xmrig | 04c38a834324707aba7972b5ff5d4ec2c8e4c3674b8f3569f0abd58aad261747

Analysis

max time kernel
62s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 16:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
Size

1.7MB
MD5

0138bb382e06fa0adbbf2257e1d1fe73
SHA1

d397d08ff0281373b498d43ecbd63b3c2bdaeb7b
SHA256

04c38a834324707aba7972b5ff5d4ec2c8e4c3674b8f3569f0abd58aad261747
SHA512

671a43c48e21d9df36da255522f77b243137a82a76042ede4d7bc2eb83aa49511e9ddb0443154336af2b3e45ee46405e3352b9de7aace715c68cc80704f6cd20
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflD3:NABE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/4780-88-0x00007FF727AD0000-0x00007FF727EC2000-memory.dmp	xmrig
behavioral2/memory/5152-140-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp	xmrig
behavioral2/memory/4420-159-0x00007FF657ED0000-0x00007FF6582C2000-memory.dmp	xmrig
behavioral2/memory/5068-158-0x00007FF6DD960000-0x00007FF6DDD52000-memory.dmp	xmrig
behavioral2/memory/4612-152-0x00007FF773850000-0x00007FF773C42000-memory.dmp	xmrig
behavioral2/memory/2948-146-0x00007FF66F090000-0x00007FF66F482000-memory.dmp	xmrig
behavioral2/memory/3216-139-0x00007FF6D3CB0000-0x00007FF6D40A2000-memory.dmp	xmrig
behavioral2/memory/1420-133-0x00007FF71EBF0000-0x00007FF71EFE2000-memory.dmp	xmrig
behavioral2/memory/3816-127-0x00007FF606790000-0x00007FF606B82000-memory.dmp	xmrig
behavioral2/memory/6000-126-0x00007FF6295A0000-0x00007FF629992000-memory.dmp	xmrig
behavioral2/memory/4604-120-0x00007FF690100000-0x00007FF6904F2000-memory.dmp	xmrig
behavioral2/memory/6040-116-0x00007FF7A5A70000-0x00007FF7A5E62000-memory.dmp	xmrig
behavioral2/memory/5204-108-0x00007FF6DDD90000-0x00007FF6DE182000-memory.dmp	xmrig
behavioral2/memory/5488-101-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp	xmrig
behavioral2/memory/3868-100-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp	xmrig
behavioral2/memory/1740-97-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp	xmrig
behavioral2/memory/4304-93-0x00007FF681740000-0x00007FF681B32000-memory.dmp	xmrig
behavioral2/memory/5260-85-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp	xmrig
behavioral2/memory/4668-79-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp	xmrig
behavioral2/memory/2252-12-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp	xmrig
behavioral2/memory/5736-3021-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp	xmrig
behavioral2/memory/2252-3038-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp	xmrig
behavioral2/memory/6000-3040-0x00007FF6295A0000-0x00007FF629992000-memory.dmp	xmrig
behavioral2/memory/5736-3042-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp	xmrig
behavioral2/memory/1740-3048-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp	xmrig
behavioral2/memory/3868-3054-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp	xmrig
behavioral2/memory/5488-3056-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp	xmrig
behavioral2/memory/4668-3052-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp	xmrig
behavioral2/memory/5260-3051-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp	xmrig
behavioral2/memory/4780-3047-0x00007FF727AD0000-0x00007FF727EC2000-memory.dmp	xmrig
behavioral2/memory/4304-3044-0x00007FF681740000-0x00007FF681B32000-memory.dmp	xmrig
behavioral2/memory/4420-3076-0x00007FF657ED0000-0x00007FF6582C2000-memory.dmp	xmrig
behavioral2/memory/5152-3078-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp	xmrig
behavioral2/memory/5068-3075-0x00007FF6DD960000-0x00007FF6DDD52000-memory.dmp	xmrig
behavioral2/memory/6040-3071-0x00007FF7A5A70000-0x00007FF7A5E62000-memory.dmp	xmrig
behavioral2/memory/3816-3068-0x00007FF606790000-0x00007FF606B82000-memory.dmp	xmrig
behavioral2/memory/3216-3067-0x00007FF6D3CB0000-0x00007FF6D40A2000-memory.dmp	xmrig
behavioral2/memory/1420-3065-0x00007FF71EBF0000-0x00007FF71EFE2000-memory.dmp	xmrig
behavioral2/memory/4604-3063-0x00007FF690100000-0x00007FF6904F2000-memory.dmp	xmrig
behavioral2/memory/5204-3073-0x00007FF6DDD90000-0x00007FF6DE182000-memory.dmp	xmrig
behavioral2/memory/2948-3061-0x00007FF66F090000-0x00007FF66F482000-memory.dmp	xmrig
behavioral2/memory/4612-3059-0x00007FF773850000-0x00007FF773C42000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2252	pwWNqDG.exe
5736	SmCHAvI.exe
4668	dRemfWP.exe
5260	weKbeil.exe
6000	jCpzBQc.exe
4780	aIHbUER.exe
4304	eWZVoKL.exe
1740	DsyqrPG.exe
3868	dbLlZrj.exe
5488	eClzVvr.exe
5204	UeoWpkQ.exe
6040	roeCfTu.exe
3816	eOTHwrP.exe
1420	EwEiluD.exe
3216	uVlwLOI.exe
4604	aIZESYT.exe
5152	rZVLQUP.exe
2948	QoUfgAN.exe
4612	QUdwrTy.exe
5068	KjrOelI.exe
4420	uFYALXM.exe
2264	EDPsuiJ.exe
2752	qnLVPFc.exe
5620	rWgTRFA.exe
3492	dmjWRnI.exe
4132	SYOyOjD.exe
5264	LSniwuW.exe
1624	fDLerEo.exe
5000	BfMmdba.exe
4972	RLReDzm.exe
6108	TteOvme.exe
3212	DRhkKZa.exe
1604	VxhwUYA.exe
1952	xCVniLl.exe
2108	psOUhnk.exe
6024	fuhabLt.exe
6116	NAYWxOl.exe
216	AJjnydb.exe
696	csDqJWC.exe
4036	yMnpEqD.exe
5476	HzqkLGd.exe
5628	GZgnAOn.exe
4116	mCeFZWI.exe
4148	aMBBHmI.exe
3264	QIexARH.exe
5592	NUrdwvW.exe
4804	sVSHACB.exe
5212	VEpmkvO.exe
1904	rBNtyom.exe
5492	YwPbwvW.exe
5696	sBSOJKq.exe
544	KUdpsfR.exe
3856	yGSeSKx.exe
1116	KkBysZv.exe
4720	wOERvDO.exe
1856	escuKWb.exe
852	rQNrvzr.exe
228	LQpEGdl.exe
1932	aDBfRoM.exe
1404	fqUxBlv.exe
5132	fJfUmnk.exe
4700	sGwAhMc.exe
5608	dZAYOfP.exe
5724	UaPdVkf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5764-0-0x00007FF71DBB0000-0x00007FF71DFA2000-memory.dmp	upx
behavioral2/files/0x000d000000023aa4-5.dat	upx
behavioral2/files/0x000a000000023b67-9.dat	upx
behavioral2/files/0x000c000000023b55-22.dat	upx
behavioral2/files/0x000a000000023b69-23.dat	upx
behavioral2/files/0x000a000000023b6a-31.dat	upx
behavioral2/files/0x000a000000023b6d-47.dat	upx
behavioral2/files/0x000a000000023b70-60.dat	upx
behavioral2/files/0x000a000000023b72-80.dat	upx
behavioral2/memory/4780-88-0x00007FF727AD0000-0x00007FF727EC2000-memory.dmp	upx
behavioral2/files/0x000c000000023b64-95.dat	upx
behavioral2/files/0x000b000000023b73-113.dat	upx
behavioral2/memory/5152-140-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-149.dat	upx
behavioral2/files/0x000a000000023b7d-162.dat	upx
behavioral2/files/0x000a000000023b80-177.dat	upx
behavioral2/files/0x000a000000023b81-190.dat	upx
behavioral2/files/0x000a000000023b84-197.dat	upx
behavioral2/files/0x000a000000023b82-195.dat	upx
behavioral2/files/0x000a000000023b83-192.dat	upx
behavioral2/files/0x000a000000023b7f-180.dat	upx
behavioral2/files/0x000a000000023b7e-175.dat	upx
behavioral2/files/0x000a000000023b7c-165.dat	upx
behavioral2/memory/4420-159-0x00007FF657ED0000-0x00007FF6582C2000-memory.dmp	upx
behavioral2/memory/5068-158-0x00007FF6DD960000-0x00007FF6DDD52000-memory.dmp	upx
behavioral2/files/0x000a000000023b7a-153.dat	upx
behavioral2/memory/4612-152-0x00007FF773850000-0x00007FF773C42000-memory.dmp	upx
behavioral2/files/0x000a000000023b79-147.dat	upx
behavioral2/memory/2948-146-0x00007FF66F090000-0x00007FF66F482000-memory.dmp	upx
behavioral2/files/0x000a000000023b78-141.dat	upx
behavioral2/memory/3216-139-0x00007FF6D3CB0000-0x00007FF6D40A2000-memory.dmp	upx
behavioral2/files/0x000a000000023b77-134.dat	upx
behavioral2/memory/1420-133-0x00007FF71EBF0000-0x00007FF71EFE2000-memory.dmp	upx
behavioral2/files/0x000a000000023b76-128.dat	upx
behavioral2/memory/3816-127-0x00007FF606790000-0x00007FF606B82000-memory.dmp	upx
behavioral2/memory/6000-126-0x00007FF6295A0000-0x00007FF629992000-memory.dmp	upx
behavioral2/memory/4604-120-0x00007FF690100000-0x00007FF6904F2000-memory.dmp	upx
behavioral2/memory/6040-116-0x00007FF7A5A70000-0x00007FF7A5E62000-memory.dmp	upx
behavioral2/files/0x000b000000023b74-111.dat	upx
behavioral2/files/0x000a000000023b75-109.dat	upx
behavioral2/memory/5204-108-0x00007FF6DDD90000-0x00007FF6DE182000-memory.dmp	upx
behavioral2/memory/5488-101-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp	upx
behavioral2/memory/3868-100-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp	upx
behavioral2/memory/1740-97-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp	upx
behavioral2/memory/4304-93-0x00007FF681740000-0x00007FF681B32000-memory.dmp	upx
behavioral2/files/0x000a000000023b71-89.dat	upx
behavioral2/memory/5260-85-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp	upx
behavioral2/memory/4668-79-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp	upx
behavioral2/files/0x000a000000023b6f-77.dat	upx
behavioral2/files/0x000a000000023b6e-58.dat	upx
behavioral2/files/0x000a000000023b6c-45.dat	upx
behavioral2/files/0x000a000000023b6b-41.dat	upx
behavioral2/files/0x000a000000023b68-24.dat	upx
behavioral2/memory/5736-21-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp	upx
behavioral2/memory/2252-12-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp	upx
behavioral2/memory/5736-3021-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp	upx
behavioral2/memory/2252-3038-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp	upx
behavioral2/memory/6000-3040-0x00007FF6295A0000-0x00007FF629992000-memory.dmp	upx
behavioral2/memory/5736-3042-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp	upx
behavioral2/memory/1740-3048-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp	upx
behavioral2/memory/3868-3054-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp	upx
behavioral2/memory/5488-3056-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp	upx
behavioral2/memory/4668-3052-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp	upx
behavioral2/memory/5260-3051-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zZhvMRy.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\hhWsUFr.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\xwiDGYU.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\nhhwyOy.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\cSRCHkO.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\VFZcJvf.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\JdlRPze.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\avmuImr.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\rHKijfW.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\drlTjnT.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\HChQMFU.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\SyJjjwf.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\uosboqH.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\wlXeTQS.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\QwLDCQE.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\ilOIfDv.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\nyCogSB.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\QjoEwCY.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\ODXhpNH.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\eBCDFtG.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\NAYWxOl.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\DZrEZvT.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\rtvYfOi.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\hmIbFjG.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\YnkyWnr.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\DbXIDyn.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\oWcHyFb.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\ucIIOlt.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\OyCWAsy.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\YicWHKA.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\pUgFrzG.