xmrig | 459e16ec12f573ec4685ce2a044627ed1b7e21679dc16846030d549b54c39c1c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
Size

1.8MB
MD5

0a459b36599f515cb10a628810fe1a7e
SHA1

ce3aec0edad1727c3853b051cc0268a2dda2e7a8
SHA256

459e16ec12f573ec4685ce2a044627ed1b7e21679dc16846030d549b54c39c1c
SHA512

192ca59b9f5341643e80cf4ed44a27f1aeccd2d02685f2c4b929ad3c889ce5973c4d8b1fe90cd639e855a981cdaff73a2b8c05596dc58f3cf7d14c09aef5ea3f
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrlM:NABx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 38 IoCs

miner

resource	yara_rule
behavioral2/memory/1424-244-0x00007FF677350000-0x00007FF677742000-memory.dmp	xmrig
behavioral2/memory/2032-298-0x00007FF753750000-0x00007FF753B42000-memory.dmp	xmrig
behavioral2/memory/3352-340-0x00007FF6D65E0000-0x00007FF6D69D2000-memory.dmp	xmrig
behavioral2/memory/3456-345-0x00007FF7BD260000-0x00007FF7BD652000-memory.dmp	xmrig
behavioral2/memory/1452-348-0x00007FF7A8AF0000-0x00007FF7A8EE2000-memory.dmp	xmrig
behavioral2/memory/4472-347-0x00007FF6ED340000-0x00007FF6ED732000-memory.dmp	xmrig
behavioral2/memory/4484-346-0x00007FF6902F0000-0x00007FF6906E2000-memory.dmp	xmrig
behavioral2/memory/1752-351-0x00007FF763DE0000-0x00007FF7641D2000-memory.dmp	xmrig
behavioral2/memory/4784-350-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp	xmrig
behavioral2/memory/5076-344-0x00007FF7B4930000-0x00007FF7B4D22000-memory.dmp	xmrig
behavioral2/memory/2908-343-0x00007FF6D3B40000-0x00007FF6D3F32000-memory.dmp	xmrig
behavioral2/memory/760-342-0x00007FF6733D0000-0x00007FF6737C2000-memory.dmp	xmrig
behavioral2/memory/1952-293-0x00007FF70F980000-0x00007FF70FD72000-memory.dmp	xmrig
behavioral2/memory/1408-184-0x00007FF766F50000-0x00007FF767342000-memory.dmp	xmrig
behavioral2/memory/3084-180-0x00007FF679610000-0x00007FF679A02000-memory.dmp	xmrig
behavioral2/memory/4916-128-0x00007FF622A20000-0x00007FF622E12000-memory.dmp	xmrig
behavioral2/memory/3412-5156-0x00007FF649780000-0x00007FF649B72000-memory.dmp	xmrig
behavioral2/memory/4968-5618-0x00007FF73F420000-0x00007FF73F812000-memory.dmp	xmrig
behavioral2/memory/4296-5626-0x00007FF63E5D0000-0x00007FF63E9C2000-memory.dmp	xmrig
behavioral2/memory/4784-5634-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp	xmrig
behavioral2/memory/4916-5665-0x00007FF622A20000-0x00007FF622E12000-memory.dmp	xmrig
behavioral2/memory/1408-5673-0x00007FF766F50000-0x00007FF767342000-memory.dmp	xmrig
behavioral2/memory/3084-5675-0x00007FF679610000-0x00007FF679A02000-memory.dmp	xmrig
behavioral2/memory/5076-5691-0x00007FF7B4930000-0x00007FF7B4D22000-memory.dmp	xmrig
behavioral2/memory/4484-5705-0x00007FF6902F0000-0x00007FF6906E2000-memory.dmp	xmrig
behavioral2/memory/2032-5713-0x00007FF753750000-0x00007FF753B42000-memory.dmp	xmrig
behavioral2/memory/4472-5719-0x00007FF6ED340000-0x00007FF6ED732000-memory.dmp	xmrig
behavioral2/memory/3352-5716-0x00007FF6D65E0000-0x00007FF6D69D2000-memory.dmp	xmrig
behavioral2/memory/3456-5696-0x00007FF7BD260000-0x00007FF7BD652000-memory.dmp	xmrig
behavioral2/memory/2908-5687-0x00007FF6D3B40000-0x00007FF6D3F32000-memory.dmp	xmrig
behavioral2/memory/760-5685-0x00007FF6733D0000-0x00007FF6737C2000-memory.dmp	xmrig
behavioral2/memory/1452-5731-0x00007FF7A8AF0000-0x00007FF7A8EE2000-memory.dmp	xmrig
behavioral2/memory/1952-5679-0x00007FF70F980000-0x00007FF70FD72000-memory.dmp	xmrig
behavioral2/memory/1424-5656-0x00007FF677350000-0x00007FF677742000-memory.dmp	xmrig
behavioral2/memory/3248-5653-0x00007FF6698E0000-0x00007FF669CD2000-memory.dmp	xmrig
behavioral2/memory/3412-5651-0x00007FF649780000-0x00007FF649B72000-memory.dmp	xmrig
behavioral2/memory/3264-5643-0x00007FF7DA5E0000-0x00007FF7DA9D2000-memory.dmp	xmrig
behavioral2/memory/1752-5639-0x00007FF763DE0000-0x00007FF7641D2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1092	powershell.exe
5	1092	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4968	plNAvTN.exe
4296	cPTqlKX.exe
3248	wGvBkGv.exe
3264	sDKfRLD.exe
3412	QcNIrOe.exe
4916	dPVzxwD.exe
3084	vckBflj.exe
4784	MZpWiEe.exe
1408	bscbWPg.exe
1424	TlLgarz.exe
1952	dMAbWdS.exe
2032	IGtRIrf.exe
3352	GVhEtHG.exe
760	GbJLMpd.exe
2908	OKuRSod.exe
5076	hNvtWCS.exe
3456	kPcFKCQ.exe
1752	XIOgTNR.exe
4484	QHcRItU.exe
4472	lWChzEX.exe
1452	RaoUPHO.exe
4024	HHrURlZ.exe
2552	FaSYEEV.exe
2000	KZiIxQy.exe
432	fNDjKqH.exe
448	PIhzOYN.exe
3260	CACUwJf.exe
3236	lSFThoM.exe
4612	zTYBuDt.exe
920	jNywLhJ.exe
1540	qgsxvgy.exe
3932	VIagpbs.exe
1636	NSKTVHw.exe
740	TBvAnFt.exe
1820	lMipdEE.exe
1656	mSlmmWp.exe
1428	ONqfMUW.exe
1832	pApmZem.exe
1556	xIcRERr.exe
2656	thVOuGL.exe
1872	muzMitQ.exe
644	LitFkCf.exe
3416	oWvPLDU.exe
1756	uNPnHcl.exe
2824	NbzVvpI.exe
3212	izTeNmt.exe
4016	PQQrbMf.exe
1236	UxXeUeo.exe
3312	BhOXbEF.exe
2504	UeuklWp.exe
4764	mYuXkxQ.exe
4164	ZHBPQSA.exe
4512	WvnHOpV.exe
3692	vjqLeZV.exe
4020	TaDcboB.exe
3420	LWLCIHQ.exe
2600	EhuGclQ.exe
2620	FUhQerQ.exe
1536	WPdKakJ.exe
5084	SiWIMPD.exe
4988	CTLkXwh.exe
4892	tdSEnsi.exe
1524	XmSNGGq.exe
3720	ZwnQrdk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2368-0-0x00007FF607AF0000-0x00007FF607EE2000-memory.dmp	upx
behavioral2/files/0x0008000000023403-5.dat	upx
behavioral2/files/0x0007000000023407-7.dat	upx
behavioral2/files/0x000700000002340a-63.dat	upx
behavioral2/files/0x0007000000023410-141.dat	upx
behavioral2/files/0x0007000000023417-203.dat	upx
behavioral2/memory/1424-244-0x00007FF677350000-0x00007FF677742000-memory.dmp	upx
behavioral2/memory/2032-298-0x00007FF753750000-0x00007FF753B42000-memory.dmp	upx
behavioral2/memory/3352-340-0x00007FF6D65E0000-0x00007FF6D69D2000-memory.dmp	upx
behavioral2/memory/3456-345-0x00007FF7BD260000-0x00007FF7BD652000-memory.dmp	upx
behavioral2/memory/1452-348-0x00007FF7A8AF0000-0x00007FF7A8EE2000-memory.dmp	upx
behavioral2/memory/4472-347-0x00007FF6ED340000-0x00007FF6ED732000-memory.dmp	upx
behavioral2/memory/4484-346-0x00007FF6902F0000-0x00007FF6906E2000-memory.dmp	upx
behavioral2/memory/1752-351-0x00007FF763DE0000-0x00007FF7641D2000-memory.dmp	upx
behavioral2/memory/4784-350-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp	upx
behavioral2/memory/5076-344-0x00007FF7B4930000-0x00007FF7B4D22000-memory.dmp	upx
behavioral2/memory/2908-343-0x00007FF6D3B40000-0x00007FF6D3F32000-memory.dmp	upx
behavioral2/memory/760-342-0x00007FF6733D0000-0x00007FF6737C2000-memory.dmp	upx
behavioral2/memory/1952-293-0x00007FF70F980000-0x00007FF70FD72000-memory.dmp	upx
behavioral2/files/0x0007000000023422-209.dat	upx
behavioral2/files/0x0007000000023421-195.dat	upx
behavioral2/files/0x000700000002341f-193.dat	upx
behavioral2/files/0x000700000002342b-191.dat	upx
behavioral2/files/0x000700000002341d-187.dat	upx
behavioral2/files/0x000700000002342a-186.dat	upx
behavioral2/memory/1408-184-0x00007FF766F50000-0x00007FF767342000-memory.dmp	upx
behavioral2/memory/3084-180-0x00007FF679610000-0x00007FF679A02000-memory.dmp	upx
behavioral2/files/0x0007000000023426-173.dat	upx
behavioral2/files/0x0007000000023428-172.dat	upx
behavioral2/files/0x0007000000023427-171.dat	upx
behavioral2/files/0x0007000000023425-166.dat	upx
behavioral2/files/0x0007000000023415-162.dat	upx
behavioral2/files/0x0007000000023424-148.dat	upx
behavioral2/files/0x000700000002340c-145.dat	upx
behavioral2/files/0x0007000000023420-207.dat	upx
behavioral2/files/0x0007000000023429-177.dat	upx
behavioral2/files/0x000700000002341c-120.dat	upx
behavioral2/files/0x0007000000023414-157.dat	upx
behavioral2/files/0x0007000000023412-153.dat	upx
behavioral2/files/0x0007000000023413-149.dat	upx
behavioral2/files/0x000700000002340b-107.dat	upx
behavioral2/files/0x0007000000023411-144.dat	upx
behavioral2/files/0x0007000000023419-105.dat	upx
behavioral2/files/0x0007000000023418-104.dat	upx
behavioral2/files/0x0007000000023409-100.dat	upx
behavioral2/files/0x000700000002340f-94.dat	upx
behavioral2/files/0x0007000000023408-89.dat	upx
behavioral2/files/0x000700000002341e-135.dat	upx
behavioral2/files/0x0007000000023416-81.dat	upx
behavioral2/files/0x000700000002340e-130.dat	upx
behavioral2/memory/4916-128-0x00007FF622A20000-0x00007FF622E12000-memory.dmp	upx
behavioral2/files/0x000700000002341b-117.dat	upx
behavioral2/memory/3412-78-0x00007FF649780000-0x00007FF649B72000-memory.dmp	upx
behavioral2/memory/3264-74-0x00007FF7DA5E0000-0x00007FF7DA9D2000-memory.dmp	upx
behavioral2/files/0x000700000002340d-70.dat	upx
behavioral2/files/0x000700000002341a-112.dat	upx
