2/memory/3864-3158-0x00007FF6E27B0000-0x00007FF6E2BA2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	3224	powershell.exe
10	3224	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3224	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
468	DjaPzkU.exe
3932	mscxzjL.exe
3628	OHIjCKu.exe
3648	mdhhzPV.exe
2780	UJRCXWH.exe
1092	WxmsEtr.exe
2128	juOiDBa.exe
1736	qRLRjWQ.exe
2884	DqGHUWC.exe
4468	gYpvBdf.exe
5008	Tsayqix.exe
2556	FPHwhNR.exe
1436	Egykmpy.exe
3004	IqyTaTq.exe
4608	RFgwRhX.exe
1384	DTwALFM.exe
64	ZDtpQkD.exe
4888	UuKrcHi.exe
1528	DglwsEM.exe
2308	EvJxxqe.exe
452	WPPnWCV.exe
1508	eyZabnG.exe
688	YLRnJhx.exe
3864	gjNTJAn.exe
4360	zulZZVb.exe
3288	dDIltii.exe
4928	KbOLMSd.exe
3104	JQTlQaY.exe
836	aCilcKs.exe
2724	TIfeJgz.exe
2112	pyrNErb.exe
208	KlSlVBo.exe
348	mhGtrFr.exe
1908	Hwdxaxv.exe
2968	UaWJwcE.exe
4920	LCeUGVS.exe
3156	ZSmEIVb.exe
1304	tYWBDgq.exe
1832	DrioMop.exe
2500	nUPYrlw.exe
4948	SRtyaNm.exe
3316	CcGGJqN.exe
3544	mUFcExO.exe
3428	zbWNwpK.exe
4796	KqoRdvJ.exe
4612	iWoWXQV.exe
3856	LyzeYDq.exe
2284	JfWjjXD.exe
2892	dRNkPdp.exe
4940	sTGTjtc.exe
1140	MEPTHTR.exe
3624	wuGQHau.exe
2700	PRZFBgH.exe
4336	UdOztiZ.exe
4492	EOdIPne.exe
532	jVopVMH.exe
1072	DcRUNAq.exe
4868	GaJQwLR.exe
4924	mglGIuL.exe
2428	fFskVjS.exe
3108	PwKHWtg.exe
4988	XyhlKAR.exe
4992	AnuIlyY.exe
704	sDyolnU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3764-0-0x00007FF7315A0000-0x00007FF731992000-memory.dmp	upx
behavioral2/files/0x00080000000234bc-5.dat	upx
behavioral2/files/0x00070000000234c1-22.dat	upx
behavioral2/memory/468-10-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	upx
behavioral2/files/0x00070000000234c0-19.dat	upx
behavioral2/files/0x00070000000234c4-34.dat	upx
behavioral2/files/0x00070000000234d1-140.dat	upx
behavioral2/files/0x00070000000234d8-190.dat	upx
behavioral2/memory/3004-265-0x00007FF730040000-0x00007FF730432000-memory.dmp	upx
behavioral2/memory/4608-308-0x00007FF7F67C0000-0x00007FF7F6BB2000-memory.dmp	upx
behavioral2/memory/2308-351-0x00007FF688E50000-0x00007FF689242000-memory.dmp	upx
behavioral2/memory/1508-398-0x00007FF73FFB0000-0x00007FF7403A2000-memory.dmp	upx
behavioral2/memory/688-409-0x00007FF7A0B30000-0x00007FF7A0F22000-memory.dmp	upx
behavioral2/memory/2780-423-0x00007FF60DAF0000-0x00007FF60DEE2000-memory.dmp	upx
behavioral2/memory/1528-433-0x00007FF642540000-0x00007FF642932000-memory.dmp	upx
behavioral2/memory/2884-432-0x00007FF7AC9F0000-0x00007FF7ACDE2000-memory.dmp	upx
behavioral2/memory/3648-413-0x00007FF71F4E0000-0x00007FF71F8D2000-memory.dmp	upx
behavioral2/memory/3864-412-0x00007FF6E27B0000-0x00007FF6E2BA2000-memory.dmp	upx
behavioral2/memory/452-397-0x00007FF7A5AF0000-0x00007FF7A5EE2000-memory.dmp	upx
behavioral2/memory/4888-350-0x00007FF762700000-0x00007FF762AF2000-memory.dmp	upx
behavioral2/memory/64-341-0x00007FF7DF4F0000-0x00007FF7DF8E2000-memory.dmp	upx
behavioral2/memory/1384-337-0x00007FF7BDA50000-0x00007FF7BDE42000-memory.dmp	upx
behavioral2/memory/1436-260-0x00007FF6E36D0000-0x00007FF6E3AC2000-memory.dmp	upx
behavioral2/memory/2556-204-0x00007FF62A510000-0x00007FF62A902000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-187.dat	upx
behavioral2/files/0x00070000000234d6-183.dat	upx
behavioral2/files/0x00070000000234d5-180.dat	upx
behavioral2/files/0x00070000000234e2-177.dat	upx
behavioral2/files/0x00070000000234d4-173.dat	upx
behavioral2/files/0x00070000000234d3-170.dat	upx
behavioral2/memory/5008-166-0x00007FF7103A0000-0x00007FF710792000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-165.dat	upx
behavioral2/memory/4468-162-0x00007FF62B1A0000-0x00007FF62B592000-memory.dmp	upx
behavioral2/files/0x00070000000234e1-161.dat	upx
behavioral2/files/0x00070000000234e0-160.dat	upx
behavioral2/files/0x00070000000234df-159.dat	upx
behavioral2/files/0x00070000000234de-158.dat	upx
behavioral2/files/0x00070000000234d0-156.dat	upx
behavioral2/files/0x00080000000234bd-155.dat	upx
behavioral2/files/0x00070000000234dd-154.dat	upx
behavioral2/files/0x00070000000234cb-152.dat	upx
behavioral2/files/0x00070000000234dc-151.dat	upx
behavioral2/memory/1736-137-0x00007FF66C4B0000-0x00007FF66C8A2000-memory.dmp	upx
behavioral2/files/0x00070000000234db-135.dat	upx
behavioral2/files/0x00070000000234da-134.dat	upx
behavioral2/files/0x00070000000234d9-127.dat	upx
behavioral2/files/0x00070000000234cf-125.dat	upx
behavioral2/files/0x00070000000234ca-120.dat	upx
behavioral2/files/0x00070000000234cd-147.dat	upx
behavioral2/memory/2128-108-0x00007FF6B01F0000-0x00007FF6B05E2000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-93.dat	upx
behavioral2/files/0x00070000000234c5-91.dat	upx
behavioral2/files/0x00070000000234c3-87.dat	upx
behavioral2/files/0x00070000000234cc-81.dat	upx
behavioral2/files/0x00070000000234c8-80.dat	upx
behavioral2/files/0x00070000000234c6-66.dat	upx
behavioral2/files/0x00070000000234c2-65.dat	upx
behavioral2/files/0x00070000000234ce-102.dat	upx
behavioral2/memory/1092-49-0x00007FF755CA0000-0x00007FF756092000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-69.dat	upx
behavioral2/memory/3628-47-0x00007FF710E10000-0x00007FF711202000-memory.dmp	upx
behavioral2/memory/3932-31-0x00007FF7AF5D0000-0x00007FF7AF9C2000-memory.dmp	upx
behavioral2/memory/468-3089-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	upx
behavioral2/memory/3932-3091-0x00007FF7AF5D0000-0x00007FF7AF9C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uCADbJC.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\LsNLkwa.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\QAwGhgs.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\UeOsbOr.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\LyzeYDq.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\YuxloTl.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\suLMoLg.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\HnuGrSU.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\jCaUpys.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\LyXCtmx.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\KYCsBBP.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\CQmcBeH.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\XYkHFUZ.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\ZZFZQHw.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\HqUdUKR.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\RAZUOkE.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\RSnjrTF.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\DcxtLOe.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\GwqgYEC.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\SNZIdiz.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\DqGHUWC.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\YLRnJhx.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\xILRbJb.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\RBhACAY.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\tBQUlJE.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\plSqBjX.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\bbrnwUT.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\ejyCOch.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\YCvoHEA.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\nUPYrlw.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\onvcNlE.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\kuqkPav.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\OeUhdrs.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\QJuheAg.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\wNZyUJf.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\LdQoQJH.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\EsFYoNg.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\yHUzrTr.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\QGUhoBl.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\JVxDltd.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\dZAkAQr.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\jCqyakg.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\ldbLXri.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\pWyhdnk.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\JnKYcOn.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\roSSYYc.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\nGYQlfc.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\DeaQMHT.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\oPlscnB.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\CcGGJqN.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\WLmUtwr.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\NLPpixV.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\mZoQOBU.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\KVCkVFi.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\vxzWDzb.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\WgcYfHf.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\sgdsvqk.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\FaPnCRF.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\aRJPydT.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\aHboKtT.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\DjXBrJj.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\hKZTwPu.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\okdXNFl.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
File created	C:\Windows\System\mURtege.exe	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3224	powershell.exe
3224	powershell.exe
3224	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3224	powershell.exe
Token: SeLockMemoryPrivilege	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 3224	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	85
PID 3764 wrote to memory of 3224	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	85
PID 3764 wrote to memory of 468	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	86
PID 3764 wrote to memory of 468	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	86
PID 3764 wrote to memory of 3932	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	87
PID 3764 wrote to memory of 3932	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	87
PID 3764 wrote to memory of 3628	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	88
PID 3764 wrote to memory of 3628	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	88
PID 3764 wrote to memory of 3648	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	89
PID 3764 wrote to memory of 3648	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	89
PID 3764 wrote to memory of 1092	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	90
PID 3764 wrote to memory of 1092	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	90
PID 3764 wrote to memory of 2780	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	91
PID 3764 wrote to memory of 2780	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	91
PID 3764 wrote to memory of 4468	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	92
PID 3764 wrote to memory of 4468	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	92
PID 3764 wrote to memory of 2128	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	93
PID 3764 wrote to memory of 2128	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	93
PID 3764 wrote to memory of 1736	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	94
PID 3764 wrote to memory of 1736	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	94
PID 3764 wrote to memory of 2884	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	95
PID 3764 wrote to memory of 2884	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	95
PID 3764 wrote to memory of 5008	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	96
PID 3764 wrote to memory of 5008	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	96
PID 3764 wrote to memory of 2556	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	97
PID 3764 wrote to memory of 2556	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	97
PID 3764 wrote to memory of 1436	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	98
PID 3764 wrote to memory of 1436	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	98
PID 3764 wrote to memory of 3004	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	99
PID 3764 wrote to memory of 3004	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	99
PID 3764 wrote to memory of 4608	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	100
PID 3764 wrote to memory of 4608	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	100
