xmrig | 10f3596b297617dc23428324c126ce231591db7dc9138c2cc3bf92cd29a20cd3

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
Size

1.9MB
MD5

00a4b353ff4ff43b5e4837756203a0bb
SHA1

6ba8a51237e10369857d626248c9d87117af95f3
SHA256

10f3596b297617dc23428324c126ce231591db7dc9138c2cc3bf92cd29a20cd3
SHA512

00892ea6a4ac564750a02d181712b81188f5c1956ef75d965ecb5fe2f9dbc4c258f20c350a46496405a12f59fadcd04615c7575d2a703646a929ad5ff4106d67
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+UXN:NABG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 41 IoCs

miner

resource	yara_rule
behavioral2/memory/2260-251-0x00007FF6A8960000-0x00007FF6A8D52000-memory.dmp	xmrig
behavioral2/memory/1300-227-0x00007FF675BA0000-0x00007FF675F92000-memory.dmp	xmrig
behavioral2/memory/3016-175-0x00007FF7BF030000-0x00007FF7BF422000-memory.dmp	xmrig
behavioral2/memory/4648-537-0x00007FF7AB760000-0x00007FF7ABB52000-memory.dmp	xmrig
behavioral2/memory/2556-556-0x00007FF7E0A50000-0x00007FF7E0E42000-memory.dmp	xmrig
behavioral2/memory/4900-559-0x00007FF673C80000-0x00007FF674072000-memory.dmp	xmrig
behavioral2/memory/4520-558-0x00007FF6EBC60000-0x00007FF6EC052000-memory.dmp	xmrig
behavioral2/memory/4216-557-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp	xmrig
behavioral2/memory/456-555-0x00007FF7229E0000-0x00007FF722DD2000-memory.dmp	xmrig
behavioral2/memory/4848-554-0x00007FF7669F0000-0x00007FF766DE2000-memory.dmp	xmrig
behavioral2/memory/3244-553-0x00007FF669D10000-0x00007FF66A102000-memory.dmp	xmrig
behavioral2/memory/4116-552-0x00007FF6B2250000-0x00007FF6B2642000-memory.dmp	xmrig
behavioral2/memory/2000-550-0x00007FF7475F0000-0x00007FF7479E2000-memory.dmp	xmrig
behavioral2/memory/2600-455-0x00007FF784850000-0x00007FF784C42000-memory.dmp	xmrig
behavioral2/memory/4016-413-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp	xmrig
behavioral2/memory/1156-366-0x00007FF621700000-0x00007FF621AF2000-memory.dmp	xmrig
behavioral2/memory/1388-299-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	xmrig
behavioral2/memory/3748-296-0x00007FF727150000-0x00007FF727542000-memory.dmp	xmrig
behavioral2/memory/1604-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	xmrig
behavioral2/memory/5068-94-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp	xmrig
behavioral2/memory/4216-3373-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp	xmrig
behavioral2/memory/5068-3375-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp	xmrig
behavioral2/memory/1192-3377-0x00007FF620E70000-0x00007FF621262000-memory.dmp	xmrig
behavioral2/memory/1156-3379-0x00007FF621700000-0x00007FF621AF2000-memory.dmp	xmrig
behavioral2/memory/4016-3391-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp	xmrig
behavioral2/memory/3748-3393-0x00007FF727150000-0x00007FF727542000-memory.dmp	xmrig
behavioral2/memory/4648-3389-0x00007FF7AB760000-0x00007FF7ABB52000-memory.dmp	xmrig
behavioral2/memory/1300-3387-0x00007FF675BA0000-0x00007FF675F92000-memory.dmp	xmrig
behavioral2/memory/2260-3384-0x00007FF6A8960000-0x00007FF6A8D52000-memory.dmp	xmrig
behavioral2/memory/3016-3386-0x00007FF7BF030000-0x00007FF7BF422000-memory.dmp	xmrig
behavioral2/memory/1604-3382-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	xmrig
behavioral2/memory/456-3396-0x00007FF7229E0000-0x00007FF722DD2000-memory.dmp	xmrig
behavioral2/memory/2600-3427-0x00007FF784850000-0x00007FF784C42000-memory.dmp	xmrig
behavioral2/memory/2556-3423-0x00007FF7E0A50000-0x00007FF7E0E42000-memory.dmp	xmrig
behavioral2/memory/4848-3409-0x00007FF7669F0000-0x00007FF766DE2000-memory.dmp	xmrig
behavioral2/memory/4520-3429-0x00007FF6EBC60000-0x00007FF6EC052000-memory.dmp	xmrig
behavioral2/memory/1388-3425-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	xmrig
behavioral2/memory/4116-3420-0x00007FF6B2250000-0x00007FF6B2642000-memory.dmp	xmrig
behavioral2/memory/2000-3415-0x00007FF7475F0000-0x00007FF7479E2000-memory.dmp	xmrig
behavioral2/memory/4900-3413-0x00007FF673C80000-0x00007FF674072000-memory.dmp	xmrig
behavioral2/memory/3244-3411-0x00007FF669D10000-0x00007FF66A102000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1192	RHJrpvP.exe
4216	PHDkpYg.exe
5068	CQKIaSi.exe
1604	SGXdSWC.exe
3016	vRPpzFV.exe
1300	dzuGcaC.exe
2260	VHGewBk.exe
3748	yPOJSTD.exe
1388	eZyLmth.exe
1156	jrtYCly.exe
4016	iRrcPvj.exe
4520	PPXYqOG.exe
2600	CZnWsiD.exe
4648	UttxPZk.exe
2000	wOezwSG.exe
4116	AgNaWEX.exe
4900	FWzNrrx.exe
3244	oBqsGHp.exe
4848	pyayEqL.exe
456	YjcDxED.exe
2556	bWDdirm.exe
5036	eSSUAhu.exe
1252	WIuqTHD.exe
1048	yZifVvu.exe
2800	SXEusDX.exe
4220	ouvThVp.exe
1084	UWJJpVZ.exe
4272	dxHRPmJ.exe
4092	dyxkvxx.exe
4100	gJGqWEz.exe
4276	OCCtCMY.exe
4592	ncSIsDZ.exe
832	jOyjnKQ.exe
1508	MaZESSQ.exe
3676	OplxhGJ.exe
4228	OfnIOay.exe
2320	KKfMjQq.exe
704	ohzTPzJ.exe
1008	bjEeAJc.exe
2444	vXOQMoO.exe
3712	guzgOor.exe
3132	DSAwcWr.exe
548	SCxgvco.exe
2704	wyPBuTy.exe
1952	qrpdAua.exe
1480	gwffqgC.exe
3432	xdauaTC.exe
3296	vdDGykH.exe
2532	bicltiw.exe
3356	ZATrlkZ.exe
3596	MHSNQrc.exe
2312	yznCjEF.exe
412	MxPVCEq.exe
3368	SSTlkir.exe
4576	vzYVrzW.exe
536	owsmzLn.exe
2456	sjxwgWg.exe
3008	JvzRFTI.exe
1872	aQEnTyB.exe
4364	oxRhail.exe
228	wlTlpjk.exe
2036	grLSRYd.exe
896	pmQamXt.exe
1104	USLtlLE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4580-0-0x00007FF749EC0000-0x00007FF74A2B2000-memory.dmp	upx
behavioral2/files/0x000d000000023af1-5.dat	upx
behavioral2/files/0x000a000000023b82-22.dat	upx
behavioral2/files/0x000a000000023b87-39.dat	upx
behavioral2/files/0x000a000000023b96-153.dat	upx
behavioral2/files/0x000a000000023b9d-149.dat	upx
behavioral2/memory/2260-251-0x00007FF6A8960000-0x00007FF6A8D52000-memory.dmp	upx
behavioral2/memory/1300-227-0x00007FF675BA0000-0x00007FF675F92000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-215.dat	upx
behavioral2/files/0x000a000000023ba4-203.dat	upx
behavioral2/files/0x000a000000023ba3-202.dat	upx
behavioral2/files/0x000a000000023ba2-200.dat	upx
behavioral2/files/0x000a000000023ba1-198.dat	upx
behavioral2/files/0x000a000000023b92-188.dat	upx
behavioral2/files/0x000a000000023b91-187.dat	upx
behavioral2/files/0x000a000000023ba0-184.dat	upx
behavioral2/files/0x000a000000023b9f-180.dat	upx
behavioral2/files/0x000a000000023b90-179.dat	upx
behavioral2/memory/3016-175-0x00007FF7BF030000-0x00007FF7BF422000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-170.dat	upx
behavioral2/files/0x000a000000023b99-166.dat	upx
behavioral2/files/0x000a000000023b8f-162.dat	upx
behavioral2/files/0x000a000000023b98-158.dat	upx
behavioral2/files/0x000a000000023b97-157.dat	upx
behavioral2/files/0x000a000000023b95-148.dat	upx
behavioral2/files/0x000a000000023b9c-140.dat	upx
behavioral2/memory/4648-537-0x00007FF7AB760000-0x00007FF7ABB52000-memory.dmp	upx
behavioral2/memory/2556-556-0x00007FF7E0A50000-0x00007FF7E0E42000-memory.dmp	upx
behavioral2/memory/4900-559-0x00007FF673C80000-0x00007FF674072000-memory.dmp	upx
behavioral2/memory/4520-558-0x00007FF6EBC60000-0x00007FF6EC052000-memory.dmp	upx
behavioral2/memory/4216-557-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp	upx
behavioral2/memory/456-555-0x00007FF7229E0000-0x00007FF722DD2000-memory.dmp	upx
behavioral2/memory/4848-554-0x00007FF7669F0000-0x00007FF766DE2000-memory.dmp	upx
behavioral2/memory/3244-553-0x00007FF669D10000-0x00007FF66A102000-memory.dmp	upx
behavioral2/memory/4116-552-0x00007FF6B2250000-0x00007FF6B2642000-memory.dmp	upx
behavioral2/memory/2000-550-0x00007FF7475F0000-0x00007FF7479E2000-memory.dmp	upx
behavioral2/memory/2600-455-0x00007FF784850000-0x00007FF784C42000-memory.dmp	upx
behavioral2/memory/4016-413-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp	upx
behavioral2/memory/1156-366-0x00007FF621700000-0x00007FF621AF2000-memory.dmp	upx
behavioral2/memory/1388-299-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp	upx
behavioral2/memory/3748-296-0x00007FF727150000-0x00007FF727542000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-133.dat	upx
behavioral2/files/0x000a000000023b9a-126.dat	upx
behavioral2/files/0x000a000000023b8c-123.dat	upx
behavioral2/files/0x000a000000023b8b-119.dat	upx
behavioral2/files/0x000a000000023b8e-115.dat	upx
behavioral2/files/0x000a000000023b94-110.dat	upx
behavioral2/files/0x000a000000023b93-108.dat	upx
behavioral2/memory/1604-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	upx
behavioral2/memory/5068-94-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp	upx
behavioral2/files/0x000a000000023b8d-81.dat	upx
behavioral2/files/0x000a000000023b8a-73.dat	upx
behavioral2/files/0x000a000000023b89-66.dat	upx
behavioral2/files/0x000a000000023b88-97.dat	upx
behavioral2/files/0x000a000000023b86-47.dat	upx
behavioral2/files/0x000a000000023b84-45.dat	upx
behavioral2/files/0x000a000000023b85-41.dat	upx
behavioral2/files/0x000a000000023b83-17.dat	upx
behavioral2/memory/1192-12-0x00007FF620E70000-0x00007FF621262000-memory.dmp	upx
behavioral2/files/0x000b000000023b81-8.dat	upx
behavioral2/memory/4216-3373-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp	upx
behavioral2/memory/5068-3375-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp	upx
behavioral2/memory/1192-3377-0x00007FF620E70000-0x00007FF621262000-memory.dmp	upx
behavioral2/memory/1156-3379-0x00007FF621700000-0x00007FF621AF2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OiDcrRN.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\hNovRYU.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\ZvVuyvw.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\jaFlxUE.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\DoZYqcd.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\ERUDBHW.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\yZifVvu.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\jYRQZje.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\yhPhZxc.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\bmLLrOg.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\cFlgtIn.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\GkPRyyB.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\AkXYoVa.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\tqWlIwd.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\cebSNwo.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\FzvtVdi.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\qZfmoYs.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\EEmhdqE.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\twvAqTR.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\DBwGKFm.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\PLNlQFf.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\xktjfQj.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\PobAUfn.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\OacgLzk.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\KyMPTHL.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\oFRnbLQ.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\xdauaTC.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\FkdTKlN.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\ULRqpuA.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\wOmBvTu.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\dDVOfwV.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\DOMYCvr.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\KXMAPQa.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\oSlmMdl.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\MNIXEMg.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\HLgnkmU.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\jGLWneI.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\nvqiDuY.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\zhXbWIM.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\iIPZcGS.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\LVHOZtZ.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\WTUdnnD.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\ngSvzCs.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\DurMpIK.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\BNnscvK.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\JALWSov.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\NmRtbuT.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\dhFOPpD.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\ORakkKa.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\KEHPhFg.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\jueDoiq.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\PsIuVbV.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\mQVhoQh.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\aQEnTyB.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\RVshgCl.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\fURawsM.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\mwlFTdb.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\iyqiBES.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\jQGrWfP.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\XrnGlmm.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\gowsALe.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\QjDcQVo.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\lioWuDa.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
