xmrig | 7039051679bad42b8e603f0a9e04272029a5f52a9bd65643aa63276633757f45

Analysis

max time kernel
66s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
Size

2.2MB
MD5

03d69b99d1165caab726d88be416fe33
SHA1

fd06f410ac7f16c5848d2f497f74e0e908adb69f
SHA256

7039051679bad42b8e603f0a9e04272029a5f52a9bd65643aa63276633757f45
SHA512

8d250aaaaedce776fe75303dc6109a0d6b0b2977f0979db2c06a9cac0c603803c497fefde0caad78b8c54982e4c570d71fa2cb1dea6de6194cd3f76e559edbfe
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrfs:NABZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 13668 created 3336	13668	WerFaultSecure.exe	79

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3456-435-0x00007FF766E10000-0x00007FF767202000-memory.dmp	xmrig
behavioral2/memory/1316-483-0x00007FF7E3710000-0x00007FF7E3B02000-memory.dmp	xmrig
behavioral2/memory/2196-517-0x00007FF63AFD0000-0x00007FF63B3C2000-memory.dmp	xmrig
behavioral2/memory/4116-518-0x00007FF60CE20000-0x00007FF60D212000-memory.dmp	xmrig
behavioral2/memory/2076-516-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp	xmrig
behavioral2/memory/2556-515-0x00007FF628980000-0x00007FF628D72000-memory.dmp	xmrig
behavioral2/memory/2876-514-0x00007FF75B080000-0x00007FF75B472000-memory.dmp	xmrig
behavioral2/memory/4848-513-0x00007FF7D22B0000-0x00007FF7D26A2000-memory.dmp	xmrig
behavioral2/memory/1984-512-0x00007FF7805F0000-0x00007FF7809E2000-memory.dmp	xmrig
behavioral2/memory/3464-511-0x00007FF6055B0000-0x00007FF6059A2000-memory.dmp	xmrig
behavioral2/memory/4204-482-0x00007FF7C44F0000-0x00007FF7C48E2000-memory.dmp	xmrig
behavioral2/memory/3648-388-0x00007FF6C55F0000-0x00007FF6C59E2000-memory.dmp	xmrig
behavioral2/memory/2592-345-0x00007FF7EDDC0000-0x00007FF7EE1B2000-memory.dmp	xmrig
behavioral2/memory/1332-304-0x00007FF743150000-0x00007FF743542000-memory.dmp	xmrig
behavioral2/memory/644-245-0x00007FF7F4760000-0x00007FF7F4B52000-memory.dmp	xmrig
behavioral2/memory/348-222-0x00007FF788210000-0x00007FF788602000-memory.dmp	xmrig
behavioral2/memory/2576-190-0x00007FF71D0B0000-0x00007FF71D4A2000-memory.dmp	xmrig
behavioral2/memory/1300-187-0x00007FF629A50000-0x00007FF629E42000-memory.dmp	xmrig
behavioral2/memory/4708-142-0x00007FF6B4750000-0x00007FF6B4B42000-memory.dmp	xmrig
behavioral2/memory/768-97-0x00007FF768C10000-0x00007FF769002000-memory.dmp	xmrig
behavioral2/memory/4532-66-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp	xmrig
behavioral2/memory/4532-2720-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp	xmrig
behavioral2/memory/2076-2722-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp	xmrig
behavioral2/memory/768-2724-0x00007FF768C10000-0x00007FF769002000-memory.dmp	xmrig
behavioral2/memory/1300-2726-0x00007FF629A50000-0x00007FF629E42000-memory.dmp	xmrig
behavioral2/memory/2576-2729-0x00007FF71D0B0000-0x00007FF71D4A2000-memory.dmp	xmrig
behavioral2/memory/2876-2734-0x00007FF75B080000-0x00007FF75B472000-memory.dmp	xmrig
behavioral2/memory/3456-2736-0x00007FF766E10000-0x00007FF767202000-memory.dmp	xmrig
behavioral2/memory/4708-2733-0x00007FF6B4750000-0x00007FF6B4B42000-memory.dmp	xmrig
behavioral2/memory/644-2731-0x00007FF7F4760000-0x00007FF7F4B52000-memory.dmp	xmrig
behavioral2/memory/1984-2740-0x00007FF7805F0000-0x00007FF7809E2000-memory.dmp	xmrig
behavioral2/memory/1332-2759-0x00007FF743150000-0x00007FF743542000-memory.dmp	xmrig
behavioral2/memory/3648-2786-0x00007FF6C55F0000-0x00007FF6C59E2000-memory.dmp	xmrig
behavioral2/memory/2556-2758-0x00007FF628980000-0x00007FF628D72000-memory.dmp	xmrig
behavioral2/memory/1316-2754-0x00007FF7E3710000-0x00007FF7E3B02000-memory.dmp	xmrig
behavioral2/memory/348-2747-0x00007FF788210000-0x00007FF788602000-memory.dmp	xmrig
behavioral2/memory/2592-2788-0x00007FF7EDDC0000-0x00007FF7EE1B2000-memory.dmp	xmrig
behavioral2/memory/2196-2783-0x00007FF63AFD0000-0x00007FF63B3C2000-memory.dmp	xmrig
behavioral2/memory/4204-2745-0x00007FF7C44F0000-0x00007FF7C48E2000-memory.dmp	xmrig
behavioral2/memory/4848-2752-0x00007FF7D22B0000-0x00007FF7D26A2000-memory.dmp	xmrig
behavioral2/memory/3464-2743-0x00007FF6055B0000-0x00007FF6059A2000-memory.dmp	xmrig
behavioral2/memory/4116-2738-0x00007FF60CE20000-0x00007FF60D212000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2076	XArQtuf.exe
4532	KaKMnWY.exe
768	jdNhiBr.exe
4708	xmLlVpg.exe
1300	XIWShYv.exe
2576	PXfXrcu.exe
348	ClqDRbQ.exe
644	FUQdoFu.exe
1332	OkLAAxs.exe
2592	ULhJItS.exe
3648	TEGpoMy.exe
2196	IBpzwuz.exe
3456	DruqEHp.exe
4204	YWnMhiB.exe
1316	VkKbmSB.exe
4116	LkxfEyV.exe
3464	WGtlzst.exe
1984	KULgdNK.exe
4848	emnUQSi.exe
2876	bHcqWWt.exe
2556	EqGRGNr.exe
3068	JrXQhox.exe
1084	xzMSuyE.exe
2440	HspraBi.exe
3588	sfuBmVW.exe
5064	fgpxgXE.exe
4984	RDztJEn.exe
1560	LdecHiz.exe
4384	KnBnnmR.exe
4268	VcvBOcB.exe
3804	AFeBUYp.exe
832	xhYcdYW.exe
2332	DhpmjeX.exe
2284	qPZUFoC.exe
1728	SnRXiSi.exe
4416	KPZlbXL.exe
3836	DypDTzO.exe
1768	YPDXiBv.exe
4112	UpHwnjI.exe
1796	GFEECZb.exe
4476	fTyzPzl.exe
3904	VmCYeXS.exe
796	jROGkUZ.exe
3432	NCIwdvq.exe
740	UZzQasK.exe
2124	HRFqbwD.exe
3356	nXuAnYI.exe
2828	DQzmDQs.exe
2884	VgOiDaS.exe
2680	gNRMPpa.exe
2312	RSTvcFo.exe
4956	ZJzRbuI.exe
2980	ueViZUH.exe
4716	FedGXTk.exe
2700	fYxdBtY.exe
2300	SGucYen.exe
4964	dFCKfcq.exe
4412	jDScLHf.exe
2432	SfMfSTX.exe
1376	QupcSLv.exe
2424	QlzAHQv.exe
944	rPEKoYB.exe
3748	BemQnGE.exe
1832	HAOVHZJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2864-0-0x00007FF7E70C0000-0x00007FF7E74B2000-memory.dmp	upx
behavioral2/files/0x000b000000023b7e-7.dat	upx
behavioral2/files/0x000a000000023b83-6.dat	upx
behavioral2/files/0x000a000000023b8f-62.dat	upx
behavioral2/files/0x000a000000023b9a-121.dat	upx
behavioral2/memory/3456-435-0x00007FF766E10000-0x00007FF767202000-memory.dmp	upx
behavioral2/memory/1316-483-0x00007FF7E3710000-0x00007FF7E3B02000-memory.dmp	upx
behavioral2/memory/2196-517-0x00007FF63AFD0000-0x00007FF63B3C2000-memory.dmp	upx
behavioral2/memory/4116-518-0x00007FF60CE20000-0x00007FF60D212000-memory.dmp	upx
behavioral2/memory/2076-516-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp	upx
behavioral2/memory/2556-515-0x00007FF628980000-0x00007FF628D72000-memory.dmp	upx
behavioral2/memory/2876-514-0x00007FF75B080000-0x00007FF75B472000-memory.dmp	upx
behavioral2/memory/4848-513-0x00007FF7D22B0000-0x00007FF7D26A2000-memory.dmp	upx
behavioral2/memory/1984-512-0x00007FF7805F0000-0x00007FF7809E2000-memory.dmp	upx
behavioral2/memory/3464-511-0x00007FF6055B0000-0x00007FF6059A2000-memory.dmp	upx
behavioral2/memory/4204-482-0x00007FF7C44F0000-0x00007FF7C48E2000-memory.dmp	upx
behavioral2/memory/3648-388-0x00007FF6C55F0000-0x00007FF6C59E2000-memory.dmp	upx
behavioral2/memory/2592-345-0x00007FF7EDDC0000-0x00007FF7EE1B2000-memory.dmp	upx
behavioral2/memory/1332-304-0x00007FF743150000-0x00007FF743542000-memory.dmp	upx
behavioral2/memory/644-245-0x00007FF7F4760000-0x00007FF7F4B52000-memory.dmp	upx
behavioral2/memory/348-222-0x00007FF788210000-0x00007FF788602000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-200.dat	upx
behavioral2/files/0x000a000000023ba8-196.dat	upx
behavioral2/files/0x000a000000023b97-192.dat	upx
behavioral2/files/0x000a000000023ba7-191.dat	upx
behavioral2/memory/2576-190-0x00007FF71D0B0000-0x00007FF71D4A2000-memory.dmp	upx
behavioral2/memory/1300-187-0x00007FF629A50000-0x00007FF629E42000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-185.dat	upx
behavioral2/files/0x000a000000023ba4-182.dat	upx
behavioral2/files/0x000a000000023b93-178.dat	upx
behavioral2/files/0x000a000000023ba3-175.dat	upx
behavioral2/files/0x000a000000023ba2-174.dat	upx
behavioral2/files/0x000a000000023ba1-168.dat	upx
behavioral2/files/0x000a000000023b92-161.dat	upx
behavioral2/files/0x000a000000023b8e-157.dat	upx
behavioral2/files/0x000a000000023ba0-156.dat	upx
behavioral2/files/0x000a000000023b91-152.dat	upx
behavioral2/files/0x000a000000023b9f-151.dat	upx
behavioral2/files/0x000a000000023b9e-197.dat	upx
behavioral2/files/0x000a000000023b9d-138.dat	upx
behavioral2/files/0x000a000000023b9c-136.dat	upx
behavioral2/files/0x000a000000023b9b-134.dat	upx
behavioral2/files/0x000a000000023b95-133.dat	upx
behavioral2/files/0x000a000000023b99-119.dat	upx
behavioral2/files/0x000a000000023b8d-109.dat	upx
behavioral2/files/0x000a000000023b98-108.dat	upx
behavioral2/memory/4708-142-0x00007FF6B4750000-0x00007FF6B4B42000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-100.dat	upx
behavioral2/memory/768-97-0x00007FF768C10000-0x00007FF769002000-memory.dmp	upx
behavioral2/files/0x000a000000023b8c-94.dat	upx
behavioral2/files/0x000a000000023b8b-89.dat	upx
behavioral2/files/0x000a000000023b8a-86.dat	upx
behavioral2/files/0x000a000000023b90-112.dat	upx
behavioral2/files/0x000a000000023b88-81.dat	upx
behavioral2/files/0x000a000000023b87-77.dat	upx
behavioral2/files/0x000a000000023b86-106.dat	upx
behavioral2/memory/4532-66-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-57.dat	upx
behavioral2/files/0x000a000000023b89-84.dat	upx
behavioral2/files/0x000a000000023b84-52.dat	upx
behavioral2/files/0x000a000000023b82-13.dat	upx
behavioral2/memory/4532-2720-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp	upx
behavioral2/memory/2076-2722-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp	upx
behavioral2/memory/768-2724-0x00007FF768C10000-0x00007FF769002000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EyvRfbB.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\vEsNiKC.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\ZRIipJP.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\hlNypRa.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\TTjVKKr.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\cpmalms.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\yMEuRhi.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\AFeBUYp.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\iUJsBLe.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\ItSFcxy.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\CZGAzma.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\UpsZSBL.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\BOnhSYU.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\LMnHRFZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\gZzSYIC.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\SIIBzqU.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\VEjHxHs.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\AEvHfHR.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\PBdDHSl.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\OTDjdXa.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\CQjkftK.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\chELukN.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\pDjQQZA.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\FRbjYwD.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\LltCUvC.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\WUOdLzn.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\YWnMhiB.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\TPONmOK.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\pAxbfoL.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\mVljNnZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\NgADoEE.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\BGDtEcV.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\rIHhVSB.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\lpvPvFs.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\eVUxZWZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\cNJRsGT.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\OnLANYU.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\rJrzwDC.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\aVIrXiV.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\sIUeitF.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\GEkHTcL.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\KtKcPfZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\eVTPpBg.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\elQMbGz.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\WryyvFK.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\XizrnXv.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\UqajOIZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\eCEjiVY.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\akvpvOV.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\xUnTCrh.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\WyMOfNF.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\NvPrydE.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\vCJvKLT.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\SINFuXT.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\DMBsrrh.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\oQGKyxA.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\xYPGqhM.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\yvAptuT.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\txJXRuS.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\ZFdCuAa.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\RwMAnpI.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\QClkqQk.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\bYhPcEP.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
File created	C:\Windows\System\MOSorkZ.exe	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4344	powershell.exe
4344	powershell.exe
4344	powershell.exe
4344	powershell.exe
14324	WerFaultSecure.exe
14324	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	powershell.exe
Token: SeLockMemoryPrivilege	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 4344	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	84
PID 2864 wrote to memory of 4344	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	84
PID 2864 wrote to memory of 2076	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	85
PID 2864 wrote to memory of 2076	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	85
PID 2864 wrote to memory of 4532	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	86
PID 2864 wrote to memory of 4532	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	86
PID 2864 wrote to memory of 768	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	87
PID 2864 wrote to memory of 768	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	87
PID 2864 wrote to memory of 4708	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	88
PID 2864 wrote to memory of 4708	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	88
PID 2864 wrote to memory of 1300	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	89
PID 2864 wrote to memory of 1300	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	89
PID 2864 wrote to memory of 348	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	90
PID 2864 wrote to memory of 348	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	90
PID 2864 wrote to memory of 2576	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	91
PID 2864 wrote to memory of 2576	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	91
PID 2864 wrote to memory of 644	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	92
PID 2864 wrote to memory of 644	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	92
PID 2864 wrote to memory of 1332	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	93
PID 2864 wrote to memory of 1332	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	93
PID 2864 wrote to memory of 2592	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	94
PID 2864 wrote to memory of 2592	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	94
PID 2864 wrote to memory of 3648	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	95
PID 2864 wrote to memory of 3648	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	95
PID 2864 wrote to memory of 2196	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	96
PID 2864 wrote to memory of 2196	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	96
PID 2864 wrote to memory of 3456	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	97
PID 2864 wrote to memory of 3456	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	97
PID 2864 wrote to memory of 4204	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	98
PID 2864 wrote to memory of 4204	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	98
PID 2864 wrote to memory of 1316	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	99
PID 2864 wrote to memory of 1316	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	99
PID 2864 wrote to memory of 4116	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	100
PID 2864 wrote to memory of 4116	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	100
PID 2864 wrote to memory of 3464	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	101
PID 2864 wrote to memory of 3464	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	101
PID 2864 wrote to memory of 1984	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	102
PID 2864 wrote to memory of 1984	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	102
PID 2864 wrote to memory of 4848	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	103
PID 2864 wrote to memory of 4848	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	103
PID 2864 wrote to memory of 2876	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	104
PID 2864 wrote to memory of 2876	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	104
PID 2864 wrote to memory of 5064	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	105
PID 2864 wrote to memory of 5064	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	105
PID 2864 wrote to memory of 2556	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	106
PID 2864 wrote to memory of 2556	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	106
PID 2864 wrote to memory of 3068	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	107
PID 2864 wrote to memory of 3068	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	107
PID 2864 wrote to memory of 1084	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	108
PID 2864 wrote to memory of 1084	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	108
PID 2864 wrote to memory of 2440	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	109
PID 2864 wrote to memory of 2440	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	109
PID 2864 wrote to memory of 3588	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	110
PID 2864 wrote to memory of 3588	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	110
PID 2864 wrote to memory of 4984	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	111
PID 2864 wrote to memory of 4984	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	111
PID 2864 wrote to memory of 1560	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	112
PID 2864 wrote to memory of 1560	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	112
PID 2864 wrote to memory of 4384	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	113
PID 2864 wrote to memory of 4384	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	113
PID 2864 wrote to memory of 4268	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	114
PID 2864 wrote to memory of 4268	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	114
PID 2864 wrote to memory of 3804	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	115
PID 2864 wrote to memory of 3804	2864	03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe	115

