xmrig | 762cc3d88513276a56dd306ccbfba748e93ab69012045acd56d42ce0ee7f0bd9

Analysis

max time kernel
150s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
Size

1.7MB
MD5

0aaf955d9dbcc49c01e9abeb00c81e7a
SHA1

1dcfc7b9fe63b206bcd2a6c2327a6410c5899735
SHA256

762cc3d88513276a56dd306ccbfba748e93ab69012045acd56d42ce0ee7f0bd9
SHA512

e033d68f71f933c1be157b4291ada996b8a1611b6cf3197b31b2fdf306f3581ddf2ae9d0e321a9f8dbf3f2139c2584319c58efc2d7f156bd910e3a2467997b4b
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SGkMKO:NAB3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 31 IoCs

miner

resource	yara_rule
behavioral2/memory/4536-43-0x00007FF74E190000-0x00007FF74E582000-memory.dmp	xmrig
behavioral2/memory/3708-77-0x00007FF7C53B0000-0x00007FF7C57A2000-memory.dmp	xmrig
behavioral2/memory/4804-98-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp	xmrig
behavioral2/memory/2040-103-0x00007FF620E40000-0x00007FF621232000-memory.dmp	xmrig
behavioral2/memory/2032-141-0x00007FF66BE50000-0x00007FF66C242000-memory.dmp	xmrig
behavioral2/memory/512-148-0x00007FF62D500000-0x00007FF62D8F2000-memory.dmp	xmrig
behavioral2/memory/5012-147-0x00007FF7A9E00000-0x00007FF7AA1F2000-memory.dmp	xmrig
behavioral2/memory/1624-135-0x00007FF615390000-0x00007FF615782000-memory.dmp	xmrig
behavioral2/memory/2216-129-0x00007FF683730000-0x00007FF683B22000-memory.dmp	xmrig
behavioral2/memory/2728-125-0x00007FF662030000-0x00007FF662422000-memory.dmp	xmrig
behavioral2/memory/4212-119-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp	xmrig
behavioral2/memory/4488-115-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp	xmrig
behavioral2/memory/1380-108-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp	xmrig
behavioral2/memory/4624-99-0x00007FF6B3A60000-0x00007FF6B3E52000-memory.dmp	xmrig
behavioral2/memory/4868-80-0x00007FF74CF80000-0x00007FF74D372000-memory.dmp	xmrig
behavioral2/memory/2228-74-0x00007FF643240000-0x00007FF643632000-memory.dmp	xmrig
behavioral2/memory/4012-73-0x00007FF7A3710000-0x00007FF7A3B02000-memory.dmp	xmrig
behavioral2/memory/744-67-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp	xmrig
behavioral2/memory/4532-59-0x00007FF7548B0000-0x00007FF754CA2000-memory.dmp	xmrig
behavioral2/memory/1460-54-0x00007FF7CC0A0000-0x00007FF7CC492000-memory.dmp	xmrig
behavioral2/memory/1808-3700-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp	xmrig
behavioral2/memory/4804-4749-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp	xmrig
behavioral2/memory/2228-4757-0x00007FF643240000-0x00007FF643632000-memory.dmp	xmrig
behavioral2/memory/744-4763-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp	xmrig
behavioral2/memory/1380-4790-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp	xmrig
behavioral2/memory/1808-4797-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp	xmrig
behavioral2/memory/4488-4795-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp	xmrig
behavioral2/memory/2728-4805-0x00007FF662030000-0x00007FF662422000-memory.dmp	xmrig
behavioral2/memory/4212-4860-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp	xmrig
behavioral2/memory/1624-4997-0x00007FF615390000-0x00007FF615782000-memory.dmp	xmrig
behavioral2/memory/4952-5965-0x00007FF65F890000-0x00007FF65FC82000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4804	adVclhC.exe
4536	bpPGeTh.exe
1460	TlGPnJU.exe
4532	gnQRAgS.exe
744	SIoGFPe.exe
4012	TBeUNuC.exe
2228	zULnbJB.exe
4624	tVhhzWE.exe
2040	SNVstWd.exe
3708	zBoSDNn.exe
4868	tkqSZnI.exe
1380	kJoPpxO.exe
4488	dRDbJjj.exe
1808	GXQnLfk.exe
2728	pvIgSVS.exe
4212	OYxgOID.exe
2216	umvUWkb.exe
1624	DjBYTIm.exe
2032	hQwdKkt.exe
5012	lzBybqy.exe
512	PWsAxAD.exe
4092	lddpPXq.exe
1928	OgznKJk.exe
2036	lBLnFVH.exe
3648	tZFtnfc.exe
2612	izerFVj.exe
4964	RfLGiOR.exe
1220	jWEqehO.exe
4700	jlMIbSE.exe
2420	idFyPFg.exe
4876	yraliBt.exe
3980	SpjrlSe.exe
3064	yXNIFGn.exe
2328	jCANBhb.exe
1464	NMRceSx.exe
2212	INrmoDG.exe
3820	XnwnXzf.exe
4168	kYjymAz.exe
4696	vcdpuya.exe
4224	ErHxucn.exe
3116	uFJMoUE.exe
4228	oRQbvTG.exe
5096	johTlhC.exe
3972	quPOyvO.exe
1656	UZKnRLI.exe
3624	tRWWbfN.exe
3956	uTGGKCD.exe
4864	ApELmHE.exe
4352	APfARlU.exe
3884	sykETZE.exe
3468	BbBDgtj.exe
2140	TCDwlrk.exe
3160	qPVxCTS.exe
4284	RyWQwXG.exe
3892	FOYcftX.exe
1496	cVMOIAM.exe
3612	hOaBBRu.exe
4192	LThCkPj.exe
4652	nDlcCwM.exe
1948	ZdMuOXx.exe
3444	dhteayK.exe
3952	TLjGKvo.exe
5108	ZEwButg.exe
760	iBIZFkk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4952-0-0x00007FF65F890000-0x00007FF65FC82000-memory.dmp	upx
behavioral2/files/0x000d000000023b90-13.dat	upx
behavioral2/files/0x000a000000023b99-11.dat	upx
behavioral2/files/0x000a000000023b9b-17.dat	upx
behavioral2/files/0x000a000000023b9d-22.dat	upx
behavioral2/files/0x000a000000023b9c-21.dat	upx
behavioral2/files/0x000a000000023b9a-6.dat	upx
behavioral2/memory/4536-43-0x00007FF74E190000-0x00007FF74E582000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-51.dat	upx
behavioral2/files/0x000a000000023ba0-57.dat	upx
behavioral2/files/0x000a000000023ba2-65.dat	upx
behavioral2/memory/3708-77-0x00007FF7C53B0000-0x00007FF7C57A2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba4-83.dat	upx
behavioral2/memory/4804-98-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp	upx
behavioral2/memory/2040-103-0x00007FF620E40000-0x00007FF621232000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-112.dat	upx
behavioral2/files/0x000b000000023b96-120.dat	upx
behavioral2/files/0x000b000000023baa-130.dat	upx
behavioral2/memory/2032-141-0x00007FF66BE50000-0x00007FF66C242000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-151.dat	upx
behavioral2/files/0x000a000000023bb0-169.dat	upx
behavioral2/files/0x000a000000023bb5-186.dat	upx
behavioral2/files/0x000a000000023bb7-196.dat	upx
behavioral2/files/0x000a000000023bb6-191.dat	upx
behavioral2/files/0x000a000000023bb4-189.dat	upx
behavioral2/files/0x000a000000023bb3-184.dat	upx
behavioral2/files/0x000a000000023bb2-179.dat	upx
behavioral2/files/0x000a000000023bb1-174.dat	upx
behavioral2/files/0x000a000000023baf-164.dat	upx
behavioral2/files/0x000a000000023bad-154.dat	upx
behavioral2/files/0x000a000000023bac-149.dat	upx
behavioral2/memory/512-148-0x00007FF62D500000-0x00007FF62D8F2000-memory.dmp	upx
behavioral2/memory/5012-147-0x00007FF7A9E00000-0x00007FF7AA1F2000-memory.dmp	upx
behavioral2/files/0x000b000000023ba9-142.dat	upx
behavioral2/files/0x000a000000023bab-136.dat	upx
behavioral2/memory/1624-135-0x00007FF615390000-0x00007FF615782000-memory.dmp	upx
behavioral2/memory/2216-129-0x00007FF683730000-0x00007FF683B22000-memory.dmp	upx
behavioral2/memory/2728-125-0x00007FF662030000-0x00007FF662422000-memory.dmp	upx
behavioral2/memory/4212-119-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp	upx
behavioral2/memory/4488-115-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-114.dat	upx
behavioral2/files/0x000a000000023ba7-110.dat	upx
behavioral2/memory/1380-108-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp	upx
behavioral2/memory/4624-99-0x00007FF6B3A60000-0x00007FF6B3E52000-memory.dmp	upx
behavioral2/memory/1808-86-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp	upx
behavioral2/memory/4868-80-0x00007FF74CF80000-0x00007FF74D372000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-81.dat	upx
behavioral2/memory/2228-74-0x00007FF643240000-0x00007FF643632000-memory.dmp	upx
behavioral2/memory/4012-73-0x00007FF7A3710000-0x00007FF7A3B02000-memory.dmp	upx
behavioral2/files/0x000a000000023ba3-68.dat	upx
behavioral2/memory/744-67-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp	upx
behavioral2/memory/4532-59-0x00007FF7548B0000-0x00007FF754CA2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba1-62.dat	upx
behavioral2/memory/1460-54-0x00007FF7CC0A0000-0x00007FF7CC492000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-35.dat	upx
behavioral2/memory/1808-3700-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp	upx
behavioral2/memory/4804-4749-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp	upx
behavioral2/memory/2228-4757-0x00007FF643240000-0x00007FF643632000-memory.dmp	upx
behavioral2/memory/744-4763-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp	upx
behavioral2/memory/1380-4790-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp	upx
behavioral2/memory/1808-4797-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp	upx
behavioral2/memory/4488-4795-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp	upx
behavioral2/memory/2728-4805-0x00007FF662030000-0x00007FF662422000-memory.dmp	upx
behavioral2/memory/4212-4860-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uYPBarT.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\hQwdKkt.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\vJmcIVw.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\dLXIXnz.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\txCulqz.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\DrQusyv.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\xygwxsj.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\rWVeAsy.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\ncQqQZi.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\rWFsnRW.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\xGnLRaS.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\QVUuxUO.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\nqbVmvp.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\uNkEQlO.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\lyyuKAg.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\eeojwXW.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\aGAgoLr.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\ABvgYvs.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\xnatncw.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\hHLBDAg.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\IcFvlpd.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\cwluSwx.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\XYzVJSf.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\ggXGlUp.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\dxJULhf.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\jTHZVCq.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\vuqCMyW.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\APNNURK.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\vyJZwxS.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\YDmPQUX.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\DNJCECE.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\uvcvrVx.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\pqZUodc.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\vYbdmGj.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\lgMQghC.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\wHZyvRj.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\PBJvMFB.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\MUTLVxb.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\sqmpHvE.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\yWqllYi.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\YVygoLW.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\WiaHVIU.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\NKSZOlW.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\JAYCBlT.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\DpoxMQO.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\ggVywHO.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\uLnyhCe.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\uFJMoUE.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\mlRJUAq.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\DClGnFQ.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\oDUXqHX.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\MHDCBxo.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\HLzhBuB.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\cifIkaQ.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\LCwuNwX.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\sQiczIU.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\lAGIAQi.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\mkEmCEd.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\sygvXkN.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\hOaBBRu.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\jwQqqGJ.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\nxeAHIU.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\ZZpGrGg.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
File created	C:\Windows\System\JywtZLo.exe	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4464	powershell.exe
4464	powershell.exe
4464	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
5380	Process not Found
13740	Process not Found
5664	Process not Found
5384	Process not Found
5468	Process not Found
5496	Process not Found
5692	Process not Found
5716	Process not Found
4448	Process not Found
4560	Process not Found
7792	Process not Found
3488	Process not Found
10824	Process not Found
4940	Process not Found
4408	Process not Found
5536	Process not Found
13912	Process not Found
13948	Process not Found
8232	Process not Found
4616	Process not Found
13240	Process not Found
2624	Process not Found
3212	Process not Found
3248	Process not Found
3260	Process not Found
3280	Process not Found
3684	Process not Found
3556	Process not Found
4592	Process not Found
1880	Process not Found
5624	Process not Found
5740	Process not Found
5792	Process not Found
4892	Process not Found
13848	Process not Found
6100	Process not Found
14016	Process not Found
2304	Process not Found
3696	Process not Found
5232	Process not Found
5344	Process not Found
5412	Process not Found
5352	Process not Found
3120	Process not Found
5912	Process not Found
6136	Process not Found
11104	Process not Found
2752	Process not Found
5176	Process not Found
6180	Process not Found
13896	Process not Found
6348	Process not Found
1500	Process not Found
6360	Process not Found
6388	Process not Found
5172	Process not Found
6472	Process not Found
6528	Process not Found
6584	Process not Found
6580	Process not Found
6636	Process not Found
4512	Process not Found
6696	Process not Found
6724	Process not Found