File created	C:\Windows\System\fZwFMkk.exe	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2156	powershell.exe
2156	powershell.exe
2156	powershell.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
Token: SeDebugPrivilege	2156	powershell.exe
Token: SeCreateGlobalPrivilege	11528	dwm.exe
Token: SeChangeNotifyPrivilege	11528	dwm.exe
Token: 33	11528	dwm.exe
Token: SeIncBasePriorityPrivilege	11528	dwm.exe
Token: SeCreateGlobalPrivilege	1212	dwm.exe
Token: SeChangeNotifyPrivilege	1212	dwm.exe
Token: 33	1212	dwm.exe
Token: SeIncBasePriorityPrivilege	1212	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2156	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	83
PID 4580 wrote to memory of 2156	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	83
PID 4580 wrote to memory of 1192	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	84
PID 4580 wrote to memory of 1192	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	84
PID 4580 wrote to memory of 4216	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	85
PID 4580 wrote to memory of 4216	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	85
PID 4580 wrote to memory of 1604	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	86
PID 4580 wrote to memory of 1604	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	86
PID 4580 wrote to memory of 5068	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	87
PID 4580 wrote to memory of 5068	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	87
PID 4580 wrote to memory of 3016	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	88
PID 4580 wrote to memory of 3016	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	88
PID 4580 wrote to memory of 1300	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	89
PID 4580 wrote to memory of 1300	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	89
PID 4580 wrote to memory of 2260	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	91
PID 4580 wrote to memory of 2260	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	91
PID 4580 wrote to memory of 3748	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	92
PID 4580 wrote to memory of 3748	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	92
PID 4580 wrote to memory of 1388	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	93
PID 4580 wrote to memory of 1388	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	93
PID 4580 wrote to memory of 1156	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	94
PID 4580 wrote to memory of 1156	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	94
PID 4580 wrote to memory of 4016	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	95
PID 4580 wrote to memory of 4016	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	95
PID 4580 wrote to memory of 4520	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	96
PID 4580 wrote to memory of 4520	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	96
PID 4580 wrote to memory of 2600	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	97
PID 4580 wrote to memory of 2600	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	97
PID 4580 wrote to memory of 4648	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	98
PID 4580 wrote to memory of 4648	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	98
PID 4580 wrote to memory of 2000	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	99
PID 4580 wrote to memory of 2000	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	99
PID 4580 wrote to memory of 4116	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	100
PID 4580 wrote to memory of 4116	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	100
PID 4580 wrote to memory of 4900	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	101
PID 4580 wrote to memory of 4900	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	101
PID 4580 wrote to memory of 3244	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	102
PID 4580 wrote to memory of 3244	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	102
PID 4580 wrote to memory of 4848	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	103
PID 4580 wrote to memory of 4848	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	103
PID 4580 wrote to memory of 456	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	104
PID 4580 wrote to memory of 456	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	104
PID 4580 wrote to memory of 2556	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	105
PID 4580 wrote to memory of 2556	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	105
PID 4580 wrote to memory of 5036	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	106
PID 4580 wrote to memory of 5036	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	106
PID 4580 wrote to memory of 1084	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	107
PID 4580 wrote to memory of 1084	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	107
PID 4580 wrote to memory of 4272	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	108
PID 4580 wrote to memory of 4272	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	108
PID 4580 wrote to memory of 4092	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	109
PID 4580 wrote to memory of 4092	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	109
PID 4580 wrote to memory of 4100	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	110
PID 4580 wrote to memory of 4100	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	110
PID 4580 wrote to memory of 1252	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	111
PID 4580 wrote to memory of 1252	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	111
PID 4580 wrote to memory of 1048	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	112
PID 4580 wrote to memory of 1048	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	112
PID 4580 wrote to memory of 2800	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	113
PID 4580 wrote to memory of 2800	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	113
PID 4580 wrote to memory of 4220	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	114
PID 4580 wrote to memory of 4220	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	114
PID 4580 wrote to memory of 4276	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	115
PID 4580 wrote to memory of 4276	4580	00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00a4b353ff4ff43b5e4837756203a0bb_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2156
- C:\Windows\System\RHJrpvP.exe
  C:\Windows\System\RHJrpvP.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\PHDkpYg.exe
  C:\Windows\System\PHDkpYg.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\SGXdSWC.exe
  C:\Windows\System\SGXdSWC.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\CQKIaSi.exe
  C:\Windows\System\CQKIaSi.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\vRPpzFV.exe
  C:\Windows\System\vRPpzFV.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\dzuGcaC.exe
  C:\Windows\System\dzuGcaC.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\VHGewBk.exe
  C:\Windows\System\VHGewBk.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\yPOJSTD.exe
  C:\Windows\System\yPOJSTD.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\eZyLmth.exe
  C:\Windows\System\eZyLmth.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\jrtYCly.exe
  C:\Windows\System\jrtYCly.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\iRrcPvj.exe
  C:\Windows\System\iRrcPvj.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\PPXYqOG.exe
  C:\Windows\System\PPXYqOG.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\CZnWsiD.exe
  C:\Windows\System\CZnWsiD.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\UttxPZk.exe
  C:\Windows\System\UttxPZk.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\wOezwSG.exe
  C:\Windows\System\wOezwSG.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\AgNaWEX.exe
  C:\Windows\System\AgNaWEX.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\FWzNrrx.exe
  C:\Windows\System\FWzNrrx.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\oBqsGHp.exe
  C:\Windows\System\oBqsGHp.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\pyayEqL.exe
  C:\Windows\System\pyayEqL.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\YjcDxED.exe
  C:\Windows\System\YjcDxED.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\bWDdirm.exe
  C:\Windows\System\bWDdirm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\eSSUAhu.exe
  C:\Windows\System\eSSUAhu.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\UWJJpVZ.exe
  C:\Windows\System\UWJJpVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\dxHRPmJ.exe
  C:\Windows\System\dxHRPmJ.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\dyxkvxx.exe
  C:\Windows\System\dyxkvxx.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\gJGqWEz.exe
  C:\Windows\System\gJGqWEz.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\WIuqTHD.exe
  C:\Windows\System\WIuqTHD.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\yZifVvu.exe
  C:\Windows\System\yZifVvu.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\SXEusDX.exe
  C:\Windows\System\SXEusDX.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ouvThVp.exe
  C:\Windows\System\ouvThVp.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\OCCtCMY.exe
  C:\Windows\System\OCCtCMY.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\ncSIsDZ.exe
  C:\Windows\System\ncSIsDZ.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\jOyjnKQ.exe
  C:\Windows\System\jOyjnKQ.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\MaZESSQ.exe
  C:\Windows\System\MaZESSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\OplxhGJ.exe
  C:\Windows\System\OplxhGJ.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\OfnIOay.exe
  C:\Windows\System\OfnIOay.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\KKfMjQq.exe
  C:\Windows\System\KKfMjQq.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ohzTPzJ.exe
  C:\Windows\System\ohzTPzJ.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\bjEeAJc.exe
  C:\Windows\System\bjEeAJc.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\vXOQMoO.exe
  C:\Windows\System\vXOQMoO.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\guzgOor.exe
  C:\Windows\System\guzgOor.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\DSAwcWr.exe
  C:\Windows\System\DSAwcWr.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\SCxgvco.exe
  C:\Windows\System\SCxgvco.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\wyPBuTy.exe
  C:\Windows\System\wyPBuTy.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\qrpdAua.exe
  C:\Windows\System\qrpdAua.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\JvzRFTI.exe
  C:\Windows\System\JvzRFTI.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\gwffqgC.exe
  C:\Windows\System\gwffqgC.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\xdauaTC.exe
  C:\Windows\System\xdauaTC.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\vdDGykH.exe
  C:\Windows\System\vdDGykH.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\bicltiw.exe
  C:\Windows\System\bicltiw.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ZATrlkZ.exe
  C:\Windows\System\ZATrlkZ.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\MHSNQrc.exe