PID 3764 wrote to memory of 1384	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	101
PID 3764 wrote to memory of 1384	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	101
PID 3764 wrote to memory of 64	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	102
PID 3764 wrote to memory of 64	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	102
PID 3764 wrote to memory of 4888	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	103
PID 3764 wrote to memory of 4888	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	103
PID 3764 wrote to memory of 1528	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	104
PID 3764 wrote to memory of 1528	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	104
PID 3764 wrote to memory of 2308	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	105
PID 3764 wrote to memory of 2308	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	105
PID 3764 wrote to memory of 452	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	106
PID 3764 wrote to memory of 452	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	106
PID 3764 wrote to memory of 1508	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	107
PID 3764 wrote to memory of 1508	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	107
PID 3764 wrote to memory of 688	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	108
PID 3764 wrote to memory of 688	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	108
PID 3764 wrote to memory of 3864	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	109
PID 3764 wrote to memory of 3864	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	109
PID 3764 wrote to memory of 4360	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	110
PID 3764 wrote to memory of 4360	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	110
PID 3764 wrote to memory of 3288	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	111
PID 3764 wrote to memory of 3288	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	111
PID 3764 wrote to memory of 4928	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	112
PID 3764 wrote to memory of 4928	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	112
PID 3764 wrote to memory of 3104	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	113
PID 3764 wrote to memory of 3104	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	113
PID 3764 wrote to memory of 836	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	114
PID 3764 wrote to memory of 836	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	114
PID 3764 wrote to memory of 2724	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	115
PID 3764 wrote to memory of 2724	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	115
PID 3764 wrote to memory of 2112	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	116
PID 3764 wrote to memory of 2112	3764	04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04c38fc68bf4453f99a5c08f87296ef3_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3224
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3224" "2980" "2884" "2984" "0" "0" "2988" "0" "0" "0" "0" "0"
    3⤵
    PID:13472
- C:\Windows\System\DjaPzkU.exe
  C:\Windows\System\DjaPzkU.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\mscxzjL.exe
  C:\Windows\System\mscxzjL.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\OHIjCKu.exe
  C:\Windows\System\OHIjCKu.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\mdhhzPV.exe
  C:\Windows\System\mdhhzPV.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\WxmsEtr.exe
  C:\Windows\System\WxmsEtr.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\UJRCXWH.exe
  C:\Windows\System\UJRCXWH.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\gYpvBdf.exe
  C:\Windows\System\gYpvBdf.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\juOiDBa.exe
  C:\Windows\System\juOiDBa.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\qRLRjWQ.exe
  C:\Windows\System\qRLRjWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\DqGHUWC.exe
  C:\Windows\System\DqGHUWC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\Tsayqix.exe
  C:\Windows\System\Tsayqix.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\FPHwhNR.exe
  C:\Windows\System\FPHwhNR.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\Egykmpy.exe
  C:\Windows\System\Egykmpy.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\IqyTaTq.exe
  C:\Windows\System\IqyTaTq.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\RFgwRhX.exe
  C:\Windows\System\RFgwRhX.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\DTwALFM.exe
  C:\Windows\System\DTwALFM.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\ZDtpQkD.exe
  C:\Windows\System\ZDtpQkD.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\UuKrcHi.exe
  C:\Windows\System\UuKrcHi.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\DglwsEM.exe
  C:\Windows\System\DglwsEM.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\EvJxxqe.exe
  C:\Windows\System\EvJxxqe.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\WPPnWCV.exe
  C:\Windows\System\WPPnWCV.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\eyZabnG.exe
  C:\Windows\System\eyZabnG.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\YLRnJhx.exe
  C:\Windows\System\YLRnJhx.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\gjNTJAn.exe
  C:\Windows\System\gjNTJAn.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\zulZZVb.exe
  C:\Windows\System\zulZZVb.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\dDIltii.exe
  C:\Windows\System\dDIltii.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\KbOLMSd.exe
  C:\Windows\System\KbOLMSd.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\JQTlQaY.exe
  C:\Windows\System\JQTlQaY.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\aCilcKs.exe
  C:\Windows\System\aCilcKs.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\TIfeJgz.exe
  C:\Windows\System\TIfeJgz.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\pyrNErb.exe
  C:\Windows\System\pyrNErb.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\KlSlVBo.exe
  C:\Windows\System\KlSlVBo.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\mhGtrFr.exe
  C:\Windows\System\mhGtrFr.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\Hwdxaxv.exe
  C:\Windows\System\Hwdxaxv.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\UaWJwcE.exe
  C:\Windows\System\UaWJwcE.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LCeUGVS.exe
  C:\Windows\System\LCeUGVS.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\ZSmEIVb.exe
  C:\Windows\System\ZSmEIVb.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\tYWBDgq.exe
  C:\Windows\System\tYWBDgq.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\DrioMop.exe
  C:\Windows\System\DrioMop.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\nUPYrlw.exe
  C:\Windows\System\nUPYrlw.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\SRtyaNm.exe
  C:\Windows\System\SRtyaNm.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\CcGGJqN.exe
  C:\Windows\System\CcGGJqN.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\mUFcExO.exe
  C:\Windows\System\mUFcExO.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\zbWNwpK.exe
  C:\Windows\System\zbWNwpK.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\KqoRdvJ.exe
  C:\Windows\System\KqoRdvJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\iWoWXQV.exe
  C:\Windows\System\iWoWXQV.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\LyzeYDq.exe
  C:\Windows\System\LyzeYDq.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\JfWjjXD.exe
  C:\Windows\System\JfWjjXD.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dRNkPdp.exe
  C:\Windows\System\dRNkPdp.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\sTGTjtc.exe
  C:\Windows\System\sTGTjtc.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\MEPTHTR.exe
  C:\Windows\System\MEPTHTR.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\wuGQHau.exe
  C:\Windows\System\wuGQHau.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\PRZFBgH.exe
  C:\Windows\System\PRZFBgH.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\UdOztiZ.exe
  C:\Windows\System\UdOztiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\EOdIPne.exe
  C:\Windows\System\EOdIPne.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\jVopVMH.exe
  C:\Windows\System\jVopVMH.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\DcRUNAq.exe
  C:\Windows\System\DcRUNAq.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\GaJQwLR.exe
  C:\Windows\System\GaJQwLR.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\mglGIuL.exe
  C:\Windows\System\mglGIuL.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\fFskVjS.exe
  C:\Windows\System\fFskVjS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\PwKHWtg.exe
  C:\Windows\System\PwKHWtg.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\XyhlKAR.exe
  C:\Windows\System\XyhlKAR.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\AnuIlyY.exe
  C:\Windows\System\AnuIlyY.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\CAOecxE.exe
  C:\Windows\System\CAOecxE.exe
  2⤵
  PID:1052
- C:\Windows\System\sDyolnU.exe
  C:\Windows\System\sDyolnU.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\zfonGuU.exe
  C:\Windows\System\zfonGuU.exe
  2⤵
  PID:1712
- C:\Windows\System\vSfAOUG.exe
  C:\Windows\System\vSfAOUG.exe
  2⤵
  PID:3976
- C:\Windows\System\RkeNfxV.exe
  C:\Windows\System\RkeNfxV.exe
  2⤵
  PID:1148
- C:\Windows\System\hHrdUXr.exe
  C:\Windows\System\hHrdUXr.exe
  2⤵
  PID:4304
- C:\Windows\System\JcTQUwQ.exe
  C:\Windows\System\JcTQUwQ.exe
  2⤵
  PID:3868
- C:\Windows\System\kDVgAwk.exe
  C:\Windows\System\kDVgAwk.exe
  2⤵
  PID:232
- C:\Windows\System\nOctBId.exe
  C:\Windows\System\nOctBId.exe
  2⤵
  PID:1848
- C:\Windows\System\rQsxvuH.exe
  C:\Windows\System\rQsxvuH.exe
  2⤵
  PID:1288
- C:\Windows\System\ZNpKDJh.exe
  C:\Windows\System\ZNpKDJh.exe
  2⤵
  PID:2272
- C:\Windows\System\ttYDdhE.exe
  C:\Windows\System\ttYDdhE.exe
  2⤵
  PID:4308
- C:\Windows\System\zonVVaA.exe
  C:\Windows\System\zonVVaA.exe
  2⤵
  PID:2032
- C:\Windows\System\PeITUME.exe
  C:\Windows\System\PeITUME.exe
  2⤵
  PID:2800
- C:\Windows\System\AkrnjIm.exe
  C:\Windows\System\AkrnjIm.exe
  2⤵
  PID:1796
- C:\Windows\System\CKxGzya.exe
  C:\Windows\System\CKxGzya.exe
  2⤵
  PID:2116
- C:\Windows\System\yrHZxMg.exe
  C:\Windows\System\yrHZxMg.exe
  2⤵
  PID:1764
- C:\Windows\System\fKDDGGq.exe
  C:\Windows\System\fKDDGGq.exe
  2⤵
  PID:5136
- C:\Windows\System\ALRKxIQ.exe
  C:\Windows\System\ALRKxIQ.exe
  2⤵
  PID:5160
- C:\Windows\System\NIZeUbg.exe
  C:\Windows\System\NIZeUbg.exe
  2⤵
  PID:5176
- C:\Windows\System\CDFtpii.exe
  C:\Windows\System\CDFtpii.exe
  2⤵
  PID:5196
- C:\Windows\System\LWqhOWe.exe
  C:\Windows\System\LWqhOWe.exe
  2⤵
  PID:5224
- C:\Windows\System\PYRmfUT.exe
  C:\Windows\System\PYRmfUT.exe
  2⤵
  PID:5240
- C:\Windows\System\NKCmoDD.exe
  C:\Windows\System\NKCmoDD.exe
  2⤵
  PID:5256
- C:\Windows\System\jCaUpys.exe
  C:\Windows\System\jCaUpys.exe
  2⤵
  PID:5284
- C:\Windows\System\tGMMpEL.exe
  C:\Windows\System\tGMMpEL.exe
  2⤵
  PID:5304
- C:\Windows\System\oFbnalU.exe
  C:\Windows\System\oFbnalU.exe
  2⤵
  PID:5332
- C:\Windows\System\IYYjRhn.exe
  C:\Windows\System\IYYjRhn.exe
  2⤵
  PID:5348
- C:\Windows\System\JlVVkLD.exe
  C:\Windows\System\JlVVkLD.exe
  2⤵
  PID:5372
- C:\Windows\System\QLPvDIT.exe
  C:\Windows\System\QLPvDIT.exe
  2⤵
  PID:5396
- C:\Windows\System\lZiFvFU.exe
  C:\Windows\System\lZiFvFU.exe
  2⤵
  PID:5412
- C:\Windows\System\HuRQZTY.exe
  C:\Windows\System\HuRQZTY.exe
  2⤵
  PID:5432
- C:\Windows\System\vErjTqI.exe
  C:\Windows\System\vErjTqI.exe
  2⤵
  PID:5456
- C:\Windows\System\KnabuYc.exe
  C:\Windows\System\KnabuYc.exe
  2⤵
  PID:5476
- C:\Windows\System\UDGVXMR.exe
  C:\Windows\System\UDGVXMR.exe
  2⤵
  PID:5792
- C:\Windows\System\NhORtCu.exe
  C:\Windows\System\NhORtCu.exe
  2⤵
  PID:5808
- C:\Windows\System\GYKNaUW.exe
  C:\Windows\System\GYKNaUW.exe
  2⤵
  PID:5832
- C:\Windows\System\udhSbKj.exe
  C:\Windows\System\udhSbKj.exe
  2⤵
  PID:5852
- C:\Windows\System\ZyoAoqR.exe
  C:\Windows\System\ZyoAoqR.exe
  2⤵
  PID:5872
- C:\Windows\System\onGYwwF.exe
  C:\Windows\System\onGYwwF.exe
  2⤵
  PID:5900
- C:\Windows\System\cApyegN.exe
  C:\Windows\System\cApyegN.exe
  2⤵
  PID:5920
- C:\Windows\System\UGbGvhU.exe
  C:\Windows\System\UGbGvhU.exe