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
Token: SeDebugPrivilege	4464	powershell.exe
Token: SeCreateGlobalPrivilege	5844	dwm.exe
Token: SeChangeNotifyPrivilege	5844	dwm.exe
Token: 33	5844	dwm.exe
Token: SeIncBasePriorityPrivilege	5844	dwm.exe
Token: SeCreateGlobalPrivilege	4040	dwm.exe
Token: SeChangeNotifyPrivilege	4040	dwm.exe
Token: 33	4040	dwm.exe
Token: SeIncBasePriorityPrivilege	4040	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4464	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	85
PID 4952 wrote to memory of 4464	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	85
PID 4952 wrote to memory of 4536	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	86
PID 4952 wrote to memory of 4536	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	86
PID 4952 wrote to memory of 4804	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	87
PID 4952 wrote to memory of 4804	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	87
PID 4952 wrote to memory of 744	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	88
PID 4952 wrote to memory of 744	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	88
PID 4952 wrote to memory of 1460	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	89
PID 4952 wrote to memory of 1460	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	89
PID 4952 wrote to memory of 4532	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	90
PID 4952 wrote to memory of 4532	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	90
PID 4952 wrote to memory of 4012	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	91
PID 4952 wrote to memory of 4012	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	91
PID 4952 wrote to memory of 2228	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	92
PID 4952 wrote to memory of 2228	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	92
PID 4952 wrote to memory of 4624	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	93
PID 4952 wrote to memory of 4624	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	93
PID 4952 wrote to memory of 2040	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	94
PID 4952 wrote to memory of 2040	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	94
PID 4952 wrote to memory of 3708	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	95
PID 4952 wrote to memory of 3708	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	95
PID 4952 wrote to memory of 4868	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	96
PID 4952 wrote to memory of 4868	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	96
PID 4952 wrote to memory of 1380	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	97
PID 4952 wrote to memory of 1380	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	97
PID 4952 wrote to memory of 1808	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	98
PID 4952 wrote to memory of 1808	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	98
PID 4952 wrote to memory of 4488	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	99
PID 4952 wrote to memory of 4488	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	99
PID 4952 wrote to memory of 4212	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	100
PID 4952 wrote to memory of 4212	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	100
PID 4952 wrote to memory of 2728	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	101
PID 4952 wrote to memory of 2728	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	101
PID 4952 wrote to memory of 2216	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	102
PID 4952 wrote to memory of 2216	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	102
PID 4952 wrote to memory of 1624	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	103
PID 4952 wrote to memory of 1624	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	103
PID 4952 wrote to memory of 2032	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	104
PID 4952 wrote to memory of 2032	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	104
PID 4952 wrote to memory of 5012	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	105
PID 4952 wrote to memory of 5012	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	105
PID 4952 wrote to memory of 512	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	106
PID 4952 wrote to memory of 512	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	106
PID 4952 wrote to memory of 4092	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	107
PID 4952 wrote to memory of 4092	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	107
PID 4952 wrote to memory of 1928	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	108
PID 4952 wrote to memory of 1928	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	108
PID 4952 wrote to memory of 2036	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	109
PID 4952 wrote to memory of 2036	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	109
PID 4952 wrote to memory of 3648	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	110
PID 4952 wrote to memory of 3648	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	110
PID 4952 wrote to memory of 2612	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	111
PID 4952 wrote to memory of 2612	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	111
PID 4952 wrote to memory of 4964	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	112
PID 4952 wrote to memory of 4964	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	112
PID 4952 wrote to memory of 1220	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	113
PID 4952 wrote to memory of 1220	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	113
PID 4952 wrote to memory of 4700	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	114
PID 4952 wrote to memory of 4700	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	114
PID 4952 wrote to memory of 2420	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	115
PID 4952 wrote to memory of 2420	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	115
PID 4952 wrote to memory of 4876	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	116
PID 4952 wrote to memory of 4876	4952	0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0aaf955d9dbcc49c01e9abeb00c81e7a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4464
- C:\Windows\System\bpPGeTh.exe
  C:\Windows\System\bpPGeTh.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\adVclhC.exe
  C:\Windows\System\adVclhC.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\SIoGFPe.exe
  C:\Windows\System\SIoGFPe.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\TlGPnJU.exe
  C:\Windows\System\TlGPnJU.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\gnQRAgS.exe
  C:\Windows\System\gnQRAgS.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\TBeUNuC.exe
  C:\Windows\System\TBeUNuC.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\zULnbJB.exe
  C:\Windows\System\zULnbJB.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tVhhzWE.exe
  C:\Windows\System\tVhhzWE.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\SNVstWd.exe
  C:\Windows\System\SNVstWd.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\zBoSDNn.exe
  C:\Windows\System\zBoSDNn.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\tkqSZnI.exe
  C:\Windows\System\tkqSZnI.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\kJoPpxO.exe
  C:\Windows\System\kJoPpxO.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\GXQnLfk.exe
  C:\Windows\System\GXQnLfk.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\dRDbJjj.exe
  C:\Windows\System\dRDbJjj.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\OYxgOID.exe
  C:\Windows\System\OYxgOID.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\pvIgSVS.exe
  C:\Windows\System\pvIgSVS.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\umvUWkb.exe
  C:\Windows\System\umvUWkb.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\DjBYTIm.exe
  C:\Windows\System\DjBYTIm.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\hQwdKkt.exe
  C:\Windows\System\hQwdKkt.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\lzBybqy.exe
  C:\Windows\System\lzBybqy.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\PWsAxAD.exe
  C:\Windows\System\PWsAxAD.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\lddpPXq.exe
  C:\Windows\System\lddpPXq.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\OgznKJk.exe
  C:\Windows\System\OgznKJk.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\lBLnFVH.exe
  C:\Windows\System\lBLnFVH.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\tZFtnfc.exe
  C:\Windows\System\tZFtnfc.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\izerFVj.exe
  C:\Windows\System\izerFVj.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\RfLGiOR.exe
  C:\Windows\System\RfLGiOR.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\jWEqehO.exe
  C:\Windows\System\jWEqehO.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\jlMIbSE.exe
  C:\Windows\System\jlMIbSE.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\idFyPFg.exe
  C:\Windows\System\idFyPFg.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\yraliBt.exe
  C:\Windows\System\yraliBt.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\SpjrlSe.exe
  C:\Windows\System\SpjrlSe.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\yXNIFGn.exe
  C:\Windows\System\yXNIFGn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\jCANBhb.exe
  C:\Windows\System\jCANBhb.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\NMRceSx.exe
  C:\Windows\System\NMRceSx.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\INrmoDG.exe
  C:\Windows\System\INrmoDG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\XnwnXzf.exe
  C:\Windows\System\XnwnXzf.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\kYjymAz.exe
  C:\Windows\System\kYjymAz.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\vcdpuya.exe
  C:\Windows\System\vcdpuya.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\ErHxucn.exe
  C:\Windows\System\ErHxucn.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\uFJMoUE.exe
  C:\Windows\System\uFJMoUE.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\oRQbvTG.exe
  C:\Windows\System\oRQbvTG.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\johTlhC.exe
  C:\Windows\System\johTlhC.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\quPOyvO.exe
  C:\Windows\System\quPOyvO.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\UZKnRLI.exe
  C:\Windows\System\UZKnRLI.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\tRWWbfN.exe
  C:\Windows\System\tRWWbfN.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\uTGGKCD.exe
  C:\Windows\System\uTGGKCD.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\ApELmHE.exe
  C:\Windows\System\ApELmHE.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\APfARlU.exe
  C:\Windows\System\APfARlU.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\sykETZE.exe
  C:\Windows\System\sykETZE.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\BbBDgtj.exe
  C:\Windows\System\BbBDgtj.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\TCDwlrk.exe
  C:\Windows\System\TCDwlrk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\qPVxCTS.exe
  C:\Windows\System\qPVxCTS.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\RyWQwXG.exe
  C:\Windows\System\RyWQwXG.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\FOYcftX.exe
  C:\Windows\System\FOYcftX.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\cVMOIAM.exe
  C:\Windows\System\cVMOIAM.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\hOaBBRu.exe
  C:\Windows\System\hOaBBRu.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\LThCkPj.exe
  C:\Windows\System\LThCkPj.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\nDlcCwM.exe
  C:\Windows\System\nDlcCwM.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\ZdMuOXx.exe
  C:\Windows\System\ZdMuOXx.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\dhteayK.exe
  C:\Windows\System\dhteayK.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\TLjGKvo.exe
  C:\Windows\System\TLjGKvo.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\ZEwButg.exe
  C:\Windows\System\ZEwButg.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\iBIZFkk.exe
  C:\Windows\System\iBIZFkk.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\dwfechM.exe
  C:\Windows\System\dwfechM.exe
  2⤵
  PID:5136
- C:\Windows\System\dwvtyMY.exe
  C:\Windows\System\dwvtyMY.exe
  2⤵
  PID:5164
- C:\Windows\System\RJNFgFk.exe
  C:\Windows\System\RJNFgFk.exe
  2⤵
  PID:5192
- C:\Windows\System\tunpimT.exe
  C:\Windows\System\tunpimT.exe
  2⤵
  PID:5220
- C:\Windows\System\xWiruqK.exe
  C:\Windows\System\xWiruqK.exe
  2⤵
  PID:5252
- C:\Windows\System\khTPfCb.exe
  C:\Windows\System\khTPfCb.exe
  2⤵
  PID:5276
- C:\Windows\System\XZdHMfK.exe
  C:\Windows\System\XZdHMfK.exe
  2⤵
  PID:5304
- C:\Windows\System\dsmhMzA.exe
  C:\Windows\System\dsmhMzA.exe
  2⤵
  PID:5332
- C:\Windows\System\nIwELLe.exe
  C:\Windows\System\nIwELLe.exe
  2⤵
  PID:5360
- C:\Windows\System\dyfpAeh.exe
  C:\Windows\System\dyfpAeh.exe
  2⤵
  PID:5388
- C:\Windows\System\APNNURK.exe
  C:\Windows\System\APNNURK.exe
  2⤵
  PID:5416
- C:\Windows\System\yhMsdMv.exe
  C:\Windows\System\yhMsdMv.exe
  2⤵
  PID:5444
- C:\Windows\System\efgBVOL.exe
  C:\Windows\System\efgBVOL.exe
  2⤵
  PID:5472
- C:\Windows\System\UTVFygw.exe
  C:\Windows\System\UTVFygw.exe
  2⤵
  PID:5500
- C:\Windows\System\XpfvAbX.exe
  C:\Windows\System\XpfvAbX.exe
  2⤵
  PID:5528
- C:\Windows\System\wpVvyks.exe
  C:\Windows\System\wpVvyks.exe
  2⤵
  PID:5556
- C:\Windows\System\IYnJVIf.exe
  C:\Windows\System\IYnJVIf.exe
  2⤵
  PID:5584
- C:\Windows\System\LDUFtjJ.exe
  C:\Windows\System\LDUFtjJ.exe
  2⤵
  PID:5612
- C:\Windows\System\TICGsnS.exe
  C:\Windows\System\TICGsnS.exe
  2⤵
  PID:5640
- C:\Windows\System\tNDrVer.exe
  C:\Windows\System\tNDrVer.exe
  2⤵
  PID:5668
- C:\Windows\System\TpqUgty.exe
  C:\Windows\System\TpqUgty.exe
  2⤵
  PID:5696
- C:\Windows\System\zEVpCxj.exe
  C:\Windows\System\zEVpCxj.exe
  2⤵
  PID:5724
- C:\Windows\System\wghRZRi.exe
  C:\Windows\System\wghRZRi.exe
  2⤵
  PID:5756
- C:\Windows\System\OVNbbuf.exe
  C:\Windows\System\OVNbbuf.exe
  2⤵
  PID:5780
- C:\Windows\System\zsYrami.exe
  C:\Windows\System\zsYrami.exe
  2⤵
  PID:5808
- C:\Windows\System\meWnkTe.exe
  C:\Windows\System\meWnkTe.exe
  2⤵
  PID:5836
- C:\Windows\System\KEPeQBJ.exe
  C:\Windows\System\KEPeQBJ.exe
  2⤵
  PID:5864
- C:\Windows\System\TmVaQOc.exe
  C:\Windows\System\TmVaQOc.exe
  2⤵
  PID:5892
- C:\Windows\System\dGERbkV.exe
  C:\Windows\System\dGERbkV.exe
  2⤵
  PID:5920
- C:\Windows\System\WrDNlZW.exe