  C:\Windows\System\MHSNQrc.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\yznCjEF.exe
  C:\Windows\System\yznCjEF.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\MxPVCEq.exe
  C:\Windows\System\MxPVCEq.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\SSTlkir.exe
  C:\Windows\System\SSTlkir.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\vzYVrzW.exe
  C:\Windows\System\vzYVrzW.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\owsmzLn.exe
  C:\Windows\System\owsmzLn.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\sjxwgWg.exe
  C:\Windows\System\sjxwgWg.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\aQEnTyB.exe
  C:\Windows\System\aQEnTyB.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\oxRhail.exe
  C:\Windows\System\oxRhail.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\wlTlpjk.exe
  C:\Windows\System\wlTlpjk.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\ZvkCtnm.exe
  C:\Windows\System\ZvkCtnm.exe
  2⤵
  PID:3620
- C:\Windows\System\grLSRYd.exe
  C:\Windows\System\grLSRYd.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pmQamXt.exe
  C:\Windows\System\pmQamXt.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\USLtlLE.exe
  C:\Windows\System\USLtlLE.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\qbRXrnB.exe
  C:\Windows\System\qbRXrnB.exe
  2⤵
  PID:3840
- C:\Windows\System\IuvvXdJ.exe
  C:\Windows\System\IuvvXdJ.exe
  2⤵
  PID:1588
- C:\Windows\System\lPBGzfY.exe
  C:\Windows\System\lPBGzfY.exe
  2⤵
  PID:3084
- C:\Windows\System\EnMlCYh.exe
  C:\Windows\System\EnMlCYh.exe
  2⤵
  PID:1352
- C:\Windows\System\dhFOPpD.exe
  C:\Windows\System\dhFOPpD.exe
  2⤵
  PID:4776
- C:\Windows\System\UEhsUWW.exe
  C:\Windows\System\UEhsUWW.exe
  2⤵
  PID:4304
- C:\Windows\System\aBPEcVY.exe
  C:\Windows\System\aBPEcVY.exe
  2⤵
  PID:1400
- C:\Windows\System\VayZwZR.exe
  C:\Windows\System\VayZwZR.exe
  2⤵
  PID:1704
- C:\Windows\System\twvAqTR.exe
  C:\Windows\System\twvAqTR.exe
  2⤵
  PID:3872
- C:\Windows\System\SfmdRyS.exe
  C:\Windows\System\SfmdRyS.exe
  2⤵
  PID:3516
- C:\Windows\System\GCTUlYb.exe
  C:\Windows\System\GCTUlYb.exe
  2⤵
  PID:2284
- C:\Windows\System\PgbjzQS.exe
  C:\Windows\System\PgbjzQS.exe
  2⤵
  PID:1592
- C:\Windows\System\WrGsQPb.exe
  C:\Windows\System\WrGsQPb.exe
  2⤵
  PID:3880
- C:\Windows\System\AMjESRC.exe
  C:\Windows\System\AMjESRC.exe
  2⤵
  PID:5076
- C:\Windows\System\kSTyHoj.exe
  C:\Windows\System\kSTyHoj.exe
  2⤵
  PID:692
- C:\Windows\System\kEuGEKy.exe
  C:\Windows\System\kEuGEKy.exe
  2⤵
  PID:2492
- C:\Windows\System\VcIfRhy.exe
  C:\Windows\System\VcIfRhy.exe
  2⤵
  PID:1332
- C:\Windows\System\zDcOICi.exe
  C:\Windows\System\zDcOICi.exe
  2⤵
  PID:4572
- C:\Windows\System\lOKKjCq.exe
  C:\Windows\System\lOKKjCq.exe
  2⤵
  PID:3988
- C:\Windows\System\wLkfUMb.exe
  C:\Windows\System\wLkfUMb.exe
  2⤵
  PID:5144
- C:\Windows\System\ZazXWWq.exe
  C:\Windows\System\ZazXWWq.exe
  2⤵
  PID:5172
- C:\Windows\System\vvfcQdQ.exe
  C:\Windows\System\vvfcQdQ.exe
  2⤵
  PID:5192
- C:\Windows\System\yiYMOHN.exe
  C:\Windows\System\yiYMOHN.exe
  2⤵
  PID:5208
- C:\Windows\System\wzzWIZj.exe
  C:\Windows\System\wzzWIZj.exe
  2⤵
  PID:5224
- C:\Windows\System\lyBLwaO.exe
  C:\Windows\System\lyBLwaO.exe
  2⤵
  PID:5240
- C:\Windows\System\RWisrXu.exe
  C:\Windows\System\RWisrXu.exe
  2⤵
  PID:5264
- C:\Windows\System\xDRfYZA.exe
  C:\Windows\System\xDRfYZA.exe
  2⤵
  PID:5284
- C:\Windows\System\tVjCIQJ.exe
  C:\Windows\System\tVjCIQJ.exe
  2⤵
  PID:5300
- C:\Windows\System\rEqPxSV.exe
  C:\Windows\System\rEqPxSV.exe
  2⤵
  PID:5324
- C:\Windows\System\RRgdRmY.exe
  C:\Windows\System\RRgdRmY.exe
  2⤵
  PID:5340
- C:\Windows\System\fojedhW.exe
  C:\Windows\System\fojedhW.exe
  2⤵
  PID:5368
- C:\Windows\System\DAwJEyf.exe
  C:\Windows\System\DAwJEyf.exe
  2⤵
  PID:5404
- C:\Windows\System\cKVNbSJ.exe
  C:\Windows\System\cKVNbSJ.exe
  2⤵
  PID:5428
- C:\Windows\System\OoHtgyW.exe
  C:\Windows\System\OoHtgyW.exe
  2⤵
  PID:5452
- C:\Windows\System\uozvFiN.exe
  C:\Windows\System\uozvFiN.exe
  2⤵
  PID:5468
- C:\Windows\System\dRgTexf.exe
  C:\Windows\System\dRgTexf.exe
  2⤵
  PID:5484
- C:\Windows\System\YFkYksT.exe
  C:\Windows\System\YFkYksT.exe
  2⤵
  PID:5520
- C:\Windows\System\BNnscvK.exe
  C:\Windows\System\BNnscvK.exe
  2⤵
  PID:5544
- C:\Windows\System\gEddZXi.exe
  C:\Windows\System\gEddZXi.exe
  2⤵
  PID:5568
- C:\Windows\System\JAKNEZM.exe
  C:\Windows\System\JAKNEZM.exe
  2⤵
  PID:5588
- C:\Windows\System\oMKAhim.exe
  C:\Windows\System\oMKAhim.exe
  2⤵
  PID:5608
- C:\Windows\System\SNkkWtQ.exe
  C:\Windows\System\SNkkWtQ.exe
  2⤵
  PID:5632
- C:\Windows\System\lBfIdOv.exe
  C:\Windows\System\lBfIdOv.exe
  2⤵
  PID:5656
- C:\Windows\System\FavLhEs.exe
  C:\Windows\System\FavLhEs.exe
  2⤵
  PID:5680
- C:\Windows\System\SRzLeBL.exe
  C:\Windows\System\SRzLeBL.exe
  2⤵
  PID:5732
- C:\Windows\System\NPNFceo.exe
  C:\Windows\System\NPNFceo.exe
  2⤵
  PID:5752
- C:\Windows\System\IMwVhlP.exe
  C:\Windows\System\IMwVhlP.exe
  2⤵
  PID:5784
- C:\Windows\System\OFHspqO.exe
  C:\Windows\System\OFHspqO.exe
  2⤵
  PID:5812
- C:\Windows\System\RxtGWgL.exe
  C:\Windows\System\RxtGWgL.exe
  2⤵
  PID:5828
- C:\Windows\System\EQXmjxf.exe
  C:\Windows\System\EQXmjxf.exe
  2⤵
  PID:5856
- C:\Windows\System\plxFvYF.exe
  C:\Windows\System\plxFvYF.exe
  2⤵
  PID:5900
- C:\Windows\System\TlUwRDX.exe
  C:\Windows\System\TlUwRDX.exe
  2⤵
  PID:5924
- C:\Windows\System\jaFlxUE.exe
  C:\Windows\System\jaFlxUE.exe
  2⤵
  PID:5940
- C:\Windows\System\zTNfLkK.exe
  C:\Windows\System\zTNfLkK.exe
  2⤵
  PID:5964
- C:\Windows\System\mjLaMJd.exe
  C:\Windows\System\mjLaMJd.exe
  2⤵
  PID:5988
- C:\Windows\System\ddicgwE.exe
  C:\Windows\System\ddicgwE.exe
  2⤵
  PID:6004
- C:\Windows\System\YtfEKGf.exe
  C:\Windows\System\YtfEKGf.exe
  2⤵
  PID:6028
- C:\Windows\System\NOcMXXN.exe
  C:\Windows\System\NOcMXXN.exe
  2⤵
  PID:6052
- C:\Windows\System\dTLkwaL.exe
  C:\Windows\System\dTLkwaL.exe
  2⤵
  PID:6088
- C:\Windows\System\teYcDQF.exe
  C:\Windows\System\teYcDQF.exe
  2⤵
  PID:6112
- C:\Windows\System\GRfpJGK.exe
  C:\Windows\System\GRfpJGK.exe
  2⤵
  PID:6128
- C:\Windows\System\kBevyhr.exe
  C:\Windows\System\kBevyhr.exe
  2⤵
  PID:4436
- C:\Windows\System\JfZMvII.exe
  C:\Windows\System\JfZMvII.exe
  2⤵
  PID:2840
- C:\Windows\System\FbvUcqg.exe
  C:\Windows\System\FbvUcqg.exe
  2⤵
  PID:2820
- C:\Windows\System\EGDquPp.exe
  C:\Windows\System\EGDquPp.exe
  2⤵
  PID:4964
- C:\Windows\System\NVvRlpp.exe
  C:\Windows\System\NVvRlpp.exe
  2⤵
  PID:3540
- C:\Windows\System\iWxaMmS.exe
  C:\Windows\System\iWxaMmS.exe
  2⤵
  PID:2076
- C:\Windows\System\jYRQZje.exe
  C:\Windows\System\jYRQZje.exe
  2⤵
  PID:5400
- C:\Windows\System\SrnAiSX.exe
  C:\Windows\System\SrnAiSX.exe
  2⤵
  PID:5444
- C:\Windows\System\oWIpICc.exe
  C:\Windows\System\oWIpICc.exe
  2⤵
  PID:3640
- C:\Windows\System\dWQvoMs.exe
  C:\Windows\System\dWQvoMs.exe
  2⤵
  PID:4204
- C:\Windows\System\xsYlBce.exe
  C:\Windows\System\xsYlBce.exe
  2⤵
  PID:5200
- C:\Windows\System\CTFHLFO.exe
  C:\Windows\System\CTFHLFO.exe
  2⤵
  PID:912
- C:\Windows\System\qnhFNeT.exe
  C:\Windows\System\qnhFNeT.exe
  2⤵
  PID:2728
- C:\Windows\System\ttGhQVs.exe
  C:\Windows\System\ttGhQVs.exe
  2⤵
  PID:1676
- C:\Windows\System\vtCbnGX.exe
  C:\Windows\System\vtCbnGX.exe
  2⤵
  PID:1812
- C:\Windows\System\ySZtRPX.exe
  C:\Windows\System\ySZtRPX.exe
  2⤵
  PID:3904
- C:\Windows\System\OapjyrG.exe
  C:\Windows\System\OapjyrG.exe
  2⤵
  PID:1768
- C:\Windows\System\bSCcydd.exe
  C:\Windows\System\bSCcydd.exe
  2⤵
  PID:5132
- C:\Windows\System\EKvpILX.exe
  C:\Windows\System\EKvpILX.exe
  2⤵
  PID:4936
- C:\Windows\System\NVCiYUk.exe
  C:\Windows\System\NVCiYUk.exe
  2⤵
  PID:5696
- C:\Windows\System\EaTmEYo.exe
  C:\Windows\System\EaTmEYo.exe
  2⤵
  PID:2768
- C:\Windows\System\XiHfDuy.exe
  C:\Windows\System\XiHfDuy.exe
  2⤵
  PID:6152
- C:\Windows\System\MNklmWi.exe
  C:\Windows\System\MNklmWi.exe
  2⤵
  PID:6172
- C:\Windows\System\SCGMGmv.exe
  C:\Windows\System\SCGMGmv.exe
  2⤵
  PID:6188
- C:\Windows\System\TMEJPpA.exe
  C:\Windows\System\TMEJPpA.exe
  2⤵
  PID:6208
- C:\Windows\System\nORbKJD.exe
  C:\Windows\System\nORbKJD.exe
  2⤵
  PID:6232
- C:\Windows\System\woYKQsg.exe
  C:\Windows\System\woYKQsg.exe
  2⤵
  PID:6256
- C:\Windows\System\EUAQGYW.exe
  C:\Windows\System\EUAQGYW.exe
  2⤵
  PID:6272
- C:\Windows\System\nCrtEXa.exe
  C:\Windows\System\nCrtEXa.exe
  2⤵
  PID:6300
- C:\Windows\System\cpbhqVK.exe
  C:\Windows\System\cpbhqVK.exe
  2⤵
  PID:6320
- C:\Windows\System\fmrmsFp.exe
  C:\Windows\System\fmrmsFp.exe
  2⤵
  PID:6360
- C:\Windows\System\TybQEia.exe
  C:\Windows\System\TybQEia.exe
  2⤵
  PID:6416
- C:\Windows\System\iaoHrmU.exe
  C:\Windows\System\iaoHrmU.exe
  2⤵
  PID:6436
- C:\Windows\System\HqYTcrm.exe
  C:\Windows\System\HqYTcrm.exe
  2⤵
  PID:6464
- C:\Windows\System\ZethYAd.exe
  C:\Windows\System\ZethYAd.exe
  2⤵
  PID:6484
- C:\Windows\System\koxJNaj.exe
  C:\Windows\System\koxJNaj.exe
  2⤵
  PID:6508
- C:\Windows\System\haxNxCO.exe
  C:\Windows\System\haxNxCO.exe
  2⤵
  PID:6528
- C:\Windows\System\LioDgkd.exe
  C:\Windows\System\LioDgkd.exe
  2⤵
  PID:6552
- C:\Windows\System\ccBGLja.exe
  C:\Windows\System\ccBGLja.exe
  2⤵
  PID:6568
- C:\Windows\System\CFKetNi.exe
  C:\Windows\System\CFKetNi.exe
  2⤵
  PID:6592
- C:\Windows\System\cIgLMgR.exe
  C:\Windows\System\cIgLMgR.exe
  2⤵
  PID:6632
- C:\Windows\System\xcQdIyR.exe
  C:\Windows\System\xcQdIyR.exe
  2⤵
  PID:6648
- C:\Windows\System\QjDcQVo.exe
  C:\Windows\System\QjDcQVo.exe
  2⤵
  PID:6672
- C:\Windows\System\JoYrCrE.exe
  C:\Windows\System\JoYrCrE.exe
  2⤵
  PID:6688
- C:\Windows\System\lDwIaLi.exe
  C:\Windows\System\lDwIaLi.exe
  2⤵
  PID:6708
- C:\Windows\System\jcNoDUQ.exe
  C:\Windows\System\jcNoDUQ.exe
  2⤵
  PID:6744
- C:\Windows\System\fnYJISA.exe
  C:\Windows\System\fnYJISA.exe
  2⤵
  PID:6764
- C:\Windows\System\cVkfGXq.exe
  C:\Windows\System\cVkfGXq.exe
  2⤵
  PID:6784
- C:\Windows\System\HUcluji.exe
  C:\Windows\System\HUcluji.exe
  2⤵
  PID:6896
- C:\Windows\System\TyLgUcG.exe
  C:\Windows\System\TyLgUcG.exe
  2⤵
  PID:7108
- C:\Windows\System\byKnDDN.exe
  C:\Windows\System\byKnDDN.exe
  2⤵
  PID:7124
- C:\Windows\System\HKFTIgA.exe
  C:\Windows\System\HKFTIgA.exe
  2⤵
  PID:5720
- C:\Windows\System\rvjbyar.exe
  C:\Windows\System\rvjbyar.exe
  2⤵
  PID:3916
- C:\Windows\System\kLKrFrr.exe
  C:\Windows\System\kLKrFrr.exe
  2⤵
  PID:5688
- C:\Windows\System\uFoiETQ.exe
  C:\Windows\System\uFoiETQ.exe
  2⤵
  PID:3556
- C:\Windows\System\UthHDDm.exe
  C:\Windows\System\UthHDDm.exe
  2⤵
  PID:2276
- C:\Windows\System\aoZWRoh.exe
  C:\Windows\System\aoZWRoh.exe
  2⤵
  PID:5976
- C:\Windows\System\kmWqfDP.exe
  C:\Windows\System\kmWqfDP.exe
  2⤵
  PID:5948
- C:\Windows\System\gbaHfUS.exe
  C:\Windows\System\gbaHfUS.exe
  2⤵
  PID:5908
- C:\Windows\System\AxPpFLR.exe
  C:\Windows\System\AxPpFLR.exe
  2⤵
  PID:5868
- C:\Windows\System\DUJhgpu.exe
  C:\Windows\System\DUJhgpu.exe
  2⤵
  PID:5820
- C:\Windows\System\rhQBBXt.exe
  C:\Windows\System\rhQBBXt.exe
  2⤵
  PID:5776
- C:\Windows\System\cBedmmo.exe
  C:\Windows\System\cBedmmo.exe
  2⤵
  PID:6096
- C:\Windows\System\NbHFkPb.exe
  C:\Windows\System\NbHFkPb.exe
  2⤵
  PID:1716
- C:\Windows\System\anzeddF.exe
  C:\Windows\System\anzeddF.exe
  2⤵
  PID:2204
- C:\Windows\System\RyeJKJY.exe
  C:\Windows\System\RyeJKJY.exe
  2⤵
  PID:5156
- C:\Windows\System\fbgBZXF.exe
  C:\Windows\System\fbgBZXF.exe
  2⤵
  PID:5384
- C:\Windows\System\NgCkzob.exe
  C:\Windows\System\NgCkzob.exe
  2⤵
  PID:5152
- C:\Windows\System\ZafDAOc.exe
  C:\Windows\System\ZafDAOc.exe
  2⤵
  PID:2440
- C:\Windows\System\bvczsUg.exe
  C:\Windows\System\bvczsUg.exe
  2⤵
  PID:5180
- C:\Windows\System\lYnqScy.exe
  C:\Windows\System\lYnqScy.exe
  2⤵
  PID:6164
- C:\Windows\System\YRerExs.exe
  C:\Windows\System\YRerExs.exe
  2⤵
  PID:6308
- C:\Windows\System\VZoqLEb.exe
  C:\Windows\System\VZoqLEb.exe
  2⤵
  PID:6444
- C:\Windows\System\fSFRZfa.exe
  C:\Windows\System\fSFRZfa.exe
  2⤵
  PID:7216
- C:\Windows\System\aPcqpdW.exe
  C:\Windows\System\aPcqpdW.exe
  2⤵
  PID:7240
- C:\Windows\System\tMTHhwF.exe
  C:\Windows\System\tMTHhwF.exe
  2⤵
  PID:7256
- C:\Windows\System\gChVKma.exe
  C:\Windows\System\gChVKma.exe