behavioral2/memory/3248-46-0x00007FF6698E0000-0x00007FF669CD2000-memory.dmp	upx
behavioral2/memory/4296-21-0x00007FF63E5D0000-0x00007FF63E9C2000-memory.dmp	upx
behavioral2/files/0x0008000000023406-32.dat	upx
behavioral2/memory/4968-10-0x00007FF73F420000-0x00007FF73F812000-memory.dmp	upx
behavioral2/memory/3412-5156-0x00007FF649780000-0x00007FF649B72000-memory.dmp	upx
behavioral2/memory/4968-5618-0x00007FF73F420000-0x00007FF73F812000-memory.dmp	upx
behavioral2/memory/4296-5626-0x00007FF63E5D0000-0x00007FF63E9C2000-memory.dmp	upx
behavioral2/memory/4784-5634-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yKLYXCv.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\Wjiyslk.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\IODLPvj.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\cKmaRfS.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\wbnsnyn.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\WXiwwKD.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\YOXCHvC.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\UFtGAMF.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\UWersag.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\TNUAYxh.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\WqArNTU.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\GfTMkJX.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\SCrFfoG.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\PFlCHRn.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ZGpScom.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\MzrjmeI.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\vWQjXPw.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\xomkTia.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ClDxxDi.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\IaDbMMh.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\XbWGKjJ.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\CFTnPnx.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\KaOQHRM.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\MMnhFjb.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\loBdIyI.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\SPYteVU.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\DyOhhzJ.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\TEZhswu.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\DrztAcq.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ZBkmLLz.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\nPkgoMM.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\AqjlYXE.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\jQftUvt.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\SQeXNBN.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\IaWzawD.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\sMyFOCV.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\naRulwO.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\SuMoJmb.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\AuOMzTN.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\tcxySWh.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\TZFCqBL.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\AEdNjAV.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\kmZoCOa.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\TiQYfQA.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\uvDBFCQ.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\YuTRjpv.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\VcXrgoh.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\cEyWACn.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\TMIHnvt.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ptwWNrw.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\lnYLmkD.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ArmqCKq.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\JDTQIIn.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\pBHBnUD.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\tKIhFml.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\RxSLefT.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\EImJchb.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\neuDWMG.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\gGXaLYj.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\ZRPTbTB.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\HAxGFpR.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\OQSocVS.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\OELJGRu.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
File created	C:\Windows\System\nupZOeN.exe	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t\|1714543203"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring\|\"VcRzfmOamCKKrgGRKVq+J5DjRXG8O4f4MJ6QAZjVN9k=\""	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1092	powershell.exe
1092	powershell.exe
1092	powershell.exe
1092	powershell.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
Token: SeDebugPrivilege	1092	powershell.exe
Token: SeCreateGlobalPrivilege	13716	dwm.exe
Token: SeChangeNotifyPrivilege	13716	dwm.exe
Token: 33	13716	dwm.exe
Token: SeIncBasePriorityPrivilege	13716	dwm.exe
Token: SeCreateGlobalPrivilege	13504	dwm.exe
Token: SeChangeNotifyPrivilege	13504	dwm.exe
Token: 33	13504	dwm.exe
Token: SeIncBasePriorityPrivilege	13504	dwm.exe
Token: SeCreateGlobalPrivilege	4936	dwm.exe
Token: SeChangeNotifyPrivilege	4936	dwm.exe
Token: 33	4936	dwm.exe
Token: SeIncBasePriorityPrivilege	4936	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
28564	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1092	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	82
PID 2368 wrote to memory of 1092	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	82
PID 2368 wrote to memory of 4968	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	83
PID 2368 wrote to memory of 4968	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	83
PID 2368 wrote to memory of 4296	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	84
PID 2368 wrote to memory of 4296	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	84
PID 2368 wrote to memory of 3264	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	85
PID 2368 wrote to memory of 3264	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	85
PID 2368 wrote to memory of 3412	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	86
PID 2368 wrote to memory of 3412	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	86
PID 2368 wrote to memory of 3248	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	87
PID 2368 wrote to memory of 3248	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	87
PID 2368 wrote to memory of 3352	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	88
PID 2368 wrote to memory of 3352	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	88
PID 2368 wrote to memory of 4916	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	89
PID 2368 wrote to memory of 4916	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	89
PID 2368 wrote to memory of 3084	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	90
PID 2368 wrote to memory of 3084	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	90
PID 2368 wrote to memory of 4784	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	91
PID 2368 wrote to memory of 4784	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	91
PID 2368 wrote to memory of 1408	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	92
PID 2368 wrote to memory of 1408	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	92
PID 2368 wrote to memory of 1424	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	93
PID 2368 wrote to memory of 1424	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	93
PID 2368 wrote to memory of 1952	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	94
PID 2368 wrote to memory of 1952	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	94
PID 2368 wrote to memory of 2032	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	95
PID 2368 wrote to memory of 2032	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	95
PID 2368 wrote to memory of 760	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	96
PID 2368 wrote to memory of 760	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	96
PID 2368 wrote to memory of 2908	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	97