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:3336
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 3336 -s 1076
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:14324

C:\Users\Admin\AppData\Local\Temp\03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03d69b99d1165caab726d88be416fe33_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4344
- C:\Windows\System\XArQtuf.exe
  C:\Windows\System\XArQtuf.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\KaKMnWY.exe
  C:\Windows\System\KaKMnWY.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\jdNhiBr.exe
  C:\Windows\System\jdNhiBr.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\xmLlVpg.exe
  C:\Windows\System\xmLlVpg.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\XIWShYv.exe
  C:\Windows\System\XIWShYv.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ClqDRbQ.exe
  C:\Windows\System\ClqDRbQ.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\PXfXrcu.exe
  C:\Windows\System\PXfXrcu.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FUQdoFu.exe
  C:\Windows\System\FUQdoFu.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\OkLAAxs.exe
  C:\Windows\System\OkLAAxs.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\ULhJItS.exe
  C:\Windows\System\ULhJItS.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\TEGpoMy.exe
  C:\Windows\System\TEGpoMy.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\IBpzwuz.exe
  C:\Windows\System\IBpzwuz.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\DruqEHp.exe
  C:\Windows\System\DruqEHp.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\YWnMhiB.exe
  C:\Windows\System\YWnMhiB.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\VkKbmSB.exe
  C:\Windows\System\VkKbmSB.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\LkxfEyV.exe
  C:\Windows\System\LkxfEyV.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\WGtlzst.exe
  C:\Windows\System\WGtlzst.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\KULgdNK.exe
  C:\Windows\System\KULgdNK.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\emnUQSi.exe
  C:\Windows\System\emnUQSi.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\bHcqWWt.exe
  C:\Windows\System\bHcqWWt.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\fgpxgXE.exe
  C:\Windows\System\fgpxgXE.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\EqGRGNr.exe
  C:\Windows\System\EqGRGNr.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\JrXQhox.exe
  C:\Windows\System\JrXQhox.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xzMSuyE.exe
  C:\Windows\System\xzMSuyE.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\HspraBi.exe
  C:\Windows\System\HspraBi.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\sfuBmVW.exe
  C:\Windows\System\sfuBmVW.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\RDztJEn.exe
  C:\Windows\System\RDztJEn.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\LdecHiz.exe
  C:\Windows\System\LdecHiz.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KnBnnmR.exe
  C:\Windows\System\KnBnnmR.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\VcvBOcB.exe
  C:\Windows\System\VcvBOcB.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\AFeBUYp.exe
  C:\Windows\System\AFeBUYp.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\xhYcdYW.exe
  C:\Windows\System\xhYcdYW.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\DhpmjeX.exe
  C:\Windows\System\DhpmjeX.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qPZUFoC.exe
  C:\Windows\System\qPZUFoC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\SnRXiSi.exe
  C:\Windows\System\SnRXiSi.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\KPZlbXL.exe
  C:\Windows\System\KPZlbXL.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\DQzmDQs.exe
  C:\Windows\System\DQzmDQs.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\VgOiDaS.exe
  C:\Windows\System\VgOiDaS.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\DypDTzO.exe
  C:\Windows\System\DypDTzO.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\YPDXiBv.exe
  C:\Windows\System\YPDXiBv.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\UpHwnjI.exe
  C:\Windows\System\UpHwnjI.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\GFEECZb.exe
  C:\Windows\System\GFEECZb.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\fTyzPzl.exe
  C:\Windows\System\fTyzPzl.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\VmCYeXS.exe
  C:\Windows\System\VmCYeXS.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\jROGkUZ.exe
  C:\Windows\System\jROGkUZ.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\NCIwdvq.exe
  C:\Windows\System\NCIwdvq.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\UZzQasK.exe
  C:\Windows\System\UZzQasK.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\HRFqbwD.exe
  C:\Windows\System\HRFqbwD.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\nXuAnYI.exe
  C:\Windows\System\nXuAnYI.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\gNRMPpa.exe
  C:\Windows\System\gNRMPpa.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\RSTvcFo.exe
  C:\Windows\System\RSTvcFo.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ZJzRbuI.exe
  C:\Windows\System\ZJzRbuI.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\ueViZUH.exe
  C:\Windows\System\ueViZUH.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\FedGXTk.exe
  C:\Windows\System\FedGXTk.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\fYxdBtY.exe
  C:\Windows\System\fYxdBtY.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\SGucYen.exe
  C:\Windows\System\SGucYen.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\dFCKfcq.exe
  C:\Windows\System\dFCKfcq.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\jDScLHf.exe
  C:\Windows\System\jDScLHf.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\SfMfSTX.exe
  C:\Windows\System\SfMfSTX.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\QupcSLv.exe
  C:\Windows\System\QupcSLv.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\QlzAHQv.exe
  C:\Windows\System\QlzAHQv.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\rPEKoYB.exe
  C:\Windows\System\rPEKoYB.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\BemQnGE.exe
  C:\Windows\System\BemQnGE.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\HAOVHZJ.exe
  C:\Windows\System\HAOVHZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\PXvcekC.exe
  C:\Windows\System\PXvcekC.exe
  2⤵
  PID:620
- C:\Windows\System\EGfagNx.exe
  C:\Windows\System\EGfagNx.exe
  2⤵
  PID:1568
- C:\Windows\System\fHHqOla.exe
  C:\Windows\System\fHHqOla.exe
  2⤵
  PID:4100
- C:\Windows\System\NqAiqoo.exe
  C:\Windows\System\NqAiqoo.exe
  2⤵
  PID:1672
- C:\Windows\System\hlNypRa.exe
  C:\Windows\System\hlNypRa.exe
  2⤵
  PID:2264
- C:\Windows\System\TpVOUSe.exe
  C:\Windows\System\TpVOUSe.exe
  2⤵
  PID:3444
- C:\Windows\System\ChdyUOe.exe
  C:\Windows\System\ChdyUOe.exe
  2⤵
  PID:1660
- C:\Windows\System\yVHhTVb.exe
  C:\Windows\System\yVHhTVb.exe
  2⤵
  PID:4976
- C:\Windows\System\WLTnaTO.exe
  C:\Windows\System\WLTnaTO.exe
  2⤵
  PID:4620
- C:\Windows\System\jqmBXEK.exe
  C:\Windows\System\jqmBXEK.exe
  2⤵
  PID:3372
- C:\Windows\System\McrhOfg.exe
  C:\Windows\System\McrhOfg.exe
  2⤵
  PID:5076
- C:\Windows\System\ofKVawK.exe
  C:\Windows\System\ofKVawK.exe
  2⤵
  PID:2392
- C:\Windows\System\slMsxsq.exe
  C:\Windows\System\slMsxsq.exe
  2⤵
  PID:548
- C:\Windows\System\xhBSDQG.exe
  C:\Windows\System\xhBSDQG.exe
  2⤵
  PID:4912
- C:\Windows\System\egiUrtb.exe
  C:\Windows\System\egiUrtb.exe
  2⤵
  PID:3476
- C:\Windows\System\bhlobmO.exe
  C:\Windows\System\bhlobmO.exe
  2⤵
  PID:4572
- C:\Windows\System\OEaqskX.exe
  C:\Windows\System\OEaqskX.exe
  2⤵
  PID:2840
- C:\Windows\System\DGfogYB.exe
  C:\Windows\System\DGfogYB.exe
  2⤵
  PID:5132
- C:\Windows\System\jpvFjgB.exe
  C:\Windows\System\jpvFjgB.exe
  2⤵
  PID:5156
- C:\Windows\System\egcvkDD.exe
  C:\Windows\System\egcvkDD.exe
  2⤵
  PID:5180
- C:\Windows\System\binOgZI.exe
  C:\Windows\System\binOgZI.exe
  2⤵
  PID:5208
- C:\Windows\System\HtOqIaR.exe
  C:\Windows\System\HtOqIaR.exe
  2⤵
  PID:5264
- C:\Windows\System\WoTvbtu.exe
  C:\Windows\System\WoTvbtu.exe
  2⤵
  PID:5280
- C:\Windows\System\FvaMXBz.exe
  C:\Windows\System\FvaMXBz.exe
  2⤵
  PID:5308
- C:\Windows\System\FqiJFzI.exe
  C:\Windows\System\FqiJFzI.exe
  2⤵
  PID:5348
- C:\Windows\System\vzDAzxd.exe
  C:\Windows\System\vzDAzxd.exe
  2⤵
  PID:5368
- C:\Windows\System\GLwbhSw.exe
  C:\Windows\System\GLwbhSw.exe
  2⤵
  PID:5384
- C:\Windows\System\JudNonq.exe
  C:\Windows\System\JudNonq.exe
  2⤵
  PID:5408
- C:\Windows\System\eXykRWU.exe
  C:\Windows\System\eXykRWU.exe
  2⤵
  PID:5456
- C:\Windows\System\rGfWgeb.exe
  C:\Windows\System\rGfWgeb.exe
  2⤵
  PID:5488
- C:\Windows\System\RAXjUWq.exe
  C:\Windows\System\RAXjUWq.exe
  2⤵
  PID:5516
- C:\Windows\System\zYiuBeD.exe
  C:\Windows\System\zYiuBeD.exe
  2⤵
  PID:5540
- C:\Windows\System\SjMfgEX.exe
  C:\Windows\System\SjMfgEX.exe
  2⤵
  PID:5564
- C:\Windows\System\YivNrwu.exe
  C:\Windows\System\YivNrwu.exe
  2⤵
  PID:5588
- C:\Windows\System\SlUWqjn.exe
  C:\Windows\System\SlUWqjn.exe
  2⤵
  PID:5604
- C:\Windows\System\ZXSQbLE.exe
  C:\Windows\System\ZXSQbLE.exe
  2⤵
  PID:5628
- C:\Windows\System\vCJvKLT.exe
  C:\Windows\System\vCJvKLT.exe
  2⤵
  PID:5660
- C:\Windows\System\WntGmIl.exe
  C:\Windows\System\WntGmIl.exe
  2⤵
  PID:5684
- C:\Windows\System\zJslDmI.exe
  C:\Windows\System\zJslDmI.exe
  2⤵
  PID:5708
- C:\Windows\System\RYLVTlF.exe
  C:\Windows\System\RYLVTlF.exe
  2⤵
  PID:5732
- C:\Windows\System\ZIEfkrU.exe
  C:\Windows\System\ZIEfkrU.exe
  2⤵
  PID:5756
- C:\Windows\System\njjUlHX.exe
  C:\Windows\System\njjUlHX.exe
  2⤵
  PID:5780
- C:\Windows\System\aBSnQMe.exe
  C:\Windows\System\aBSnQMe.exe
  2⤵
  PID:5800
- C:\Windows\System\ZBNCSSr.exe
  C:\Windows\System\ZBNCSSr.exe
  2⤵
  PID:5824
- C:\Windows\System\USQLWjz.exe
  C:\Windows\System\USQLWjz.exe
  2⤵
  PID:5840
- C:\Windows\System\DGcJZDO.exe
  C:\Windows\System\DGcJZDO.exe
  2⤵
  PID:5856
- C:\Windows\System\AQrGXLQ.exe
  C:\Windows\System\AQrGXLQ.exe
  2⤵
  PID:5872
- C:\Windows\System\FokIFGr.exe
  C:\Windows\System\FokIFGr.exe
  2⤵
  PID:5908
- C:\Windows\System\jXCncVq.exe
  C:\Windows\System\jXCncVq.exe
  2⤵
  PID:5936
- C:\Windows\System\pguXbsP.exe
  C:\Windows\System\pguXbsP.exe
  2⤵
  PID:5960
- C:\Windows\System\ShzOEDU.exe
  C:\Windows\System\ShzOEDU.exe
  2⤵
  PID:5984
- C:\Windows\System\rJrzwDC.exe
  C:\Windows\System\rJrzwDC.exe
  2⤵
  PID:6024
- C:\Windows\System\ASJIwqr.exe
  C:\Windows\System\ASJIwqr.exe
  2⤵
  PID:6056
- C:\Windows\System\CzdsgVu.exe
  C:\Windows\System\CzdsgVu.exe
  2⤵
  PID:6092
- C:\Windows\System\ZbaSdQL.exe
  C:\Windows\System\ZbaSdQL.exe
  2⤵
  PID:6120
- C:\Windows\System\HOxNeWP.exe
  C:\Windows\System\HOxNeWP.exe
  2⤵
  PID:6136
- C:\Windows\System\bYhPcEP.exe
  C:\Windows\System\bYhPcEP.exe
  2⤵
  PID:4488
- C:\Windows\System\YMRsAly.exe
  C:\Windows\System\YMRsAly.exe
  2⤵
  PID:3396
- C:\Windows\System\BNcKphC.exe
  C:\Windows\System\BNcKphC.exe
  2⤵
  PID:440
- C:\Windows\System\OBiEOid.exe
  C:\Windows\System\OBiEOid.exe
  2⤵
  PID:5224
- C:\Windows\System\NpEHCtb.exe
  C:\Windows\System\NpEHCtb.exe
  2⤵
  PID:5276
- C:\Windows\System\malRVcB.exe
  C:\Windows\System\malRVcB.exe
  2⤵
  PID:4356
- C:\Windows\System\dnvsfMW.exe
  C:\Windows\System\dnvsfMW.exe
  2⤵
  PID:4720
- C:\Windows\System\zVLsSJG.exe
  C:\Windows\System\zVLsSJG.exe
  2⤵
  PID:2528
- C:\Windows\System\REpugCK.exe
  C:\Windows\System\REpugCK.exe
  2⤵
  PID:2180