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\niImHGT.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\HfjSnwl.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\LzZvmLX.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\TQyqHkp.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\ZcCqwdH.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\xutmqUE.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\kwTxYow.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\IzcybjI.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\yrninQO.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\ROzSaBt.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\AbRFWhp.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\soXLdvE.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\WvhGOEt.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\HQpHPzJ.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\tprUYrm.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\dxtymVm.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\XlhFbLa.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\QkeEfDp.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\pLmlJXH.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\hkSHAQm.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\AnMTunY.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\bhBAksS.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\dDrYxFz.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\FqOOvWM.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\koVcgCY.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\JtvNYDo.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\NTEQCTm.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\uqVVVeP.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\VNOtNhH.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\yLBztic.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\uFYALXM.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\nydncHV.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
File created	C:\Windows\System\xhLWHUa.exe	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1352	powershell.exe
1352	powershell.exe
1352	powershell.exe
12820	WerFaultSecure.exe
12820	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
Token: SeDebugPrivilege	1352	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5764 wrote to memory of 1352	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	85
PID 5764 wrote to memory of 1352	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	85
PID 5764 wrote to memory of 2252	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	86
PID 5764 wrote to memory of 2252	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	86
PID 5764 wrote to memory of 4668	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	87
PID 5764 wrote to memory of 4668	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	87
PID 5764 wrote to memory of 5736	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	88
PID 5764 wrote to memory of 5736	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	88
PID 5764 wrote to memory of 5260	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	89
PID 5764 wrote to memory of 5260	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	89
PID 5764 wrote to memory of 6000	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	90
PID 5764 wrote to memory of 6000	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	90
PID 5764 wrote to memory of 4780	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	91
PID 5764 wrote to memory of 4780	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	91
PID 5764 wrote to memory of 4304	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	92
PID 5764 wrote to memory of 4304	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	92
PID 5764 wrote to memory of 1740	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	93
PID 5764 wrote to memory of 1740	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	93
PID 5764 wrote to memory of 3868	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	94
PID 5764 wrote to memory of 3868	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	94
PID 5764 wrote to memory of 5488	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	95
PID 5764 wrote to memory of 5488	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	95
PID 5764 wrote to memory of 5204	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	96
PID 5764 wrote to memory of 5204	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	96
PID 5764 wrote to memory of 6040	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	97
PID 5764 wrote to memory of 6040	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	97
PID 5764 wrote to memory of 3816	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	98
PID 5764 wrote to memory of 3816	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	98
PID 5764 wrote to memory of 1420	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	99
PID 5764 wrote to memory of 1420	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	99
PID 5764 wrote to memory of 4604	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	100
PID 5764 wrote to memory of 4604	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	100
PID 5764 wrote to memory of 3216	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	101
PID 5764 wrote to memory of 3216	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	101
PID 5764 wrote to memory of 5152	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	102
PID 5764 wrote to memory of 5152	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	102
PID 5764 wrote to memory of 2948	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	103
PID 5764 wrote to memory of 2948	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	103
PID 5764 wrote to memory of 4612	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	104
PID 5764 wrote to memory of 4612	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	104
PID 5764 wrote to memory of 5068	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	105
PID 5764 wrote to memory of 5068	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	105
PID 5764 wrote to memory of 4420	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	106
PID 5764 wrote to memory of 4420	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	106
PID 5764 wrote to memory of 2264	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	107
PID 5764 wrote to memory of 2264	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	107
PID 5764 wrote to memory of 2752	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	108
PID 5764 wrote to memory of 2752	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	108
PID 5764 wrote to memory of 5620	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	109
PID 5764 wrote to memory of 5620	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	109
PID 5764 wrote to memory of 3492	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	110
PID 5764 wrote to memory of 3492	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	110
PID 5764 wrote to memory of 4132	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	111
PID 5764 wrote to memory of 4132	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	111
PID 5764 wrote to memory of 5264	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	112
PID 5764 wrote to memory of 5264	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	112
PID 5764 wrote to memory of 1624	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	113
PID 5764 wrote to memory of 1624	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	113
PID 5764 wrote to memory of 5000	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	114
PID 5764 wrote to memory of 5000	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	114
PID 5764 wrote to memory of 4972	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	115
PID 5764 wrote to memory of 4972	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	115
PID 5764 wrote to memory of 6108	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	116
PID 5764 wrote to memory of 6108	5764	0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0138bb382e06fa0adbbf2257e1d1fe73_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1352
- C:\Windows\System\pwWNqDG.exe
  C:\Windows\System\pwWNqDG.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\dRemfWP.exe
  C:\Windows\System\dRemfWP.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\SmCHAvI.exe
  C:\Windows\System\SmCHAvI.exe
  2⤵
  - Executes dropped EXE
  PID:5736
- C:\Windows\System\weKbeil.exe
  C:\Windows\System\weKbeil.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\jCpzBQc.exe
  C:\Windows\System\jCpzBQc.exe
  2⤵
  - Executes dropped EXE
  PID:6000
- C:\Windows\System\aIHbUER.exe
  C:\Windows\System\aIHbUER.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\eWZVoKL.exe
  C:\Windows\System\eWZVoKL.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\DsyqrPG.exe
  C:\Windows\System\DsyqrPG.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\dbLlZrj.exe
  C:\Windows\System\dbLlZrj.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\eClzVvr.exe
  C:\Windows\System\eClzVvr.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\UeoWpkQ.exe
  C:\Windows\System\UeoWpkQ.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\roeCfTu.exe
  C:\Windows\System\roeCfTu.exe
  2⤵
  - Executes dropped EXE
  PID:6040
- C:\Windows\System\eOTHwrP.exe
  C:\Windows\System\eOTHwrP.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\EwEiluD.exe
  C:\Windows\System\EwEiluD.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\aIZESYT.exe
  C:\Windows\System\aIZESYT.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\uVlwLOI.exe
  C:\Windows\System\uVlwLOI.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\rZVLQUP.exe
  C:\Windows\System\rZVLQUP.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\QoUfgAN.exe
  C:\Windows\System\QoUfgAN.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\QUdwrTy.exe
  C:\Windows\System\QUdwrTy.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\KjrOelI.exe
  C:\Windows\System\KjrOelI.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\uFYALXM.exe
  C:\Windows\System\uFYALXM.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\EDPsuiJ.exe
  C:\Windows\System\EDPsuiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\qnLVPFc.exe
  C:\Windows\System\qnLVPFc.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\rWgTRFA.exe
  C:\Windows\System\rWgTRFA.exe
  2⤵
  - Executes dropped EXE
  PID:5620
- C:\Windows\System\dmjWRnI.exe
  C:\Windows\System\dmjWRnI.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\SYOyOjD.exe
  C:\Windows\System\SYOyOjD.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\LSniwuW.exe
  C:\Windows\System\LSniwuW.exe
  2⤵
  - Executes dropped EXE
  PID:5264
- C:\Windows\System\fDLerEo.exe
  C:\Windows\System\fDLerEo.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\BfMmdba.exe
  C:\Windows\System\BfMmdba.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\RLReDzm.exe
  C:\Windows\System\RLReDzm.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\TteOvme.exe
  C:\Windows\System\TteOvme.exe
  2⤵
  - Executes dropped EXE
  PID:6108
- C:\Windows\System\DRhkKZa.exe
  C:\Windows\System\DRhkKZa.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\VxhwUYA.exe