PID 2368 wrote to memory of 2908	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	97
PID 2368 wrote to memory of 5076	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	98
PID 2368 wrote to memory of 5076	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	98
PID 2368 wrote to memory of 3456	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	99
PID 2368 wrote to memory of 3456	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	99
PID 2368 wrote to memory of 1752	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	100
PID 2368 wrote to memory of 1752	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	100
PID 2368 wrote to memory of 4484	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	101
PID 2368 wrote to memory of 4484	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	101
PID 2368 wrote to memory of 4472	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	102
PID 2368 wrote to memory of 4472	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	102
PID 2368 wrote to memory of 1452	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	103
PID 2368 wrote to memory of 1452	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	103
PID 2368 wrote to memory of 4024	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	104
PID 2368 wrote to memory of 4024	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	104
PID 2368 wrote to memory of 2552	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	105
PID 2368 wrote to memory of 2552	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	105
PID 2368 wrote to memory of 2000	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	106
PID 2368 wrote to memory of 2000	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	106
PID 2368 wrote to memory of 432	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	107
PID 2368 wrote to memory of 432	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	107
PID 2368 wrote to memory of 448	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	108
PID 2368 wrote to memory of 448	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	108
PID 2368 wrote to memory of 3260	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	109
PID 2368 wrote to memory of 3260	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	109
PID 2368 wrote to memory of 3236	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	110
PID 2368 wrote to memory of 3236	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	110
PID 2368 wrote to memory of 1832	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	111
PID 2368 wrote to memory of 1832	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	111
PID 2368 wrote to memory of 4612	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	112
PID 2368 wrote to memory of 4612	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	112
PID 2368 wrote to memory of 2656	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	113
PID 2368 wrote to memory of 2656	2368	0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe	113

C:\Users\Admin\AppData\Local\Temp\0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0a459b36599f515cb10a628810fe1a7e_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1092
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1092" "3060" "2972" "3064" "0" "0" "3068" "0" "0" "0" "0" "0"
    3⤵
    PID:12944
- C:\Windows\System\plNAvTN.exe
  C:\Windows\System\plNAvTN.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\cPTqlKX.exe
  C:\Windows\System\cPTqlKX.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\sDKfRLD.exe
  C:\Windows\System\sDKfRLD.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\QcNIrOe.exe
  C:\Windows\System\QcNIrOe.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\wGvBkGv.exe
  C:\Windows\System\wGvBkGv.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\GVhEtHG.exe
  C:\Windows\System\GVhEtHG.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\dPVzxwD.exe
  C:\Windows\System\dPVzxwD.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\vckBflj.exe
  C:\Windows\System\vckBflj.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\MZpWiEe.exe
  C:\Windows\System\MZpWiEe.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\bscbWPg.exe
  C:\Windows\System\bscbWPg.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\TlLgarz.exe
  C:\Windows\System\TlLgarz.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\dMAbWdS.exe
  C:\Windows\System\dMAbWdS.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\IGtRIrf.exe
  C:\Windows\System\IGtRIrf.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\GbJLMpd.exe
  C:\Windows\System\GbJLMpd.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\OKuRSod.exe
  C:\Windows\System\OKuRSod.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hNvtWCS.exe
  C:\Windows\System\hNvtWCS.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\kPcFKCQ.exe
  C:\Windows\System\kPcFKCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\XIOgTNR.exe
  C:\Windows\System\XIOgTNR.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\QHcRItU.exe
  C:\Windows\System\QHcRItU.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\lWChzEX.exe
  C:\Windows\System\lWChzEX.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\RaoUPHO.exe
  C:\Windows\System\RaoUPHO.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\HHrURlZ.exe
  C:\Windows\System\HHrURlZ.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\FaSYEEV.exe
  C:\Windows\System\FaSYEEV.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\KZiIxQy.exe
  C:\Windows\System\KZiIxQy.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\fNDjKqH.exe
  C:\Windows\System\fNDjKqH.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\PIhzOYN.exe
  C:\Windows\System\PIhzOYN.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\CACUwJf.exe
  C:\Windows\System\CACUwJf.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\lSFThoM.exe
  C:\Windows\System\lSFThoM.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\pApmZem.exe
  C:\Windows\System\pApmZem.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\zTYBuDt.exe
  C:\Windows\System\zTYBuDt.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\thVOuGL.exe
  C:\Windows\System\thVOuGL.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\jNywLhJ.exe
  C:\Windows\System\jNywLhJ.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\qgsxvgy.exe
  C:\Windows\System\qgsxvgy.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\VIagpbs.exe
  C:\Windows\System\VIagpbs.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\NSKTVHw.exe
  C:\Windows\System\NSKTVHw.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\TBvAnFt.exe
  C:\Windows\System\TBvAnFt.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\lMipdEE.exe
  C:\Windows\System\lMipdEE.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\mSlmmWp.exe
  C:\Windows\System\mSlmmWp.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ONqfMUW.exe
  C:\Windows\System\ONqfMUW.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\xIcRERr.exe
  C:\Windows\System\xIcRERr.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\muzMitQ.exe
  C:\Windows\System\muzMitQ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\LitFkCf.exe
  C:\Windows\System\LitFkCf.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\oWvPLDU.exe
  C:\Windows\System\oWvPLDU.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\uNPnHcl.exe
  C:\Windows\System\uNPnHcl.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\NbzVvpI.exe
  C:\Windows\System\NbzVvpI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\izTeNmt.exe
  C:\Windows\System\izTeNmt.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\PQQrbMf.exe
  C:\Windows\System\PQQrbMf.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\UxXeUeo.exe
  C:\Windows\System\UxXeUeo.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\BhOXbEF.exe
  C:\Windows\System\BhOXbEF.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\UeuklWp.exe
  C:\Windows\System\UeuklWp.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\mYuXkxQ.exe
  C:\Windows\System\mYuXkxQ.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\ZHBPQSA.exe
  C:\Windows\System\ZHBPQSA.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\WvnHOpV.exe
  C:\Windows\System\WvnHOpV.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\vjqLeZV.exe
  C:\Windows\System\vjqLeZV.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\TaDcboB.exe