  2⤵
  PID:7276
- C:\Windows\System\WwPlqEx.exe
  C:\Windows\System\WwPlqEx.exe
  2⤵
  PID:7296
- C:\Windows\System\TKankxb.exe
  C:\Windows\System\TKankxb.exe
  2⤵
  PID:7320
- C:\Windows\System\ORakkKa.exe
  C:\Windows\System\ORakkKa.exe
  2⤵
  PID:7336
- C:\Windows\System\QkODVHa.exe
  C:\Windows\System\QkODVHa.exe
  2⤵
  PID:7352
- C:\Windows\System\FlYznWG.exe
  C:\Windows\System\FlYznWG.exe
  2⤵
  PID:7372
- C:\Windows\System\WZfFIbM.exe
  C:\Windows\System\WZfFIbM.exe
  2⤵
  PID:7392
- C:\Windows\System\wGRYtsM.exe
  C:\Windows\System\wGRYtsM.exe
  2⤵
  PID:7412
- C:\Windows\System\YANyqNT.exe
  C:\Windows\System\YANyqNT.exe
  2⤵
  PID:7436
- C:\Windows\System\urFWbYW.exe
  C:\Windows\System\urFWbYW.exe
  2⤵
  PID:7456
- C:\Windows\System\bDQLHIQ.exe
  C:\Windows\System\bDQLHIQ.exe
  2⤵
  PID:7472
- C:\Windows\System\vDHmiYn.exe
  C:\Windows\System\vDHmiYn.exe
  2⤵
  PID:7492
- C:\Windows\System\ZWrTUqH.exe
  C:\Windows\System\ZWrTUqH.exe
  2⤵
  PID:7508
- C:\Windows\System\zQapbHn.exe
  C:\Windows\System\zQapbHn.exe
  2⤵
  PID:7524
- C:\Windows\System\KqrAjwy.exe
  C:\Windows\System\KqrAjwy.exe
  2⤵
  PID:7540
- C:\Windows\System\LyTQdvk.exe
  C:\Windows\System\LyTQdvk.exe
  2⤵
  PID:7576
- C:\Windows\System\EYraenx.exe
  C:\Windows\System\EYraenx.exe
  2⤵
  PID:7596
- C:\Windows\System\xjKlCcA.exe
  C:\Windows\System\xjKlCcA.exe
  2⤵
  PID:7612
- C:\Windows\System\opOSZjn.exe
  C:\Windows\System\opOSZjn.exe
  2⤵
  PID:7636
- C:\Windows\System\ksjbHoe.exe
  C:\Windows\System\ksjbHoe.exe
  2⤵
  PID:7656
- C:\Windows\System\MKXzUJw.exe
  C:\Windows\System\MKXzUJw.exe
  2⤵
  PID:7676
- C:\Windows\System\Kbupbbs.exe
  C:\Windows\System\Kbupbbs.exe
  2⤵
  PID:7700
- C:\Windows\System\vGcvbAI.exe
  C:\Windows\System\vGcvbAI.exe
  2⤵
  PID:7716
- C:\Windows\System\TlyusjY.exe
  C:\Windows\System\TlyusjY.exe
  2⤵
  PID:7740
- C:\Windows\System\vXUMTvo.exe
  C:\Windows\System\vXUMTvo.exe
  2⤵
  PID:7764
- C:\Windows\System\ykoBZRZ.exe
  C:\Windows\System\ykoBZRZ.exe
  2⤵
  PID:7784
- C:\Windows\System\iBCogBv.exe
  C:\Windows\System\iBCogBv.exe
  2⤵
  PID:7804
- C:\Windows\System\JSHuQwk.exe
  C:\Windows\System\JSHuQwk.exe
  2⤵
  PID:8124
- C:\Windows\System\IXLziwP.exe
  C:\Windows\System\IXLziwP.exe
  2⤵
  PID:8140
- C:\Windows\System\YXzZvZi.exe
  C:\Windows\System\YXzZvZi.exe
  2⤵
  PID:8164
- C:\Windows\System\kGXYgMx.exe
  C:\Windows\System\kGXYgMx.exe
  2⤵
  PID:8188
- C:\Windows\System\UfuatcM.exe
  C:\Windows\System\UfuatcM.exe
  2⤵
  PID:6000
- C:\Windows\System\bLkoAuH.exe
  C:\Windows\System\bLkoAuH.exe
  2⤵
  PID:5912
- C:\Windows\System\eYROhBd.exe
  C:\Windows\System\eYROhBd.exe
  2⤵
  PID:5780
- C:\Windows\System\gOqbgWv.exe
  C:\Windows\System\gOqbgWv.exe
  2⤵
  PID:432
- C:\Windows\System\IIRsdbK.exe
  C:\Windows\System\IIRsdbK.exe
  2⤵
  PID:668
- C:\Windows\System\KIqajKA.exe
  C:\Windows\System\KIqajKA.exe
  2⤵
  PID:6148
- C:\Windows\System\Bipmdfc.exe
  C:\Windows\System\Bipmdfc.exe
  2⤵
  PID:6408
- C:\Windows\System\prOUEOU.exe
  C:\Windows\System\prOUEOU.exe
  2⤵
  PID:7116
- C:\Windows\System\DpBDLws.exe
  C:\Windows\System\DpBDLws.exe
  2⤵
  PID:7160
- C:\Windows\System\otYhzgK.exe
  C:\Windows\System\otYhzgK.exe
  2⤵
  PID:5308
- C:\Windows\System\sSWOTRN.exe
  C:\Windows\System\sSWOTRN.exe
  2⤵
  PID:5528
- C:\Windows\System\ZrEnhkS.exe
  C:\Windows\System\ZrEnhkS.exe
  2⤵
  PID:6044
- C:\Windows\System\XcrmQZR.exe
  C:\Windows\System\XcrmQZR.exe
  2⤵
  PID:5652
- C:\Windows\System\HuKTKnh.exe
  C:\Windows\System\HuKTKnh.exe
  2⤵
  PID:5716
- C:\Windows\System\KfRymZq.exe
  C:\Windows\System\KfRymZq.exe
  2⤵
  PID:5040
- C:\Windows\System\RJYHeyM.exe
  C:\Windows\System\RJYHeyM.exe
  2⤵
  PID:6064
- C:\Windows\System\aceAVUU.exe
  C:\Windows\System\aceAVUU.exe
  2⤵
  PID:6524
- C:\Windows\System\gElGDkS.exe
  C:\Windows\System\gElGDkS.exe
  2⤵
  PID:6476
- C:\Windows\System\bISLVUz.exe
  C:\Windows\System\bISLVUz.exe
  2⤵
  PID:7404
- C:\Windows\System\bfYbutF.exe
  C:\Windows\System\bfYbutF.exe
  2⤵
  PID:7448
- C:\Windows\System\UWyvqOD.exe
  C:\Windows\System\UWyvqOD.exe
  2⤵
  PID:7468
- C:\Windows\System\IyDHwfz.exe
  C:\Windows\System\IyDHwfz.exe
  2⤵
  PID:7672
- C:\Windows\System\nUsiaOr.exe
  C:\Windows\System\nUsiaOr.exe
  2⤵
  PID:7736
- C:\Windows\System\GhMHivu.exe
  C:\Windows\System\GhMHivu.exe
  2⤵
  PID:7796
- C:\Windows\System\lUgegJH.exe
  C:\Windows\System\lUgegJH.exe
  2⤵
  PID:7312
- C:\Windows\System\VKgVtTB.exe
  C:\Windows\System\VKgVtTB.exe
  2⤵
  PID:8268
- C:\Windows\System\SPhyzhC.exe
  C:\Windows\System\SPhyzhC.exe
  2⤵
  PID:8292
- C:\Windows\System\GGYwIYs.exe
  C:\Windows\System\GGYwIYs.exe
  2⤵
  PID:8316
- C:\Windows\System\IxEUpcA.exe
  C:\Windows\System\IxEUpcA.exe
  2⤵
  PID:8340
- C:\Windows\System\fpaeRst.exe
  C:\Windows\System\fpaeRst.exe
  2⤵
  PID:8356
- C:\Windows\System\MAWzvTd.exe
  C:\Windows\System\MAWzvTd.exe
  2⤵
  PID:8372
- C:\Windows\System\lOvVtdX.exe
  C:\Windows\System\lOvVtdX.exe
  2⤵
  PID:8400
- C:\Windows\System\IhGlljO.exe
  C:\Windows\System\IhGlljO.exe
  2⤵
  PID:8424
- C:\Windows\System\SEwpkzI.exe
  C:\Windows\System\SEwpkzI.exe
  2⤵
  PID:8448
- C:\Windows\System\nUyRXqe.exe
  C:\Windows\System\nUyRXqe.exe
  2⤵
  PID:8608
- C:\Windows\System\lZRerJk.exe
  C:\Windows\System\lZRerJk.exe
  2⤵
  PID:8624
- C:\Windows\System\YipcXHZ.exe
  C:\Windows\System\YipcXHZ.exe
  2⤵
  PID:8652
- C:\Windows\System\wEFtYKH.exe
  C:\Windows\System\wEFtYKH.exe
  2⤵
  PID:8680
- C:\Windows\System\OjmtUns.exe
  C:\Windows\System\OjmtUns.exe
  2⤵
  PID:8704
- C:\Windows\System\kpErzBd.exe
  C:\Windows\System\kpErzBd.exe
  2⤵
  PID:8728
- C:\Windows\System\yVfifIH.exe
  C:\Windows\System\yVfifIH.exe
  2⤵
  PID:8748
- C:\Windows\System\vNjNhcE.exe
  C:\Windows\System\vNjNhcE.exe
  2⤵
  PID:8772
- C:\Windows\System\OoZKVpC.exe
  C:\Windows\System\OoZKVpC.exe
  2⤵
  PID:8792
- C:\Windows\System\NHhkMXz.exe
  C:\Windows\System\NHhkMXz.exe
  2⤵
  PID:8812
- C:\Windows\System\eQaPBZs.exe
  C:\Windows\System\eQaPBZs.exe
  2⤵
  PID:8828
- C:\Windows\System\rlgHpve.exe
  C:\Windows\System\rlgHpve.exe
  2⤵
  PID:8848
- C:\Windows\System\JkbjFyi.exe
  C:\Windows\System\JkbjFyi.exe
  2⤵
  PID:8868
- C:\Windows\System\tAoEVof.exe
  C:\Windows\System\tAoEVof.exe
  2⤵
  PID:8892
- C:\Windows\System\FOufiXx.exe
  C:\Windows\System\FOufiXx.exe
  2⤵
  PID:8912
- C:\Windows\System\hKgGBAa.exe
  C:\Windows\System\hKgGBAa.exe
  2⤵
  PID:8928
- C:\Windows\System\rLPeGmy.exe
  C:\Windows\System\rLPeGmy.exe
  2⤵
  PID:8952
- C:\Windows\System\Vuqlciv.exe
  C:\Windows\System\Vuqlciv.exe
  2⤵
  PID:8972
- C:\Windows\System\uQocglu.exe
  C:\Windows\System\uQocglu.exe
  2⤵
  PID:9000
- C:\Windows\System\jMnZJeZ.exe
  C:\Windows\System\jMnZJeZ.exe
  2⤵
  PID:9036
- C:\Windows\System\kWbKELY.exe
  C:\Windows\System\kWbKELY.exe
  2⤵
  PID:9056
- C:\Windows\System\nxRSyPL.exe
  C:\Windows\System\nxRSyPL.exe
  2⤵
  PID:9084
- C:\Windows\System\FZKxwVv.exe
  C:\Windows\System\FZKxwVv.exe
  2⤵
  PID:9100
- C:\Windows\System\QSWACVc.exe
  C:\Windows\System\QSWACVc.exe
  2⤵
  PID:9120
- C:\Windows\System\xUitqBl.exe
  C:\Windows\System\xUitqBl.exe
  2⤵
  PID:9144
- C:\Windows\System\DBwGKFm.exe
  C:\Windows\System\DBwGKFm.exe
  2⤵
  PID:9164
- C:\Windows\System\VghULlf.exe
  C:\Windows\System\VghULlf.exe
  2⤵
  PID:9184
- C:\Windows\System\UGliYSq.exe
  C:\Windows\System\UGliYSq.exe
  2⤵
  PID:9204
- C:\Windows\System\fgahrVB.exe
  C:\Windows\System\fgahrVB.exe
  2⤵
  PID:8108
- C:\Windows\System\dZQxfVp.exe
  C:\Windows\System\dZQxfVp.exe
  2⤵
  PID:8148
- C:\Windows\System\HxttdmC.exe
  C:\Windows\System\HxttdmC.exe
  2⤵
  PID:8184
- C:\Windows\System\EqbvyaJ.exe
  C:\Windows\System\EqbvyaJ.exe
  2⤵
  PID:5920
- C:\Windows\System\aRSuagq.exe
  C:\Windows\System\aRSuagq.exe
  2⤵
  PID:4348
- C:\Windows\System\sZEwlKf.exe
  C:\Windows\System\sZEwlKf.exe
  2⤵
  PID:3460
- C:\Windows\System\QxTTvGh.exe
  C:\Windows\System\QxTTvGh.exe
  2⤵
  PID:7332
- C:\Windows\System\aWmtLky.exe
  C:\Windows\System\aWmtLky.exe
  2⤵
  PID:5436
- C:\Windows\System\KNcYLvn.exe
  C:\Windows\System\KNcYLvn.exe
  2⤵
  PID:7084
- C:\Windows\System\vtpLkob.exe
  C:\Windows\System\vtpLkob.exe
  2⤵
  PID:5272
- C:\Windows\System\rYaWnVd.exe
  C:\Windows\System\rYaWnVd.exe
  2⤵
  PID:3032
- C:\Windows\System\VpoSoLe.exe
  C:\Windows\System\VpoSoLe.exe
  2⤵
  PID:4048
- C:\Windows\System\gVLrrtT.exe
  C:\Windows\System\gVLrrtT.exe
  2⤵
  PID:7368
- C:\Windows\System\ShZMPhP.exe
  C:\Windows\System\ShZMPhP.exe
  2⤵
  PID:6504
- C:\Windows\System\KEHPhFg.exe
  C:\Windows\System\KEHPhFg.exe
  2⤵
  PID:7432
- C:\Windows\System\UVqyGlk.exe
  C:\Windows\System\UVqyGlk.exe
  2⤵
  PID:7592
- C:\Windows\System\artmvNL.exe
  C:\Windows\System\artmvNL.exe
  2⤵
  PID:7712
- C:\Windows\System\CkkdcbB.exe
  C:\Windows\System\CkkdcbB.exe
  2⤵
  PID:7792
- C:\Windows\System\nplIuKe.exe
  C:\Windows\System\nplIuKe.exe
  2⤵
  PID:7840
- C:\Windows\System\QqyOPMA.exe
  C:\Windows\System\QqyOPMA.exe
  2⤵
  PID:8204
- C:\Windows\System\TImrtfx.exe
  C:\Windows\System\TImrtfx.exe
  2⤵
  PID:8240
- C:\Windows\System\FUlMDIA.exe
  C:\Windows\System\FUlMDIA.exe
  2⤵
  PID:8312
- C:\Windows\System\duqHLRY.exe
  C:\Windows\System\duqHLRY.exe
  2⤵
  PID:8364
- C:\Windows\System\gyodWnZ.exe
  C:\Windows\System\gyodWnZ.exe
  2⤵
  PID:8408
- C:\Windows\System\phZHzYc.exe
  C:\Windows\System\phZHzYc.exe
  2⤵
  PID:8456
- C:\Windows\System\SbHkyNX.exe
  C:\Windows\System\SbHkyNX.exe
  2⤵
  PID:1016
- C:\Windows\System\VzbUfnB.exe
  C:\Windows\System\VzbUfnB.exe
  2⤵
  PID:1160
- C:\Windows\System\nBsWCpo.exe
  C:\Windows\System\nBsWCpo.exe
  2⤵
  PID:768
- C:\Windows\System\iVouxkg.exe
  C:\Windows\System\iVouxkg.exe
  2⤵
  PID:3104
- C:\Windows\System\nvqiDuY.exe
  C:\Windows\System\nvqiDuY.exe
  2⤵
  PID:3828
- C:\Windows\System\kxnutUZ.exe
  C:\Windows\System\kxnutUZ.exe
  2⤵
  PID:388
- C:\Windows\System\zhXbWIM.exe
  C:\Windows\System\zhXbWIM.exe
  2⤵
  PID:468
- C:\Windows\System\YlYASob.exe
  C:\Windows\System\YlYASob.exe
  2⤵
  PID:4892
- C:\Windows\System\kuPKAIU.exe
  C:\Windows\System\kuPKAIU.exe
  2⤵
  PID:4372
- C:\Windows\System\bQkslnJ.exe
  C:\Windows\System\bQkslnJ.exe
  2⤵
  PID:5104
- C:\Windows\System\uEEIbdr.exe
  C:\Windows\System\uEEIbdr.exe
  2⤵
  PID:3908
- C:\Windows\System\mtPoYjg.exe
  C:\Windows\System\mtPoYjg.exe
  2⤵
  PID:2916
- C:\Windows\System\rWldads.exe
  C:\Windows\System\rWldads.exe
  2⤵
  PID:1496
- C:\Windows\System\Xuyqtjd.exe
  C:\Windows\System\Xuyqtjd.exe
  2⤵
  PID:6944
- C:\Windows\System\ZvaxibD.exe
  C:\Windows\System\ZvaxibD.exe
  2⤵
  PID:8668
- C:\Windows\System\jbNzWiJ.exe
  C:\Windows\System\jbNzWiJ.exe
  2⤵
  PID:8700
- C:\Windows\System\DVofcGO.exe
  C:\Windows\System\DVofcGO.exe
  2⤵
  PID:8744
- C:\Windows\System\fWaEFJb.exe
  C:\Windows\System\fWaEFJb.exe
  2⤵
  PID:8964
- C:\Windows\System\WECEEbk.exe
  C:\Windows\System\WECEEbk.exe
  2⤵
  PID:9012
- C:\Windows\System\zFgArRO.exe
  C:\Windows\System\zFgArRO.exe
  2⤵
  PID:8840
- C:\Windows\System\SVlVyrN.exe
  C:\Windows\System\SVlVyrN.exe
  2⤵
  PID:9064
- C:\Windows\System\mDTUjkt.exe
  C:\Windows\System\mDTUjkt.exe
  2⤵
  PID:9128
- C:\Windows\System\nEXANae.exe
  C:\Windows\System\nEXANae.exe
  2⤵
  PID:9176
- C:\Windows\System\zotcEem.exe
  C:\Windows\System\zotcEem.exe
  2⤵
  PID:8996
- C:\Windows\System\cPntbCl.exe
  C:\Windows\System\cPntbCl.exe
  2⤵
  PID:8860
- C:\Windows\System\qZiicjH.exe
  C:\Windows\System\qZiicjH.exe
  2⤵
  PID:8888
- C:\Windows\System\UZdCpiF.exe
  C:\Windows\System\UZdCpiF.exe
  2⤵
  PID:8936
- C:\Windows\System\DzjBROR.exe
  C:\Windows\System\DzjBROR.exe
  2⤵
  PID:116
- C:\Windows\System\wuKAcSN.exe
  C:\Windows\System\wuKAcSN.exe
  2⤵
  PID:6100
- C:\Windows\System\BowOFhn.exe
  C:\Windows\System\BowOFhn.exe
  2⤵
  PID:9140
- C:\Windows\System\fyWkYWR.exe
  C:\Windows\System\fyWkYWR.exe
  2⤵
  PID:9200
- C:\Windows\System\hsxWhbm.exe
  C:\Windows\System\hsxWhbm.exe
  2⤵
  PID:6548
- C:\Windows\System\TGsffBK.exe
  C:\Windows\System\TGsffBK.exe
  2⤵
  PID:9044
- C:\Windows\System\CjPpdDc.exe
  C:\Windows\System\CjPpdDc.exe
  2⤵
  PID:8304
- C:\Windows\System\QIFSSDW.exe
  C:\Windows\System\QIFSSDW.exe
  2⤵
  PID:1080
- C:\Windows\System\mDKepMV.exe
  C:\Windows\System\mDKepMV.exe