  2⤵
  PID:5940
- C:\Windows\System\nZYRyjj.exe
  C:\Windows\System\nZYRyjj.exe
  2⤵
  PID:5956
- C:\Windows\System\uTNxZLE.exe
  C:\Windows\System\uTNxZLE.exe
  2⤵
  PID:5980
- C:\Windows\System\zJYdTzj.exe
  C:\Windows\System\zJYdTzj.exe
  2⤵
  PID:6000
- C:\Windows\System\RQDDDfw.exe
  C:\Windows\System\RQDDDfw.exe
  2⤵
  PID:6020
- C:\Windows\System\vxzWDzb.exe
  C:\Windows\System\vxzWDzb.exe
  2⤵
  PID:6044
- C:\Windows\System\wmkmiAW.exe
  C:\Windows\System\wmkmiAW.exe
  2⤵
  PID:6060
- C:\Windows\System\ahYAJsP.exe
  C:\Windows\System\ahYAJsP.exe
  2⤵
  PID:6100
- C:\Windows\System\iKCkpDg.exe
  C:\Windows\System\iKCkpDg.exe
  2⤵
  PID:6116
- C:\Windows\System\UYFNdMw.exe
  C:\Windows\System\UYFNdMw.exe
  2⤵
  PID:6140
- C:\Windows\System\qsUPQHm.exe
  C:\Windows\System\qsUPQHm.exe
  2⤵
  PID:5424
- C:\Windows\System\xNpAotj.exe
  C:\Windows\System\xNpAotj.exe
  2⤵
  PID:5464
- C:\Windows\System\KeyAxvA.exe
  C:\Windows\System\KeyAxvA.exe
  2⤵
  PID:5888
- C:\Windows\System\kKpopyK.exe
  C:\Windows\System\kKpopyK.exe
  2⤵
  PID:5952
- C:\Windows\System\PNIzYvr.exe
  C:\Windows\System\PNIzYvr.exe
  2⤵
  PID:5988
- C:\Windows\System\SVuheqC.exe
  C:\Windows\System\SVuheqC.exe
  2⤵
  PID:6016
- C:\Windows\System\WgRfTBs.exe
  C:\Windows\System\WgRfTBs.exe
  2⤵
  PID:6056
- C:\Windows\System\qGDDMdD.exe
  C:\Windows\System\qGDDMdD.exe
  2⤵
  PID:6108
- C:\Windows\System\aXeKIAo.exe
  C:\Windows\System\aXeKIAo.exe
  2⤵
  PID:6136
- C:\Windows\System\kLzbzFn.exe
  C:\Windows\System\kLzbzFn.exe
  2⤵
  PID:4944
- C:\Windows\System\RdwvqEV.exe
  C:\Windows\System\RdwvqEV.exe
  2⤵
  PID:2256
- C:\Windows\System\tUOsZXw.exe
  C:\Windows\System\tUOsZXw.exe
  2⤵
  PID:3124
- C:\Windows\System\uJIByJH.exe
  C:\Windows\System\uJIByJH.exe
  2⤵
  PID:1152
- C:\Windows\System\FwOoaZQ.exe
  C:\Windows\System\FwOoaZQ.exe
  2⤵
  PID:4180
- C:\Windows\System\bBOjsap.exe
  C:\Windows\System\bBOjsap.exe
  2⤵
  PID:1800
- C:\Windows\System\Ahtcshc.exe
  C:\Windows\System\Ahtcshc.exe
  2⤵
  PID:5044
- C:\Windows\System\stvaZDm.exe
  C:\Windows\System\stvaZDm.exe
  2⤵
  PID:5356
- C:\Windows\System\CeCTzIF.exe
  C:\Windows\System\CeCTzIF.exe
  2⤵
  PID:5384
- C:\Windows\System\ggUrOSv.exe
  C:\Windows\System\ggUrOSv.exe
  2⤵
  PID:5656
- C:\Windows\System\MpxteSf.exe
  C:\Windows\System\MpxteSf.exe
  2⤵
  PID:1756
- C:\Windows\System\GrXvmOi.exe
  C:\Windows\System\GrXvmOi.exe
  2⤵
  PID:2224
- C:\Windows\System\wavFhoc.exe
  C:\Windows\System\wavFhoc.exe
  2⤵
  PID:2004
- C:\Windows\System\WCXEbUU.exe
  C:\Windows\System\WCXEbUU.exe
  2⤵
  PID:3408
- C:\Windows\System\DTqOPhc.exe
  C:\Windows\System\DTqOPhc.exe
  2⤵
  PID:1684
- C:\Windows\System\bVLMlet.exe
  C:\Windows\System\bVLMlet.exe
  2⤵
  PID:4108
- C:\Windows\System\EvDptqn.exe
  C:\Windows\System\EvDptqn.exe
  2⤵
  PID:4404
- C:\Windows\System\GrroXYc.exe
  C:\Windows\System\GrroXYc.exe
  2⤵
  PID:4896
- C:\Windows\System\uEEjlcE.exe
  C:\Windows\System\uEEjlcE.exe
  2⤵
  PID:2436
- C:\Windows\System\OxWTdCG.exe
  C:\Windows\System\OxWTdCG.exe
  2⤵
  PID:2352
- C:\Windows\System\ZvsmaIH.exe
  C:\Windows\System\ZvsmaIH.exe
  2⤵
  PID:1680
- C:\Windows\System\OuPgozj.exe
  C:\Windows\System\OuPgozj.exe
  2⤵
  PID:3960
- C:\Windows\System\soKOEsG.exe
  C:\Windows\System\soKOEsG.exe
  2⤵
  PID:2988
- C:\Windows\System\fwSAyvQ.exe
  C:\Windows\System\fwSAyvQ.exe
  2⤵
  PID:2696
- C:\Windows\System\GFDHSts.exe
  C:\Windows\System\GFDHSts.exe
  2⤵
  PID:5936
- C:\Windows\System\EZOgdHT.exe
  C:\Windows\System\EZOgdHT.exe
  2⤵
  PID:5684
- C:\Windows\System\bznUHxK.exe
  C:\Windows\System\bznUHxK.exe
  2⤵
  PID:6088
- C:\Windows\System\ByOAjha.exe
  C:\Windows\System\ByOAjha.exe
  2⤵
  PID:6040
- C:\Windows\System\PxpaXup.exe
  C:\Windows\System\PxpaXup.exe
  2⤵
  PID:4236
- C:\Windows\System\KDqJhaD.exe
  C:\Windows\System\KDqJhaD.exe
  2⤵
  PID:1392
- C:\Windows\System\WsQuFSu.exe
  C:\Windows\System\WsQuFSu.exe
  2⤵
  PID:1356
- C:\Windows\System\WMAUsTj.exe
  C:\Windows\System\WMAUsTj.exe
  2⤵
  PID:5344
- C:\Windows\System\XHyXdnm.exe
  C:\Windows\System\XHyXdnm.exe
  2⤵
  PID:3464
- C:\Windows\System\SrKeMDl.exe
  C:\Windows\System\SrKeMDl.exe
  2⤵
  PID:4852
- C:\Windows\System\AohvFOx.exe
  C:\Windows\System\AohvFOx.exe
  2⤵
  PID:2840
- C:\Windows\System\YHvzeCH.exe
  C:\Windows\System\YHvzeCH.exe
  2⤵
  PID:1944
- C:\Windows\System\AhGNwVg.exe
  C:\Windows\System\AhGNwVg.exe
  2⤵
  PID:1380
- C:\Windows\System\sYCAsad.exe
  C:\Windows\System\sYCAsad.exe
  2⤵
  PID:6148
- C:\Windows\System\xRfNOVb.exe
  C:\Windows\System\xRfNOVb.exe
  2⤵
  PID:6172
- C:\Windows\System\qHaphav.exe
  C:\Windows\System\qHaphav.exe
  2⤵
  PID:6192
- C:\Windows\System\aktZJiH.exe
  C:\Windows\System\aktZJiH.exe
  2⤵
  PID:6212
- C:\Windows\System\UYVQdou.exe
  C:\Windows\System\UYVQdou.exe
  2⤵
  PID:6240
- C:\Windows\System\LRJCJPU.exe
  C:\Windows\System\LRJCJPU.exe
  2⤵
  PID:6260
- C:\Windows\System\XEuyhYB.exe
  C:\Windows\System\XEuyhYB.exe
  2⤵
  PID:6280
- C:\Windows\System\wwRsvtl.exe
  C:\Windows\System\wwRsvtl.exe
  2⤵
  PID:6300
- C:\Windows\System\kgNoRGz.exe
  C:\Windows\System\kgNoRGz.exe
  2⤵
  PID:6320
- C:\Windows\System\DBzVSvi.exe
  C:\Windows\System\DBzVSvi.exe
  2⤵
  PID:6340
- C:\Windows\System\KhXHJji.exe
  C:\Windows\System\KhXHJji.exe
  2⤵
  PID:6360
- C:\Windows\System\tBQUlJE.exe
  C:\Windows\System\tBQUlJE.exe
  2⤵
  PID:6380
- C:\Windows\System\UBfawzy.exe
  C:\Windows\System\UBfawzy.exe
  2⤵
  PID:6404
- C:\Windows\System\GxSFCNH.exe
  C:\Windows\System\GxSFCNH.exe
  2⤵
  PID:6420
- C:\Windows\System\fXFEUwO.exe
  C:\Windows\System\fXFEUwO.exe
  2⤵
  PID:6444
- C:\Windows\System\TDvVMrN.exe
  C:\Windows\System\TDvVMrN.exe
  2⤵
  PID:6468
- C:\Windows\System\gRWOXcJ.exe
  C:\Windows\System\gRWOXcJ.exe
  2⤵
  PID:6488
- C:\Windows\System\cJvjCcn.exe
  C:\Windows\System\cJvjCcn.exe
  2⤵
  PID:6508
- C:\Windows\System\MweobwH.exe
  C:\Windows\System\MweobwH.exe
  2⤵
  PID:6524
- C:\Windows\System\AprcwIt.exe
  C:\Windows\System\AprcwIt.exe
  2⤵
  PID:6548
- C:\Windows\System\FXZvXXD.exe
  C:\Windows\System\FXZvXXD.exe
  2⤵
  PID:6568
- C:\Windows\System\TLzHiDh.exe
  C:\Windows\System\TLzHiDh.exe
  2⤵
  PID:6592
- C:\Windows\System\nqBkEnw.exe
  C:\Windows\System\nqBkEnw.exe
  2⤵
  PID:6612
- C:\Windows\System\SjhdlLA.exe
  C:\Windows\System\SjhdlLA.exe
  2⤵
  PID:6632
- C:\Windows\System\siRLBtM.exe
  C:\Windows\System\siRLBtM.exe
  2⤵
  PID:6656
- C:\Windows\System\TSPuGNU.exe
  C:\Windows\System\TSPuGNU.exe
  2⤵
  PID:6680
- C:\Windows\System\SNwrCFw.exe
  C:\Windows\System\SNwrCFw.exe
  2⤵
  PID:6700
- C:\Windows\System\bOaFibl.exe
  C:\Windows\System\bOaFibl.exe
  2⤵
  PID:6724
- C:\Windows\System\HmwwgIE.exe
  C:\Windows\System\HmwwgIE.exe
  2⤵
  PID:6740
- C:\Windows\System\eoSVRuw.exe
  C:\Windows\System\eoSVRuw.exe
  2⤵
  PID:6768
- C:\Windows\System\BxllkEW.exe
  C:\Windows\System\BxllkEW.exe
  2⤵
  PID:6788
- C:\Windows\System\gPHiCuz.exe
  C:\Windows\System\gPHiCuz.exe
  2⤵
  PID:6804
- C:\Windows\System\MYtBrML.exe
  C:\Windows\System\MYtBrML.exe
  2⤵
  PID:6828
- C:\Windows\System\VuYTAvf.exe
  C:\Windows\System\VuYTAvf.exe
  2⤵
  PID:6848
- C:\Windows\System\eLYtlvx.exe
  C:\Windows\System\eLYtlvx.exe
  2⤵
  PID:6868
- C:\Windows\System\KxgEGeX.exe
  C:\Windows\System\KxgEGeX.exe
  2⤵
  PID:6892
- C:\Windows\System\govKPbV.exe
  C:\Windows\System\govKPbV.exe
  2⤵
  PID:6908
- C:\Windows\System\tzKYjbz.exe
  C:\Windows\System\tzKYjbz.exe
  2⤵
  PID:6936
- C:\Windows\System\WCBtdsy.exe
  C:\Windows\System\WCBtdsy.exe
  2⤵
  PID:6952
- C:\Windows\System\QePxMSK.exe
  C:\Windows\System\QePxMSK.exe
  2⤵
  PID:6976
- C:\Windows\System\TpyGDrt.exe
  C:\Windows\System\TpyGDrt.exe
  2⤵
  PID:6996
- C:\Windows\System\utfWyPp.exe
  C:\Windows\System\utfWyPp.exe
  2⤵
  PID:7016
- C:\Windows\System\dZvaoFu.exe
  C:\Windows\System\dZvaoFu.exe
  2⤵
  PID:7036
- C:\Windows\System\LHRHSyb.exe
  C:\Windows\System\LHRHSyb.exe
  2⤵
  PID:7060
- C:\Windows\System\BFUhRdQ.exe
  C:\Windows\System\BFUhRdQ.exe
  2⤵
  PID:7076
- C:\Windows\System\KFUdXFK.exe
  C:\Windows\System\KFUdXFK.exe
  2⤵
  PID:7100
- C:\Windows\System\YldXbCq.exe
  C:\Windows\System\YldXbCq.exe
  2⤵
  PID:7120
- C:\Windows\System\tSNLYiZ.exe
  C:\Windows\System\tSNLYiZ.exe
  2⤵
  PID:7140
- C:\Windows\System\MbPTJQs.exe
  C:\Windows\System\MbPTJQs.exe
  2⤵
  PID:5864
- C:\Windows\System\AhPfSZf.exe
  C:\Windows\System\AhPfSZf.exe
  2⤵
  PID:3908
- C:\Windows\System\qLtvmNm.exe
  C:\Windows\System\qLtvmNm.exe
  2⤵
  PID:784
- C:\Windows\System\wQlIPwn.exe
  C:\Windows\System\wQlIPwn.exe
  2⤵
  PID:2324
- C:\Windows\System\NkTsLqC.exe
  C:\Windows\System\NkTsLqC.exe
  2⤵
  PID:1552
- C:\Windows\System\ooUFIFl.exe
  C:\Windows\System\ooUFIFl.exe
  2⤵
  PID:6184
- C:\Windows\System\OwNpNHB.exe
  C:\Windows\System\OwNpNHB.exe
  2⤵
  PID:6252
- C:\Windows\System\iEUhTPM.exe
  C:\Windows\System\iEUhTPM.exe
  2⤵
  PID:3772
- C:\Windows\System\QtGZdhp.exe
  C:\Windows\System\QtGZdhp.exe
  2⤵
  PID:6348
- C:\Windows\System\ddCeSda.exe
  C:\Windows\System\ddCeSda.exe
  2⤵
  PID:5440
- C:\Windows\System\kQUJOyb.exe
  C:\Windows\System\kQUJOyb.exe
  2⤵
  PID:6396
- C:\Windows\System\gDysCOX.exe
  C:\Windows\System\gDysCOX.exe
  2⤵
  PID:6484
- C:\Windows\System\QIGxDUD.exe
  C:\Windows\System\QIGxDUD.exe
  2⤵
  PID:6532
- C:\Windows\System\axqvWSw.exe
  C:\Windows\System\axqvWSw.exe
  2⤵
  PID:5528
- C:\Windows\System\GFbELko.exe
  C:\Windows\System\GFbELko.exe
  2⤵
  PID:6076
- C:\Windows\System\OjpkLFD.exe
  C:\Windows\System\OjpkLFD.exe
  2⤵
  PID:6256
- C:\Windows\System\MakDzQU.exe
  C:\Windows\System\MakDzQU.exe
  2⤵
  PID:6296
- C:\Windows\System\rWeizfL.exe
  C:\Windows\System\rWeizfL.exe
  2⤵
  PID:7180
- C:\Windows\System\fBQWCzf.exe
  C:\Windows\System\fBQWCzf.exe
  2⤵
  PID:7196
- C:\Windows\System\xKXcZUV.exe
  C:\Windows\System\xKXcZUV.exe
  2⤵
  PID:7220
- C:\Windows\System\daSHZDY.exe
  C:\Windows\System\daSHZDY.exe
  2⤵
  PID:7236
- C:\Windows\System\DeuTfoh.exe
  C:\Windows\System\DeuTfoh.exe
  2⤵
  PID:7260
- C:\Windows\System\UfJnKUo.exe
  C:\Windows\System\UfJnKUo.exe
  2⤵
  PID:7284
- C:\Windows\System\xgqWLAt.exe
  C:\Windows\System\xgqWLAt.exe
  2⤵
  PID:7304
- C:\Windows\System\ToZpUuH.exe
  C:\Windows\System\ToZpUuH.exe
  2⤵
  PID:7324
- C:\Windows\System\kdrubTr.exe
  C:\Windows\System\kdrubTr.exe
  2⤵
  PID:7340
- C:\Windows\System\SfRBrUq.exe
  C:\Windows\System\SfRBrUq.exe
  2⤵
  PID:7368
- C:\Windows\System\FWIysHP.exe
  C:\Windows\System\FWIysHP.exe
  2⤵
  PID:7388
- C:\Windows\System\TSgNOyz.exe
  C:\Windows\System\TSgNOyz.exe
  2⤵
  PID:7412
- C:\Windows\System\PfrmGfk.exe
  C:\Windows\System\PfrmGfk.exe
  2⤵
  PID:7432
- C:\Windows\System\weEsusv.exe
  C:\Windows\System\weEsusv.exe
  2⤵
  PID:7456
- C:\Windows\System\ZAejSQC.exe
  C:\Windows\System\ZAejSQC.exe
  2⤵
  PID:7480
- C:\Windows\System\lxBPwZb.exe
  C:\Windows\System\lxBPwZb.exe
  2⤵
  PID:7504
- C:\Windows\System\RtpCQaN.exe
  C:\Windows\System\RtpCQaN.exe
  2⤵
  PID:7524
- C:\Windows\System\jDBxEHr.exe
  C:\Windows\System\jDBxEHr.exe
  2⤵
  PID:7544
- C:\Windows\System\FbgKpfo.exe
  C:\Windows\System\FbgKpfo.exe
  2⤵
  PID:7564
- C:\Windows\System\RkgfXtK.exe
  C:\Windows\System\RkgfXtK.exe
  2⤵
  PID:7588
- C:\Windows\System\njUKKHh.exe
  C:\Windows\System\njUKKHh.exe
  2⤵
  PID:7608
- C:\Windows\System\SYeUuWK.exe
  C:\Windows\System\SYeUuWK.exe
  2⤵
  PID:7628
- C:\Windows\System\leeKGRR.exe
  C:\Windows\System\leeKGRR.exe
  2⤵
  PID:7648
- C:\Windows\System\ztTPHBc.exe
  C:\Windows\System\ztTPHBc.exe
  2⤵
  PID:7672
- C:\Windows\System\neDSiuo.exe
  C:\Windows\System\neDSiuo.exe
  2⤵
  PID:7692
- C:\Windows\System\WDzZSSX.exe
  C:\Windows\System\WDzZSSX.exe
  2⤵
  PID:7716
- C:\Windows\System\RiPlkwo.exe
  C:\Windows\System\RiPlkwo.exe
  2⤵
  PID:7736
- C:\Windows\System\xqYFpSz.exe
  C:\Windows\System\xqYFpSz.exe
  2⤵
  PID:7756
- C:\Windows\System\kehVZoN.exe
  C:\Windows\System\kehVZoN.exe
  2⤵
  PID:7780
- C:\Windows\System\jLprBDv.exe
  C:\Windows\System\jLprBDv.exe
  2⤵
  PID:7796
- C:\Windows\System\gXVVQhu.exe
  C:\Windows\System\gXVVQhu.exe
  2⤵
  PID:7820
- C:\Windows\System\LBbyKyX.exe
  C:\Windows\System\LBbyKyX.exe
  2⤵
  PID:7844
- C:\Windows\System\ecjCeiZ.exe
  C:\Windows\System\ecjCeiZ.exe
  2⤵
  PID:7864
- C:\Windows\System\jdCIAOu.exe
  C:\Windows\System\jdCIAOu.exe
  2⤵
  PID:7884
- C:\Windows\System\zVWUGXJ.exe
  C:\Windows\System\zVWUGXJ.exe
  2⤵
  PID:7908