  C:\Windows\System\TaDcboB.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\LWLCIHQ.exe
  C:\Windows\System\LWLCIHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\EhuGclQ.exe
  C:\Windows\System\EhuGclQ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\FUhQerQ.exe
  C:\Windows\System\FUhQerQ.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\WPdKakJ.exe
  C:\Windows\System\WPdKakJ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\SiWIMPD.exe
  C:\Windows\System\SiWIMPD.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\CTLkXwh.exe
  C:\Windows\System\CTLkXwh.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\tdSEnsi.exe
  C:\Windows\System\tdSEnsi.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\XmSNGGq.exe
  C:\Windows\System\XmSNGGq.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ZwnQrdk.exe
  C:\Windows\System\ZwnQrdk.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\wFyyFkk.exe
  C:\Windows\System\wFyyFkk.exe
  2⤵
  PID:4680
- C:\Windows\System\JJVfjUO.exe
  C:\Windows\System\JJVfjUO.exe
  2⤵
  PID:4396
- C:\Windows\System\qbVaNHO.exe
  C:\Windows\System\qbVaNHO.exe
  2⤵
  PID:4480
- C:\Windows\System\jViXEYf.exe
  C:\Windows\System\jViXEYf.exe
  2⤵
  PID:1944
- C:\Windows\System\CNaQrgy.exe
  C:\Windows\System\CNaQrgy.exe
  2⤵
  PID:2400
- C:\Windows\System\COtnIQf.exe
  C:\Windows\System\COtnIQf.exe
  2⤵
  PID:3428
- C:\Windows\System\EFGCiLS.exe
  C:\Windows\System\EFGCiLS.exe
  2⤵
  PID:1940
- C:\Windows\System\YugjVVy.exe
  C:\Windows\System\YugjVVy.exe
  2⤵
  PID:2188
- C:\Windows\System\QSNiczt.exe
  C:\Windows\System\QSNiczt.exe
  2⤵
  PID:3728
- C:\Windows\System\dYZxflU.exe
  C:\Windows\System\dYZxflU.exe
  2⤵
  PID:4788
- C:\Windows\System\ZaUWthC.exe
  C:\Windows\System\ZaUWthC.exe
  2⤵
  PID:3892
- C:\Windows\System\oPKtzAy.exe
  C:\Windows\System\oPKtzAy.exe
  2⤵
  PID:2488
- C:\Windows\System\WkjeFOt.exe
  C:\Windows\System\WkjeFOt.exe
  2⤵
  PID:60
- C:\Windows\System\SDaqawc.exe
  C:\Windows\System\SDaqawc.exe
  2⤵
  PID:1576
- C:\Windows\System\zfgvKoi.exe
  C:\Windows\System\zfgvKoi.exe
  2⤵
  PID:3060
- C:\Windows\System\clsoBKw.exe
  C:\Windows\System\clsoBKw.exe
  2⤵
  PID:4272
- C:\Windows\System\CjuAGiX.exe
  C:\Windows\System\CjuAGiX.exe
  2⤵
  PID:1096
- C:\Windows\System\umDKcrL.exe
  C:\Windows\System\umDKcrL.exe
  2⤵
  PID:3452
- C:\Windows\System\ZSoHaCH.exe
  C:\Windows\System\ZSoHaCH.exe
  2⤵
  PID:4908
- C:\Windows\System\lYCbrpN.exe
  C:\Windows\System\lYCbrpN.exe
  2⤵
  PID:4184
- C:\Windows\System\MEmUgcm.exe
  C:\Windows\System\MEmUgcm.exe
  2⤵
  PID:5144
- C:\Windows\System\SQYTCzK.exe
  C:\Windows\System\SQYTCzK.exe
  2⤵
  PID:5160
- C:\Windows\System\bFtZvMh.exe
  C:\Windows\System\bFtZvMh.exe
  2⤵
  PID:5188
- C:\Windows\System\tTuzbRo.exe
  C:\Windows\System\tTuzbRo.exe
  2⤵
  PID:5204
- C:\Windows\System\mCAQGSL.exe
  C:\Windows\System\mCAQGSL.exe
  2⤵
  PID:5220
- C:\Windows\System\DaqUrww.exe
  C:\Windows\System\DaqUrww.exe
  2⤵
  PID:5244
- C:\Windows\System\iuwpgMh.exe
  C:\Windows\System\iuwpgMh.exe
  2⤵
  PID:5260
- C:\Windows\System\ZaNfADN.exe
  C:\Windows\System\ZaNfADN.exe
  2⤵
  PID:5288
- C:\Windows\System\EzSIayb.exe
  C:\Windows\System\EzSIayb.exe
  2⤵
  PID:5308
- C:\Windows\System\XQDOGfx.exe
  C:\Windows\System\XQDOGfx.exe
  2⤵
  PID:5324
- C:\Windows\System\GGXBjmg.exe
  C:\Windows\System\GGXBjmg.exe
  2⤵
  PID:5352
- C:\Windows\System\uBOzUls.exe
  C:\Windows\System\uBOzUls.exe
  2⤵
  PID:5376
- C:\Windows\System\PVZjOzu.exe
  C:\Windows\System\PVZjOzu.exe
  2⤵
  PID:5428
- C:\Windows\System\KYlOHgK.exe
  C:\Windows\System\KYlOHgK.exe
  2⤵
  PID:5452
- C:\Windows\System\DBaevCV.exe
  C:\Windows\System\DBaevCV.exe
  2⤵
  PID:5472
- C:\Windows\System\tLcrxOj.exe
  C:\Windows\System\tLcrxOj.exe
  2⤵
  PID:5500
- C:\Windows\System\PzobITT.exe
  C:\Windows\System\PzobITT.exe
  2⤵
  PID:5516
- C:\Windows\System\ZlVYKVv.exe
  C:\Windows\System\ZlVYKVv.exe
  2⤵
  PID:5544
- C:\Windows\System\KfhUffI.exe
  C:\Windows\System\KfhUffI.exe
  2⤵
  PID:5560
- C:\Windows\System\eJxzzwF.exe
  C:\Windows\System\eJxzzwF.exe
  2⤵
  PID:5580
- C:\Windows\System\rtQVTFW.exe
  C:\Windows\System\rtQVTFW.exe
  2⤵
  PID:5600
- C:\Windows\System\UzBmZqr.exe
  C:\Windows\System\UzBmZqr.exe
  2⤵
  PID:5616
- C:\Windows\System\lngwlCf.exe
  C:\Windows\System\lngwlCf.exe
  2⤵
  PID:5640
- C:\Windows\System\PXoTODM.exe
  C:\Windows\System\PXoTODM.exe
  2⤵
  PID:5748
- C:\Windows\System\rwSTNkA.exe
  C:\Windows\System\rwSTNkA.exe
  2⤵
  PID:5764
- C:\Windows\System\EbarlRL.exe
  C:\Windows\System\EbarlRL.exe
  2⤵
  PID:5780
- C:\Windows\System\MeqNjSB.exe
  C:\Windows\System\MeqNjSB.exe
  2⤵
  PID:5796
- C:\Windows\System\JqHUSgW.exe
  C:\Windows\System\JqHUSgW.exe
  2⤵
  PID:5812
- C:\Windows\System\mBkmraN.exe
  C:\Windows\System\mBkmraN.exe
  2⤵
  PID:5828
- C:\Windows\System\rPAzYTg.exe
  C:\Windows\System\rPAzYTg.exe
  2⤵
  PID:5864
- C:\Windows\System\DhLyHyh.exe
  C:\Windows\System\DhLyHyh.exe
  2⤵
  PID:5880
- C:\Windows\System\kDoRtxz.exe
  C:\Windows\System\kDoRtxz.exe
  2⤵
  PID:5912
- C:\Windows\System\EukJbQx.exe
  C:\Windows\System\EukJbQx.exe
  2⤵
  PID:5936
- C:\Windows\System\hhfCjxD.exe
  C:\Windows\System\hhfCjxD.exe
  2⤵
  PID:6104
- C:\Windows\System\fEcWVkU.exe
  C:\Windows\System\fEcWVkU.exe
  2⤵
  PID:6124
- C:\Windows\System\SbbScWs.exe
  C:\Windows\System\SbbScWs.exe
  2⤵
  PID:4672
- C:\Windows\System\tJCZAWv.exe
  C:\Windows\System\tJCZAWv.exe
  2⤵
  PID:1004
- C:\Windows\System\MahXzsP.exe
  C:\Windows\System\MahXzsP.exe
  2⤵
  PID:2184
- C:\Windows\System\oSOVppA.exe
  C:\Windows\System\oSOVppA.exe
  2⤵
  PID:3228
- C:\Windows\System\rlBCRfi.exe
  C:\Windows\System\rlBCRfi.exe
  2⤵
  PID:4216
- C:\Windows\System\JsZDqzU.exe
  C:\Windows\System\JsZDqzU.exe
  2⤵
  PID:1116
- C:\Windows\System\bBnbeMN.exe
  C:\Windows\System\bBnbeMN.exe
  2⤵
  PID:3780
- C:\Windows\System\zQRsQMQ.exe
  C:\Windows\System\zQRsQMQ.exe
  2⤵
  PID:5136
- C:\Windows\System\rsuyAPr.exe
  C:\Windows\System\rsuyAPr.exe
  2⤵
  PID:4776
- C:\Windows\System\VHcQQFC.exe
  C:\Windows\System\VHcQQFC.exe
  2⤵
  PID:3156
- C:\Windows\System\QzYNvkK.exe
  C:\Windows\System\QzYNvkK.exe
  2⤵
  PID:912
- C:\Windows\System\hdqbDId.exe
  C:\Windows\System\hdqbDId.exe
  2⤵
  PID:2836
- C:\Windows\System\RsiOmHJ.exe
  C:\Windows\System\RsiOmHJ.exe
  2⤵
  PID:3756
- C:\Windows\System\iEEBpgV.exe
  C:\Windows\System\iEEBpgV.exe
  2⤵
  PID:668
- C:\Windows\System\ymViAKi.exe
  C:\Windows\System\ymViAKi.exe
  2⤵
  PID:4416
- C:\Windows\System\aSXEsSY.exe
  C:\Windows\System\aSXEsSY.exe
  2⤵
  PID:5040
- C:\Windows\System\mxGeSYm.exe
  C:\Windows\System\mxGeSYm.exe
  2⤵
  PID:3136
- C:\Windows\System\apNZsLa.exe
  C:\Windows\System\apNZsLa.exe
  2⤵
  PID:1200
- C:\Windows\System\UWwJzag.exe
  C:\Windows\System\UWwJzag.exe
  2⤵
  PID:452
- C:\Windows\System\QPgBXql.exe
  C:\Windows\System\QPgBXql.exe
  2⤵
  PID:2848
- C:\Windows\System\fdNnBnQ.exe
  C:\Windows\System\fdNnBnQ.exe
  2⤵
  PID:5168
- C:\Windows\System\EzXhpMc.exe
  C:\Windows\System\EzXhpMc.exe
  2⤵
  PID:5436
- C:\Windows\System\xbXpuHJ.exe
  C:\Windows\System\xbXpuHJ.exe
  2⤵
  PID:2732
- C:\Windows\System\cieEmtJ.exe
  C:\Windows\System\cieEmtJ.exe
  2⤵
  PID:5176
- C:\Windows\System\AHrxDqa.exe
  C:\Windows\System\AHrxDqa.exe
  2⤵
  PID:5236
- C:\Windows\System\yFZPOEE.exe
  C:\Windows\System\yFZPOEE.exe
  2⤵
  PID:6344
- C:\Windows\System\aRSyNEo.exe
  C:\Windows\System\aRSyNEo.exe
  2⤵
  PID:6364
- C:\Windows\System\wlyzybK.exe
  C:\Windows\System\wlyzybK.exe
  2⤵
  PID:6396
- C:\Windows\System\giJhpOK.exe
  C:\Windows\System\giJhpOK.exe
  2⤵
  PID:6412
- C:\Windows\System\MLqBtYe.exe
  C:\Windows\System\MLqBtYe.exe
  2⤵
  PID:6428
- C:\Windows\System\EjwzvIA.exe
  C:\Windows\System\EjwzvIA.exe
  2⤵
  PID:6456
- C:\Windows\System\pfUhApD.exe
  C:\Windows\System\pfUhApD.exe
  2⤵
  PID:6480
- C:\Windows\System\EfzQrMB.exe
  C:\Windows\System\EfzQrMB.exe
  2⤵
  PID:6776
- C:\Windows\System\EmONoPw.exe
  C:\Windows\System\EmONoPw.exe
  2⤵
  PID:6796
- C:\Windows\System\stqCgPz.exe
  C:\Windows\System\stqCgPz.exe
  2⤵
  PID:6812
- C:\Windows\System\HxsebqQ.exe
  C:\Windows\System\HxsebqQ.exe
  2⤵
  PID:6836
- C:\Windows\System\vEKKcwX.exe
  C:\Windows\System\vEKKcwX.exe
  2⤵
  PID:6860
- C:\Windows\System\IypkmRo.exe