  2⤵
  PID:348
- C:\Windows\System\HrOUeAT.exe
  C:\Windows\System\HrOUeAT.exe
  2⤵
  PID:3976
- C:\Windows\System\CWGnJxq.exe
  C:\Windows\System\CWGnJxq.exe
  2⤵
  PID:3320
- C:\Windows\System\qbEaAiA.exe
  C:\Windows\System\qbEaAiA.exe
  2⤵
  PID:3504
- C:\Windows\System\ZIugZGK.exe
  C:\Windows\System\ZIugZGK.exe
  2⤵
  PID:8172
- C:\Windows\System\zGEheVa.exe
  C:\Windows\System\zGEheVa.exe
  2⤵
  PID:7504
- C:\Windows\System\gNLjysy.exe
  C:\Windows\System\gNLjysy.exe
  2⤵
  PID:9220
- C:\Windows\System\MPPKtZe.exe
  C:\Windows\System\MPPKtZe.exe
  2⤵
  PID:9244
- C:\Windows\System\MqzndGP.exe
  C:\Windows\System\MqzndGP.exe
  2⤵
  PID:9264
- C:\Windows\System\vxGFfOC.exe
  C:\Windows\System\vxGFfOC.exe
  2⤵
  PID:9288
- C:\Windows\System\JinMhrB.exe
  C:\Windows\System\JinMhrB.exe
  2⤵
  PID:9308
- C:\Windows\System\QsEtzRF.exe
  C:\Windows\System\QsEtzRF.exe
  2⤵
  PID:9336
- C:\Windows\System\uXeZiIR.exe
  C:\Windows\System\uXeZiIR.exe
  2⤵
  PID:9352
- C:\Windows\System\vUpTnsq.exe
  C:\Windows\System\vUpTnsq.exe
  2⤵
  PID:9368
- C:\Windows\System\uVLqRCR.exe
  C:\Windows\System\uVLqRCR.exe
  2⤵
  PID:9388
- C:\Windows\System\dHpDaSx.exe
  C:\Windows\System\dHpDaSx.exe
  2⤵
  PID:9412
- C:\Windows\System\OZfGqRN.exe
  C:\Windows\System\OZfGqRN.exe
  2⤵
  PID:9432
- C:\Windows\System\HppNOTi.exe
  C:\Windows\System\HppNOTi.exe
  2⤵
  PID:9452
- C:\Windows\System\aUOmsIL.exe
  C:\Windows\System\aUOmsIL.exe
  2⤵
  PID:9476
- C:\Windows\System\GxEKtRY.exe
  C:\Windows\System\GxEKtRY.exe
  2⤵
  PID:9500
- C:\Windows\System\Oiopppn.exe
  C:\Windows\System\Oiopppn.exe
  2⤵
  PID:9520
- C:\Windows\System\sbyhJSP.exe
  C:\Windows\System\sbyhJSP.exe
  2⤵
  PID:9544
- C:\Windows\System\YJxvsRO.exe
  C:\Windows\System\YJxvsRO.exe
  2⤵
  PID:9568
- C:\Windows\System\nXfyvMA.exe
  C:\Windows\System\nXfyvMA.exe
  2⤵
  PID:9584
- C:\Windows\System\JopNkdM.exe
  C:\Windows\System\JopNkdM.exe
  2⤵
  PID:9612
- C:\Windows\System\KIzBRIF.exe
  C:\Windows\System\KIzBRIF.exe
  2⤵
  PID:9636
- C:\Windows\System\TiNMnOA.exe
  C:\Windows\System\TiNMnOA.exe
  2⤵
  PID:9656
- C:\Windows\System\hSUBfzc.exe
  C:\Windows\System\hSUBfzc.exe
  2⤵
  PID:9676
- C:\Windows\System\hIHreHH.exe
  C:\Windows\System\hIHreHH.exe
  2⤵
  PID:9700
- C:\Windows\System\LSjVJbk.exe
  C:\Windows\System\LSjVJbk.exe
  2⤵
  PID:9716
- C:\Windows\System\YxWFCJB.exe
  C:\Windows\System\YxWFCJB.exe
  2⤵
  PID:9744
- C:\Windows\System\latydDR.exe
  C:\Windows\System\latydDR.exe
  2⤵
  PID:9768
- C:\Windows\System\IvpouNO.exe
  C:\Windows\System\IvpouNO.exe
  2⤵
  PID:9788
- C:\Windows\System\CzPIjAf.exe
  C:\Windows\System\CzPIjAf.exe
  2⤵
  PID:9812
- C:\Windows\System\ONtyBIa.exe
  C:\Windows\System\ONtyBIa.exe
  2⤵
  PID:9840
- C:\Windows\System\XxRauxD.exe
  C:\Windows\System\XxRauxD.exe
  2⤵
  PID:9864
- C:\Windows\System\EYhhCVE.exe
  C:\Windows\System\EYhhCVE.exe
  2⤵
  PID:9888
- C:\Windows\System\hjWcRNp.exe
  C:\Windows\System\hjWcRNp.exe
  2⤵
  PID:9916
- C:\Windows\System\gmzyDku.exe
  C:\Windows\System\gmzyDku.exe
  2⤵
  PID:9936
- C:\Windows\System\CLMbzrB.exe
  C:\Windows\System\CLMbzrB.exe
  2⤵
  PID:9952
- C:\Windows\System\uPSMfWR.exe
  C:\Windows\System\uPSMfWR.exe
  2⤵
  PID:9976
- C:\Windows\System\oeRAfyy.exe
  C:\Windows\System\oeRAfyy.exe
  2⤵
  PID:10000
- C:\Windows\System\fQVeOpN.exe
  C:\Windows\System\fQVeOpN.exe
  2⤵
  PID:10036
- C:\Windows\System\TQFWznH.exe
  C:\Windows\System\TQFWznH.exe
  2⤵
  PID:10052
- C:\Windows\System\aqgUiFf.exe
  C:\Windows\System\aqgUiFf.exe
  2⤵
  PID:10068
- C:\Windows\System\EqhohiP.exe
  C:\Windows\System\EqhohiP.exe
  2⤵
  PID:10092
- C:\Windows\System\XrFRtnW.exe
  C:\Windows\System\XrFRtnW.exe
  2⤵
  PID:10112
- C:\Windows\System\jukWVqW.exe
  C:\Windows\System\jukWVqW.exe
  2⤵
  PID:10132
- C:\Windows\System\xolAssi.exe
  C:\Windows\System\xolAssi.exe
  2⤵
  PID:10164
- C:\Windows\System\aTalBLh.exe
  C:\Windows\System\aTalBLh.exe
  2⤵
  PID:10192
- C:\Windows\System\LdHEMre.exe
  C:\Windows\System\LdHEMre.exe
  2⤵
  PID:10216
- C:\Windows\System\gIskcTe.exe
  C:\Windows\System\gIskcTe.exe
  2⤵
  PID:10236
- C:\Windows\System\hampBqB.exe
  C:\Windows\System\hampBqB.exe
  2⤵
  PID:1404
- C:\Windows\System\FTBrzLv.exe
  C:\Windows\System\FTBrzLv.exe
  2⤵
  PID:9156
- C:\Windows\System\GmRBDUE.exe
  C:\Windows\System\GmRBDUE.exe
  2⤵
  PID:7832
- C:\Windows\System\fUCSKtq.exe
  C:\Windows\System\fUCSKtq.exe
  2⤵
  PID:6136
- C:\Windows\System\PLNlQFf.exe
  C:\Windows\System\PLNlQFf.exe
  2⤵
  PID:8880
- C:\Windows\System\DBmzQqp.exe
  C:\Windows\System\DBmzQqp.exe
  2⤵
  PID:6960
- C:\Windows\System\hImKBLI.exe
  C:\Windows\System\hImKBLI.exe
  2⤵
  PID:6392
- C:\Windows\System\UsScTFZ.exe
  C:\Windows\System\UsScTFZ.exe
  2⤵
  PID:6060
- C:\Windows\System\hFXjQga.exe
  C:\Windows\System\hFXjQga.exe
  2⤵
  PID:8588
- C:\Windows\System\tvKqIWq.exe
  C:\Windows\System\tvKqIWq.exe
  2⤵
  PID:9284
- C:\Windows\System\SQgszBM.exe
  C:\Windows\System\SQgszBM.exe
  2⤵
  PID:9116
- C:\Windows\System\nJAhTGy.exe
  C:\Windows\System\nJAhTGy.exe
  2⤵
  PID:9448
- C:\Windows\System\zQpJcdh.exe
  C:\Windows\System\zQpJcdh.exe
  2⤵
  PID:3156
- C:\Windows\System\uIHxXhX.exe
  C:\Windows\System\uIHxXhX.exe
  2⤵
  PID:9540
- C:\Windows\System\UFRsxIJ.exe
  C:\Windows\System\UFRsxIJ.exe
  2⤵
  PID:9600
- C:\Windows\System\mYmbkFv.exe
  C:\Windows\System\mYmbkFv.exe
  2⤵
  PID:9668
- C:\Windows\System\SjlzQgV.exe
  C:\Windows\System\SjlzQgV.exe
  2⤵
  PID:10260
- C:\Windows\System\SWWSzXH.exe
  C:\Windows\System\SWWSzXH.exe
  2⤵
  PID:10280
- C:\Windows\System\RQyYITR.exe
  C:\Windows\System\RQyYITR.exe
  2⤵
  PID:10300
- C:\Windows\System\EgPBuKc.exe
  C:\Windows\System\EgPBuKc.exe
  2⤵
  PID:10320
- C:\Windows\System\CUdmgvt.exe
  C:\Windows\System\CUdmgvt.exe
  2⤵
  PID:10340
- C:\Windows\System\tlMCGEz.exe
  C:\Windows\System\tlMCGEz.exe
  2⤵
  PID:10360
- C:\Windows\System\cIhqRTU.exe
  C:\Windows\System\cIhqRTU.exe
  2⤵
  PID:10376
- C:\Windows\System\mvQftAr.exe
  C:\Windows\System\mvQftAr.exe
  2⤵
  PID:10396
- C:\Windows\System\lvpPqFY.exe
  C:\Windows\System\lvpPqFY.exe
  2⤵
  PID:10420
- C:\Windows\System\YPcNqfh.exe
  C:\Windows\System\YPcNqfh.exe
  2⤵
  PID:10440
- C:\Windows\System\ssnNTsX.exe
  C:\Windows\System\ssnNTsX.exe
  2⤵
  PID:10460
- C:\Windows\System\IcNnKyq.exe
  C:\Windows\System\IcNnKyq.exe
  2⤵
  PID:10488
- C:\Windows\System\dRJyBaE.exe
  C:\Windows\System\dRJyBaE.exe
  2⤵
  PID:10512
- C:\Windows\System\LnmVuei.exe
  C:\Windows\System\LnmVuei.exe
  2⤵
  PID:10540
- C:\Windows\System\MtGqzhi.exe
  C:\Windows\System\MtGqzhi.exe
  2⤵
  PID:10556
- C:\Windows\System\idBgkwc.exe
  C:\Windows\System\idBgkwc.exe
  2⤵
  PID:10576
- C:\Windows\System\oLscYpJ.exe
  C:\Windows\System\oLscYpJ.exe
  2⤵
  PID:10604
- C:\Windows\System\AHGXRxJ.exe
  C:\Windows\System\AHGXRxJ.exe
  2⤵
  PID:10620
- C:\Windows\System\zcoKjQP.exe
  C:\Windows\System\zcoKjQP.exe
  2⤵
  PID:10640
- C:\Windows\System\pPQidZb.exe
  C:\Windows\System\pPQidZb.exe
  2⤵
  PID:10664
- C:\Windows\System\UJWoZJu.exe
  C:\Windows\System\UJWoZJu.exe
  2⤵
  PID:10688
- C:\Windows\System\OWdFNwZ.exe
  C:\Windows\System\OWdFNwZ.exe
  2⤵
  PID:10712
- C:\Windows\System\NXiquJN.exe
  C:\Windows\System\NXiquJN.exe
  2⤵
  PID:10732
- C:\Windows\System\uzhafxu.exe
  C:\Windows\System\uzhafxu.exe
  2⤵
  PID:10752
- C:\Windows\System\RiBIxCh.exe
  C:\Windows\System\RiBIxCh.exe
  2⤵
  PID:10772
- C:\Windows\System\WVFtwSa.exe
  C:\Windows\System\WVFtwSa.exe
  2⤵
  PID:10792
- C:\Windows\System\VJFibcI.exe
  C:\Windows\System\VJFibcI.exe
  2⤵
  PID:10812
- C:\Windows\System\iKRyNWk.exe
  C:\Windows\System\iKRyNWk.exe
  2⤵
  PID:10836
- C:\Windows\System\KCgArik.exe
  C:\Windows\System\KCgArik.exe
  2⤵
  PID:10856
- C:\Windows\System\ldxJQHH.exe
  C:\Windows\System\ldxJQHH.exe
  2⤵
  PID:10880
- C:\Windows\System\YutMTyr.exe
  C:\Windows\System\YutMTyr.exe
  2⤵
  PID:10900
- C:\Windows\System\NuKyeKl.exe
  C:\Windows\System\NuKyeKl.exe
  2⤵
  PID:10920
- C:\Windows\System\eiHGrXK.exe
  C:\Windows\System\eiHGrXK.exe
  2⤵
  PID:10944
- C:\Windows\System\rgnoChO.exe
  C:\Windows\System\rgnoChO.exe
  2⤵
  PID:10968
- C:\Windows\System\ciVzhJV.exe
  C:\Windows\System\ciVzhJV.exe
  2⤵
  PID:10992
- C:\Windows\System\RVshgCl.exe
  C:\Windows\System\RVshgCl.exe
  2⤵
  PID:11016
- C:\Windows\System\wJrBiwP.exe
  C:\Windows\System\wJrBiwP.exe
  2⤵
  PID:11032
- C:\Windows\System\LlZCknl.exe
  C:\Windows\System\LlZCknl.exe
  2⤵
  PID:11060
- C:\Windows\System\ESDnufI.exe
  C:\Windows\System\ESDnufI.exe
  2⤵
  PID:11076
- C:\Windows\System\uNCROmo.exe
  C:\Windows\System\uNCROmo.exe
  2⤵
  PID:11092
- C:\Windows\System\NnvZeoM.exe
  C:\Windows\System\NnvZeoM.exe
  2⤵
  PID:11108
- C:\Windows\System\VMhntgI.exe
  C:\Windows\System\VMhntgI.exe
  2⤵
  PID:11128
- C:\Windows\System\jVvGztn.exe
  C:\Windows\System\jVvGztn.exe
  2⤵
  PID:11148
- C:\Windows\System\QLTYvbx.exe
  C:\Windows\System\QLTYvbx.exe
  2⤵
  PID:11172
- C:\Windows\System\FzvtVdi.exe
  C:\Windows\System\FzvtVdi.exe
  2⤵
  PID:11188
- C:\Windows\System\aqXJCob.exe
  C:\Windows\System\aqXJCob.exe
  2⤵
  PID:11212
- C:\Windows\System\ZhklEHf.exe
  C:\Windows\System\ZhklEHf.exe
  2⤵
  PID:11236
- C:\Windows\System\iEfACrm.exe
  C:\Windows\System\iEfACrm.exe
  2⤵
  PID:11256
- C:\Windows\System\lioWuDa.exe
  C:\Windows\System\lioWuDa.exe
  2⤵
  PID:9736
- C:\Windows\System\rMsDLLt.exe
  C:\Windows\System\rMsDLLt.exe
  2⤵
  PID:9784
- C:\Windows\System\BCpAndT.exe
  C:\Windows\System\BCpAndT.exe
  2⤵
  PID:9824
- C:\Windows\System\BtLBdwC.exe
  C:\Windows\System\BtLBdwC.exe
  2⤵
  PID:2180
- C:\Windows\System\ERUDBHW.exe
  C:\Windows\System\ERUDBHW.exe
  2⤵
  PID:7688
- C:\Windows\System\MfedGqw.exe
  C:\Windows\System\MfedGqw.exe
  2⤵
  PID:9948
- C:\Windows\System\vhuorYB.exe
  C:\Windows\System\vhuorYB.exe
  2⤵
  PID:316
- C:\Windows\System\fsBOwuK.exe
  C:\Windows\System\fsBOwuK.exe
  2⤵
  PID:10140
- C:\Windows\System\FcdiceY.exe
  C:\Windows\System\FcdiceY.exe
  2⤵
  PID:8820
- C:\Windows\System\ghhaYNR.exe
  C:\Windows\System\ghhaYNR.exe
  2⤵
  PID:9112
- C:\Windows\System\FkdTKlN.exe
  C:\Windows\System\FkdTKlN.exe
  2⤵
  PID:9428
- C:\Windows\System\mcKvOpY.exe
  C:\Windows\System\mcKvOpY.exe
  2⤵
  PID:8696
- C:\Windows\System\yxdeiku.exe
  C:\Windows\System\yxdeiku.exe
  2⤵
  PID:2720
- C:\Windows\System\ULRqpuA.exe
  C:\Windows\System\ULRqpuA.exe
  2⤵
  PID:9580
- C:\Windows\System\jBOKhSw.exe
  C:\Windows\System\jBOKhSw.exe
  2⤵
  PID:9556
- C:\Windows\System\mVVDTjC.exe
  C:\Windows\System\mVVDTjC.exe
  2⤵
  PID:9632
- C:\Windows\System\KIBqzuG.exe
  C:\Windows\System\KIBqzuG.exe
  2⤵
  PID:10272
- C:\Windows\System\WcmZzhU.exe
  C:\Windows\System\WcmZzhU.exe
  2⤵
  PID:10352
- C:\Windows\System\xeduvnR.exe
  C:\Windows\System\xeduvnR.exe
  2⤵
  PID:9852
- C:\Windows\System\uurjMXx.exe
  C:\Windows\System\uurjMXx.exe
  2⤵
  PID:10432
- C:\Windows\System\mKdemqX.exe
  C:\Windows\System\mKdemqX.exe
  2⤵
  PID:9928
- C:\Windows\System\LHqaWxK.exe
  C:\Windows\System\LHqaWxK.exe
  2⤵
  PID:9972
- C:\Windows\System\YSCmVRU.exe
  C:\Windows\System\YSCmVRU.exe
  2⤵
  PID:10032
- C:\Windows\System\iGHzXCS.exe
  C:\Windows\System\iGHzXCS.exe
  2⤵
  PID:10088
- C:\Windows\System\rGAXjDe.exe
  C:\Windows\System\rGAXjDe.exe
  2⤵
  PID:11288
- C:\Windows\System\PrZhcNA.exe
  C:\Windows\System\PrZhcNA.exe
  2⤵
  PID:11304
- C:\Windows\System\NCgnDar.exe
  C:\Windows\System\NCgnDar.exe
  2⤵
  PID:11324
- C:\Windows\System\HIyTejl.exe
  C:\Windows\System\HIyTejl.exe
  2⤵
  PID:11348
- C:\Windows\System\VjZwXvW.exe
  C:\Windows\System\VjZwXvW.exe
  2⤵
  PID:11368
- C:\Windows\System\WgPhDJl.exe
  C:\Windows\System\WgPhDJl.exe
  2⤵
  PID:11392
- C:\Windows\System\yPZsJht.exe
  C:\Windows\System\yPZsJht.exe
  2⤵
  PID:11416
- C:\Windows\System\WWPoGJY.exe
  C:\Windows\System\WWPoGJY.exe
  2⤵
  PID:11436
- C:\Windows\System\STzWQLN.exe
  C:\Windows\System\STzWQLN.exe
  2⤵
  PID:11456
- C:\Windows\System\UwhiAZg.exe
  C:\Windows\System\UwhiAZg.exe
  2⤵
  PID:11480
- C:\Windows\System\GBksYMT.exe
  C:\Windows\System\GBksYMT.exe
  2⤵
  PID:11496
- C:\Windows\System\qKNtgSP.exe
  C:\Windows\System\qKNtgSP.exe
  2⤵
  PID:11516
- C:\Windows\System\gyxlOsF.exe
  C:\Windows\System\gyxlOsF.exe