  C:\Windows\System\VxhwUYA.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\xCVniLl.exe
  C:\Windows\System\xCVniLl.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\psOUhnk.exe
  C:\Windows\System\psOUhnk.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\fuhabLt.exe
  C:\Windows\System\fuhabLt.exe
  2⤵
  - Executes dropped EXE
  PID:6024
- C:\Windows\System\NAYWxOl.exe
  C:\Windows\System\NAYWxOl.exe
  2⤵
  - Executes dropped EXE
  PID:6116
- C:\Windows\System\AJjnydb.exe
  C:\Windows\System\AJjnydb.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\csDqJWC.exe
  C:\Windows\System\csDqJWC.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\yMnpEqD.exe
  C:\Windows\System\yMnpEqD.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\HzqkLGd.exe
  C:\Windows\System\HzqkLGd.exe
  2⤵
  - Executes dropped EXE
  PID:5476
- C:\Windows\System\GZgnAOn.exe
  C:\Windows\System\GZgnAOn.exe
  2⤵
  - Executes dropped EXE
  PID:5628
- C:\Windows\System\mCeFZWI.exe
  C:\Windows\System\mCeFZWI.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\aMBBHmI.exe
  C:\Windows\System\aMBBHmI.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\QIexARH.exe
  C:\Windows\System\QIexARH.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\NUrdwvW.exe
  C:\Windows\System\NUrdwvW.exe
  2⤵
  - Executes dropped EXE
  PID:5592
- C:\Windows\System\sVSHACB.exe
  C:\Windows\System\sVSHACB.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\VEpmkvO.exe
  C:\Windows\System\VEpmkvO.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System\rBNtyom.exe
  C:\Windows\System\rBNtyom.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\YwPbwvW.exe
  C:\Windows\System\YwPbwvW.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\System\sBSOJKq.exe
  C:\Windows\System\sBSOJKq.exe
  2⤵
  - Executes dropped EXE
  PID:5696
- C:\Windows\System\KUdpsfR.exe
  C:\Windows\System\KUdpsfR.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\yGSeSKx.exe
  C:\Windows\System\yGSeSKx.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\KkBysZv.exe
  C:\Windows\System\KkBysZv.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\wOERvDO.exe
  C:\Windows\System\wOERvDO.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\escuKWb.exe
  C:\Windows\System\escuKWb.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\rQNrvzr.exe
  C:\Windows\System\rQNrvzr.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\LQpEGdl.exe
  C:\Windows\System\LQpEGdl.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\aDBfRoM.exe
  C:\Windows\System\aDBfRoM.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\fqUxBlv.exe
  C:\Windows\System\fqUxBlv.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\fJfUmnk.exe
  C:\Windows\System\fJfUmnk.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\sGwAhMc.exe
  C:\Windows\System\sGwAhMc.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\dZAYOfP.exe
  C:\Windows\System\dZAYOfP.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System\UaPdVkf.exe
  C:\Windows\System\UaPdVkf.exe
  2⤵
  - Executes dropped EXE
  PID:5724
- C:\Windows\System\SBTyYgL.exe
  C:\Windows\System\SBTyYgL.exe
  2⤵
  PID:5128
- C:\Windows\System\HSYEjRp.exe
  C:\Windows\System\HSYEjRp.exe
  2⤵
  PID:4140
- C:\Windows\System\RMfWosL.exe
  C:\Windows\System\RMfWosL.exe
  2⤵
  PID:5380
- C:\Windows\System\SrBwSrS.exe
  C:\Windows\System\SrBwSrS.exe
  2⤵
  PID:5392
- C:\Windows\System\bgoJkUG.exe
  C:\Windows\System\bgoJkUG.exe
  2⤵
  PID:4232
- C:\Windows\System\jaMNZHC.exe
  C:\Windows\System\jaMNZHC.exe
  2⤵
  PID:3704
- C:\Windows\System\rGbsXCt.exe
  C:\Windows\System\rGbsXCt.exe
  2⤵
  PID:4568
- C:\Windows\System\soXLdvE.exe
  C:\Windows\System\soXLdvE.exe
  2⤵
  PID:3316
- C:\Windows\System\jEkPcwe.exe
  C:\Windows\System\jEkPcwe.exe
  2⤵
  PID:5124
- C:\Windows\System\wjVQqSZ.exe
  C:\Windows\System\wjVQqSZ.exe
  2⤵
  PID:1600
- C:\Windows\System\djIvXjw.exe
  C:\Windows\System\djIvXjw.exe
  2⤵
  PID:1164
- C:\Windows\System\yMzgEPr.exe
  C:\Windows\System\yMzgEPr.exe
  2⤵
  PID:4632
- C:\Windows\System\wGxhXEt.exe
  C:\Windows\System\wGxhXEt.exe
  2⤵
  PID:3156
- C:\Windows\System\sFXMufw.exe
  C:\Windows\System\sFXMufw.exe
  2⤵
  PID:5172
- C:\Windows\System\pjVyrxV.exe
  C:\Windows\System\pjVyrxV.exe
  2⤵
  PID:1312
- C:\Windows\System\DOPiQxy.exe
  C:\Windows\System\DOPiQxy.exe
  2⤵
  PID:5352
- C:\Windows\System\rqHPBdX.exe
  C:\Windows\System\rqHPBdX.exe
  2⤵
  PID:5020
- C:\Windows\System\NcgCIie.exe
  C:\Windows\System\NcgCIie.exe
  2⤵
  PID:752
- C:\Windows\System\hbOWoUx.exe
  C:\Windows\System\hbOWoUx.exe
  2⤵
  PID:4416
- C:\Windows\System\xGerSwO.exe
  C:\Windows\System\xGerSwO.exe
  2⤵
  PID:1304
- C:\Windows\System\xSRlIvo.exe
  C:\Windows\System\xSRlIvo.exe
  2⤵
  PID:4928
- C:\Windows\System\TWdhqsM.exe
  C:\Windows\System\TWdhqsM.exe
  2⤵
  PID:1480
- C:\Windows\System\jZDkaRS.exe
  C:\Windows\System\jZDkaRS.exe
  2⤵
  PID:3068
- C:\Windows\System\vleiiXp.exe
  C:\Windows\System\vleiiXp.exe
  2⤵
  PID:2260
- C:\Windows\System\BAudrBe.exe
  C:\Windows\System\BAudrBe.exe
  2⤵
  PID:2712
- C:\Windows\System\MpBxroI.exe
  C:\Windows\System\MpBxroI.exe
  2⤵
  PID:3740
- C:\Windows\System\QXGVeIS.exe
  C:\Windows\System\QXGVeIS.exe
  2⤵
  PID:736
- C:\Windows\System\qZCcMAc.exe
  C:\Windows\System\qZCcMAc.exe
  2⤵
  PID:3428
- C:\Windows\System\dSNpIuX.exe
  C:\Windows\System\dSNpIuX.exe
  2⤵
  PID:4748
- C:\Windows\System\gdnTzdP.exe
  C:\Windows\System\gdnTzdP.exe
  2⤵
  PID:5912
- C:\Windows\System\AEDnLvO.exe
  C:\Windows\System\AEDnLvO.exe
  2⤵
  PID:5752
- C:\Windows\System\CAUeRyJ.exe
  C:\Windows\System\CAUeRyJ.exe
  2⤵
  PID:764
- C:\Windows\System\NVPOKPb.exe
  C:\Windows\System\NVPOKPb.exe
  2⤵
  PID:4436
- C:\Windows\System\XIVGDde.exe
  C:\Windows\System\XIVGDde.exe
  2⤵
  PID:2844
- C:\Windows\System\USJMqqG.exe
  C:\Windows\System\USJMqqG.exe
  2⤵
  PID:440
- C:\Windows\System\AjaneVd.exe
  C:\Windows\System\AjaneVd.exe
  2⤵
  PID:5028
- C:\Windows\System\PJNrvuI.exe
  C:\Windows\System\PJNrvuI.exe
  2⤵
  PID:2448
- C:\Windows\System\vqtATcG.exe
  C:\Windows\System\vqtATcG.exe
  2⤵
  PID:5564
- C:\Windows\System\zqcuZIU.exe
  C:\Windows\System\zqcuZIU.exe
  2⤵
  PID:5560
- C:\Windows\System\HBOgKXp.exe
  C:\Windows\System\HBOgKXp.exe
  2⤵
  PID:1676
- C:\Windows\System\xJmZnBd.exe
  C:\Windows\System\xJmZnBd.exe
  2⤵
  PID:4904
- C:\Windows\System\WsYyXIa.exe
  C:\Windows\System\WsYyXIa.exe
  2⤵
  PID:5644
- C:\Windows\System\ZunwyNa.exe
  C:\Windows\System\ZunwyNa.exe
  2⤵
  PID:3208
- C:\Windows\System\LOtEyNx.exe
  C:\Windows\System\LOtEyNx.exe
  2⤵
  PID:5544
- C:\Windows\System\ZtKpZMp.exe
  C:\Windows\System\ZtKpZMp.exe
  2⤵
  PID:4124
- C:\Windows\System\ZepRens.exe
  C:\Windows\System\ZepRens.exe
  2⤵
  PID:5376
- C:\Windows\System\iKfBhBZ.exe
  C:\Windows\System\iKfBhBZ.exe
  2⤵
  PID:3788
- C:\Windows\System\AoXDoGF.exe
  C:\Windows\System\AoXDoGF.exe
  2⤵
  PID:4924
- C:\Windows\System\mxpyXmj.exe
  C:\Windows\System\mxpyXmj.exe
  2⤵
  PID:4896
- C:\Windows\System\VFxEgrJ.exe
  C:\Windows\System\VFxEgrJ.exe
  2⤵
  PID:4292
- C:\Windows\System\RVhVrJI.exe
  C:\Windows\System\RVhVrJI.exe
  2⤵
  PID:4952
- C:\Windows\System\AHOGUuh.exe
  C:\Windows\System\AHOGUuh.exe
  2⤵
  PID:1324
- C:\Windows\System\HhnjaLK.exe
  C:\Windows\System\HhnjaLK.exe
  2⤵
  PID:1792
- C:\Windows\System\wWsjQrg.exe
  C:\Windows\System\wWsjQrg.exe
  2⤵
  PID:3308
- C:\Windows\System\JxQSAmk.exe
  C:\Windows\System\JxQSAmk.exe
  2⤵
  PID:2316
- C:\Windows\System\igCeUNI.exe
  C:\Windows\System\igCeUNI.exe
  2⤵
  PID:3336
- C:\Windows\System\IsrEvjx.exe
  C:\Windows\System\IsrEvjx.exe
  2⤵
  PID:1564
- C:\Windows\System\fQAKpGc.exe
  C:\Windows\System\fQAKpGc.exe
  2⤵
  PID:4968
- C:\Windows\System\hzlUGWS.exe
  C:\Windows\System\hzlUGWS.exe
  2⤵
  PID:1768
- C:\Windows\System\jazZLAr.exe
  C:\Windows\System\jazZLAr.exe
  2⤵
  PID:4204
- C:\Windows\System\TFWdywF.exe
  C:\Windows\System\TFWdywF.exe
  2⤵
  PID:1872
- C:\Windows\System\cuKEjIF.exe
  C:\Windows\System\cuKEjIF.exe
  2⤵
  PID:744
- C:\Windows\System\dzvFege.exe
  C:\Windows\System\dzvFege.exe
  2⤵
  PID:3476
- C:\Windows\System\gsuyDYc.exe
  C:\Windows\System\gsuyDYc.exe
  2⤵
  PID:2508
- C:\Windows\System\BtjvGbV.exe
  C:\Windows\System\BtjvGbV.exe
  2⤵
  PID:5432
- C:\Windows\System\VEzsNMx.exe
  C:\Windows\System\VEzsNMx.exe
  2⤵
  PID:1936
- C:\Windows\System\ETAOeEs.exe
  C:\Windows\System\ETAOeEs.exe
  2⤵
  PID:5228
- C:\Windows\System\GWDBBVM.exe
  C:\Windows\System\GWDBBVM.exe
  2⤵
  PID:5632
- C:\Windows\System\ErpQMwz.exe
  C:\Windows\System\ErpQMwz.exe
  2⤵
  PID:4200
- C:\Windows\System\ljbOHHP.exe
  C:\Windows\System\ljbOHHP.exe
  2⤵
  PID:3272
- C:\Windows\System\qhIehgY.exe
  C:\Windows\System\qhIehgY.exe
  2⤵
  PID:5948
- C:\Windows\System\ZaMDAOh.exe
  C:\Windows\System\ZaMDAOh.exe
  2⤵
  PID:5956
- C:\Windows\System\mEPyeiC.exe
  C:\Windows\System\mEPyeiC.exe
  2⤵
  PID:1736
- C:\Windows\System\usBuQcK.exe
  C:\Windows\System\usBuQcK.exe
  2⤵
  PID:4112
- C:\Windows\System\idxJWef.exe
  C:\Windows\System\idxJWef.exe
  2⤵
  PID:5288
- C:\Windows\System\AXWdlQc.exe
  C:\Windows\System\AXWdlQc.exe
  2⤵
  PID:3680
- C:\Windows\System\tjgNRMX.exe
  C:\Windows\System\tjgNRMX.exe
  2⤵
  PID:4764
- C:\Windows\System\xclZCOy.exe
  C:\Windows\System\xclZCOy.exe
  2⤵
  PID:5876
- C:\Windows\System\asPInUo.exe
  C:\Windows\System\asPInUo.exe
  2⤵
  PID:6148
- C:\Windows\System\zBhBjMv.exe
  C:\Windows\System\zBhBjMv.exe
  2⤵
  PID:6176
- C:\Windows\System\gTlECjv.exe
  C:\Windows\System\gTlECjv.exe
  2⤵
  PID:6200
- C:\Windows\System\hGxUgiF.exe
  C:\Windows\System\hGxUgiF.exe
  2⤵
  PID:6232
- C:\Windows\System\NQsmzkH.exe
  C:\Windows\System\NQsmzkH.exe
  2⤵
  PID:6256
- C:\Windows\System\hVgtKAA.exe
  C:\Windows\System\hVgtKAA.exe
  2⤵
  PID:6284
- C:\Windows\System\PvbtHfq.exe
  C:\Windows\System\PvbtHfq.exe
  2⤵
  PID:6316
- C:\Windows\System\kLOdWXP.exe
  C:\Windows\System\kLOdWXP.exe
  2⤵
  PID:6344
- C:\Windows\System\iSTGBHc.exe
  C:\Windows\System\iSTGBHc.exe
  2⤵
  PID:6372
- C:\Windows\System\XWyDMHd.exe
  C:\Windows\System\XWyDMHd.exe
  2⤵
  PID:6396
- C:\Windows\System\EGoAprR.exe
  C:\Windows\System\EGoAprR.exe
  2⤵
  PID:6424
- C:\Windows\System\SfAihwx.exe
  C:\Windows\System\SfAihwx.exe
  2⤵
  PID:6496
- C:\Windows\System\JdKmeNQ.exe
  C:\Windows\System\JdKmeNQ.exe
  2⤵
  PID:6532
- C:\Windows\System\zjsNxCl.exe
  C:\Windows\System\zjsNxCl.exe
  2⤵
  PID:6556
- C:\Windows\System\xTGfZUf.exe
  C:\Windows\System\xTGfZUf.exe
  2⤵
  PID:6576
- C:\Windows\System\gLsZEQk.exe
  C:\Windows\System\gLsZEQk.exe
  2⤵
  PID:6596
- C:\Windows\System\gSjsCZD.exe
  C:\Windows\System\gSjsCZD.exe
  2⤵
  PID:6636
- C:\Windows\System\cJsWfNE.exe
  C:\Windows\System\cJsWfNE.exe
  2⤵
  PID:6664
- C:\Windows\System\XUorUKc.exe
  C:\Windows\System\XUorUKc.exe
  2⤵
  PID:6692
- C:\Windows\System\kTyjJhW.exe
  C:\Windows\System\kTyjJhW.exe
  2⤵
  PID:6716
- C:\Windows\System\PeJZUkD.exe
  C:\Windows\System\PeJZUkD.exe
  2⤵
  PID:6736
- C:\Windows\System\WaCoFwF.exe
  C:\Windows\System\WaCoFwF.exe
  2⤵
  PID:6752
- C:\Windows\System\VPBJatK.exe
  C:\Windows\System\VPBJatK.exe
  2⤵
  PID:6780
- C:\Windows\System\kvKOARq.exe
  C:\Windows\System\kvKOARq.exe
  2⤵
  PID:6844
- C:\Windows\System\DLsPOQL.exe
  C:\Windows\System\DLsPOQL.exe
  2⤵
  PID:6864
- C:\Windows\System\PfSkuzd.exe
  C:\Windows\System\PfSkuzd.exe
  2⤵