  C:\Windows\System\WrDNlZW.exe
  2⤵
  PID:5948
- C:\Windows\System\MHMhBll.exe
  C:\Windows\System\MHMhBll.exe
  2⤵
  PID:5976
- C:\Windows\System\hgnpFss.exe
  C:\Windows\System\hgnpFss.exe
  2⤵
  PID:6004
- C:\Windows\System\nyncDBR.exe
  C:\Windows\System\nyncDBR.exe
  2⤵
  PID:6028
- C:\Windows\System\ixlwPOp.exe
  C:\Windows\System\ixlwPOp.exe
  2⤵
  PID:6060
- C:\Windows\System\UpEABmL.exe
  C:\Windows\System\UpEABmL.exe
  2⤵
  PID:6088
- C:\Windows\System\FyFYYZX.exe
  C:\Windows\System\FyFYYZX.exe
  2⤵
  PID:6116
- C:\Windows\System\JcPckYg.exe
  C:\Windows\System\JcPckYg.exe
  2⤵
  PID:432
- C:\Windows\System\YcxgJhS.exe
  C:\Windows\System\YcxgJhS.exe
  2⤵
  PID:316
- C:\Windows\System\QquwRzH.exe
  C:\Windows\System\QquwRzH.exe
  2⤵
  PID:3520
- C:\Windows\System\kDzyIqK.exe
  C:\Windows\System\kDzyIqK.exe
  2⤵
  PID:4948
- C:\Windows\System\UWHmTbB.exe
  C:\Windows\System\UWHmTbB.exe
  2⤵
  PID:3200
- C:\Windows\System\oIHJGkp.exe
  C:\Windows\System\oIHJGkp.exe
  2⤵
  PID:4796
- C:\Windows\System\gZAWvvW.exe
  C:\Windows\System\gZAWvvW.exe
  2⤵
  PID:5184
- C:\Windows\System\hMvCIhn.exe
  C:\Windows\System\hMvCIhn.exe
  2⤵
  PID:5240
- C:\Windows\System\gxgxMfr.exe
  C:\Windows\System\gxgxMfr.exe
  2⤵
  PID:5296
- C:\Windows\System\AVThlnC.exe
  C:\Windows\System\AVThlnC.exe
  2⤵
  PID:5372
- C:\Windows\System\mMBBUZh.exe
  C:\Windows\System\mMBBUZh.exe
  2⤵
  PID:5432
- C:\Windows\System\Fqaewik.exe
  C:\Windows\System\Fqaewik.exe
  2⤵
  PID:5488
- C:\Windows\System\VZstzlG.exe
  C:\Windows\System\VZstzlG.exe
  2⤵
  PID:5548
- C:\Windows\System\MPIWyCb.exe
  C:\Windows\System\MPIWyCb.exe
  2⤵
  PID:5600
- C:\Windows\System\WEqVKeP.exe
  C:\Windows\System\WEqVKeP.exe
  2⤵
  PID:5656
- C:\Windows\System\yULZfMQ.exe
  C:\Windows\System\yULZfMQ.exe
  2⤵
  PID:1116
- C:\Windows\System\lFuwjzH.exe
  C:\Windows\System\lFuwjzH.exe
  2⤵
  PID:5796
- C:\Windows\System\RhsXjFZ.exe
  C:\Windows\System\RhsXjFZ.exe
  2⤵
  PID:5852
- C:\Windows\System\fgioYfR.exe
  C:\Windows\System\fgioYfR.exe
  2⤵
  PID:3804
- C:\Windows\System\FOcbzOX.exe
  C:\Windows\System\FOcbzOX.exe
  2⤵
  PID:5940
- C:\Windows\System\vCptqKM.exe
  C:\Windows\System\vCptqKM.exe
  2⤵
  PID:5996
- C:\Windows\System\xBppqlX.exe
  C:\Windows\System\xBppqlX.exe
  2⤵
  PID:6044
- C:\Windows\System\aiFQPXm.exe
  C:\Windows\System\aiFQPXm.exe
  2⤵
  PID:6104
- C:\Windows\System\FehHqrj.exe
  C:\Windows\System\FehHqrj.exe
  2⤵
  PID:4580
- C:\Windows\System\GmDIieB.exe
  C:\Windows\System\GmDIieB.exe
  2⤵
  PID:4340
- C:\Windows\System\cftQvFC.exe
  C:\Windows\System\cftQvFC.exe
  2⤵
  PID:2492
- C:\Windows\System\hISlkFy.exe
  C:\Windows\System\hISlkFy.exe
  2⤵
  PID:4996
- C:\Windows\System\PaVWoeX.exe
  C:\Windows\System\PaVWoeX.exe
  2⤵
  PID:5464
- C:\Windows\System\QDqyhld.exe
  C:\Windows\System\QDqyhld.exe
  2⤵
  PID:5540
- C:\Windows\System\rTaBZHV.exe
  C:\Windows\System\rTaBZHV.exe
  2⤵
  PID:2768
- C:\Windows\System\beqmrBt.exe
  C:\Windows\System\beqmrBt.exe
  2⤵
  PID:5688
- C:\Windows\System\xDuLNAy.exe
  C:\Windows\System\xDuLNAy.exe
  2⤵
  PID:5764
- C:\Windows\System\hxBGKYN.exe
  C:\Windows\System\hxBGKYN.exe
  2⤵
  PID:5880
- C:\Windows\System\fpedioo.exe
  C:\Windows\System\fpedioo.exe
  2⤵
  PID:3448
- C:\Windows\System\MIAkFCj.exe
  C:\Windows\System\MIAkFCj.exe
  2⤵
  PID:3136
- C:\Windows\System\xsQHvWS.exe
  C:\Windows\System\xsQHvWS.exe
  2⤵
  PID:996
- C:\Windows\System\tKpRUZb.exe
  C:\Windows\System\tKpRUZb.exe
  2⤵
  PID:2524
- C:\Windows\System\jUPKWGN.exe
  C:\Windows\System\jUPKWGN.exe
  2⤵
  PID:5520
- C:\Windows\System\jPRnNnA.exe
  C:\Windows\System\jPRnNnA.exe
  2⤵
  PID:1148
- C:\Windows\System\WgsKpQN.exe
  C:\Windows\System\WgsKpQN.exe
  2⤵
  PID:6152
- C:\Windows\System\KgkEQzC.exe
  C:\Windows\System\KgkEQzC.exe
  2⤵
  PID:6184
- C:\Windows\System\hFhDmvx.exe
  C:\Windows\System\hFhDmvx.exe
  2⤵
  PID:6212
- C:\Windows\System\KSwuaiM.exe
  C:\Windows\System\KSwuaiM.exe
  2⤵
  PID:6236
- C:\Windows\System\OhTQkrM.exe
  C:\Windows\System\OhTQkrM.exe
  2⤵
  PID:6264
- C:\Windows\System\jZCbQxz.exe
  C:\Windows\System\jZCbQxz.exe
  2⤵
  PID:6296
- C:\Windows\System\rEyoCqz.exe
  C:\Windows\System\rEyoCqz.exe
  2⤵
  PID:6324
- C:\Windows\System\kluojCO.exe
  C:\Windows\System\kluojCO.exe
  2⤵
  PID:6352
- C:\Windows\System\bPMNHUh.exe
  C:\Windows\System\bPMNHUh.exe
  2⤵
  PID:6376
- C:\Windows\System\zNMSAhR.exe
  C:\Windows\System\zNMSAhR.exe
  2⤵
  PID:6408
- C:\Windows\System\aWvQhHx.exe
  C:\Windows\System\aWvQhHx.exe
  2⤵
  PID:6436
- C:\Windows\System\XvGEbPx.exe
  C:\Windows\System\XvGEbPx.exe
  2⤵
  PID:6464
- C:\Windows\System\TXXlTdS.exe
  C:\Windows\System\TXXlTdS.exe
  2⤵
  PID:6488
- C:\Windows\System\eFOmtOR.exe
  C:\Windows\System\eFOmtOR.exe
  2⤵
  PID:6516
- C:\Windows\System\GqaQMFM.exe
  C:\Windows\System\GqaQMFM.exe
  2⤵
  PID:6544
- C:\Windows\System\rugETwY.exe
  C:\Windows\System\rugETwY.exe
  2⤵
  PID:6572
- C:\Windows\System\EhJeGgT.exe
  C:\Windows\System\EhJeGgT.exe
  2⤵
  PID:6604
- C:\Windows\System\RcYEodc.exe
  C:\Windows\System\RcYEodc.exe
  2⤵
  PID:6628
- C:\Windows\System\wgFRLWM.exe
  C:\Windows\System\wgFRLWM.exe
  2⤵
  PID:6656
- C:\Windows\System\PnsBIda.exe
  C:\Windows\System\PnsBIda.exe
  2⤵
  PID:6684
- C:\Windows\System\PkMRLac.exe
  C:\Windows\System\PkMRLac.exe
  2⤵
  PID:6712
- C:\Windows\System\hJbEoxA.exe
  C:\Windows\System\hJbEoxA.exe
  2⤵
  PID:6744
- C:\Windows\System\hRGYLvF.exe
  C:\Windows\System\hRGYLvF.exe
  2⤵
  PID:6768
- C:\Windows\System\SIHaOcr.exe
  C:\Windows\System\SIHaOcr.exe
  2⤵
  PID:6796
- C:\Windows\System\sGmazTZ.exe
  C:\Windows\System\sGmazTZ.exe
  2⤵
  PID:6824
- C:\Windows\System\TCGyXZM.exe
  C:\Windows\System\TCGyXZM.exe
  2⤵
  PID:6852
- C:\Windows\System\SPlKWrG.exe
  C:\Windows\System\SPlKWrG.exe
  2⤵
  PID:6928
- C:\Windows\System\vblrrId.exe
  C:\Windows\System\vblrrId.exe
  2⤵
  PID:6944
- C:\Windows\System\wDbFLXL.exe
  C:\Windows\System\wDbFLXL.exe
  2⤵
  PID:6964
- C:\Windows\System\fhTBlPm.exe
  C:\Windows\System\fhTBlPm.exe
  2⤵
  PID:6980
- C:\Windows\System\YFDKYAS.exe
  C:\Windows\System\YFDKYAS.exe
  2⤵
  PID:6996
- C:\Windows\System\trEfLJA.exe
  C:\Windows\System\trEfLJA.exe
  2⤵
  PID:7012
- C:\Windows\System\GJeetHB.exe
  C:\Windows\System\GJeetHB.exe
  2⤵
  PID:7028
- C:\Windows\System\oXfGtyQ.exe
  C:\Windows\System\oXfGtyQ.exe
  2⤵
  PID:7044
- C:\Windows\System\mAfZzAw.exe
  C:\Windows\System\mAfZzAw.exe
  2⤵
  PID:7060
- C:\Windows\System\jYbUVhQ.exe
  C:\Windows\System\jYbUVhQ.exe
  2⤵
  PID:7080
- C:\Windows\System\NREiJAG.exe
  C:\Windows\System\NREiJAG.exe
  2⤵
  PID:7096
- C:\Windows\System\Tqoiaud.exe
  C:\Windows\System\Tqoiaud.exe
  2⤵
  PID:7120
- C:\Windows\System\zcWCzyc.exe
  C:\Windows\System\zcWCzyc.exe
  2⤵
  PID:7136
- C:\Windows\System\rxDIOKy.exe
  C:\Windows\System\rxDIOKy.exe
  2⤵
  PID:7160
- C:\Windows\System\DZtqJWH.exe
  C:\Windows\System\DZtqJWH.exe
  2⤵
  PID:6076
- C:\Windows\System\DnBhaLP.exe
  C:\Windows\System\DnBhaLP.exe
  2⤵
  PID:2636
- C:\Windows\System\fnQnioF.exe
  C:\Windows\System\fnQnioF.exe
  2⤵
  PID:5460
- C:\Windows\System\nxaxUrc.exe
  C:\Windows\System\nxaxUrc.exe
  2⤵
  PID:5652
- C:\Windows\System\psMWszJ.exe
  C:\Windows\System\psMWszJ.exe
  2⤵
  PID:6172
- C:\Windows\System\QVyCPJb.exe
  C:\Windows\System\QVyCPJb.exe
  2⤵
  PID:6204
- C:\Windows\System\mDyymqX.exe
  C:\Windows\System\mDyymqX.exe
  2⤵
  PID:6228
- C:\Windows\System\xHSJxFG.exe
  C:\Windows\System\xHSJxFG.exe
  2⤵
  PID:6284
- C:\Windows\System\cbUNiPe.exe
  C:\Windows\System\cbUNiPe.exe
  2⤵
  PID:3100
- C:\Windows\System\vJmcIVw.exe
  C:\Windows\System\vJmcIVw.exe
  2⤵
  PID:3656
- C:\Windows\System\bCyifhB.exe
  C:\Windows\System\bCyifhB.exe
  2⤵
  PID:3888
- C:\Windows\System\nPwVvCB.exe
  C:\Windows\System\nPwVvCB.exe
  2⤵
  PID:4436
- C:\Windows\System\jtqlZoU.exe
  C:\Windows\System\jtqlZoU.exe
  2⤵
  PID:3496
- C:\Windows\System\pEDGPxW.exe
  C:\Windows\System\pEDGPxW.exe
  2⤵
  PID:4516
- C:\Windows\System\iAZCxlF.exe
  C:\Windows\System\iAZCxlF.exe
  2⤵
  PID:6452
- C:\Windows\System\NhslNdA.exe
  C:\Windows\System\NhslNdA.exe
  2⤵
  PID:912
- C:\Windows\System\OroBIPO.exe
  C:\Windows\System\OroBIPO.exe
  2⤵
  PID:6532
- C:\Windows\System\hulobcu.exe
  C:\Windows\System\hulobcu.exe
  2⤵
  PID:6564
- C:\Windows\System\bAngnGr.exe
  C:\Windows\System\bAngnGr.exe
  2⤵
  PID:6624
- C:\Windows\System\sbPhVGJ.exe
  C:\Windows\System\sbPhVGJ.exe
  2⤵
  PID:6672
- C:\Windows\System\cpycTlj.exe
  C:\Windows\System\cpycTlj.exe
  2⤵
  PID:6708
- C:\Windows\System\Rrpuwzt.exe
  C:\Windows\System\Rrpuwzt.exe
  2⤵
  PID:4924
- C:\Windows\System\hfrlims.exe
  C:\Windows\System\hfrlims.exe
  2⤵
  PID:2184
- C:\Windows\System\CrhbksQ.exe
  C:\Windows\System\CrhbksQ.exe
  2⤵
  PID:4216
- C:\Windows\System\cndsVdA.exe
  C:\Windows\System\cndsVdA.exe
  2⤵
  PID:228
- C:\Windows\System\qiBGqsj.exe
  C:\Windows\System\qiBGqsj.exe
  2⤵
  PID:6884
- C:\Windows\System\nSFpKLP.exe
  C:\Windows\System\nSFpKLP.exe
  2⤵
  PID:4920
- C:\Windows\System\SuvBDmZ.exe
  C:\Windows\System\SuvBDmZ.exe
  2⤵
  PID:2520
- C:\Windows\System\NemsXlU.exe
  C:\Windows\System\NemsXlU.exe
  2⤵
  PID:3852
- C:\Windows\System\xOzYCuR.exe
  C:\Windows\System\xOzYCuR.exe
  2⤵
  PID:4384
- C:\Windows\System\KKSNUbz.exe
  C:\Windows\System\KKSNUbz.exe
  2⤵
  PID:6888
- C:\Windows\System\kgWAYTc.exe
  C:\Windows\System\kgWAYTc.exe
  2⤵
  PID:7004
- C:\Windows\System\TbniFmr.exe
  C:\Windows\System\TbniFmr.exe
  2⤵
  PID:6976
- C:\Windows\System\DCmXGAq.exe
  C:\Windows\System\DCmXGAq.exe
  2⤵
  PID:7008
- C:\Windows\System\uABsIzj.exe
  C:\Windows\System\uABsIzj.exe
  2⤵
  PID:2732
- C:\Windows\System\wCxfZxE.exe
  C:\Windows\System\wCxfZxE.exe
  2⤵
  PID:6364
- C:\Windows\System\MVBZdAQ.exe
  C:\Windows\System\MVBZdAQ.exe
  2⤵
  PID:4904
- C:\Windows\System\ISXtwHI.exe
  C:\Windows\System\ISXtwHI.exe
  2⤵
  PID:3592
- C:\Windows\System\xMcsDpU.exe
  C:\Windows\System\xMcsDpU.exe
  2⤵
  PID:540
- C:\Windows\System\TJpZodZ.exe
  C:\Windows\System\TJpZodZ.exe
  2⤵
  PID:7020
- C:\Windows\System\rcXuzMO.exe
  C:\Windows\System\rcXuzMO.exe
  2⤵
  PID:2828
- C:\Windows\System\CcZRLxa.exe
  C:\Windows\System\CcZRLxa.exe
  2⤵
  PID:7220
- C:\Windows\System\UVYpFwQ.exe
  C:\Windows\System\UVYpFwQ.exe
  2⤵
  PID:7244
- C:\Windows\System\rVLVKvL.exe
  C:\Windows\System\rVLVKvL.exe
  2⤵
  PID:7268
- C:\Windows\System\mlCPyPz.exe
  C:\Windows\System\mlCPyPz.exe
  2⤵
  PID:7288
- C:\Windows\System\xKaVVyD.exe
  C:\Windows\System\xKaVVyD.exe
  2⤵
  PID:7308
- C:\Windows\System\DDTHQCA.exe
  C:\Windows\System\DDTHQCA.exe
  2⤵
  PID:7336
- C:\Windows\System\oHnmAFR.exe
  C:\Windows\System\oHnmAFR.exe
  2⤵
  PID:7364
- C:\Windows\System\UOBEdDH.exe
  C:\Windows\System\UOBEdDH.exe
  2⤵
  PID:7380
- C:\Windows\System\RqKfnlb.exe
  C:\Windows\System\RqKfnlb.exe
  2⤵
  PID:7456
- C:\Windows\System\tKAlwyq.exe
  C:\Windows\System\tKAlwyq.exe
  2⤵
  PID:7492
- C:\Windows\System\zvPdpTc.exe
  C:\Windows\System\zvPdpTc.exe
  2⤵
  PID:7512
- C:\Windows\System\DZjbIkc.exe
  C:\Windows\System\DZjbIkc.exe
  2⤵
  PID:7628
- C:\Windows\System\vDaoElN.exe
  C:\Windows\System\vDaoElN.exe
  2⤵
  PID:7656
- C:\Windows\System\bGzwyLu.exe
  C:\Windows\System\bGzwyLu.exe
  2⤵
  PID:7684
- C:\Windows\System\irciAtm.exe
  C:\Windows\System\irciAtm.exe
  2⤵
  PID:7704
- C:\Windows\System\YhfyfvA.exe
  C:\Windows\System\YhfyfvA.exe
  2⤵
  PID:7744
- C:\Windows\System\HRehHQF.exe
  C:\Windows\System\HRehHQF.exe
  2⤵
  PID:7764
- C:\Windows\System\pOqtlOX.exe
  C:\Windows\System\pOqtlOX.exe
  2⤵
  PID:7796
- C:\Windows\System\ivvHnGL.exe
  C:\Windows\System\ivvHnGL.exe
  2⤵
  PID:7816
- C:\Windows\System\FonZjSK.exe
  C:\Windows\System\FonZjSK.exe
  2⤵
  PID:7836
- C:\Windows\System\MqawkNZ.exe
  C:\Windows\System\MqawkNZ.exe
  2⤵
  PID:7860
- C:\Windows\System\ezXBKpo.exe
  C:\Windows\System\ezXBKpo.exe
  2⤵
  PID:7876
- C:\Windows\System\ocyxYxb.exe
  C:\Windows\System\ocyxYxb.exe
  2⤵
  PID:7904
- C:\Windows\System\VdaLvFs.exe
  C:\Windows\System\VdaLvFs.exe
  2⤵
  PID:7952
- C:\Windows\System\cHQgzZK.exe
  C:\Windows\System\cHQgzZK.exe
  2⤵
  PID:7992
- C:\Windows\System\zoSHMsO.exe
  C:\Windows\System\zoSHMsO.exe
  2⤵
  PID:8008
- C:\Windows\System\BxUaoUU.exe
  C:\Windows\System\BxUaoUU.exe
  2⤵
  PID:8032
- C:\Windows\System\uyNTePO.exe
  C:\Windows\System\uyNTePO.exe
  2⤵
  PID:8052
- C:\Windows\System\mHWTDVe.exe
  C:\Windows\System\mHWTDVe.exe
  2⤵
  PID:8080
- C:\Windows\System\zfnUTWE.exe
  C:\Windows\System\zfnUTWE.exe
  2⤵
  PID:8104
- C:\Windows\System\vIAVhOB.exe
  C:\Windows\System\vIAVhOB.exe
  2⤵
  PID:8124
- C:\Windows\System\rPegZZW.exe
  C:\Windows\System\rPegZZW.exe
  2⤵
  PID:8156
- C:\Windows\System\DdJnAKZ.exe
  C:\Windows\System\DdJnAKZ.exe
  2⤵
  PID:8180
- C:\Windows\System\bYpgSGw.exe
  C:\Windows\System\bYpgSGw.exe
  2⤵
  PID:6372
- C:\Windows\System\PRoFhBA.exe
  C:\Windows\System\PRoFhBA.exe
  2⤵
  PID:4684
- C:\Windows\System\PdoSHgd.exe
  C:\Windows\System\PdoSHgd.exe
  2⤵
  PID:5992
- C:\Windows\System\kdTHUXg.exe
  C:\Windows\System\kdTHUXg.exe
  2⤵
  PID:6704
- C:\Windows\System\TWlioKz.exe
  C:\Windows\System\TWlioKz.exe
  2⤵
  PID:2204
- C:\Windows\System\eZmKMkm.exe
  C:\Windows\System\eZmKMkm.exe
  2⤵
  PID:7396
- C:\Windows\System\NKwfSDj.exe
  C:\Windows\System\NKwfSDj.exe
  2⤵
  PID:7344
- C:\Windows\System\QVFgqQK.exe
  C:\Windows\System\QVFgqQK.exe
  2⤵
  PID:7488
- C:\Windows\System\dFMLRyV.exe
  C:\Windows\System\dFMLRyV.exe
  2⤵
  PID:7432
- C:\Windows\System\cYsVZDY.exe
  C:\Windows\System\cYsVZDY.exe
  2⤵
  PID:7504
- C:\Windows\System\TTBKFrG.exe
  C:\Windows\System\TTBKFrG.exe
  2⤵
  PID:7664
- C:\Windows\System\qbkioHc.exe
  C:\Windows\System\qbkioHc.exe
  2⤵
  PID:7692
- C:\Windows\System\KrveUNR.exe
  C:\Windows\System\KrveUNR.exe
  2⤵
  PID:7788
- C:\Windows\System\cpydcUK.exe
  C:\Windows\System\cpydcUK.exe
  2⤵
  PID:7828
- C:\Windows\System\HRmecbP.exe
  C:\Windows\System\HRmecbP.exe
  2⤵
  PID:7900
- C:\Windows\System\tRfGVXS.exe
  C:\Windows\System\tRfGVXS.exe
  2⤵
  PID:7968
- C:\Windows\System\bWqnpEG.exe
  C:\Windows\System\bWqnpEG.exe
  2⤵
  PID:8024
- C:\Windows\System\YhIQIkm.exe
  C:\Windows\System\YhIQIkm.exe
  2⤵
  PID:8060
- C:\Windows\System\Sclpwfq.exe
  C:\Windows\System\Sclpwfq.exe
  2⤵
  PID:8120
- C:\Windows\System\Eximsdq.exe
  C:\Windows\System\Eximsdq.exe
  2⤵
  PID:6816
- C:\Windows\System\phKFvcu.exe
  C:\Windows\System\phKFvcu.exe
  2⤵
  PID:7236
- C:\Windows\System\drSfvsg.exe
  C:\Windows\System\drSfvsg.exe
  2⤵
  PID:7280
- C:\Windows\System\srRzCSi.exe
  C:\Windows\System\srRzCSi.exe
  2⤵
  PID:7452
- C:\Windows\System\GlqltGq.exe
  C:\Windows\System\GlqltGq.exe
  2⤵
  PID:7540