  2⤵
  PID:11532
- C:\Windows\System\pfnNNFe.exe
  C:\Windows\System\pfnNNFe.exe
  2⤵
  PID:11560
- C:\Windows\System\hcJTVfq.exe
  C:\Windows\System\hcJTVfq.exe
  2⤵
  PID:11584
- C:\Windows\System\phVlCdV.exe
  C:\Windows\System\phVlCdV.exe
  2⤵
  PID:11604
- C:\Windows\System\oKfndKk.exe
  C:\Windows\System\oKfndKk.exe
  2⤵
  PID:11620
- C:\Windows\System\lZiOpVn.exe
  C:\Windows\System\lZiOpVn.exe
  2⤵
  PID:11644
- C:\Windows\System\awIWNwA.exe
  C:\Windows\System\awIWNwA.exe
  2⤵
  PID:11668
- C:\Windows\System\iQGyuGS.exe
  C:\Windows\System\iQGyuGS.exe
  2⤵
  PID:11688
- C:\Windows\System\BNGRWJL.exe
  C:\Windows\System\BNGRWJL.exe
  2⤵
  PID:11712
- C:\Windows\System\LmXpfyt.exe
  C:\Windows\System\LmXpfyt.exe
  2⤵
  PID:11732
- C:\Windows\System\kYXPVPA.exe
  C:\Windows\System\kYXPVPA.exe
  2⤵
  PID:11752
- C:\Windows\System\EMNoQNg.exe
  C:\Windows\System\EMNoQNg.exe
  2⤵
  PID:11772
- C:\Windows\System\QfUPZVe.exe
  C:\Windows\System\QfUPZVe.exe
  2⤵
  PID:11792
- C:\Windows\System\xeaJePD.exe
  C:\Windows\System\xeaJePD.exe
  2⤵
  PID:11816
- C:\Windows\System\odoohPv.exe
  C:\Windows\System\odoohPv.exe
  2⤵
  PID:11856
- C:\Windows\System\HpULSGq.exe
  C:\Windows\System\HpULSGq.exe
  2⤵
  PID:11876
- C:\Windows\System\KDjBbBg.exe
  C:\Windows\System\KDjBbBg.exe
  2⤵
  PID:11900
- C:\Windows\System\rbVYzCj.exe
  C:\Windows\System\rbVYzCj.exe
  2⤵
  PID:11916
- C:\Windows\System\DMaNxLo.exe
  C:\Windows\System\DMaNxLo.exe
  2⤵
  PID:11940
- C:\Windows\System\KbehKft.exe
  C:\Windows\System\KbehKft.exe
  2⤵
  PID:11960
- C:\Windows\System\zkmWUoH.exe
  C:\Windows\System\zkmWUoH.exe
  2⤵
  PID:11976
- C:\Windows\System\gufzlha.exe
  C:\Windows\System\gufzlha.exe
  2⤵
  PID:11992
- C:\Windows\System\KbqmREW.exe
  C:\Windows\System\KbqmREW.exe
  2⤵
  PID:12012
- C:\Windows\System\oGSmPLH.exe
  C:\Windows\System\oGSmPLH.exe
  2⤵
  PID:12032
- C:\Windows\System\CeIsUIj.exe
  C:\Windows\System\CeIsUIj.exe
  2⤵
  PID:12056
- C:\Windows\System\JlYMcBr.exe
  C:\Windows\System\JlYMcBr.exe
  2⤵
  PID:12080
- C:\Windows\System\QdEAgTg.exe
  C:\Windows\System\QdEAgTg.exe
  2⤵
  PID:12108
- C:\Windows\System\dBsDXiW.exe
  C:\Windows\System\dBsDXiW.exe
  2⤵
  PID:12128
- C:\Windows\System\IuOuFwl.exe
  C:\Windows\System\IuOuFwl.exe
  2⤵
  PID:12148
- C:\Windows\System\OJJZKNE.exe
  C:\Windows\System\OJJZKNE.exe
  2⤵
  PID:12172
- C:\Windows\System\fURawsM.exe
  C:\Windows\System\fURawsM.exe
  2⤵
  PID:12200
- C:\Windows\System\ixUIwjv.exe
  C:\Windows\System\ixUIwjv.exe
  2⤵
  PID:12224
- C:\Windows\System\byebFDY.exe
  C:\Windows\System\byebFDY.exe
  2⤵
  PID:12244
- C:\Windows\System\BnSzxkQ.exe
  C:\Windows\System\BnSzxkQ.exe
  2⤵
  PID:12260
- C:\Windows\System\FHofhvG.exe
  C:\Windows\System\FHofhvG.exe
  2⤵
  PID:12284
- C:\Windows\System\KLGSBuL.exe
  C:\Windows\System\KLGSBuL.exe
  2⤵
  PID:10592
- C:\Windows\System\XiHKVYJ.exe
  C:\Windows\System\XiHKVYJ.exe
  2⤵
  PID:10200
- C:\Windows\System\UbHYnKI.exe
  C:\Windows\System\UbHYnKI.exe
  2⤵
  PID:10696
- C:\Windows\System\MqGZDJN.exe
  C:\Windows\System\MqGZDJN.exe
  2⤵
  PID:9360
- C:\Windows\System\zuhgdZd.exe
  C:\Windows\System\zuhgdZd.exe
  2⤵
  PID:4656
- C:\Windows\System\mHvETLu.exe
  C:\Windows\System\mHvETLu.exe
  2⤵
  PID:10828
- C:\Windows\System\SKHXrLc.exe
  C:\Windows\System\SKHXrLc.exe
  2⤵
  PID:9496
- C:\Windows\System\sRZSNuj.exe
  C:\Windows\System\sRZSNuj.exe
  2⤵
  PID:2764
- C:\Windows\System\PgrnhoB.exe
  C:\Windows\System\PgrnhoB.exe
  2⤵
  PID:10960
- C:\Windows\System\xAhUcsW.exe
  C:\Windows\System\xAhUcsW.exe
  2⤵
  PID:9348
- C:\Windows\System\QyUhnoS.exe
  C:\Windows\System\QyUhnoS.exe
  2⤵
  PID:11100
- C:\Windows\System\kSDHoPE.exe
  C:\Windows\System\kSDHoPE.exe
  2⤵
  PID:11208
- C:\Windows\System\AoHFTdY.exe
  C:\Windows\System\AoHFTdY.exe
  2⤵
  PID:11252
- C:\Windows\System\fZwFMkk.exe
  C:\Windows\System\fZwFMkk.exe
  2⤵
  PID:9256
- C:\Windows\System\jIAdXUz.exe
  C:\Windows\System\jIAdXUz.exe
  2⤵
  PID:10388
- C:\Windows\System\RhkwMyk.exe
  C:\Windows\System\RhkwMyk.exe
  2⤵
  PID:9472
- C:\Windows\System\rqXoTvJ.exe
  C:\Windows\System\rqXoTvJ.exe
  2⤵
  PID:9228
- C:\Windows\System\cUvMBle.exe
  C:\Windows\System\cUvMBle.exe
  2⤵
  PID:10268
- C:\Windows\System\eUAyYZs.exe
  C:\Windows\System\eUAyYZs.exe
  2⤵
  PID:10372
- C:\Windows\System\BntywVB.exe
  C:\Windows\System\BntywVB.exe
  2⤵
  PID:10044
- C:\Windows\System\IXXmYMG.exe
  C:\Windows\System\IXXmYMG.exe
  2⤵
  PID:11272
- C:\Windows\System\WJyooWJ.exe
  C:\Windows\System\WJyooWJ.exe
  2⤵
  PID:10656
- C:\Windows\System\RYcYhJC.exe
  C:\Windows\System\RYcYhJC.exe
  2⤵
  PID:12300
- C:\Windows\System\qBJQKsg.exe
  C:\Windows\System\qBJQKsg.exe
  2⤵
  PID:12320
- C:\Windows\System\UnjBqOI.exe
  C:\Windows\System\UnjBqOI.exe
  2⤵
  PID:12344
- C:\Windows\System\rSToxgn.exe
  C:\Windows\System\rSToxgn.exe
  2⤵
  PID:12368
- C:\Windows\System\qNKGPxm.exe
  C:\Windows\System\qNKGPxm.exe
  2⤵
  PID:12388
- C:\Windows\System\sZkCKYW.exe
  C:\Windows\System\sZkCKYW.exe
  2⤵
  PID:12408
- C:\Windows\System\fzCwJod.exe
  C:\Windows\System\fzCwJod.exe
  2⤵
  PID:12428
- C:\Windows\System\JVyAKNo.exe
  C:\Windows\System\JVyAKNo.exe
  2⤵
  PID:12452
- C:\Windows\System\wOmBvTu.exe
  C:\Windows\System\wOmBvTu.exe
  2⤵
  PID:12472
- C:\Windows\System\DaGJaAH.exe
  C:\Windows\System\DaGJaAH.exe
  2⤵
  PID:12496
- C:\Windows\System\yrLidNY.exe
  C:\Windows\System\yrLidNY.exe
  2⤵
  PID:12516
- C:\Windows\System\yVhyPHm.exe
  C:\Windows\System\yVhyPHm.exe
  2⤵
  PID:12536
- C:\Windows\System\CqwxNGR.exe
  C:\Windows\System\CqwxNGR.exe
  2⤵
  PID:12560
- C:\Windows\System\uFjTEkT.exe
  C:\Windows\System\uFjTEkT.exe
  2⤵
  PID:12580
- C:\Windows\System\tyzmwSt.exe
  C:\Windows\System\tyzmwSt.exe
  2⤵
  PID:12600
- C:\Windows\System\CtdoVmZ.exe
  C:\Windows\System\CtdoVmZ.exe
  2⤵
  PID:12628
- C:\Windows\System\gaBeuee.exe
  C:\Windows\System\gaBeuee.exe
  2⤵
  PID:12648
- C:\Windows\System\JbrYlid.exe
  C:\Windows\System\JbrYlid.exe
  2⤵
  PID:12672
- C:\Windows\System\MzOgmDv.exe
  C:\Windows\System\MzOgmDv.exe
  2⤵
  PID:12692
- C:\Windows\System\heyzBox.exe
  C:\Windows\System\heyzBox.exe
  2⤵
  PID:12716
- C:\Windows\System\tYzkyoQ.exe
  C:\Windows\System\tYzkyoQ.exe
  2⤵
  PID:12732
- C:\Windows\System\WmzVmOr.exe
  C:\Windows\System\WmzVmOr.exe
  2⤵
  PID:12748
- C:\Windows\System\xrUlqOe.exe
  C:\Windows\System\xrUlqOe.exe
  2⤵
  PID:12924
- C:\Windows\System\xPMOkse.exe
  C:\Windows\System\xPMOkse.exe
  2⤵
  PID:12940
- C:\Windows\System\FrOavoM.exe
  C:\Windows\System\FrOavoM.exe
  2⤵
  PID:12956
- C:\Windows\System\GAYCQNg.exe
  C:\Windows\System\GAYCQNg.exe
  2⤵
  PID:12972
- C:\Windows\System\MFfnone.exe
  C:\Windows\System\MFfnone.exe
  2⤵
  PID:12992
- C:\Windows\System\sWlKPNc.exe
  C:\Windows\System\sWlKPNc.exe
  2⤵
  PID:13008
- C:\Windows\System\EpQRfZj.exe
  C:\Windows\System\EpQRfZj.exe
  2⤵
  PID:13032
- C:\Windows\System\DzyWMvH.exe
  C:\Windows\System\DzyWMvH.exe
  2⤵
  PID:13056
- C:\Windows\System\XsFkndX.exe
  C:\Windows\System\XsFkndX.exe
  2⤵
  PID:13076
- C:\Windows\System\jWPMWbb.exe
  C:\Windows\System\jWPMWbb.exe
  2⤵
  PID:13096
- C:\Windows\System\sKPdHcj.exe
  C:\Windows\System\sKPdHcj.exe
  2⤵
  PID:10520
- C:\Windows\System\JQjpGgl.exe
  C:\Windows\System\JQjpGgl.exe
  2⤵
  PID:11808
- C:\Windows\System\kblZgtr.exe
  C:\Windows\System\kblZgtr.exe
  2⤵
  PID:10212
- C:\Windows\System\rNHQWxx.exe
  C:\Windows\System\rNHQWxx.exe
  2⤵
  PID:10480
- C:\Windows\System\uPrYmYN.exe
  C:\Windows\System\uPrYmYN.exe
  2⤵
  PID:11928
- C:\Windows\System\LOrukTk.exe
  C:\Windows\System\LOrukTk.exe
  2⤵
  PID:11968
- C:\Windows\System\PccLacw.exe
  C:\Windows\System\PccLacw.exe
  2⤵
  PID:12508
- C:\Windows\System\UEhFGlq.exe
  C:\Windows\System\UEhFGlq.exe
  2⤵
  PID:12636
- C:\Windows\System\QeWyLal.exe
  C:\Windows\System\QeWyLal.exe
  2⤵
  PID:11512
- C:\Windows\System\KwjnDqT.exe
  C:\Windows\System\KwjnDqT.exe
  2⤵
  PID:10916
- C:\Windows\System\kAbXpxP.exe
  C:\Windows\System\kAbXpxP.exe
  2⤵
  PID:11760
- C:\Windows\System\kysNkGg.exe
  C:\Windows\System\kysNkGg.exe
  2⤵
  PID:2460
- C:\Windows\System\QgFNabC.exe
  C:\Windows\System\QgFNabC.exe
  2⤵
  PID:12592
- C:\Windows\System\KvDAvTD.exe
  C:\Windows\System\KvDAvTD.exe
  2⤵
  PID:10228
- C:\Windows\System\gQoUKCN.exe
  C:\Windows\System\gQoUKCN.exe
  2⤵
  PID:11376
- C:\Windows\System\DBDoHhX.exe
  C:\Windows\System\DBDoHhX.exe
  2⤵
  PID:12124
- C:\Windows\System\UWVJZyi.exe
  C:\Windows\System\UWVJZyi.exe
  2⤵
  PID:11004
- C:\Windows\System\iWuOOlz.exe
  C:\Windows\System\iWuOOlz.exe
  2⤵
  PID:13000
- C:\Windows\System\VkvJkGY.exe
  C:\Windows\System\VkvJkGY.exe
  2⤵
  PID:11664
- C:\Windows\System\lWKWvSd.exe
  C:\Windows\System\lWKWvSd.exe
  2⤵
  PID:11936
- C:\Windows\System\XaaPWPz.exe
  C:\Windows\System\XaaPWPz.exe
  2⤵
  PID:12024
- C:\Windows\System\HnlcELJ.exe
  C:\Windows\System\HnlcELJ.exe
  2⤵
  PID:9396
- C:\Windows\System\rePELjA.exe
  C:\Windows\System\rePELjA.exe
  2⤵
  PID:10108
- C:\Windows\System\kFwmNMB.exe
  C:\Windows\System\kFwmNMB.exe
  2⤵
  PID:13196
- C:\Windows\System\qByfxAF.exe
  C:\Windows\System\qByfxAF.exe
  2⤵
  PID:12048
- C:\Windows\System\AAnFXta.exe
  C:\Windows\System\AAnFXta.exe
  2⤵
  PID:10820
- C:\Windows\System\FHHljNy.exe
  C:\Windows\System\FHHljNy.exe
  2⤵
  PID:11696
- C:\Windows\System\SIRiEnA.exe
  C:\Windows\System\SIRiEnA.exe
  2⤵
  PID:9408
- C:\Windows\System\BMRVjqN.exe
  C:\Windows\System\BMRVjqN.exe
  2⤵
  PID:12640
- C:\Windows\System\hsLETIj.exe
  C:\Windows\System\hsLETIj.exe
  2⤵
  PID:11768
- C:\Windows\System\nukfOGh.exe
  C:\Windows\System\nukfOGh.exe
  2⤵
  PID:11160
- C:\Windows\System\nNEUZNV.exe
  C:\Windows\System\nNEUZNV.exe
  2⤵
  PID:13188
- C:\Windows\System\nsacvRt.exe
  C:\Windows\System\nsacvRt.exe
  2⤵
  PID:11684
- C:\Windows\System\JWMjvqZ.exe
  C:\Windows\System\JWMjvqZ.exe
  2⤵
  PID:12188
- C:\Windows\System\KOQvZiX.exe
  C:\Windows\System\KOQvZiX.exe
  2⤵
  PID:12984
- C:\Windows\System\GBEIQFx.exe
  C:\Windows\System\GBEIQFx.exe
  2⤵
  PID:12700
- C:\Windows\System\jvpBUni.exe
  C:\Windows\System\jvpBUni.exe
  2⤵
  PID:12236
- C:\Windows\System\AthdrFx.exe
  C:\Windows\System\AthdrFx.exe
  2⤵
  PID:13156
- C:\Windows\System\dpSDezG.exe
  C:\Windows\System\dpSDezG.exe
  2⤵
  PID:11764
- C:\Windows\System\BAKrHOk.exe
  C:\Windows\System\BAKrHOk.exe
  2⤵
  PID:11864
- C:\Windows\System\DarTgPo.exe
  C:\Windows\System\DarTgPo.exe
  2⤵
  PID:12768
- C:\Windows\System\YfokENt.exe
  C:\Windows\System\YfokENt.exe
  2⤵
  PID:10208
- C:\Windows\System\rvGKPQY.exe
  C:\Windows\System\rvGKPQY.exe
  2⤵
  PID:13260
- C:\Windows\System\MVACvcF.exe
  C:\Windows\System\MVACvcF.exe
  2⤵
  PID:9304
- C:\Windows\System\hXWbFWY.exe
  C:\Windows\System\hXWbFWY.exe
  2⤵
  PID:11332
- C:\Windows\System\mLJtOaS.exe
  C:\Windows\System\mLJtOaS.exe
  2⤵
  PID:11068
- C:\Windows\System\CCkBRtW.exe
  C:\Windows\System\CCkBRtW.exe
  2⤵
  PID:3108
- C:\Windows\System\pmfaOSY.exe
  C:\Windows\System\pmfaOSY.exe
  2⤵
  PID:9724
- C:\Windows\System\xiazkKc.exe
  C:\Windows\System\xiazkKc.exe
  2⤵
  PID:7264
- C:\Windows\System\FvjCCVR.exe
  C:\Windows\System\FvjCCVR.exe
  2⤵
  PID:11316
- C:\Windows\System\FjpIgjA.exe
  C:\Windows\System\FjpIgjA.exe
  2⤵
  PID:2464
- C:\Windows\System\qafzMQJ.exe
  C:\Windows\System\qafzMQJ.exe
  2⤵
  PID:10768
- C:\Windows\System\rgHmXQk.exe
  C:\Windows\System\rgHmXQk.exe
  2⤵
  PID:13244
- C:\Windows\System\AHVPmpt.exe
  C:\Windows\System\AHVPmpt.exe
  2⤵
  PID:11748
- C:\Windows\System\UpufLkh.exe
  C:\Windows\System\UpufLkh.exe
  2⤵
  PID:10176
- C:\Windows\System\WashxIQ.exe
  C:\Windows\System\WashxIQ.exe
  2⤵
  PID:11284
- C:\Windows\System\bsjPOgu.exe
  C:\Windows\System\bsjPOgu.exe
  2⤵
  PID:3468
- C:\Windows\System\UTfUXfa.exe
  C:\Windows\System\UTfUXfa.exe
  2⤵
  PID:4820
- C:\Windows\System\WqRLUpo.exe
  C:\Windows\System\WqRLUpo.exe
  2⤵
  PID:4844
- C:\Windows\System\emTJHEs.exe
  C:\Windows\System\emTJHEs.exe
  2⤵
  PID:3868
- C:\Windows\System\ZCITtxm.exe
  C:\Windows\System\ZCITtxm.exe
  2⤵
  PID:12568
- C:\Windows\System\rFVZMyE.exe
  C:\Windows\System\rFVZMyE.exe
  2⤵
  PID:560
- C:\Windows\System\zJCXpbY.exe
  C:\Windows\System\zJCXpbY.exe
  2⤵
  PID:13416