  PID:6884
- C:\Windows\System\hvZqjOh.exe
  C:\Windows\System\hvZqjOh.exe
  2⤵
  PID:6936
- C:\Windows\System\qoQgsJw.exe
  C:\Windows\System\qoQgsJw.exe
  2⤵
  PID:6980
- C:\Windows\System\bWoWofi.exe
  C:\Windows\System\bWoWofi.exe
  2⤵
  PID:6996
- C:\Windows\System\dDrYxFz.exe
  C:\Windows\System\dDrYxFz.exe
  2⤵
  PID:7020
- C:\Windows\System\unTmTSW.exe
  C:\Windows\System\unTmTSW.exe
  2⤵
  PID:7040
- C:\Windows\System\TEGldsv.exe
  C:\Windows\System\TEGldsv.exe
  2⤵
  PID:7064
- C:\Windows\System\CPynSMq.exe
  C:\Windows\System\CPynSMq.exe
  2⤵
  PID:7084
- C:\Windows\System\qBmWmIH.exe
  C:\Windows\System\qBmWmIH.exe
  2⤵
  PID:7104
- C:\Windows\System\apTiAly.exe
  C:\Windows\System\apTiAly.exe
  2⤵
  PID:7124
- C:\Windows\System\VHgSqdk.exe
  C:\Windows\System\VHgSqdk.exe
  2⤵
  PID:7164
- C:\Windows\System\ZORCXqK.exe
  C:\Windows\System\ZORCXqK.exe
  2⤵
  PID:5160
- C:\Windows\System\rthQQui.exe
  C:\Windows\System\rthQQui.exe
  2⤵
  PID:3676
- C:\Windows\System\vFdevem.exe
  C:\Windows\System\vFdevem.exe
  2⤵
  PID:860
- C:\Windows\System\TvXLgbu.exe
  C:\Windows\System\TvXLgbu.exe
  2⤵
  PID:2188
- C:\Windows\System\AQXmoWa.exe
  C:\Windows\System\AQXmoWa.exe
  2⤵
  PID:2072
- C:\Windows\System\yufMTPj.exe
  C:\Windows\System\yufMTPj.exe
  2⤵
  PID:6248
- C:\Windows\System\rHUxTMU.exe
  C:\Windows\System\rHUxTMU.exe
  2⤵
  PID:6280
- C:\Windows\System\bsAiKCC.exe
  C:\Windows\System\bsAiKCC.exe
  2⤵
  PID:6300
- C:\Windows\System\PLBEdOq.exe
  C:\Windows\System\PLBEdOq.exe
  2⤵
  PID:5648
- C:\Windows\System\dgkNyUE.exe
  C:\Windows\System\dgkNyUE.exe
  2⤵
  PID:6392
- C:\Windows\System\DqRYkMY.exe
  C:\Windows\System\DqRYkMY.exe
  2⤵
  PID:2512
- C:\Windows\System\NuNXhBX.exe
  C:\Windows\System\NuNXhBX.exe
  2⤵
  PID:4288
- C:\Windows\System\MVQmhvh.exe
  C:\Windows\System\MVQmhvh.exe
  2⤵
  PID:2272
- C:\Windows\System\Jbyxfbk.exe
  C:\Windows\System\Jbyxfbk.exe
  2⤵
  PID:5268
- C:\Windows\System\SrRJArr.exe
  C:\Windows\System\SrRJArr.exe
  2⤵
  PID:4544
- C:\Windows\System\uYuSUjs.exe
  C:\Windows\System\uYuSUjs.exe
  2⤵
  PID:6524
- C:\Windows\System\bDaYpMw.exe
  C:\Windows\System\bDaYpMw.exe
  2⤵
  PID:6540
- C:\Windows\System\kBwKztH.exe
  C:\Windows\System\kBwKztH.exe
  2⤵
  PID:6612
- C:\Windows\System\AQamCOq.exe
  C:\Windows\System\AQamCOq.exe
  2⤵
  PID:6644
- C:\Windows\System\RWNonlx.exe
  C:\Windows\System\RWNonlx.exe
  2⤵
  PID:6732
- C:\Windows\System\XPPRbCD.exe
  C:\Windows\System\XPPRbCD.exe
  2⤵
  PID:1168
- C:\Windows\System\ZgiQIAF.exe
  C:\Windows\System\ZgiQIAF.exe
  2⤵
  PID:6772
- C:\Windows\System\SmJlvCu.exe
  C:\Windows\System\SmJlvCu.exe
  2⤵
  PID:6820
- C:\Windows\System\oTqvbcN.exe
  C:\Windows\System\oTqvbcN.exe
  2⤵
  PID:6876
- C:\Windows\System\SoTOLHB.exe
  C:\Windows\System\SoTOLHB.exe
  2⤵
  PID:6972
- C:\Windows\System\bWcfNni.exe
  C:\Windows\System\bWcfNni.exe
  2⤵
  PID:7004
- C:\Windows\System\NVvcEAX.exe
  C:\Windows\System\NVvcEAX.exe
  2⤵
  PID:7140
- C:\Windows\System\sXZTSth.exe
  C:\Windows\System\sXZTSth.exe
  2⤵
  PID:4160
- C:\Windows\System\VFQqccT.exe
  C:\Windows\System\VFQqccT.exe
  2⤵
  PID:5252
- C:\Windows\System\PMpLfaO.exe
  C:\Windows\System\PMpLfaO.exe
  2⤵
  PID:6328
- C:\Windows\System\DGJVOWQ.exe
  C:\Windows\System\DGJVOWQ.exe
  2⤵
  PID:1288
- C:\Windows\System\tJSPrmy.exe
  C:\Windows\System\tJSPrmy.exe
  2⤵
  PID:2492
- C:\Windows\System\cpaMbzQ.exe
  C:\Windows\System\cpaMbzQ.exe
  2⤵
  PID:3368
- C:\Windows\System\HHBfNpi.exe
  C:\Windows\System\HHBfNpi.exe
  2⤵
  PID:3412
- C:\Windows\System\pOpHLXv.exe
  C:\Windows\System\pOpHLXv.exe
  2⤵
  PID:6568
- C:\Windows\System\mcaOunI.exe
  C:\Windows\System\mcaOunI.exe
  2⤵
  PID:6632
- C:\Windows\System\yPlxGxu.exe
  C:\Windows\System\yPlxGxu.exe
  2⤵
  PID:6952
- C:\Windows\System\aMCiAPH.exe
  C:\Windows\System\aMCiAPH.exe
  2⤵
  PID:6872
- C:\Windows\System\QmwnWLM.exe
  C:\Windows\System\QmwnWLM.exe
  2⤵
  PID:7012
- C:\Windows\System\gKoGhAT.exe
  C:\Windows\System\gKoGhAT.exe
  2⤵
  PID:6164
- C:\Windows\System\Rpaxvde.exe
  C:\Windows\System\Rpaxvde.exe
  2⤵
  PID:2156
- C:\Windows\System\FvJnFRu.exe
  C:\Windows\System\FvJnFRu.exe
  2⤵
  PID:3992
- C:\Windows\System\lJzvzim.exe
  C:\Windows\System\lJzvzim.exe
  2⤵
  PID:6628
- C:\Windows\System\vDzvQUO.exe
  C:\Windows\System\vDzvQUO.exe
  2⤵
  PID:6768
- C:\Windows\System\FUyppUw.exe
  C:\Windows\System\FUyppUw.exe
  2⤵
  PID:7156
- C:\Windows\System\uGoopkh.exe
  C:\Windows\System\uGoopkh.exe
  2⤵
  PID:3932
- C:\Windows\System\SKQtZnw.exe
  C:\Windows\System\SKQtZnw.exe
  2⤵
  PID:396
- C:\Windows\System\mTbWptc.exe
  C:\Windows\System\mTbWptc.exe
  2⤵
  PID:7172
- C:\Windows\System\STJVAVX.exe
  C:\Windows\System\STJVAVX.exe
  2⤵
  PID:7196
- C:\Windows\System\LgUdvoe.exe
  C:\Windows\System\LgUdvoe.exe
  2⤵
  PID:7212
- C:\Windows\System\zWnqXHL.exe
  C:\Windows\System\zWnqXHL.exe
  2⤵
  PID:7236
- C:\Windows\System\zWpQRzq.exe
  C:\Windows\System\zWpQRzq.exe
  2⤵
  PID:7260
- C:\Windows\System\UbyUuVf.exe
  C:\Windows\System\UbyUuVf.exe
  2⤵
  PID:7336
- C:\Windows\System\XGazvbZ.exe
  C:\Windows\System\XGazvbZ.exe
  2⤵
  PID:7364
- C:\Windows\System\KbubbwB.exe
  C:\Windows\System\KbubbwB.exe
  2⤵
  PID:7396
- C:\Windows\System\xeKbOJY.exe
  C:\Windows\System\xeKbOJY.exe
  2⤵
  PID:7416
- C:\Windows\System\yohRHAR.exe
  C:\Windows\System\yohRHAR.exe
  2⤵
  PID:7452
- C:\Windows\System\JXIcLGx.exe
  C:\Windows\System\JXIcLGx.exe
  2⤵
  PID:7480
- C:\Windows\System\HKJWzjd.exe
  C:\Windows\System\HKJWzjd.exe
  2⤵
  PID:7504
- C:\Windows\System\DQWRuOi.exe
  C:\Windows\System\DQWRuOi.exe
  2⤵
  PID:7548
- C:\Windows\System\rsgxyEX.exe
  C:\Windows\System\rsgxyEX.exe
  2⤵
  PID:7568
- C:\Windows\System\cvVqJqU.exe
  C:\Windows\System\cvVqJqU.exe
  2⤵
  PID:7592
- C:\Windows\System\sxhrIEx.exe
  C:\Windows\System\sxhrIEx.exe
  2⤵
  PID:7608
- C:\Windows\System\JrgDhil.exe
  C:\Windows\System\JrgDhil.exe
  2⤵
  PID:7656
- C:\Windows\System\oIFloje.exe
  C:\Windows\System\oIFloje.exe
  2⤵
  PID:7672
- C:\Windows\System\DqjSTgr.exe
  C:\Windows\System\DqjSTgr.exe
  2⤵
  PID:7732
- C:\Windows\System\CWXraRw.exe
  C:\Windows\System\CWXraRw.exe
  2⤵
  PID:7748
- C:\Windows\System\IHfAYQA.exe
  C:\Windows\System\IHfAYQA.exe
  2⤵
  PID:7772
- C:\Windows\System\pWoPorh.exe
  C:\Windows\System\pWoPorh.exe
  2⤵
  PID:7804
- C:\Windows\System\lsWtQMd.exe
  C:\Windows\System\lsWtQMd.exe
  2⤵
  PID:7824
- C:\Windows\System\ElkqjfU.exe
  C:\Windows\System\ElkqjfU.exe
  2⤵
  PID:7844
- C:\Windows\System\qyoINxC.exe
  C:\Windows\System\qyoINxC.exe
  2⤵
  PID:7900
- C:\Windows\System\uNWvVyE.exe
  C:\Windows\System\uNWvVyE.exe
  2⤵
  PID:7916
- C:\Windows\System\ASEwYFa.exe
  C:\Windows\System\ASEwYFa.exe
  2⤵
  PID:7948
- C:\Windows\System\jElpvCu.exe
  C:\Windows\System\jElpvCu.exe
  2⤵
  PID:7972
- C:\Windows\System\oQMzXDB.exe
  C:\Windows\System\oQMzXDB.exe
  2⤵
  PID:8004
- C:\Windows\System\UiELULA.exe
  C:\Windows\System\UiELULA.exe
  2⤵
  PID:8024
- C:\Windows\System\sfDvJln.exe
  C:\Windows\System\sfDvJln.exe
  2⤵
  PID:8088
- C:\Windows\System\UlWXFYf.exe
  C:\Windows\System\UlWXFYf.exe
  2⤵
  PID:8124
- C:\Windows\System\DMSvlcu.exe
  C:\Windows\System\DMSvlcu.exe
  2⤵
  PID:8148
- C:\Windows\System\aZtdNGL.exe
  C:\Windows\System\aZtdNGL.exe
  2⤵
  PID:8168
- C:\Windows\System\nnALmaq.exe
  C:\Windows\System\nnALmaq.exe
  2⤵
  PID:8188
- C:\Windows\System\fmPVOvM.exe
  C:\Windows\System\fmPVOvM.exe
  2⤵
  PID:5976
- C:\Windows\System\uJCpcLg.exe
  C:\Windows\System\uJCpcLg.exe
  2⤵
  PID:7208
- C:\Windows\System\ltZQBGT.exe
  C:\Windows\System\ltZQBGT.exe
  2⤵
  PID:7312
- C:\Windows\System\JApIKZQ.exe
  C:\Windows\System\JApIKZQ.exe
  2⤵
  PID:7352
- C:\Windows\System\IQhgpuX.exe
  C:\Windows\System\IQhgpuX.exe
  2⤵
  PID:7412
- C:\Windows\System\pTzNgIH.exe
  C:\Windows\System\pTzNgIH.exe
  2⤵
  PID:7496
- C:\Windows\System\iMoIBcV.exe
  C:\Windows\System\iMoIBcV.exe
  2⤵
  PID:7652
- C:\Windows\System\XscRNKp.exe
  C:\Windows\System\XscRNKp.exe
  2⤵
  PID:7600
- C:\Windows\System\WFfAMHB.exe
  C:\Windows\System\WFfAMHB.exe
  2⤵
  PID:7764
- C:\Windows\System\AeNlieB.exe
  C:\Windows\System\AeNlieB.exe
  2⤵
  PID:7784
- C:\Windows\System\FwDQANL.exe
  C:\Windows\System\FwDQANL.exe
  2⤵
  PID:7884
- C:\Windows\System\nZMfunY.exe
  C:\Windows\System\nZMfunY.exe
  2⤵
  PID:7888
- C:\Windows\System\kVbdmbB.exe
  C:\Windows\System\kVbdmbB.exe
  2⤵
  PID:7964
- C:\Windows\System\FNshPVL.exe
  C:\Windows\System\FNshPVL.exe
  2⤵
  PID:8060
- C:\Windows\System\IIowlaP.exe
  C:\Windows\System\IIowlaP.exe
  2⤵
  PID:8120
- C:\Windows\System\jPARpHm.exe
  C:\Windows\System\jPARpHm.exe
  2⤵
  PID:6688
- C:\Windows\System\niIDFpP.exe
  C:\Windows\System\niIDFpP.exe
  2⤵
  PID:2432
- C:\Windows\System\uoUCtVo.exe
  C:\Windows\System\uoUCtVo.exe
  2⤵
  PID:7380
- C:\Windows\System\baFYYdF.exe
  C:\Windows\System\baFYYdF.exe
  2⤵
  PID:7444
- C:\Windows\System\NLjTCCM.exe
  C:\Windows\System\NLjTCCM.exe
  2⤵
  PID:7604
- C:\Windows\System\BWQKcAY.exe
  C:\Windows\System\BWQKcAY.exe
  2⤵
  PID:7712
- C:\Windows\System\VHFbDbJ.exe
  C:\Windows\System\VHFbDbJ.exe
  2⤵
  PID:7876
- C:\Windows\System\dNPCqJe.exe
  C:\Windows\System\dNPCqJe.exe
  2⤵
  PID:8012
- C:\Windows\System\VSUxhhs.exe
  C:\Windows\System\VSUxhhs.exe
  2⤵
  PID:7288
- C:\Windows\System\svxmfCT.exe
  C:\Windows\System\svxmfCT.exe
  2⤵
  PID:7228
- C:\Windows\System\vjRtjwh.exe
  C:\Windows\System\vjRtjwh.exe
  2⤵
  PID:7428
- C:\Windows\System\EsjmUMO.exe
  C:\Windows\System\EsjmUMO.exe
  2⤵
  PID:6924
- C:\Windows\System\PxSdGGV.exe
  C:\Windows\System\PxSdGGV.exe
  2⤵
  PID:7840
- C:\Windows\System\nsCzmca.exe
  C:\Windows\System\nsCzmca.exe
  2⤵
  PID:8224
- C:\Windows\System\mcVQvkp.exe
  C:\Windows\System\mcVQvkp.exe
  2⤵
  PID:8256
- C:\Windows\System\kpqKthp.exe
  C:\Windows\System\kpqKthp.exe
  2⤵
  PID:8312
- C:\Windows\System\lOsKOeL.exe
  C:\Windows\System\lOsKOeL.exe
  2⤵
  PID:8336
- C:\Windows\System\FWMcmUa.exe
  C:\Windows\System\FWMcmUa.exe
  2⤵
  PID:8360
- C:\Windows\System\bBHFZVP.exe
  C:\Windows\System\bBHFZVP.exe
  2⤵
  PID:8388
- C:\Windows\System\zyAFtXP.exe
  C:\Windows\System\zyAFtXP.exe
  2⤵
  PID:8412
- C:\Windows\System\DaHcqti.exe
  C:\Windows\System\DaHcqti.exe
  2⤵
  PID:8440
- C:\Windows\System\NHmoanz.exe
  C:\Windows\System\NHmoanz.exe
  2⤵
  PID:8460
- C:\Windows\System\QkDNSVf.exe
  C:\Windows\System\QkDNSVf.exe
  2⤵
  PID:8484
- C:\Windows\System\YiALRcW.exe
  C:\Windows\System\YiALRcW.exe
  2⤵
  PID:8508
- C:\Windows\System\KzwPJUk.exe
  C:\Windows\System\KzwPJUk.exe
  2⤵
  PID:8552
- C:\Windows\System\TqLzcXr.exe
  C:\Windows\System\TqLzcXr.exe
  2⤵
  PID:8600
- C:\Windows\System\QUxdcNS.exe
  C:\Windows\System\QUxdcNS.exe
  2⤵
  PID:8624
- C:\Windows\System\evpntGq.exe
  C:\Windows\System\evpntGq.exe
  2⤵
  PID:8652
- C:\Windows\System\BWiFevv.exe
  C:\Windows\System\BWiFevv.exe
  2⤵
  PID:8680
- C:\Windows\System\jHYkcNQ.exe
  C:\Windows\System\jHYkcNQ.exe
  2⤵
  PID:8708
- C:\Windows\System\RHYiCTQ.exe
  C:\Windows\System\RHYiCTQ.exe
  2⤵
  PID:8740
- C:\Windows\System\zzvmbrE.exe
  C:\Windows\System\zzvmbrE.exe
  2⤵
  PID:8768
- C:\Windows\System\qDjlmmw.exe
  C:\Windows\System\qDjlmmw.exe
  2⤵
  PID:8796
- C:\Windows\System\GJCqPjl.exe
  C:\Windows\System\GJCqPjl.exe
  2⤵
  PID:8816
- C:\Windows\System\XCjpjyk.exe
  C:\Windows\System\XCjpjyk.exe
  2⤵
  PID:8836