- C:\Windows\System\xwsDisC.exe
  C:\Windows\System\xwsDisC.exe
  2⤵
  PID:7736
- C:\Windows\System\yjLmrVU.exe
  C:\Windows\System\yjLmrVU.exe
  2⤵
  PID:7896
- C:\Windows\System\UMgHsGw.exe
  C:\Windows\System\UMgHsGw.exe
  2⤵
  PID:8000
- C:\Windows\System\baigyNn.exe
  C:\Windows\System\baigyNn.exe
  2⤵
  PID:6988
- C:\Windows\System\IORWToT.exe
  C:\Windows\System\IORWToT.exe
  2⤵
  PID:7372
- C:\Windows\System\ftXEniW.exe
  C:\Windows\System\ftXEniW.exe
  2⤵
  PID:7844
- C:\Windows\System\gJASoQe.exe
  C:\Windows\System\gJASoQe.exe
  2⤵
  PID:8188
- C:\Windows\System\SYfBvpK.exe
  C:\Windows\System\SYfBvpK.exe
  2⤵
  PID:7548
- C:\Windows\System\txfpLbf.exe
  C:\Windows\System\txfpLbf.exe
  2⤵
  PID:8144
- C:\Windows\System\WjYFIux.exe
  C:\Windows\System\WjYFIux.exe
  2⤵
  PID:8216
- C:\Windows\System\nYRDQzB.exe
  C:\Windows\System\nYRDQzB.exe
  2⤵
  PID:8236
- C:\Windows\System\eaLBaQH.exe
  C:\Windows\System\eaLBaQH.exe
  2⤵
  PID:8260
- C:\Windows\System\ghZETJS.exe
  C:\Windows\System\ghZETJS.exe
  2⤵
  PID:8280
- C:\Windows\System\ZUYQJpf.exe
  C:\Windows\System\ZUYQJpf.exe
  2⤵
  PID:8296
- C:\Windows\System\RIuvrcW.exe
  C:\Windows\System\RIuvrcW.exe
  2⤵
  PID:8328
- C:\Windows\System\SeqOlgw.exe
  C:\Windows\System\SeqOlgw.exe
  2⤵
  PID:8364
- C:\Windows\System\BXmkJKY.exe
  C:\Windows\System\BXmkJKY.exe
  2⤵
  PID:8384
- C:\Windows\System\dLXIXnz.exe
  C:\Windows\System\dLXIXnz.exe
  2⤵
  PID:8428
- C:\Windows\System\yktSvsS.exe
  C:\Windows\System\yktSvsS.exe
  2⤵
  PID:8480
- C:\Windows\System\iJwOCvT.exe
  C:\Windows\System\iJwOCvT.exe
  2⤵
  PID:8504
- C:\Windows\System\GBUsTiR.exe
  C:\Windows\System\GBUsTiR.exe
  2⤵
  PID:8520
- C:\Windows\System\GzFHPcJ.exe
  C:\Windows\System\GzFHPcJ.exe
  2⤵
  PID:8560
- C:\Windows\System\IpfKQLv.exe
  C:\Windows\System\IpfKQLv.exe
  2⤵
  PID:8580
- C:\Windows\System\SpGWzFI.exe
  C:\Windows\System\SpGWzFI.exe
  2⤵
  PID:8600
- C:\Windows\System\akXNaia.exe
  C:\Windows\System\akXNaia.exe
  2⤵
  PID:8636
- C:\Windows\System\zuOvrAn.exe
  C:\Windows\System\zuOvrAn.exe
  2⤵
  PID:8688
- C:\Windows\System\NVLROnm.exe
  C:\Windows\System\NVLROnm.exe
  2⤵
  PID:8712
- C:\Windows\System\ZVziOIx.exe
  C:\Windows\System\ZVziOIx.exe
  2⤵
  PID:8728
- C:\Windows\System\VWiJWwy.exe
  C:\Windows\System\VWiJWwy.exe
  2⤵
  PID:8772
- C:\Windows\System\sYtdUfj.exe
  C:\Windows\System\sYtdUfj.exe
  2⤵
  PID:8792
- C:\Windows\System\hdtdAxp.exe
  C:\Windows\System\hdtdAxp.exe
  2⤵
  PID:8820
- C:\Windows\System\NMkhtrD.exe
  C:\Windows\System\NMkhtrD.exe
  2⤵
  PID:8860
- C:\Windows\System\AwfCCer.exe
  C:\Windows\System\AwfCCer.exe
  2⤵
  PID:8884
- C:\Windows\System\IgZjruY.exe
  C:\Windows\System\IgZjruY.exe
  2⤵
  PID:8904
- C:\Windows\System\KXmeiHh.exe
  C:\Windows\System\KXmeiHh.exe
  2⤵
  PID:8932
- C:\Windows\System\qtsPPme.exe
  C:\Windows\System\qtsPPme.exe
  2⤵
  PID:8968
- C:\Windows\System\QNqNWht.exe
  C:\Windows\System\QNqNWht.exe
  2⤵
  PID:8988
- C:\Windows\System\lTeKaWX.exe
  C:\Windows\System\lTeKaWX.exe
  2⤵
  PID:9016
- C:\Windows\System\ZqOqcUn.exe
  C:\Windows\System\ZqOqcUn.exe
  2⤵
  PID:9044
- C:\Windows\System\fNVfRbM.exe
  C:\Windows\System\fNVfRbM.exe
  2⤵
  PID:9072
- C:\Windows\System\ZyHeGvl.exe
  C:\Windows\System\ZyHeGvl.exe
  2⤵
  PID:9100
- C:\Windows\System\AmjJPYl.exe
  C:\Windows\System\AmjJPYl.exe
  2⤵
  PID:9116
- C:\Windows\System\SaTdHQY.exe
  C:\Windows\System\SaTdHQY.exe
  2⤵
  PID:9140
- C:\Windows\System\ENiHcOe.exe
  C:\Windows\System\ENiHcOe.exe
  2⤵
  PID:9160
- C:\Windows\System\lpZIfuk.exe
  C:\Windows\System\lpZIfuk.exe
  2⤵
  PID:9180
- C:\Windows\System\rbdhNSb.exe
  C:\Windows\System\rbdhNSb.exe
  2⤵
  PID:8256
- C:\Windows\System\hQTyEJI.exe
  C:\Windows\System\hQTyEJI.exe
  2⤵
  PID:8272
- C:\Windows\System\DcyCfOJ.exe
  C:\Windows\System\DcyCfOJ.exe
  2⤵
  PID:8336
- C:\Windows\System\tWSplWN.exe
  C:\Windows\System\tWSplWN.exe
  2⤵
  PID:8460
- C:\Windows\System\blMCgNU.exe
  C:\Windows\System\blMCgNU.exe
  2⤵
  PID:3760
- C:\Windows\System\uaJLMNs.exe
  C:\Windows\System\uaJLMNs.exe
  2⤵
  PID:8512
- C:\Windows\System\lOBbcdv.exe
  C:\Windows\System\lOBbcdv.exe
  2⤵
  PID:8648
- C:\Windows\System\vBFuvmh.exe
  C:\Windows\System\vBFuvmh.exe
  2⤵
  PID:8696
- C:\Windows\System\uUfaOrH.exe
  C:\Windows\System\uUfaOrH.exe
  2⤵
  PID:8720
- C:\Windows\System\QxVpuPe.exe
  C:\Windows\System\QxVpuPe.exe
  2⤵
  PID:8784
- C:\Windows\System\IBxEVml.exe
  C:\Windows\System\IBxEVml.exe
  2⤵
  PID:8880
- C:\Windows\System\FFrNUGh.exe
  C:\Windows\System\FFrNUGh.exe
  2⤵
  PID:8896
- C:\Windows\System\DrVrFnp.exe
  C:\Windows\System\DrVrFnp.exe
  2⤵
  PID:8964
- C:\Windows\System\oTNRyLy.exe
  C:\Windows\System\oTNRyLy.exe
  2⤵
  PID:9008
- C:\Windows\System\IcFvlpd.exe
  C:\Windows\System\IcFvlpd.exe
  2⤵
  PID:9084
- C:\Windows\System\XKvikgM.exe
  C:\Windows\System\XKvikgM.exe
  2⤵
  PID:9176
- C:\Windows\System\tvEoPEI.exe
  C:\Windows\System\tvEoPEI.exe
  2⤵
  PID:8212
- C:\Windows\System\rSyFPuR.exe
  C:\Windows\System\rSyFPuR.exe
  2⤵
  PID:8392
- C:\Windows\System\lQyGuEo.exe
  C:\Windows\System\lQyGuEo.exe
  2⤵
  PID:8676
- C:\Windows\System\FUbvgOy.exe
  C:\Windows\System\FUbvgOy.exe
  2⤵
  PID:8812
- C:\Windows\System\KAHdkJd.exe
  C:\Windows\System\KAHdkJd.exe
  2⤵
  PID:8856
- C:\Windows\System\rFMHFru.exe
  C:\Windows\System\rFMHFru.exe
  2⤵
  PID:8912
- C:\Windows\System\fsEybts.exe
  C:\Windows\System\fsEybts.exe
  2⤵
  PID:9172
- C:\Windows\System\neYOALp.exe
  C:\Windows\System\neYOALp.exe
  2⤵
  PID:9136
- C:\Windows\System\bWKQPed.exe
  C:\Windows\System\bWKQPed.exe
  2⤵
  PID:8752
- C:\Windows\System\KacaNyD.exe
  C:\Windows\System\KacaNyD.exe
  2⤵
  PID:8472
- C:\Windows\System\CdRKxLF.exe
  C:\Windows\System\CdRKxLF.exe
  2⤵
  PID:9224
- C:\Windows\System\QnodczM.exe
  C:\Windows\System\QnodczM.exe
  2⤵
  PID:9252
- C:\Windows\System\doIWVOb.exe
  C:\Windows\System\doIWVOb.exe
  2⤵
  PID:9272
- C:\Windows\System\VPYReGd.exe
  C:\Windows\System\VPYReGd.exe
  2⤵
  PID:9300
- C:\Windows\System\RqbOPDI.exe
  C:\Windows\System\RqbOPDI.exe
  2⤵
  PID:9328
- C:\Windows\System\idYXQuS.exe
  C:\Windows\System\idYXQuS.exe
  2⤵
  PID:9372
- C:\Windows\System\qSCtWVr.exe
  C:\Windows\System\qSCtWVr.exe
  2⤵
  PID:9396
- C:\Windows\System\QCHdxyK.exe
  C:\Windows\System\QCHdxyK.exe
  2⤵
  PID:9416
- C:\Windows\System\LoMLAWo.exe
  C:\Windows\System\LoMLAWo.exe
  2⤵
  PID:9452
- C:\Windows\System\EPWLOjV.exe
  C:\Windows\System\EPWLOjV.exe
  2⤵
  PID:9480
- C:\Windows\System\wFGYsvL.exe
  C:\Windows\System\wFGYsvL.exe
  2⤵
  PID:9504
- C:\Windows\System\csvEPOY.exe
  C:\Windows\System\csvEPOY.exe
  2⤵
  PID:9524
- C:\Windows\System\GptxffX.exe
  C:\Windows\System\GptxffX.exe
  2⤵
  PID:9540
- C:\Windows\System\YduHVze.exe
  C:\Windows\System\YduHVze.exe
  2⤵
  PID:9560
- C:\Windows\System\RxreAfA.exe
  C:\Windows\System\RxreAfA.exe
  2⤵
  PID:9592
- C:\Windows\System\KLhKMpf.exe
  C:\Windows\System\KLhKMpf.exe
  2⤵
  PID:9608
- C:\Windows\System\RlHNoBl.exe
  C:\Windows\System\RlHNoBl.exe
  2⤵
  PID:9632
- C:\Windows\System\QAvRXjp.exe
  C:\Windows\System\QAvRXjp.exe
  2⤵
  PID:9652
- C:\Windows\System\VHgiAkw.exe
  C:\Windows\System\VHgiAkw.exe
  2⤵
  PID:9684
- C:\Windows\System\MjzMALQ.exe
  C:\Windows\System\MjzMALQ.exe
  2⤵
  PID:9728
- C:\Windows\System\VrrvzBq.exe
  C:\Windows\System\VrrvzBq.exe
  2⤵
  PID:9780
- C:\Windows\System\XXVvAhX.exe
  C:\Windows\System\XXVvAhX.exe
  2⤵
  PID:9816
- C:\Windows\System\IJgTRZi.exe
  C:\Windows\System\IJgTRZi.exe
  2⤵
  PID:9836
- C:\Windows\System\HTDycSb.exe
  C:\Windows\System\HTDycSb.exe
  2⤵
  PID:9864
- C:\Windows\System\ieoxNkC.exe
  C:\Windows\System\ieoxNkC.exe
  2⤵
  PID:9888
- C:\Windows\System\LnPSkEx.exe
  C:\Windows\System\LnPSkEx.exe
  2⤵
  PID:9908
- C:\Windows\System\wGlkipp.exe
  C:\Windows\System\wGlkipp.exe
  2⤵
  PID:9928
- C:\Windows\System\BQVPkRf.exe
  C:\Windows\System\BQVPkRf.exe
  2⤵
  PID:9964
- C:\Windows\System\TZWkLzz.exe
  C:\Windows\System\TZWkLzz.exe
  2⤵
  PID:10004
- C:\Windows\System\NjcsKLM.exe
  C:\Windows\System\NjcsKLM.exe
  2⤵
  PID:10028
- C:\Windows\System\evhWBeb.exe
  C:\Windows\System\evhWBeb.exe
  2⤵
  PID:10060
- C:\Windows\System\ssJYeQM.exe
  C:\Windows\System\ssJYeQM.exe
  2⤵
  PID:10088
- C:\Windows\System\GPGyoTX.exe
  C:\Windows\System\GPGyoTX.exe
  2⤵
  PID:10108
- C:\Windows\System\RmjwgWN.exe
  C:\Windows\System\RmjwgWN.exe
  2⤵
  PID:10136
- C:\Windows\System\LPQWARJ.exe
  C:\Windows\System\LPQWARJ.exe
  2⤵
  PID:10152
- C:\Windows\System\GcfDBud.exe
  C:\Windows\System\GcfDBud.exe
  2⤵
  PID:10180
- C:\Windows\System\OcrgJRd.exe
  C:\Windows\System\OcrgJRd.exe
  2⤵
  PID:10200
- C:\Windows\System\eZasxxk.exe
  C:\Windows\System\eZasxxk.exe
  2⤵
  PID:10232
- C:\Windows\System\EFVPMHq.exe
  C:\Windows\System\EFVPMHq.exe
  2⤵
  PID:9248
- C:\Windows\System\PuNYGXe.exe
  C:\Windows\System\PuNYGXe.exe
  2⤵
  PID:7944
- C:\Windows\System\KIfmdkq.exe
  C:\Windows\System\KIfmdkq.exe
  2⤵
  PID:9344
- C:\Windows\System\KeAgCsx.exe
  C:\Windows\System\KeAgCsx.exe
  2⤵
  PID:9364
- C:\Windows\System\fFOwrdM.exe
  C:\Windows\System\fFOwrdM.exe
  2⤵
  PID:9436
- C:\Windows\System\lnRqlpp.exe
  C:\Windows\System\lnRqlpp.exe
  2⤵
  PID:9472
- C:\Windows\System\iMZMoPL.exe
  C:\Windows\System\iMZMoPL.exe
  2⤵
  PID:9536
- C:\Windows\System\jHnHQbs.exe
  C:\Windows\System\jHnHQbs.exe
  2⤵
  PID:9600
- C:\Windows\System\jMJMFRn.exe
  C:\Windows\System\jMJMFRn.exe
  2⤵
  PID:9640
- C:\Windows\System\aprvNnq.exe
  C:\Windows\System\aprvNnq.exe
  2⤵
  PID:9808
- C:\Windows\System\CSkcnku.exe
  C:\Windows\System\CSkcnku.exe
  2⤵
  PID:9876
- C:\Windows\System\wXCbjhB.exe
  C:\Windows\System\wXCbjhB.exe
  2⤵
  PID:9920
- C:\Windows\System\lgwTBzA.exe
  C:\Windows\System\lgwTBzA.exe
  2⤵
  PID:9980
- C:\Windows\System\xkJHeqB.exe
  C:\Windows\System\xkJHeqB.exe
  2⤵
  PID:9976
- C:\Windows\System\yKWdCik.exe
  C:\Windows\System\yKWdCik.exe
  2⤵
  PID:10068
- C:\Windows\System\xPkyfnM.exe
  C:\Windows\System\xPkyfnM.exe
  2⤵
  PID:10104
- C:\Windows\System\ZhWDJnd.exe
  C:\Windows\System\ZhWDJnd.exe
  2⤵
  PID:9240
- C:\Windows\System\AEFuMot.exe
  C:\Windows\System\AEFuMot.exe
  2⤵
  PID:9388
- C:\Windows\System\IdWclst.exe
  C:\Windows\System\IdWclst.exe
  2⤵
  PID:9468
- C:\Windows\System\qPsHpVO.exe
  C:\Windows\System\qPsHpVO.exe
  2⤵
  PID:9740
- C:\Windows\System\LgSAxPW.exe
  C:\Windows\System\LgSAxPW.exe
  2⤵
  PID:9832
- C:\Windows\System\vDECzvQ.exe
  C:\Windows\System\vDECzvQ.exe
  2⤵
  PID:9616
- C:\Windows\System\BatCldx.exe
  C:\Windows\System\BatCldx.exe
  2⤵
  PID:10276
- C:\Windows\System\hLPMEBx.exe
  C:\Windows\System\hLPMEBx.exe
  2⤵
  PID:10344
- C:\Windows\System\mlRPpFm.exe
  C:\Windows\System\mlRPpFm.exe
  2⤵
  PID:10364
- C:\Windows\System\COeHlEZ.exe
  C:\Windows\System\COeHlEZ.exe
  2⤵
  PID:10380
- C:\Windows\System\dEoiJlC.exe
  C:\Windows\System\dEoiJlC.exe
  2⤵
  PID:10396
- C:\Windows\System\YNEtopl.exe
  C:\Windows\System\YNEtopl.exe
  2⤵
  PID:10412
- C:\Windows\System\bsPuyHe.exe
  C:\Windows\System\bsPuyHe.exe
  2⤵
  PID:10432
- C:\Windows\System\OcTajYE.exe
  C:\Windows\System\OcTajYE.exe
  2⤵
  PID:10456
- C:\Windows\System\aUlLvIZ.exe
  C:\Windows\System\aUlLvIZ.exe
  2⤵
  PID:10488
- C:\Windows\System\bpIsWPl.exe
  C:\Windows\System\bpIsWPl.exe
  2⤵
  PID:10520
- C:\Windows\System\WkcfdDd.exe
  C:\Windows\System\WkcfdDd.exe
  2⤵
  PID:10544
- C:\Windows\System\tbegHBu.exe
  C:\Windows\System\tbegHBu.exe
  2⤵
  PID:10612
- C:\Windows\System\QjZGRXH.exe
  C:\Windows\System\QjZGRXH.exe
  2⤵
  PID:10640
- C:\Windows\System\UnleWJk.exe
  C:\Windows\System\UnleWJk.exe
  2⤵
  PID:10688
- C:\Windows\System\FnsTxFr.exe
  C:\Windows\System\FnsTxFr.exe
  2⤵
  PID:10708
- C:\Windows\System\XJxURkT.exe
  C:\Windows\System\XJxURkT.exe
  2⤵
  PID:10736
- C:\Windows\System\TVgwZoL.exe
  C:\Windows\System\TVgwZoL.exe
  2⤵
  PID:10756
- C:\Windows\System\eeojwXW.exe
  C:\Windows\System\eeojwXW.exe
  2⤵
  PID:10788
- C:\Windows\System\RHVzyZh.exe
  C:\Windows\System\RHVzyZh.exe
  2⤵
  PID:10808
- C:\Windows\System\hwyjAEE.exe
  C:\Windows\System\hwyjAEE.exe
  2⤵
  PID:10856
- C:\Windows\System\frUmjdW.exe
  C:\Windows\System\frUmjdW.exe
  2⤵
  PID:10896
- C:\Windows\System\UoZKIsx.exe
  C:\Windows\System\UoZKIsx.exe
  2⤵
  PID:10924
- C:\Windows\System\NgAhEch.exe
  C:\Windows\System\NgAhEch.exe
  2⤵
  PID:10944
- C:\Windows\System\faktGKY.exe
  C:\Windows\System\faktGKY.exe
  2⤵
  PID:10968
- C:\Windows\System\ysVlAan.exe
  C:\Windows\System\ysVlAan.exe
  2⤵
  PID:10984
- C:\Windows\System\pFEkYyi.exe
  C:\Windows\System\pFEkYyi.exe
  2⤵
  PID:11024
- C:\Windows\System\rvYTDFj.exe
  C:\Windows\System\rvYTDFj.exe
  2⤵
  PID:11056
- C:\Windows\System\OxwsdcB.exe
  C:\Windows\System\OxwsdcB.exe
  2⤵
  PID:11072
- C:\Windows\System\PBxHiYt.exe
  C:\Windows\System\PBxHiYt.exe
  2⤵
  PID:11092
- C:\Windows\System\rGCGxUs.exe
  C:\Windows\System\rGCGxUs.exe
  2⤵
  PID:11124
- C:\Windows\System\bMDtBaz.exe
  C:\Windows\System\bMDtBaz.exe
  2⤵
  PID:11148
- C:\Windows\System\AKPXvbQ.exe
  C:\Windows\System\AKPXvbQ.exe
  2⤵
  PID:11192
- C:\Windows\System\SRlemDc.exe
  C:\Windows\System\SRlemDc.exe
  2⤵
  PID:11216
- C:\Windows\System\pGYVMkS.exe
  C:\Windows\System\pGYVMkS.exe
  2⤵
  PID:11236
- C:\Windows\System\jgdMmEG.exe
  C:\Windows\System\jgdMmEG.exe
  2⤵
  PID:11256
- C:\Windows\System\ZKPvoqJ.exe
  C:\Windows\System\ZKPvoqJ.exe
  2⤵
  PID:10244
- C:\Windows\System\mmniMHc.exe
  C:\Windows\System\mmniMHc.exe
  2⤵
  PID:10328
- C:\Windows\System\ihCyraL.exe
  C:\Windows\System\ihCyraL.exe
  2⤵
  PID:10020
- C:\Windows\System\LCYGBqf.exe
  C:\Windows\System\LCYGBqf.exe
  2⤵
  PID:9624
- C:\Windows\System\MfzuocB.exe
  C:\Windows\System\MfzuocB.exe
  2⤵
  PID:10272
- C:\Windows\System\pCfVYeN.exe
  C:\Windows\System\pCfVYeN.exe
  2⤵
  PID:10304
- C:\Windows\System\rGYSoYW.exe
  C:\Windows\System\rGYSoYW.exe
  2⤵
  PID:10376
- C:\Windows\System\BMBKYvE.exe
  C:\Windows\System\BMBKYvE.exe
  2⤵
  PID:10468
- C:\Windows\System\nmRzPvt.exe
  C:\Windows\System\nmRzPvt.exe
  2⤵
  PID:10552
- C:\Windows\System\sCWodpu.exe
  C:\Windows\System\sCWodpu.exe
  2⤵
  PID:10576
- C:\Windows\System\lZcDaPK.exe
  C:\Windows\System\lZcDaPK.exe
  2⤵
  PID:10632
- C:\Windows\System\pxUhyFd.exe
  C:\Windows\System\pxUhyFd.exe
  2⤵
  PID:10704
- C:\Windows\System\TkinggA.exe
  C:\Windows\System\TkinggA.exe
  2⤵
  PID:10700
- C:\Windows\System\pdTajqf.exe
  C:\Windows\System\pdTajqf.exe
  2⤵
  PID:10848
- C:\Windows\System\fDNTmXN.exe
  C:\Windows\System\fDNTmXN.exe
  2⤵
  PID:10852
- C:\Windows\System\JCkAiiS.exe
  C:\Windows\System\JCkAiiS.exe
  2⤵
  PID:10952
- C:\Windows\System\CAbuLtL.exe
  C:\Windows\System\CAbuLtL.exe