- C:\Windows\System\SlJlPuC.exe
  C:\Windows\System\SlJlPuC.exe
  2⤵
  PID:736
- C:\Windows\System\ntLLnPB.exe
  C:\Windows\System\ntLLnPB.exe
  2⤵
  PID:680
- C:\Windows\System\IFJqnQq.exe
  C:\Windows\System\IFJqnQq.exe
  2⤵
  PID:5196
- C:\Windows\System\fxevGPY.exe
  C:\Windows\System\fxevGPY.exe
  2⤵
  PID:1556
- C:\Windows\System\XKcfWpO.exe
  C:\Windows\System\XKcfWpO.exe
  2⤵
  PID:2676
- C:\Windows\System\zJjQmTk.exe
  C:\Windows\System\zJjQmTk.exe
  2⤵
  PID:2628
- C:\Windows\System\oCHBZSe.exe
  C:\Windows\System\oCHBZSe.exe
  2⤵
  PID:5172
- C:\Windows\System\UUGBhZC.exe
  C:\Windows\System\UUGBhZC.exe
  2⤵
  PID:5204
- C:\Windows\System\KWvekem.exe
  C:\Windows\System\KWvekem.exe
  2⤵
  PID:5768
- C:\Windows\System\VvRBhTE.exe
  C:\Windows\System\VvRBhTE.exe
  2⤵
  PID:5356
- C:\Windows\System\WryyvFK.exe
  C:\Windows\System\WryyvFK.exe
  2⤵
  PID:6156
- C:\Windows\System\KtKcPfZ.exe
  C:\Windows\System\KtKcPfZ.exe
  2⤵
  PID:6176
- C:\Windows\System\UePGWtc.exe
  C:\Windows\System\UePGWtc.exe
  2⤵
  PID:6212
- C:\Windows\System\xmKMcFp.exe
  C:\Windows\System\xmKMcFp.exe
  2⤵
  PID:6232
- C:\Windows\System\riuGZrS.exe
  C:\Windows\System\riuGZrS.exe
  2⤵
  PID:6264
- C:\Windows\System\NPFywhS.exe
  C:\Windows\System\NPFywhS.exe
  2⤵
  PID:6296
- C:\Windows\System\ABNhcYk.exe
  C:\Windows\System\ABNhcYk.exe
  2⤵
  PID:6332
- C:\Windows\System\xIbWMzL.exe
  C:\Windows\System\xIbWMzL.exe
  2⤵
  PID:6368
- C:\Windows\System\OibyRrm.exe
  C:\Windows\System\OibyRrm.exe
  2⤵
  PID:6392
- C:\Windows\System\fwWEWev.exe
  C:\Windows\System\fwWEWev.exe
  2⤵
  PID:6424
- C:\Windows\System\DZFRJow.exe
  C:\Windows\System\DZFRJow.exe
  2⤵
  PID:6440
- C:\Windows\System\kfOoxOo.exe
  C:\Windows\System\kfOoxOo.exe
  2⤵
  PID:6464
- C:\Windows\System\WTOPxOQ.exe
  C:\Windows\System\WTOPxOQ.exe
  2⤵
  PID:6496
- C:\Windows\System\YiHFUFA.exe
  C:\Windows\System\YiHFUFA.exe
  2⤵
  PID:6512
- C:\Windows\System\WWRUjbP.exe
  C:\Windows\System\WWRUjbP.exe
  2⤵
  PID:6528
- C:\Windows\System\XizrnXv.exe
  C:\Windows\System\XizrnXv.exe
  2⤵
  PID:6544
- C:\Windows\System\YZroysj.exe
  C:\Windows\System\YZroysj.exe
  2⤵
  PID:6568
- C:\Windows\System\vbTFdNp.exe
  C:\Windows\System\vbTFdNp.exe
  2⤵
  PID:6592
- C:\Windows\System\EyvRfbB.exe
  C:\Windows\System\EyvRfbB.exe
  2⤵
  PID:6612
- C:\Windows\System\pALRAUA.exe
  C:\Windows\System\pALRAUA.exe
  2⤵
  PID:6640
- C:\Windows\System\NvSSjOo.exe
  C:\Windows\System\NvSSjOo.exe
  2⤵
  PID:6768
- C:\Windows\System\HuyqWFv.exe
  C:\Windows\System\HuyqWFv.exe
  2⤵
  PID:6784
- C:\Windows\System\KBeebCw.exe
  C:\Windows\System\KBeebCw.exe
  2⤵
  PID:6800
- C:\Windows\System\yvAptuT.exe
  C:\Windows\System\yvAptuT.exe
  2⤵
  PID:6816
- C:\Windows\System\msXxgGu.exe
  C:\Windows\System\msXxgGu.exe
  2⤵
  PID:6832
- C:\Windows\System\HswMGcp.exe
  C:\Windows\System\HswMGcp.exe
  2⤵
  PID:6848
- C:\Windows\System\BTbRsHG.exe
  C:\Windows\System\BTbRsHG.exe
  2⤵
  PID:6864
- C:\Windows\System\lpvPvFs.exe
  C:\Windows\System\lpvPvFs.exe
  2⤵
  PID:6880
- C:\Windows\System\jtnwhwy.exe
  C:\Windows\System\jtnwhwy.exe
  2⤵
  PID:6896
- C:\Windows\System\wKlMlaa.exe
  C:\Windows\System\wKlMlaa.exe
  2⤵
  PID:6912
- C:\Windows\System\NYTFZky.exe
  C:\Windows\System\NYTFZky.exe
  2⤵
  PID:6928
- C:\Windows\System\BaeEuXK.exe
  C:\Windows\System\BaeEuXK.exe
  2⤵
  PID:6944
- C:\Windows\System\YprKRpy.exe
  C:\Windows\System\YprKRpy.exe
  2⤵
  PID:6960
- C:\Windows\System\iOvFdeE.exe
  C:\Windows\System\iOvFdeE.exe
  2⤵
  PID:6976
- C:\Windows\System\nojVCPi.exe
  C:\Windows\System\nojVCPi.exe
  2⤵
  PID:6992
- C:\Windows\System\qoWvgKv.exe
  C:\Windows\System\qoWvgKv.exe
  2⤵
  PID:7008
- C:\Windows\System\knYqifW.exe
  C:\Windows\System\knYqifW.exe
  2⤵
  PID:7108
- C:\Windows\System\IVmkJxe.exe
  C:\Windows\System\IVmkJxe.exe
  2⤵
  PID:7124
- C:\Windows\System\PhgKIJT.exe
  C:\Windows\System\PhgKIJT.exe
  2⤵
  PID:7144
- C:\Windows\System\fPERiUk.exe
  C:\Windows\System\fPERiUk.exe
  2⤵
  PID:7160
- C:\Windows\System\nDGLWvl.exe
  C:\Windows\System\nDGLWvl.exe
  2⤵
  PID:2912
- C:\Windows\System\KJuLJtx.exe
  C:\Windows\System\KJuLJtx.exe
  2⤵
  PID:5424
- C:\Windows\System\mSIFWyK.exe
  C:\Windows\System\mSIFWyK.exe
  2⤵
  PID:5496
- C:\Windows\System\MSrawnv.exe
  C:\Windows\System\MSrawnv.exe
  2⤵
  PID:556
- C:\Windows\System\jmpGeIa.exe
  C:\Windows\System\jmpGeIa.exe
  2⤵
  PID:5612
- C:\Windows\System\UNnvRjy.exe
  C:\Windows\System\UNnvRjy.exe
  2⤵
  PID:5672
- C:\Windows\System\eVakjOU.exe
  C:\Windows\System\eVakjOU.exe
  2⤵
  PID:5740
- C:\Windows\System\ASVeacJ.exe
  C:\Windows\System\ASVeacJ.exe
  2⤵
  PID:5952
- C:\Windows\System\CZprZVU.exe
  C:\Windows\System\CZprZVU.exe
  2⤵
  PID:5924
- C:\Windows\System\aZzTTRe.exe
  C:\Windows\System\aZzTTRe.exe
  2⤵
  PID:5880
- C:\Windows\System\EzTAeIW.exe
  C:\Windows\System\EzTAeIW.exe
  2⤵
  PID:5816
- C:\Windows\System\sCTDbms.exe
  C:\Windows\System\sCTDbms.exe
  2⤵
  PID:6036
- C:\Windows\System\YxBXfUi.exe
  C:\Windows\System\YxBXfUi.exe
  2⤵
  PID:6100
- C:\Windows\System\ByPbGbz.exe
  C:\Windows\System\ByPbGbz.exe
  2⤵
  PID:2268
- C:\Windows\System\hklAQMq.exe
  C:\Windows\System\hklAQMq.exe
  2⤵
  PID:5272
- C:\Windows\System\POrMLzm.exe
  C:\Windows\System\POrMLzm.exe
  2⤵
  PID:3584
- C:\Windows\System\whgULvw.exe
  C:\Windows\System\whgULvw.exe
  2⤵
  PID:1404
- C:\Windows\System\BMbduyu.exe
  C:\Windows\System\BMbduyu.exe
  2⤵
  PID:5288
- C:\Windows\System\lZisszb.exe
  C:\Windows\System\lZisszb.exe
  2⤵
  PID:3008
- C:\Windows\System\qOjdQnG.exe
  C:\Windows\System\qOjdQnG.exe
  2⤵
  PID:6272
- C:\Windows\System\RXkvcVB.exe
  C:\Windows\System\RXkvcVB.exe
  2⤵
  PID:1468
- C:\Windows\System\YqUhwiq.exe
  C:\Windows\System\YqUhwiq.exe
  2⤵
  PID:3976
- C:\Windows\System\KtqXwpd.exe
  C:\Windows\System\KtqXwpd.exe
  2⤵
  PID:5200
- C:\Windows\System\WSZyTYo.exe
  C:\Windows\System\WSZyTYo.exe
  2⤵
  PID:6148
- C:\Windows\System\GYGthaD.exe
  C:\Windows\System\GYGthaD.exe
  2⤵
  PID:6256
- C:\Windows\System\MmawUYM.exe
  C:\Windows\System\MmawUYM.exe
  2⤵
  PID:6320
- C:\Windows\System\RMMJtDc.exe
  C:\Windows\System\RMMJtDc.exe
  2⤵
  PID:6388
- C:\Windows\System\iVoiRQV.exe
  C:\Windows\System\iVoiRQV.exe
  2⤵
  PID:6456
- C:\Windows\System\vacNEKZ.exe
  C:\Windows\System\vacNEKZ.exe
  2⤵
  PID:6508
- C:\Windows\System\lHUxpNq.exe
  C:\Windows\System\lHUxpNq.exe
  2⤵
  PID:6540
- C:\Windows\System\xGUvXee.exe
  C:\Windows\System\xGUvXee.exe
  2⤵
  PID:1932
- C:\Windows\System\OyBUjQk.exe
  C:\Windows\System\OyBUjQk.exe
  2⤵
  PID:6648
- C:\Windows\System\OfecLTJ.exe
  C:\Windows\System\OfecLTJ.exe
  2⤵
  PID:7188
- C:\Windows\System\UqajOIZ.exe
  C:\Windows\System\UqajOIZ.exe
  2⤵
  PID:7208
- C:\Windows\System\eCEjiVY.exe
  C:\Windows\System\eCEjiVY.exe
  2⤵
  PID:7228
- C:\Windows\System\VAdnXCy.exe
  C:\Windows\System\VAdnXCy.exe
  2⤵
  PID:7244
- C:\Windows\System\PvrOjEp.exe
  C:\Windows\System\PvrOjEp.exe
  2⤵
  PID:7264
- C:\Windows\System\akvpvOV.exe
  C:\Windows\System\akvpvOV.exe
  2⤵
  PID:7284
- C:\Windows\System\eVUxZWZ.exe
  C:\Windows\System\eVUxZWZ.exe
  2⤵
  PID:7304
- C:\Windows\System\AlavPFm.exe
  C:\Windows\System\AlavPFm.exe
  2⤵
  PID:7324
- C:\Windows\System\OqIyIdQ.exe
  C:\Windows\System\OqIyIdQ.exe
  2⤵
  PID:7344
- C:\Windows\System\sCKLXZt.exe
  C:\Windows\System\sCKLXZt.exe
  2⤵
  PID:7364
- C:\Windows\System\akxiuFp.exe
  C:\Windows\System\akxiuFp.exe
  2⤵
  PID:7388
- C:\Windows\System\KJTVgKP.exe
  C:\Windows\System\KJTVgKP.exe
  2⤵
  PID:7412
- C:\Windows\System\IJWNTbg.exe
  C:\Windows\System\IJWNTbg.exe
  2⤵
  PID:7436
- C:\Windows\System\ODAgsuh.exe
  C:\Windows\System\ODAgsuh.exe
  2⤵
  PID:7460
- C:\Windows\System\tMCUtVq.exe
  C:\Windows\System\tMCUtVq.exe
  2⤵
  PID:7476
- C:\Windows\System\XQgNZaW.exe
  C:\Windows\System\XQgNZaW.exe
  2⤵
  PID:7496
- C:\Windows\System\iXWMxZl.exe
  C:\Windows\System\iXWMxZl.exe
  2⤵
  PID:7520
- C:\Windows\System\MKkClau.exe
  C:\Windows\System\MKkClau.exe
  2⤵
  PID:7636
- C:\Windows\System\CRgjfFj.exe
  C:\Windows\System\CRgjfFj.exe
  2⤵
  PID:7680
- C:\Windows\System\lvCjvLJ.exe
  C:\Windows\System\lvCjvLJ.exe
  2⤵
  PID:7724
- C:\Windows\System\IpZACHL.exe
  C:\Windows\System\IpZACHL.exe
  2⤵
  PID:7756
- C:\Windows\System\hNQcmpx.exe
  C:\Windows\System\hNQcmpx.exe
  2⤵
  PID:7788
- C:\Windows\System\ycInYJh.exe
  C:\Windows\System\ycInYJh.exe
  2⤵
  PID:7804
- C:\Windows\System\cvUNvbm.exe
  C:\Windows\System\cvUNvbm.exe
  2⤵
  PID:7824
- C:\Windows\System\iAwYNLe.exe
  C:\Windows\System\iAwYNLe.exe
  2⤵
  PID:7840
- C:\Windows\System\hrHLrQo.exe
  C:\Windows\System\hrHLrQo.exe
  2⤵
  PID:7856
- C:\Windows\System\hHlvvCw.exe
  C:\Windows\System\hHlvvCw.exe
  2⤵
  PID:7880
- C:\Windows\System\rKkvONs.exe
  C:\Windows\System\rKkvONs.exe
  2⤵
  PID:7900
- C:\Windows\System\udMJgMF.exe
  C:\Windows\System\udMJgMF.exe
  2⤵
  PID:7916
- C:\Windows\System\IdkASJT.exe
  C:\Windows\System\IdkASJT.exe
  2⤵
  PID:7936
- C:\Windows\System\MXjuYAb.exe
  C:\Windows\System\MXjuYAb.exe
  2⤵
  PID:7952
- C:\Windows\System\thqpeOj.exe
  C:\Windows\System\thqpeOj.exe
  2⤵
  PID:7968
- C:\Windows\System\NiMTgja.exe
  C:\Windows\System\NiMTgja.exe
  2⤵
  PID:7996
- C:\Windows\System\ElteYaD.exe
  C:\Windows\System\ElteYaD.exe
  2⤵
  PID:8024
- C:\Windows\System\cyugffP.exe
  C:\Windows\System\cyugffP.exe
  2⤵
  PID:8048
- C:\Windows\System\KUXxcRV.exe
  C:\Windows\System\KUXxcRV.exe
  2⤵
  PID:8064
- C:\Windows\System\UROoojk.exe
  C:\Windows\System\UROoojk.exe
  2⤵
  PID:8080
- C:\Windows\System\zLZSmGV.exe
  C:\Windows\System\zLZSmGV.exe
  2⤵
  PID:8108
- C:\Windows\System\ryLpgcl.exe
  C:\Windows\System\ryLpgcl.exe
  2⤵
  PID:8136
- C:\Windows\System\XvfqSBv.exe
  C:\Windows\System\XvfqSBv.exe
  2⤵
  PID:8156
- C:\Windows\System\lKcgJfc.exe
  C:\Windows\System\lKcgJfc.exe
  2⤵
  PID:8176
- C:\Windows\System\nkinCKc.exe
  C:\Windows\System\nkinCKc.exe
  2⤵
  PID:6652
- C:\Windows\System\btnhSft.exe
  C:\Windows\System\btnhSft.exe
  2⤵
  PID:5600
- C:\Windows\System\wWKcrYg.exe
  C:\Windows\System\wWKcrYg.exe
  2⤵
  PID:5656
- C:\Windows\System\chELukN.exe
  C:\Windows\System\chELukN.exe
  2⤵
  PID:5728
- C:\Windows\System\XWsegjd.exe
  C:\Windows\System\XWsegjd.exe
  2⤵
  PID:5968
- C:\Windows\System\fmBNbIm.exe
  C:\Windows\System\fmBNbIm.exe
  2⤵
  PID:5852
- C:\Windows\System\sbofgUz.exe
  C:\Windows\System\sbofgUz.exe
  2⤵
  PID:6064
- C:\Windows\System\rmPNQpo.exe
  C:\Windows\System\rmPNQpo.exe
  2⤵
  PID:1356
- C:\Windows\System\IIKjDEe.exe
  C:\Windows\System\IIKjDEe.exe
  2⤵
  PID:6204
- C:\Windows\System\eebjXZx.exe
  C:\Windows\System\eebjXZx.exe
  2⤵
  PID:5324
- C:\Windows\System\nlHJqkG.exe
  C:\Windows\System\nlHJqkG.exe
  2⤵
  PID:6224
- C:\Windows\System\TTjVKKr.exe
  C:\Windows\System\TTjVKKr.exe
  2⤵
  PID:6564
- C:\Windows\System\DKhIsrs.exe
  C:\Windows\System\DKhIsrs.exe
  2⤵
  PID:7180
- C:\Windows\System\ivyVNNa.exe
  C:\Windows\System\ivyVNNa.exe
  2⤵
  PID:7220
- C:\Windows\System\khpIvgP.exe
  C:\Windows\System\khpIvgP.exe
  2⤵
  PID:7276
- C:\Windows\System\QTEjmmu.exe
  C:\Windows\System\QTEjmmu.exe
  2⤵
  PID:6764
- C:\Windows\System\zGeIrSK.exe
  C:\Windows\System\zGeIrSK.exe
  2⤵
  PID:7776
- C:\Windows\System\NgADoEE.exe
  C:\Windows\System\NgADoEE.exe
  2⤵
  PID:7944
- C:\Windows\System\FCOnSSS.exe
  C:\Windows\System\FCOnSSS.exe
  2⤵
  PID:7468
- C:\Windows\System\sesAqmX.exe
  C:\Windows\System\sesAqmX.exe
  2⤵
  PID:8200
- C:\Windows\System\QVtWOxE.exe
  C:\Windows\System\QVtWOxE.exe
  2⤵
  PID:8220
- C:\Windows\System\PHvpHmX.exe
  C:\Windows\System\PHvpHmX.exe
  2⤵