- C:\Windows\System\srkITqM.exe
  C:\Windows\System\srkITqM.exe
  2⤵
  PID:8856
- C:\Windows\System\DzlHisN.exe
  C:\Windows\System\DzlHisN.exe
  2⤵
  PID:8872
- C:\Windows\System\rOrXyiR.exe
  C:\Windows\System\rOrXyiR.exe
  2⤵
  PID:8892
- C:\Windows\System\NJZtFAV.exe
  C:\Windows\System\NJZtFAV.exe
  2⤵
  PID:8916
- C:\Windows\System\LwvLvJW.exe
  C:\Windows\System\LwvLvJW.exe
  2⤵
  PID:8932
- C:\Windows\System\ljysxkE.exe
  C:\Windows\System\ljysxkE.exe
  2⤵
  PID:8948
- C:\Windows\System\KXhgYoz.exe
  C:\Windows\System\KXhgYoz.exe
  2⤵
  PID:8968
- C:\Windows\System\RdZfsrc.exe
  C:\Windows\System\RdZfsrc.exe
  2⤵
  PID:9100
- C:\Windows\System\liOQDnZ.exe
  C:\Windows\System\liOQDnZ.exe
  2⤵
  PID:9116
- C:\Windows\System\sooKEzU.exe
  C:\Windows\System\sooKEzU.exe
  2⤵
  PID:9140
- C:\Windows\System\YuupNbe.exe
  C:\Windows\System\YuupNbe.exe
  2⤵
  PID:9164
- C:\Windows\System\YGGlXQi.exe
  C:\Windows\System\YGGlXQi.exe
  2⤵
  PID:9184
- C:\Windows\System\onsEDIk.exe
  C:\Windows\System\onsEDIk.exe
  2⤵
  PID:9204
- C:\Windows\System\soqIDgy.exe
  C:\Windows\System\soqIDgy.exe
  2⤵
  PID:7668
- C:\Windows\System\TcyDvUd.exe
  C:\Windows\System\TcyDvUd.exe
  2⤵
  PID:7524
- C:\Windows\System\yXhroCz.exe
  C:\Windows\System\yXhroCz.exe
  2⤵
  PID:8304
- C:\Windows\System\FeCzyuQ.exe
  C:\Windows\System\FeCzyuQ.exe
  2⤵
  PID:8320
- C:\Windows\System\BpcGmJt.exe
  C:\Windows\System\BpcGmJt.exe
  2⤵
  PID:8432
- C:\Windows\System\UuYLyEJ.exe
  C:\Windows\System\UuYLyEJ.exe
  2⤵
  PID:8524
- C:\Windows\System\OsSuDvP.exe
  C:\Windows\System\OsSuDvP.exe
  2⤵
  PID:8612
- C:\Windows\System\GWHpCQA.exe
  C:\Windows\System\GWHpCQA.exe
  2⤵
  PID:8660
- C:\Windows\System\CEsfNrs.exe
  C:\Windows\System\CEsfNrs.exe
  2⤵
  PID:8732
- C:\Windows\System\OdAfHsm.exe
  C:\Windows\System\OdAfHsm.exe
  2⤵
  PID:8784
- C:\Windows\System\ezeDpIN.exe
  C:\Windows\System\ezeDpIN.exe
  2⤵
  PID:8852
- C:\Windows\System\bremTvv.exe
  C:\Windows\System\bremTvv.exe
  2⤵
  PID:8832
- C:\Windows\System\OKpRFUF.exe
  C:\Windows\System\OKpRFUF.exe
  2⤵
  PID:8884
- C:\Windows\System\yDwOyIL.exe
  C:\Windows\System\yDwOyIL.exe
  2⤵
  PID:8960
- C:\Windows\System\VyXRZQi.exe
  C:\Windows\System\VyXRZQi.exe
  2⤵
  PID:8988
- C:\Windows\System\nnoHpzd.exe
  C:\Windows\System\nnoHpzd.exe
  2⤵
  PID:9000
- C:\Windows\System\sLGAbeW.exe
  C:\Windows\System\sLGAbeW.exe
  2⤵
  PID:8216
- C:\Windows\System\oDPuZOV.exe
  C:\Windows\System\oDPuZOV.exe
  2⤵
  PID:8244
- C:\Windows\System\rfdzEgG.exe
  C:\Windows\System\rfdzEgG.exe
  2⤵
  PID:8436
- C:\Windows\System\rIIrRKZ.exe
  C:\Windows\System\rIIrRKZ.exe
  2⤵
  PID:2928
- C:\Windows\System\bnozRYg.exe
  C:\Windows\System\bnozRYg.exe
  2⤵
  PID:8804
- C:\Windows\System\gBVBFBp.exe
  C:\Windows\System\gBVBFBp.exe
  2⤵
  PID:8940
- C:\Windows\System\tYuqaMR.exe
  C:\Windows\System\tYuqaMR.exe
  2⤵
  PID:7968
- C:\Windows\System\FjZprsc.exe
  C:\Windows\System\FjZprsc.exe
  2⤵
  PID:8328
- C:\Windows\System\jtijJqq.exe
  C:\Windows\System\jtijJqq.exe
  2⤵
  PID:8904
- C:\Windows\System\jrgidmL.exe
  C:\Windows\System\jrgidmL.exe
  2⤵
  PID:9192
- C:\Windows\System\sWxXmvw.exe
  C:\Windows\System\sWxXmvw.exe
  2⤵
  PID:9180
- C:\Windows\System\QwKMfdp.exe
  C:\Windows\System\QwKMfdp.exe
  2⤵
  PID:9228
- C:\Windows\System\tFLHITv.exe
  C:\Windows\System\tFLHITv.exe
  2⤵
  PID:9248
- C:\Windows\System\iQrNXrg.exe
  C:\Windows\System\iQrNXrg.exe
  2⤵
  PID:9276
- C:\Windows\System\PKEbyWJ.exe
  C:\Windows\System\PKEbyWJ.exe
  2⤵
  PID:9312
- C:\Windows\System\eIzKoQJ.exe
  C:\Windows\System\eIzKoQJ.exe
  2⤵
  PID:9360
- C:\Windows\System\IbEUnIe.exe
  C:\Windows\System\IbEUnIe.exe
  2⤵
  PID:9388
- C:\Windows\System\WUvdico.exe
  C:\Windows\System\WUvdico.exe
  2⤵
  PID:9412
- C:\Windows\System\RWnnZhZ.exe
  C:\Windows\System\RWnnZhZ.exe
  2⤵
  PID:9512
- C:\Windows\System\YgnmQeM.exe
  C:\Windows\System\YgnmQeM.exe
  2⤵
  PID:9560
- C:\Windows\System\nnMrPrH.exe
  C:\Windows\System\nnMrPrH.exe
  2⤵
  PID:9632
- C:\Windows\System\OpEhpcR.exe
  C:\Windows\System\OpEhpcR.exe
  2⤵
  PID:9796
- C:\Windows\System\mEyVAXZ.exe
  C:\Windows\System\mEyVAXZ.exe
  2⤵
  PID:9848
- C:\Windows\System\hGbvMMj.exe
  C:\Windows\System\hGbvMMj.exe
  2⤵
  PID:9864
- C:\Windows\System\BBzruHc.exe
  C:\Windows\System\BBzruHc.exe
  2⤵
  PID:9880
- C:\Windows\System\irKvHiU.exe
  C:\Windows\System\irKvHiU.exe
  2⤵
  PID:9896
- C:\Windows\System\HLGpxyu.exe
  C:\Windows\System\HLGpxyu.exe
  2⤵
  PID:9912
- C:\Windows\System\ztpuRIA.exe
  C:\Windows\System\ztpuRIA.exe
  2⤵
  PID:9928
- C:\Windows\System\uSqiQnB.exe
  C:\Windows\System\uSqiQnB.exe
  2⤵
  PID:9944
- C:\Windows\System\QYPFfow.exe
  C:\Windows\System\QYPFfow.exe
  2⤵
  PID:9960
- C:\Windows\System\chJnIjX.exe
  C:\Windows\System\chJnIjX.exe
  2⤵
  PID:9976
- C:\Windows\System\OwMeHWO.exe
  C:\Windows\System\OwMeHWO.exe
  2⤵
  PID:9992
- C:\Windows\System\KqeDpiL.exe
  C:\Windows\System\KqeDpiL.exe
  2⤵
  PID:10008
- C:\Windows\System\xwiDGYU.exe
  C:\Windows\System\xwiDGYU.exe
  2⤵
  PID:10048
- C:\Windows\System\zFleylD.exe
  C:\Windows\System\zFleylD.exe
  2⤵
  PID:10072
- C:\Windows\System\MTCBihE.exe
  C:\Windows\System\MTCBihE.exe
  2⤵
  PID:10088
- C:\Windows\System\KEVvScA.exe
  C:\Windows\System\KEVvScA.exe
  2⤵
  PID:10160
- C:\Windows\System\DTQEwuC.exe
  C:\Windows\System\DTQEwuC.exe
  2⤵
  PID:10184
- C:\Windows\System\jxzDTdq.exe
  C:\Windows\System\jxzDTdq.exe
  2⤵
  PID:10212
- C:\Windows\System\VgpBasN.exe
  C:\Windows\System\VgpBasN.exe
  2⤵
  PID:10236
- C:\Windows\System\LXbMXDG.exe
  C:\Windows\System\LXbMXDG.exe
  2⤵
  PID:8900
- C:\Windows\System\EcGSyRu.exe
  C:\Windows\System\EcGSyRu.exe
  2⤵
  PID:9268
- C:\Windows\System\TahopHs.exe
  C:\Windows\System\TahopHs.exe
  2⤵
  PID:9292
- C:\Windows\System\ghvSNxG.exe
  C:\Windows\System\ghvSNxG.exe
  2⤵
  PID:9372
- C:\Windows\System\fTmgNzb.exe
  C:\Windows\System\fTmgNzb.exe
  2⤵
  PID:9404
- C:\Windows\System\FyMnWub.exe
  C:\Windows\System\FyMnWub.exe
  2⤵
  PID:9468
- C:\Windows\System\MRDtfcN.exe
  C:\Windows\System\MRDtfcN.exe
  2⤵
  PID:9584
- C:\Windows\System\BbEJvpU.exe
  C:\Windows\System\BbEJvpU.exe
  2⤵
  PID:9760
- C:\Windows\System\WNLRdDO.exe
  C:\Windows\System\WNLRdDO.exe
  2⤵
  PID:9780
- C:\Windows\System\KshrmUI.exe
  C:\Windows\System\KshrmUI.exe
  2⤵
  PID:9816
- C:\Windows\System\uVLBYvj.exe
  C:\Windows\System\uVLBYvj.exe
  2⤵
  PID:9424
- C:\Windows\System\nxZarwV.exe
  C:\Windows\System\nxZarwV.exe
  2⤵
  PID:9488
- C:\Windows\System\wSEKbId.exe
  C:\Windows\System\wSEKbId.exe
  2⤵
  PID:9580
- C:\Windows\System\WamHeXz.exe
  C:\Windows\System\WamHeXz.exe
  2⤵
  PID:9904
- C:\Windows\System\ynwRcRm.exe
  C:\Windows\System\ynwRcRm.exe
  2⤵
  PID:9956
- C:\Windows\System\lkawXjK.exe
  C:\Windows\System\lkawXjK.exe
  2⤵
  PID:9660
- C:\Windows\System\NcNlcpk.exe
  C:\Windows\System\NcNlcpk.exe
  2⤵
  PID:10044
- C:\Windows\System\dvhsKpS.exe
  C:\Windows\System\dvhsKpS.exe
  2⤵
  PID:10060
- C:\Windows\System\CDLCYbG.exe
  C:\Windows\System\CDLCYbG.exe
  2⤵
  PID:10116
- C:\Windows\System\zxGxCiA.exe
  C:\Windows\System\zxGxCiA.exe
  2⤵
  PID:10168
- C:\Windows\System\tZWZrDg.exe
  C:\Windows\System\tZWZrDg.exe
  2⤵
  PID:8720
- C:\Windows\System\Kvsztfd.exe
  C:\Windows\System\Kvsztfd.exe
  2⤵
  PID:9272
- C:\Windows\System\wYazgVP.exe
  C:\Windows\System\wYazgVP.exe
  2⤵
  PID:9804
- C:\Windows\System\ZssXmQy.exe
  C:\Windows\System\ZssXmQy.exe
  2⤵
  PID:9688
- C:\Windows\System\jmSeiiH.exe
  C:\Windows\System\jmSeiiH.exe
  2⤵
  PID:9788
- C:\Windows\System\htHyaPG.exe
  C:\Windows\System\htHyaPG.exe
  2⤵
  PID:9824
- C:\Windows\System\jJAQDgs.exe
  C:\Windows\System\jJAQDgs.exe
  2⤵
  PID:9576
- C:\Windows\System\gGeHeMe.exe
  C:\Windows\System\gGeHeMe.exe
  2⤵
  PID:10040
- C:\Windows\System\qgqEWdW.exe
  C:\Windows\System\qgqEWdW.exe
  2⤵
  PID:10132
- C:\Windows\System\tniQhtO.exe
  C:\Windows\System\tniQhtO.exe
  2⤵
  PID:9724
- C:\Windows\System\OaEkTJU.exe
  C:\Windows\System\OaEkTJU.exe
  2⤵
  PID:9448
- C:\Windows\System\cxHXtxh.exe
  C:\Windows\System\cxHXtxh.exe
  2⤵
  PID:9484
- C:\Windows\System\uPedsQZ.exe
  C:\Windows\System\uPedsQZ.exe
  2⤵
  PID:10176
- C:\Windows\System\iwrccgl.exe
  C:\Windows\System\iwrccgl.exe
  2⤵
  PID:9332
- C:\Windows\System\DQkZRSY.exe
  C:\Windows\System\DQkZRSY.exe
  2⤵
  PID:9708
- C:\Windows\System\GKlhJwU.exe
  C:\Windows\System\GKlhJwU.exe
  2⤵
  PID:9856
- C:\Windows\System\NSSYkzQ.exe
  C:\Windows\System\NSSYkzQ.exe
  2⤵
  PID:10252
- C:\Windows\System\OQmjHDH.exe
  C:\Windows\System\OQmjHDH.exe
  2⤵
  PID:10288
- C:\Windows\System\HSjRjPT.exe
  C:\Windows\System\HSjRjPT.exe
  2⤵
  PID:10324
- C:\Windows\System\zYKMZnU.exe
  C:\Windows\System\zYKMZnU.exe
  2⤵
  PID:10340
- C:\Windows\System\uXWlVko.exe
  C:\Windows\System\uXWlVko.exe
  2⤵
  PID:10360
- C:\Windows\System\OyaMPHc.exe
  C:\Windows\System\OyaMPHc.exe
  2⤵
  PID:10408
- C:\Windows\System\tfPJYaD.exe
  C:\Windows\System\tfPJYaD.exe
  2⤵
  PID:10440
- C:\Windows\System\aaKkPfe.exe
  C:\Windows\System\aaKkPfe.exe
  2⤵
  PID:10464
- C:\Windows\System\Wazghwi.exe
  C:\Windows\System\Wazghwi.exe
  2⤵
  PID:10500
- C:\Windows\System\wPBPLtT.exe
  C:\Windows\System\wPBPLtT.exe
  2⤵
  PID:10536
- C:\Windows\System\VhdXLJW.exe
  C:\Windows\System\VhdXLJW.exe
  2⤵
  PID:10556
- C:\Windows\System\KTKdMup.exe
  C:\Windows\System\KTKdMup.exe
  2⤵
  PID:10604
- C:\Windows\System\myIIjgE.exe
  C:\Windows\System\myIIjgE.exe
  2⤵
  PID:10644
- C:\Windows\System\Gehtgxv.exe
  C:\Windows\System\Gehtgxv.exe
  2⤵
  PID:10668
- C:\Windows\System\rhKRtLb.exe
  C:\Windows\System\rhKRtLb.exe
  2⤵
  PID:10684
- C:\Windows\System\NHjEkkA.exe
  C:\Windows\System\NHjEkkA.exe
  2⤵
  PID:10704
- C:\Windows\System\nTkJomu.exe
  C:\Windows\System\nTkJomu.exe
  2⤵
  PID:10732
- C:\Windows\System\fdoymrF.exe
  C:\Windows\System\fdoymrF.exe
  2⤵
  PID:10748
- C:\Windows\System\zvOWRes.exe
  C:\Windows\System\zvOWRes.exe
  2⤵
  PID:10776
- C:\Windows\System\EpvrRIl.exe
  C:\Windows\System\EpvrRIl.exe
  2⤵
  PID:10796
- C:\Windows\System\wtgdPDa.exe
  C:\Windows\System\wtgdPDa.exe
  2⤵
  PID:10824
- C:\Windows\System\jVqjOYL.exe
  C:\Windows\System\jVqjOYL.exe
  2⤵
  PID:10856
- C:\Windows\System\pqKDkGE.exe
  C:\Windows\System\pqKDkGE.exe
  2⤵
  PID:10876
- C:\Windows\System\WiLjlOR.exe
  C:\Windows\System\WiLjlOR.exe
  2⤵
  PID:10896
- C:\Windows\System\sGZmYeC.exe
  C:\Windows\System\sGZmYeC.exe
  2⤵
  PID:10924
- C:\Windows\System\gSPCzwz.exe
  C:\Windows\System\gSPCzwz.exe
  2⤵
  PID:10964
- C:\Windows\System\texUvVy.exe
  C:\Windows\System\texUvVy.exe
  2⤵
  PID:11020
- C:\Windows\System\GyoiHVM.exe
  C:\Windows\System\GyoiHVM.exe
  2⤵
  PID:11044
- C:\Windows\System\PjjNoQe.exe
  C:\Windows\System\PjjNoQe.exe
  2⤵
  PID:11072
- C:\Windows\System\PtIlKGs.exe
  C:\Windows\System\PtIlKGs.exe
  2⤵
  PID:11100
- C:\Windows\System\jWLQeRQ.exe
  C:\Windows\System\jWLQeRQ.exe
  2⤵
  PID:11116
- C:\Windows\System\pffXnoT.exe
  C:\Windows\System\pffXnoT.exe
  2⤵
  PID:11168
- C:\Windows\System\BvZTYTB.exe
  C:\Windows\System\BvZTYTB.exe
  2⤵
  PID:11192
- C:\Windows\System\keJhKCU.exe
  C:\Windows\System\keJhKCU.exe
  2⤵
  PID:11208
- C:\Windows\System\YZZEFWP.exe
  C:\Windows\System\YZZEFWP.exe
  2⤵
  PID:11228
- C:\Windows\System\fjIQVRO.exe
  C:\Windows\System\fjIQVRO.exe
  2⤵
  PID:11256
- C:\Windows\System\isSzizM.exe