  2⤵
  PID:10940
- C:\Windows\System\wUzaTNx.exe
  C:\Windows\System\wUzaTNx.exe
  2⤵
  PID:11080
- C:\Windows\System\IkIRKtS.exe
  C:\Windows\System\IkIRKtS.exe
  2⤵
  PID:11032
- C:\Windows\System\PsOuFkr.exe
  C:\Windows\System\PsOuFkr.exe
  2⤵
  PID:9860
- C:\Windows\System\qtDLkVT.exe
  C:\Windows\System\qtDLkVT.exe
  2⤵
  PID:9412
- C:\Windows\System\ifNzvdw.exe
  C:\Windows\System\ifNzvdw.exe
  2⤵
  PID:10296
- C:\Windows\System\TRyfkpX.exe
  C:\Windows\System\TRyfkpX.exe
  2⤵
  PID:10356
- C:\Windows\System\sPYQsNC.exe
  C:\Windows\System\sPYQsNC.exe
  2⤵
  PID:10604
- C:\Windows\System\qVTEwDW.exe
  C:\Windows\System\qVTEwDW.exe
  2⤵
  PID:10672
- C:\Windows\System\mnUxBUR.exe
  C:\Windows\System\mnUxBUR.exe
  2⤵
  PID:10872
- C:\Windows\System\VkYPyln.exe
  C:\Windows\System\VkYPyln.exe
  2⤵
  PID:11184
- C:\Windows\System\TPMDeCU.exe
  C:\Windows\System\TPMDeCU.exe
  2⤵
  PID:10336
- C:\Windows\System\ZZpGrGg.exe
  C:\Windows\System\ZZpGrGg.exe
  2⤵
  PID:10452
- C:\Windows\System\hQghOzC.exe
  C:\Windows\System\hQghOzC.exe
  2⤵
  PID:10804
- C:\Windows\System\TVLQNyk.exe
  C:\Windows\System\TVLQNyk.exe
  2⤵
  PID:10076
- C:\Windows\System\pMtUMDy.exe
  C:\Windows\System\pMtUMDy.exe
  2⤵
  PID:10320
- C:\Windows\System\AEfXBoL.exe
  C:\Windows\System\AEfXBoL.exe
  2⤵
  PID:10312
- C:\Windows\System\Incjupz.exe
  C:\Windows\System\Incjupz.exe
  2⤵
  PID:11288
- C:\Windows\System\zeamhHz.exe
  C:\Windows\System\zeamhHz.exe
  2⤵
  PID:11308
- C:\Windows\System\qvwPLCq.exe
  C:\Windows\System\qvwPLCq.exe
  2⤵
  PID:11356
- C:\Windows\System\WlUotOF.exe
  C:\Windows\System\WlUotOF.exe
  2⤵
  PID:11380
- C:\Windows\System\AifIKJj.exe
  C:\Windows\System\AifIKJj.exe
  2⤵
  PID:11440
- C:\Windows\System\bDELqfT.exe
  C:\Windows\System\bDELqfT.exe
  2⤵
  PID:11464
- C:\Windows\System\jUmwqZC.exe
  C:\Windows\System\jUmwqZC.exe
  2⤵
  PID:11480
- C:\Windows\System\MbvTAVP.exe
  C:\Windows\System\MbvTAVP.exe
  2⤵
  PID:11500
- C:\Windows\System\ArwvIgo.exe
  C:\Windows\System\ArwvIgo.exe
  2⤵
  PID:11528
- C:\Windows\System\ZqyReZD.exe
  C:\Windows\System\ZqyReZD.exe
  2⤵
  PID:11548
- C:\Windows\System\fnFKpVA.exe
  C:\Windows\System\fnFKpVA.exe
  2⤵
  PID:11572
- C:\Windows\System\IbQWRJq.exe
  C:\Windows\System\IbQWRJq.exe
  2⤵
  PID:11592
- C:\Windows\System\KcSQNqE.exe
  C:\Windows\System\KcSQNqE.exe
  2⤵
  PID:11632
- C:\Windows\System\UQbWOLZ.exe
  C:\Windows\System\UQbWOLZ.exe
  2⤵
  PID:11660
- C:\Windows\System\jHozyud.exe
  C:\Windows\System\jHozyud.exe
  2⤵
  PID:11704
- C:\Windows\System\Oxebogh.exe
  C:\Windows\System\Oxebogh.exe
  2⤵
  PID:11728
- C:\Windows\System\tKWhkDM.exe
  C:\Windows\System\tKWhkDM.exe
  2⤵
  PID:11752
- C:\Windows\System\JLeOMjC.exe
  C:\Windows\System\JLeOMjC.exe
  2⤵
  PID:11772
- C:\Windows\System\TkHhLmf.exe
  C:\Windows\System\TkHhLmf.exe
  2⤵
  PID:11796
- C:\Windows\System\ZCZEfcP.exe
  C:\Windows\System\ZCZEfcP.exe
  2⤵
  PID:11816
- C:\Windows\System\INmrAdN.exe
  C:\Windows\System\INmrAdN.exe
  2⤵
  PID:11840
- C:\Windows\System\WkZzpGp.exe
  C:\Windows\System\WkZzpGp.exe
  2⤵
  PID:11880
- C:\Windows\System\GepNINP.exe
  C:\Windows\System\GepNINP.exe
  2⤵
  PID:11916
- C:\Windows\System\LuPSdEo.exe
  C:\Windows\System\LuPSdEo.exe
  2⤵
  PID:11964
- C:\Windows\System\raXzGXW.exe
  C:\Windows\System\raXzGXW.exe
  2⤵
  PID:11984
- C:\Windows\System\NXnjGFr.exe
  C:\Windows\System\NXnjGFr.exe
  2⤵
  PID:12012
- C:\Windows\System\TAIvHLV.exe
  C:\Windows\System\TAIvHLV.exe
  2⤵
  PID:12044
- C:\Windows\System\nRnockb.exe
  C:\Windows\System\nRnockb.exe
  2⤵
  PID:12076
- C:\Windows\System\bjkfsPa.exe
  C:\Windows\System\bjkfsPa.exe
  2⤵
  PID:12104
- C:\Windows\System\ILstcpK.exe
  C:\Windows\System\ILstcpK.exe
  2⤵
  PID:12124
- C:\Windows\System\EOFMMmD.exe
  C:\Windows\System\EOFMMmD.exe
  2⤵
  PID:12156
- C:\Windows\System\bODBKAw.exe
  C:\Windows\System\bODBKAw.exe
  2⤵
  PID:12188
- C:\Windows\System\gnhFyhT.exe
  C:\Windows\System\gnhFyhT.exe
  2⤵
  PID:12204
- C:\Windows\System\FIQdBnZ.exe
  C:\Windows\System\FIQdBnZ.exe
  2⤵
  PID:12228
- C:\Windows\System\BdbTBht.exe
  C:\Windows\System\BdbTBht.exe
  2⤵
  PID:12252
- C:\Windows\System\vTfgttU.exe
  C:\Windows\System\vTfgttU.exe
  2⤵
  PID:12276
- C:\Windows\System\uUZyooZ.exe
  C:\Windows\System\uUZyooZ.exe
  2⤵
  PID:11268
- C:\Windows\System\vtDLUtn.exe
  C:\Windows\System\vtDLUtn.exe
  2⤵
  PID:11324
- C:\Windows\System\VxSMlCQ.exe
  C:\Windows\System\VxSMlCQ.exe
  2⤵
  PID:11364
- C:\Windows\System\oekOQEw.exe
  C:\Windows\System\oekOQEw.exe
  2⤵
  PID:11456
- C:\Windows\System\yAQUaRB.exe
  C:\Windows\System\yAQUaRB.exe
  2⤵
  PID:11472
- C:\Windows\System\tkbHujz.exe
  C:\Windows\System\tkbHujz.exe
  2⤵
  PID:11580
- C:\Windows\System\wzTKsbS.exe
  C:\Windows\System\wzTKsbS.exe
  2⤵
  PID:11676
- C:\Windows\System\wvIyYPC.exe
  C:\Windows\System\wvIyYPC.exe
  2⤵
  PID:11764
- C:\Windows\System\Jqsnlvc.exe
  C:\Windows\System\Jqsnlvc.exe
  2⤵
  PID:11808
- C:\Windows\System\WTBBGfh.exe
  C:\Windows\System\WTBBGfh.exe
  2⤵
  PID:11868
- C:\Windows\System\hIXLtnL.exe
  C:\Windows\System\hIXLtnL.exe
  2⤵
  PID:11956
- C:\Windows\System\AnSAYbZ.exe
  C:\Windows\System\AnSAYbZ.exe
  2⤵
  PID:11980
- C:\Windows\System\qYTKhVj.exe
  C:\Windows\System\qYTKhVj.exe
  2⤵
  PID:12056
- C:\Windows\System\HkwsgLH.exe
  C:\Windows\System\HkwsgLH.exe
  2⤵
  PID:12176
- C:\Windows\System\UXWaIuT.exe
  C:\Windows\System\UXWaIuT.exe
  2⤵
  PID:11036
- C:\Windows\System\OUQNDLo.exe
  C:\Windows\System\OUQNDLo.exe
  2⤵
  PID:12260
- C:\Windows\System\YPTVXsI.exe
  C:\Windows\System\YPTVXsI.exe
  2⤵
  PID:12284
- C:\Windows\System\YdoDabw.exe
  C:\Windows\System\YdoDabw.exe
  2⤵
  PID:11496
- C:\Windows\System\jXfzNCl.exe
  C:\Windows\System\jXfzNCl.exe
  2⤵
  PID:11488
- C:\Windows\System\dSIOczP.exe
  C:\Windows\System\dSIOczP.exe
  2⤵
  PID:11712
- C:\Windows\System\UWyorTD.exe
  C:\Windows\System\UWyorTD.exe
  2⤵
  PID:11780
- C:\Windows\System\KtCgHGo.exe
  C:\Windows\System\KtCgHGo.exe
  2⤵
  PID:11976
- C:\Windows\System\nVoHOCW.exe
  C:\Windows\System\nVoHOCW.exe
  2⤵
  PID:12172
- C:\Windows\System\cZjFdwi.exe
  C:\Windows\System\cZjFdwi.exe
  2⤵
  PID:11388
- C:\Windows\System\bAlMmmo.exe
  C:\Windows\System\bAlMmmo.exe
  2⤵
  PID:11420
- C:\Windows\System\lIPrPBa.exe
  C:\Windows\System\lIPrPBa.exe
  2⤵
  PID:11188
- C:\Windows\System\QRFHNAx.exe
  C:\Windows\System\QRFHNAx.exe
  2⤵
  PID:11948
- C:\Windows\System\POvwEpF.exe
  C:\Windows\System\POvwEpF.exe
  2⤵
  PID:3528
- C:\Windows\System\bAQDVNp.exe
  C:\Windows\System\bAQDVNp.exe
  2⤵
  PID:4680
- C:\Windows\System\OCjyYfV.exe
  C:\Windows\System\OCjyYfV.exe
  2⤵
  PID:2088
- C:\Windows\System\LBEfbhi.exe
  C:\Windows\System\LBEfbhi.exe
  2⤵
  PID:12304
- C:\Windows\System\yktVpqJ.exe
  C:\Windows\System\yktVpqJ.exe
  2⤵
  PID:12340
- C:\Windows\System\EfCtOoK.exe
  C:\Windows\System\EfCtOoK.exe
  2⤵
  PID:12384
- C:\Windows\System\fyxxHyr.exe
  C:\Windows\System\fyxxHyr.exe
  2⤵
  PID:12400
- C:\Windows\System\WBVqheS.exe
  C:\Windows\System\WBVqheS.exe
  2⤵
  PID:12424
- C:\Windows\System\kSPZByY.exe
  C:\Windows\System\kSPZByY.exe
  2⤵
  PID:12440
- C:\Windows\System\YEvrEDA.exe
  C:\Windows\System\YEvrEDA.exe
  2⤵
  PID:12456
- C:\Windows\System\RLicaNS.exe
  C:\Windows\System\RLicaNS.exe
  2⤵
  PID:12512
- C:\Windows\System\YvUqBxK.exe
  C:\Windows\System\YvUqBxK.exe
  2⤵
  PID:12548
- C:\Windows\System\WqcmuVT.exe
  C:\Windows\System\WqcmuVT.exe
  2⤵
  PID:12576
- C:\Windows\System\nKivGNV.exe
  C:\Windows\System\nKivGNV.exe
  2⤵
  PID:12604
- C:\Windows\System\mMOLpWK.exe
  C:\Windows\System\mMOLpWK.exe
  2⤵
  PID:12652
- C:\Windows\System\OAIRbKn.exe
  C:\Windows\System\OAIRbKn.exe
  2⤵
  PID:12672
- C:\Windows\System\FVgADWL.exe
  C:\Windows\System\FVgADWL.exe
  2⤵
  PID:12692
- C:\Windows\System\PCYOWdm.exe
  C:\Windows\System\PCYOWdm.exe
  2⤵
  PID:12736
- C:\Windows\System\VhCXIfc.exe
  C:\Windows\System\VhCXIfc.exe
  2⤵
  PID:12760
- C:\Windows\System\KLZhPsd.exe
  C:\Windows\System\KLZhPsd.exe
  2⤵
  PID:12784
- C:\Windows\System\vvoVZdd.exe
  C:\Windows\System\vvoVZdd.exe
  2⤵
  PID:12800
- C:\Windows\System\FZpppVE.exe
  C:\Windows\System\FZpppVE.exe
  2⤵
  PID:12848
- C:\Windows\System\AoFsMlG.exe
  C:\Windows\System\AoFsMlG.exe
  2⤵
  PID:12864
- C:\Windows\System\ljrpKbV.exe
  C:\Windows\System\ljrpKbV.exe
  2⤵
  PID:12884
- C:\Windows\System\pqZUodc.exe
  C:\Windows\System\pqZUodc.exe
  2⤵
  PID:12904
- C:\Windows\System\OHtEmuZ.exe
  C:\Windows\System\OHtEmuZ.exe
  2⤵
  PID:12920
- C:\Windows\System\dMfPiWr.exe
  C:\Windows\System\dMfPiWr.exe
  2⤵
  PID:12964
- C:\Windows\System\gAssRys.exe
  C:\Windows\System\gAssRys.exe
  2⤵
  PID:12988
- C:\Windows\System\peXweAB.exe
  C:\Windows\System\peXweAB.exe
  2⤵
  PID:13028
- C:\Windows\System\ltVgPMl.exe
  C:\Windows\System\ltVgPMl.exe
  2⤵
  PID:13052
- C:\Windows\System\cwluSwx.exe
  C:\Windows\System\cwluSwx.exe
  2⤵
  PID:13084
- C:\Windows\System\hJhKgbL.exe
  C:\Windows\System\hJhKgbL.exe
  2⤵
  PID:13104
- C:\Windows\System\reGUngj.exe
  C:\Windows\System\reGUngj.exe
  2⤵
  PID:13144
- C:\Windows\System\jwQqqGJ.exe
  C:\Windows\System\jwQqqGJ.exe
  2⤵
  PID:13168
- C:\Windows\System\OeEnjaD.exe
  C:\Windows\System\OeEnjaD.exe
  2⤵
  PID:13200
- C:\Windows\System\ErocGxH.exe
  C:\Windows\System\ErocGxH.exe
  2⤵
  PID:13260
- C:\Windows\System\VZgHwlW.exe
  C:\Windows\System\VZgHwlW.exe
  2⤵
  PID:13276
- C:\Windows\System\BQyjvMe.exe
  C:\Windows\System\BQyjvMe.exe
  2⤵
  PID:13292
- C:\Windows\System\bUihDSH.exe
  C:\Windows\System\bUihDSH.exe
  2⤵
  PID:10332
- C:\Windows\System\wGsTlBk.exe
  C:\Windows\System\wGsTlBk.exe
  2⤵
  PID:12312
- C:\Windows\System\bwdRphs.exe
  C:\Windows\System\bwdRphs.exe
  2⤵
  PID:1352
- C:\Windows\System\SVQcrDl.exe
  C:\Windows\System\SVQcrDl.exe
  2⤵
  PID:13212
- C:\Windows\System\LMkOEQt.exe
  C:\Windows\System\LMkOEQt.exe
  2⤵
  PID:13256
- C:\Windows\System\CcKmbyF.exe
  C:\Windows\System\CcKmbyF.exe
  2⤵
  PID:11904
- C:\Windows\System\msYEKnq.exe
  C:\Windows\System\msYEKnq.exe
  2⤵
  PID:3104
- C:\Windows\System\hzrlIli.exe
  C:\Windows\System\hzrlIli.exe
  2⤵
  PID:4956
- C:\Windows\System\cCpSkRw.exe
  C:\Windows\System\cCpSkRw.exe
  2⤵
  PID:12472
- C:\Windows\System\kAcFORk.exe
  C:\Windows\System\kAcFORk.exe
  2⤵
  PID:12532
- C:\Windows\System\gUvrTkp.exe
  C:\Windows\System\gUvrTkp.exe
  2⤵
  PID:12524
- C:\Windows\System\eNxvIIb.exe
  C:\Windows\System\eNxvIIb.exe
  2⤵
  PID:12664
- C:\Windows\System\FsLWoTt.exe
  C:\Windows\System\FsLWoTt.exe
  2⤵
  PID:2900
- C:\Windows\System\fYUvdGc.exe
  C:\Windows\System\fYUvdGc.exe
  2⤵
  PID:12792
- C:\Windows\System\CVgbfBr.exe
  C:\Windows\System\CVgbfBr.exe
  2⤵
  PID:12832
- C:\Windows\System\RhDFbCJ.exe
  C:\Windows\System\RhDFbCJ.exe
  2⤵
  PID:12592
- C:\Windows\System\RxyMHPB.exe
  C:\Windows\System\RxyMHPB.exe
  2⤵
  PID:3216
- C:\Windows\System\jxiCyAA.exe
  C:\Windows\System\jxiCyAA.exe
  2⤵
  PID:13016
- C:\Windows\System\VuXAfeZ.exe
  C:\Windows\System\VuXAfeZ.exe
  2⤵
  PID:2812
- C:\Windows\System\oaQhXAK.exe
  C:\Windows\System\oaQhXAK.exe
  2⤵
  PID:12544
- C:\Windows\System\HQATjJq.exe
  C:\Windows\System\HQATjJq.exe
  2⤵
  PID:4760
- C:\Windows\System\DvEZkvR.exe
  C:\Windows\System\DvEZkvR.exe
  2⤵
  PID:12776
- C:\Windows\System\xajOYbp.exe
  C:\Windows\System\xajOYbp.exe
  2⤵
  PID:12976
- C:\Windows\System\eZadAIF.exe
  C:\Windows\System\eZadAIF.exe
  2⤵
  PID:12916
- C:\Windows\System\uuHmDEE.exe
  C:\Windows\System\uuHmDEE.exe
  2⤵
  PID:12376
- C:\Windows\System\QdidSxi.exe
  C:\Windows\System\QdidSxi.exe
  2⤵
  PID:13188
- C:\Windows\System\GvhkhIR.exe
  C:\Windows\System\GvhkhIR.exe
  2⤵
  PID:4084
- C:\Windows\System\KKqwVfY.exe
  C:\Windows\System\KKqwVfY.exe
  2⤵
  PID:2584
- C:\Windows\System\brrmPdg.exe
  C:\Windows\System\brrmPdg.exe
  2⤵
  PID:12780
- C:\Windows\System\oXJSEjy.exe
  C:\Windows\System\oXJSEjy.exe
  2⤵
  PID:13072
- C:\Windows\System\gYXVHJd.exe
  C:\Windows\System\gYXVHJd.exe
  2⤵
  PID:13024
- C:\Windows\System\SerAmdo.exe
  C:\Windows\System\SerAmdo.exe
  2⤵
  PID:2000
- C:\Windows\System\mLSTeDx.exe
  C:\Windows\System\mLSTeDx.exe
  2⤵
  PID:4888
- C:\Windows\System\DqqoDij.exe
  C:\Windows\System\DqqoDij.exe
  2⤵
  PID:2172
- C:\Windows\System\uhjEEWM.exe
  C:\Windows\System\uhjEEWM.exe
  2⤵
  PID:13236
- C:\Windows\System\dMqTvLQ.exe
  C:\Windows\System\dMqTvLQ.exe
  2⤵
  PID:1556
- C:\Windows\System\oioympu.exe
  C:\Windows\System\oioympu.exe
  2⤵
  PID:2280
- C:\Windows\System\lOcBLKw.exe
  C:\Windows\System\lOcBLKw.exe
  2⤵
  PID:1208
- C:\Windows\System\PnxgnaD.exe
  C:\Windows\System\PnxgnaD.exe
  2⤵
  PID:11944
- C:\Windows\System\MJRatkb.exe
  C:\Windows\System\MJRatkb.exe
  2⤵
  PID:1740
- C:\Windows\System\wVVcIly.exe
  C:\Windows\System\wVVcIly.exe
  2⤵
  PID:1600
- C:\Windows\System\PqTMxMl.exe
  C:\Windows\System\PqTMxMl.exe
  2⤵
  PID:3204
- C:\Windows\System\LhWfync.exe
  C:\Windows\System\LhWfync.exe
  2⤵
  PID:4988
- C:\Windows\System\mbwkQwS.exe
  C:\Windows\System\mbwkQwS.exe
  2⤵
  PID:2864
- C:\Windows\System\YOeiOAW.exe
  C:\Windows\System\YOeiOAW.exe
  2⤵
  PID:4800
- C:\Windows\System\DZbXMtm.exe
  C:\Windows\System\DZbXMtm.exe
  2⤵
  PID:3332
- C:\Windows\System\LUByODa.exe
  C:\Windows\System\LUByODa.exe
  2⤵
  PID:2760
- C:\Windows\System\YlhfNlW.exe
  C:\Windows\System\YlhfNlW.exe
  2⤵
  PID:2028
- C:\Windows\System\tdikwod.exe
  C:\Windows\System\tdikwod.exe
  2⤵
  PID:1000
- C:\Windows\System\GHOwZYu.exe
  C:\Windows\System\GHOwZYu.exe
  2⤵
  PID:712
- C:\Windows\System\Xhhdxfq.exe
  C:\Windows\System\Xhhdxfq.exe
  2⤵
  PID:1248
- C:\Windows\System\RyyefyF.exe
  C:\Windows\System\RyyefyF.exe
  2⤵
  PID:3484
- C:\Windows\System\ItmAYNn.exe
  C:\Windows\System\ItmAYNn.exe
  2⤵
  PID:4028
- C:\Windows\System\gqatMHA.exe
  C:\Windows\System\gqatMHA.exe
  2⤵
  PID:5040
- C:\Windows\System\WqeZjyV.exe
  C:\Windows\System\WqeZjyV.exe
  2⤵
  PID:4692
- C:\Windows\System\hjKkKOB.exe
  C:\Windows\System\hjKkKOB.exe
  2⤵
  PID:2896
- C:\Windows\System\ivTfzsK.exe
  C:\Windows\System\ivTfzsK.exe
  2⤵
  PID:1180
- C:\Windows\System\IVVYKBN.exe
  C:\Windows\System\IVVYKBN.exe
  2⤵
  PID:1548
- C:\Windows\System\YFHBkKu.exe
  C:\Windows\System\YFHBkKu.exe
  2⤵
  PID:1184
- C:\Windows\System\eHrdOpl.exe
  C:\Windows\System\eHrdOpl.exe
  2⤵
  PID:3388
- C:\Windows\System\uafQQuH.exe
  C:\Windows\System\uafQQuH.exe
  2⤵
  PID:12708
- C:\Windows\System\oBtLOxc.exe
  C:\Windows\System\oBtLOxc.exe
  2⤵
  PID:2620
- C:\Windows\System\FAOYmNL.exe
  C:\Windows\System\FAOYmNL.exe
  2⤵
  PID:3996
- C:\Windows\System\juvEjLX.exe
  C:\Windows\System\juvEjLX.exe
  2⤵
  PID:1188
- C:\Windows\System\SgiQPiD.exe