- C:\Windows\System\PJXdGJL.exe
  C:\Windows\System\PJXdGJL.exe
  2⤵
  PID:7928
- C:\Windows\System\wbJyBQM.exe
  C:\Windows\System\wbJyBQM.exe
  2⤵
  PID:7952
- C:\Windows\System\keBpANy.exe
  C:\Windows\System\keBpANy.exe
  2⤵
  PID:7976
- C:\Windows\System\hNtWVSb.exe
  C:\Windows\System\hNtWVSb.exe
  2⤵
  PID:7996
- C:\Windows\System\DOBuzpk.exe
  C:\Windows\System\DOBuzpk.exe
  2⤵
  PID:8016
- C:\Windows\System\wjuzKLO.exe
  C:\Windows\System\wjuzKLO.exe
  2⤵
  PID:8040
- C:\Windows\System\AJFVJBe.exe
  C:\Windows\System\AJFVJBe.exe
  2⤵
  PID:8060
- C:\Windows\System\JZfILNN.exe
  C:\Windows\System\JZfILNN.exe
  2⤵
  PID:8080
- C:\Windows\System\AuWeppr.exe
  C:\Windows\System\AuWeppr.exe
  2⤵
  PID:8100
- C:\Windows\System\cYDxdJy.exe
  C:\Windows\System\cYDxdJy.exe
  2⤵
  PID:8116
- C:\Windows\System\BfsdtNR.exe
  C:\Windows\System\BfsdtNR.exe
  2⤵
  PID:8136
- C:\Windows\System\ktTqBpm.exe
  C:\Windows\System\ktTqBpm.exe
  2⤵
  PID:8156
- C:\Windows\System\oDOejxP.exe
  C:\Windows\System\oDOejxP.exe
  2⤵
  PID:8176
- C:\Windows\System\tZWkWHj.exe
  C:\Windows\System\tZWkWHj.exe
  2⤵
  PID:4024
- C:\Windows\System\EGROBJn.exe
  C:\Windows\System\EGROBJn.exe
  2⤵
  PID:6960
- C:\Windows\System\sdxfcab.exe
  C:\Windows\System\sdxfcab.exe
  2⤵
  PID:7008
- C:\Windows\System\XutteTc.exe
  C:\Windows\System\XutteTc.exe
  2⤵
  PID:7052
- C:\Windows\System\ImlNYox.exe
  C:\Windows\System\ImlNYox.exe
  2⤵
  PID:7132
- C:\Windows\System\qnIkxYK.exe
  C:\Windows\System\qnIkxYK.exe
  2⤵
  PID:6648
- C:\Windows\System\KmBwNur.exe
  C:\Windows\System\KmBwNur.exe
  2⤵
  PID:6716
- C:\Windows\System\NNyoJfw.exe
  C:\Windows\System\NNyoJfw.exe
  2⤵
  PID:6784
- C:\Windows\System\XLxWlVK.exe
  C:\Windows\System\XLxWlVK.exe
  2⤵
  PID:7216
- C:\Windows\System\egGvJyh.exe
  C:\Windows\System\egGvJyh.exe
  2⤵
  PID:6816
- C:\Windows\System\nQtoyiN.exe
  C:\Windows\System\nQtoyiN.exe
  2⤵
  PID:6440
- C:\Windows\System\mbvpdzH.exe
  C:\Windows\System\mbvpdzH.exe
  2⤵
  PID:7336
- C:\Windows\System\iHHbcCY.exe
  C:\Windows\System\iHHbcCY.exe
  2⤵
  PID:7420
- C:\Windows\System\DCbAtnl.exe
  C:\Windows\System\DCbAtnl.exe
  2⤵
  PID:7108
- C:\Windows\System\fbuDxTY.exe
  C:\Windows\System\fbuDxTY.exe
  2⤵
  PID:7620
- C:\Windows\System\GBmNqZo.exe
  C:\Windows\System\GBmNqZo.exe
  2⤵
  PID:6276
- C:\Windows\System\gbaXmTP.exe
  C:\Windows\System\gbaXmTP.exe
  2⤵
  PID:6372
- C:\Windows\System\JDLIGaG.exe
  C:\Windows\System\JDLIGaG.exe
  2⤵
  PID:6748
- C:\Windows\System\SNpJxlI.exe
  C:\Windows\System\SNpJxlI.exe
  2⤵
  PID:7856
- C:\Windows\System\uYATqwx.exe
  C:\Windows\System\uYATqwx.exe
  2⤵
  PID:6124
- C:\Windows\System\NtBWMVS.exe
  C:\Windows\System\NtBWMVS.exe
  2⤵
  PID:7176
- C:\Windows\System\XUUjATn.exe
  C:\Windows\System\XUUjATn.exe
  2⤵
  PID:7964
- C:\Windows\System\GrYGJAz.exe
  C:\Windows\System\GrYGJAz.exe
  2⤵
  PID:8208
- C:\Windows\System\DKBQKWQ.exe
  C:\Windows\System\DKBQKWQ.exe
  2⤵
  PID:8224
- C:\Windows\System\QMVXvqj.exe
  C:\Windows\System\QMVXvqj.exe
  2⤵
  PID:8248
- C:\Windows\System\KkJMGzN.exe
  C:\Windows\System\KkJMGzN.exe
  2⤵
  PID:8268
- C:\Windows\System\nlIObkH.exe
  C:\Windows\System\nlIObkH.exe
  2⤵
  PID:8288
- C:\Windows\System\XXyZjGX.exe
  C:\Windows\System\XXyZjGX.exe
  2⤵
  PID:8312
- C:\Windows\System\yfwGiZy.exe
  C:\Windows\System\yfwGiZy.exe
  2⤵
  PID:8340
- C:\Windows\System\HPCgwvi.exe
  C:\Windows\System\HPCgwvi.exe
  2⤵
  PID:8360
- C:\Windows\System\yhjmhiH.exe
  C:\Windows\System\yhjmhiH.exe
  2⤵
  PID:8380
- C:\Windows\System\gjQbuhe.exe
  C:\Windows\System\gjQbuhe.exe
  2⤵
  PID:8400
- C:\Windows\System\hlIuNVD.exe
  C:\Windows\System\hlIuNVD.exe
  2⤵
  PID:8420
- C:\Windows\System\BaFSYvK.exe
  C:\Windows\System\BaFSYvK.exe
  2⤵
  PID:8440
- C:\Windows\System\IzIDehd.exe
  C:\Windows\System\IzIDehd.exe
  2⤵
  PID:8460
- C:\Windows\System\QERcuNs.exe
  C:\Windows\System\QERcuNs.exe
  2⤵
  PID:8480
- C:\Windows\System\aksnnma.exe
  C:\Windows\System\aksnnma.exe
  2⤵
  PID:8500
- C:\Windows\System\fYyuHZy.exe
  C:\Windows\System\fYyuHZy.exe
  2⤵
  PID:8528
- C:\Windows\System\tEXLVpx.exe
  C:\Windows\System\tEXLVpx.exe
  2⤵
  PID:8548
- C:\Windows\System\ReddBRx.exe
  C:\Windows\System\ReddBRx.exe
  2⤵
  PID:8568
- C:\Windows\System\wNZyUJf.exe
  C:\Windows\System\wNZyUJf.exe
  2⤵
  PID:8592
- C:\Windows\System\SILLFap.exe
  C:\Windows\System\SILLFap.exe
  2⤵
  PID:8620
- C:\Windows\System\ptsUnmF.exe
  C:\Windows\System\ptsUnmF.exe
  2⤵
  PID:8636
- C:\Windows\System\XJqvDBa.exe
  C:\Windows\System\XJqvDBa.exe
  2⤵
  PID:8656
- C:\Windows\System\RFwMtes.exe
  C:\Windows\System\RFwMtes.exe
  2⤵
  PID:8680
- C:\Windows\System\XOgFShx.exe
  C:\Windows\System\XOgFShx.exe
  2⤵
  PID:8696
- C:\Windows\System\nFMFliL.exe
  C:\Windows\System\nFMFliL.exe
  2⤵
  PID:8716
- C:\Windows\System\pTkFFvn.exe
  C:\Windows\System\pTkFFvn.exe
  2⤵
  PID:8736
- C:\Windows\System\URgmDje.exe
  C:\Windows\System\URgmDje.exe
  2⤵
  PID:8756
- C:\Windows\System\pXGwZpf.exe
  C:\Windows\System\pXGwZpf.exe
  2⤵
  PID:8772
- C:\Windows\System\fjvzqFF.exe
  C:\Windows\System\fjvzqFF.exe
  2⤵
  PID:8792
- C:\Windows\System\vxsFPRE.exe
  C:\Windows\System\vxsFPRE.exe
  2⤵
  PID:8808
- C:\Windows\System\KIszuMP.exe
  C:\Windows\System\KIszuMP.exe
  2⤵
  PID:8832
- C:\Windows\System\VvhYQWU.exe
  C:\Windows\System\VvhYQWU.exe
  2⤵
  PID:8856
- C:\Windows\System\WgcYfHf.exe
  C:\Windows\System\WgcYfHf.exe
  2⤵
  PID:8872
- C:\Windows\System\YkCtTeM.exe
  C:\Windows\System\YkCtTeM.exe
  2⤵
  PID:8900
- C:\Windows\System\LQCdpAK.exe
  C:\Windows\System\LQCdpAK.exe
  2⤵
  PID:8920
- C:\Windows\System\iALgIHF.exe
  C:\Windows\System\iALgIHF.exe
  2⤵
  PID:8940
- C:\Windows\System\IJzAQkr.exe
  C:\Windows\System\IJzAQkr.exe
  2⤵
  PID:8964
- C:\Windows\System\vaYIWpt.exe
  C:\Windows\System\vaYIWpt.exe
  2⤵
  PID:8992
- C:\Windows\System\xQdArIa.exe
  C:\Windows\System\xQdArIa.exe
  2⤵
  PID:9012
- C:\Windows\System\rqmtIME.exe
  C:\Windows\System\rqmtIME.exe
  2⤵
  PID:9032
- C:\Windows\System\osHAQyy.exe
  C:\Windows\System\osHAQyy.exe
  2⤵
  PID:9056
- C:\Windows\System\ygECRpC.exe
  C:\Windows\System\ygECRpC.exe
  2⤵
  PID:9080
- C:\Windows\System\dxCqHbK.exe
  C:\Windows\System\dxCqHbK.exe
  2⤵
  PID:9104
- C:\Windows\System\fhKqdKY.exe
  C:\Windows\System\fhKqdKY.exe
  2⤵
  PID:9128
- C:\Windows\System\SEVZhIQ.exe
  C:\Windows\System\SEVZhIQ.exe
  2⤵
  PID:9152
- C:\Windows\System\kEguHJu.exe
  C:\Windows\System\kEguHJu.exe
  2⤵
  PID:9172
- C:\Windows\System\yqNHBcj.exe
  C:\Windows\System\yqNHBcj.exe
  2⤵
  PID:9192
- C:\Windows\System\wUFiklc.exe
  C:\Windows\System\wUFiklc.exe
  2⤵
  PID:7276
- C:\Windows\System\qkbwJyV.exe
  C:\Windows\System\qkbwJyV.exe
  2⤵
  PID:8028
- C:\Windows\System\EPdhKoc.exe
  C:\Windows\System\EPdhKoc.exe
  2⤵
  PID:6904
- C:\Windows\System\mYiCyuE.exe
  C:\Windows\System\mYiCyuE.exe
  2⤵
  PID:7428
- C:\Windows\System\dHYxGlP.exe
  C:\Windows\System\dHYxGlP.exe
  2⤵
  PID:6992
- C:\Windows\System\QzQqToo.exe
  C:\Windows\System\QzQqToo.exe
  2⤵
  PID:7084
- C:\Windows\System\BjJFMDj.exe
  C:\Windows\System\BjJFMDj.exe
  2⤵
  PID:7596
- C:\Windows\System\XrbgmOl.exe
  C:\Windows\System\XrbgmOl.exe
  2⤵
  PID:7636
- C:\Windows\System\mAZOqVj.exe
  C:\Windows\System\mAZOqVj.exe
  2⤵
  PID:876
- C:\Windows\System\pwALgeZ.exe
  C:\Windows\System\pwALgeZ.exe
  2⤵
  PID:4192
- C:\Windows\System\DnqNNvt.exe
  C:\Windows\System\DnqNNvt.exe
  2⤵
  PID:2332
- C:\Windows\System\GIbhQde.exe
  C:\Windows\System\GIbhQde.exe
  2⤵
  PID:7684
- C:\Windows\System\zpHaArB.exe
  C:\Windows\System\zpHaArB.exe
  2⤵
  PID:7712
- C:\Windows\System\EONpuWc.exe
  C:\Windows\System\EONpuWc.exe
  2⤵
  PID:6412
- C:\Windows\System\UmsvGDK.exe
  C:\Windows\System\UmsvGDK.exe
  2⤵
  PID:3060
- C:\Windows\System\VtwACVF.exe
  C:\Windows\System\VtwACVF.exe
  2⤵
  PID:7776
- C:\Windows\System\dvRBxOn.exe
  C:\Windows\System\dvRBxOn.exe
  2⤵
  PID:7808
- C:\Windows\System\PqvqlCZ.exe
  C:\Windows\System\PqvqlCZ.exe
  2⤵
  PID:7556
- C:\Windows\System\tdYiMlb.exe
  C:\Windows\System\tdYiMlb.exe
  2⤵
  PID:7900
- C:\Windows\System\dHXRJqL.exe
  C:\Windows\System\dHXRJqL.exe
  2⤵
  PID:9228
- C:\Windows\System\vmGMcMg.exe
  C:\Windows\System\vmGMcMg.exe
  2⤵
  PID:9248
- C:\Windows\System\jROROVR.exe
  C:\Windows\System\jROROVR.exe
  2⤵
  PID:9272
- C:\Windows\System\WfVVyDv.exe
  C:\Windows\System\WfVVyDv.exe
  2⤵
  PID:9292
- C:\Windows\System\wwTEGCa.exe
  C:\Windows\System\wwTEGCa.exe
  2⤵
  PID:9316
- C:\Windows\System\AdsyTiq.exe
  C:\Windows\System\AdsyTiq.exe
  2⤵
  PID:9336
- C:\Windows\System\UJdVPWH.exe
  C:\Windows\System\UJdVPWH.exe
  2⤵
  PID:9360
- C:\Windows\System\FDdVtdP.exe
  C:\Windows\System\FDdVtdP.exe
  2⤵
  PID:9380
- C:\Windows\System\OpwOIqj.exe
  C:\Windows\System\OpwOIqj.exe
  2⤵
  PID:9400
- C:\Windows\System\kAWllJB.exe
  C:\Windows\System\kAWllJB.exe
  2⤵
  PID:9424
- C:\Windows\System\CoAaQPb.exe
  C:\Windows\System\CoAaQPb.exe
  2⤵
  PID:9440
- C:\Windows\System\czmViGV.exe
  C:\Windows\System\czmViGV.exe
  2⤵
  PID:9460
- C:\Windows\System\fzHeAhQ.exe
  C:\Windows\System\fzHeAhQ.exe
  2⤵
  PID:9484
- C:\Windows\System\lupjQwG.exe
  C:\Windows\System\lupjQwG.exe
  2⤵
  PID:9508
- C:\Windows\System\lVyReGJ.exe
  C:\Windows\System\lVyReGJ.exe
  2⤵
  PID:9536
- C:\Windows\System\VJFGPAo.exe
  C:\Windows\System\VJFGPAo.exe
  2⤵
  PID:9556
- C:\Windows\System\ZgkHAVp.exe
  C:\Windows\System\ZgkHAVp.exe
  2⤵
  PID:9580
- C:\Windows\System\vFZJtXT.exe
  C:\Windows\System\vFZJtXT.exe
  2⤵
  PID:9596
- C:\Windows\System\bcYKiaS.exe
  C:\Windows\System\bcYKiaS.exe
  2⤵
  PID:9620
- C:\Windows\System\CBMuUSf.exe
  C:\Windows\System\CBMuUSf.exe
  2⤵
  PID:9652
- C:\Windows\System\whdlJXv.exe
  C:\Windows\System\whdlJXv.exe
  2⤵
  PID:9668
- C:\Windows\System\JzKggLs.exe
  C:\Windows\System\JzKggLs.exe
  2⤵
  PID:9688
- C:\Windows\System\vElyvIH.exe
  C:\Windows\System\vElyvIH.exe
  2⤵
  PID:9712
- C:\Windows\System\UnsLgUZ.exe
  C:\Windows\System\UnsLgUZ.exe
  2⤵
  PID:9732
- C:\Windows\System\qFRyBJW.exe
  C:\Windows\System\qFRyBJW.exe
  2⤵
  PID:9752
- C:\Windows\System\PkLVojH.exe
  C:\Windows\System\PkLVojH.exe
  2⤵
  PID:9780
- C:\Windows\System\prjYzSi.exe
  C:\Windows\System\prjYzSi.exe
  2⤵
  PID:9800
- C:\Windows\System\aMmZuyb.exe
  C:\Windows\System\aMmZuyb.exe
  2⤵
  PID:9820
- C:\Windows\System\FjfCsAS.exe
  C:\Windows\System\FjfCsAS.exe
  2⤵
  PID:9844
- C:\Windows\System\TycCnOv.exe
  C:\Windows\System\TycCnOv.exe
  2⤵
  PID:9864
- C:\Windows\System\TvHikqq.exe
  C:\Windows\System\TvHikqq.exe
  2⤵
  PID:9884
- C:\Windows\System\Hciacnt.exe
  C:\Windows\System\Hciacnt.exe
  2⤵
  PID:9916
- C:\Windows\System\KNbXiXh.exe
  C:\Windows\System\KNbXiXh.exe
  2⤵
  PID:9932
- C:\Windows\System\AfnsVrz.exe
  C:\Windows\System\AfnsVrz.exe
  2⤵
  PID:9952
- C:\Windows\System\xyTitKn.exe
  C:\Windows\System\xyTitKn.exe
  2⤵
  PID:9972
- C:\Windows\System\nnkfKge.exe
  C:\Windows\System\nnkfKge.exe
  2⤵
  PID:9992
- C:\Windows\System\DLiOlAQ.exe
  C:\Windows\System\DLiOlAQ.exe
  2⤵
  PID:10008
- C:\Windows\System\bPPZyzk.exe
  C:\Windows\System\bPPZyzk.exe
  2⤵
  PID:10028
- C:\Windows\System\zWLIYRF.exe
  C:\Windows\System\zWLIYRF.exe
  2⤵
  PID:10056
- C:\Windows\System\OepikRn.exe
  C:\Windows\System\OepikRn.exe
  2⤵
  PID:10072
- C:\Windows\System\qMbJHlI.exe
  C:\Windows\System\qMbJHlI.exe
  2⤵
  PID:10096
- C:\Windows\System\pjrLgFI.exe
  C:\Windows\System\pjrLgFI.exe
  2⤵
  PID:10112
- C:\Windows\System\TIceuaG.exe
  C:\Windows\System\TIceuaG.exe
  2⤵
  PID:10132
- C:\Windows\System\WtoLzxG.exe
  C:\Windows\System\WtoLzxG.exe
  2⤵
  PID:10156
- C:\Windows\System\uvcAyHa.exe
  C:\Windows\System\uvcAyHa.exe
  2⤵
  PID:10180
- C:\Windows\System\QDmqjBD.exe
  C:\Windows\System\QDmqjBD.exe
  2⤵
  PID:10200
- C:\Windows\System\mtqsUlG.exe
  C:\Windows\System\mtqsUlG.exe
  2⤵
  PID:10224
- C:\Windows\System\pHsZmdl.exe
  C:\Windows\System\pHsZmdl.exe
  2⤵
  PID:7852
- C:\Windows\System\hFzYupC.exe
  C:\Windows\System\hFzYupC.exe
  2⤵
  PID:6796
- C:\Windows\System\bqAsidY.exe
  C:\Windows\System\bqAsidY.exe
  2⤵
  PID:8324
- C:\Windows\System\SkdvgHo.exe
  C:\Windows\System\SkdvgHo.exe
  2⤵
  PID:8372
- C:\Windows\System\TuYWyVW.exe
  C:\Windows\System\TuYWyVW.exe
  2⤵
  PID:8004
- C:\Windows\System\HAihkVH.exe
  C:\Windows\System\HAihkVH.exe
  2⤵
  PID:8408
- C:\Windows\System\rvbHoLH.exe
  C:\Windows\System\rvbHoLH.exe
  2⤵
  PID:8472