  C:\Windows\System\isSzizM.exe
  2⤵
  PID:9968
- C:\Windows\System\QxcFaPy.exe
  C:\Windows\System\QxcFaPy.exe
  2⤵
  PID:10336
- C:\Windows\System\xJjnXEo.exe
  C:\Windows\System\xJjnXEo.exe
  2⤵
  PID:10428
- C:\Windows\System\iAGGovX.exe
  C:\Windows\System\iAGGovX.exe
  2⤵
  PID:10396
- C:\Windows\System\PtggGWn.exe
  C:\Windows\System\PtggGWn.exe
  2⤵
  PID:10528
- C:\Windows\System\VpyCDKW.exe
  C:\Windows\System\VpyCDKW.exe
  2⤵
  PID:10600
- C:\Windows\System\uSUWavo.exe
  C:\Windows\System\uSUWavo.exe
  2⤵
  PID:10624
- C:\Windows\System\cQqxzZm.exe
  C:\Windows\System\cQqxzZm.exe
  2⤵
  PID:10712
- C:\Windows\System\rfyDXMI.exe
  C:\Windows\System\rfyDXMI.exe
  2⤵
  PID:10832
- C:\Windows\System\AinbUJB.exe
  C:\Windows\System\AinbUJB.exe
  2⤵
  PID:10868
- C:\Windows\System\DjuwCLn.exe
  C:\Windows\System\DjuwCLn.exe
  2⤵
  PID:10920
- C:\Windows\System\wKVvFGO.exe
  C:\Windows\System\wKVvFGO.exe
  2⤵
  PID:10984
- C:\Windows\System\EpsvumO.exe
  C:\Windows\System\EpsvumO.exe
  2⤵
  PID:11068
- C:\Windows\System\gjThwDs.exe
  C:\Windows\System\gjThwDs.exe
  2⤵
  PID:11140
- C:\Windows\System\HPuzJFk.exe
  C:\Windows\System\HPuzJFk.exe
  2⤵
  PID:11224
- C:\Windows\System\fepyRAZ.exe
  C:\Windows\System\fepyRAZ.exe
  2⤵
  PID:9568
- C:\Windows\System\TlRBswk.exe
  C:\Windows\System\TlRBswk.exe
  2⤵
  PID:10272
- C:\Windows\System\BosVxHi.exe
  C:\Windows\System\BosVxHi.exe
  2⤵
  PID:10388
- C:\Windows\System\nqCBBMf.exe
  C:\Windows\System\nqCBBMf.exe
  2⤵
  PID:10576
- C:\Windows\System\SziGbzj.exe
  C:\Windows\System\SziGbzj.exe
  2⤵
  PID:10652
- C:\Windows\System\HChQMFU.exe
  C:\Windows\System\HChQMFU.exe
  2⤵
  PID:10852
- C:\Windows\System\EAZoFJQ.exe
  C:\Windows\System\EAZoFJQ.exe
  2⤵
  PID:11040
- C:\Windows\System\mOXHZll.exe
  C:\Windows\System\mOXHZll.exe
  2⤵
  PID:11176
- C:\Windows\System\rlCShmp.exe
  C:\Windows\System\rlCShmp.exe
  2⤵
  PID:10304
- C:\Windows\System\fPpHmHk.exe
  C:\Windows\System\fPpHmHk.exe
  2⤵
  PID:10548
- C:\Windows\System\IzzddCu.exe
  C:\Windows\System\IzzddCu.exe
  2⤵
  PID:10452
- C:\Windows\System\IyicjqF.exe
  C:\Windows\System\IyicjqF.exe
  2⤵
  PID:11108
- C:\Windows\System\xgePufw.exe
  C:\Windows\System\xgePufw.exe
  2⤵
  PID:11296
- C:\Windows\System\acIeVro.exe
  C:\Windows\System\acIeVro.exe
  2⤵
  PID:11312
- C:\Windows\System\kjcRDAC.exe
  C:\Windows\System\kjcRDAC.exe
  2⤵
  PID:11328
- C:\Windows\System\zaLkJLE.exe
  C:\Windows\System\zaLkJLE.exe
  2⤵
  PID:11352
- C:\Windows\System\shAMXoi.exe
  C:\Windows\System\shAMXoi.exe
  2⤵
  PID:11376
- C:\Windows\System\UhzmlAI.exe
  C:\Windows\System\UhzmlAI.exe
  2⤵
  PID:11396
- C:\Windows\System\riKNfiQ.exe
  C:\Windows\System\riKNfiQ.exe
  2⤵
  PID:11416
- C:\Windows\System\WTwLPZy.exe
  C:\Windows\System\WTwLPZy.exe
  2⤵
  PID:11436
- C:\Windows\System\WezRBUE.exe
  C:\Windows\System\WezRBUE.exe
  2⤵
  PID:11496
- C:\Windows\System\wNVTBws.exe
  C:\Windows\System\wNVTBws.exe
  2⤵
  PID:11532
- C:\Windows\System\YUNoJTO.exe
  C:\Windows\System\YUNoJTO.exe
  2⤵
  PID:11560
- C:\Windows\System\rblXwyM.exe
  C:\Windows\System\rblXwyM.exe
  2⤵
  PID:11588
- C:\Windows\System\XRCpjQv.exe
  C:\Windows\System\XRCpjQv.exe
  2⤵
  PID:11608
- C:\Windows\System\gDwsEmc.exe
  C:\Windows\System\gDwsEmc.exe
  2⤵
  PID:11644
- C:\Windows\System\dNBJGGA.exe
  C:\Windows\System\dNBJGGA.exe
  2⤵
  PID:11664
- C:\Windows\System\OiIKqqd.exe
  C:\Windows\System\OiIKqqd.exe
  2⤵
  PID:11696
- C:\Windows\System\FzHrCJw.exe
  C:\Windows\System\FzHrCJw.exe
  2⤵
  PID:11732
- C:\Windows\System\jOWuGId.exe
  C:\Windows\System\jOWuGId.exe
  2⤵
  PID:11756
- C:\Windows\System\fAErJTX.exe
  C:\Windows\System\fAErJTX.exe
  2⤵
  PID:11780
- C:\Windows\System\KPYTaQr.exe
  C:\Windows\System\KPYTaQr.exe
  2⤵
  PID:11800
- C:\Windows\System\WjGDFGU.exe
  C:\Windows\System\WjGDFGU.exe
  2⤵
  PID:11856
- C:\Windows\System\LyQgdBh.exe
  C:\Windows\System\LyQgdBh.exe
  2⤵
  PID:11892
- C:\Windows\System\qfnckbc.exe
  C:\Windows\System\qfnckbc.exe
  2⤵
  PID:11912
- C:\Windows\System\JvtIyXB.exe
  C:\Windows\System\JvtIyXB.exe
  2⤵
  PID:11928
- C:\Windows\System\lInkfoG.exe
  C:\Windows\System\lInkfoG.exe
  2⤵
  PID:11960
- C:\Windows\System\xBiPjMa.exe
  C:\Windows\System\xBiPjMa.exe
  2⤵
  PID:11976
- C:\Windows\System\PZijVba.exe
  C:\Windows\System\PZijVba.exe
  2⤵
  PID:12000
- C:\Windows\System\LQwDQlV.exe
  C:\Windows\System\LQwDQlV.exe
  2⤵
  PID:12020
- C:\Windows\System\rEbkGtp.exe
  C:\Windows\System\rEbkGtp.exe
  2⤵
  PID:12040
- C:\Windows\System\xtCxsia.exe
  C:\Windows\System\xtCxsia.exe
  2⤵
  PID:12064
- C:\Windows\System\BoazMdY.exe
  C:\Windows\System\BoazMdY.exe
  2⤵
  PID:12084
- C:\Windows\System\dhMQiAx.exe
  C:\Windows\System\dhMQiAx.exe
  2⤵
  PID:12136
- C:\Windows\System\HdtVIkZ.exe
  C:\Windows\System\HdtVIkZ.exe
  2⤵
  PID:12156
- C:\Windows\System\ErEFcau.exe
  C:\Windows\System\ErEFcau.exe
  2⤵
  PID:12176
- C:\Windows\System\dgAHNgJ.exe
  C:\Windows\System\dgAHNgJ.exe
  2⤵
  PID:12200
- C:\Windows\System\HuTZwYL.exe
  C:\Windows\System\HuTZwYL.exe
  2⤵
  PID:11188
- C:\Windows\System\AxWFMsE.exe
  C:\Windows\System\AxWFMsE.exe
  2⤵
  PID:11368
- C:\Windows\System\EfIwbwF.exe
  C:\Windows\System\EfIwbwF.exe
  2⤵
  PID:11348
- C:\Windows\System\ODolxxW.exe
  C:\Windows\System\ODolxxW.exe
  2⤵
  PID:11428
- C:\Windows\System\BkmqmLd.exe
  C:\Windows\System\BkmqmLd.exe
  2⤵
  PID:11480
- C:\Windows\System\jCvVQzR.exe
  C:\Windows\System\jCvVQzR.exe
  2⤵
  PID:11568
- C:\Windows\System\ZWFFvEA.exe
  C:\Windows\System\ZWFFvEA.exe
  2⤵
  PID:11624
- C:\Windows\System\JsJNODB.exe
  C:\Windows\System\JsJNODB.exe
  2⤵
  PID:11652
- C:\Windows\System\aiIaRvE.exe
  C:\Windows\System\aiIaRvE.exe
  2⤵
  PID:11748
- C:\Windows\System\PkrsMut.exe
  C:\Windows\System\PkrsMut.exe
  2⤵
  PID:11828
- C:\Windows\System\iJlqBAN.exe
  C:\Windows\System\iJlqBAN.exe
  2⤵
  PID:11908
- C:\Windows\System\HWRkDIe.exe
  C:\Windows\System\HWRkDIe.exe
  2⤵
  PID:11972
- C:\Windows\System\ypAGEoh.exe
  C:\Windows\System\ypAGEoh.exe
  2⤵
  PID:12076
- C:\Windows\System\iqnenDp.exe
  C:\Windows\System\iqnenDp.exe
  2⤵
  PID:12028
- C:\Windows\System\auqjODP.exe
  C:\Windows\System\auqjODP.exe
  2⤵
  PID:12184
- C:\Windows\System\zvciSos.exe
  C:\Windows\System\zvciSos.exe
  2⤵
  PID:12128
- C:\Windows\System\BTquwZb.exe
  C:\Windows\System\BTquwZb.exe
  2⤵
  PID:11156
- C:\Windows\System\VhaCNjj.exe
  C:\Windows\System\VhaCNjj.exe
  2⤵
  PID:11320
- C:\Windows\System\BybztWG.exe
  C:\Windows\System\BybztWG.exe
  2⤵
  PID:11408
- C:\Windows\System\ZdFNWlw.exe
  C:\Windows\System\ZdFNWlw.exe
  2⤵
  PID:11540
- C:\Windows\System\CWLrTye.exe
  C:\Windows\System\CWLrTye.exe
  2⤵
  PID:11640
- C:\Windows\System\bippzPc.exe
  C:\Windows\System\bippzPc.exe
  2⤵
  PID:11708
- C:\Windows\System\pKQGMob.exe
  C:\Windows\System\pKQGMob.exe
  2⤵
  PID:11868
- C:\Windows\System\wBCsRKv.exe
  C:\Windows\System\wBCsRKv.exe
  2⤵
  PID:11968
- C:\Windows\System\RjORNxB.exe
  C:\Windows\System\RjORNxB.exe
  2⤵
  PID:12236
- C:\Windows\System\NSycWyH.exe
  C:\Windows\System\NSycWyH.exe
  2⤵
  PID:12264
- C:\Windows\System\VnbCpsp.exe
  C:\Windows\System\VnbCpsp.exe
  2⤵
  PID:11404
- C:\Windows\System\NqsbonO.exe
  C:\Windows\System\NqsbonO.exe
  2⤵
  PID:11472
- C:\Windows\System\eqaiZzG.exe
  C:\Windows\System\eqaiZzG.exe
  2⤵
  PID:3516
- C:\Windows\System\zVpBMwk.exe
  C:\Windows\System\zVpBMwk.exe
  2⤵
  PID:11520
- C:\Windows\System\KgUzkhS.exe
  C:\Windows\System\KgUzkhS.exe
  2⤵
  PID:12336
- C:\Windows\System\nhhwyOy.exe
  C:\Windows\System\nhhwyOy.exe
  2⤵
  PID:12356
- C:\Windows\System\GAkyJKs.exe
  C:\Windows\System\GAkyJKs.exe
  2⤵
  PID:12376
- C:\Windows\System\BXgGXZP.exe
  C:\Windows\System\BXgGXZP.exe
  2⤵
  PID:12400
- C:\Windows\System\pwCESyY.exe
  C:\Windows\System\pwCESyY.exe
  2⤵
  PID:12440
- C:\Windows\System\HOjQMPB.exe
  C:\Windows\System\HOjQMPB.exe
  2⤵
  PID:12456
- C:\Windows\System\letOiQl.exe
  C:\Windows\System\letOiQl.exe
  2⤵
  PID:12488
- C:\Windows\System\oSWiPTv.exe
  C:\Windows\System\oSWiPTv.exe
  2⤵
  PID:12520
- C:\Windows\System\qqtcaDU.exe
  C:\Windows\System\qqtcaDU.exe
  2⤵
  PID:12540
- C:\Windows\System\BADizLO.exe
  C:\Windows\System\BADizLO.exe
  2⤵
  PID:12580
- C:\Windows\System\AOhqyeq.exe
  C:\Windows\System\AOhqyeq.exe
  2⤵
  PID:12608
- C:\Windows\System\gtfTfFn.exe
  C:\Windows\System\gtfTfFn.exe
  2⤵
  PID:12652
- C:\Windows\System\MLCgQMS.exe
  C:\Windows\System\MLCgQMS.exe
  2⤵
  PID:12672
- C:\Windows\System\seijGrJ.exe
  C:\Windows\System\seijGrJ.exe
  2⤵
  PID:12704
- C:\Windows\System\NWpOChD.exe
  C:\Windows\System\NWpOChD.exe
  2⤵
  PID:12740
- C:\Windows\System\XfOiYjU.exe
  C:\Windows\System\XfOiYjU.exe
  2⤵
  PID:12764
- C:\Windows\System\TVtKSNb.exe
  C:\Windows\System\TVtKSNb.exe
  2⤵
  PID:12780
- C:\Windows\System\pfqZvZJ.exe
  C:\Windows\System\pfqZvZJ.exe
  2⤵
  PID:12812
- C:\Windows\System\QIrHCBR.exe
  C:\Windows\System\QIrHCBR.exe
  2⤵
  PID:12832
- C:\Windows\System\YnRoimB.exe
  C:\Windows\System\YnRoimB.exe
  2⤵
  PID:12852
- C:\Windows\System\cDjTOEx.exe
  C:\Windows\System\cDjTOEx.exe
  2⤵
  PID:12880
- C:\Windows\System\LCZwfFL.exe
  C:\Windows\System\LCZwfFL.exe
  2⤵
  PID:12920
- C:\Windows\System\qLwBYma.exe
  C:\Windows\System\qLwBYma.exe
  2⤵
  PID:12960
- C:\Windows\System\exliNaY.exe
  C:\Windows\System\exliNaY.exe
  2⤵
  PID:12976
- C:\Windows\System\ChbaAhF.exe
  C:\Windows\System\ChbaAhF.exe
  2⤵
  PID:13000
- C:\Windows\System\MrXtKjp.exe
  C:\Windows\System\MrXtKjp.exe
  2⤵
  PID:13020
- C:\Windows\System\ILgnHIK.exe
  C:\Windows\System\ILgnHIK.exe
  2⤵
  PID:13040
- C:\Windows\System\TcDFSZF.exe
  C:\Windows\System\TcDFSZF.exe
  2⤵
  PID:13060
- C:\Windows\System\kfPBAlW.exe
  C:\Windows\System\kfPBAlW.exe
  2⤵
  PID:13088
- C:\Windows\System\iYhvvED.exe
  C:\Windows\System\iYhvvED.exe
  2⤵
  PID:13132
- C:\Windows\System\QKEliUT.exe
  C:\Windows\System\QKEliUT.exe
  2⤵
  PID:13160
- C:\Windows\System\DxSzpBQ.exe
  C:\Windows\System\DxSzpBQ.exe
  2⤵
  PID:13184
- C:\Windows\System\lNAlSsm.exe
  C:\Windows\System\lNAlSsm.exe
  2⤵
  PID:13224
- C:\Windows\System\bNKWBLA.exe
  C:\Windows\System\bNKWBLA.exe
  2⤵
  PID:13240
- C:\Windows\System\KYecdhq.exe
  C:\Windows\System\KYecdhq.exe
  2⤵
  PID:13264
- C:\Windows\System\UcPElWf.exe
  C:\Windows\System\UcPElWf.exe
  2⤵
  PID:13288
- C:\Windows\System\VAACXBk.exe
  C:\Windows\System\VAACXBk.exe
  2⤵
  PID:13112
- C:\Windows\System\yoCdlvb.exe
  C:\Windows\System\yoCdlvb.exe
  2⤵
  PID:13140
- C:\Windows\System\nuKTSxA.exe
  C:\Windows\System\nuKTSxA.exe
  2⤵
  PID:13152
- C:\Windows\System\gQJnGfc.exe
  C:\Windows\System\gQJnGfc.exe
  2⤵
  PID:13204
- C:\Windows\System\OayfrtA.exe
  C:\Windows\System\OayfrtA.exe
  2⤵
  PID:13308
- C:\Windows\System\SyJjjwf.exe
  C:\Windows\System\SyJjjwf.exe
  2⤵
  PID:4744
- C:\Windows\System\XpJVdgK.exe
  C:\Windows\System\XpJVdgK.exe
  2⤵
  PID:12352
- C:\Windows\System\AsaSzDw.exe
  C:\Windows\System\AsaSzDw.exe
  2⤵
  PID:12420
- C:\Windows\System\VHyqMWx.exe
  C:\Windows\System\VHyqMWx.exe
  2⤵
  PID:12396
- C:\Windows\System\xPJNTch.exe
  C:\Windows\System\xPJNTch.exe
  2⤵
  PID:12496
- C:\Windows\System\ZvJnzEH.exe
  C:\Windows\System\ZvJnzEH.exe
  2⤵
  PID:12572
- C:\Windows\System\JAPTHwW.exe
  C:\Windows\System\JAPTHwW.exe
  2⤵
  PID:12660
- C:\Windows\System\vOPRUhh.exe
  C:\Windows\System\vOPRUhh.exe
  2⤵
  PID:12668