  C:\Windows\System\SgiQPiD.exe
  2⤵
  PID:3328
- C:\Windows\System\XvcbqtT.exe
  C:\Windows\System\XvcbqtT.exe
  2⤵
  PID:4144
- C:\Windows\System\zsVCtzB.exe
  C:\Windows\System\zsVCtzB.exe
  2⤵
  PID:4164
- C:\Windows\System\RKgNisT.exe
  C:\Windows\System\RKgNisT.exe
  2⤵
  PID:3824
- C:\Windows\System\bPuNItq.exe
  C:\Windows\System\bPuNItq.exe
  2⤵
  PID:3432
- C:\Windows\System\xXRsadr.exe
  C:\Windows\System\xXRsadr.exe
  2⤵
  PID:1560
- C:\Windows\System\wOZUFDQ.exe
  C:\Windows\System\wOZUFDQ.exe
  2⤵
  PID:13080
- C:\Windows\System\MXKciAB.exe
  C:\Windows\System\MXKciAB.exe
  2⤵
  PID:12688
- C:\Windows\System\AoJtUkA.exe
  C:\Windows\System\AoJtUkA.exe
  2⤵
  PID:5816
- C:\Windows\System\jMAuVvM.exe
  C:\Windows\System\jMAuVvM.exe
  2⤵
  PID:4256
- C:\Windows\System\fjMQamH.exe
  C:\Windows\System\fjMQamH.exe
  2⤵
  PID:4264
- C:\Windows\System\UsTwlGz.exe
  C:\Windows\System\UsTwlGz.exe
  2⤵
  PID:4404
- C:\Windows\System\cqtuNfW.exe
  C:\Windows\System\cqtuNfW.exe
  2⤵
  PID:3936
- C:\Windows\System\ZjyFrLG.exe
  C:\Windows\System\ZjyFrLG.exe
  2⤵
  PID:6924
- C:\Windows\System\iuYruvB.exe
  C:\Windows\System\iuYruvB.exe
  2⤵
  PID:4036
- C:\Windows\System\tnUcqxF.exe
  C:\Windows\System\tnUcqxF.exe
  2⤵
  PID:4196
- C:\Windows\System\RijAYoV.exe
  C:\Windows\System\RijAYoV.exe
  2⤵
  PID:1564
- C:\Windows\System\fXzNmzR.exe
  C:\Windows\System\fXzNmzR.exe
  2⤵
  PID:4160
- C:\Windows\System\viNNipA.exe
  C:\Windows\System\viNNipA.exe
  2⤵
  PID:12492
- C:\Windows\System\COvrGQR.exe
  C:\Windows\System\COvrGQR.exe
  2⤵
  PID:4556
- C:\Windows\System\uIHHUOU.exe
  C:\Windows\System\uIHHUOU.exe
  2⤵
  PID:2968
- C:\Windows\System\UUbnJwZ.exe
  C:\Windows\System\UUbnJwZ.exe
  2⤵
  PID:4908
- C:\Windows\System\kWdlfWr.exe
  C:\Windows\System\kWdlfWr.exe
  2⤵
  PID:1216
- C:\Windows\System\JcrprgV.exe
  C:\Windows\System\JcrprgV.exe
  2⤵
  PID:1768
- C:\Windows\System\IDABgWg.exe
  C:\Windows\System\IDABgWg.exe
  2⤵
  PID:13352
- C:\Windows\System\YjiIoFx.exe
  C:\Windows\System\YjiIoFx.exe
  2⤵
  PID:13376
- C:\Windows\System\ATytxGQ.exe
  C:\Windows\System\ATytxGQ.exe
  2⤵
  PID:13404
- C:\Windows\System\IpUPRuA.exe
  C:\Windows\System\IpUPRuA.exe
  2⤵
  PID:13448
- C:\Windows\System\LgqQmyM.exe
  C:\Windows\System\LgqQmyM.exe
  2⤵
  PID:13476
- C:\Windows\System\pqLngWY.exe
  C:\Windows\System\pqLngWY.exe
  2⤵
  PID:13516
- C:\Windows\System\OlgHLau.exe
  C:\Windows\System\OlgHLau.exe
  2⤵
  PID:14200
- C:\Windows\System\gidlxtl.exe
  C:\Windows\System\gidlxtl.exe
  2⤵
  PID:14296
- C:\Windows\System\yMvAnMG.exe
  C:\Windows\System\yMvAnMG.exe
  2⤵
  PID:14312
- C:\Windows\System\lbfkUaD.exe
  C:\Windows\System\lbfkUaD.exe
  2⤵
  PID:4156
- C:\Windows\System\AvjuHYa.exe
  C:\Windows\System\AvjuHYa.exe
  2⤵
  PID:13332
- C:\Windows\System\LOidMvh.exe
  C:\Windows\System\LOidMvh.exe
  2⤵
  PID:13400
- C:\Windows\System\AyDJLmT.exe
  C:\Windows\System\AyDJLmT.exe
  2⤵
  PID:13464
- C:\Windows\System\apphUDc.exe
  C:\Windows\System\apphUDc.exe
  2⤵
  PID:13492
- C:\Windows\System\DgLMhTY.exe
  C:\Windows\System\DgLMhTY.exe
  2⤵
  PID:13532
- C:\Windows\System\kSgkXFO.exe
  C:\Windows\System\kSgkXFO.exe
  2⤵
  PID:13616
- C:\Windows\System\CNopOQO.exe
  C:\Windows\System\CNopOQO.exe
  2⤵
  PID:13632
- C:\Windows\System\hwskqBU.exe
  C:\Windows\System\hwskqBU.exe
  2⤵
  PID:13652
- C:\Windows\System\iwsNclT.exe
  C:\Windows\System\iwsNclT.exe
  2⤵
  PID:13876
- C:\Windows\System\ifJFwDN.exe
  C:\Windows\System\ifJFwDN.exe
  2⤵
  PID:13952
- C:\Windows\System\VNkEzSU.exe
  C:\Windows\System\VNkEzSU.exe
  2⤵
  PID:14036
- C:\Windows\System\lIrLMtY.exe
  C:\Windows\System\lIrLMtY.exe
  2⤵
  PID:14052
- C:\Windows\System\ZdfeOAz.exe
  C:\Windows\System\ZdfeOAz.exe
  2⤵
  PID:14084
- C:\Windows\System\pCGJmdJ.exe
  C:\Windows\System\pCGJmdJ.exe
  2⤵
  PID:14116
- C:\Windows\System\pWPaKkF.exe
  C:\Windows\System\pWPaKkF.exe
  2⤵
  PID:4836
- C:\Windows\System\vIRFnTJ.exe
  C:\Windows\System\vIRFnTJ.exe
  2⤵
  PID:3004
- C:\Windows\System\IYUePrR.exe
  C:\Windows\System\IYUePrR.exe
  2⤵
  PID:14152
- C:\Windows\System\oGbOMcV.exe
  C:\Windows\System\oGbOMcV.exe
  2⤵
  PID:392
- C:\Windows\System\OGMiHBH.exe
  C:\Windows\System\OGMiHBH.exe
  2⤵
  PID:4344
- C:\Windows\System\mpaABqQ.exe
  C:\Windows\System\mpaABqQ.exe
  2⤵
  PID:14220
- C:\Windows\System\GCKvpfH.exe
  C:\Windows\System\GCKvpfH.exe
  2⤵
  PID:14256
- C:\Windows\System\IFUEhAE.exe
  C:\Windows\System\IFUEhAE.exe
  2⤵
  PID:14260
- C:\Windows\System\mElVoBG.exe
  C:\Windows\System\mElVoBG.exe
  2⤵
  PID:14280
- C:\Windows\System\zYaDmqh.exe
  C:\Windows\System\zYaDmqh.exe
  2⤵
  PID:1424
- C:\Windows\System\rOLaUzn.exe
  C:\Windows\System\rOLaUzn.exe
  2⤵
  PID:13344
- C:\Windows\System\gOfXTwd.exe
  C:\Windows\System\gOfXTwd.exe
  2⤵
  PID:2428
- C:\Windows\System\ModjxRE.exe
  C:\Windows\System\ModjxRE.exe
  2⤵
  PID:13340
- C:\Windows\System\VEsbJKF.exe
  C:\Windows\System\VEsbJKF.exe
  2⤵
  PID:7668
- C:\Windows\System\XAaXYck.exe
  C:\Windows\System\XAaXYck.exe
  2⤵
  PID:14252
- C:\Windows\System\FWFEWdh.exe
  C:\Windows\System\FWFEWdh.exe
  2⤵
  PID:7780
- C:\Windows\System\PasNwzg.exe
  C:\Windows\System\PasNwzg.exe
  2⤵
  PID:7884
- C:\Windows\System\esQODmg.exe
  C:\Windows\System\esQODmg.exe
  2⤵
  PID:7988
- C:\Windows\System\aWPYkhZ.exe
  C:\Windows\System\aWPYkhZ.exe
  2⤵
  PID:8068
- C:\Windows\System\zUaVCdc.exe
  C:\Windows\System\zUaVCdc.exe
  2⤵
  PID:13468
- C:\Windows\System\EfWQUhy.exe
  C:\Windows\System\EfWQUhy.exe
  2⤵
  PID:13456
- C:\Windows\System\ZDFmSQR.exe
  C:\Windows\System\ZDFmSQR.exe
  2⤵
  PID:13472
- C:\Windows\System\DeyCRZA.exe
  C:\Windows\System\DeyCRZA.exe
  2⤵
  PID:13600
- C:\Windows\System\bSjvPRQ.exe
  C:\Windows\System\bSjvPRQ.exe
  2⤵
  PID:7856
- C:\Windows\System\MiWCgyo.exe
  C:\Windows\System\MiWCgyo.exe
  2⤵
  PID:13576
- C:\Windows\System\QKFAaJF.exe
  C:\Windows\System\QKFAaJF.exe
  2⤵
  PID:13592
- C:\Windows\System\wwDRagi.exe
  C:\Windows\System\wwDRagi.exe
  2⤵
  PID:13704
- C:\Windows\System\KtkIery.exe
  C:\Windows\System\KtkIery.exe
  2⤵
  PID:7756
- C:\Windows\System\POyKENh.exe
  C:\Windows\System\POyKENh.exe
  2⤵
  PID:4336
- C:\Windows\System\blezNlt.exe
  C:\Windows\System\blezNlt.exe
  2⤵
  PID:13872
- C:\Windows\System\YWCIdyh.exe
  C:\Windows\System\YWCIdyh.exe
  2⤵
  PID:8116
- C:\Windows\System\iTiRnJQ.exe
  C:\Windows\System\iTiRnJQ.exe
  2⤵
  PID:3156
- C:\Windows\System\FOUmTbR.exe
  C:\Windows\System\FOUmTbR.exe
  2⤵
  PID:6392
- C:\Windows\System\hvBderL.exe
  C:\Windows\System\hvBderL.exe
  2⤵
  PID:13908
- C:\Windows\System\SVufNNL.exe
  C:\Windows\System\SVufNNL.exe
  2⤵
  PID:13752
- C:\Windows\System\zcIKJCH.exe
  C:\Windows\System\zcIKJCH.exe
  2⤵
  PID:13772
- C:\Windows\System\YdpnJlT.exe
  C:\Windows\System\YdpnJlT.exe
  2⤵
  PID:13796
- C:\Windows\System\djxQVph.exe
  C:\Windows\System\djxQVph.exe
  2⤵
  PID:1996
- C:\Windows\System\lbfgVuu.exe
  C:\Windows\System\lbfgVuu.exe
  2⤵
  PID:13820
- C:\Windows\System\rZddyvj.exe
  C:\Windows\System\rZddyvj.exe
  2⤵
  PID:13828
- C:\Windows\System\acIXgQE.exe
  C:\Windows\System\acIXgQE.exe
  2⤵
  PID:13860
- C:\Windows\System\ETOzGCw.exe
  C:\Windows\System\ETOzGCw.exe
  2⤵
  PID:13960
- C:\Windows\System\ZMumtBT.exe
  C:\Windows\System\ZMumtBT.exe
  2⤵
  PID:4520
- C:\Windows\System\YflcHiA.exe
  C:\Windows\System\YflcHiA.exe
  2⤵
  PID:13988
- C:\Windows\System\adNwIqt.exe
  C:\Windows\System\adNwIqt.exe
  2⤵
  PID:13944
- C:\Windows\System\nuvWowS.exe
  C:\Windows\System\nuvWowS.exe
  2⤵
  PID:8268
- C:\Windows\System\peTVURs.exe
  C:\Windows\System\peTVURs.exe
  2⤵
  PID:14000
- C:\Windows\System\pcwMFDx.exe
  C:\Windows\System\pcwMFDx.exe
  2⤵
  PID:14008
- C:\Windows\System\vvfHaWz.exe
  C:\Windows\System\vvfHaWz.exe
  2⤵
  PID:14044
- C:\Windows\System\BlJGuiD.exe
  C:\Windows\System\BlJGuiD.exe
  2⤵
  PID:14068
- C:\Windows\System\XCuljEg.exe
  C:\Windows\System\XCuljEg.exe
  2⤵
  PID:4468
- C:\Windows\System\pswrTvf.exe
  C:\Windows\System\pswrTvf.exe
  2⤵
  PID:5964
- C:\Windows\System\ykXwgrv.exe
  C:\Windows\System\ykXwgrv.exe
  2⤵
  PID:14132
- C:\Windows\System\koLlALB.exe
  C:\Windows\System\koLlALB.exe
  2⤵
  PID:8644
- C:\Windows\System\UyFfcQx.exe
  C:\Windows\System\UyFfcQx.exe
  2⤵
  PID:14128
- C:\Windows\System\vvZWDSs.exe
  C:\Windows\System\vvZWDSs.exe
  2⤵
  PID:8700
- C:\Windows\System\mLBenwu.exe
  C:\Windows\System\mLBenwu.exe
  2⤵
  PID:8764
- C:\Windows\System\LqCzEHO.exe
  C:\Windows\System\LqCzEHO.exe
  2⤵
  PID:14144
- C:\Windows\System\ufsTMmE.exe
  C:\Windows\System\ufsTMmE.exe
  2⤵
  PID:8872
- C:\Windows\System\PRCifTR.exe
  C:\Windows\System\PRCifTR.exe
  2⤵
  PID:8892
- C:\Windows\System\TlZDYfC.exe
  C:\Windows\System\TlZDYfC.exe
  2⤵
  PID:14212
- C:\Windows\System\hzPdxrY.exe
  C:\Windows\System\hzPdxrY.exe
  2⤵
  PID:2696
- C:\Windows\System\NPfMyoy.exe
  C:\Windows\System\NPfMyoy.exe
  2⤵
  PID:3092
- C:\Windows\System\teRHTpH.exe
  C:\Windows\System\teRHTpH.exe
  2⤵
  PID:14264
- C:\Windows\System\IoxJSYV.exe
  C:\Windows\System\IoxJSYV.exe
  2⤵
  PID:2780
- C:\Windows\System\JoZXAfQ.exe
  C:\Windows\System\JoZXAfQ.exe
  2⤵
  PID:9092
- C:\Windows\System\HKTJmio.exe
  C:\Windows\System\HKTJmio.exe
  2⤵
  PID:14288
- C:\Windows\System\VfQTFmx.exe
  C:\Windows\System\VfQTFmx.exe
  2⤵
  PID:7616
- C:\Windows\System\waeNeQk.exe
  C:\Windows\System\waeNeQk.exe
  2⤵
  PID:4120
- C:\Windows\System\dVSjLKt.exe
  C:\Windows\System\dVSjLKt.exe
  2⤵
  PID:13364
- C:\Windows\System\PZMWkxh.exe
  C:\Windows\System\PZMWkxh.exe
  2⤵
  PID:8092
- C:\Windows\System\XFMyoRg.exe
  C:\Windows\System\XFMyoRg.exe
  2⤵
  PID:7972
- C:\Windows\System\zOxbRnx.exe
  C:\Windows\System\zOxbRnx.exe
  2⤵
  PID:13488
- C:\Windows\System\wNfxsEh.exe
  C:\Windows\System\wNfxsEh.exe
  2⤵
  PID:636
- C:\Windows\System\rPTqiOL.exe
  C:\Windows\System\rPTqiOL.exe
  2⤵
  PID:2308
- C:\Windows\System\Wjddqjm.exe
  C:\Windows\System\Wjddqjm.exe
  2⤵
  PID:13428
- C:\Windows\System\drvlkHd.exe
  C:\Windows\System\drvlkHd.exe
  2⤵
  PID:13628
- C:\Windows\System\BcWtyEM.exe
  C:\Windows\System\BcWtyEM.exe
  2⤵
  PID:13560
- C:\Windows\System\OXJqLIC.exe
  C:\Windows\System\OXJqLIC.exe
  2⤵
  PID:1964
- C:\Windows\System\aONLtoC.exe
  C:\Windows\System\aONLtoC.exe
  2⤵
  PID:3032
- C:\Windows\System\bRcqZQf.exe
  C:\Windows\System\bRcqZQf.exe
  2⤵
  PID:13644
- C:\Windows\System\IuQWBro.exe
  C:\Windows\System\IuQWBro.exe
  2⤵
  PID:9260
- C:\Windows\System\lBvRXUx.exe
  C:\Windows\System\lBvRXUx.exe
  2⤵
  PID:9288
- C:\Windows\System\PHrsdRw.exe
  C:\Windows\System\PHrsdRw.exe
  2⤵
  PID:3068
- C:\Windows\System\kkqMtXu.exe
  C:\Windows\System\kkqMtXu.exe
  2⤵
  PID:2652
- C:\Windows\System\nbNtfeS.exe
  C:\Windows\System\nbNtfeS.exe
  2⤵
  PID:13696
- C:\Windows\System\YslEEcn.exe
  C:\Windows\System\YslEEcn.exe
  2⤵
  PID:7932
- C:\Windows\System\qxgYPwl.exe
  C:\Windows\System\qxgYPwl.exe
  2⤵
  PID:13544
- C:\Windows\System\ShQhtwh.exe
  C:\Windows\System\ShQhtwh.exe
  2⤵
  PID:13780
- C:\Windows\System\eWHHBJL.exe
  C:\Windows\System\eWHHBJL.exe
  2⤵
  PID:8044
- C:\Windows\System\FGpQgEB.exe
  C:\Windows\System\FGpQgEB.exe
  2⤵
  PID:13792
- C:\Windows\System\ULslDCV.exe
  C:\Windows\System\ULslDCV.exe
  2⤵
  PID:2484
- C:\Windows\System\yTrbLLI.exe
  C:\Windows\System\yTrbLLI.exe
  2⤵
  PID:9572
- C:\Windows\System\VTeCcRr.exe
  C:\Windows\System\VTeCcRr.exe
  2⤵
  PID:1744
- C:\Windows\System\YsPCZnl.exe
  C:\Windows\System\YsPCZnl.exe
  2⤵
  PID:2904
- C:\Windows\System\xEYqisy.exe
  C:\Windows\System\xEYqisy.exe
  2⤵
  PID:7624
- C:\Windows\System\MHDCBxo.exe
  C:\Windows\System\MHDCBxo.exe
  2⤵
  PID:3408
- C:\Windows\System\WJVjHDb.exe
  C:\Windows\System\WJVjHDb.exe
  2⤵
  PID:4244
- C:\Windows\System\bBgBOVb.exe
  C:\Windows\System\bBgBOVb.exe
  2⤵
  PID:1972
- C:\Windows\System\aBcnBNM.exe
  C:\Windows\System\aBcnBNM.exe
  2⤵
  PID:552
- C:\Windows\System\VddPGvU.exe
  C:\Windows\System\VddPGvU.exe
  2⤵
  PID:5068
- C:\Windows\System\DNVAnUQ.exe
  C:\Windows\System\DNVAnUQ.exe
  2⤵
  PID:2708
- C:\Windows\System\NZFfLJa.exe
  C:\Windows\System\NZFfLJa.exe
  2⤵
  PID:14048
- C:\Windows\System\DaAaYHJ.exe
  C:\Windows\System\DaAaYHJ.exe
  2⤵
  PID:3772
- C:\Windows\System\jpLoFBo.exe
  C:\Windows\System\jpLoFBo.exe
  2⤵
  PID:14096
- C:\Windows\System\mhoOUQR.exe
  C:\Windows\System\mhoOUQR.exe
  2⤵
  PID:14140
- C:\Windows\System\dkyWbly.exe
  C:\Windows\System\dkyWbly.exe
  2⤵
  PID:14184
- C:\Windows\System\FUxTuvE.exe
  C:\Windows\System\FUxTuvE.exe
  2⤵
  PID:14156
- C:\Windows\System\pQRQHYZ.exe
  C:\Windows\System\pQRQHYZ.exe
  2⤵
  PID:1048
- C:\Windows\System\krgxlUA.exe
  C:\Windows\System\krgxlUA.exe
  2⤵
  PID:1272
- C:\Windows\System\sXVZLdO.exe
  C:\Windows\System\sXVZLdO.exe
  2⤵
  PID:1804
- C:\Windows\System\SrnCFKr.exe
  C:\Windows\System\SrnCFKr.exe
  2⤵
  PID:14248
- C:\Windows\System\ZujJbkA.exe
  C:\Windows\System\ZujJbkA.exe
  2⤵
  PID:5216
- C:\Windows\System\QjsKHPT.exe
  C:\Windows\System\QjsKHPT.exe
  2⤵
  PID:388
- C:\Windows\System\XlsckkD.exe
  C:\Windows\System\XlsckkD.exe
  2⤵
  PID:14104
- C:\Windows\System\vuqCMyW.exe
  C:\Windows\System\vuqCMyW.exe
  2⤵
  PID:9212
- C:\Windows\System\gvCxYLF.exe
  C:\Windows\System\gvCxYLF.exe
  2⤵
  PID:13368
- C:\Windows\System\steeovn.exe
  C:\Windows\System\steeovn.exe
  2⤵
  PID:7612
- C:\Windows\System\FqDavdD.exe
  C:\Windows\System\FqDavdD.exe
  2⤵
  PID:14100
- C:\Windows\System\dksIPUh.exe
  C:\Windows\System\dksIPUh.exe
  2⤵
  PID:2664
- C:\Windows\System\IMmTZYX.exe
  C:\Windows\System\IMmTZYX.exe
  2⤵
  PID:1752
- C:\Windows\System\HLyoCyK.exe
  C:\Windows\System\HLyoCyK.exe
  2⤵
  PID:4896
- C:\Windows\System\gobbsyz.exe
  C:\Windows\System\gobbsyz.exe
  2⤵
  PID:13552
- C:\Windows\System\idsaQPo.exe
  C:\Windows\System\idsaQPo.exe
  2⤵
  PID:5564
- C:\Windows\System\LagYhtW.exe
  C:\Windows\System\LagYhtW.exe
  2⤵
  PID:13768
- C:\Windows\System\OVFhjHc.exe
  C:\Windows\System\OVFhjHc.exe
  2⤵
  PID:13548
- C:\Windows\System\xWUTSGV.exe
  C:\Windows\System\xWUTSGV.exe
  2⤵
  PID:8924
- C:\Windows\System\DJDlSkn.exe
  C:\Windows\System\DJDlSkn.exe
  2⤵
  PID:9404
- C:\Windows\System\rzIQxLi.exe
  C:\Windows\System\rzIQxLi.exe
  2⤵
  PID:13808
- C:\Windows\System\PulYEkc.exe
  C:\Windows\System\PulYEkc.exe
  2⤵
  PID:13324
- C:\Windows\System\KHEQQSR.exe
  C:\Windows\System\KHEQQSR.exe
  2⤵
  PID:14024
- C:\Windows\System\UtBCAKE.exe
  C:\Windows\System\UtBCAKE.exe
  2⤵
  PID:13596
- C:\Windows\System\jdHzvmU.exe
  C:\Windows\System\jdHzvmU.exe
  2⤵
  PID:13884
- C:\Windows\System\kwpiEjX.exe
  C:\Windows\System\kwpiEjX.exe
  2⤵
  PID:11372
- C:\Windows\System\teBSSix.exe
  C:\Windows\System\teBSSix.exe
  2⤵
  PID:9356