  C:\Windows\System\IypkmRo.exe
  2⤵
  PID:6876
- C:\Windows\System\DUGnAXf.exe
  C:\Windows\System\DUGnAXf.exe
  2⤵
  PID:6896
- C:\Windows\System\mpmXVCe.exe
  C:\Windows\System\mpmXVCe.exe
  2⤵
  PID:6928
- C:\Windows\System\eCPABIL.exe
  C:\Windows\System\eCPABIL.exe
  2⤵
  PID:6944
- C:\Windows\System\QsDNCmc.exe
  C:\Windows\System\QsDNCmc.exe
  2⤵
  PID:6968
- C:\Windows\System\ZFWRFzL.exe
  C:\Windows\System\ZFWRFzL.exe
  2⤵
  PID:6992
- C:\Windows\System\jcIAPPK.exe
  C:\Windows\System\jcIAPPK.exe
  2⤵
  PID:7012
- C:\Windows\System\jEFSADj.exe
  C:\Windows\System\jEFSADj.exe
  2⤵
  PID:7036
- C:\Windows\System\BTpOpAD.exe
  C:\Windows\System\BTpOpAD.exe
  2⤵
  PID:7056
- C:\Windows\System\ECtzCtX.exe
  C:\Windows\System\ECtzCtX.exe
  2⤵
  PID:7092
- C:\Windows\System\GTdDkDh.exe
  C:\Windows\System\GTdDkDh.exe
  2⤵
  PID:5820
- C:\Windows\System\FvcAmSL.exe
  C:\Windows\System\FvcAmSL.exe
  2⤵
  PID:5920
- C:\Windows\System\MMWuRZe.exe
  C:\Windows\System\MMWuRZe.exe
  2⤵
  PID:2264
- C:\Windows\System\JtblwgX.exe
  C:\Windows\System\JtblwgX.exe
  2⤵
  PID:4708
- C:\Windows\System\KZOuTAj.exe
  C:\Windows\System\KZOuTAj.exe
  2⤵
  PID:1708
- C:\Windows\System\PMwiTGt.exe
  C:\Windows\System\PMwiTGt.exe
  2⤵
  PID:4660
- C:\Windows\System\mRbfLRp.exe
  C:\Windows\System\mRbfLRp.exe
  2⤵
  PID:5808
- C:\Windows\System\ZWRsPVr.exe
  C:\Windows\System\ZWRsPVr.exe
  2⤵
  PID:5844
- C:\Windows\System\JrUywpF.exe
  C:\Windows\System\JrUywpF.exe
  2⤵
  PID:3184
- C:\Windows\System\EwdHwkY.exe
  C:\Windows\System\EwdHwkY.exe
  2⤵
  PID:2392
- C:\Windows\System\RRzZkmT.exe
  C:\Windows\System\RRzZkmT.exe
  2⤵
  PID:716
- C:\Windows\System\DocMiPn.exe
  C:\Windows\System\DocMiPn.exe
  2⤵
  PID:4424
- C:\Windows\System\iHOPGOy.exe
  C:\Windows\System\iHOPGOy.exe
  2⤵
  PID:4060
- C:\Windows\System\btUnzkt.exe
  C:\Windows\System\btUnzkt.exe
  2⤵
  PID:5152
- C:\Windows\System\mJkuvBZ.exe
  C:\Windows\System\mJkuvBZ.exe
  2⤵
  PID:5256
- C:\Windows\System\TaYdVRO.exe
  C:\Windows\System\TaYdVRO.exe
  2⤵
  PID:5300
- C:\Windows\System\WBGgYxN.exe
  C:\Windows\System\WBGgYxN.exe
  2⤵
  PID:6408
- C:\Windows\System\apWXyhw.exe
  C:\Windows\System\apWXyhw.exe
  2⤵
  PID:6444
- C:\Windows\System\pEmsUvT.exe
  C:\Windows\System\pEmsUvT.exe
  2⤵
  PID:6476
- C:\Windows\System\bVkonoq.exe
  C:\Windows\System\bVkonoq.exe
  2⤵
  PID:6508
- C:\Windows\System\sZixMQm.exe
  C:\Windows\System\sZixMQm.exe
  2⤵
  PID:6548
- C:\Windows\System\nPkgoMM.exe
  C:\Windows\System\nPkgoMM.exe
  2⤵
  PID:6832
- C:\Windows\System\ttewHRy.exe
  C:\Windows\System\ttewHRy.exe
  2⤵
  PID:6892
- C:\Windows\System\vtsVWtu.exe
  C:\Windows\System\vtsVWtu.exe
  2⤵
  PID:6924
- C:\Windows\System\idHKyTT.exe
  C:\Windows\System\idHKyTT.exe
  2⤵
  PID:6112
- C:\Windows\System\VReSgji.exe
  C:\Windows\System\VReSgji.exe
  2⤵
  PID:6984
- C:\Windows\System\yUCVcWt.exe
  C:\Windows\System\yUCVcWt.exe
  2⤵
  PID:7024
- C:\Windows\System\LumxvmB.exe
  C:\Windows\System\LumxvmB.exe
  2⤵
  PID:5896
- C:\Windows\System\ZjodZVA.exe
  C:\Windows\System\ZjodZVA.exe
  2⤵
  PID:3120
- C:\Windows\System\aWzNiiL.exe
  C:\Windows\System\aWzNiiL.exe
  2⤵
  PID:5860
- C:\Windows\System\rcITfnZ.exe
  C:\Windows\System\rcITfnZ.exe
  2⤵
  PID:5060
- C:\Windows\System\wpYEZMr.exe
  C:\Windows\System\wpYEZMr.exe
  2⤵
  PID:6496
- C:\Windows\System\DyhOgPI.exe
  C:\Windows\System\DyhOgPI.exe
  2⤵
  PID:6556
- C:\Windows\System\qdebqZe.exe
  C:\Windows\System\qdebqZe.exe
  2⤵
  PID:6740
- C:\Windows\System\EOlzUTl.exe
  C:\Windows\System\EOlzUTl.exe
  2⤵
  PID:6792
- C:\Windows\System\ncqSaWN.exe
  C:\Windows\System\ncqSaWN.exe
  2⤵
  PID:3836
- C:\Windows\System\cKiSQVZ.exe
  C:\Windows\System\cKiSQVZ.exe
  2⤵
  PID:6952
- C:\Windows\System\AhTMsbE.exe
  C:\Windows\System\AhTMsbE.exe
  2⤵
  PID:3800
- C:\Windows\System\kSlxQZv.exe
  C:\Windows\System\kSlxQZv.exe
  2⤵
  PID:2704
- C:\Windows\System\YxEfuft.exe
  C:\Windows\System\YxEfuft.exe
  2⤵
  PID:3196
- C:\Windows\System\kJrlgKa.exe
  C:\Windows\System\kJrlgKa.exe
  2⤵
  PID:1416
- C:\Windows\System\RlIbYns.exe
  C:\Windows\System\RlIbYns.exe
  2⤵
  PID:3664
- C:\Windows\System\dRrBQdz.exe
  C:\Windows\System\dRrBQdz.exe
  2⤵
  PID:212
- C:\Windows\System\KQjzMsG.exe
  C:\Windows\System\KQjzMsG.exe
  2⤵
  PID:428
- C:\Windows\System\PVaFiih.exe
  C:\Windows\System\PVaFiih.exe
  2⤵
  PID:4744
- C:\Windows\System\OpBjfXY.exe
  C:\Windows\System\OpBjfXY.exe
  2⤵
  PID:1088
- C:\Windows\System\FWxMVbz.exe
  C:\Windows\System\FWxMVbz.exe
  2⤵
  PID:2796
- C:\Windows\System\lGFClzx.exe
  C:\Windows\System\lGFClzx.exe
  2⤵
  PID:2100
- C:\Windows\System\Wvkgdyn.exe
  C:\Windows\System\Wvkgdyn.exe
  2⤵
  PID:6756
- C:\Windows\System\RfnPfSz.exe
  C:\Windows\System\RfnPfSz.exe
  2⤵
  PID:3944
- C:\Windows\System\KUgGrxs.exe
  C:\Windows\System\KUgGrxs.exe
  2⤵
  PID:6848
- C:\Windows\System\qwsqYkK.exe
  C:\Windows\System\qwsqYkK.exe
  2⤵
  PID:6964
- C:\Windows\System\WVXupje.exe
  C:\Windows\System\WVXupje.exe
  2⤵
  PID:5332
- C:\Windows\System\hBXSuZk.exe
  C:\Windows\System\hBXSuZk.exe
  2⤵
  PID:2308
- C:\Windows\System\RRDCBiM.exe
  C:\Windows\System\RRDCBiM.exe
  2⤵
  PID:6116
- C:\Windows\System\FrxLngX.exe
  C:\Windows\System\FrxLngX.exe
  2⤵
  PID:7172
- C:\Windows\System\pXxocgz.exe
  C:\Windows\System\pXxocgz.exe
  2⤵
  PID:7192
- C:\Windows\System\YPvbxZy.exe
  C:\Windows\System\YPvbxZy.exe
  2⤵
  PID:7208
- C:\Windows\System\omhibmF.exe
  C:\Windows\System\omhibmF.exe
  2⤵
  PID:7224
- C:\Windows\System\BLxSrJZ.exe
  C:\Windows\System\BLxSrJZ.exe
  2⤵
  PID:7240
- C:\Windows\System\kYcnrnY.exe
  C:\Windows\System\kYcnrnY.exe
  2⤵
  PID:7284
- C:\Windows\System\EEmMQBN.exe
  C:\Windows\System\EEmMQBN.exe
  2⤵
  PID:7304
- C:\Windows\System\AgMXeBG.exe
  C:\Windows\System\AgMXeBG.exe
  2⤵
  PID:7324
- C:\Windows\System\qqEVkGp.exe
  C:\Windows\System\qqEVkGp.exe
  2⤵
  PID:7340
- C:\Windows\System\UuwPiQo.exe
  C:\Windows\System\UuwPiQo.exe
  2⤵
  PID:7360
- C:\Windows\System\FRpajyp.exe
  C:\Windows\System\FRpajyp.exe
  2⤵
  PID:7384
- C:\Windows\System\zMYWZeI.exe
  C:\Windows\System\zMYWZeI.exe
  2⤵
  PID:7412
- C:\Windows\System\TfkhXds.exe
  C:\Windows\System\TfkhXds.exe
  2⤵
  PID:7432
- C:\Windows\System\hYTWksK.exe
  C:\Windows\System\hYTWksK.exe
  2⤵
  PID:7452
- C:\Windows\System\vwFVFiw.exe
  C:\Windows\System\vwFVFiw.exe
  2⤵
  PID:7476
- C:\Windows\System\CjeYgxy.exe
  C:\Windows\System\CjeYgxy.exe
  2⤵
  PID:7500
- C:\Windows\System\tQYgWlm.exe
  C:\Windows\System\tQYgWlm.exe
  2⤵
  PID:7524
- C:\Windows\System\EfVzLwL.exe
  C:\Windows\System\EfVzLwL.exe
  2⤵
  PID:7540
- C:\Windows\System\rGKIVXy.exe
  C:\Windows\System\rGKIVXy.exe
  2⤵
  PID:7564
- C:\Windows\System\sqOTeSf.exe
  C:\Windows\System\sqOTeSf.exe
  2⤵
  PID:7596
- C:\Windows\System\wNDenSH.exe
  C:\Windows\System\wNDenSH.exe
  2⤵
  PID:7620
- C:\Windows\System\WpftDkX.exe
  C:\Windows\System\WpftDkX.exe
  2⤵
  PID:7640
- C:\Windows\System\cCssWsM.exe
  C:\Windows\System\cCssWsM.exe
  2⤵
  PID:7660
- C:\Windows\System\aEpPLpO.exe
  C:\Windows\System\aEpPLpO.exe
  2⤵
  PID:7684
- C:\Windows\System\cuBYUBE.exe
  C:\Windows\System\cuBYUBE.exe
  2⤵
  PID:7704
- C:\Windows\System\cpDVkvo.exe
  C:\Windows\System\cpDVkvo.exe
  2⤵
  PID:7728
- C:\Windows\System\bLPfnqw.exe
  C:\Windows\System\bLPfnqw.exe
  2⤵
  PID:7752
- C:\Windows\System\UWCyZdO.exe
  C:\Windows\System\UWCyZdO.exe
  2⤵
  PID:7772
- C:\Windows\System\sVdfjvG.exe
  C:\Windows\System\sVdfjvG.exe
  2⤵
  PID:7796
- C:\Windows\System\ldrwNms.exe
  C:\Windows\System\ldrwNms.exe
  2⤵
  PID:7816
- C:\Windows\System\WPClwVw.exe
  C:\Windows\System\WPClwVw.exe
  2⤵
  PID:7844
- C:\Windows\System\XPoLoBJ.exe
  C:\Windows\System\XPoLoBJ.exe
  2⤵
  PID:7868
- C:\Windows\System\TjhfvKp.exe
  C:\Windows\System\TjhfvKp.exe
  2⤵
  PID:7896
- C:\Windows\System\hIGbuXd.exe
  C:\Windows\System\hIGbuXd.exe
  2⤵
  PID:7912
- C:\Windows\System\dzlfcqi.exe
  C:\Windows\System\dzlfcqi.exe
  2⤵
  PID:7936
- C:\Windows\System\BAHmpdf.exe
  C:\Windows\System\BAHmpdf.exe
  2⤵
  PID:7964
- C:\Windows\System\IWSHRAl.exe
  C:\Windows\System\IWSHRAl.exe
  2⤵
  PID:7984
- C:\Windows\System\fddBfYs.exe
  C:\Windows\System\fddBfYs.exe
  2⤵
  PID:8012
- C:\Windows\System\vrMsCem.exe
  C:\Windows\System\vrMsCem.exe
  2⤵
  PID:8032
- C:\Windows\System\lhWDrVM.exe
  C:\Windows\System\lhWDrVM.exe
  2⤵