- C:\Windows\System\XAbsxAx.exe
  C:\Windows\System\XAbsxAx.exe
  2⤵
  PID:8088
- C:\Windows\System\RWKNsvH.exe
  C:\Windows\System\RWKNsvH.exe
  2⤵
  PID:8524
- C:\Windows\System\rZCgXcA.exe
  C:\Windows\System\rZCgXcA.exe
  2⤵
  PID:8584
- C:\Windows\System\AGMVgpC.exe
  C:\Windows\System\AGMVgpC.exe
  2⤵
  PID:8652
- C:\Windows\System\ZBdnSPa.exe
  C:\Windows\System\ZBdnSPa.exe
  2⤵
  PID:8668
- C:\Windows\System\SjMwgvl.exe
  C:\Windows\System\SjMwgvl.exe
  2⤵
  PID:6928
- C:\Windows\System\kXBVAZN.exe
  C:\Windows\System\kXBVAZN.exe
  2⤵
  PID:8764
- C:\Windows\System\QvaCCok.exe
  C:\Windows\System\QvaCCok.exe
  2⤵
  PID:7044
- C:\Windows\System\kMMyLea.exe
  C:\Windows\System\kMMyLea.exe
  2⤵
  PID:7600
- C:\Windows\System\CGOfDsC.exe
  C:\Windows\System\CGOfDsC.exe
  2⤵
  PID:8880
- C:\Windows\System\uGfwhDF.exe
  C:\Windows\System\uGfwhDF.exe
  2⤵
  PID:8908
- C:\Windows\System\TyQYkGu.exe
  C:\Windows\System\TyQYkGu.exe
  2⤵
  PID:9028
- C:\Windows\System\yLDeNBb.exe
  C:\Windows\System\yLDeNBb.exe
  2⤵
  PID:6316
- C:\Windows\System\JgyGzTZ.exe
  C:\Windows\System\JgyGzTZ.exe
  2⤵
  PID:9144
- C:\Windows\System\zzyWiQG.exe
  C:\Windows\System\zzyWiQG.exe
  2⤵
  PID:7724
- C:\Windows\System\cVgemEO.exe
  C:\Windows\System\cVgemEO.exe
  2⤵
  PID:7332
- C:\Windows\System\OmlFHvJ.exe
  C:\Windows\System\OmlFHvJ.exe
  2⤵
  PID:7560
- C:\Windows\System\kgOhrRU.exe
  C:\Windows\System\kgOhrRU.exe
  2⤵
  PID:1900
- C:\Windows\System\mwefhAj.exe
  C:\Windows\System\mwefhAj.exe
  2⤵
  PID:10244
- C:\Windows\System\vaJkNNW.exe
  C:\Windows\System\vaJkNNW.exe
  2⤵
  PID:10264
- C:\Windows\System\BTSNtFZ.exe
  C:\Windows\System\BTSNtFZ.exe
  2⤵
  PID:10288
- C:\Windows\System\kGxPVYR.exe
  C:\Windows\System\kGxPVYR.exe
  2⤵
  PID:10308
- C:\Windows\System\WLmUtwr.exe
  C:\Windows\System\WLmUtwr.exe
  2⤵
  PID:10328
- C:\Windows\System\uqsPhOw.exe
  C:\Windows\System\uqsPhOw.exe
  2⤵
  PID:10352
- C:\Windows\System\JTVkqtX.exe
  C:\Windows\System\JTVkqtX.exe
  2⤵
  PID:10368
- C:\Windows\System\bBhRGzA.exe
  C:\Windows\System\bBhRGzA.exe
  2⤵
  PID:10396
- C:\Windows\System\qiENzjj.exe
  C:\Windows\System\qiENzjj.exe
  2⤵
  PID:10412
- C:\Windows\System\PurJImL.exe
  C:\Windows\System\PurJImL.exe
  2⤵
  PID:10448
- C:\Windows\System\LyXCtmx.exe
  C:\Windows\System\LyXCtmx.exe
  2⤵
  PID:10464
- C:\Windows\System\oXUdCZb.exe
  C:\Windows\System\oXUdCZb.exe
  2⤵
  PID:10488
- C:\Windows\System\hMWxpUg.exe
  C:\Windows\System\hMWxpUg.exe
  2⤵
  PID:10504
- C:\Windows\System\VZsiOso.exe
  C:\Windows\System\VZsiOso.exe
  2⤵
  PID:10524
- C:\Windows\System\XmirPkv.exe
  C:\Windows\System\XmirPkv.exe
  2⤵
  PID:10544
- C:\Windows\System\KxsrDdv.exe
  C:\Windows\System\KxsrDdv.exe
  2⤵
  PID:10572
- C:\Windows\System\PSkPCFa.exe
  C:\Windows\System\PSkPCFa.exe
  2⤵
  PID:10592
- C:\Windows\System\AVMKxGy.exe
  C:\Windows\System\AVMKxGy.exe
  2⤵
  PID:10608
- C:\Windows\System\dYDnHWQ.exe
  C:\Windows\System\dYDnHWQ.exe
  2⤵
  PID:10628
- C:\Windows\System\aHNSHdK.exe
  C:\Windows\System\aHNSHdK.exe
  2⤵
  PID:10652
- C:\Windows\System\TAcYiAP.exe
  C:\Windows\System\TAcYiAP.exe
  2⤵
  PID:10672
- C:\Windows\System\cLKqCGH.exe
  C:\Windows\System\cLKqCGH.exe
  2⤵
  PID:10692
- C:\Windows\System\sFQRzSw.exe
  C:\Windows\System\sFQRzSw.exe
  2⤵
  PID:10712
- C:\Windows\System\pqSmcUb.exe
  C:\Windows\System\pqSmcUb.exe
  2⤵
  PID:10732
- C:\Windows\System\plSqBjX.exe
  C:\Windows\System\plSqBjX.exe
  2⤵
  PID:10756
- C:\Windows\System\zaLIYUs.exe
  C:\Windows\System\zaLIYUs.exe
  2⤵
  PID:10772
- C:\Windows\System\pJWDWNo.exe
  C:\Windows\System\pJWDWNo.exe
  2⤵
  PID:10792
- C:\Windows\System\CKRTVcW.exe
  C:\Windows\System\CKRTVcW.exe
  2⤵
  PID:10812
- C:\Windows\System\UiDvnuP.exe
  C:\Windows\System\UiDvnuP.exe
  2⤵
  PID:10836
- C:\Windows\System\aGnbRKx.exe
  C:\Windows\System\aGnbRKx.exe
  2⤵
  PID:10856
- C:\Windows\System\jEVcTlE.exe
  C:\Windows\System\jEVcTlE.exe
  2⤵
  PID:9432
- C:\Windows\System\YChAqNJ.exe
  C:\Windows\System\YChAqNJ.exe
  2⤵
  PID:9504
- C:\Windows\System\bIpstUJ.exe
  C:\Windows\System\bIpstUJ.exe
  2⤵
  PID:8284
- C:\Windows\System\YhvAkGr.exe
  C:\Windows\System\YhvAkGr.exe
  2⤵
  PID:3952
- C:\Windows\System\Bqqqscx.exe
  C:\Windows\System\Bqqqscx.exe
  2⤵
  PID:9548
- C:\Windows\System\UCKekjq.exe
  C:\Windows\System\UCKekjq.exe
  2⤵
  PID:4504
- C:\Windows\System\IiWIzhx.exe
  C:\Windows\System\IiWIzhx.exe
  2⤵
  PID:4780
- C:\Windows\System\CrGNzRU.exe
  C:\Windows\System\CrGNzRU.exe
  2⤵
  PID:10024
- C:\Windows\System\maCdwYK.exe
  C:\Windows\System\maCdwYK.exe
  2⤵
  PID:8800
- C:\Windows\System\sgdsvqk.exe
  C:\Windows\System\sgdsvqk.exe
  2⤵
  PID:8896
- C:\Windows\System\chByPqj.exe
  C:\Windows\System\chByPqj.exe
  2⤵
  PID:9088
- C:\Windows\System\SBZAXSs.exe
  C:\Windows\System\SBZAXSs.exe
  2⤵
  PID:8632
- C:\Windows\System\MWiOdld.exe
  C:\Windows\System\MWiOdld.exe
  2⤵
  PID:6604
- C:\Windows\System\ChMjFto.exe
  C:\Windows\System\ChMjFto.exe
  2⤵
  PID:5972
- C:\Windows\System\arUkbUq.exe
  C:\Windows\System\arUkbUq.exe
  2⤵
  PID:10284
- C:\Windows\System\GkIrhMc.exe
  C:\Windows\System\GkIrhMc.exe
  2⤵
  PID:10404
- C:\Windows\System\AcvdReJ.exe
  C:\Windows\System\AcvdReJ.exe
  2⤵
  PID:9268
- C:\Windows\System\KKpiEse.exe
  C:\Windows\System\KKpiEse.exe
  2⤵
  PID:10432
- C:\Windows\System\JVxDltd.exe
  C:\Windows\System\JVxDltd.exe
  2⤵
  PID:10496
- C:\Windows\System\aHboKtT.exe
  C:\Windows\System\aHboKtT.exe
  2⤵
  PID:9436
- C:\Windows\System\wpwMazQ.exe
  C:\Windows\System\wpwMazQ.exe
  2⤵
  PID:9500
- C:\Windows\System\gYCFFNM.exe
  C:\Windows\System\gYCFFNM.exe
  2⤵
  PID:8304
- C:\Windows\System\hPeEyAq.exe
  C:\Windows\System\hPeEyAq.exe
  2⤵
  PID:9644
- C:\Windows\System\WkRusOX.exe
  C:\Windows\System\WkRusOX.exe
  2⤵
  PID:8476
- C:\Windows\System\lyVzXrp.exe
  C:\Windows\System\lyVzXrp.exe
  2⤵
  PID:9836
- C:\Windows\System\RZXSNnn.exe
  C:\Windows\System\RZXSNnn.exe
  2⤵
  PID:9892
- C:\Windows\System\TEEXnfH.exe
  C:\Windows\System\TEEXnfH.exe
  2⤵
  PID:9964
- C:\Windows\System\cbsVjeu.exe
  C:\Windows\System\cbsVjeu.exe
  2⤵
  PID:8672
- C:\Windows\System\GfcPAlG.exe
  C:\Windows\System\GfcPAlG.exe
  2⤵
  PID:10068
- C:\Windows\System\FjDgqcn.exe
  C:\Windows\System\FjDgqcn.exe
  2⤵
  PID:10124
- C:\Windows\System\tYchTUb.exe
  C:\Windows\System\tYchTUb.exe
  2⤵
  PID:8828
- C:\Windows\System\GbsyofA.exe
  C:\Windows\System\GbsyofA.exe
  2⤵
  PID:11020
- C:\Windows\System\AxBNRPv.exe
  C:\Windows\System\AxBNRPv.exe
  2⤵
  PID:11044
- C:\Windows\System\tzVZBca.exe
  C:\Windows\System\tzVZBca.exe
  2⤵
  PID:8980
- C:\Windows\System\fvZoYxi.exe
  C:\Windows\System\fvZoYxi.exe
  2⤵
  PID:9184
- C:\Windows\System\yYBjeey.exe
  C:\Windows\System\yYBjeey.exe
  2⤵
  PID:4716
- C:\Windows\System\rAgNqaJ.exe
  C:\Windows\System\rAgNqaJ.exe
  2⤵
  PID:6888
- C:\Windows\System\DRpquht.exe
  C:\Windows\System\DRpquht.exe
  2⤵
  PID:7444
- C:\Windows\System\vNrhiSo.exe
  C:\Windows\System\vNrhiSo.exe
  2⤵
  PID:2316
- C:\Windows\System\qPJJDwv.exe
  C:\Windows\System\qPJJDwv.exe
  2⤵
  PID:7584
- C:\Windows\System\JwSfDap.exe
  C:\Windows\System\JwSfDap.exe
  2⤵
  PID:8916
- C:\Windows\System\vPwDpyh.exe
  C:\Windows\System\vPwDpyh.exe
  2⤵
  PID:9100
- C:\Windows\System\XhtDwPD.exe
  C:\Windows\System\XhtDwPD.exe
  2⤵
  PID:9180
- C:\Windows\System\ECnJZGr.exe
  C:\Windows\System\ECnJZGr.exe
  2⤵
  PID:7520
- C:\Windows\System\ZtGhMiU.exe
  C:\Windows\System\ZtGhMiU.exe
  2⤵
  PID:5000
- C:\Windows\System\nWFFjRH.exe
  C:\Windows\System\nWFFjRH.exe
  2⤵
  PID:11284
- C:\Windows\System\ksRfZMy.exe
  C:\Windows\System\ksRfZMy.exe
  2⤵
  PID:11300
- C:\Windows\System\nZIbjhh.exe
  C:\Windows\System\nZIbjhh.exe
  2⤵
  PID:11324
- C:\Windows\System\vvBUWWS.exe
  C:\Windows\System\vvBUWWS.exe
  2⤵
  PID:11348
- C:\Windows\System\qgGiDhD.exe
  C:\Windows\System\qgGiDhD.exe
  2⤵
  PID:11372
- C:\Windows\System\plUVQbx.exe
  C:\Windows\System\plUVQbx.exe
  2⤵
  PID:11396
- C:\Windows\System\qebjwzw.exe
  C:\Windows\System\qebjwzw.exe
  2⤵
  PID:11420
- C:\Windows\System\TgRqnqT.exe
  C:\Windows\System\TgRqnqT.exe
  2⤵
  PID:11440
- C:\Windows\System\aedQyuZ.exe
  C:\Windows\System\aedQyuZ.exe
  2⤵
  PID:11460
- C:\Windows\System\KesgYXM.exe
  C:\Windows\System\KesgYXM.exe
  2⤵
  PID:11484
- C:\Windows\System\iGbpmWc.exe
  C:\Windows\System\iGbpmWc.exe
  2⤵
  PID:11504
- C:\Windows\System\FLmcQoZ.exe
  C:\Windows\System\FLmcQoZ.exe
  2⤵
  PID:11528
- C:\Windows\System\hdwMFpG.exe
  C:\Windows\System\hdwMFpG.exe
  2⤵
  PID:11552
- C:\Windows\System\UJdpmRQ.exe
  C:\Windows\System\UJdpmRQ.exe
  2⤵
  PID:11576
- C:\Windows\System\qINxxSJ.exe
  C:\Windows\System\qINxxSJ.exe
  2⤵
  PID:11600
- C:\Windows\System\qtsODiK.exe
  C:\Windows\System\qtsODiK.exe
  2⤵
  PID:11620
- C:\Windows\System\SObPZaF.exe
  C:\Windows\System\SObPZaF.exe
  2⤵
  PID:11644
- C:\Windows\System\TEGaBpj.exe
  C:\Windows\System\TEGaBpj.exe
  2⤵
  PID:11668
- C:\Windows\System\HvrfwMc.exe
  C:\Windows\System\HvrfwMc.exe
  2⤵
  PID:11692
- C:\Windows\System\PeEdtvJ.exe
  C:\Windows\System\PeEdtvJ.exe
  2⤵
  PID:11716
- C:\Windows\System\kYslEoo.exe
  C:\Windows\System\kYslEoo.exe
  2⤵
  PID:11732
- C:\Windows\System\YWYwttl.exe
  C:\Windows\System\YWYwttl.exe
  2⤵
  PID:11752
- C:\Windows\System\bWrOjct.exe
  C:\Windows\System\bWrOjct.exe
  2⤵
  PID:11768
- C:\Windows\System\OFLERhR.exe
  C:\Windows\System\OFLERhR.exe
  2⤵
  PID:11784
- C:\Windows\System\qrsQgyl.exe
  C:\Windows\System\qrsQgyl.exe
  2⤵
  PID:11800
- C:\Windows\System\EjTKYbe.exe
  C:\Windows\System\EjTKYbe.exe
  2⤵
  PID:11816
- C:\Windows\System\OZhjuxx.exe
  C:\Windows\System\OZhjuxx.exe
  2⤵
  PID:11832
- C:\Windows\System\eXsLfCF.exe
  C:\Windows\System\eXsLfCF.exe
  2⤵
  PID:11848
- C:\Windows\System\NqZlHaL.exe
  C:\Windows\System\NqZlHaL.exe
  2⤵
  PID:11868
- C:\Windows\System\PllsnVn.exe
  C:\Windows\System\PllsnVn.exe
  2⤵
  PID:11888
- C:\Windows\System\djToHRj.exe
  C:\Windows\System\djToHRj.exe
  2⤵
  PID:11908
- C:\Windows\System\TOChXXn.exe
  C:\Windows\System\TOChXXn.exe
  2⤵
  PID:11928
- C:\Windows\System\wreuvyB.exe
  C:\Windows\System\wreuvyB.exe
  2⤵
  PID:11952
- C:\Windows\System\KItSRyy.exe
  C:\Windows\System\KItSRyy.exe
  2⤵
  PID:11968
- C:\Windows\System\LHENnVx.exe
  C:\Windows\System\LHENnVx.exe
  2⤵
  PID:11992
- C:\Windows\System\yHUzrTr.exe
  C:\Windows\System\yHUzrTr.exe
  2⤵
  PID:12020
- C:\Windows\System\hErfHAK.exe
  C:\Windows\System\hErfHAK.exe
  2⤵
  PID:12044
- C:\Windows\System\PEWTofF.exe
  C:\Windows\System\PEWTofF.exe
  2⤵
  PID:12060
- C:\Windows\System\cPmczfj.exe
  C:\Windows\System\cPmczfj.exe
  2⤵
  PID:12084
- C:\Windows\System\WPecHvA.exe
  C:\Windows\System\WPecHvA.exe
  2⤵
  PID:12108
- C:\Windows\System\SNZbvtZ.exe
  C:\Windows\System\SNZbvtZ.exe
  2⤵
  PID:12132
- C:\Windows\System\rwymcEw.exe
  C:\Windows\System\rwymcEw.exe
  2⤵
  PID:12152
- C:\Windows\System\OvooNPj.exe
  C:\Windows\System\OvooNPj.exe
  2⤵
  PID:12172
- C:\Windows\System\mQkNhCk.exe
  C:\Windows\System\mQkNhCk.exe
  2⤵
  PID:12192
- C:\Windows\System\phPYENg.exe
  C:\Windows\System\phPYENg.exe
  2⤵
  PID:12208
- C:\Windows\System\ceyiPDY.exe
  C:\Windows\System\ceyiPDY.exe
  2⤵
  PID:12224
- C:\Windows\System\hnYKrQG.exe
  C:\Windows\System\hnYKrQG.exe
  2⤵
  PID:12240
- C:\Windows\System\xILRbJb.exe
  C:\Windows\System\xILRbJb.exe
  2⤵
  PID:12260
- C:\Windows\System\tKGWAOU.exe
  C:\Windows\System\tKGWAOU.exe
  2⤵
  PID:12276
- C:\Windows\System\ZexEzBS.exe
  C:\Windows\System\ZexEzBS.exe
  2⤵
  PID:7896
- C:\Windows\System\Zmfzjsz.exe
  C:\Windows\System\Zmfzjsz.exe
  2⤵
  PID:10540
- C:\Windows\System\OtbTOXB.exe
  C:\Windows\System\OtbTOXB.exe
  2⤵
  PID:9408
- C:\Windows\System\sAALovy.exe
  C:\Windows\System\sAALovy.exe
  2⤵
  PID:10644
- C:\Windows\System\IWAeJnY.exe
  C:\Windows\System\IWAeJnY.exe
  2⤵
  PID:10688
- C:\Windows\System\tplECBm.exe
  C:\Windows\System\tplECBm.exe
  2⤵
  PID:10708
- C:\Windows\System\eCAJwje.exe
  C:\Windows\System\eCAJwje.exe
  2⤵
  PID:10768
- C:\Windows\System\TMuhMDr.exe
  C:\Windows\System\TMuhMDr.exe
  2⤵
  PID:10808
- C:\Windows\System\DZAtTsx.exe
  C:\Windows\System\DZAtTsx.exe
  2⤵
  PID:9680
- C:\Windows\System\bFaetNL.exe
  C:\Windows\System\bFaetNL.exe
  2⤵
  PID:9728
- C:\Windows\System\KgoXLAq.exe
  C:\Windows\System\KgoXLAq.exe
  2⤵
  PID:9768
- C:\Windows\System\eqmQzYb.exe
  C:\Windows\System\eqmQzYb.exe
  2⤵
  PID:10000