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5844

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4040

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:768

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3388

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:556

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2660

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1560

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:13816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d1eawl3x.dst.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DjBYTIm.exe

Filesize
1.7MB

MD5
39884640e802521985664a18c0d38983

SHA1
41c6e1ad6f01e01624675753bd2ec848c4124807

SHA256
6c19623659b662174bb3a0f65e2d36871b3fa98d26f991dc387fd58bf984d44d

SHA512
853fe3b8a25e046654a65604d6722c37baa5a035d683e10b7ce05296f45639d898bd5336391075ef6eb44c456d8a067012da2c4f88ca2bbda9046889fdac19ea

Download Submit
C:\Windows\System\GXQnLfk.exe

Filesize
1.7MB

MD5
4c891078c5b6a50479fc0ca3fb5ffda3

SHA1
eb7c58c64775198ab553cc60008ab402ca8a3562

SHA256
75dbec30b8946ac32842adb14c3b98c5df6d86de47deb21a2c491d96d84a8124

SHA512
b161c3bf1e293a3bbd022131180b9717e960ad3a0ef794dc317493718b3aa6ee1af4e6ac1d13733497a581377dd3c6a9d90b16f59f50fcfc59bfe2f542421852

Download Submit
C:\Windows\System\OYxgOID.exe

Filesize
1.7MB

MD5
8e4e91e23dd41dd6592a38a2ae2ae9c9

SHA1
64799f95117a1378d4bb359daf56cd05c75549af

SHA256
c598a9496ac1bc94b3a1937d135f0178383275b164a42a48fa75b17f3f91a5bb

SHA512
6a27a090faf4d86194d09c3ae2eee6c6fab5608e2cbac74b8f74c2ec452a3392f32a2dd4213e0b8fca28498bf50f181b27a7da25aec35224833238e70b77e9ef

Download Submit
C:\Windows\System\OgznKJk.exe

Filesize
1.7MB

MD5
8fc06b05f382bea1f55c3b2ab970221b

SHA1
da9792a069be34287548a2e5c7115c275154066f

SHA256
1ac7397d70ba3bfc32c478f5c7b5c9076ac0c0a04c58166e833a33b13ea92ce4

SHA512
781d28815c5ee227646f4b54ae7c864517b5c7ad5729f5c1187edcbbe3210c6cc4beb51701039557b46d6edb2def08dadc8497ed678366acef777d7b63e52e0b

Download Submit
C:\Windows\System\PWsAxAD.exe

Filesize
1.7MB

MD5
6c52e325ece4f45ea66b0f0229c9a988

SHA1
37a299ad6aaffd8e5a3bfc5e84aa4876ca9915b7

SHA256
c0b891cfb748726ed39634ae429cbfe50a108403b313f7726e885f02bf890f4a

SHA512
e0801829e20dfae9a5731c29d81faaa5d7fb23e02adc3600bfdc63b84b1818db58a675713482315082626229ab21062a22d25037ca7902a3e38f0b3aa996574e

Download Submit
C:\Windows\System\RfLGiOR.exe

Filesize
1.7MB

MD5
e9ee85dd665f17ea5c1b8ba625243dd4

SHA1
9548a5dea2140cbe3f1fceff5d375cd106cd0b4f

SHA256
3b129f7c4b4e76f9500f712982688ed2a57c18c2b1f17fcd41d258cf86c8fab6

SHA512
67d3531f7257b6fe8adbf1a92fd83b36935fa90b5585f05457a7faa551c7c4c817d70b2deddc866b7b5e02ec2fe2d09ec18ae8f93d2fab61b0fa7c1666c8c0e8

Download Submit
C:\Windows\System\SIoGFPe.exe

Filesize
1.7MB

MD5
5bf067a70a79d7a5a2ea84991bb68d0c

SHA1
33dca9c6da15e703c7af2bf849392978a3dd3dd5

SHA256
dc02e42e8008e96606dd34173182d20a2713f3bc5ae9246f4c1c71908dd166fa

SHA512
fd638a20c40658d6c7b48b6b83a8687f9c2ecb7233f5d74e51159d85a72415de353933b8c3fef40f7a664cd593e28dde2a150a5f73361af61ad8c5f5098406b1

Download Submit
C:\Windows\System\SNVstWd.exe

Filesize
1.7MB

MD5
60b196fb99cc9c332fc29ae8e4395932

SHA1
8ce9a629c1bd12a5b85f3cbc272f54393e1a41a3

SHA256
61f95030084f1a9ece66be48300c58934e20856a303df77027b7a22fd05295fe

SHA512
fcb6b266f6119b7b075b234fe89edad34b846663f70d2f840fd785f8f8a2f41001a39aadc03c8c61a5cc655d90fe6031c21e8c1b5eee7dd706c3f9a13f2a20eb

Download Submit
C:\Windows\System\SpjrlSe.exe

Filesize
1.7MB

MD5
ec6d1fe8fdd618dff98c0d536893d7b8

SHA1
0b62d7ac0429b11c6b14794a67f67a16fc6207e9

SHA256
d0687693b1993b01983e7968d0abe3b8fcad5eecbb1a741e4e8d5dc0d0fa84e4

SHA512
ea808b912f35a0a421a0f5416dfde41be0fb517bda09daa0de6cbc08344ce890ca11647ea336b31b5a11e4a33b0adfd7c9f08961c28d0afde8a2baffbdbff084