  PID:8056
- C:\Windows\System\pisBzHS.exe
  C:\Windows\System\pisBzHS.exe
  2⤵
  PID:8080
- C:\Windows\System\zgfrAIN.exe
  C:\Windows\System\zgfrAIN.exe
  2⤵
  PID:8104
- C:\Windows\System\GeBuxBW.exe
  C:\Windows\System\GeBuxBW.exe
  2⤵
  PID:8124
- C:\Windows\System\xWRGSgi.exe
  C:\Windows\System\xWRGSgi.exe
  2⤵
  PID:8144
- C:\Windows\System\svFlYNF.exe
  C:\Windows\System\svFlYNF.exe
  2⤵
  PID:8168
- C:\Windows\System\NECNhiM.exe
  C:\Windows\System\NECNhiM.exe
  2⤵
  PID:64
- C:\Windows\System\tAOFVDS.exe
  C:\Windows\System\tAOFVDS.exe
  2⤵
  PID:7220
- C:\Windows\System\leZHrsG.exe
  C:\Windows\System\leZHrsG.exe
  2⤵
  PID:4300
- C:\Windows\System\BClZEMb.exe
  C:\Windows\System\BClZEMb.exe
  2⤵
  PID:6468
- C:\Windows\System\sVNKDcl.exe
  C:\Windows\System\sVNKDcl.exe
  2⤵
  PID:4012
- C:\Windows\System\noPfFkG.exe
  C:\Windows\System\noPfFkG.exe
  2⤵
  PID:7048
- C:\Windows\System\fQWzawc.exe
  C:\Windows\System\fQWzawc.exe
  2⤵
  PID:1292
- C:\Windows\System\IwTyrJL.exe
  C:\Windows\System\IwTyrJL.exe
  2⤵
  PID:7204
- C:\Windows\System\IWdIJMc.exe
  C:\Windows\System\IWdIJMc.exe
  2⤵
  PID:7392
- C:\Windows\System\vgtkLmF.exe
  C:\Windows\System\vgtkLmF.exe
  2⤵
  PID:7496
- C:\Windows\System\byCcwsn.exe
  C:\Windows\System\byCcwsn.exe
  2⤵
  PID:7584
- C:\Windows\System\qSaVVRj.exe
  C:\Windows\System\qSaVVRj.exe
  2⤵
  PID:7672
- C:\Windows\System\OuErIIh.exe
  C:\Windows\System\OuErIIh.exe
  2⤵
  PID:7724
- C:\Windows\System\GLZLuKB.exe
  C:\Windows\System\GLZLuKB.exe
  2⤵
  PID:7404
- C:\Windows\System\mFKCHvZ.exe
  C:\Windows\System\mFKCHvZ.exe
  2⤵
  PID:7448
- C:\Windows\System\ZEonYYp.exe
  C:\Windows\System\ZEonYYp.exe
  2⤵
  PID:7472
- C:\Windows\System\xtbvKyx.exe
  C:\Windows\System\xtbvKyx.exe
  2⤵
  PID:7508
- C:\Windows\System\hlrJYuX.exe
  C:\Windows\System\hlrJYuX.exe
  2⤵
  PID:7556
- C:\Windows\System\fafdHGV.exe
  C:\Windows\System\fafdHGV.exe
  2⤵
  PID:7920
- C:\Windows\System\uhUfLKl.exe
  C:\Windows\System\uhUfLKl.exe
  2⤵
  PID:7952
- C:\Windows\System\jfsGceK.exe
  C:\Windows\System\jfsGceK.exe
  2⤵
  PID:7980
- C:\Windows\System\eJxHUZB.exe
  C:\Windows\System\eJxHUZB.exe
  2⤵
  PID:8024
- C:\Windows\System\wPiPNeY.exe
  C:\Windows\System\wPiPNeY.exe
  2⤵
  PID:8116
- C:\Windows\System\yZuYjOa.exe
  C:\Windows\System\yZuYjOa.exe
  2⤵
  PID:8136
- C:\Windows\System\eRCvNVR.exe
  C:\Windows\System\eRCvNVR.exe
  2⤵
  PID:7612
- C:\Windows\System\TOTHNrt.exe
  C:\Windows\System\TOTHNrt.exe
  2⤵
  PID:7216
- C:\Windows\System\BhSuqwe.exe
  C:\Windows\System\BhSuqwe.exe
  2⤵
  PID:7004
- C:\Windows\System\XsQKjDC.exe
  C:\Windows\System\XsQKjDC.exe
  2⤵
  PID:1232
- C:\Windows\System\OUESxpY.exe
  C:\Windows\System\OUESxpY.exe
  2⤵
  PID:8200
- C:\Windows\System\eTRxoFf.exe
  C:\Windows\System\eTRxoFf.exe
  2⤵
  PID:8224
- C:\Windows\System\BAaiNDE.exe
  C:\Windows\System\BAaiNDE.exe
  2⤵
  PID:8252
- C:\Windows\System\jqWLNVs.exe
  C:\Windows\System\jqWLNVs.exe
  2⤵
  PID:8268
- C:\Windows\System\xjKrnrO.exe
  C:\Windows\System\xjKrnrO.exe
  2⤵
  PID:8296
- C:\Windows\System\hWiwsTh.exe
  C:\Windows\System\hWiwsTh.exe
  2⤵
  PID:8316
- C:\Windows\System\YVProHb.exe
  C:\Windows\System\YVProHb.exe
  2⤵
  PID:8340
- C:\Windows\System\ccTsvaP.exe
  C:\Windows\System\ccTsvaP.exe
  2⤵
  PID:8360
- C:\Windows\System\fRrjWMA.exe
  C:\Windows\System\fRrjWMA.exe
  2⤵
  PID:8384
- C:\Windows\System\IpYjJZR.exe
  C:\Windows\System\IpYjJZR.exe
  2⤵
  PID:8404
- C:\Windows\System\yjRZxXC.exe
  C:\Windows\System\yjRZxXC.exe
  2⤵
  PID:8424
- C:\Windows\System\KQHmvzK.exe
  C:\Windows\System\KQHmvzK.exe
  2⤵
  PID:8448
- C:\Windows\System\UorxQNV.exe
  C:\Windows\System\UorxQNV.exe
  2⤵
  PID:8468
- C:\Windows\System\pqhZPoq.exe
  C:\Windows\System\pqhZPoq.exe
  2⤵
  PID:8488
- C:\Windows\System\SJxyigL.exe
  C:\Windows\System\SJxyigL.exe
  2⤵
  PID:8512
- C:\Windows\System\vsePATj.exe
  C:\Windows\System\vsePATj.exe
  2⤵
  PID:8536
- C:\Windows\System\GDNeBuR.exe
  C:\Windows\System\GDNeBuR.exe
  2⤵
  PID:8556
- C:\Windows\System\RapQAyo.exe
  C:\Windows\System\RapQAyo.exe
  2⤵
  PID:8576
- C:\Windows\System\CmuMobn.exe
  C:\Windows\System\CmuMobn.exe
  2⤵
  PID:8612
- C:\Windows\System\OxsPOkd.exe
  C:\Windows\System\OxsPOkd.exe
  2⤵
  PID:8628
- C:\Windows\System\DVXgeTz.exe
  C:\Windows\System\DVXgeTz.exe
  2⤵
  PID:8652
- C:\Windows\System\IOxCKjp.exe
  C:\Windows\System\IOxCKjp.exe
  2⤵
  PID:8672
- C:\Windows\System\pdRTEkY.exe
  C:\Windows\System\pdRTEkY.exe
  2⤵
  PID:8708
- C:\Windows\System\qArhiYG.exe
  C:\Windows\System\qArhiYG.exe
  2⤵
  PID:8728
- C:\Windows\System\iyqpbHN.exe
  C:\Windows\System\iyqpbHN.exe
  2⤵
  PID:8748
- C:\Windows\System\rxOCvPx.exe
  C:\Windows\System\rxOCvPx.exe
  2⤵
  PID:8772
- C:\Windows\System\AOhXwTj.exe
  C:\Windows\System\AOhXwTj.exe
  2⤵
  PID:8792
- C:\Windows\System\BfcifoB.exe
  C:\Windows\System\BfcifoB.exe
  2⤵
  PID:8816
- C:\Windows\System\JYAqjWX.exe
  C:\Windows\System\JYAqjWX.exe
  2⤵
  PID:8832
- C:\Windows\System\eLyeILP.exe
  C:\Windows\System\eLyeILP.exe
  2⤵
  PID:8860
- C:\Windows\System\ovzNKpg.exe
  C:\Windows\System\ovzNKpg.exe
  2⤵
  PID:8880
- C:\Windows\System\WKcjTSz.exe
  C:\Windows\System\WKcjTSz.exe
  2⤵
  PID:8900
- C:\Windows\System\OpRQCtJ.exe
  C:\Windows\System\OpRQCtJ.exe
  2⤵
  PID:8920
- C:\Windows\System\XfhacPe.exe
  C:\Windows\System\XfhacPe.exe
  2⤵
  PID:8944
- C:\Windows\System\QZlrxSl.exe
  C:\Windows\System\QZlrxSl.exe
  2⤵
  PID:8964
- C:\Windows\System\SKjOuut.exe
  C:\Windows\System\SKjOuut.exe
  2⤵
  PID:8992
- C:\Windows\System\ogQpMKM.exe
  C:\Windows\System\ogQpMKM.exe
  2⤵
  PID:9008
- C:\Windows\System\dmdCysq.exe
  C:\Windows\System\dmdCysq.exe
  2⤵
  PID:9032
- C:\Windows\System\bjXHMmB.exe
  C:\Windows\System\bjXHMmB.exe
  2⤵
  PID:9056
- C:\Windows\System\GdKnXJy.exe
  C:\Windows\System\GdKnXJy.exe
  2⤵
  PID:9080
- C:\Windows\System\iJUSXuP.exe
  C:\Windows\System\iJUSXuP.exe
  2⤵
  PID:9104
- C:\Windows\System\HXswcnh.exe
  C:\Windows\System\HXswcnh.exe
  2⤵
  PID:9124
- C:\Windows\System\BuZsKLs.exe
  C:\Windows\System\BuZsKLs.exe
  2⤵
  PID:9152
- C:\Windows\System\vdczcaF.exe
  C:\Windows\System\vdczcaF.exe
  2⤵
  PID:9176
- C:\Windows\System\GflFDAg.exe
  C:\Windows\System\GflFDAg.exe
  2⤵
  PID:9200
- C:\Windows\System\nVqtcYQ.exe
  C:\Windows\System\nVqtcYQ.exe
  2⤵
  PID:7464
- C:\Windows\System\rHsabko.exe
  C:\Windows\System\rHsabko.exe
  2⤵
  PID:7944
- C:\Windows\System\hWvPhxA.exe
  C:\Windows\System\hWvPhxA.exe
  2⤵
  PID:7788
- C:\Windows\System\EgoiQHt.exe
  C:\Windows\System\EgoiQHt.exe
  2⤵
  PID:3332
- C:\Windows\System\hkptEtw.exe
  C:\Windows\System\hkptEtw.exe
  2⤵
  PID:7632
- C:\Windows\System\GkpOcex.exe
  C:\Windows\System\GkpOcex.exe
  2⤵
  PID:8260
- C:\Windows\System\hseeSvJ.exe
  C:\Windows\System\hseeSvJ.exe
  2⤵
  PID:8288
- C:\Windows\System\WNiWiQP.exe
  C:\Windows\System\WNiWiQP.exe
  2⤵
  PID:8304
- C:\Windows\System\NjQfgMM.exe
  C:\Windows\System\NjQfgMM.exe
  2⤵
  PID:8352
- C:\Windows\System\OmQfhpC.exe
  C:\Windows\System\OmQfhpC.exe
  2⤵
  PID:8396
- C:\Windows\System\rtcaUdh.exe
  C:\Windows\System\rtcaUdh.exe
  2⤵
  PID:8444
- C:\Windows\System\MCnbZsG.exe
  C:\Windows\System\MCnbZsG.exe
  2⤵
  PID:8544
- C:\Windows\System\qPNgTQp.exe
  C:\Windows\System\qPNgTQp.exe
  2⤵
  PID:8664
- C:\Windows\System\KLMnMoQ.exe
  C:\Windows\System\KLMnMoQ.exe
  2⤵
  PID:7736
- C:\Windows\System\cgJguxo.exe
  C:\Windows\System\cgJguxo.exe
  2⤵
  PID:7368
- C:\Windows\System\dTqinGu.exe
  C:\Windows\System\dTqinGu.exe
  2⤵
  PID:9236
- C:\Windows\System\CuAYLyY.exe
  C:\Windows\System\CuAYLyY.exe
  2⤵
  PID:9256
- C:\Windows\System\qmRLlJG.exe
  C:\Windows\System\qmRLlJG.exe
  2⤵
  PID:9280
- C:\Windows\System\TZQDPcQ.exe
  C:\Windows\System\TZQDPcQ.exe
  2⤵
  PID:9304
- C:\Windows\System\DAItRnf.exe
  C:\Windows\System\DAItRnf.exe
  2⤵
  PID:9324
- C:\Windows\System\kjeOMfF.exe
  C:\Windows\System\kjeOMfF.exe
  2⤵
  PID:9348
- C:\Windows\System\XutWWNu.exe
  C:\Windows\System\XutWWNu.exe
  2⤵
  PID:9376
- C:\Windows\System\PqbvifR.exe
  C:\Windows\System\PqbvifR.exe
  2⤵
  PID:9392
- C:\Windows\System\yjjbCdW.exe
  C:\Windows\System\yjjbCdW.exe
  2⤵
  PID:9420
- C:\Windows\System\DHXvAMJ.exe
  C:\Windows\System\DHXvAMJ.exe
  2⤵
  PID:9440
- C:\Windows\System\mcGzvEI.exe
  C:\Windows\System\mcGzvEI.exe
  2⤵
  PID:9456