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:11528

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1212

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:13424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mox0n5a5.kr3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AgNaWEX.exe

Filesize
1.9MB

MD5
9dbf7b7d87e0fc47eb3f6100273a2905

SHA1
1cd44a70012df7ea7d587052218b0add2461b26c

SHA256
403c086024777e5f689edfd0a7de9b34c493bf4122e48c69ba6470fbc8eb316a

SHA512
bfe458516aa8703bf77a9bbd775700fffd96c10cd693def558abb5b2b7c7966f823f5c53591bf7e2147c67f62ef665b5ec8573727a04e6f72b9c6f6bd9b9610a

Download Submit
C:\Windows\System\Bqrylpb.exe

Filesize
8B

MD5
0a09bd2e5542320a20ec8eafd2246c28

SHA1
7106c9c7587e96586e92363c5ef70ad925a395b7

SHA256
a2d90ea83d8a1ec8d2d933492892f6a19aa1f0a0628b1cc62b162e5271ee863b

SHA512
994b306b70fd71b0a462a50b9fc03457eac19be8a156ca56f4b5a47c058947eb0f9ce4c706b5ff16df4ad9b5c6da35585e95b3f5ce9ff8ead75dc92e4757e9c1

Download Submit
C:\Windows\System\CQKIaSi.exe

Filesize
1.9MB

MD5
3fd7c2081622d7ca6ecdb0014b7c1176

SHA1
feea41bb6d144c1fe6e6cc8be24c686b8220a3f4

SHA256
28ee209142bc69b458d1ae74c1e496e1272c2ed8a37462cc8b0b801c4df6d74e

SHA512
45864fde47c26b3d64bce86d186df236ea1330f39fec2f5b20c5142bba7434742fbfb8d6e63cd95364ae794a5e44ec582053562ab82ad887a03ceb9d1518c56d

Download Submit
C:\Windows\System\CZnWsiD.exe

Filesize
1.9MB

MD5
dc62189b5ccf8c5378b04ce00565f808

SHA1
2c5a56f38bc85624f3f8cdece82e4a9cbccd9a57

SHA256
0eafea2fdc72156efb5d15dad33d6efc234ba62b23c091599afe2b1d59c80532

SHA512
4689d84c5c6474aa6b87a87228fe0799acbd1e99719617bef0ea50cccd6ac1aa4ecac0700bf2e06f12e49da038ebad038b6957cc9fc8eb72776752569eb122f3

Download Submit
C:\Windows\System\FWzNrrx.exe

Filesize
1.9MB

MD5
3e19c6b065dc9066d03c19e916a0d0fb

SHA1
08707a9cf521cdae8347499dea7ad7f36ea47635

SHA256
e25939196e35c0cee59f52630fcc7fc0b5850bf3375f4054090955a09e35a04b

SHA512
08f7c832ad1b2104d846e6711489479ec6dddcb4288433fd637cdaa97850ff2e894e82bd7d9f313cf6a8adc645a274d1595cdebd7dbb395848cb34b979faa902

Download Submit
C:\Windows\System\KKfMjQq.exe

Filesize
1.9MB

MD5
710f55325c120603929e349b7c411b54

SHA1
d470ac6957f13613e0de5d8f5c2c3a8dd15266c3

SHA256
845a6bf98dc6c66f93d7164e57f1d743ff9d7278cb0aea59162129cb96d35156

SHA512
840a8a013fdab4314ea0eab30118a0e8e4a2af35bba8253252269306c41114d88c7765f5feb4f7f09e53c8612829f662d3f3fca87fe90fef660ad4670ffd9a3c

Download Submit
C:\Windows\System\MaZESSQ.exe

Filesize
1.9MB

MD5
563f8ca95a6e20abdd425fc2441e3c21

SHA1
28ae5b8d791d6ccb36434f1b7a77321ef3239576

SHA256
2711b23c4665849d085117da1fcb05c02afe775b37c737a9709490a692d8ab1a

SHA512
08ef00b4cb6dbd0f72b5f2ca787de3501af58184d10500fd2ed083abae1c984b6856e6c955a64fadd9b179d534e97b64d1104996a9cd3be0d816c63ddfabf1af

Download Submit
C:\Windows\System\OCCtCMY.exe

Filesize
1.9MB

MD5
820202680574d26db31c8b469cdc72fb

SHA1
7d682a5d89f42c8c3269f96a943538d857636293

SHA256
7465d179d71097246f926f5bc666da4afd9ded35d125b77c4dad7fc9a888b630

SHA512
df06ec8813ce73cd8e6e66fca4a86a5cc9e45c868277ff6c844cec0d2195a0cd28b6152bd76938b22d74e6c238237b037a1e97b52fecda651386a23d0326ba7f

Download Submit
C:\Windows\System\OfnIOay.exe

Filesize
1.9MB

MD5
b346376ef7902e79fe99668239c3a022

SHA1
da69b55655049c2cf6cfee5b0baedf73eae54aad

SHA256
c6648f2bbd93be4e4f85e79766bcd3b2dd91670e90f83a0e4c999e54cf96f238

SHA512
3f622bf2e3738110426e15b31f211038bc6d4281b4d339a31044f7b71d28b2f622ceea95a22ab49497e2b5812b3af3c94338d6124e41edb53fc1a4fc56d98111

Download Submit
C:\Windows\System\OplxhGJ.exe

Filesize
1.9MB

MD5
cb5d57f43db90821ed5d449a4125dbbd

SHA1
0c17c763eab58873c37415fc7eb3ec18ecd439db

SHA256
7d818ec02e339f488235c54ef33dbc45085ec201b87cce3b41fa274841f8c3a5

SHA512
346914ebe05ca04bab2c98e0cac8db906ba869e0115956757db378c768cedb1ed8ed7a0276bf3d656d975273fe54784011da53dbd6bc612e1bef51d88cef5dc4

Download Submit
C:\Windows\System\PHDkpYg.exe

Filesize
1.9MB

MD5
86dcff2396698f4f2a411529c38eca3d

SHA1
3ec9d05f4386a526d7a7f82ee16e34952ea3968f

SHA256
b881232dc46a77c84b22711d0418cb25909e063c4a6ab8972f746c10136463cf

SHA512
10fe4c4a2701943cf3ffdb1dbd44a2c5ce3208c0de31ce6f1323a3aeb2473e3579f52829def35873e0e78971bd6d65f2117707f3527562370a9296a422ad7bb9

Download Submit
C:\Windows\System\PPXYqOG.exe

Filesize
1.9MB

MD5
cf7ef1196a0126c3d73f27c9904a6d38

SHA1
7bb60e63e855cb198d00a9115a6b6adac0a4bb69

SHA256
c9a06ebc5d463ef122ffda11d894db0bfebb0735a578316f8e4eb983d7154e44

SHA512
de88af8ac6ffaea4035b2220dd4ebf9b502cbbe3e17120bc78dfad2d676adf97228b39f62c4b96740c12bbb957d33c61f6503bd7e295c439adf2b1fc33eb484f

Download Submit
C:\Windows\System\RHJrpvP.exe

Filesize
1.9MB

MD5
3987500e09de9a985b03cde433a7105e

SHA1
e52b1800bfebd370d8088a079a7b3cc371b30b42

SHA256
bfa465bed2e71210eb60046c186ae31b64602098a129911297cd11ed23e143c1

SHA512
987f92aad458871a14809b9a3d66d46c53978d1d199330e088fb7f91615c69ab5912599aca3716934d8a2ac26f8afa2c8a68548c8c5bdbdb39effb83d907cff5

Download Submit
C:\Windows\System\SGXdSWC.exe

Filesize
1.9MB

MD5
f84e7bfb0f5e00707b47387a58a4e234

SHA1
644775548a1cafdcaa44d7b609a3c04075e516bc

SHA256
512146bc02312acc37187f2a972c7e873bc29163d1a40ce42296fa393b2a3e94

SHA512
b310b0a0d7ed0a52779f2274989af0b4dc77603bad5e707b3dcd8c7279fe6314c1c67105484f4c33ad36a039d7c7f34a960972a236048f77a85c08199697e2ed

Download Submit
C:\Windows\System\SXEusDX.exe

Filesize
1.9MB

MD5
2cb6eeabcc065a5c76e4df369c72a233

SHA1
3713259f91d812b0f3852acd9f4fa79b3f7ac5e9

SHA256
3d85ec3b4b7971e7eb79bb96265ec63ec3c47e80364704a4d992534529a40f47

SHA512
0be88ecb5ee330ffaf873172ff04f0a7fe98cf6a1f99b293d1480b3c7c466eb33e9da7aeda24acfe46f875a934ac9725fa123e4502ca7282fb2d80e77f9f9262

Download Submit
C:\Windows\System\UWJJpVZ.exe

Filesize
1.9MB

MD5
4e65c25e2c771904991d180b451c5207

SHA1
e276a867fa209e04b093b2d152783fee650b1912

SHA256
719134faa01730be49ccae33c193fd9c42672c12964b8c6adc54859de9d6a6d5

SHA512
5bdd2da690c1a686939077e01b61943a09e3421d156385a6a1c74af88b19081f52619165652638ae4f4e4429b02be58f61c03c5edbf06f57b51e4c54f680deef

Download Submit
C:\Windows\System\UttxPZk.exe

Filesize
1.9MB

MD5
dcae30fc21b4ba5ccedec62dc6e6c980

SHA1
a8671adc5195c2f7699220ec132cf85bd4036028

SHA256
e0149f886967028674aa66d01a678b5dbd661a6b76f181169b9ab9cf0b6c6d71

SHA512
ab7e9a41a5dba31cc9e8ba63240728151a40c51257f1d7f235ba477c3cfed0a6263e209e5083f911c34d50312d57d9210fee292df42a0f97a22152d517813860

Download Submit
C:\Windows\System\VHGewBk.exe

Filesize
1.9MB

MD5
07e8da2514e2ce790ceed426a0c7e44f

SHA1
d5a467365a76033caa6b7a276eb00dc70333a69b

SHA256
bb760e10cd1fc0f9d65a562fbdac8fdcae96dc254af5d59fec0d7acfeb19f6d2

SHA512
f2cbec4d0ae6873e505e6bf3bfc41d918f2076a84f1dee40bd3636f90c79ff440c9ba329f4cc92e7f4f32846dc2e49e1f0f749a9ca03c80c602b79ff7b1b2d50

Download Submit
C:\Windows\System\WIuqTHD.exe

Filesize
1.9MB

MD5
2c4f17bf73f518817fc264ae88627b43

SHA1
0550a688a39e705617a86b0124f9dd6083afc425

SHA256
9586325416aa2ecdd7bbe914f1dfdb1daff89c8879309c8e1f52dfaad440c1a8

SHA512
258ff202d750c80d70d8b8494b2c034328258bba095d8c027e04526bb45250449ed9acfbf09953cf431c2a19ba3afbac4ce7bde265883e95e194813b6eda8f4f

Download Submit
C:\Windows\System\YjcDxED.exe

Filesize
1.9MB

MD5
e38e23b151c0ac0f7699f3d466885536

SHA1
900a9f9c343b08a59a98ea4826e57a1c0c09f977

SHA256
890dcf2f2ea2a6299a25bf9b8ff5d214ed73cbefa386e5ca346599dfac6feae6

SHA512
95d181b3b9a589577bb2557b11740f0be03649d1be558dc5b82d80702388bf50739ca2a50bdacc8cf04843060db29309430f9b129c05815d7c7f41177353ce2e

Download Submit
C:\Windows\System\bWDdirm.exe

Filesize
1.9MB

MD5
446dffe569490247b88306a87fff42ea

SHA1
22a0c63108002a83b208fa9150b792c103926e45

SHA256
e5dc3cf9488a9613a8599553d94d73b6834cace16438092bce4837a6aa625d55

SHA512
20b9f7fe9ada0fcd9eb74172f00cedbab306ca254b1cf45dbb40997d285bbc2ba68b09822d584eed3ea18cf214a0550705f7b66814199b64600db96591f1a458