- C:\Windows\System\kSLyeAv.exe
  C:\Windows\System\kSLyeAv.exe
  2⤵
  PID:10168
- C:\Windows\System\VObZvAm.exe
  C:\Windows\System\VObZvAm.exe
  2⤵
  PID:8352
- C:\Windows\System\VOXioKF.exe
  C:\Windows\System\VOXioKF.exe
  2⤵
  PID:8496
- C:\Windows\System\CsPiWjJ.exe
  C:\Windows\System\CsPiWjJ.exe
  2⤵
  PID:8544
- C:\Windows\System\mZoQOBU.exe
  C:\Windows\System\mZoQOBU.exe
  2⤵
  PID:9456
- C:\Windows\System\TjEHFic.exe
  C:\Windows\System\TjEHFic.exe
  2⤵
  PID:12292
- C:\Windows\System\bhZWThU.exe
  C:\Windows\System\bhZWThU.exe
  2⤵
  PID:12316
- C:\Windows\System\nZckWVw.exe
  C:\Windows\System\nZckWVw.exe
  2⤵
  PID:12336
- C:\Windows\System\TdRbBmq.exe
  C:\Windows\System\TdRbBmq.exe
  2⤵
  PID:12352
- C:\Windows\System\RyDKuRe.exe
  C:\Windows\System\RyDKuRe.exe
  2⤵
  PID:12372
- C:\Windows\System\EQrPMiH.exe
  C:\Windows\System\EQrPMiH.exe
  2⤵
  PID:12396
- C:\Windows\System\eEKDfZa.exe
  C:\Windows\System\eEKDfZa.exe
  2⤵
  PID:12420
- C:\Windows\System\MmAUGmT.exe
  C:\Windows\System\MmAUGmT.exe
  2⤵
  PID:12436
- C:\Windows\System\fqnPGaS.exe
  C:\Windows\System\fqnPGaS.exe
  2⤵
  PID:12460
- C:\Windows\System\TkdFcAa.exe
  C:\Windows\System\TkdFcAa.exe
  2⤵
  PID:12484
- C:\Windows\System\LWuWyhW.exe
  C:\Windows\System\LWuWyhW.exe
  2⤵
  PID:12504
- C:\Windows\System\clFWxNJ.exe
  C:\Windows\System\clFWxNJ.exe
  2⤵
  PID:12524
- C:\Windows\System\BiYXInQ.exe
  C:\Windows\System\BiYXInQ.exe
  2⤵
  PID:12540
- C:\Windows\System\yIJsAAJ.exe
  C:\Windows\System\yIJsAAJ.exe
  2⤵
  PID:12564
- C:\Windows\System\CpvfndT.exe
  C:\Windows\System\CpvfndT.exe
  2⤵
  PID:12588
- C:\Windows\System\TztLsXA.exe
  C:\Windows\System\TztLsXA.exe
  2⤵
  PID:12612
- C:\Windows\System\eNheThr.exe
  C:\Windows\System\eNheThr.exe
  2⤵
  PID:12632
- C:\Windows\System\zPsqYzi.exe
  C:\Windows\System\zPsqYzi.exe
  2⤵
  PID:12652
- C:\Windows\System\WLKAHbA.exe
  C:\Windows\System\WLKAHbA.exe
  2⤵
  PID:12676
- C:\Windows\System\tdxAcsZ.exe
  C:\Windows\System\tdxAcsZ.exe
  2⤵
  PID:12700
- C:\Windows\System\rXIcAYm.exe
  C:\Windows\System\rXIcAYm.exe
  2⤵
  PID:12716
- C:\Windows\System\pyDUndP.exe
  C:\Windows\System\pyDUndP.exe
  2⤵
  PID:12744
- C:\Windows\System\QvAwSfL.exe
  C:\Windows\System\QvAwSfL.exe
  2⤵
  PID:12768
- C:\Windows\System\iOHWVtc.exe
  C:\Windows\System\iOHWVtc.exe
  2⤵
  PID:12788
- C:\Windows\System\RAZUOkE.exe
  C:\Windows\System\RAZUOkE.exe
  2⤵
  PID:10272
- C:\Windows\System\IUGgCSV.exe
  C:\Windows\System\IUGgCSV.exe
  2⤵
  PID:9300
- C:\Windows\System\GmwBoDv.exe
  C:\Windows\System\GmwBoDv.exe
  2⤵
  PID:12892
- C:\Windows\System\rdHGxqp.exe
  C:\Windows\System\rdHGxqp.exe
  2⤵
  PID:10564
- C:\Windows\System\pbkGVDF.exe
  C:\Windows\System\pbkGVDF.exe
  2⤵
  PID:9828
- C:\Windows\System\YhoyAQY.exe
  C:\Windows\System\YhoyAQY.exe
  2⤵
  PID:11268
- C:\Windows\System\kcGSxVk.exe
  C:\Windows\System\kcGSxVk.exe
  2⤵
  PID:11476
- C:\Windows\System\ZFUGHvk.exe
  C:\Windows\System\ZFUGHvk.exe
  2⤵
  PID:11364
- C:\Windows\System\aDbGZFz.exe
  C:\Windows\System\aDbGZFz.exe
  2⤵
  PID:9096
- C:\Windows\System\CPGGwHv.exe
  C:\Windows\System\CPGGwHv.exe
  2⤵
  PID:9212
- C:\Windows\System\YstAtod.exe
  C:\Windows\System\YstAtod.exe
  2⤵
  PID:11524
- C:\Windows\System\RnNzOFZ.exe
  C:\Windows\System\RnNzOFZ.exe
  2⤵
  PID:11684
- C:\Windows\System\FPpoWPW.exe
  C:\Windows\System\FPpoWPW.exe
  2⤵
  PID:13252
- C:\Windows\System\CgBcQGR.exe
  C:\Windows\System\CgBcQGR.exe
  2⤵
  PID:11760
- C:\Windows\System\ZZFZQHw.exe
  C:\Windows\System\ZZFZQHw.exe
  2⤵
  PID:11780
- C:\Windows\System\qAiHTtH.exe
  C:\Windows\System\qAiHTtH.exe
  2⤵
  PID:11860
- C:\Windows\System\ZkkbxEl.exe
  C:\Windows\System\ZkkbxEl.exe
  2⤵
  PID:6164
- C:\Windows\System\lUoCbWs.exe
  C:\Windows\System\lUoCbWs.exe
  2⤵
  PID:11568
- C:\Windows\System\fVQdXZk.exe
  C:\Windows\System\fVQdXZk.exe
  2⤵
  PID:12500
- C:\Windows\System\TRAMzhB.exe
  C:\Windows\System\TRAMzhB.exe
  2⤵
  PID:7272
- C:\Windows\System\qFvxrPn.exe
  C:\Windows\System\qFvxrPn.exe
  2⤵
  PID:13056
- C:\Windows\System\XoWGalj.exe
  C:\Windows\System\XoWGalj.exe
  2⤵
  PID:13288
- C:\Windows\System\ldbLXri.exe
  C:\Windows\System\ldbLXri.exe
  2⤵
  PID:7500
- C:\Windows\System\FnOWemz.exe
  C:\Windows\System\FnOWemz.exe
  2⤵
  PID:12160
- C:\Windows\System\Hjptduf.exe
  C:\Windows\System\Hjptduf.exe
  2⤵
  PID:11004
- C:\Windows\System\KxQrDVZ.exe
  C:\Windows\System\KxQrDVZ.exe
  2⤵
  PID:12752
- C:\Windows\System\fhDBTbu.exe
  C:\Windows\System\fhDBTbu.exe
  2⤵
  PID:10848
- C:\Windows\System\xhWThRY.exe
  C:\Windows\System\xhWThRY.exe
  2⤵
  PID:11132
- C:\Windows\System\XhscdeG.exe
  C:\Windows\System\XhscdeG.exe
  2⤵
  PID:11060
- C:\Windows\System\ZySmfvn.exe
  C:\Windows\System\ZySmfvn.exe
  2⤵
  PID:12708
- C:\Windows\System\vUoAIVo.exe
  C:\Windows\System\vUoAIVo.exe
  2⤵
  PID:9004
- C:\Windows\System\aRSPviX.exe
  C:\Windows\System\aRSPviX.exe
  2⤵
  PID:7668
- C:\Windows\System\KlHRUGl.exe
  C:\Windows\System\KlHRUGl.exe
  2⤵
  PID:10408
- C:\Windows\System\VTCXlWq.exe
  C:\Windows\System\VTCXlWq.exe
  2⤵
  PID:12932
- C:\Windows\System\ypuRXOi.exe
  C:\Windows\System\ypuRXOi.exe
  2⤵
  PID:13032
- C:\Windows\System\qVKNvXn.exe
  C:\Windows\System\qVKNvXn.exe
  2⤵
  PID:12168
- C:\Windows\System\pBgDEpA.exe
  C:\Windows\System\pBgDEpA.exe
  2⤵
  PID:12416
- C:\Windows\System\MuZgNux.exe
  C:\Windows\System\MuZgNux.exe
  2⤵
  PID:10256
- C:\Windows\System\joBIBBS.exe
  C:\Windows\System\joBIBBS.exe
  2⤵
  PID:3860
- C:\Windows\System\zsbdrfc.exe
  C:\Windows\System\zsbdrfc.exe
  2⤵
  PID:10704
- C:\Windows\System\QYSPFJa.exe
  C:\Windows\System\QYSPFJa.exe
  2⤵
  PID:12904
- C:\Windows\System\AELvzjy.exe
  C:\Windows\System\AELvzjy.exe
  2⤵
  PID:8172
- C:\Windows\System\fWkxnqf.exe
  C:\Windows\System\fWkxnqf.exe
  2⤵
  PID:12852
- C:\Windows\System\ickCoID.exe
  C:\Windows\System\ickCoID.exe
  2⤵
  PID:11724
- C:\Windows\System\fpjXuDU.exe
  C:\Windows\System\fpjXuDU.exe
  2⤵
  PID:11792
- C:\Windows\System\ameZzji.exe
  C:\Windows\System\ameZzji.exe
  2⤵
  PID:10724
- C:\Windows\System\UMZDOYS.exe
  C:\Windows\System\UMZDOYS.exe
  2⤵
  PID:11688
- C:\Windows\System\YwSgWff.exe
  C:\Windows\System\YwSgWff.exe
  2⤵
  PID:12976
- C:\Windows\System\qdmJijv.exe
  C:\Windows\System\qdmJijv.exe
  2⤵
  PID:12184
- C:\Windows\System\rKAxBdU.exe
  C:\Windows\System\rKAxBdU.exe
  2⤵
  PID:13076
- C:\Windows\System\QaOmMbn.exe
  C:\Windows\System\QaOmMbn.exe
  2⤵
  PID:12344
- C:\Windows\System\nGYQlfc.exe
  C:\Windows\System\nGYQlfc.exe
  2⤵
  PID:13176
- C:\Windows\System\MZHQlGo.exe
  C:\Windows\System\MZHQlGo.exe
  2⤵
  PID:8752
- C:\Windows\System\tEThLmQ.exe
  C:\Windows\System\tEThLmQ.exe
  2⤵
  PID:13244
- C:\Windows\System\MfrHgPx.exe
  C:\Windows\System\MfrHgPx.exe
  2⤵
  PID:11184
- C:\Windows\System\ZWhZIsZ.exe
  C:\Windows\System\ZWhZIsZ.exe
  2⤵
  PID:11728
- C:\Windows\System\CcvgUnU.exe
  C:\Windows\System\CcvgUnU.exe
  2⤵
  PID:5880
- C:\Windows\System\zcGNBkx.exe
  C:\Windows\System\zcGNBkx.exe
  2⤵
  PID:12684
- C:\Windows\System\VBcyUXc.exe
  C:\Windows\System\VBcyUXc.exe
  2⤵
  PID:10844
- C:\Windows\System\QmGxJJU.exe
  C:\Windows\System\QmGxJJU.exe
  2⤵
  PID:8732
- C:\Windows\System\bopbcif.exe
  C:\Windows\System\bopbcif.exe
  2⤵
  PID:13540
- C:\Windows\System\zRpbvRj.exe
  C:\Windows\System\zRpbvRj.exe
  2⤵
  PID:13648
- C:\Windows\System\vaUezqc.exe
  C:\Windows\System\vaUezqc.exe
  2⤵
  PID:13668
- C:\Windows\System\qZwFtpQ.exe
  C:\Windows\System\qZwFtpQ.exe
  2⤵
  PID:13688
- C:\Windows\System\OmEvbwz.exe
  C:\Windows\System\OmEvbwz.exe
  2⤵
  PID:13880
- C:\Windows\System\lqtKLdH.exe
  C:\Windows\System\lqtKLdH.exe
  2⤵
  PID:14064
- C:\Windows\System\LKygFJp.exe
  C:\Windows\System\LKygFJp.exe
  2⤵
  PID:11080
- C:\Windows\System\KWSTZLW.exe
  C:\Windows\System\KWSTZLW.exe
  2⤵
  PID:13604
- C:\Windows\System\nzrcHUa.exe
  C:\Windows\System\nzrcHUa.exe
  2⤵
  PID:13708
- C:\Windows\System\XrPmMTW.exe
  C:\Windows\System\XrPmMTW.exe
  2⤵
  PID:13756
- C:\Windows\System\HqUdUKR.exe
  C:\Windows\System\HqUdUKR.exe
  2⤵
  PID:13720
- C:\Windows\System\wcIGvBf.exe
  C:\Windows\System\wcIGvBf.exe
  2⤵
  PID:13764
- C:\Windows\System\PKQLUsM.exe
  C:\Windows\System\PKQLUsM.exe
  2⤵
  PID:13768
- C:\Windows\System\OcNkvWm.exe
  C:\Windows\System\OcNkvWm.exe
  2⤵
  PID:13780
- C:\Windows\System\nPVICsT.exe
  C:\Windows\System\nPVICsT.exe
  2⤵
  PID:13800
- C:\Windows\System\RZiunVy.exe
  C:\Windows\System\RZiunVy.exe
  2⤵
  PID:13828
- C:\Windows\System\QPMwmvs.exe
  C:\Windows\System\QPMwmvs.exe
  2⤵
  PID:13776
- C:\Windows\System\towiwTT.exe
  C:\Windows\System\towiwTT.exe
  2⤵
  PID:13852
- C:\Windows\System\YsWKrCT.exe
  C:\Windows\System\YsWKrCT.exe
  2⤵
  PID:13896
- C:\Windows\System\qPkhRql.exe
  C:\Windows\System\qPkhRql.exe
  2⤵
  PID:13928
- C:\Windows\System\TWPiPAm.exe
  C:\Windows\System\TWPiPAm.exe
  2⤵
  PID:7688
- C:\Windows\System\TjkKoHi.exe
  C:\Windows\System\TjkKoHi.exe
  2⤵
  PID:13960
- C:\Windows\System\HxBMmmU.exe
  C:\Windows\System\HxBMmmU.exe
  2⤵
  PID:13976
- C:\Windows\System\qhGYlib.exe
  C:\Windows\System\qhGYlib.exe
  2⤵
  PID:11520
- C:\Windows\System\twqmtoA.exe
  C:\Windows\System\twqmtoA.exe
  2⤵
  PID:6232
- C:\Windows\System\sxHpssc.exe
  C:\Windows\System\sxHpssc.exe
  2⤵
  PID:14004
- C:\Windows\System\doXZqco.exe
  C:\Windows\System\doXZqco.exe
  2⤵
  PID:14020
- C:\Windows\System\OqlWTNE.exe
  C:\Windows\System\OqlWTNE.exe
  2⤵
  PID:14036
- C:\Windows\System\ogTxPfw.exe
  C:\Windows\System\ogTxPfw.exe
  2⤵
  PID:14056
- C:\Windows\System\YGdYeOF.exe
  C:\Windows\System\YGdYeOF.exe
  2⤵
  PID:14080
- C:\Windows\System\OVhOQlV.exe
  C:\Windows\System\OVhOQlV.exe
  2⤵
  PID:14100
- C:\Windows\System\StXwGPE.exe
  C:\Windows\System\StXwGPE.exe
  2⤵
  PID:14116
- C:\Windows\System\ieynxMZ.exe
  C:\Windows\System\ieynxMZ.exe
  2⤵
  PID:14132
- C:\Windows\System\MgjQYzp.exe
  C:\Windows\System\MgjQYzp.exe
  2⤵
  PID:14148
- C:\Windows\System\BnyhraQ.exe
  C:\Windows\System\BnyhraQ.exe
  2⤵
  PID:14164
- C:\Windows\System\uxNjGOF.exe
  C:\Windows\System\uxNjGOF.exe
  2⤵
  PID:14180
- C:\Windows\System\YVcSbFw.exe
  C:\Windows\System\YVcSbFw.exe
  2⤵
  PID:14196
- C:\Windows\System\wDhTHMp.exe
  C:\Windows\System\wDhTHMp.exe
  2⤵
  PID:14220
- C:\Windows\System\tXhRAUr.exe
  C:\Windows\System\tXhRAUr.exe
  2⤵
  PID:14248
- C:\Windows\System\RkrazOq.exe
  C:\Windows\System\RkrazOq.exe
  2⤵
  PID:14252
- C:\Windows\System\qiKpyhW.exe
  C:\Windows\System\qiKpyhW.exe
  2⤵
  PID:14276
- C:\Windows\System\nrROqgc.exe
  C:\Windows\System\nrROqgc.exe
  2⤵
  PID:14292
- C:\Windows\System\oopUHiQ.exe
  C:\Windows\System\oopUHiQ.exe
  2⤵
  PID:14308
- C:\Windows\System\GePtcSS.exe
  C:\Windows\System\GePtcSS.exe
  2⤵
  PID:14320
- C:\Windows\System\FzunFBu.exe
  C:\Windows\System\FzunFBu.exe
  2⤵
  PID:7804
- C:\Windows\System\BVgMFOm.exe
  C:\Windows\System\BVgMFOm.exe
  2⤵
  PID:12548
- C:\Windows\System\LJPrmyZ.exe
  C:\Windows\System\LJPrmyZ.exe
  2⤵
  PID:11428
- C:\Windows\System\JQUCNRn.exe
  C:\Windows\System\JQUCNRn.exe
  2⤵
  PID:12480
- C:\Windows\System\teTNpVS.exe
  C:\Windows\System\teTNpVS.exe
  2⤵
  PID:9256
- C:\Windows\System\WQtyJWf.exe
  C:\Windows\System\WQtyJWf.exe
  2⤵
  PID:2192
- C:\Windows\System\pcXNhZT.exe
  C:\Windows\System\pcXNhZT.exe
  2⤵
  PID:676
- C:\Windows\System\qjuIHBN.exe
  C:\Windows\System\qjuIHBN.exe
  2⤵
  PID:12388
- C:\Windows\System\pClAQqZ.exe
  C:\Windows\System\pClAQqZ.exe
  2⤵
  PID:9880
- C:\Windows\System\FRgsrLX.exe
  C:\Windows\System\FRgsrLX.exe
  2⤵
  PID:13380
- C:\Windows\System\QThPdEC.exe
  C:\Windows\System\QThPdEC.exe
  2⤵
  PID:11108
- C:\Windows\System\FAuVZsJ.exe
  C:\Windows\System\FAuVZsJ.exe
  2⤵
  PID:13400
- C:\Windows\System\PgZryIF.exe
  C:\Windows\System\PgZryIF.exe
  2⤵
  PID:13328
- C:\Windows\System\LsNLkwa.exe
  C:\Windows\System\LsNLkwa.exe
  2⤵
  PID:13376
- C:\Windows\System\BVSguJR.exe
  C:\Windows\System\BVSguJR.exe
  2⤵
  PID:13456
- C:\Windows\System\yCbJRZW.exe
  C:\Windows\System\yCbJRZW.exe
  2⤵
  PID:13484
- C:\Windows\System\icklzBR.exe
  C:\Windows\System\icklzBR.exe
  2⤵
  PID:13464
- C:\Windows\System\pEAMLXZ.exe
  C:\Windows\System\pEAMLXZ.exe
  2⤵
  PID:13512
- C:\Windows\System\VqOuueH.exe
  C:\Windows\System\VqOuueH.exe
  2⤵
  PID:13564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wz5st0qa.4ax.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DTwALFM.exe