  PID:8240
- C:\Windows\System\jIrqoTR.exe
  C:\Windows\System\jIrqoTR.exe
  2⤵
  PID:8264
- C:\Windows\System\nNIQFSC.exe
  C:\Windows\System\nNIQFSC.exe
  2⤵
  PID:8288
- C:\Windows\System\EzvmwQH.exe
  C:\Windows\System\EzvmwQH.exe
  2⤵
  PID:8304
- C:\Windows\System\fSxEsiG.exe
  C:\Windows\System\fSxEsiG.exe
  2⤵
  PID:8344
- C:\Windows\System\PKSlxHO.exe
  C:\Windows\System\PKSlxHO.exe
  2⤵
  PID:8372
- C:\Windows\System\vGcaWQA.exe
  C:\Windows\System\vGcaWQA.exe
  2⤵
  PID:8388
- C:\Windows\System\aXmaWbv.exe
  C:\Windows\System\aXmaWbv.exe
  2⤵
  PID:8412
- C:\Windows\System\qTgOunl.exe
  C:\Windows\System\qTgOunl.exe
  2⤵
  PID:8440
- C:\Windows\System\FYXQtsL.exe
  C:\Windows\System\FYXQtsL.exe
  2⤵
  PID:8464
- C:\Windows\System\NVsrlNr.exe
  C:\Windows\System\NVsrlNr.exe
  2⤵
  PID:8488
- C:\Windows\System\qlOqrXF.exe
  C:\Windows\System\qlOqrXF.exe
  2⤵
  PID:8508
- C:\Windows\System\nnjzMSq.exe
  C:\Windows\System\nnjzMSq.exe
  2⤵
  PID:8532
- C:\Windows\System\aFlAILL.exe
  C:\Windows\System\aFlAILL.exe
  2⤵
  PID:8556
- C:\Windows\System\OjgexGP.exe
  C:\Windows\System\OjgexGP.exe
  2⤵
  PID:8572
- C:\Windows\System\MaUNmDE.exe
  C:\Windows\System\MaUNmDE.exe
  2⤵
  PID:8588
- C:\Windows\System\DOnqZWy.exe
  C:\Windows\System\DOnqZWy.exe
  2⤵
  PID:8616
- C:\Windows\System\XlaukEx.exe
  C:\Windows\System\XlaukEx.exe
  2⤵
  PID:8632
- C:\Windows\System\svIqSPB.exe
  C:\Windows\System\svIqSPB.exe
  2⤵
  PID:8656
- C:\Windows\System\gzJkCSm.exe
  C:\Windows\System\gzJkCSm.exe
  2⤵
  PID:8676
- C:\Windows\System\txJXRuS.exe
  C:\Windows\System\txJXRuS.exe
  2⤵
  PID:8700
- C:\Windows\System\kHnOXxY.exe
  C:\Windows\System\kHnOXxY.exe
  2⤵
  PID:8716
- C:\Windows\System\iJpQpVy.exe
  C:\Windows\System\iJpQpVy.exe
  2⤵
  PID:8740
- C:\Windows\System\gZzSYIC.exe
  C:\Windows\System\gZzSYIC.exe
  2⤵
  PID:8764
- C:\Windows\System\MFXtBRK.exe
  C:\Windows\System\MFXtBRK.exe
  2⤵
  PID:8788
- C:\Windows\System\wsrbCFU.exe
  C:\Windows\System\wsrbCFU.exe
  2⤵
  PID:8812
- C:\Windows\System\NbsdBhr.exe
  C:\Windows\System\NbsdBhr.exe
  2⤵
  PID:8832
- C:\Windows\System\XyQuTHc.exe
  C:\Windows\System\XyQuTHc.exe
  2⤵
  PID:8852
- C:\Windows\System\pDjQQZA.exe
  C:\Windows\System\pDjQQZA.exe
  2⤵
  PID:8876
- C:\Windows\System\VuCiHDF.exe
  C:\Windows\System\VuCiHDF.exe
  2⤵
  PID:8896
- C:\Windows\System\djSdRYq.exe
  C:\Windows\System\djSdRYq.exe
  2⤵
  PID:8916
- C:\Windows\System\SKdHjMV.exe
  C:\Windows\System\SKdHjMV.exe
  2⤵
  PID:8948
- C:\Windows\System\VYgDdMZ.exe
  C:\Windows\System\VYgDdMZ.exe
  2⤵
  PID:8968
- C:\Windows\System\mbNqItB.exe
  C:\Windows\System\mbNqItB.exe
  2⤵
  PID:8988
- C:\Windows\System\OjJgOGb.exe
  C:\Windows\System\OjJgOGb.exe
  2⤵
  PID:9012
- C:\Windows\System\rkQlepo.exe
  C:\Windows\System\rkQlepo.exe
  2⤵
  PID:9036
- C:\Windows\System\LcDWhcp.exe
  C:\Windows\System\LcDWhcp.exe
  2⤵
  PID:9056
- C:\Windows\System\uriLBvX.exe
  C:\Windows\System\uriLBvX.exe
  2⤵
  PID:9080
- C:\Windows\System\ZlBuoop.exe
  C:\Windows\System\ZlBuoop.exe
  2⤵
  PID:9104
- C:\Windows\System\nbBLEFh.exe
  C:\Windows\System\nbBLEFh.exe
  2⤵
  PID:9128
- C:\Windows\System\lSGivEZ.exe
  C:\Windows\System\lSGivEZ.exe
  2⤵
  PID:9152
- C:\Windows\System\qDubzLV.exe
  C:\Windows\System\qDubzLV.exe
  2⤵
  PID:9176
- C:\Windows\System\qxiwNZd.exe
  C:\Windows\System\qxiwNZd.exe
  2⤵
  PID:9192
- C:\Windows\System\MOSorkZ.exe
  C:\Windows\System\MOSorkZ.exe
  2⤵
  PID:3744
- C:\Windows\System\ZpqIbRU.exe
  C:\Windows\System\ZpqIbRU.exe
  2⤵
  PID:6828
- C:\Windows\System\fNEkwZV.exe
  C:\Windows\System\fNEkwZV.exe
  2⤵
  PID:6904
- C:\Windows\System\FFdkvmg.exe
  C:\Windows\System\FFdkvmg.exe
  2⤵
  PID:6952
- C:\Windows\System\oPwVWwl.exe
  C:\Windows\System\oPwVWwl.exe
  2⤵
  PID:6988
- C:\Windows\System\iwbNkWo.exe
  C:\Windows\System\iwbNkWo.exe
  2⤵
  PID:7132
- C:\Windows\System\IQbSQLP.exe
  C:\Windows\System\IQbSQLP.exe
  2⤵
  PID:2000
- C:\Windows\System\sVxMeYE.exe
  C:\Windows\System\sVxMeYE.exe
  2⤵
  PID:5572
- C:\Windows\System\aimWvHS.exe
  C:\Windows\System\aimWvHS.exe
  2⤵
  PID:5220
- C:\Windows\System\MVDsKGZ.exe
  C:\Windows\System\MVDsKGZ.exe
  2⤵
  PID:8164
- C:\Windows\System\rWOnQwL.exe
  C:\Windows\System\rWOnQwL.exe
  2⤵
  PID:7796
- C:\Windows\System\tvGXmgg.exe
  C:\Windows\System\tvGXmgg.exe
  2⤵
  PID:7832
- C:\Windows\System\ffZKXIb.exe
  C:\Windows\System\ffZKXIb.exe
  2⤵
  PID:7872
- C:\Windows\System\VFvwRAP.exe
  C:\Windows\System\VFvwRAP.exe
  2⤵
  PID:6432
- C:\Windows\System\ZfKGYUh.exe
  C:\Windows\System\ZfKGYUh.exe
  2⤵
  PID:5980
- C:\Windows\System\soeUcKG.exe
  C:\Windows\System\soeUcKG.exe
  2⤵
  PID:7240
- C:\Windows\System\dJANcOP.exe
  C:\Windows\System\dJANcOP.exe
  2⤵
  PID:8724
- C:\Windows\System\GVLvDQK.exe
  C:\Windows\System\GVLvDQK.exe
  2⤵
  PID:9240
- C:\Windows\System\adfzkMo.exe
  C:\Windows\System\adfzkMo.exe
  2⤵
  PID:9256
- C:\Windows\System\UmUwqIg.exe
  C:\Windows\System\UmUwqIg.exe
  2⤵
  PID:9276
- C:\Windows\System\NVOifgn.exe
  C:\Windows\System\NVOifgn.exe
  2⤵
  PID:9292
- C:\Windows\System\AcIkavf.exe
  C:\Windows\System\AcIkavf.exe
  2⤵
  PID:9308
- C:\Windows\System\BuXVzrJ.exe
  C:\Windows\System\BuXVzrJ.exe
  2⤵
  PID:9332
- C:\Windows\System\KcAXTSI.exe
  C:\Windows\System\KcAXTSI.exe
  2⤵
  PID:9348
- C:\Windows\System\VYRKhVj.exe
  C:\Windows\System\VYRKhVj.exe
  2⤵
  PID:9368
- C:\Windows\System\eXGHGmQ.exe
  C:\Windows\System\eXGHGmQ.exe
  2⤵
  PID:9392
- C:\Windows\System\kWrSDOj.exe
  C:\Windows\System\kWrSDOj.exe
  2⤵
  PID:9412
- C:\Windows\System\cJXjzxj.exe
  C:\Windows\System\cJXjzxj.exe
  2⤵
  PID:9432
- C:\Windows\System\MkADaku.exe
  C:\Windows\System\MkADaku.exe
  2⤵
  PID:9452
- C:\Windows\System\ehRjgSJ.exe
  C:\Windows\System\ehRjgSJ.exe
  2⤵
  PID:9472
- C:\Windows\System\jugduuA.exe
  C:\Windows\System\jugduuA.exe
  2⤵
  PID:9492
- C:\Windows\System\fpkyPRz.exe
  C:\Windows\System\fpkyPRz.exe
  2⤵
  PID:9512
- C:\Windows\System\XvLCWmg.exe
  C:\Windows\System\XvLCWmg.exe
  2⤵
  PID:9532
- C:\Windows\System\SIIBzqU.exe
  C:\Windows\System\SIIBzqU.exe
  2⤵
  PID:9556
- C:\Windows\System\saLppAp.exe
  C:\Windows\System\saLppAp.exe
  2⤵
  PID:9572
- C:\Windows\System\VEjHxHs.exe
  C:\Windows\System\VEjHxHs.exe
  2⤵
  PID:9596
- C:\Windows\System\jeAVAPk.exe
  C:\Windows\System\jeAVAPk.exe
  2⤵
  PID:9616
- C:\Windows\System\uktVkFq.exe
  C:\Windows\System\uktVkFq.exe
  2⤵
  PID:9636
- C:\Windows\System\QpmDhkO.exe
  C:\Windows\System\QpmDhkO.exe
  2⤵
  PID:9656
- C:\Windows\System\kFSDjae.exe
  C:\Windows\System\kFSDjae.exe
  2⤵
  PID:9676
- C:\Windows\System\RPkIpUi.exe
  C:\Windows\System\RPkIpUi.exe
  2⤵
  PID:9696
- C:\Windows\System\GCYesMK.exe
  C:\Windows\System\GCYesMK.exe
  2⤵
  PID:9716
- C:\Windows\System\kdnjHrf.exe
  C:\Windows\System\kdnjHrf.exe
  2⤵
  PID:9736
- C:\Windows\System\kNFpNkh.exe
  C:\Windows\System\kNFpNkh.exe
  2⤵
  PID:9760
- C:\Windows\System\SwJPpmL.exe
  C:\Windows\System\SwJPpmL.exe
  2⤵
  PID:9776
- C:\Windows\System\CZGAzma.exe
  C:\Windows\System\CZGAzma.exe
  2⤵
  PID:9792
- C:\Windows\System\XETCnxG.exe
  C:\Windows\System\XETCnxG.exe
  2⤵
  PID:9808
- C:\Windows\System\GNPptnN.exe
  C:\Windows\System\GNPptnN.exe
  2⤵
  PID:9828
- C:\Windows\System\pCuStQm.exe
  C:\Windows\System\pCuStQm.exe
  2⤵
  PID:9848
- C:\Windows\System\HWgotDE.exe
  C:\Windows\System\HWgotDE.exe
  2⤵
  PID:9876
- C:\Windows\System\trOnNpI.exe
  C:\Windows\System\trOnNpI.exe
  2⤵
  PID:9900
- C:\Windows\System\LAKNoor.exe
  C:\Windows\System\LAKNoor.exe
  2⤵
  PID:9928
- C:\Windows\System\iYasczQ.exe
  C:\Windows\System\iYasczQ.exe
  2⤵
  PID:9948
- C:\Windows\System\XZRwZyz.exe
  C:\Windows\System\XZRwZyz.exe
  2⤵
  PID:9972
- C:\Windows\System\YERohGL.exe
  C:\Windows\System\YERohGL.exe
  2⤵
  PID:9992
- C:\Windows\System\ItSFcxy.exe
  C:\Windows\System\ItSFcxy.exe
  2⤵
  PID:10012
- C:\Windows\System\BiVSdNg.exe
  C:\Windows\System\BiVSdNg.exe
  2⤵
  PID:10036
- C:\Windows\System\hMrPnkQ.exe
  C:\Windows\System\hMrPnkQ.exe
  2⤵
  PID:10060
- C:\Windows\System\UwoLRJb.exe
  C:\Windows\System\UwoLRJb.exe
  2⤵
  PID:10084
- C:\Windows\System\Cnktmqq.exe
  C:\Windows\System\Cnktmqq.exe
  2⤵
  PID:10104
- C:\Windows\System\GJReFrP.exe
  C:\Windows\System\GJReFrP.exe
  2⤵
  PID:10124
- C:\Windows\System\XiqcsBw.exe
  C:\Windows\System\XiqcsBw.exe
  2⤵
  PID:10148
- C:\Windows\System\CTyBuvR.exe
  C:\Windows\System\CTyBuvR.exe
  2⤵
  PID:10172
- C:\Windows\System\VOXiNzI.exe
  C:\Windows\System\VOXiNzI.exe
  2⤵
  PID:10196
- C:\Windows\System\aFcOTsl.exe
  C:\Windows\System\aFcOTsl.exe
  2⤵
  PID:10220
- C:\Windows\System\VnpmwUV.exe
  C:\Windows\System\VnpmwUV.exe
  2⤵
  PID:8248
- C:\Windows\System\kQuHcaT.exe
  C:\Windows\System\kQuHcaT.exe
  2⤵
  PID:8280
- C:\Windows\System\qVSiLtd.exe
  C:\Windows\System\qVSiLtd.exe
  2⤵
  PID:8320
- C:\Windows\System\mGrJgkd.exe
  C:\Windows\System\mGrJgkd.exe
  2⤵
  PID:8352
- C:\Windows\System\MxxDYet.exe
  C:\Windows\System\MxxDYet.exe
  2⤵
  PID:8384
- C:\Windows\System\hQmdmXK.exe
  C:\Windows\System\hQmdmXK.exe
  2⤵
  PID:8448
- C:\Windows\System\DemqLdS.exe
  C:\Windows\System\DemqLdS.exe
  2⤵
  PID:8504
- C:\Windows\System\BVnRhPt.exe
  C:\Windows\System\BVnRhPt.exe
  2⤵
  PID:8548
- C:\Windows\System\AByhofR.exe
  C:\Windows\System\AByhofR.exe
  2⤵
  PID:8760
- C:\Windows\System\IsbQHvM.exe
  C:\Windows\System\IsbQHvM.exe
  2⤵
  PID:8872
- C:\Windows\System\LPvyIEU.exe
  C:\Windows\System\LPvyIEU.exe
  2⤵
  PID:8944
- C:\Windows\System\JidKCYv.exe
  C:\Windows\System\JidKCYv.exe
  2⤵
  PID:9020
- C:\Windows\System\NDpHDDT.exe
  C:\Windows\System\NDpHDDT.exe
  2⤵
  PID:10244
- C:\Windows\System\Olldoba.exe
  C:\Windows\System\Olldoba.exe
  2⤵
  PID:10268
- C:\Windows\System\DWfXqNq.exe
  C:\Windows\System\DWfXqNq.exe
  2⤵
  PID:10288
- C:\Windows\System\bkvzPEb.exe
  C:\Windows\System\bkvzPEb.exe
  2⤵
  PID:10312
- C:\Windows\System\hQpOKBR.exe
  C:\Windows\System\hQpOKBR.exe
  2⤵
  PID:10332
- C:\Windows\System\CBbNVqQ.exe
  C:\Windows\System\CBbNVqQ.exe
  2⤵
  PID:10352
- C:\Windows\System\BpKQvIY.exe
  C:\Windows\System\BpKQvIY.exe
  2⤵
  PID:10376
- C:\Windows\System\UTiwYDm.exe
  C:\Windows\System\UTiwYDm.exe
  2⤵
  PID:10400
- C:\Windows\System\OtizrCe.exe
  C:\Windows\System\OtizrCe.exe
  2⤵
  PID:10424
- C:\Windows\System\nvEtlRr.exe
  C:\Windows\System\nvEtlRr.exe
  2⤵
  PID:10444
- C:\Windows\System\jNgdaoj.exe
  C:\Windows\System\jNgdaoj.exe
  2⤵
  PID:10464
- C:\Windows\System\FAMbrAD.exe
  C:\Windows\System\FAMbrAD.exe
  2⤵
  PID:10480
- C:\Windows\System\LNyFYeQ.exe
  C:\Windows\System\LNyFYeQ.exe
  2⤵
  PID:10496
- C:\Windows\System\XweRSOK.exe
  C:\Windows\System\XweRSOK.exe
  2⤵
  PID:10512
- C:\Windows\System\FXnUChN.exe
  C:\Windows\System\FXnUChN.exe
  2⤵
  PID:10528
- C:\Windows\System\kKZyNcO.exe
  C:\Windows\System\kKZyNcO.exe
  2⤵
  PID:10544
- C:\Windows\System\NbUaYys.exe
  C:\Windows\System\NbUaYys.exe
  2⤵
  PID:10560
- C:\Windows\System\ggvLslc.exe
  C:\Windows\System\ggvLslc.exe
  2⤵
  PID:10576
- C:\Windows\System\bOqghwU.exe
  C:\Windows\System\bOqghwU.exe
  2⤵
  PID:10592
- C:\Windows\System\tGVGunl.exe
  C:\Windows\System\tGVGunl.exe
  2⤵
  PID:10608
- C:\Windows\System\raoDjOz.exe
  C:\Windows\System\raoDjOz.exe
  2⤵
  PID:10624
- C:\Windows\System\wowlthr.exe
  C:\Windows\System\wowlthr.exe
  2⤵
  PID:10640
- C:\Windows\System\PmHhENm.exe
  C:\Windows\System\PmHhENm.exe
  2⤵
  PID:10660
- C:\Windows\System\xUnTCrh.exe
  C:\Windows\System\xUnTCrh.exe
  2⤵
  PID:10680
- C:\Windows\System\VpwtcZN.exe
  C:\Windows\System\VpwtcZN.exe
  2⤵
  PID:10708