Download Submit
C:\Windows\System\dxHRPmJ.exe

Filesize
1.9MB

MD5
57b782bdecfcc24e35c308ca51dad5e5

SHA1
675c62dc15c666ce16bbb93aaf584a082551c81f

SHA256
935a78fe53050cd5b41eae4231f44fda59fd2f21410948a69d262d06487a191b

SHA512
29ca86390bff6f53390ee5c6a68a6fc2c355e4a08296705474311900555a96b55275a275d9bb1c06377459da22232ce71604bda047be3a5722edc0a41252883c

Download Submit
C:\Windows\System\dyxkvxx.exe

Filesize
1.9MB

MD5
20a3d49643b9533062206f5411aa12cd

SHA1
42e35d065324d9289d0725fea465d18826679850

SHA256
80b28cd0df2bc84172dbab8704fd425f8ff94af1b9fca4ec4f433d441b604e22

SHA512
4a491993c739fac342c1f9d8c499996bd77236965153d491b1d411beadf035726ace7fb74ffe676f811fe49f5d8df568c57a976856c87a249d8c447c1483f445

Download Submit
C:\Windows\System\dzuGcaC.exe

Filesize
1.9MB

MD5
8aff229b1ce96c3c9b5421570e4db17f

SHA1
8b34b146e52f2e391332ae3a98bc9c9c7112df0d

SHA256
697e564aa0b6d140e903bb022a3efe0183da66cc2022763f766b38f655a20166

SHA512
a228c971d27800f212393d1fd85241cd976bcd725019f7917ffec09cffcdb1c3baccb58043c3c95afe3968e0120cda2a727543ae2ed5c19aef5eeabd1c92eac6

Download Submit
C:\Windows\System\eSSUAhu.exe

Filesize
1.9MB

MD5
3031831b9e129f1c1708e1d22b0430c0

SHA1
436401d222ea274452f2e7b58ed052bb0c9fb1e5

SHA256
2c330ce9ddf490e71e21ecfbe5af98b5243e9cbe8663aad8ffcd53561c932e89

SHA512
0b574fe21f6dce3f24f7b7eee31f8d05a96b10e230e1c6a6def003996a306dcbcbc614e4ebb9e1cedf55a88b441662e2df13e34d559e506e957d480c7c6b4ffd

Download Submit
C:\Windows\System\eZyLmth.exe

Filesize
1.9MB

MD5
b78e57071d9f101a5759399676748734

SHA1
e5cca82a40e28135c1c57ecd071499e9c6b21919

SHA256
d790c6b7bf9e8e6e6391b113a1b7d7d8b717574ff3d47176e11f3ee7db6337cb

SHA512
59ae94bad259c1e1d4153daf82b4172cca64f00161e18b5c015a924b0d4723dabf5885a0328d30b0b7a800a095c54c8448d0f0a18d8eb2784c6b0aafec7fbb91

Download Submit
C:\Windows\System\gJGqWEz.exe

Filesize
1.9MB

MD5
495ed17ea58c0d00c1b5c022a6236e3b

SHA1
3fb0b72ed4ae6de4d1384c88e9e7b700012479b7

SHA256
6fcc754b36a734e97c438f1cdaaf0b56aba30b1877b5601af2e5918113102fed

SHA512
e0fdf5f1b2e1f6cbbb7b13be66019e48eccab866198b940ad607c0f7eb78fd189cabcfc5cf9f9ad1abe73fee90736c8e2e7f521fc07acfcf7e227c15044ac02e

Download Submit
C:\Windows\System\iRrcPvj.exe

Filesize
1.9MB

MD5
a7ccb0d9b86af742c980eab9f6d15001

SHA1
526505959aacd5013eb980ae3a019ef536e8c125

SHA256
82f908f647ea9fd86afa67358bc5be811008fb32567cc3a4fe8983eb070a8032

SHA512
370d21c2ef5f8900c806d6406743b5df9f420b7614581ab59afd1a760db60e091275aeb33ed941bc397d064f7fbc4cc473425aa3ef6ed872267d4e7126ed633d

Download Submit
C:\Windows\System\jOyjnKQ.exe

Filesize
1.9MB

MD5
9136190dd8a1097a71e859ee77889b86

SHA1
2e74ce3ce07486628556ac99d82647af5d5c9985

SHA256
c6405a66d4d39c506399c3c4e4ca0fd557eee03251df021aa58595c2287b7e44

SHA512
5eedaa5feab9b12122dcc2649166f8a54422f019c8a0d310d1884f15db2418957f4635201fd34073c1d761d710fa6fc6e72c8432daaa1d2904d5a26887476c7b

Download Submit
C:\Windows\System\jrtYCly.exe

Filesize
1.9MB

MD5
c7bf5c5aa287ec3251e1311fbe3d67e5

SHA1
948c80c720e7e831eadeecf43356182a2e48483f

SHA256
9e9a50a49217d08ae59c7829a202475074559da8827d6a5f5e533c7c591531bf

SHA512
1958568eeeb6b8304720b5d313c2174a8ff6c1601aa0e3f1cccd7451613f4c9022b75eb365282cd28d1a340e2b838ecbb8089e958e861239fe3faefdd689dee7

Download Submit
C:\Windows\System\ncSIsDZ.exe

Filesize
1.9MB

MD5
259178e94b042844f8d793a755aa5e91

SHA1
6519bc3ae86f871f77eed17d577d0b795bf17995

SHA256
3fe5a6b97b8c9db21f665a5b4e874580a5d354abe13d923e81f5a0d1a24c109f

SHA512
4494db2333661842aa672b293871f3203a067442b01c6fd1803aaf901614efd6cc086e250b3c0e18a7632bf870f3f5ef7df4da67f8eb84120755279752d46f50

Download Submit
C:\Windows\System\oBqsGHp.exe

Filesize
1.9MB

MD5
af927be47c203df215904c1b2b4ba519

SHA1
92f49a2c41e8e8bce021fcc0ba2be3246fa70410

SHA256
75f2d4393537d7870c9e048582f709699eed5e61e29aef710245111feb39a264

SHA512
afbc1ef1fc6b0c846ce0ee14d16482b1bb5ef28e1ffcff7a54978368ea1bdd7d38e3cc635a9b03ef9084c8c8e7d04a1803cc057e397a30908fb043550854a443

Download Submit
C:\Windows\System\ohzTPzJ.exe

Filesize
1.9MB

MD5
81339581264f0d4628f401ffb533460b

SHA1
7c853d298d191e561c764576d4c14f0aa58e5bdf

SHA256
a5d22b414a173f82ccacfc06beccec9b3d6606ed656444475cb945130cd589e2

SHA512
63d6416d9aeadfd0f9eb211c11a24d1b36d393c1828cc6e45bfb47f4e53d72cd4ddcd6c1a19d2aa3be85a3c78360b0a6f8b142a202b2ecc7ecc990d227bba689

Download Submit
C:\Windows\System\ouvThVp.exe

Filesize
1.9MB

MD5
ec388fb502786468c5d58832eb4c2802

SHA1
e4942f610cdbadf43362110fbdafc17fc3b54519

SHA256
21bfa464ebeed533356cde8359670ae8ad4768d596d6e13dc55603fea8a4754d

SHA512
b640106b5057fea3464eb872b25789b6b3885e383a96f4bb0cfa68c7d261b03df79c2cd4d8ca4f97adaab00764dfd5278d17b376ce2d771dd3a3e1db6b4b019b

Download Submit
C:\Windows\System\pyayEqL.exe

Filesize
1.9MB

MD5
506ec4cb6a84febcc4abf04eaeb5f36f

SHA1
b5b6a5670e81c23c9433dd02ce9f9506a5bfb57d

SHA256
b4862e739af9dbdb616a617fc9b78846ce86e767e6ca4a5cf0f4c9aebda28a9e

SHA512
291c6da5a873c250d78f9c5125a25cd553e23dfd3c0df957974c4845a4056e7678a83f188e3306a83601b0d37e3c8b37f8b2965d1c6318a76073bdaac4ff5172

Download Submit
C:\Windows\System\vRPpzFV.exe

Filesize
1.9MB

MD5
1a86b760081ff4fc1e76678f64bae3b6

SHA1
0e396be69dbc8fa1ac29315c17618cc8e721d688

SHA256
3fd1872b1f0fd7462f0b3fc7222f0ef7095193db19e95d9e5a45644ffb796d2e

SHA512
35bdf554fd0337dfef0433d263eb981fa5ae8f10d80675164ea809878ed4d2d7ec354e42a2b68e0cf592a8d78e82d2d486c692905922528ef296a0e55dc92fb2

Download Submit
C:\Windows\System\wOezwSG.exe

Filesize
1.9MB

MD5
f799fc14b36cde9515dcd89b1cad1546

SHA1
b72bfeb8e9e5941c9b4ebf5e145f66b162e361e7

SHA256
f81f7d319cf7685a03d5d47e4df736e1ddc7f585d194fd43809ffc8e1118a291

SHA512
99913a609137f3dc40f455992cbfc964564b6d5cf0d9d6fdd97121535f03d744fcd9f9da1f4717b127bf145574fdf08950161f4027320fb58775fba2b171f8d1

Download Submit
C:\Windows\System\yPOJSTD.exe

Filesize
1.9MB

MD5
23ceeb1f363ee843495b1fe6b1cdbe95

SHA1
1a67a18a0ca6d8aa4155b842a2a06fc5b5b3d506

SHA256
61b78ad65ff1e67a4e7f1a8ca6ca97b181478fbcc421a265e95421fb3d887ee0

SHA512
868bc83d1d6b435f7b665a4d129d4f5c4aff17de75d93e32db78027abe34893c54e52d7b17f2f70b7b9bc76d486e8634fd79dab2071fe054842c88e1b0078e2d

Download Submit
C:\Windows\System\yZifVvu.exe

Filesize
1.9MB

MD5
8d0cdda34a2730762f65c8fc50ebf132

SHA1
455d5fd9343ad8ba59fa7430904ebd64acbdf269

SHA256
1c5dfe4f4f77958959f97a8a5bcb3ac85922fd7bf1f2edbcad0f7ad307f70a9e

SHA512
c6421ac4ae8779daa586fe70941df9dc5d4087ca9937553607a7809c0fed2369e8f04a084fd3ad4f253240db6766e2edf353d91805c0e786bc9d501ab42472ff

Download Submit
memory/456-555-0x00007FF7229E0000-0x00007FF722DD2000-memory.dmp

Filesize
3.9MB

Download
memory/456-3396-0x00007FF7229E0000-0x00007FF722DD2000-memory.dmp

Filesize
3.9MB

Download
memory/1156-366-0x00007FF621700000-0x00007FF621AF2000-memory.dmp

Filesize
3.9MB

Download
memory/1156-3379-0x00007FF621700000-0x00007FF621AF2000-memory.dmp

Filesize
3.9MB

Download
memory/1192-3377-0x00007FF620E70000-0x00007FF621262000-memory.dmp

Filesize
3.9MB

Download
memory/1192-12-0x00007FF620E70000-0x00007FF621262000-memory.dmp

Filesize
3.9MB

Download
memory/1300-3387-0x00007FF675BA0000-0x00007FF675F92000-memory.dmp

Filesize
3.9MB

Download
memory/1300-227-0x00007FF675BA0000-0x00007FF675F92000-memory.dmp

Filesize
3.9MB

Download
memory/1388-299-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp

Filesize
3.9MB

Download
memory/1388-3425-0x00007FF76E720000-0x00007FF76EB12000-memory.dmp

Filesize
3.9MB

Download
memory/1604-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp

Filesize
3.9MB

Download
memory/1604-3382-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp

Filesize
3.9MB

Download
memory/2000-3415-0x00007FF7475F0000-0x00007FF7479E2000-memory.dmp

Filesize
3.9MB

Download
memory/2000-550-0x00007FF7475F0000-0x00007FF7479E2000-memory.dmp

Filesize
3.9MB

Download
memory/2156-3336-0x00007FFD0A8B0000-0x00007FFD0B371000-memory.dmp

Filesize
10.8MB

Download
memory/2156-60-0x0000022332E10000-0x0000022332E20000-memory.dmp

Filesize
64KB

Download
memory/2156-216-0x0000022332DA0000-0x0000022332DC2000-memory.dmp

Filesize
136KB

Download
memory/2156-59-0x00007FFD0A8B0000-0x00007FFD0B371000-memory.dmp

Filesize
10.8MB

Download
memory/2260-251-0x00007FF6A8960000-0x00007FF6A8D52000-memory.dmp

Filesize
3.9MB

Download
memory/2260-3384-0x00007FF6A8960000-0x00007FF6A8D52000-memory.dmp

Filesize
3.9MB

Download
memory/2556-3423-0x00007FF7E0A50000-0x00007FF7E0E42000-memory.dmp

Filesize
3.9MB

Download
memory/2556-556-0x00007FF7E0A50000-0x00007FF7E0E42000-memory.dmp

Filesize
3.9MB

Download
memory/2600-3427-0x00007FF784850000-0x00007FF784C42000-memory.dmp

Filesize
3.9MB

Download
memory/2600-455-0x00007FF784850000-0x00007FF784C42000-memory.dmp

Filesize
3.9MB

Download
memory/3016-3386-0x00007FF7BF030000-0x00007FF7BF422000-memory.dmp

Filesize
3.9MB

Download
memory/3016-175-0x00007FF7BF030000-0x00007FF7BF422000-memory.dmp

Filesize
3.9MB

Download
memory/3244-553-0x00007FF669D10000-0x00007FF66A102000-memory.dmp

Filesize
3.9MB

Download
memory/3244-3411-0x00007FF669D10000-0x00007FF66A102000-memory.dmp

Filesize
3.9MB

Download
memory/3748-296-0x00007FF727150000-0x00007FF727542000-memory.dmp

Filesize
3.9MB

Download
memory/3748-3393-0x00007FF727150000-0x00007FF727542000-memory.dmp

Filesize
3.9MB

Download
memory/4016-413-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp

Filesize
3.9MB

Download
memory/4016-3391-0x00007FF6C7310000-0x00007FF6C7702000-memory.dmp

Filesize
3.9MB

Download
memory/4116-552-0x00007FF6B2250000-0x00007FF6B2642000-memory.dmp

Filesize
3.9MB

Download
memory/4116-3420-0x00007FF6B2250000-0x00007FF6B2642000-memory.dmp

Filesize
3.9MB

Download
memory/4216-3373-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4216-557-0x00007FF7A59B0000-0x00007FF7A5DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4520-3429-0x00007FF6EBC60000-0x00007FF6EC052000-memory.dmp

Filesize
3.9MB

Download
memory/4520-558-0x00007FF6EBC60000-0x00007FF6EC052000-memory.dmp

Filesize
3.9MB

Download
memory/4580-1-0x000001B87CA30000-0x000001B87CA40000-memory.dmp

Filesize
64KB

Download
memory/4580-0-0x00007FF749EC0000-0x00007FF74A2B2000-memory.dmp

Filesize
3.9MB

Download
memory/4648-537-0x00007FF7AB760000-0x00007FF7ABB52000-memory.dmp

Filesize
3.9MB

Download
memory/4648-3389-0x00007FF7AB760000-0x00007FF7ABB52000-memory.dmp

Filesize
3.9MB

Download
memory/4848-554-0x00007FF7669F0000-0x00007FF766DE2000-memory.dmp

Filesize
3.9MB

Download
memory/4848-3409-0x00007FF7669F0000-0x00007FF766DE2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-559-0x00007FF673C80000-0x00007FF674072000-memory.dmp

Filesize
3.9MB

Download
memory/4900-3413-0x00007FF673C80000-0x00007FF674072000-memory.dmp

Filesize
3.9MB

Download
memory/5068-3375-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp

Filesize
3.9MB

Download
memory/5068-94-0x00007FF7F6EA0000-0x00007FF7F7292000-memory.dmp

Filesize
3.9MB

Download