Filesize
1.7MB

MD5
918df050b2df4f0439b27e460cf17fb0

SHA1
4b752a9cc712e05d6f63efbbbed27996ab6569ba

SHA256
6bcf222b7d25baaa23c33b391f16b1073dc597fa129b48de15be9250e01ce2c6

SHA512
0b5199e6fbbc424ec063967458f9ac64fa54a94c4a8e5cb73c9bec98f9caeed5911bb66c816b8f26f7da4904fd82b699134ba3ca7ed0197f3ac7eaf0fb7a6e4e

Download Submit
C:\Windows\System\DglwsEM.exe

Filesize
1.7MB

MD5
c7afc5393c5898a8faed02c118bdba9b

SHA1
9d7784db42463942a49fefcfa2b4ccc3dafbedbb

SHA256
48da595e71fe6ee197dfaf7fadd6b7861c558ffe85a73554f594725ad87b2cd1

SHA512
a89c134256c36f845aa8782fd9203c61606eb3330b60bb6819a7ee99d8f0a6f2c0cf8b251bfa65b1f36dae01d87f5c2796072c743ae3c39ca851b5bb7f628d42

Download Submit
C:\Windows\System\DjaPzkU.exe

Filesize
1.7MB

MD5
ee964d37b243b2addc25909ddf16d2ef

SHA1
399f634c0eccad925b1cd392f9daf5b23ba35cf6

SHA256
4e9d8f122ab3332399b3bc340b42dfc81b387d443e1996ecc4ed29a0ae23ac5e

SHA512
a3e04e6b89e30091caff94f5eff8864f4f6d9100553703558e021b14618ba439dcbc7dd77d8b4972bca6a102a869aa4623944b6844254f59c157a2f94e275cdc

Download Submit
C:\Windows\System\DqGHUWC.exe

Filesize
1.7MB

MD5
02c3642ba062094b3a74970480ba1c37

SHA1
216a79e7715f3ad31193627f8561f08df412ba82

SHA256
9120e2b5b9b9ad38a206b78bd544d7183fd82dce3347e4bddd7455d38f94e00e

SHA512
55be10431392beae79ad967fdd471d2dc9993502a4c1fa46e43eef8821f68bf81a0a6a8ff936a46d95ad9f87ec3971679a9bc1300882ab0715b133955c12ae2c

Download Submit
C:\Windows\System\Egykmpy.exe

Filesize
1.7MB

MD5
40949d1664050480686461025a997f43

SHA1
071bb2af79610e8a0460c3c2d5743cff7c0b4252

SHA256
d5222f1ef91b682f7c83ee6050f0b6e53b82cc7a4b4a570fae7de02520611585

SHA512
961e3ccfe187d7f3f049a6d7b4df2a713342dfd13e879ab3c775a79aa5512ab85a34a82607105be73c30cad7fed32609137e14d72b598e6aead7526fd2ca85df

Download Submit
C:\Windows\System\EvJxxqe.exe

Filesize
1.7MB

MD5
1591c330638dda69bc48c58d4ede83a2

SHA1
929b19003affd3facb4c24f9e171cd9c9b5c817a

SHA256
5899c92a81b889ff4d0c7de2d7a816623b07b19cd744ad7da31f1e82644232a5

SHA512
aed86b4f6c8459676bc9e8484e856267597c54c99b3086927cb0babe43b3369b91140e67beab609057e2e2e72046d7d3b6e5c7bec4478d5d2c66c1b9885cf906

Download Submit
C:\Windows\System\FPHwhNR.exe

Filesize
1.7MB

MD5
54cf97fecc0269cbbf3b4950951d5f65

SHA1
1bc56900104fa2373270864d17939c3755f9ce2d

SHA256
de14da54e7a9e20ac5593272ec879a0e83f5a5842477296d5e8133bcbbe55e0e

SHA512
8765ddef82e962de6971f22c8f11cd4c40f78d89f6b336d3812141012ed42ecbc63be3a8810f3da44eb58cb6b88b399766b828cbec191c42540da0aa5512b3ba

Download Submit
C:\Windows\System\Hwdxaxv.exe

Filesize
1.7MB

MD5
2c6c5b90ccd1c877a1cc94023e8899e6

SHA1
349c7675be76db6a189c3f3106164586fe58b118

SHA256
13af352dd136b4024b2539e771991970004ba72419c64fd50a274aef44306af8

SHA512
66e1f48ab6cbcc730e24fd49b062cb380694fda3a26e9018d2d6eb2637af592bf58b606adc044f27326dc954d9a2e43143ec514fec6a0a3520db1e7726744e17

Download Submit
C:\Windows\System\IqyTaTq.exe

Filesize
1.7MB

MD5
93f369247035b8d6074a1595cc30c8f4

SHA1
826d7d74257945b4485e28c82d3fe06214cdc592

SHA256
65ca2148565800cc28d35a521a829ef7d473b01bff5310cda780228f09e61e76

SHA512
75db8959a545820ef2585ad30de0fab68acac80cdbf96001d6a499b606d229a6b9dc5da47cd613320fc9d28aa8aa707c8cf4692eeb3316ebb065b92bf75841f6

Download Submit
C:\Windows\System\JQTlQaY.exe

Filesize
1.7MB

MD5
46db88d192a675e4470a2737ef570a36

SHA1
fa5a1004ce4696b0dea315eb5e1b36b7ae8015ef

SHA256
c206bf8def992009868bb5511c55d69022a2ae52abda9c81bd0e0cc6cc574be2

SHA512
f2966031ec2ce0f2d660bff529c5995067a79ad9c434599fdd57b672723186b542074824d5cc89206ba19a0fb1c0d17f40704a8793b4e2407412293540d43ee5

Download Submit
C:\Windows\System\KbOLMSd.exe

Filesize
1.7MB

MD5
29ee95c678c13e8d8379e0d7142cf4db

SHA1
aaada5bbcda062ce1d04062fb3ef381e8458d44a

SHA256
680aa334cab08d54a689429019923b22e4d456da8965b18a20f6bb0a1fe56ddd

SHA512
f087ab3c98f826436366a529af9e2d6ac2976f6e6e1d26fec7143872b9e3b939e83de5ea3bc6198605b552f443713cfe481795a5d215ce223da83b3304344052

Download Submit
C:\Windows\System\KlSlVBo.exe

Filesize
1.7MB

MD5
6ad77d8c92830b48dc68e130bd52f8f6

SHA1
26e4390be952f72cd14ece0fa106873df0fbf128

SHA256
306a87485cc3917444d590a9fba1af5f891847decf635051389870f78602b9c2

SHA512
5fb85121704dac1aecd204e5cf8f03547d7ae27f81feb584b87b8be0e24f978fedeea7888e9e45bce552734be4695682b0d92303977b5f1925db262aa59cadc6

Download Submit
C:\Windows\System\LCeUGVS.exe

Filesize
1.7MB

MD5
272f1bcc2f3cc6a7bb24968c9ea48c66

SHA1
536223edd3c881f7c47c6ed98e75ea87e74dfda9

SHA256
910eca3df961228fcdedf8e21e87fa7b22115ca03399c8a70ca64205fbd2a145

SHA512
ef0ec3556e23704c81ae3a06cf3b949bf5f320e9999188670caf042a9fe983945cdba3fd0b6ffcf887dd195081da6dff379cd2b710d522dd5c15bb67249d02c5

Download Submit
C:\Windows\System\OHIjCKu.exe

Filesize
1.7MB

MD5
511b33c4ca8299167513f0228dd7fd40

SHA1
36b75656dde8200525bb06f8c120f4aacb87a2ca

SHA256
26f7fd42e1e2ef5be2d5eb3a96350d8f51e0a4d7a7a80802da0a087eb188d320

SHA512
4519a96f5b7365ebcbd3365153356c46f0645dbf8fa8043d25782fd8aa55871ed740f4547d5eab97c9bf03f420ac15eae2e2a2b215025d5828309d40a3aa6fea

Download Submit
C:\Windows\System\RFgwRhX.exe

Filesize
1.7MB

MD5
e8ed0103fad73f3b76c176dd48ad25f1

SHA1
7b6c47c8faabf1d18855409785098c91e4776275

SHA256
e21b54e74c5098919c3f9ab7581a02f5444323d863382d6a05d4a91b136585fd

SHA512
c622e5fa500173b35daf47d29aff0a12b43a978be877ed7485c41bc7ecd9ecd9f8bc167b37015f2f775048cc9ac79af29be46be12b4fb7d952675f5108f40781

Download Submit
C:\Windows\System\TIfeJgz.exe

Filesize
1.7MB

MD5
ebba77f5b1bf4b5fef495e0cb305f064

SHA1
877c281aa4d3e47ff2979970e8461d7b6629f5fc

SHA256
f6e1dfa296813d08fba448fbf5a731a0ee576a59123727ec9da945d45a5c9b67

SHA512
d53237cb1e80b4be334e10b4e4ab356d69df42820c50957f45746fbf011be66a6636a055307c1683de52947398335148bb91deff18c685357a2c9fab8169cd36

Download Submit
C:\Windows\System\Tsayqix.exe

Filesize
1.7MB

MD5
1c85e71de19459848f5d375aa7a2c653

SHA1
dcb7cdbaf7a0ad7bb9b48150bc2078d844eefe80

SHA256
2e01c9959428f8b3f741f3160f321ab4d369908bea5cede61938c212da8dfec6

SHA512
70f7df58e70ea6a9c469c282a0eee829a5a5bea7b4095ea56c4aa72aeaeda7d0d23f9b0b866c2afefb09117c22e14fbc683637a08979007bf1c81dc2b422ad47

Download Submit
C:\Windows\System\UJRCXWH.exe

Filesize
1.7MB

MD5
bb45f10b70fda2f36964736802a111f6

SHA1
ab8ff336cc035d6c6bf4012d906ad6a527a84475

SHA256
2e8709b40bfcc1c9b933056d7e2e696d0022424405b9c03ae6c07f58ed3554f8

SHA512
91dd9bff6cf40f8a4337bfbcfe111441427b8a04218c8179d73d0df3d7362ab4e90027f1ef036e3c9b041beda00b256701c2911d862623761a0d72bc956ee6a1

Download Submit
C:\Windows\System\UaWJwcE.exe

Filesize
1.7MB

MD5
3cff21d5b51084d448ab831fd59b6e38

SHA1
00dc330013e2bdabbc68cf809d516961f0fa7de0

SHA256
21aab1c95a474ae4f5dc0c3220263a0f242085870fdd6af1be06468035ec9635

SHA512
50dc051dbaf8d721f02a4917ecbc98874ab5bdf2d357d7574eeecb710f778a147b5b6d678377f13a38561e9cfb43fe6532370eba205857a825bc9fa46efa4751

Download Submit
C:\Windows\System\UuKrcHi.exe

Filesize
1.7MB

MD5
985cd211646862c45f43649b7db1eeb8

SHA1
50d4d40330157ace1bad1a16fc333c2f594c6d96

SHA256
584f56fc2aadff6632e361b852ba8827703fae02e64b6e1017177d0e1791918b

SHA512
aa85081c1387b20e2d588daf10fca6f9150cba4286189d53a9f3dfd395df47d9d8567321c1200afb69a0b5f752b4bb06861a2b2b290c7f9c953152f760904e7d