- C:\Windows\System\JRmtUBS.exe
  C:\Windows\System\JRmtUBS.exe
  2⤵
  PID:10728
- C:\Windows\System\ppLaYbt.exe
  C:\Windows\System\ppLaYbt.exe
  2⤵
  PID:10752
- C:\Windows\System\qkPjCfk.exe
  C:\Windows\System\qkPjCfk.exe
  2⤵
  PID:10768
- C:\Windows\System\GRHEPQv.exe
  C:\Windows\System\GRHEPQv.exe
  2⤵
  PID:10796
- C:\Windows\System\TYbrPsb.exe
  C:\Windows\System\TYbrPsb.exe
  2⤵
  PID:10820
- C:\Windows\System\qkiXcoS.exe
  C:\Windows\System\qkiXcoS.exe
  2⤵
  PID:10844
- C:\Windows\System\ZnCPHgZ.exe
  C:\Windows\System\ZnCPHgZ.exe
  2⤵
  PID:10864
- C:\Windows\System\QMbMkoO.exe
  C:\Windows\System\QMbMkoO.exe
  2⤵
  PID:10884
- C:\Windows\System\vEsNiKC.exe
  C:\Windows\System\vEsNiKC.exe
  2⤵
  PID:10916
- C:\Windows\System\KkFgNJV.exe
  C:\Windows\System\KkFgNJV.exe
  2⤵
  PID:10952
- C:\Windows\System\cpmalms.exe
  C:\Windows\System\cpmalms.exe
  2⤵
  PID:10968
- C:\Windows\System\klXmept.exe
  C:\Windows\System\klXmept.exe
  2⤵
  PID:10996
- C:\Windows\System\cuWuqro.exe
  C:\Windows\System\cuWuqro.exe
  2⤵
  PID:11020
- C:\Windows\System\mhCSxLr.exe
  C:\Windows\System\mhCSxLr.exe
  2⤵
  PID:11052
- C:\Windows\System\YZpbNit.exe
  C:\Windows\System\YZpbNit.exe
  2⤵
  PID:11076
- C:\Windows\System\JRAezaT.exe
  C:\Windows\System\JRAezaT.exe
  2⤵
  PID:11112
- C:\Windows\System\elTRMJr.exe
  C:\Windows\System\elTRMJr.exe
  2⤵
  PID:11144
- C:\Windows\System\sNNgLsp.exe
  C:\Windows\System\sNNgLsp.exe
  2⤵
  PID:11160
- C:\Windows\System\UILbDuv.exe
  C:\Windows\System\UILbDuv.exe
  2⤵
  PID:11176
- C:\Windows\System\ReHuZIE.exe
  C:\Windows\System\ReHuZIE.exe
  2⤵
  PID:11204
- C:\Windows\System\kmlRJiI.exe
  C:\Windows\System\kmlRJiI.exe
  2⤵
  PID:11228
- C:\Windows\System\zOhRjap.exe
  C:\Windows\System\zOhRjap.exe
  2⤵
  PID:11248
- C:\Windows\System\bEYBjFC.exe
  C:\Windows\System\bEYBjFC.exe
  2⤵
  PID:9460
- C:\Windows\System\FRbjYwD.exe
  C:\Windows\System\FRbjYwD.exe
  2⤵
  PID:9652
- C:\Windows\System\SPvDAhh.exe
  C:\Windows\System\SPvDAhh.exe
  2⤵
  PID:9704
- C:\Windows\System\udTfxwH.exe
  C:\Windows\System\udTfxwH.exe
  2⤵
  PID:9804
- C:\Windows\System\fWjIUyQ.exe
  C:\Windows\System\fWjIUyQ.exe
  2⤵
  PID:9064
- C:\Windows\System\PuaHqCe.exe
  C:\Windows\System\PuaHqCe.exe
  2⤵
  PID:9936
- C:\Windows\System\nyeoRWi.exe
  C:\Windows\System\nyeoRWi.exe
  2⤵
  PID:9956
- C:\Windows\System\CohMQqS.exe
  C:\Windows\System\CohMQqS.exe
  2⤵
  PID:10028
- C:\Windows\System\LDCJSzf.exe
  C:\Windows\System\LDCJSzf.exe
  2⤵
  PID:7116
- C:\Windows\System\bXZBBDq.exe
  C:\Windows\System\bXZBBDq.exe
  2⤵
  PID:8300
- C:\Windows\System\GoDRiJs.exe
  C:\Windows\System\GoDRiJs.exe
  2⤵
  PID:7848
- C:\Windows\System\IAPvQLB.exe
  C:\Windows\System\IAPvQLB.exe
  2⤵
  PID:7300
- C:\Windows\System\ErpaZBn.exe
  C:\Windows\System\ErpaZBn.exe
  2⤵
  PID:6292
- C:\Windows\System\fnEnrIT.exe
  C:\Windows\System\fnEnrIT.exe
  2⤵
  PID:5416
- C:\Windows\System\sgFfNOr.exe
  C:\Windows\System\sgFfNOr.exe
  2⤵
  PID:6812
- C:\Windows\System\hSZiolf.exe
  C:\Windows\System\hSZiolf.exe
  2⤵
  PID:9120
- C:\Windows\System\qDHFeUM.exe
  C:\Windows\System\qDHFeUM.exe
  2⤵
  PID:8980
- C:\Windows\System\xIwbzZK.exe
  C:\Windows\System\xIwbzZK.exe
  2⤵
  PID:8844
- C:\Windows\System\sbtlTPa.exe
  C:\Windows\System\sbtlTPa.exe
  2⤵
  PID:8688
- C:\Windows\System\HazYcNI.exe
  C:\Windows\System\HazYcNI.exe
  2⤵
  PID:7376
- C:\Windows\System\mXjOULi.exe
  C:\Windows\System\mXjOULi.exe
  2⤵
  PID:8824
- C:\Windows\System\XBzzlFd.exe
  C:\Windows\System\XBzzlFd.exe
  2⤵
  PID:10256
- C:\Windows\System\TTeebfA.exe
  C:\Windows\System\TTeebfA.exe
  2⤵
  PID:9288
- C:\Windows\System\aMBZPBb.exe
  C:\Windows\System\aMBZPBb.exe
  2⤵
  PID:10368
- C:\Windows\System\FiOlihr.exe
  C:\Windows\System\FiOlihr.exe
  2⤵
  PID:9304
- C:\Windows\System\UVRgKiQ.exe
  C:\Windows\System\UVRgKiQ.exe
  2⤵
  PID:11280
- C:\Windows\System\hwadZxt.exe
  C:\Windows\System\hwadZxt.exe
  2⤵
  PID:11300
- C:\Windows\System\LwXNAzY.exe
  C:\Windows\System\LwXNAzY.exe
  2⤵
  PID:11316
- C:\Windows\System\WUtUQMG.exe
  C:\Windows\System\WUtUQMG.exe
  2⤵
  PID:11332
- C:\Windows\System\WVhpmFB.exe
  C:\Windows\System\WVhpmFB.exe
  2⤵
  PID:11348
- C:\Windows\System\QfdvIVF.exe
  C:\Windows\System\QfdvIVF.exe
  2⤵
  PID:11368
- C:\Windows\System\SKBOMGq.exe
  C:\Windows\System\SKBOMGq.exe
  2⤵
  PID:11384
- C:\Windows\System\iSxfFbP.exe
  C:\Windows\System\iSxfFbP.exe
  2⤵
  PID:11412
- C:\Windows\System\GkHBPIS.exe
  C:\Windows\System\GkHBPIS.exe
  2⤵
  PID:11432
- C:\Windows\System\SZDqhJT.exe
  C:\Windows\System\SZDqhJT.exe
  2⤵
  PID:11456
- C:\Windows\System\BmkkLDa.exe
  C:\Windows\System\BmkkLDa.exe
  2⤵
  PID:11480
- C:\Windows\System\GfRGxdy.exe
  C:\Windows\System\GfRGxdy.exe
  2⤵
  PID:11504
- C:\Windows\System\qSjjKGj.exe
  C:\Windows\System\qSjjKGj.exe
  2⤵
  PID:11524
- C:\Windows\System\qUMYiZX.exe
  C:\Windows\System\qUMYiZX.exe
  2⤵
  PID:11548
- C:\Windows\System\GCIzcti.exe
  C:\Windows\System\GCIzcti.exe
  2⤵
  PID:11572
- C:\Windows\System\EwBXQWL.exe
  C:\Windows\System\EwBXQWL.exe
  2⤵
  PID:11592
- C:\Windows\System\XSktXfX.exe
  C:\Windows\System\XSktXfX.exe
  2⤵
  PID:11608
- C:\Windows\System\GVvLtka.exe
  C:\Windows\System\GVvLtka.exe
  2⤵
  PID:11628
- C:\Windows\System\WGPQeVQ.exe
  C:\Windows\System\WGPQeVQ.exe
  2⤵
  PID:11648
- C:\Windows\System\uQQsBou.exe
  C:\Windows\System\uQQsBou.exe
  2⤵
  PID:11664
- C:\Windows\System\waNkSlJ.exe
  C:\Windows\System\waNkSlJ.exe
  2⤵
  PID:11688
- C:\Windows\System\TQZSQNF.exe
  C:\Windows\System\TQZSQNF.exe
  2⤵
  PID:11708
- C:\Windows\System\MLhNleD.exe
  C:\Windows\System\MLhNleD.exe
  2⤵
  PID:11732
- C:\Windows\System\bRCNwet.exe
  C:\Windows\System\bRCNwet.exe
  2⤵
  PID:11752
- C:\Windows\System\yQRwPFN.exe
  C:\Windows\System\yQRwPFN.exe
  2⤵
  PID:11780
- C:\Windows\System\KfaozZW.exe
  C:\Windows\System\KfaozZW.exe
  2⤵
  PID:11800
- C:\Windows\System\HZHpdux.exe
  C:\Windows\System\HZHpdux.exe
  2⤵
  PID:11824
- C:\Windows\System\SfWTXyF.exe
  C:\Windows\System\SfWTXyF.exe
  2⤵
  PID:11840
- C:\Windows\System\zTenrrU.exe
  C:\Windows\System\zTenrrU.exe
  2⤵
  PID:11860
- C:\Windows\System\gvVcwAJ.exe
  C:\Windows\System\gvVcwAJ.exe
  2⤵
  PID:11920
- C:\Windows\System\RWrfsTe.exe
  C:\Windows\System\RWrfsTe.exe
  2⤵
  PID:11944
- C:\Windows\System\MjgmDUq.exe
  C:\Windows\System\MjgmDUq.exe
  2⤵
  PID:11964
- C:\Windows\System\zFXErDH.exe
  C:\Windows\System\zFXErDH.exe
  2⤵
  PID:11992
- C:\Windows\System\EemwopG.exe
  C:\Windows\System\EemwopG.exe
  2⤵
  PID:12012
- C:\Windows\System\nbIKNOm.exe
  C:\Windows\System\nbIKNOm.exe
  2⤵
  PID:12036
- C:\Windows\System\LSOkbmm.exe
  C:\Windows\System\LSOkbmm.exe
  2⤵
  PID:12052
- C:\Windows\System\DMBsrrh.exe
  C:\Windows\System\DMBsrrh.exe
  2⤵
  PID:12076
- C:\Windows\System\qKWvKvt.exe
  C:\Windows\System\qKWvKvt.exe
  2⤵
  PID:12100
- C:\Windows\System\MLTNeAQ.exe
  C:\Windows\System\MLTNeAQ.exe
  2⤵
  PID:12120
- C:\Windows\System\LltCUvC.exe
  C:\Windows\System\LltCUvC.exe
  2⤵
  PID:12136
- C:\Windows\System\TAROZhs.exe
  C:\Windows\System\TAROZhs.exe
  2⤵
  PID:12156
- C:\Windows\System\NeaiUsf.exe
  C:\Windows\System\NeaiUsf.exe
  2⤵
  PID:12172
- C:\Windows\System\lVOXlRo.exe
  C:\Windows\System\lVOXlRo.exe
  2⤵
  PID:12188
- C:\Windows\System\pEvDUxH.exe
  C:\Windows\System\pEvDUxH.exe
  2⤵
  PID:12204
- C:\Windows\System\jTrSvzV.exe
  C:\Windows\System\jTrSvzV.exe
  2⤵
  PID:12236
- C:\Windows\System\UlGwaaS.exe
  C:\Windows\System\UlGwaaS.exe
  2⤵
  PID:12256
- C:\Windows\System\buAGQdx.exe
  C:\Windows\System\buAGQdx.exe
  2⤵
  PID:12280
- C:\Windows\System\xVbDVDZ.exe
  C:\Windows\System\xVbDVDZ.exe
  2⤵
  PID:10504
- C:\Windows\System\WvijxFl.exe
  C:\Windows\System\WvijxFl.exe
  2⤵
  PID:9748
- C:\Windows\System\PUFmplV.exe
  C:\Windows\System\PUFmplV.exe
  2⤵
  PID:9884
- C:\Windows\System\vUueqQV.exe
  C:\Windows\System\vUueqQV.exe
  2⤵
  PID:9868
- C:\Windows\System\eZoKcVM.exe
  C:\Windows\System\eZoKcVM.exe
  2⤵
  PID:10736
- C:\Windows\System\UaVJqAl.exe
  C:\Windows\System\UaVJqAl.exe
  2⤵
  PID:10808
- C:\Windows\System\JBtJohY.exe
  C:\Windows\System\JBtJohY.exe
  2⤵
  PID:10004
- C:\Windows\System\bNkDWUi.exe
  C:\Windows\System\bNkDWUi.exe
  2⤵
  PID:10900
- C:\Windows\System\VRVPubO.exe
  C:\Windows\System\VRVPubO.exe
  2⤵
  PID:9052
- C:\Windows\System\mWMDZIB.exe
  C:\Windows\System\mWMDZIB.exe
  2⤵
  PID:11028
- C:\Windows\System\WQdpjxy.exe
  C:\Windows\System\WQdpjxy.exe
  2⤵
  PID:11064
- C:\Windows\System\WUOdLzn.exe
  C:\Windows\System\WUOdLzn.exe
  2⤵
  PID:2348
- C:\Windows\System\dqIhXXM.exe
  C:\Windows\System\dqIhXXM.exe
  2⤵
  PID:9248
- C:\Windows\System\jvXHcgq.exe
  C:\Windows\System\jvXHcgq.exe
  2⤵
  PID:9692
- C:\Windows\System\fSRuVQO.exe
  C:\Windows\System\fSRuVQO.exe
  2⤵
  PID:9944
- C:\Windows\System\zHFjqMi.exe
  C:\Windows\System\zHFjqMi.exe
  2⤵
  PID:10320
- C:\Windows\System\MPIhjnZ.exe
  C:\Windows\System\MPIhjnZ.exe
  2⤵
  PID:5140
- C:\Windows\System\eViYjMF.exe
  C:\Windows\System\eViYjMF.exe
  2⤵
  PID:6628
- C:\Windows\System\fcBCGGq.exe
  C:\Windows\System\fcBCGGq.exe
  2⤵
  PID:9160
- C:\Windows\System\tNaEuBJ.exe
  C:\Windows\System\tNaEuBJ.exe
  2⤵
  PID:9024
- C:\Windows\System\PkqKbnY.exe
  C:\Windows\System\PkqKbnY.exe
  2⤵
  PID:8624
- C:\Windows\System\rLXYsFX.exe
  C:\Windows\System\rLXYsFX.exe
  2⤵
  PID:9316
- C:\Windows\System\gMPgrQR.exe
  C:\Windows\System\gMPgrQR.exe
  2⤵
  PID:9360
- C:\Windows\System\MDPtYwa.exe
  C:\Windows\System\MDPtYwa.exe
  2⤵
  PID:9384
- C:\Windows\System\iUJsBLe.exe
  C:\Windows\System\iUJsBLe.exe
  2⤵
  PID:9420
- C:\Windows\System\ypUMYsH.exe
  C:\Windows\System\ypUMYsH.exe
  2⤵
  PID:10492
- C:\Windows\System\kyMNsTl.exe
  C:\Windows\System\kyMNsTl.exe
  2⤵
  PID:10508
- C:\Windows\System\tiJEiyq.exe
  C:\Windows\System\tiJEiyq.exe
  2⤵
  PID:9552
- C:\Windows\System\ghJLaZq.exe
  C:\Windows\System\ghJLaZq.exe
  2⤵
  PID:9608
- C:\Windows\System\PAByJFs.exe
  C:\Windows\System\PAByJFs.exe
  2⤵
  PID:9668
- C:\Windows\System\yOzhXRE.exe
  C:\Windows\System\yOzhXRE.exe
  2⤵
  PID:12292
- C:\Windows\System\hzGSnWB.exe
  C:\Windows\System\hzGSnWB.exe
  2⤵
  PID:12316
- C:\Windows\System\eBunLxO.exe
  C:\Windows\System\eBunLxO.exe
  2⤵
  PID:12340
- C:\Windows\System\mbKiDCU.exe
  C:\Windows\System\mbKiDCU.exe
  2⤵
  PID:12360
- C:\Windows\System\TgaCpFx.exe
  C:\Windows\System\TgaCpFx.exe
  2⤵
  PID:12384
- C:\Windows\System\chhhvRF.exe
  C:\Windows\System\chhhvRF.exe
  2⤵
  PID:12404
- C:\Windows\System\fXqliHG.exe
  C:\Windows\System\fXqliHG.exe
  2⤵
  PID:12432
- C:\Windows\System\nESPphQ.exe
  C:\Windows\System\nESPphQ.exe
  2⤵
  PID:12456
- C:\Windows\System\yefzNOA.exe
  C:\Windows\System\yefzNOA.exe
  2⤵
  PID:12476
- C:\Windows\System\KWoIdav.exe
  C:\Windows\System\KWoIdav.exe
  2⤵
  PID:12500
- C:\Windows\System\zwRumfC.exe
  C:\Windows\System\zwRumfC.exe
  2⤵
  PID:12524
- C:\Windows\System\USPtBmX.exe
  C:\Windows\System\USPtBmX.exe
  2⤵
  PID:12544
- C:\Windows\System\mSGhqqZ.exe
  C:\Windows\System\mSGhqqZ.exe
  2⤵
  PID:12564
- C:\Windows\System\nnvtxmz.exe
  C:\Windows\System\nnvtxmz.exe
  2⤵
  PID:12588
- C:\Windows\System\hekoXPQ.exe
  C:\Windows\System\hekoXPQ.exe
  2⤵
  PID:12608
- C:\Windows\System\vCIOMkL.exe
  C:\Windows\System\vCIOMkL.exe
  2⤵
  PID:12632
- C:\Windows\System\Dlqheln.exe
  C:\Windows\System\Dlqheln.exe
  2⤵
  PID:12656
- C:\Windows\System\cSeJBto.exe
  C:\Windows\System\cSeJBto.exe
  2⤵
  PID:12676
- C:\Windows\System\aSGXwKZ.exe
  C:\Windows\System\aSGXwKZ.exe
  2⤵
  PID:12700
- C:\Windows\System\BIoUWae.exe
  C:\Windows\System\BIoUWae.exe