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 4776 -s 1244
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:12820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_a03j4ewf.cc2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BfMmdba.exe

Filesize
1.8MB

MD5
9602b3b0fa7d6cb9898195da43b50eef

SHA1
a7c20abd518b57d5107103264ee833761934d4b1

SHA256
53151b8c7b4bb6c169ecba51787d6788829f32e3b31d28c36598257d3ec90146

SHA512
691605f4f58780bc1904aa5fc69602e7ac3ac4dc6ec1b5c402e53ac0bc2eb464bb5be77b70ee556cb6fe8c04ffa9334410391ad719cdd043a538f477e73c0d42

Download Submit
C:\Windows\System\DRhkKZa.exe

Filesize
1.8MB

MD5
8bb95b7b1c227ecb7480b5f206656ee6

SHA1
52655cdc0354f682d554bb560d4c3ea55e27045f

SHA256
51a7a1f2242410604245e9fa58cfbb9a1aa8ebcfa1894eccbd987690e221bda7

SHA512
a377fccb6f6da0f144cd2aeac6c492f473debc77711bb2b821b29c1facab08e2e63820827dde99bf08b057c256b34228a0232107cc003a45bc2a21c3b08b28c3

Download Submit
C:\Windows\System\DsyqrPG.exe

Filesize
1.8MB

MD5
8bb6272c80a017854ddb05a32a2c901a

SHA1
7300ce56edd793fdb7b1c09206b08d00883849be

SHA256
a654258b78e01f3b69f8ef405a2771e558c5cad17bf734654fccb254f5af8f2d

SHA512
fae0d6953673b9d8ebf6f523a845c12a00f76b15bcfa91c2b4cf40eb4c14169e7fd9f650beb8876910fcad5da3e2d2d74f220dc15393257f34c2c819bca0a0c5

Download Submit
C:\Windows\System\EDPsuiJ.exe

Filesize
1.8MB

MD5
655cd0244014957f26a5e4a4adde2c49

SHA1
5dcf6e6d053d3f77b03280bfc0149ae34dda4266

SHA256
70973d47e485d7fe34026efcd4c24dc8ab73ca5578ad5b07934c72ab16256db2

SHA512
608600d68e82fe311accd7928ca8c8c0b539a6821bd728642964fd185ec2cf631a61580c7bc3bb130d83d5f284650e7db7c2b7fe19e9bad771ab0550550d2d00

Download Submit
C:\Windows\System\EwEiluD.exe

Filesize
1.8MB

MD5
906754b959d1ef8b9d22bfc8dce2bb7d

SHA1
74217462b36adede7ba33507729a19f656e59fcf

SHA256
fdcb0e394568ca855b395a496539d6a855696e4019d0b00c608e9cacb0bd9c73

SHA512
dfee1745bf06c70e05ee3f29e5f9c7c05305117d59c2dfc97ca16c871b9f2cc8247e789905bcd143b255bc33e87547d85d707a99a2d7996698358c45bd202733

Download Submit
C:\Windows\System\KjrOelI.exe

Filesize
1.8MB

MD5
67a4ea5c749ec58056935159205fcd7a

SHA1
1606816c5a554e913076bdbf5306e6bd6c2d6dd2

SHA256
bbd70a26dacd4b622521996d3fc9a7b980145600599096d17299b6ccf89422c1

SHA512
967a33659e42169a3156bb53151aabd13b60931ec034b1e8c5ba85c5fa4b87dcad2d49f8e5095c536be23c0c702f6c8f31d7ff6bf0655ea8ad605587341f2d7d

Download Submit
C:\Windows\System\LSniwuW.exe

Filesize
1.8MB

MD5
4c68b0bbb182314e1ee3adb34a88134b

SHA1
4a8932ace0d6e86a2c4e31372d442d4e3c872517

SHA256
4d1c3e10a3bf0df711ea7963ff73f203fb2c695e61b68ccd98d548d125306d65

SHA512
a0a4e297a8f6c0099f9e1a190ea77fd4912e3ed0f5cf07215b9d22d3d8cae35064732f26744769e299f88b97c3f7c3de37e091402b1356ca9a3e60ecc87c058c

Download Submit
C:\Windows\System\QUdwrTy.exe

Filesize
1.8MB

MD5
6c49fc74846deb960e20d1a3f45a4187

SHA1
7ff453468682710398d5a6128b55b4db010196a1

SHA256
d999cd1a6569b618ec3487f6424c30dc835dad7fce7ae86b903d37cb165b0f51

SHA512
672821aadd1d62d2726ffbaba60d9ad0a9b0ba2c7e61e7697acdfbe94762ae5fe7e9d9ed6ff604daa6a3e9f5ce0df4eb199fda88b8424f5f22c73ab768933831

Download Submit
C:\Windows\System\QoUfgAN.exe

Filesize
1.8MB

MD5
d5d574562f7291945a1a968e701caa0e

SHA1
89cf45f9c1db64fb37aabce5baba8ab18452b221

SHA256
6a38df4da84c618363bf1ea4e5c705df8832985f7dc4532b66a8d7fbc37ffb7f

SHA512
f86ca94c5a918551fc23e41f60735e3a17b6cf9ab731f0736a1fecb2eccedb4315079ce7c0f54b7aea41662ca9e25664463f1f036dccc8912df4c773261ab5a6

Download Submit
C:\Windows\System\RLReDzm.exe

Filesize
1.8MB

MD5
b6490011b6d0adaf812c9ad4e498a51b

SHA1
0821ee09ab45f9448ade79ee1e43a9bb374f4301

SHA256
846101488f09005a68c4688fc4b0d8c66acf1ed9a4f5f5003c49d93ef0d72986

SHA512
708c188b0f04d8a42560075eca2464d3af0646812f7d9fe51ade444855dee4e5217a94865e640ee7938e6172eb771aa8cb5dba211445a8d0de556b4d5666b62e

Download Submit
C:\Windows\System\SYOyOjD.exe

Filesize
1.8MB

MD5
3a6835683440a3f292ee8c55b02c7225

SHA1
8f19740ec77e1c1b782a5ae4e58f9163d6510d72

SHA256
5fd13059b3671566ad78a0f41e99c51972606384e4a9d7cb2573e28c8c1cfdca

SHA512
5b9aa3655f5db1e5c87702c4cc34bf0ec004752e2c49674f1220b960a3e6e8b73ade108fbd206c1d21a3b148edd8f0c4bbcd38687c3225540e7a1ba0ce22253b

Download Submit
C:\Windows\System\SmCHAvI.exe

Filesize
1.7MB

MD5
285be8715c4b0673a8a57e5e4e9acee8

SHA1
66a1c20247419796a90edbb5c71b88618b96341d

SHA256
f9e1e567a55639277b54e92d551c33a806d3b5d1697ff39e2805743f0a5ce926

SHA512
29f97648e79732acc508f7765f22e18559e8bd514a379ae05df788fd227f32eafdda414277e34fc54c323a3a61c19c5672461d9791fe290c0178aa9ba2de6533

Download Submit
C:\Windows\System\TteOvme.exe

Filesize
1.8MB

MD5
3894a6f6643c70867fc01992cd8ceb0c

SHA1
81d833540a9c6d25a133f6a7052f90374e56bef3

SHA256
fc19fbc24d412455d9b39996640150b0f7d720846f1a3418dda7480ae8cfe033

SHA512
e1705972d1612d3035d8f1ada3744bdd4638866a96e45bbbaf385fbd50ab7bbc4a3e34dfc79b58928758c2ae248ba7bc262763f5d13a180d134b780acd39bc9d

Download Submit
C:\Windows\System\UeoWpkQ.exe

Filesize
1.8MB

MD5
790bdb86c2e72ec9958cb5922fa6ecbe

SHA1
7ef1bf58963d60212c7046878332e95a04e41518

SHA256
735675bbc0ad17d62689ffb64a61b9e86f72ea97ee661c95e76b45083d1988a6

SHA512
1226d68097db9f5e43971e90332670f83f8d0e72b6eef0a798d1018c389a225629131421eb6d3a2112a41b26f760ae1b27c201861908d8481ae448eb29acf141

Download Submit
C:\Windows\System\VxhwUYA.exe

Filesize
1.8MB

MD5
757eb1446170d32be7fe56757c826d3f

SHA1
28fc8e36db507dc0639bd986cf76033ba32fea2c

SHA256
bf39f0ad0de404f97202a0f5a95be22c42c75ee9d613011ffd40afcc4e241190

SHA512
48a003b8327e720f6927ee3ca068397a4bea3f2c1b5e17bbfd75cb78bb69c28adf3d0d57680c7e089a3154c7054deec6c497ac2eb369d913f606b3151f9a0ef0

Download Submit
C:\Windows\System\aIHbUER.exe

Filesize
1.8MB

MD5
9a2dcb921b51a015de0bc0e67310cdeb

SHA1
060cef5853c1264ef95949ff222fde50e5a6a3c1

SHA256
4bcb9d1550060c246b4c2d2b3a93fe2aec01597a527d9dc770e8590870d14f8f

SHA512
7041e059bffacdc082b03bf77dd722466b6394c4fab243c9e7380c2c3e57596d807d1f088ad7cdc7559294af8692b07e1a00484859549232ec6b5e4cf52f803d

Download Submit
C:\Windows\System\aIZESYT.exe

Filesize
1.8MB

MD5
5f7f7789f7fb44aba8fba2bc0cbc37bd

SHA1
26068be5a3480355f6328a1ad7e648a1fecb257d

SHA256
24d1d4c2efc95c030a2fd1104048ba8f4ca82418fe8aaa3c37ea171251b80109

SHA512
c5fd59d07003b5d79d484f48f329efeb886f5b59d5d151ab97524042759ed91748043c9b0dddf0531f903b3ec161c9cfa91ba7f05a58c49cdc860894ab8a36de