- C:\Windows\System\GGGDwcO.exe
  C:\Windows\System\GGGDwcO.exe
  2⤵
  PID:9472
- C:\Windows\System\hGqnXFe.exe
  C:\Windows\System\hGqnXFe.exe
  2⤵
  PID:9492
- C:\Windows\System\SVUfEBf.exe
  C:\Windows\System\SVUfEBf.exe
  2⤵
  PID:9512
- C:\Windows\System\jismpEy.exe
  C:\Windows\System\jismpEy.exe
  2⤵
  PID:9532
- C:\Windows\System\CjyjSbi.exe
  C:\Windows\System\CjyjSbi.exe
  2⤵
  PID:9564
- C:\Windows\System\moMzvhC.exe
  C:\Windows\System\moMzvhC.exe
  2⤵
  PID:9592
- C:\Windows\System\kUdWASm.exe
  C:\Windows\System\kUdWASm.exe
  2⤵
  PID:9612
- C:\Windows\System\UZXDbdD.exe
  C:\Windows\System\UZXDbdD.exe
  2⤵
  PID:9632
- C:\Windows\System\CljdxNl.exe
  C:\Windows\System\CljdxNl.exe
  2⤵
  PID:9656
- C:\Windows\System\usvPUhB.exe
  C:\Windows\System\usvPUhB.exe
  2⤵
  PID:9680
- C:\Windows\System\ZeKeIos.exe
  C:\Windows\System\ZeKeIos.exe
  2⤵
  PID:9700
- C:\Windows\System\HAuuIrR.exe
  C:\Windows\System\HAuuIrR.exe
  2⤵
  PID:9716
- C:\Windows\System\lJqJMAd.exe
  C:\Windows\System\lJqJMAd.exe
  2⤵
  PID:9740
- C:\Windows\System\mmchmqK.exe
  C:\Windows\System\mmchmqK.exe
  2⤵
  PID:9764
- C:\Windows\System\pDUSEKt.exe
  C:\Windows\System\pDUSEKt.exe
  2⤵
  PID:9784
- C:\Windows\System\xBwFmCH.exe
  C:\Windows\System\xBwFmCH.exe
  2⤵
  PID:9800
- C:\Windows\System\QPsKJje.exe
  C:\Windows\System\QPsKJje.exe
  2⤵
  PID:9824
- C:\Windows\System\juNJMwf.exe
  C:\Windows\System\juNJMwf.exe
  2⤵
  PID:9844
- C:\Windows\System\RgxuMPl.exe
  C:\Windows\System\RgxuMPl.exe
  2⤵
  PID:9864
- C:\Windows\System\CHvDYjR.exe
  C:\Windows\System\CHvDYjR.exe
  2⤵
  PID:9884
- C:\Windows\System\swEjQKg.exe
  C:\Windows\System\swEjQKg.exe
  2⤵
  PID:9904
- C:\Windows\System\NoVBeuz.exe
  C:\Windows\System\NoVBeuz.exe
  2⤵
  PID:9924
- C:\Windows\System\wRXDTsj.exe
  C:\Windows\System\wRXDTsj.exe
  2⤵
  PID:9940
- C:\Windows\System\sdtURME.exe
  C:\Windows\System\sdtURME.exe
  2⤵
  PID:9960
- C:\Windows\System\OYhAvGX.exe
  C:\Windows\System\OYhAvGX.exe
  2⤵
  PID:9984
- C:\Windows\System\wIbFdzj.exe
  C:\Windows\System\wIbFdzj.exe
  2⤵
  PID:10004
- C:\Windows\System\yEjEdwr.exe
  C:\Windows\System\yEjEdwr.exe
  2⤵
  PID:10024
- C:\Windows\System\riVdBYf.exe
  C:\Windows\System\riVdBYf.exe
  2⤵
  PID:10048
- C:\Windows\System\CajEqhK.exe
  C:\Windows\System\CajEqhK.exe
  2⤵
  PID:10072
- C:\Windows\System\DcoTLFI.exe
  C:\Windows\System\DcoTLFI.exe
  2⤵
  PID:10092
- C:\Windows\System\wSEOlyx.exe
  C:\Windows\System\wSEOlyx.exe
  2⤵
  PID:10112
- C:\Windows\System\GQAQFno.exe
  C:\Windows\System\GQAQFno.exe
  2⤵
  PID:10136
- C:\Windows\System\aLoIWLw.exe
  C:\Windows\System\aLoIWLw.exe
  2⤵
  PID:10160
- C:\Windows\System\YrOWQJC.exe
  C:\Windows\System\YrOWQJC.exe
  2⤵
  PID:10176
- C:\Windows\System\jrcLbAT.exe
  C:\Windows\System\jrcLbAT.exe
  2⤵
  PID:10204
- C:\Windows\System\evgCbzp.exe
  C:\Windows\System\evgCbzp.exe
  2⤵
  PID:10232
- C:\Windows\System\bOIVZBL.exe
  C:\Windows\System\bOIVZBL.exe
  2⤵
  PID:8896
- C:\Windows\System\QhgfUXI.exe
  C:\Windows\System\QhgfUXI.exe
  2⤵
  PID:8960
- C:\Windows\System\upGBCAp.exe
  C:\Windows\System\upGBCAp.exe
  2⤵
  PID:8368
- C:\Windows\System\joJOAzt.exe
  C:\Windows\System\joJOAzt.exe
  2⤵
  PID:9068
- C:\Windows\System\boYVHVT.exe
  C:\Windows\System\boYVHVT.exe
  2⤵
  PID:9092
- C:\Windows\System\LgshRWI.exe
  C:\Windows\System\LgshRWI.exe
  2⤵
  PID:9120
- C:\Windows\System\xirgybu.exe
  C:\Windows\System\xirgybu.exe
  2⤵
  PID:8504
- C:\Windows\System\dSLtPBn.exe
  C:\Windows\System\dSLtPBn.exe
  2⤵
  PID:7376
- C:\Windows\System\vBeDHsJ.exe
  C:\Windows\System\vBeDHsJ.exe
  2⤵
  PID:7924
- C:\Windows\System\EDOqtBu.exe
  C:\Windows\System\EDOqtBu.exe
  2⤵
  PID:7312
- C:\Windows\System\QMlOpnT.exe
  C:\Windows\System\QMlOpnT.exe
  2⤵
  PID:8740
- C:\Windows\System\vwclFGP.exe
  C:\Windows\System\vwclFGP.exe
  2⤵
  PID:7960
- C:\Windows\System\OLzVCQc.exe
  C:\Windows\System\OLzVCQc.exe
  2⤵
  PID:8840
- C:\Windows\System\oAaogfi.exe
  C:\Windows\System\oAaogfi.exe
  2⤵
  PID:8208
- C:\Windows\System\fzToQpI.exe
  C:\Windows\System\fzToQpI.exe
  2⤵
  PID:8856
- C:\Windows\System\TZLLIiX.exe
  C:\Windows\System\TZLLIiX.exe
  2⤵
  PID:9276
- C:\Windows\System\cHKiRzu.exe
  C:\Windows\System\cHKiRzu.exe
  2⤵
  PID:8928
- C:\Windows\System\tpIlkOM.exe
  C:\Windows\System\tpIlkOM.exe
  2⤵
  PID:9368
- C:\Windows\System\wqWqGCQ.exe
  C:\Windows\System\wqWqGCQ.exe
  2⤵
  PID:9432
- C:\Windows\System\BhWlHFe.exe
  C:\Windows\System\BhWlHFe.exe
  2⤵
  PID:9504
- C:\Windows\System\yFFAkbI.exe
  C:\Windows\System\yFFAkbI.exe
  2⤵
  PID:9588
- C:\Windows\System\DbErTas.exe
  C:\Windows\System\DbErTas.exe
  2⤵
  PID:9640
- C:\Windows\System\zLelLkv.exe
  C:\Windows\System\zLelLkv.exe
  2⤵
  PID:10252
- C:\Windows\System\zXXpZgv.exe
  C:\Windows\System\zXXpZgv.exe
  2⤵
  PID:10276
- C:\Windows\System\teyEqoJ.exe
  C:\Windows\System\teyEqoJ.exe
  2⤵
  PID:10296
- C:\Windows\System\MzSXFxS.exe
  C:\Windows\System\MzSXFxS.exe
  2⤵
  PID:10316
- C:\Windows\System\rWsxhWm.exe
  C:\Windows\System\rWsxhWm.exe
  2⤵
  PID:10340
- C:\Windows\System\mAcVRIB.exe
  C:\Windows\System\mAcVRIB.exe
  2⤵
  PID:10360
- C:\Windows\System\UQqyKmH.exe
  C:\Windows\System\UQqyKmH.exe
  2⤵
  PID:10380
- C:\Windows\System\WNsXwqT.exe
  C:\Windows\System\WNsXwqT.exe
  2⤵
  PID:10400
- C:\Windows\System\pxPwaQu.exe
  C:\Windows\System\pxPwaQu.exe
  2⤵
  PID:10420
- C:\Windows\System\cAvrXOB.exe
  C:\Windows\System\cAvrXOB.exe
  2⤵
  PID:10436
- C:\Windows\System\PeviVFu.exe
  C:\Windows\System\PeviVFu.exe
  2⤵
  PID:10456
- C:\Windows\System\NYEmyLY.exe
  C:\Windows\System\NYEmyLY.exe
  2⤵
  PID:10476
- C:\Windows\System\HyFeLjc.exe
  C:\Windows\System\HyFeLjc.exe
  2⤵
  PID:10504
- C:\Windows\System\XrLWMxY.exe
  C:\Windows\System\XrLWMxY.exe
  2⤵
  PID:10520
- C:\Windows\System\QcEbMrJ.exe
  C:\Windows\System\QcEbMrJ.exe
  2⤵
  PID:10536
- C:\Windows\System\ichrzIq.exe
  C:\Windows\System\ichrzIq.exe
  2⤵
  PID:10556
- C:\Windows\System\tednqhh.exe
  C:\Windows\System\tednqhh.exe
  2⤵
  PID:10572
- C:\Windows\System\DWHbxKu.exe
  C:\Windows\System\DWHbxKu.exe
  2⤵
  PID:10592
- C:\Windows\System\tXNRtrc.exe
  C:\Windows\System\tXNRtrc.exe
  2⤵
  PID:10608
- C:\Windows\System\LvcBAEt.exe
  C:\Windows\System\LvcBAEt.exe
  2⤵
  PID:10632
- C:\Windows\System\aIoGjNf.exe
  C:\Windows\System\aIoGjNf.exe
  2⤵
  PID:10652
- C:\Windows\System\iBNwAfi.exe
  C:\Windows\System\iBNwAfi.exe
  2⤵
  PID:10672
- C:\Windows\System\dpKrKCD.exe
  C:\Windows\System\dpKrKCD.exe
  2⤵
  PID:10696
- C:\Windows\System\vFoaXKX.exe
  C:\Windows\System\vFoaXKX.exe
  2⤵
  PID:10724
- C:\Windows\System\AnOFduo.exe
  C:\Windows\System\AnOFduo.exe
  2⤵
  PID:10744
- C:\Windows\System\TiWLEjd.exe
  C:\Windows\System\TiWLEjd.exe
  2⤵
  PID:10768
- C:\Windows\System\AqjlYXE.exe
  C:\Windows\System\AqjlYXE.exe
  2⤵
  PID:10788
- C:\Windows\System\ZVNydRe.exe
  C:\Windows\System\ZVNydRe.exe
  2⤵
  PID:10824
- C:\Windows\System\mpwEWOc.exe
  C:\Windows\System\mpwEWOc.exe
  2⤵
  PID:10852
- C:\Windows\System\dfaVWec.exe
  C:\Windows\System\dfaVWec.exe
  2⤵
  PID:10876
- C:\Windows\System\wJJsFvM.exe
  C:\Windows\System\wJJsFvM.exe
  2⤵
  PID:10896
- C:\Windows\System\eCFNIWv.exe
  C:\Windows\System\eCFNIWv.exe
  2⤵
  PID:10916
- C:\Windows\System\OPUUioX.exe
  C:\Windows\System\OPUUioX.exe
  2⤵
  PID:10944
- C:\Windows\System\GOuSqzS.exe
  C:\Windows\System\GOuSqzS.exe
  2⤵
  PID:10972
- C:\Windows\System\KCIAeHT.exe
  C:\Windows\System\KCIAeHT.exe
  2⤵
  PID:10988
- C:\Windows\System\wRufsrz.exe
  C:\Windows\System\wRufsrz.exe
  2⤵
  PID:11012
- C:\Windows\System\DtzewMd.exe
  C:\Windows\System\DtzewMd.exe
  2⤵
  PID:11032
- C:\Windows\System\eGabJKv.exe
  C:\Windows\System\eGabJKv.exe
  2⤵
  PID:11052
- C:\Windows\System\VYtBjBI.exe
  C:\Windows\System\VYtBjBI.exe
  2⤵
  PID:11076
- C:\Windows\System\UYEprpw.exe
  C:\Windows\System\UYEprpw.exe
  2⤵
  PID:11092
- C:\Windows\System\xcqPZNK.exe
  C:\Windows\System\xcqPZNK.exe
  2⤵
  PID:11120
- C:\Windows\System\tifGhLJ.exe
  C:\Windows\System\tifGhLJ.exe
  2⤵
  PID:11140
- C:\Windows\System\QAOJhrZ.exe
  C:\Windows\System\QAOJhrZ.exe
  2⤵
  PID:11164
- C:\Windows\System\IERzoRf.exe
  C:\Windows\System\IERzoRf.exe
  2⤵
  PID:11196
- C:\Windows\System\UjWdRoI.exe
  C:\Windows\System\UjWdRoI.exe
  2⤵
  PID:11220
- C:\Windows\System\NyQPkke.exe
  C:\Windows\System\NyQPkke.exe