  2⤵
  PID:12720
- C:\Windows\System\OmJnPbB.exe
  C:\Windows\System\OmJnPbB.exe
  2⤵
  PID:12744
- C:\Windows\System\QeVWAUg.exe
  C:\Windows\System\QeVWAUg.exe
  2⤵
  PID:12768
- C:\Windows\System\CcSmUjD.exe
  C:\Windows\System\CcSmUjD.exe
  2⤵
  PID:12792
- C:\Windows\System\ApDUhKc.exe
  C:\Windows\System\ApDUhKc.exe
  2⤵
  PID:12808
- C:\Windows\System\iEtPrHc.exe
  C:\Windows\System\iEtPrHc.exe
  2⤵
  PID:12824
- C:\Windows\System\FRtCOny.exe
  C:\Windows\System\FRtCOny.exe
  2⤵
  PID:12840
- C:\Windows\System\IgKFygP.exe
  C:\Windows\System\IgKFygP.exe
  2⤵
  PID:12856
- C:\Windows\System\NzcWlDx.exe
  C:\Windows\System\NzcWlDx.exe
  2⤵
  PID:12872
- C:\Windows\System\pdeyeNF.exe
  C:\Windows\System\pdeyeNF.exe
  2⤵
  PID:12896
- C:\Windows\System\OrZKtiW.exe
  C:\Windows\System\OrZKtiW.exe
  2⤵
  PID:12920
- C:\Windows\System\rNszSeF.exe
  C:\Windows\System\rNszSeF.exe
  2⤵
  PID:12936
- C:\Windows\System\CuTBUVB.exe
  C:\Windows\System\CuTBUVB.exe
  2⤵
  PID:12960
- C:\Windows\System\nFUiPaU.exe
  C:\Windows\System\nFUiPaU.exe
  2⤵
  PID:12976
- C:\Windows\System\QERxmdI.exe
  C:\Windows\System\QERxmdI.exe
  2⤵
  PID:12992
- C:\Windows\System\aVIrXiV.exe
  C:\Windows\System\aVIrXiV.exe
  2⤵
  PID:13028
- C:\Windows\System\BsMPDJc.exe
  C:\Windows\System\BsMPDJc.exe
  2⤵
  PID:13048
- C:\Windows\System\gDkLhzy.exe
  C:\Windows\System\gDkLhzy.exe
  2⤵
  PID:13076
- C:\Windows\System\sylcndr.exe
  C:\Windows\System\sylcndr.exe
  2⤵
  PID:13096
- C:\Windows\System\JWxIcSo.exe
  C:\Windows\System\JWxIcSo.exe
  2⤵
  PID:13120
- C:\Windows\System\bXuJGct.exe
  C:\Windows\System\bXuJGct.exe
  2⤵
  PID:13144
- C:\Windows\System\RcEaGIR.exe
  C:\Windows\System\RcEaGIR.exe
  2⤵
  PID:13168
- C:\Windows\System\OXcoqtz.exe
  C:\Windows\System\OXcoqtz.exe
  2⤵
  PID:13204
- C:\Windows\System\ypaflex.exe
  C:\Windows\System\ypaflex.exe
  2⤵
  PID:13244
- C:\Windows\System\GKqguhu.exe
  C:\Windows\System\GKqguhu.exe
  2⤵
  PID:13260
- C:\Windows\System\cZHBRoM.exe
  C:\Windows\System\cZHBRoM.exe
  2⤵
  PID:13288
- C:\Windows\System\zrIEhuv.exe
  C:\Windows\System\zrIEhuv.exe
  2⤵
  PID:13308
- C:\Windows\System\jQOYgCl.exe
  C:\Windows\System\jQOYgCl.exe
  2⤵
  PID:11376
- C:\Windows\System\olwWsHi.exe
  C:\Windows\System\olwWsHi.exe
  2⤵
  PID:10416
- C:\Windows\System\AgZPuYM.exe
  C:\Windows\System\AgZPuYM.exe
  2⤵
  PID:11008
- C:\Windows\System\OHzYqjd.exe
  C:\Windows\System\OHzYqjd.exe
  2⤵
  PID:9272
- C:\Windows\System\mZzFrYY.exe
  C:\Windows\System\mZzFrYY.exe
  2⤵
  PID:9380
- C:\Windows\System\OIvTshl.exe
  C:\Windows\System\OIvTshl.exe
  2⤵
  PID:9408
- C:\Windows\System\LcBhJSF.exe
  C:\Windows\System\LcBhJSF.exe
  2⤵
  PID:11428
- C:\Windows\System\aflzFYT.exe
  C:\Windows\System\aflzFYT.exe
  2⤵
  PID:12716
- C:\Windows\System\QyXqahU.exe
  C:\Windows\System\QyXqahU.exe
  2⤵
  PID:11700
- C:\Windows\System\ZNCQJUz.exe
  C:\Windows\System\ZNCQJUz.exe
  2⤵
  PID:11768
- C:\Windows\System\VMgrRBL.exe
  C:\Windows\System\VMgrRBL.exe
  2⤵
  PID:11852
- C:\Windows\System\KZjbxHA.exe
  C:\Windows\System\KZjbxHA.exe
  2⤵
  PID:11908
- C:\Windows\System\KbgtzvU.exe
  C:\Windows\System\KbgtzvU.exe
  2⤵
  PID:12108
- C:\Windows\System\TPONmOK.exe
  C:\Windows\System\TPONmOK.exe
  2⤵
  PID:12196
- C:\Windows\System\uPScIzw.exe
  C:\Windows\System\uPScIzw.exe
  2⤵
  PID:9356
- C:\Windows\System\aRSwGtW.exe
  C:\Windows\System\aRSwGtW.exe
  2⤵
  PID:9984
- C:\Windows\System\TaynMFc.exe
  C:\Windows\System\TaynMFc.exe
  2⤵
  PID:9688
- C:\Windows\System\dTiZDWa.exe
  C:\Windows\System\dTiZDWa.exe
  2⤵
  PID:1872
- C:\Windows\System\igcPNsv.exe
  C:\Windows\System\igcPNsv.exe
  2⤵
  PID:10252
- C:\Windows\System\xsSUudG.exe
  C:\Windows\System\xsSUudG.exe
  2⤵
  PID:9404
- C:\Windows\System\jxGZuQm.exe
  C:\Windows\System\jxGZuQm.exe
  2⤵
  PID:9500
- C:\Windows\System\mwmSfYs.exe
  C:\Windows\System\mwmSfYs.exe
  2⤵
  PID:9732
- C:\Windows\System\uVLCvZL.exe
  C:\Windows\System\uVLCvZL.exe
  2⤵
  PID:12352
- C:\Windows\System\uLVEYQD.exe
  C:\Windows\System\uLVEYQD.exe
  2⤵
  PID:12484
- C:\Windows\System\vDvRpcU.exe
  C:\Windows\System\vDvRpcU.exe
  2⤵
  PID:12540
- C:\Windows\System\FWQzKVy.exe
  C:\Windows\System\FWQzKVy.exe
  2⤵
  PID:12672
- C:\Windows\System\NXlLTMm.exe
  C:\Windows\System\NXlLTMm.exe
  2⤵
  PID:12852
- C:\Windows\System\zycUJgb.exe
  C:\Windows\System\zycUJgb.exe
  2⤵
  PID:12928
- C:\Windows\System\PBdDHSl.exe
  C:\Windows\System\PBdDHSl.exe
  2⤵
  PID:2792
- C:\Windows\System\gdbgeEg.exe
  C:\Windows\System\gdbgeEg.exe
  2⤵
  PID:2780
- C:\Windows\System\mviMlDj.exe
  C:\Windows\System\mviMlDj.exe
  2⤵
  PID:13112
- C:\Windows\System\JrTNdon.exe
  C:\Windows\System\JrTNdon.exe
  2⤵
  PID:13220
- C:\Windows\System\gHHhWbR.exe
  C:\Windows\System\gHHhWbR.exe
  2⤵
  PID:11744
- C:\Windows\System\DMuykYt.exe
  C:\Windows\System\DMuykYt.exe
  2⤵
  PID:11960
- C:\Windows\System\NScHplU.exe
  C:\Windows\System\NScHplU.exe
  2⤵
  PID:13268
- C:\Windows\System\yhIkluY.exe
  C:\Windows\System\yhIkluY.exe
  2⤵
  PID:11476
- C:\Windows\System\RGwRgHx.exe
  C:\Windows\System\RGwRgHx.exe
  2⤵
  PID:9100
- C:\Windows\System\yssVdNA.exe
  C:\Windows\System\yssVdNA.exe
  2⤵
  PID:10568
- C:\Windows\System\FWvQcKM.exe
  C:\Windows\System\FWvQcKM.exe
  2⤵
  PID:10720
- C:\Windows\System\RXoaPrA.exe
  C:\Windows\System\RXoaPrA.exe
  2⤵
  PID:9712
- C:\Windows\System\Caysrfz.exe
  C:\Windows\System\Caysrfz.exe
  2⤵
  PID:10488
- C:\Windows\System\CVAEvjA.exe
  C:\Windows\System\CVAEvjA.exe
  2⤵
  PID:12184
- C:\Windows\System\iNlKyuW.exe
  C:\Windows\System\iNlKyuW.exe
  2⤵
  PID:12512
- C:\Windows\System\TvqEZig.exe
  C:\Windows\System\TvqEZig.exe
  2⤵
  PID:11400
- C:\Windows\System\qcXDJAf.exe
  C:\Windows\System\qcXDJAf.exe
  2⤵
  PID:6356
- C:\Windows\System\IGMgiWM.exe
  C:\Windows\System\IGMgiWM.exe
  2⤵
  PID:10100
- C:\Windows\System\RQbdSNU.exe
  C:\Windows\System\RQbdSNU.exe
  2⤵
  PID:2380
- C:\Windows\System\sJJUTMC.exe
  C:\Windows\System\sJJUTMC.exe
  2⤵
  PID:4004
- C:\Windows\System\YTJQhyg.exe
  C:\Windows\System\YTJQhyg.exe
  2⤵
  PID:9376
- C:\Windows\System\HUdqlFd.exe
  C:\Windows\System\HUdqlFd.exe
  2⤵
  PID:1996
- C:\Windows\System\EAXktrW.exe
  C:\Windows\System\EAXktrW.exe
  2⤵
  PID:12820
- C:\Windows\System\WHclvSV.exe
  C:\Windows\System\WHclvSV.exe
  2⤵
  PID:11876
- C:\Windows\System\jfLxwfl.exe
  C:\Windows\System\jfLxwfl.exe
  2⤵
  PID:12216
- C:\Windows\System\XLOFcbT.exe
  C:\Windows\System\XLOFcbT.exe
  2⤵
  PID:8756
- C:\Windows\System\DAYSvGL.exe
  C:\Windows\System\DAYSvGL.exe
  2⤵
  PID:4832
- C:\Windows\System\eIAwnQn.exe
  C:\Windows\System\eIAwnQn.exe
  2⤵
  PID:12312
- C:\Windows\System\KlyJIRf.exe
  C:\Windows\System\KlyJIRf.exe
  2⤵
  PID:12492
- C:\Windows\System\GwnfMEK.exe
  C:\Windows\System\GwnfMEK.exe
  2⤵
  PID:12832
- C:\Windows\System\znKaeWh.exe
  C:\Windows\System\znKaeWh.exe
  2⤵
  PID:11836
- C:\Windows\System\NXpnJCz.exe
  C:\Windows\System\NXpnJCz.exe
  2⤵
  PID:13328
- C:\Windows\System\KWPrbQM.exe
  C:\Windows\System\KWPrbQM.exe
  2⤵
  PID:13356
- C:\Windows\System\TTVwEjR.exe
  C:\Windows\System\TTVwEjR.exe
  2⤵
  PID:13384
- C:\Windows\System\VioWehx.exe
  C:\Windows\System\VioWehx.exe
  2⤵
  PID:13404
- C:\Windows\System\rAmYQtd.exe
  C:\Windows\System\rAmYQtd.exe
  2⤵
  PID:13424
- C:\Windows\System\XhDSjfs.exe
  C:\Windows\System\XhDSjfs.exe
  2⤵
  PID:14060
- C:\Windows\System\dxYrYfO.exe
  C:\Windows\System\dxYrYfO.exe
  2⤵
  PID:14180
- C:\Windows\System\OHBxHxv.exe
  C:\Windows\System\OHBxHxv.exe
  2⤵
  PID:14292
- C:\Windows\System\RNLxoNC.exe
  C:\Windows\System\RNLxoNC.exe
  2⤵
  PID:14312
- C:\Windows\System\bpILNEH.exe
  C:\Windows\System\bpILNEH.exe
  2⤵
  PID:14332
- C:\Windows\System\odUPAHn.exe
  C:\Windows\System\odUPAHn.exe
  2⤵
  PID:4140
- C:\Windows\System\PfwZeRm.exe
  C:\Windows\System\PfwZeRm.exe
  2⤵
  PID:12116
- C:\Windows\System\FZNsBFD.exe
  C:\Windows\System\FZNsBFD.exe
  2⤵
  PID:4072
- C:\Windows\System\hahcNei.exe
  C:\Windows\System\hahcNei.exe
  2⤵
  PID:10600
- C:\Windows\System\JCrdJIG.exe
  C:\Windows\System\JCrdJIG.exe
  2⤵
  PID:2172
- C:\Windows\System\qfJnaPB.exe
  C:\Windows\System\qfJnaPB.exe
  2⤵
  PID:6756
- C:\Windows\System\xYPGqhM.exe
  C:\Windows\System\xYPGqhM.exe
  2⤵
  PID:3644
- C:\Windows\System\ncMvaDP.exe
  C:\Windows\System\ncMvaDP.exe
  2⤵
  PID:11764
- C:\Windows\System\RsWZlos.exe
  C:\Windows\System\RsWZlos.exe
  2⤵
  PID:13416
- C:\Windows\System\jylABLc.exe
  C:\Windows\System\jylABLc.exe
  2⤵
  PID:13436
- C:\Windows\System\VwXryxK.exe
  C:\Windows\System\VwXryxK.exe
  2⤵
  PID:13464
- C:\Windows\System\MRaAwse.exe
  C:\Windows\System\MRaAwse.exe
  2⤵
  PID:10540
- C:\Windows\System\EOVozsf.exe
  C:\Windows\System\EOVozsf.exe
  2⤵
  PID:10096
- C:\Windows\System\kXaPaIh.exe
  C:\Windows\System\kXaPaIh.exe
  2⤵
  PID:4272
- C:\Windows\System\XnMrXCV.exe
  C:\Windows\System\XnMrXCV.exe
  2⤵
  PID:13580
- C:\Windows\System\RwMAnpI.exe
  C:\Windows\System\RwMAnpI.exe
  2⤵
  PID:388
- C:\Windows\System\MzdhiUd.exe
  C:\Windows\System\MzdhiUd.exe
  2⤵
  PID:11448
- C:\Windows\System\kufHSbt.exe
  C:\Windows\System\kufHSbt.exe
  2⤵
  PID:12148
- C:\Windows\System\fXRHZYo.exe
  C:\Windows\System\fXRHZYo.exe
  2⤵
  PID:13692
- C:\Windows\System\SctlaGg.exe
  C:\Windows\System\SctlaGg.exe
  2⤵
  PID:13368
- C:\Windows\System\pqFdOdw.exe
  C:\Windows\System\pqFdOdw.exe
  2⤵
  PID:13396
- C:\Windows\System\CbNiNjd.exe
  C:\Windows\System\CbNiNjd.exe
  2⤵
  PID:11792
- C:\Windows\System\fTLeqgh.exe
  C:\Windows\System\fTLeqgh.exe
  2⤵
  PID:13540
- C:\Windows\System\ZyxTvuU.exe
  C:\Windows\System\ZyxTvuU.exe
  2⤵
  PID:13832
- C:\Windows\System\rdzMzwG.exe
  C:\Windows\System\rdzMzwG.exe
  2⤵
  PID:13992
- C:\Windows\System\ArWuhZq.exe
  C:\Windows\System\ArWuhZq.exe
  2⤵
  PID:12164
- C:\Windows\System\bRZXGnq.exe
  C:\Windows\System\bRZXGnq.exe
  2⤵
  PID:9072
- C:\Windows\System\OyGmpKe.exe
  C:\Windows\System\OyGmpKe.exe
  2⤵
  PID:9324
- C:\Windows\System\UJclrSC.exe
  C:\Windows\System\UJclrSC.exe
  2⤵
  PID:12800
- C:\Windows\System\tLXCtDs.exe
  C:\Windows\System\tLXCtDs.exe
  2⤵
  PID:14320
- C:\Windows\System\pJjbmFh.exe
  C:\Windows\System\pJjbmFh.exe
  2⤵
  PID:8936
- C:\Windows\System\YxjqwhN.exe
  C:\Windows\System\YxjqwhN.exe
  2⤵
  PID:704
- C:\Windows\System\hTyxanX.exe
  C:\Windows\System\hTyxanX.exe
  2⤵
  PID:6740
- C:\Windows\System\iNVsJaq.exe
  C:\Windows\System\iNVsJaq.exe
  2⤵
  PID:11724
- C:\Windows\System\IhqcRMH.exe
  C:\Windows\System\IhqcRMH.exe
  2⤵
  PID:11556
- C:\Windows\System\bTUCfeq.exe
  C:\Windows\System\bTUCfeq.exe
  2⤵
  PID:13684
- C:\Windows\System\JjdtfpI.exe
  C:\Windows\System\JjdtfpI.exe
  2⤵
  PID:13472
- C:\Windows\System\wLmdXyJ.exe
  C:\Windows\System\wLmdXyJ.exe
  2⤵
  PID:13780
- C:\Windows\System\elQMbGz.exe
  C:\Windows\System\elQMbGz.exe
  2⤵
  PID:13924
- C:\Windows\System\OFfRKwB.exe
  C:\Windows\System\OFfRKwB.exe
  2⤵
  PID:2372
- C:\Windows\System\LMnHRFZ.exe
  C:\Windows\System\LMnHRFZ.exe
  2⤵
  PID:14024
- C:\Windows\System\MIknAmI.exe
  C:\Windows\System\MIknAmI.exe
  2⤵
  PID:14188
- C:\Windows\System\GSanzqP.exe
  C:\Windows\System\GSanzqP.exe
  2⤵
  PID:13600
- C:\Windows\System\QNrTMdZ.exe
  C:\Windows\System\QNrTMdZ.exe
  2⤵
  PID:12804
- C:\Windows\System\wPckfbV.exe
  C:\Windows\System\wPckfbV.exe
  2⤵
  PID:13756
- C:\Windows\System\ZmFoxoQ.exe
  C:\Windows\System\ZmFoxoQ.exe
  2⤵
  PID:4076
- C:\Windows\System\GRfJWBz.exe
  C:\Windows\System\GRfJWBz.exe
  2⤵
  PID:14108
- C:\Windows\System\wdIDdUT.exe
  C:\Windows\System\wdIDdUT.exe
  2⤵
  PID:14136