Download Submit
C:\Windows\System\TBeUNuC.exe

Filesize
1.7MB

MD5
62a9f1dbf5510cd9accb0b1441c5c038

SHA1
7212184e308bad386ad41ac8652dc4f2c93217d9

SHA256
ca71553795884416b75f63816ea6fcaf94f69b08e8a74a51925f0fd92bbc80fd

SHA512
3ac30ed31aca9559a4f8c1e2f25afdad4d29012657464d48e411008a2e7df15b42295a8d56b58a88003e14f4a6ca78331e3bb2f58de484da0a0458bb100e1808

Download Submit
C:\Windows\System\TlGPnJU.exe

Filesize
1.7MB

MD5
f922838ff779f11c1e3c31b48deb1274

SHA1
015fad703979bcba1c294b7f04cdd22b2e141004

SHA256
d582bf2aca6e0e61195ed663bc4223c38bd0ae155228c43be095bd7f4174d685

SHA512
a552f8d006c9286714072138380fdad0a406e930984dea7323d0fe57068f21c4836245218a37deb067d74221e3a7d607f1937a4bf5c471769e36cce231a61766

Download Submit
C:\Windows\System\adVclhC.exe

Filesize
1.7MB

MD5
25ade23ba5b4a8b36192d9505d416ff4

SHA1
3e45e90a370cbb7cb3bb678dfb140666713e2241

SHA256
9fd5a76004227d9bcbafaec5216c15658fe7b7cbb0c8eabf42b3a506751ce12d

SHA512
de450ce53f530a2ccd8d3a0b46e2b912a8cc9b1d47f60f742ebd855d4bc0e2774c8d11cde3fef362ef29c310478e5e9fd093904b45646ce52abfccaeffba40c1

Download Submit
C:\Windows\System\bpPGeTh.exe

Filesize
1.7MB

MD5
226463355e497511975b2573dd8b1b82

SHA1
9b9aa66d9ec7258212b3c3ffe0987dd337c9055d

SHA256
73c7c631cba32d7e16acc05c7af13a720561dfe05c0bb434136bcddff806c290

SHA512
91af6d33f856572f8e10d600751ffa87c62bc2e7550aa8824863d7b4cc05eed5fffe3c7b1eefd7ece8ffeaa4c2622f9eef52e2181ed6d5f90c0d4e37ff7962fe

Download Submit
C:\Windows\System\dRDbJjj.exe

Filesize
1.7MB

MD5
b96121d9086a4f7ad290018e1f62c087

SHA1
8ff406417137b0a5877e78eca0c590d1e0b199d4

SHA256
2196dc5693b1963be36ed29af4389c629559d2b85cf8b0fd39ea21ba94bc86ea

SHA512
bbbe056552e97b5c3b78ef64c07eeee991ab5d68f590d2dfc9d03d71fe8d94e6dad1c16b8c840fa7168c4cd204d5d66a224a6ae6bfe06223e5a2d855cabd48a0

Download Submit
C:\Windows\System\gnQRAgS.exe

Filesize
1.7MB

MD5
bfbfaa247a9ae9a80a2048270ac1a380

SHA1
1e340fd6a5ec430277db74173151e4fd05b6e253

SHA256
17ec85edc3f91d9e9f48ddb90bac0f476103f49c85f67eb465d281a96de3c9f9

SHA512
bff98364cf785c34c49dd6af1074d0e854eb67c2e669102491bc080d02f4da68cab2a9e938f9ccc7e647e954ae05241875a0ae8bdaffd40b82fc08cfc5cd04b6

Download Submit
C:\Windows\System\hQwdKkt.exe

Filesize
1.7MB

MD5
e9de44abfbeb9c324dfd78e102a50755

SHA1
2caf9bea71b5838f66e3660e3c38c19d84fb881f

SHA256
341b9e26c98301eda2198736f5e610ce3a40ebac3cd2032275e43fdc17f1aa32

SHA512
a9d0ce7b0a27778974858bf4733bae08a08967cd27220daa157d485d8c5f97be0c25bdb40c3b0615ca29040f097bfee15071fb2ad05a56ed6973e1a581ab1ea1

Download Submit
C:\Windows\System\idFyPFg.exe

Filesize
1.7MB

MD5
ed51513bc671a7a4fda5f6f6e12870c5

SHA1
cb694a89e4661173226c57c2e7ef690ea3b310f7

SHA256
1ffc2f18e6129dc93be527afe09fd3f072a10a9cd967720ec14b0d5c1d407cf3

SHA512
4ee98413f3ef8481da4430a839d1e9c9bdf983bf500fd1929dbc2640ef4ebeeb1d78f952778c1018e91814e3ec237c7e3768ed807b8f55c6bada9f349987a831

Download Submit
C:\Windows\System\izerFVj.exe

Filesize
1.7MB

MD5
ab07873418c9d8ae42e8ef38f61d55e7

SHA1
0756ba99dce52991bb766e4be152e18df420cacc

SHA256
26479609176f270f5132e3956a01c77e6cef2cb546d34c1561f04dabdb9d37a0

SHA512
c158f2b2c3a56c5f6b4a9582a56a93adcf066a7bc17c15095962240d9f2274402026fe2e10e3a383b8d0abe152da2570e728f1bf8d7bfd3d7c0e202afe423997

Download Submit
C:\Windows\System\jWEqehO.exe

Filesize
1.7MB

MD5
e877b3efb47ba3d86c4c7543dbffe0bc

SHA1
944a05090411e3603e667968d1491f7a4a439c6e

SHA256
97d057d00fb2cf11ac2b07d619dc75f5ce2904adff1e21efd248e40b63e7d23f

SHA512
c48825eeede442675e3ec3be3297481ab1d187bc2ed2743974ad40c44cc6b44cd6b50e107f151b50f1d7e00d05dd90412fa782e72a8191b153323ed53cade668

Download Submit
C:\Windows\System\jlMIbSE.exe

Filesize
1.7MB

MD5
ecae9846154647b487d045ff2d82273b

SHA1
b5df6e1e1d79e98ade18a97591f80ffffbe46e51

SHA256
52ab6aa186129bfe1d943df6409d03c03315943282178aabf0d44b0967fe308f

SHA512
16c033a22992b8b8d260e37adc6257923b61f86db86aad31330f2a8f76f8876216225a4c5d7529b7e1f355e5ae12d63aae5af8211440c07c4e865ce282399283

Download Submit
C:\Windows\System\kJoPpxO.exe

Filesize
1.7MB

MD5
63c974b1cd4e69dfba08cfddfe8e6634

SHA1
0b027a1914e37bc7c75fea6a066ae890a23f9a0c

SHA256
9475353f4e6539ce7fd2a7311460ca3e27c9c9bb6ec389e8222f2c44a589820d

SHA512
b7fb7e1e75b16b80c5ab85bfdddae9980570093d66f77db13d31c6728b97e3fd21a772498c87e1bd72ad3d02c77c92aa141cea815ae917338ab6610be287b10d

Download Submit
C:\Windows\System\lBLnFVH.exe

Filesize
1.7MB

MD5
ae333546aae17eeb3596044a43c946ce

SHA1
052eb5cbd52747f100bb5f631487ba07edc48e8f

SHA256
1dd83b2a0b436a72e7d3d96291b731af7cf96703696c69c0f4a20260be634ba2

SHA512
3ae23e87cec687b93fc963de2fb66c5d0cc9e3dced254f552bab40357e34f91ed3a727f45e10550fbf66b9d60bd42afbed7de7f9a58730f6419974591e39c748

Download Submit
C:\Windows\System\lddpPXq.exe

Filesize
1.7MB

MD5
11b18e036b2a61e8f657b46741b4065f

SHA1
26bed676b993df0a487bfe79506aa4ce3d00d753

SHA256
b27f656702f8c9a12d9e27f5d08695977087478d68f858bf00bccc882b3eba90

SHA512
e87deb83acaa66a87d76ca44a06bbbcc93feb872863d496252223b493d6bf585e059173a7fcf5f44dbd38e2d147cdf02c7bfbe64212514261517f447fb87cd06

Download Submit
C:\Windows\System\lzBybqy.exe

Filesize
1.7MB

MD5
b24134448b964ec7a2a293357c4c1155

SHA1
b62920a9ae1167a0d9dd7d8b1c04b3c29b0f211f

SHA256
2ea3d9831ed599f5a6b529bfaac6aea4fb66a105b3bf30acea4413febb9d3199

SHA512
459fd194046fee3a1d8d152f5af4ca34b59a8c484d4425681d9298a3b485e12ba5aa9a6d70c0abe8e24193dc51a5e88cc54c361d3ef5eae7987c74294eb6f305

Download Submit
C:\Windows\System\pvIgSVS.exe

Filesize
1.7MB

MD5
469fa2506af4315facd83924e9c7e969

SHA1
c527feba0ff424af70c1a0c1c824b3ab5b190ca7

SHA256
825a3ac008095e391ef036427a2ffc6ddae138f83d85779b4428a65aac70ba61

SHA512
2c97c7fdc7c7eca87a45ada0023eecb57154cf6625db03fd342d6461f7bca5fe52accbc70e63e3263f03679f05510fd6a85012016431de22704184376ec64806

Download Submit
C:\Windows\System\tVhhzWE.exe

Filesize
1.7MB

MD5
eea2f59ecca3487ab64bc7cc4d17ea10

SHA1
1a2676ce8d1a154dbfb14a0088f394278ab0d135

SHA256
0e1a4c4190375985221d294003876a8c1b6be436336e1c3970c420ade2ec9dd6

SHA512
5ee890e81fbf391c6ef34d6519a544b7f4ccea25775b1b687f504263bd9d0b324f848e465f12a80640575d0c8ace2e2a6106e617d2864e13e462a54edd1bec35

Download Submit
C:\Windows\System\tZFtnfc.exe

Filesize
1.7MB

MD5
42380d74fd1cda3f4fb31f2fdae364ca

SHA1
ae3daea68c91e1bf8329b313ea7ba09c48f7db1d

SHA256
80f6fe1ab4e0b4438f0de67a51328068d1b26dfc96f0c96bedc325f8233e99bb

SHA512
208349a5856260849cf15aa278c9b3f60b47c84919c7821cd25801f8441bea9b7b2c9364a371d20535bc0810cb20f0500f2ef659afaa2a799aa43e530acac7db

Download Submit
C:\Windows\System\tkqSZnI.exe

Filesize
1.7MB

MD5
d23b65d294a4cdd0b71fed07d3c57b80

SHA1
2967e91dec93d5644af5a592c67f28d769421052

SHA256
3b0daa30561d59b2f8a4b40a45f089a7716a5270edceb703d056db55aa27ad8f

SHA512
acaa45e834c71c3386efa1905e002405700ca72c9be976c13d05e0c7a4548471eb47beff686ec1905b97608e54441a9d22ca2c997a04b16d173e30b3b1bcad85

Download Submit
C:\Windows\System\umvUWkb.exe

Filesize
1.7MB

MD5
c907a267e13476dcd5b04774d396e18c

SHA1
ae41aeb8865bf420d918d9753baca4dad13c7db6

SHA256
bc4f096cfac6fc020d3f840b121b620617cdcdb0fdb2474962d8b972611820e5

SHA512
5b3f6f58bd1e1f6901db98dc363345d9708b20b2c62a5ec44b4971de433036acb8f809542336e16d2432c0a7ff90839d3f02548a1a14602b47a3291549a3a030

Download Submit
C:\Windows\System\yXNIFGn.exe

Filesize
1.7MB

MD5
54960675a1de4f08c3642c013672f44e

SHA1
cf9c473de64dd469f2b427a135b991e5db360138

SHA256
6628a14212a92f9ced6637d36bce1fdb65df1d270834193ad49ee259e99ba61b

SHA512
a7774f4c1267b6a7ada67b46419f7d207f99cd88df0f7603eaed79317e0a5dc2cf13e559b0867bb5bb963e9b89d4ab43053cfbe68dcc81bed5199e86e9ece8fd

Download Submit
C:\Windows\System\yraliBt.exe

Filesize
1.7MB

MD5
afaefdc6c635be02fbdfd6fde95b8eac

SHA1
4246ff4654b9849c848209fec5eeae75a5dc5888

SHA256
8bc7f1805260f1cf7e59a96190152e91cd8754a0230c7e1ca11090fb6afc7424

SHA512
26d14a2fedfd8eff5b65149afabe3a85f9a0c39dd3a9c668e8c36e3e10610f537dca4811682f7c3927f128e7dacedd42f7e0fa4cb07b574aa97f470f3863c39f

Download Submit
C:\Windows\System\zBoSDNn.exe

Filesize
1.7MB

MD5
70ad9cd29c8d3740515fe9d320f819db

SHA1
ddac3c04ab8852698f301f55507f2462f8dec816

SHA256
698898cb28adaf482416d80b8d1b294167470e6e398c33b46c348c1819649a5c

SHA512
f701bbb878d951a4ed3cae5e2aae6fb55b78d9ee3277d30a28894737181c28c38b243fda0094cd9b0a7c95a3fd37f2d305fea45100e5f6e11c9aa33802c3cb13

Download Submit
C:\Windows\System\zULnbJB.exe

Filesize
1.7MB

MD5
a524cd372542898fa6d3c3724928d4d5

SHA1
ae3a0e69fc58957a39ecbcb22ba703a80c62ddde

SHA256
d4e6a4f8774196baf5aab591c389b725a231b754f8c3d7f2b2823b14129f53d1

SHA512
0644ff65f2d793eadaae2eb49f463da45e6cd90001868a66fcdc26f9f36fc223548417c732645f85f79f07e9d829b82f60d5c9a6738f7b4efc28aabe1f4426ae

Download Submit
C:\Windows\System\zmQUnfc.exe

Filesize
8B

MD5
bed721f7f8f089f4cae94ba9ba652732

SHA1
1b11e1c44a27ca0e26aaa3ea89c662dd395a783c

SHA256
68118a9d1f411ebe749a82db9096312374ba85186deba158fc4a47943d642535

SHA512
e28af4fe5bf1ef27a37f4ecb38b5e1cde1203074e56e79872f86f269593fc6dd2a0c96c6dbed8e307f0b77edef2058a929099d81898667a11486ce67790b3665

Download Submit
memory/512-148-0x00007FF62D500000-0x00007FF62D8F2000-memory.dmp

Filesize
3.9MB

Download
memory/744-67-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp

Filesize
3.9MB

Download
memory/744-4763-0x00007FF7769E0000-0x00007FF776DD2000-memory.dmp

Filesize
3.9MB

Download
memory/1380-108-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp

Filesize
3.9MB

Download
memory/1380-4790-0x00007FF6F7CB0000-0x00007FF6F80A2000-memory.dmp

Filesize
3.9MB

Download
memory/1460-54-0x00007FF7CC0A0000-0x00007FF7CC492000-memory.dmp

Filesize
3.9MB

Download
memory/1624-4997-0x00007FF615390000-0x00007FF615782000-memory.dmp

Filesize
3.9MB

Download
memory/1624-135-0x00007FF615390000-0x00007FF615782000-memory.dmp

Filesize
3.9MB

Download
memory/1808-3700-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp

Filesize
3.9MB

Download
memory/1808-86-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp

Filesize
3.9MB

Download
memory/1808-4797-0x00007FF7E5300000-0x00007FF7E56F2000-memory.dmp

Filesize
3.9MB

Download
memory/2032-141-0x00007FF66BE50000-0x00007FF66C242000-memory.dmp

Filesize
3.9MB

Download
memory/2040-103-0x00007FF620E40000-0x00007FF621232000-memory.dmp

Filesize
3.9MB

Download
memory/2216-129-0x00007FF683730000-0x00007FF683B22000-memory.dmp

Filesize
3.9MB

Download
memory/2228-74-0x00007FF643240000-0x00007FF643632000-memory.dmp

Filesize
3.9MB

Download
memory/2228-4757-0x00007FF643240000-0x00007FF643632000-memory.dmp

Filesize
3.9MB

Download
memory/2728-125-0x00007FF662030000-0x00007FF662422000-memory.dmp

Filesize
3.9MB

Download
memory/2728-4805-0x00007FF662030000-0x00007FF662422000-memory.dmp

Filesize
3.9MB

Download
memory/3708-77-0x00007FF7C53B0000-0x00007FF7C57A2000-memory.dmp

Filesize
3.9MB

Download
memory/4012-73-0x00007FF7A3710000-0x00007FF7A3B02000-memory.dmp

Filesize
3.9MB

Download
memory/4212-119-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp

Filesize
3.9MB

Download
memory/4212-4860-0x00007FF7C75E0000-0x00007FF7C79D2000-memory.dmp

Filesize
3.9MB

Download
memory/4464-36-0x000002362F370000-0x000002362F380000-memory.dmp

Filesize
64KB

Download
memory/4464-107-0x0000023647740000-0x0000023647762000-memory.dmp

Filesize
136KB

Download
memory/4464-33-0x00007FFECFC50000-0x00007FFED0711000-memory.dmp

Filesize
10.8MB

Download
memory/4488-4795-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp

Filesize
3.9MB

Download
memory/4488-115-0x00007FF6A5270000-0x00007FF6A5662000-memory.dmp

Filesize
3.9MB

Download
memory/4532-59-0x00007FF7548B0000-0x00007FF754CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4536-43-0x00007FF74E190000-0x00007FF74E582000-memory.dmp

Filesize
3.9MB

Download
memory/4624-99-0x00007FF6B3A60000-0x00007FF6B3E52000-memory.dmp

Filesize
3.9MB

Download
memory/4804-4749-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp

Filesize
3.9MB

Download
memory/4804-98-0x00007FF68EB10000-0x00007FF68EF02000-memory.dmp

Filesize
3.9MB

Download
memory/4868-80-0x00007FF74CF80000-0x00007FF74D372000-memory.dmp

Filesize
3.9MB

Download
memory/4952-1-0x000001E7D15C0000-0x000001E7D15D0000-memory.dmp

Filesize
64KB

Download
memory/4952-0-0x00007FF65F890000-0x00007FF65FC82000-memory.dmp

Filesize
3.9MB

Download
memory/4952-5965-0x00007FF65F890000-0x00007FF65FC82000-memory.dmp

Filesize
3.9MB

Download
memory/5012-147-0x00007FF7A9E00000-0x00007FF7AA1F2000-memory.dmp

Filesize
3.9MB

Download