Download Submit
C:\Windows\System\WPPnWCV.exe

Filesize
1.7MB

MD5
8d0079bfeeb2beb10d37310ce9dd3819

SHA1
531c5ee69b3ad051d1b58b200720e57284ad525c

SHA256
c44d0379b34a82103f71ae7da12aea3e448dfcf60cecc229e63931c5eb7c69f3

SHA512
0f4794f1ee3724ce163cc19ef89170cc0697a1f2cb8d643f020444616c8a1018cca9b66c1c036f28df29d8cd452188b6dac00243af5282641e4d4d9ecd203937

Download Submit
C:\Windows\System\WxmsEtr.exe

Filesize
1.7MB

MD5
cd384b4e3b0dbdcb970d3b806d618e1d

SHA1
8d021ce6c40341503d1e7c33cee5ff845fc9e195

SHA256
44a1aecff664891e2fa509d8b7814816268494c97bda5a0f1b1b00d07a953bde

SHA512
b3dabefb8ab6027b0e665d0e7c2bff4b8f80cd2de4bed076fde5e292c196fec91978d53acf0b709907291ed7cdd25a3a4986e9dfce8cac17c942b8311fee3c3b

Download Submit
C:\Windows\System\YLRnJhx.exe

Filesize
1.7MB

MD5
509424a1f0ad5889b59cb992646e5277

SHA1
9be2193c0b5773432aaf95254c2e9801e44ffed8

SHA256
af3cb75c98ad96dc39b314c5f588058c6a645649f73914501e121b73c6bf668c

SHA512
c2a215e5b97b506adc72a06f47b015c21afcd4b72b324a2801a4ab6115f111f889af6a727278acf49cc48c6040c9390bebefbd6f697fe75199d62601b1f8ac08

Download Submit
C:\Windows\System\ZDtpQkD.exe

Filesize
1.7MB

MD5
4cf6e4730c3c17c12d97a38c10473fef

SHA1
b7acfe7ad22ae9868b2616115feedc90e928b9bc

SHA256
37bc9a238287046ca33b348540b1049e401542de2cb7ed378c6dc53c4df230e6

SHA512
e8f0a18e3922959a7180c45b08dec38e343fb5de3db55cf8c682ac7a70167e418edaa4e26ae9903fbeeb87684e9678d48d2a5f57e9fcfd427c09d218d15635db

Download Submit
C:\Windows\System\ZSmEIVb.exe

Filesize
1.7MB

MD5
2f54826966f046e58b16cd47c6d89c61

SHA1
1a74d46dfd80de6bf46c1c3b9722e28983fde308

SHA256
cd097d5c50d2f6faa19d511cf37d44bf811add7bef20f3ca8b3cc1f9a5ea7b3c

SHA512
5f83d55f7a8cfd37e4830b7f6176534562a5834436555fa2b17ddc9d13557701d20ca69a2463baf5f243a7237efde671aa1ca1cf4033d4a9232e34a3e05ed196

Download Submit
C:\Windows\System\aCilcKs.exe

Filesize
1.7MB

MD5
015ce1bd6f44b6f97352f4b41cbfa07c

SHA1
98f16eb7f9a879d9331e98d1a7dfeabfffc8dac8

SHA256
e89649fd63c402d84ab2dd771ece7b8752a21b97ab5ceadb2a3263f78d264d5c

SHA512
428c9cd4dc3f796e8869f368819951b188a40faccdd429d62e6bbc3c139cec029e23b7db5fa0d8d08e602b8928866ba4184f45395134e19688e1aac0b31b005b

Download Submit
C:\Windows\System\dDIltii.exe

Filesize
1.7MB

MD5
43ed9f65346d145161db5efc4e2b9b35

SHA1
77d3f83f82ac7f878b4237dd5ec02bf93763107f

SHA256
251861f9a78f16cfa5e94e63e7718171de268d408652969b9531b2e2c23a6625

SHA512
97f83a3d2207f5824b9ae2476c25951dcc242b8b4a6f9300b3dc25c2d0c45d9401ffad4d1dc4994c961b93887e75ae87f4d4b1d7300b28bbab207fa14516838f

Download Submit
C:\Windows\System\enqCGxM.exe

Filesize
8B

MD5
8a9416a5ba3f4513ce86ee25fcd9ed2c

SHA1
a36f3dd1333c8cfee404b646d4c6809d7e653313

SHA256
fb7dd3a16f87fe8b7e98987069f2b605508df1550402bd2a9bfdec4856b1a59a

SHA512
c747d417c3e282ae9ec82b691c8fea9cb7d0729d1dda54d2144fa9c71dd39f2ab11cee5a6768a89cb91fd4a7ae6e579302cb4e4de8d6384014994320074580a4

Download Submit
C:\Windows\System\eyZabnG.exe

Filesize
1.7MB

MD5
a5e3fc77639a732df8e88f2159cf6241

SHA1
3c70a8be715073495fe2ec7aebf096789aa9b4e6

SHA256
877525b44451f9ba6fe83a539b9f77aab0b78973105a028de95a10d3fd120a38

SHA512
d3a482df3025793064623a0bdbfa9db4ced7947bbd015215a6e38202860553d83a85c675f58536417deac5c1ca8d7cec76ee26b6c24d5cc140c4da28236673ce

Download Submit
C:\Windows\System\gYpvBdf.exe

Filesize
1.7MB

MD5
af9d25667f6d682ab1f3063b9664fc95

SHA1
ad4c70c54aedc94374ef9faf689a768bf8c65cda

SHA256
88ca46592663e299310cebe6a34a6304258d689155ee22059570ead010c5c33b

SHA512
87cdf543d9c182ee1690c788e45b3045b33547651eca1cf91b9a53eecec0e398ecf532ab4152e7a643284e293a13cfb96fb9f11988dded243d4710ef41b910f9

Download Submit
C:\Windows\System\gjNTJAn.exe

Filesize
1.7MB

MD5
c0267cc8fdc996e3a648941d78497372

SHA1
ed40d80ac19d9de2cf58743ad60d158466247254

SHA256
4b1c72dfa3deb44ee0c22d984dd27e7fd3f2576d364fd245d0c4a9a94d79ef8a

SHA512
275b74dec235df36a91fbfde64d5019836c62b64e9541dd1afffb2ef482710b3e9b13dce46810ad13ae467aadf2ea3f2786fd33ff63e948b526c572270e96fc6

Download Submit
C:\Windows\System\juOiDBa.exe

Filesize
1.7MB

MD5
2ed2b94cadb47186560caeaf0f21f97a

SHA1
ce16eab405f76dcc4b6d29af159be089fc5b189e

SHA256
d64e5d7b6f13f6c57f1313d257ef6c9993ef5a56974ecf37cee37dbb875afcff

SHA512
06713b66cb0abb529a27fcd58a6bd9ca2e95fe4a6964c246453840b8d3b7b341b4a684042594491946e99d7c4f23bab6f13038243445105f643fba834de1f370

Download Submit
C:\Windows\System\mdhhzPV.exe

Filesize
1.7MB

MD5
d935842d985a20408677a4e8988b9edf

SHA1
a1e38c5a01b7ee69c974f179b5bee9ca93cd8c5c

SHA256
e30d466dd850a2bdd26172387b0763ba2ef8049a3015af064bc06bd82670388f

SHA512
1b91af8c804063001d1a6ad6436c4323462348b324adc57ea8ec7bcb5aa30e5f267093358ca9c4b76a548b76905db47e98806127188b9231981d0fd8ac33b027

Download Submit
C:\Windows\System\mhGtrFr.exe

Filesize
1.7MB

MD5
cd387f043799cbd5103479aaccf500da

SHA1
73a2b731d9ec22eb3330b5887d4719badfb08b5f

SHA256
a6160097211cd60d0a940a657695bad0c47c30742167f3d413c39e997130c9ef

SHA512
acb6e229c53e1d08158c6a3fe1e60d2dee0cf19be0f4be5c9cda5ff0c7373abcedb485a9d18f06d3b5ef20112d38ab4d4ec80bf204ae3b4bff2b7422a4287119

Download Submit
C:\Windows\System\mscxzjL.exe

Filesize
1.7MB

MD5
48130a938fab094ee769feac8d98a952

SHA1
8e77d678238db10fbf8ba9080a61f01191c782f7

SHA256
c4e9f4e08acb95f85e1a999be24489d303feae05cb29c50dacca492c7376486a

SHA512
a706ad7d6ed7b6fb57a8713bd63299cb145a648e0fa6f85edf9ff5ea2178b4427719f7977d507e21b28cd2860a5ee2ef007d69bc4d6a4235117c5fb7381c9a6b

Download Submit
C:\Windows\System\pyrNErb.exe

Filesize
1.7MB

MD5
dcf15c7d9c30c50b36d618f30b1bf561

SHA1
19a0834e0942649734fc345c092d3af874ff97ad

SHA256
af371a3b172703b69ec8bc37d86e5940a97e571df3c6e8920af3baeafc307e98

SHA512
73617825ce03763546912bd653feab38d90be57f378b7b2b8a3bcd8d53a37688d8e4a435a8fd15aa8bc1acf37c412d4168655ba9eeb2dc2c58db9c461c10434a

Download Submit
C:\Windows\System\qRLRjWQ.exe

Filesize
1.7MB

MD5
0dffb95154b134c39e058bc7491a7f2c

SHA1
294141e05f10ca7e7001c47081cb29a8e5d508fa

SHA256
06c365c23a74ccebc443252c4644901b5e254434440fd6bcf5fb8625de88f97d

SHA512
7858ac0251306185b968c50f9792b0c313a3a6959d49858b1c5ec12a1fd626ea858398f61fb11c285a67fe271aaf429f997a4e3447236398edc08e409ab65949

Download Submit
C:\Windows\System\zulZZVb.exe

Filesize
1.7MB

MD5
45065058a239cc69e010d9fb0f077d65

SHA1
e7dd7c05a31f613bb8ca3b021ccef814a5630893

SHA256
de12e2698f3225e58ee88233bde677f96adbb2a224c40b937a6dd9b95bbd7731

SHA512
91adf6e4b220504b929d737c5b65080f5dd1b77f3923257eed3d9d21c3c6417b622b82c0cd7886555a487b30be2166300c4700a43b8f7b0c7b1825514aa27d1e

Download Submit
memory/64-341-0x00007FF7DF4F0000-0x00007FF7DF8E2000-memory.dmp

Filesize
3.9MB

Download
memory/64-3115-0x00007FF7DF4F0000-0x00007FF7DF8E2000-memory.dmp

Filesize
3.9MB

Download
memory/452-397-0x00007FF7A5AF0000-0x00007FF7A5EE2000-memory.dmp

Filesize
3.9MB

Download
memory/452-3150-0x00007FF7A5AF0000-0x00007FF7A5EE2000-memory.dmp

Filesize
3.9MB

Download
memory/468-3089-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp

Filesize
3.9MB

Download
memory/468-10-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp

Filesize
3.9MB

Download
memory/688-409-0x00007FF7A0B30000-0x00007FF7A0F22000-memory.dmp

Filesize
3.9MB

Download
memory/688-3155-0x00007FF7A0B30000-0x00007FF7A0F22000-memory.dmp

Filesize
3.9MB

Download
memory/1092-3104-0x00007FF755CA0000-0x00007FF756092000-memory.dmp

Filesize
3.9MB

Download
memory/1092-49-0x00007FF755CA0000-0x00007FF756092000-memory.dmp

Filesize
3.9MB

Download
memory/1384-3118-0x00007FF7BDA50000-0x00007FF7BDE42000-memory.dmp

Filesize
3.9MB

Download
memory/1384-337-0x00007FF7BDA50000-0x00007FF7BDE42000-memory.dmp

Filesize
3.9MB

Download
memory/1436-260-0x00007FF6E36D0000-0x00007FF6E3AC2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-3124-0x00007FF6E36D0000-0x00007FF6E3AC2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-3153-0x00007FF73FFB0000-0x00007FF7403A2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-398-0x00007FF73FFB0000-0x00007FF7403A2000-memory.dmp

Filesize
3.9MB

Download
memory/1528-433-0x00007FF642540000-0x00007FF642932000-memory.dmp

Filesize
3.9MB

Download
memory/1528-3120-0x00007FF642540000-0x00007FF642932000-memory.dmp

Filesize
3.9MB

Download
memory/1736-3098-0x00007FF66C4B0000-0x00007FF66C8A2000-memory.dmp

Filesize
3.9MB

Download
memory/1736-137-0x00007FF66C4B0000-0x00007FF66C8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2128-108-0x00007FF6B01F0000-0x00007FF6B05E2000-memory.dmp

Filesize
3.9MB

Download
memory/2128-3100-0x00007FF6B01F0000-0x00007FF6B05E2000-memory.dmp

Filesize
3.9MB

Download
memory/2308-351-0x00007FF688E50000-0x00007FF689242000-memory.dmp

Filesize
3.9MB

Download
memory/2308-3149-0x00007FF688E50000-0x00007FF689242000-memory.dmp

Filesize
3.9MB

Download
memory/2556-3113-0x00007FF62A510000-0x00007FF62A902000-memory.dmp

Filesize
3.9MB

Download
memory/2556-204-0x00007FF62A510000-0x00007FF62A902000-memory.dmp

Filesize
3.9MB

Download
memory/2780-3095-0x00007FF60DAF0000-0x00007FF60DEE2000-memory.dmp

Filesize
3.9MB

Download
memory/2780-423-0x00007FF60DAF0000-0x00007FF60DEE2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-3102-0x00007FF7AC9F0000-0x00007FF7ACDE2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-432-0x00007FF7AC9F0000-0x00007FF7ACDE2000-memory.dmp

Filesize
3.9MB

Download
memory/3004-265-0x00007FF730040000-0x00007FF730432000-memory.dmp

Filesize
3.9MB

Download
memory/3004-3108-0x00007FF730040000-0x00007FF730432000-memory.dmp

Filesize
3.9MB

Download
memory/3224-13-0x00007FF9F9A53000-0x00007FF9F9A55000-memory.dmp

Filesize
8KB

Download
memory/3224-12-0x00000197939E0000-0x00000197939F0000-memory.dmp

Filesize
64KB

Download
memory/3224-201-0x00000197ADD70000-0x00000197ADD92000-memory.dmp

Filesize
136KB

Download
memory/3224-11-0x00000197939E0000-0x00000197939F0000-memory.dmp

Filesize
64KB

Download
memory/3628-47-0x00007FF710E10000-0x00007FF711202000-memory.dmp

Filesize
3.9MB

Download
memory/3628-3093-0x00007FF710E10000-0x00007FF711202000-memory.dmp

Filesize
3.9MB

Download
memory/3648-413-0x00007FF71F4E0000-0x00007FF71F8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3648-3106-0x00007FF71F4E0000-0x00007FF71F8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3764-1-0x00000247A0250000-0x00000247A0260000-memory.dmp

Filesize
64KB

Download
memory/3764-0-0x00007FF7315A0000-0x00007FF731992000-memory.dmp

Filesize
3.9MB

Download
memory/3864-3158-0x00007FF6E27B0000-0x00007FF6E2BA2000-memory.dmp

Filesize
3.9MB

Download
memory/3864-412-0x00007FF6E27B0000-0x00007FF6E2BA2000-memory.dmp

Filesize
3.9MB

Download
memory/3932-3091-0x00007FF7AF5D0000-0x00007FF7AF9C2000-memory.dmp

Filesize
3.9MB

Download
memory/3932-31-0x00007FF7AF5D0000-0x00007FF7AF9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4468-162-0x00007FF62B1A0000-0x00007FF62B592000-memory.dmp

Filesize
3.9MB

Download
memory/4468-3111-0x00007FF62B1A0000-0x00007FF62B592000-memory.dmp

Filesize
3.9MB

Download
memory/4608-308-0x00007FF7F67C0000-0x00007FF7F6BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4608-3122-0x00007FF7F67C0000-0x00007FF7F6BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4888-350-0x00007FF762700000-0x00007FF762AF2000-memory.dmp

Filesize
3.9MB

Download
memory/4888-3126-0x00007FF762700000-0x00007FF762AF2000-memory.dmp

Filesize
3.9MB

Download
memory/5008-3110-0x00007FF7103A0000-0x00007FF710792000-memory.dmp

Filesize
3.9MB

Download
memory/5008-166-0x00007FF7103A0000-0x00007FF710792000-memory.dmp

Filesize
3.9MB

Download