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 3336 -i 3336 -h 572 -j 452 -s 468 -d 11212
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:13668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sx0lxyuh.ozg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AFeBUYp.exe

Filesize
2.2MB

MD5
d9b9f25e18a0cea0f49fbc6d0296f062

SHA1
705340f5a35b3006413a3992b6ff0ef64e896a80

SHA256
efd5e4df034d24bd633d86ab6d7e465268e7fd2df806936d2fa94f871afb11bc

SHA512
6c2861a8309ef14e89e975d839a9d3a4245ed6606ace1a436e3b5359799846a2270ae80589704248624a50f0279a8145d152a70c476e5912b8726125f0e3d5bf

Download Submit
C:\Windows\System\ClqDRbQ.exe

Filesize
2.2MB

MD5
ea9b8b82a6d5981715121cc2dea748bd

SHA1
f0b9d9dc6c133ad14646bf120623ce1d39af560f

SHA256
472f0d2436d607d1cce787ab525a9db2edd325ba819aa3c2b25084b8d68dff14

SHA512
e57488a88d54a1d6cdef12474613e7585af58e0ed3a86eefd5b3837aef100ccc7795d79e42b1829c518757ddca4708ab4aa51352d0e828bff615e927f0e73faa

Download Submit
C:\Windows\System\DhpmjeX.exe

Filesize
2.2MB

MD5
6bd145a54c57c33f14fd7d91c3e08699

SHA1
291d10c108d21ecdf0d00d8baa6df74ee5178453

SHA256
ae2620015d314d51e8576da12534b4983e3affa62c03e93cdc503709397d64c4

SHA512
59b7f987f9b3a0f0fba7a85939f3815240e60a03cfe33b69fe470c435617f3e4a0effb27cb5e4e458c35e1a3a24d26a254ce2e183595b5cf0baec3ee5d3d942d

Download Submit
C:\Windows\System\DruqEHp.exe

Filesize
2.2MB

MD5
01d74b38a713cf2d121041ce913623ae

SHA1
f5a4015db116f4e3e38d411a6a74bafec05024c7

SHA256
d97f5046ec936f26a197f09461c977ce0b06cab8150ded022d33d7ba59eaca56

SHA512
3f4b12c12359c4eec01edc89d3c8b1cf695eb8f9fcc7307deda403d1a941eda2e03071b67433f1b571630fe54828bdbecdb22f67a59cc1361957d75afec74b87

Download Submit
C:\Windows\System\DypDTzO.exe

Filesize
2.2MB

MD5
33f94a57359f5d389561cb5ad4a17d69

SHA1
d23baaf630dcbd5b0c561cd2edf8bafbb687f914

SHA256
3b9900ca80b9075793297117570b9afbe285772be42396053be36c4ba2c51894

SHA512
ae8b62e2130cfb2c8360150076215455ea3f60e3c7dd20ddb255c35a1bd4b875b2732793c492d25884de83a931993f63a9302c409bffbd301f8a1d8f7352c552

Download Submit
C:\Windows\System\EqGRGNr.exe

Filesize
2.2MB

MD5
37c6d11ce7bf53c030a4f08986eb1900

SHA1
7a42e394fc4fd8989b190f084485d8595b33ba70

SHA256
91c291cf2bb20ad6435da6e3e90d9ad7c4026a6eff352da36e44c3f3904578f8

SHA512
4bf81af8e3397a2eb0c4527d1e7a377f9b07b55f1bbec01bb049d313eaa1afe0889fd604cf90fdfb09aa61f3a693ad652b2c307a7e9bc83e8b5ae500b3e52707

Download Submit
C:\Windows\System\FUQdoFu.exe

Filesize
2.2MB

MD5
668afbc5650db7df35d8cd8c1ce406ce

SHA1
9ff762cf06cffb9a56053985a7c5456aabe4745a

SHA256
b96401bbeadbbb62b1274cca6df0691098ec20b7c8c23a23f76c2b178878a696

SHA512
6a3d147ce7bf1f1ca49bf754173c8700a6d57dbcc6dea25d6c3321a2f960592252afaba3aa50179d30d8dcc9ac5352cda24df0b71ecbb070d2c93b3988ea336b

Download Submit
C:\Windows\System\HspraBi.exe

Filesize
2.2MB

MD5
62449abba53c6c0dd218587896a2fcf8

SHA1
0361e3ba4e601a7cf917fd996505b42dd99d3d12

SHA256
3854334d3cdc0bf3c24e0cffa2b02232b6798a33f8775bf67f0d19f7e3bfab00

SHA512
876b43b50f15c8bcc24e2e62fc49d9453e30f0a14218ad3f7ba327280c63785c541615581b766dea2dbc800653a46d0034625cc9a5dc42e98b5a2b6a44195834

Download Submit
C:\Windows\System\IBpzwuz.exe

Filesize
2.2MB

MD5
ebe7828c3489eca115152c5ea7073b5a

SHA1
03b690bce2a71d1573ec6687ba884ebe22659c68

SHA256
0415f0aa164eac1529e29d42a9573b21d14b9c90a279c1421617199142a0b8bd

SHA512
853241ed49190cb4a092954bb76a76815a965a81bc264da365cb7c77ee38eb6daedb02c1cb973f43bbbbc4e0d3618ca811392cd5c001f80c7765c7c5e06f39f1

Download Submit
C:\Windows\System\JrXQhox.exe

Filesize
2.2MB

MD5
89311674e70db71f9ed98c974672bdc0

SHA1
490a338f2c659e6c1db636ae0cf9807da4d2a44b

SHA256
e9c51fdc6da18fd3604a99d7054e22d1586582dade0d4f494e1845ccb53dd8c1

SHA512
1b0b5346e9d3e82aba7650d846929632ec581a3f5504001c50510abbe1b568be87cb1f721c3b5cf81aa15c9395361956e24fb8fd80328ecc130ba2913c3a4a7c

Download Submit
C:\Windows\System\KPZlbXL.exe

Filesize
2.2MB

MD5
0fc9fe2f6889ba951060dae412901b72

SHA1
847fb0b406ccd998d7acb5bc34e6b29992d9f023

SHA256
e894056366d1c3225387bf16470d9ceaa4678e048ab698e307e93e1d30c32894

SHA512
61ab575a932f1ebf1aa360bef2909ca1acec02e13b3a04e07128fb4ebeac744dd8ad5430527058ba57cfddb69246f6f7d60e07884fd5432fc1f400f956c1ef66

Download Submit
C:\Windows\System\KULgdNK.exe

Filesize
2.2MB

MD5
9fb803204b8556190c9924aa000a8ef0

SHA1
475b103187fb6b2e7b1d715edd2223f20e1b9052

SHA256
da1c1fb1d7dcb512c6591ab70d60e58387f67b20971307079b12998c5c02935f

SHA512
7e3c460cd44766bcc04ea93b728706f2d6e0c9102b81e3aebb5969a71f858184ba2226a7fb36123a18145228ccc2aa5ce334a688d76fd98dc3424ed97d8d05ce

Download Submit
C:\Windows\System\KaKMnWY.exe

Filesize
2.2MB

MD5
20115198a4252ff9ec21ed3e6cd79444

SHA1
77a512af993bfc00f8169f67fbe6c3ec21c36eaf

SHA256
04509af11a4d22fa70abe43a9445123952f7613e8386ee72321eec960bf1d764

SHA512
8c1b7c34b7366f51032ed8ef7d2b5ec2f3fa38657d00fb053ec922bd5971026e633e9871f09fca73a27a17623fd199749d373f28339bcb89074016e092b39dd7

Download Submit
C:\Windows\System\KnBnnmR.exe

Filesize
2.2MB

MD5
848a14e2788f755c5bddab91c0dfc542

SHA1
d340629393292fd25001727858f77304ce381ad3

SHA256
74fd14f782cbbb76b2453a198f0856a32f8b108dfdcbabd7bfa0e237519a703d

SHA512
d09f3ec0c92d6546497ab0cbadbf2ade24cbc596da95af7e746324a9ee299864b2087d536fc0959dba3fe89e82c7160f6947939ab63e3db0b9c101880220dae0

Download Submit
C:\Windows\System\LdecHiz.exe

Filesize
2.2MB

MD5
269524ca609aa55c235d262014323c9f

SHA1
139db7ba151661da959758468677f50bb2beebdf

SHA256
ac964129466547e2d88ca8329aff9f1ba08c81b3bcfd99e8d7934d8347dfd8b1

SHA512
d9b8f77cbdba585104e0d620f53902954457322e4346085fa2f9419998dc8ff0b02829c3f831c8b530c32b6cd63f95f6e2183174f260a6c4f42368e923b4393a

Download Submit
C:\Windows\System\LkxfEyV.exe

Filesize
2.2MB

MD5
165f6a1a31edb579e1c2cab92739ac2e

SHA1
619bdab63b6b7cd6193e9b77f8fbcb69d35de2c4

SHA256
4fbf7e276381bbd5605768d788461ff4fbd5f3ca40a4f4b2a5cb16425c67afc8

SHA512
91d9e831e38e9937442187bc8e2c9ea290c33a0b2185fbab6d247ede548ebe3e114ed81cbbe25be29045ecbdf57f06500dd790394b7a4db300e429a7ce137013

Download Submit
C:\Windows\System\OkLAAxs.exe

Filesize
2.2MB

MD5
18aacc2bdb6782c969af866469c3e377

SHA1
36185e7a322cb2ce3b5838996befa8ef4e624043

SHA256
e33483d9780480305c8b2bdfa9b81faeaaa88e8074dd423ebccaaf7c14881a9c

SHA512
66f041ddda77e8a547d3b01f8f6b45ef22ebfddfeb5bc14d61ab926ce177b8d301a1ce15ec99ebb578e7b500234bd31541e44c55a732b6fba27c5a1b9dd4b9e8

Download Submit
C:\Windows\System\PXfXrcu.exe

Filesize
2.2MB

MD5
25678bb0401b8116a0eaf380ddaeae97

SHA1
7340de0f25485e17ba4f1afc70fccf06ea3e906e

SHA256
37220969290dec2d188912ece2facdd6551f49ed683011d999d65f0acb8eff37

SHA512
6cc81a3a65a8323a6411a6e800ae71f9ba0e2b8267c441bb038a6bd63b9511f4824f3d3bb4c40e7d229898759a07d87507b486d054df47f99a70d5bfd0f7e117

Download Submit
C:\Windows\System\RDztJEn.exe

Filesize
2.2MB

MD5
e2b126308d3d2c9bdd6657dc18484287

SHA1
f47d887ff4b5a940461ec0309f5d8c89a2e815d7

SHA256
70b785e21f695932ed3dd5ad8e4c02d20da35a424332957b2fa2f7f323334220

SHA512
4f6a8f1685665067fdf70e7386a7ad6c03da948ef5e2221f29097a0558bdab9e3673bc6c008de621a5d36f77891e471e71ce64a07cdf07ef38c43eceb90a6078