Download Submit
C:\Windows\System\dRemfWP.exe

Filesize
1.7MB

MD5
7d98c5feda183f169f6e5ba735a2b627

SHA1
92d7789db142bdbf3d007ac22cf83231f5fd3569

SHA256
89074d3179e8c1f6f663466b985b72a6939831adbe51eb63d5eaa34199237e3b

SHA512
2db3655c3d47ecf0de719a3df9d03c4bebad01cae8b93d652fbf99475597c4bc3334f2cb919bd5aac362fb91fa2fd2344b0ab4be8066e02f5cde05944fa4eb35

Download Submit
C:\Windows\System\dbLlZrj.exe

Filesize
1.8MB

MD5
a2eb3fc51e9af33a0b52e4a6641758bf

SHA1
09a2673af057892898878ff292fbc78c9be7f311

SHA256
de61f9a70dac8b6a1b430e59eec729a68a1b454854afbe80e8d3c318736fe73d

SHA512
7cfd20a69e3ea323dad5f8823036dee7d7795c283668eb14f06561b5cbcc3766e1a974c605d3bc2817e750ba5d4199f59f411ae71802e94674eadd1890002e47

Download Submit
C:\Windows\System\dmjWRnI.exe

Filesize
1.8MB

MD5
39bb05d1a78aa6bb9f15cce23b7d0a6e

SHA1
f035e28cf464da1e41a44d51f9dcc9409e0cb116

SHA256
c9edeb0669e670177f5c622b7b80ab6a771e2c1c63eb99e49fb78f53ae8d40c0

SHA512
bd14580564a203bc093e58b5c234f29c8e1ee529375c81f262f3369efae20a775b1b193f1aa531be680a3bdaf7d0855784a3ef5c081df89d71f38af29fb87994

Download Submit
C:\Windows\System\eClzVvr.exe

Filesize
1.8MB

MD5
4c88f0c6fbc2e11adc6f77082f361f87

SHA1
d81c26cf6e7292cb7563fb05195ee317cd9b1787

SHA256
44b6d875b1bd48af82e7307b9ecf717175a6a018b7d80420172de1102a0db43e

SHA512
0807c4513e2bf350a4d51a6187c492b9f6ab021a138cf864d2c213cdf285f7d106b1845a7c47a46c66f527b663cfc2bbce2f1de11f31427d5d0137399ac52914

Download Submit
C:\Windows\System\eOTHwrP.exe

Filesize
1.8MB

MD5
dc479fde6c86ce900dfbf2b22958e9c5

SHA1
b679a550d8a139a71f5665e9acb61fe57dacb4fd

SHA256
5d1befee3b4e125b7a196b3f5d88bf5b5c678764cc35e59372cd85350416170a

SHA512
397c796477070569b30598b3d17919d5478483d345ad1600b36bfb497bdefec7376d6ce9b674c740806dd5ae9619eedb724756fc551bbacd0f44cd51dbfef7af

Download Submit
C:\Windows\System\eWZVoKL.exe

Filesize
1.8MB

MD5
47f55e811766c498f7fadd0db4ef793c

SHA1
f3bd79dafcac18eb6bd4db2ef6929395b2c1e5b5

SHA256
bb416b4317bfe27dd9c542a233868d146603a2f8bfb84dea1cdb0f6d9bc9244c

SHA512
f136115f5063c2e6570a0aab1267ac7f49e3ae2ca435164a8579c43e76e0b30e2b7838632aa87a8ab72622625e637310746fb9bcd6829ffd125787eb59bad05c

Download Submit
C:\Windows\System\fDLerEo.exe

Filesize
1.8MB

MD5
48b40a7e66d952bec757990c5fa3505c

SHA1
7740daa94ebd2ad446d8675b99ebd29d87a4ee92

SHA256
f041571880fc585decb6f6674743aa6647e16af69d9c20ad141fd55cce635840

SHA512
93861134b11d87b5918d0e41a25a43514c289f552d0f0493bbd147ef87d40c028e35951d69950f82d240adf5b78de5e151d586a60a22e5f5aaac4b776895925d

Download Submit
C:\Windows\System\ftHPNUh.exe

Filesize
8B

MD5
66d7e297b90fe34ca06f598960896d19

SHA1
0433321fa0d916440f15cdee91c3e93318197dee

SHA256
62c8848e8576ee6bb1b62b04fa3898ea9c1bff1c6df8e2421efa77ab49fa4456

SHA512
4abb742b6807bc5e9c1f07c9bd2c9a15b441e3a0f7a9715e62b9a71c659b66c03f5bdd4961bd675100bab1c61778e8b524a13e9a54f36d441aeb74ce1a0b5e73

Download Submit
C:\Windows\System\jCpzBQc.exe

Filesize
1.8MB

MD5
5e1abfa743e93d75312004bf68cc87a6

SHA1
c75daee05a8cef14fb3b5953cc883d0c15ea29e3

SHA256
ae31b17fe603b87a9fa1fc722eb4b40125e69ca18af476ba28f3ed706041bfa6

SHA512
fcc2a4d9cc1cccea85f4a01387e1288b870d762b0d6ba5419545b96e26cb4de127353abdd87d75e2b1588a16b1be31f8672cb8d127de2c7f528dd80dd24d0fdc

Download Submit
C:\Windows\System\pwWNqDG.exe

Filesize
1.7MB

MD5
73b937f9d18c276c17c433a7a41ff696

SHA1
e669f37c5eeac71a8e2309fa20e8f438a77ecad0

SHA256
c9e4b44a024d487a09d9ca18dc353c3223162cf406bbc297d61c79dfcde85c31

SHA512
f8ff2c536b64583007fc0d89df7f16273a54eeb21819513b3557f324e6f853a77aaaeef3d74b1478947a37cddc230af2f76be358440d03a75e1b789779ccd3c0

Download Submit
C:\Windows\System\qnLVPFc.exe

Filesize
1.8MB

MD5
405119bebf6086acbeec08d1e6688141

SHA1
45b5618bb3623c8080eaf952eb99bc527c5a9d9c

SHA256
0afb2cfc89e4d6cbadf4f7a50ef1d80b2ae65e8463d6ace87303cfc02b6d87dd

SHA512
af3ca06bc8dc078a3e7e6e50468ce3ca92552477821b91d04ca803384db5096ef96423edfd2b646de097f2059ae44010c45f3181406bf2dbb66e858356677e52

Download Submit
C:\Windows\System\rWgTRFA.exe

Filesize
1.8MB

MD5
e39a2e6af96ef86a335e65d451dfe06a

SHA1
58bb36204a9a64e6202e1792acb764ad84f55e28

SHA256
6c10a689b6a450df9d595cf20029bd6eba730944199dcafd6601b6385a86c41d

SHA512
2c3c9b781c0b33c609077c719368b8bd87c8c3bd0495a804c216b59ed0271c44afdf48ec5927157c7195b632f7f30e4124c5a38afba83e393a39fada66aff5dd

Download Submit
C:\Windows\System\rZVLQUP.exe

Filesize
1.8MB

MD5
cd96f52d74ef6fbdd23542d570ff8d6c

SHA1
52f378cd842bd9a909685ffc184b33c6afe1b001

SHA256
cc4946ce6e340a0094a47745b09f1ecc3d6604b163ef4adc68f7d4eeee8799c4

SHA512
15ce9cb3b653906fb83cbaebcb59e55e075061d7bc207a075c85a6e1c45d02c09433eae01f198c6d5e4ca4480be96e1abfa98e968ed7ca811084d955e96d71a5

Download Submit
C:\Windows\System\roeCfTu.exe

Filesize
1.8MB

MD5
6d26b60ced8f82fdf72142c79890dc6b

SHA1
af141709a4eb977d014657864f2ecdc7094da058

SHA256
12f5910b23b41c00952bbf566ef35422df3a1c5c649d9c74c50f206d1e4fd2f5

SHA512
563a9b22edbf01da16abdbd773c8bac0605cf9249844ef25b893b593c4d505f63d9ee3fa8f6bfa6763ae25e6b412b103d2cc0afe70e68fe4e6e3fe0abb2c85ee

Download Submit
C:\Windows\System\uFYALXM.exe

Filesize
1.8MB

MD5
978268723efbf838556c3c3b9278f361

SHA1
1282edf6ac8fd320324776a19e671338577d75ba

SHA256
af47b1345f6fe018e14b990fdadb8524b9db9d1221c3f02adaca00f6b7dd7157

SHA512
fbfac443ee234cec67b3085397e9c4abeb7d6cd4e4dbd405c57ce51460308b88a74ef8ba361bf4acee597f887df1dfb77b68b46bbc5b1d6a12b56d023609b3c9

Download Submit
C:\Windows\System\uVlwLOI.exe

Filesize
1.8MB

MD5
00fcb5aabd7498964f44a887bddc0af4

SHA1
2a41653e7a60ee4e1a58c698a6c52cb36041b567

SHA256
014a66d4206f9eae1f4460d616a482573c094e6cadf3cfa11567ef2b27550ba5

SHA512
8c9f3ee236de07b0a70b573571b0cb1782bc86ad36bdb10d46300536bc201e3b12deebb3f1953756d8c5f80ede9788054eb6b2dff3b66e3cb571622824cddcdf

Download Submit
C:\Windows\System\weKbeil.exe

Filesize
1.7MB

MD5
273af8f186b695a0df3d4e43da2d44c6

SHA1
c904774ac863f3561af87ea5413d9c72e6a878d7

SHA256
2f5e6495736f7d8601aab60691428ce52e586115565d6f9df560ee141aea32f0

SHA512
6c821ae4aa71823adc8b5289898898d6956fbad83659445cdc79badb4e7366d8b42809cd0dcef0636bab5cfaa25bfd96774235c2e006b9e12d97d541d1f09740

Download Submit
memory/1352-73-0x00007FFDD39B0000-0x00007FFDD4471000-memory.dmp

Filesize
10.8MB

Download
memory/1352-72-0x00000231EE920000-0x00000231EE942000-memory.dmp

Filesize
136KB

Download
memory/1352-86-0x00000231EC670000-0x00000231EC680000-memory.dmp

Filesize
64KB

Download
memory/1352-87-0x00000231EC670000-0x00000231EC680000-memory.dmp

Filesize
64KB

Download
memory/1420-133-0x00007FF71EBF0000-0x00007FF71EFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-3065-0x00007FF71EBF0000-0x00007FF71EFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-97-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-3048-0x00007FF71C900000-0x00007FF71CCF2000-memory.dmp

Filesize
3.9MB

Download
memory/2252-12-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2252-3038-0x00007FF752AF0000-0x00007FF752EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2948-146-0x00007FF66F090000-0x00007FF66F482000-memory.dmp

Filesize
3.9MB

Download
memory/2948-3061-0x00007FF66F090000-0x00007FF66F482000-memory.dmp

Filesize
3.9MB

Download
memory/3216-139-0x00007FF6D3CB0000-0x00007FF6D40A2000-memory.dmp

Filesize
3.9MB

Download
memory/3216-3067-0x00007FF6D3CB0000-0x00007FF6D40A2000-memory.dmp

Filesize
3.9MB

Download
memory/3816-127-0x00007FF606790000-0x00007FF606B82000-memory.dmp

Filesize
3.9MB

Download
memory/3816-3068-0x00007FF606790000-0x00007FF606B82000-memory.dmp

Filesize
3.9MB

Download
memory/3868-3054-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-100-0x00007FF61D3F0000-0x00007FF61D7E2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-3044-0x00007FF681740000-0x00007FF681B32000-memory.dmp

Filesize
3.9MB

Download
memory/4304-93-0x00007FF681740000-0x00007FF681B32000-memory.dmp

Filesize
3.9MB

Download
memory/4420-159-0x00007FF657ED0000-0x00007FF6582C2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-3076-0x00007FF657ED0000-0x00007FF6582C2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-3063-0x00007FF690100000-0x00007FF6904F2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-120-0x00007FF690100000-0x00007FF6904F2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-3059-0x00007FF773850000-0x00007FF773C42000-memory.dmp

Filesize
3.9MB

Download
memory/4612-152-0x00007FF773850000-0x00007FF773C42000-memory.dmp

Filesize
3.9MB

Download
memory/4668-79-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp

Filesize
3.9MB

Download
memory/4668-3052-0x00007FF7B8CF0000-0x00007FF7B90E2000-memory.dmp

Filesize
3.9MB

Download
memory/4780-88-0x00007FF727AD0000-0x00007FF727EC2000-memory.dmp

Filesize
3.9MB

Download
memory/4780-3047-0x00007FF727AD0000-0x00007FF727EC2000-memory.dmp

Filesize
3.9MB

Download
memory/5068-3075-0x00007FF6DD960000-0x00007FF6DDD52000-memory.dmp

Filesize
3.9MB

Download
memory/5068-158-0x00007FF6DD960000-0x00007FF6DDD52000-memory.dmp

Filesize
3.9MB

Download
memory/5152-3078-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp

Filesize
3.9MB

Download
memory/5152-140-0x00007FF6DE560000-0x00007FF6DE952000-memory.dmp

Filesize
3.9MB

Download
memory/5204-108-0x00007FF6DDD90000-0x00007FF6DE182000-memory.dmp

Filesize
3.9MB

Download
memory/5204-3073-0x00007FF6DDD90000-0x00007FF6DE182000-memory.dmp

Filesize
3.9MB

Download
memory/5260-3051-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp

Filesize
3.9MB

Download
memory/5260-85-0x00007FF6FF920000-0x00007FF6FFD12000-memory.dmp

Filesize
3.9MB

Download
memory/5488-3056-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp

Filesize
3.9MB

Download
memory/5488-101-0x00007FF617AB0000-0x00007FF617EA2000-memory.dmp

Filesize
3.9MB

Download
memory/5736-3042-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp

Filesize
3.9MB

Download
memory/5736-3021-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp

Filesize
3.9MB

Download
memory/5736-21-0x00007FF66C9A0000-0x00007FF66CD92000-memory.dmp

Filesize
3.9MB

Download
memory/5764-1-0x00000264C5B30000-0x00000264C5B40000-memory.dmp

Filesize
64KB

Download
memory/5764-0-0x00007FF71DBB0000-0x00007FF71DFA2000-memory.dmp

Filesize
3.9MB

Download
memory/6000-3040-0x00007FF6295A0000-0x00007FF629992000-memory.dmp

Filesize
3.9MB

Download
memory/6000-126-0x00007FF6295A0000-0x00007FF629992000-memory.dmp

Filesize
3.9MB

Download
memory/6040-116-0x00007FF7A5A70000-0x00007FF7A5E62000-memory.dmp

Filesize
3.9MB

Download
memory/6040-3071-0x00007FF7A5A70000-0x00007FF7A5E62000-memory.dmp

Filesize
3.9MB

Download