Download Submit
C:\Windows\System\SnRXiSi.exe

Filesize
2.2MB

MD5
28ca456f539afc1393ca696ff780151b

SHA1
086e4cc7335cf2a84b4f531b20ea5ed2338d0645

SHA256
f3024068421057d0f653674b5153b9c0c0ca18de80c086b488a9c3f4851f572f

SHA512
2cf6092e5fa75d7ae7f71a55838c051ed82ef943ef6ae6b34e134e7eda84595a9f083fec7e8bb51427a888dd14ba3c4360fee0ccdef35781ce26ae3cba9d1f13

Download Submit
C:\Windows\System\TEGpoMy.exe

Filesize
2.2MB

MD5
c54d22e28898aae8c3e9d906eac413a7

SHA1
c9b0f8b2e8ad41b3baccc1b9cc116f12a0e4f975

SHA256
0c264282343d654d25d1ce5bd51708ffd3c98b19e004c7e3a0eb562e7f1b7165

SHA512
d72af1fad23060dde8630a1ed1de62fb1e5271d9a742af8cdf229b1ae65b57f482be92fa1ad800d892968bbc765ded509af0aaae1acde3932e8359790e5eab11

Download Submit
C:\Windows\System\ULhJItS.exe

Filesize
2.2MB

MD5
b4227ff191695d1158f0a624e74d16e1

SHA1
72e3a3eea40e1834abd3a9ee1cd814360c65ca89

SHA256
ac9dffd91fdf90de73ca3152f330e3a7de10739cf8a73d102669b071f85e45f1

SHA512
ea026bbe471d75534ee83b2652f515b36ebb3bc14292031eef956bd5c7ba5a7c7c0bb979310c25fe4ce1b7ade0ca0292590b20d2babcbe4fec01285c145a6ed5

Download Submit
C:\Windows\System\UpHwnjI.exe

Filesize
2.2MB

MD5
f244eadddb006566673610e5a3f3b560

SHA1
61a20a64012513a024176d1143b5a90934ed9b9c

SHA256
007e67500be105bd7166981bee78c892a0b43b00093bc377f6a1331fa49d390e

SHA512
45ca0b1659203edf301589533fc90c56013fc201194faaff02e5795cd604db54b6faa8b0640c51b3beb38c15f319f3871ea50f104f08fcdb8ce3f73f5aa08d9d

Download Submit
C:\Windows\System\VcvBOcB.exe

Filesize
2.2MB

MD5
79f36950e57e429c5da1d023e3dfecca

SHA1
181c6345b7ab7ad44246e8f25f1dd9c7bf444d0b

SHA256
77f888e0088e82561c6469a52e36cf9eea884964f4571632021371b49005fc30

SHA512
f1c9e76dda02f7254d81a1eabac399eef038ad8d28a1ca590f63a9fdd22a3217501d2342ed10e85b8c5283f4c5a4d51a69da39504e7dff9e38b68b82f0357f88

Download Submit
C:\Windows\System\VkKbmSB.exe

Filesize
2.2MB

MD5
1360defd52ddc61e11f3c700784b5ddf

SHA1
7dfd10aef5218becbc8398844ad2fb8560886cba

SHA256
4156cb8298c2a31a4e66feb145956595e561b8d08cb764fd136b9b807effd353

SHA512
306da9b914706320db1596c9e327da4342e09d7cf1b0385bde93f3b6e4f0581b299dd7a3e4c5c32cec0b569fe6845cdf62b2aabdd76691485c84eb6e96ccf204

Download Submit
C:\Windows\System\WGtlzst.exe

Filesize
2.2MB

MD5
32a416bf189be224e23a2705e3d4d962

SHA1
16274c350f099b767f26480cc7397197bf5d8155

SHA256
6598825d5e257af4706ef3acb14edcba2ea7c3bba435fd77e3cc350e8e66d05e

SHA512
45fe0ba854b9a7022cebdb794ec98e4d8e3d2bc49dc33efd92adb4cecc92a73f3f5209f07ea8ab1aa9b2f82fea92c203357aa11bb5dc1bf819550af61251f4f8

Download Submit
C:\Windows\System\XArQtuf.exe

Filesize
2.2MB

MD5
85f93ce9b39a5c047b6d52a325064b9e

SHA1
bb3485b9ea58fb406c97822c3d7a26eeef7ad5a4

SHA256
c78c2fc3a3a05448ba33706f1f00e7267a1253a0be8d4a069cf2cab2371d87cd

SHA512
b48959622c01bb9598678c8e184c6ad31f8304c27cea71c21f1bc60536327c6a5030f74d00c9d21ea10207702e6fec065837cdd0098f43a80069781db3c33977

Download Submit
C:\Windows\System\XIWShYv.exe

Filesize
2.2MB

MD5
54b449636b1c91a703b0618a60c8dbe1

SHA1
ebb0cc366b7ef7bdc5c78e3a30e389dbd68fbb79

SHA256
8a1bd3d9f6892c2d2a3eed7a7d45dcd8921d1aa5aeb89ffd29dfd5abd07c963c

SHA512
59ce3681e900854872973844b23243a46c6540602d9941bef537208fc053359b398ba07363443fb0da20e5972bf7e4bb5449a07f9940e4bfb633061877db66dd

Download Submit
C:\Windows\System\YPDXiBv.exe

Filesize
2.2MB

MD5
fb40b9c541a446c391883290a469bac3

SHA1
500557bc3944191b82fe967d710e011b6c9fd183

SHA256
fc6a730405cb92ac5b00a860dd3fa6064ef9861d7c80384da60a5ad58cd0c15b

SHA512
08fd5729db5f5766bb585b464e7849d144844ad7527673c523a3ed3339d35d541eb4fa5572a4b50b2eb42ed1b4c31c56ec20e1507d48573aa68dbe341adda0ed

Download Submit
C:\Windows\System\YWnMhiB.exe

Filesize
2.2MB

MD5
bd98c02e75381011b597207ca956cd3f

SHA1
da91888164577b0537be7e2187aa7327ae430d65

SHA256
af8066cc4ee87e9644f83247697909b6dcfe9cfadf950176efdb0d3089a88a00

SHA512
b5d5bef36042b065ef3aa3de7de9620ddac3abfe2dd2876cbcea1dbc710d792c0fe0540cd51b41e7fc9f999b1311d0e68db666b650f5a5bbb866f6a3c60e4cc0

Download Submit
C:\Windows\System\bHcqWWt.exe

Filesize
2.2MB

MD5
7bd7c8152a41cc531565b5ab924b6492

SHA1
91fb8bcff4ca7ba286676a836e3de3eda9a0e598

SHA256
e910dd06afe6fa7578a5e71f36b138d2fffbb548b35659ada09382f5b0097750

SHA512
379b56be19cf9c1b9e086b2eb8c44e61680f8876b1c87254a27247c0e69c1008d0cb4ba645ce7576a46649fe2c234f32d99eb635e040e6eca8c080321dba7d8d

Download Submit
C:\Windows\System\emnUQSi.exe

Filesize
2.2MB

MD5
10681c29b9a9f5fe4ce67637d59e4af4

SHA1
d9f604698219f8e5a6191d414a0c1a8a0c794373

SHA256
f5a54a3bbc13edce71355f9155f4224c25bc7128eba30ddaf7adf401000edd2d

SHA512
db600f919baa5b205f7c73afaec90496076bee55208fed1cd56560c77280be0b411bb9b2bc450c1c27d902ca25a0c0c03c2074ec08ed698060ad85b22cac6b45

Download Submit
C:\Windows\System\fgpxgXE.exe

Filesize
2.2MB

MD5
fb164c11756a6f84558c8ce00b3f4d3f

SHA1
e485662c85ef67424860f988977664f77e098556

SHA256
5da56216573fbe853159a76534df60682324881473ed322c668e3eac030d44bc

SHA512
64660dc68314d35bc525d02656fa870175d2e58063b0eeacf02ed32dc6cbe3846c966c17de41b77d524a1c634c6aa6594d34fe93301859a03b666ec675ffd215

Download Submit
C:\Windows\System\jdNhiBr.exe

Filesize
2.2MB

MD5
dd813c9d11bed0396bb10a71dd97989f

SHA1
1590d6a72144032b9ca81e6b8e71da87fbc0401c

SHA256
c5ba7b20adfe5eef6634d61c4141c7ccc6544ae0457f45bbf94b60cbcf3dbd9a

SHA512
fa872f3dc7fc9ada89f2de60fed54cd5fed4e77b3c4f301000764083b10ebcffaff04133ce92e98bea71e0ed3489cfaf4154e7ca6b7c5a07a7d6f09632895128

Download Submit
C:\Windows\System\qPZUFoC.exe

Filesize
2.2MB

MD5
e27edc2b5040204d66cacb25ecb723b0

SHA1
d85ea5066262b371d40b1d595b1f12e23005b16b

SHA256
424144429c1ab45169bf038cb66b2abeef4ae50f0d34acd89c28371bf2818442

SHA512
c0b5456becd6dde1f681607b869a5d30f50b51ae191278f57313eeb40070df6aa9fb0c3a885ba240e7d4afe96e11cc191a941d6dc10c50fbe1bea32336f28338

Download Submit
C:\Windows\System\sfuBmVW.exe

Filesize
2.2MB

MD5
5bb759f0d941abf18525c14de0e428c6

SHA1
691ccaaf174ad7c967a57a0f197191f6736fdcfa

SHA256
e8eba0c1ca61551160433b9037ff2dc12b49bb88668fe7427bd37f6c41e7417d

SHA512
cdc7b087b5ab6491d0b227f882f245d07c7e2d12a580728018e62a13784976351e0e2b56a3d94bb4301acde412e916a17f56985af3da1ebcfb54985efc43ca47

Download Submit
C:\Windows\System\xhYcdYW.exe

Filesize
2.2MB

MD5
c5d0c7f10faf88956569906712345b68

SHA1
3af34095e8a0f8ca3c1e188fd2902a00d1b7ab33

SHA256
a010c314a2499eafdcff08adf7f7cffefefe565cda89c9585da7db145367b5e5

SHA512
26f055039650416dd669672f6615a8fc438459ee6630588bc8e018fc54813c3fd2f30cae2b412dbff9f867a44a1e77b825cf876d052ef6bc6e21b3fc649a354b

Download Submit
C:\Windows\System\xmLlVpg.exe

Filesize
2.2MB

MD5
2f982545d8adeb43737b5e3d9532b50e

SHA1
ae577fc7b78ea6c15235802f5077c0db5ca7998b

SHA256
8017ea75c3f10968661dd673d8ef595c7a61a1cbb3774eabe1a8eaf673a0a763

SHA512
01d283f87a04e45e997213d7a43327a2efbda212c11c83644954c9874b97eb40c913f22162ef875e0dadba31f58e8c70962a4266635d48ae369c5ccc4a15893b

Download Submit
C:\Windows\System\xzMSuyE.exe

Filesize
2.2MB

MD5
56384e6e22151d625872e5adf2b3ae24

SHA1
4f5ca1578c92cfd6c16345015cc66ecee1228455

SHA256
d715eb17b9edf27d0a1688660f591519f1398235ba582c25e15ad7b313f2ab24

SHA512
cd0633b134f045c3d5d3391c8a015ea0d4084dd935e5f931c55ee1938f1a977d9520362a9286eff32399e4c5cc99498d7257bb5af5b477a606f487e59aa08415

Download Submit
memory/348-222-0x00007FF788210000-0x00007FF788602000-memory.dmp

Filesize
3.9MB

Download
memory/348-2747-0x00007FF788210000-0x00007FF788602000-memory.dmp

Filesize
3.9MB

Download
memory/644-245-0x00007FF7F4760000-0x00007FF7F4B52000-memory.dmp

Filesize
3.9MB

Download
memory/644-2731-0x00007FF7F4760000-0x00007FF7F4B52000-memory.dmp

Filesize
3.9MB

Download
memory/768-97-0x00007FF768C10000-0x00007FF769002000-memory.dmp

Filesize
3.9MB

Download
memory/768-2724-0x00007FF768C10000-0x00007FF769002000-memory.dmp

Filesize
3.9MB

Download
memory/1300-187-0x00007FF629A50000-0x00007FF629E42000-memory.dmp

Filesize
3.9MB

Download
memory/1300-2726-0x00007FF629A50000-0x00007FF629E42000-memory.dmp

Filesize
3.9MB

Download
memory/1316-2754-0x00007FF7E3710000-0x00007FF7E3B02000-memory.dmp

Filesize
3.9MB

Download
memory/1316-483-0x00007FF7E3710000-0x00007FF7E3B02000-memory.dmp

Filesize
3.9MB

Download
memory/1332-2759-0x00007FF743150000-0x00007FF743542000-memory.dmp

Filesize
3.9MB

Download
memory/1332-304-0x00007FF743150000-0x00007FF743542000-memory.dmp

Filesize
3.9MB

Download
memory/1984-2740-0x00007FF7805F0000-0x00007FF7809E2000-memory.dmp

Filesize
3.9MB

Download
memory/1984-512-0x00007FF7805F0000-0x00007FF7809E2000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2722-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp

Filesize
3.9MB

Download
memory/2076-516-0x00007FF6E79A0000-0x00007FF6E7D92000-memory.dmp

Filesize
3.9MB

Download
memory/2196-517-0x00007FF63AFD0000-0x00007FF63B3C2000-memory.dmp

Filesize
3.9MB

Download
memory/2196-2783-0x00007FF63AFD0000-0x00007FF63B3C2000-memory.dmp

Filesize
3.9MB

Download
memory/2556-2758-0x00007FF628980000-0x00007FF628D72000-memory.dmp

Filesize
3.9MB

Download
memory/2556-515-0x00007FF628980000-0x00007FF628D72000-memory.dmp

Filesize
3.9MB

Download
memory/2576-2729-0x00007FF71D0B0000-0x00007FF71D4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2576-190-0x00007FF71D0B0000-0x00007FF71D4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2592-345-0x00007FF7EDDC0000-0x00007FF7EE1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2592-2788-0x00007FF7EDDC0000-0x00007FF7EE1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2864-0-0x00007FF7E70C0000-0x00007FF7E74B2000-memory.dmp

Filesize
3.9MB

Download
memory/2864-1-0x000001CCFD670000-0x000001CCFD680000-memory.dmp

Filesize
64KB

Download
memory/2876-514-0x00007FF75B080000-0x00007FF75B472000-memory.dmp

Filesize
3.9MB

Download
memory/2876-2734-0x00007FF75B080000-0x00007FF75B472000-memory.dmp

Filesize
3.9MB

Download
memory/3456-2736-0x00007FF766E10000-0x00007FF767202000-memory.dmp

Filesize
3.9MB

Download
memory/3456-435-0x00007FF766E10000-0x00007FF767202000-memory.dmp

Filesize
3.9MB

Download
memory/3464-2743-0x00007FF6055B0000-0x00007FF6059A2000-memory.dmp

Filesize
3.9MB

Download
memory/3464-511-0x00007FF6055B0000-0x00007FF6059A2000-memory.dmp

Filesize
3.9MB

Download
memory/3648-388-0x00007FF6C55F0000-0x00007FF6C59E2000-memory.dmp

Filesize
3.9MB

Download
memory/3648-2786-0x00007FF6C55F0000-0x00007FF6C59E2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-518-0x00007FF60CE20000-0x00007FF60D212000-memory.dmp

Filesize
3.9MB

Download
memory/4116-2738-0x00007FF60CE20000-0x00007FF60D212000-memory.dmp

Filesize
3.9MB

Download
memory/4204-2745-0x00007FF7C44F0000-0x00007FF7C48E2000-memory.dmp

Filesize
3.9MB

Download
memory/4204-482-0x00007FF7C44F0000-0x00007FF7C48E2000-memory.dmp

Filesize
3.9MB

Download
memory/4344-303-0x000002106D1B0000-0x000002106D1D2000-memory.dmp

Filesize
136KB

Download
memory/4344-2675-0x00007FFD0AB00000-0x00007FFD0B5C1000-memory.dmp

Filesize
10.8MB

Download
memory/4344-49-0x000002106CD10000-0x000002106CD20000-memory.dmp

Filesize
64KB

Download
memory/4344-48-0x00007FFD0AB00000-0x00007FFD0B5C1000-memory.dmp

Filesize
10.8MB

Download
memory/4532-2720-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp

Filesize
3.9MB

Download
memory/4532-66-0x00007FF6D0270000-0x00007FF6D0662000-memory.dmp

Filesize
3.9MB

Download
memory/4708-2733-0x00007FF6B4750000-0x00007FF6B4B42000-memory.dmp

Filesize
3.9MB

Download
memory/4708-142-0x00007FF6B4750000-0x00007FF6B4B42000-memory.dmp

Filesize
3.9MB

Download
memory/4848-2752-0x00007FF7D22B0000-0x00007FF7D26A2000-memory.dmp

Filesize
3.9MB

Download
memory/4848-513-0x00007FF7D22B0000-0x00007FF7D26A2000-memory.dmp

Filesize
3.9MB

Download