  2⤵
  PID:11240
- C:\Windows\System\dpCqCGY.exe
  C:\Windows\System\dpCqCGY.exe
  2⤵
  PID:11256
- C:\Windows\System\IbYbjKM.exe
  C:\Windows\System\IbYbjKM.exe
  2⤵
  PID:8620
- C:\Windows\System\SpnlmHc.exe
  C:\Windows\System\SpnlmHc.exe
  2⤵
  PID:8636
- C:\Windows\System\XbFsuOj.exe
  C:\Windows\System\XbFsuOj.exe
  2⤵
  PID:7780
- C:\Windows\System\aHldEQU.exe
  C:\Windows\System\aHldEQU.exe
  2⤵
  PID:9900
- C:\Windows\System\TktEEEd.exe
  C:\Windows\System\TktEEEd.exe
  2⤵
  PID:10000
- C:\Windows\System\qjrHrrE.exe
  C:\Windows\System\qjrHrrE.exe
  2⤵
  PID:10080
- C:\Windows\System\YWuepFZ.exe
  C:\Windows\System\YWuepFZ.exe
  2⤵
  PID:10120
- C:\Windows\System\hhXghrw.exe
  C:\Windows\System\hhXghrw.exe
  2⤵
  PID:8532
- C:\Windows\System\fpKoffP.exe
  C:\Windows\System\fpKoffP.exe
  2⤵
  PID:8456
- C:\Windows\System\ZWzNNBM.exe
  C:\Windows\System\ZWzNNBM.exe
  2⤵
  PID:9316
- C:\Windows\System\EeZTNYN.exe
  C:\Windows\System\EeZTNYN.exe
  2⤵
  PID:9360
- C:\Windows\System\UfiZHfg.exe
  C:\Windows\System\UfiZHfg.exe
  2⤵
  PID:8720
- C:\Windows\System\irAjsUm.exe
  C:\Windows\System\irAjsUm.exe
  2⤵
  PID:9412
- C:\Windows\System\KAHDDyL.exe
  C:\Windows\System\KAHDDyL.exe
  2⤵
  PID:7188
- C:\Windows\System\VMWhswa.exe
  C:\Windows\System\VMWhswa.exe
  2⤵
  PID:8936
- C:\Windows\System\NkJliir.exe
  C:\Windows\System\NkJliir.exe
  2⤵
  PID:9028
- C:\Windows\System\mogddFk.exe
  C:\Windows\System\mogddFk.exe
  2⤵
  PID:9624
- C:\Windows\System\fLfqxrC.exe
  C:\Windows\System\fLfqxrC.exe
  2⤵
  PID:10284
- C:\Windows\System\HiqUlDR.exe
  C:\Windows\System\HiqUlDR.exe
  2⤵
  PID:10312
- C:\Windows\System\UHXCiUC.exe
  C:\Windows\System\UHXCiUC.exe
  2⤵
  PID:11284
- C:\Windows\System\rIoWGYZ.exe
  C:\Windows\System\rIoWGYZ.exe
  2⤵
  PID:11304
- C:\Windows\System\DodbHlK.exe
  C:\Windows\System\DodbHlK.exe
  2⤵
  PID:11324
- C:\Windows\System\fcrRHzi.exe
  C:\Windows\System\fcrRHzi.exe
  2⤵
  PID:11348
- C:\Windows\System\soVhWVO.exe
  C:\Windows\System\soVhWVO.exe
  2⤵
  PID:11372
- C:\Windows\System\iruybIV.exe
  C:\Windows\System\iruybIV.exe
  2⤵
  PID:11396
- C:\Windows\System\pqAcziE.exe
  C:\Windows\System\pqAcziE.exe
  2⤵
  PID:11416
- C:\Windows\System\DweIltJ.exe
  C:\Windows\System\DweIltJ.exe
  2⤵
  PID:11440
- C:\Windows\System\squjSfK.exe
  C:\Windows\System\squjSfK.exe
  2⤵
  PID:11464
- C:\Windows\System\WdWLYkK.exe
  C:\Windows\System\WdWLYkK.exe
  2⤵
  PID:11484
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11484 -s 244
    3⤵
    PID:9816
- C:\Windows\System\NZiSaeU.exe
  C:\Windows\System\NZiSaeU.exe
  2⤵
  PID:11504
- C:\Windows\System\HtlyofB.exe
  C:\Windows\System\HtlyofB.exe
  2⤵
  PID:11532
- C:\Windows\System\tKNUHCP.exe
  C:\Windows\System\tKNUHCP.exe
  2⤵
  PID:11560
- C:\Windows\System\pqfLkNe.exe
  C:\Windows\System\pqfLkNe.exe
  2⤵
  PID:11576
- C:\Windows\System\fDPcIdB.exe
  C:\Windows\System\fDPcIdB.exe
  2⤵
  PID:11600
- C:\Windows\System\nmfAXXi.exe
  C:\Windows\System\nmfAXXi.exe
  2⤵
  PID:11620
- C:\Windows\System\GlKmZIs.exe
  C:\Windows\System\GlKmZIs.exe
  2⤵
  PID:11636
- C:\Windows\System\wSGReIA.exe
  C:\Windows\System\wSGReIA.exe
  2⤵
  PID:11656
- C:\Windows\System\pqDuwpA.exe
  C:\Windows\System\pqDuwpA.exe
  2⤵
  PID:11672
- C:\Windows\System\ohMBWiK.exe
  C:\Windows\System\ohMBWiK.exe
  2⤵
  PID:11688
- C:\Windows\System\daTgkOD.exe
  C:\Windows\System\daTgkOD.exe
  2⤵
  PID:11704
- C:\Windows\System\SDUKAEB.exe
  C:\Windows\System\SDUKAEB.exe
  2⤵
  PID:11720
- C:\Windows\System\tbhYOzQ.exe
  C:\Windows\System\tbhYOzQ.exe
  2⤵
  PID:11736
- C:\Windows\System\jkcLSEX.exe
  C:\Windows\System\jkcLSEX.exe
  2⤵
  PID:11756
- C:\Windows\System\lgXxQbk.exe
  C:\Windows\System\lgXxQbk.exe
  2⤵
  PID:11776
- C:\Windows\System\zmesuKK.exe
  C:\Windows\System\zmesuKK.exe
  2⤵
  PID:11796
- C:\Windows\System\vJeBntw.exe
  C:\Windows\System\vJeBntw.exe
  2⤵
  PID:11820
- C:\Windows\System\IDYczCY.exe
  C:\Windows\System\IDYczCY.exe
  2⤵
  PID:11844
- C:\Windows\System\ipBhAgA.exe
  C:\Windows\System\ipBhAgA.exe
  2⤵
  PID:11864
- C:\Windows\System\ybbthVN.exe
  C:\Windows\System\ybbthVN.exe
  2⤵
  PID:11884
- C:\Windows\System\LVzBRCg.exe
  C:\Windows\System\LVzBRCg.exe
  2⤵
  PID:11904
- C:\Windows\System\DJSTtnU.exe
  C:\Windows\System\DJSTtnU.exe
  2⤵
  PID:11932
- C:\Windows\System\jXwiRco.exe
  C:\Windows\System\jXwiRco.exe
  2⤵
  PID:11948
- C:\Windows\System\NWXkBrM.exe
  C:\Windows\System\NWXkBrM.exe
  2⤵
  PID:11968
- C:\Windows\System\QGzihLs.exe
  C:\Windows\System\QGzihLs.exe
  2⤵
  PID:11992
- C:\Windows\System\DdbDsPG.exe
  C:\Windows\System\DdbDsPG.exe
  2⤵
  PID:12012
- C:\Windows\System\DjThWEH.exe
  C:\Windows\System\DjThWEH.exe
  2⤵
  PID:12036
- C:\Windows\System\kHLceRj.exe
  C:\Windows\System\kHLceRj.exe
  2⤵
  PID:12064
- C:\Windows\System\jtRKZYN.exe
  C:\Windows\System\jtRKZYN.exe
  2⤵
  PID:12088
- C:\Windows\System\EfXPUEC.exe
  C:\Windows\System\EfXPUEC.exe
  2⤵
  PID:12112
- C:\Windows\System\HSWbAkz.exe
  C:\Windows\System\HSWbAkz.exe
  2⤵
  PID:12132
- C:\Windows\System\dnchExX.exe
  C:\Windows\System\dnchExX.exe
  2⤵
  PID:12152
- C:\Windows\System\KgvptVN.exe
  C:\Windows\System\KgvptVN.exe
  2⤵
  PID:12180
- C:\Windows\System\nQmSYUP.exe
  C:\Windows\System\nQmSYUP.exe
  2⤵
  PID:12200
- C:\Windows\System\ioTnyTD.exe
  C:\Windows\System\ioTnyTD.exe
  2⤵
  PID:12220
- C:\Windows\System\QkglWrf.exe
  C:\Windows\System\QkglWrf.exe
  2⤵
  PID:12244
- C:\Windows\System\QgdICij.exe
  C:\Windows\System\QgdICij.exe
  2⤵
  PID:12268
- C:\Windows\System\cykvfOx.exe
  C:\Windows\System\cykvfOx.exe
  2⤵
  PID:9708
- C:\Windows\System\phJlDHQ.exe
  C:\Windows\System\phJlDHQ.exe
  2⤵
  PID:10392
- C:\Windows\System\HjSgBas.exe
  C:\Windows\System\HjSgBas.exe
  2⤵
  PID:10444
- C:\Windows\System\HpAhunT.exe
  C:\Windows\System\HpAhunT.exe
  2⤵
  PID:8312
- C:\Windows\System\TdLjrAW.exe
  C:\Windows\System\TdLjrAW.exe
  2⤵
  PID:9952
- C:\Windows\System\bZHemgD.exe
  C:\Windows\System\bZHemgD.exe
  2⤵
  PID:9980
- C:\Windows\System\qgNIgbG.exe
  C:\Windows\System\qgNIgbG.exe
  2⤵
  PID:10836
- C:\Windows\System\onRnYPo.exe
  C:\Windows\System\onRnYPo.exe
  2⤵
  PID:8692
- C:\Windows\System\oNfyELY.exe
  C:\Windows\System\oNfyELY.exe
  2⤵
  PID:10224
- C:\Windows\System\iErqvma.exe
  C:\Windows\System\iErqvma.exe
  2⤵
  PID:8400
- C:\Windows\System\gPPObtc.exe
  C:\Windows\System\gPPObtc.exe
  2⤵
  PID:11028
- C:\Windows\System\SEFjwPI.exe
  C:\Windows\System\SEFjwPI.exe
  2⤵
  PID:11060
- C:\Windows\System\qrUakmO.exe
  C:\Windows\System\qrUakmO.exe
  2⤵
  PID:11128
- C:\Windows\System\ahCtdNY.exe
  C:\Windows\System\ahCtdNY.exe
  2⤵
  PID:12736
- C:\Windows\System\gUxDpcV.exe
  C:\Windows\System\gUxDpcV.exe
  2⤵
  PID:12768
- C:\Windows\System\hRjceAx.exe
  C:\Windows\System\hRjceAx.exe
  2⤵
  PID:12832
- C:\Windows\System\iIAvWri.exe
  C:\Windows\System\iIAvWri.exe
  2⤵
  PID:12852
- C:\Windows\System\MYGvoWH.exe
  C:\Windows\System\MYGvoWH.exe
  2⤵
  PID:12892
- C:\Windows\System\fWDeeVK.exe
  C:\Windows\System\fWDeeVK.exe
  2⤵
  PID:12952
- C:\Windows\System\yJTIPQQ.exe
  C:\Windows\System\yJTIPQQ.exe
  2⤵
  PID:12988
- C:\Windows\System\sBRqPsX.exe
  C:\Windows\System\sBRqPsX.exe
  2⤵
  PID:13008
- C:\Windows\System\EepXLgX.exe
  C:\Windows\System\EepXLgX.exe
  2⤵
  PID:13028
- C:\Windows\System\RcNdbXe.exe
  C:\Windows\System\RcNdbXe.exe
  2⤵
  PID:13044
- C:\Windows\System\XgatYuz.exe
  C:\Windows\System\XgatYuz.exe
  2⤵
  PID:13068
- C:\Windows\System\afighQw.exe
  C:\Windows\System\afighQw.exe
  2⤵
  PID:13084
- C:\Windows\System\LPvhfqm.exe
  C:\Windows\System\LPvhfqm.exe
  2⤵
  PID:13112
- C:\Windows\System\PGOZFIT.exe
  C:\Windows\System\PGOZFIT.exe
  2⤵
  PID:13128
- C:\Windows\System\efaODxD.exe
  C:\Windows\System\efaODxD.exe
  2⤵
  PID:13152
- C:\Windows\System\BkxgvoL.exe
  C:\Windows\System\BkxgvoL.exe
  2⤵
  PID:13176
- C:\Windows\System\KPfVYWs.exe
  C:\Windows\System\KPfVYWs.exe
  2⤵
  PID:13200
- C:\Windows\System\HmmfalM.exe
  C:\Windows\System\HmmfalM.exe
  2⤵
  PID:13224
- C:\Windows\System\GMGwpbq.exe
  C:\Windows\System\GMGwpbq.exe
  2⤵
  PID:13244
- C:\Windows\System\VAMkyMP.exe
  C:\Windows\System\VAMkyMP.exe
  2⤵
  PID:13264
- C:\Windows\System\MkqIYcU.exe
  C:\Windows\System\MkqIYcU.exe
  2⤵
  PID:13288
- C:\Windows\System\PceIsDf.exe
  C:\Windows\System\PceIsDf.exe
  2⤵
  PID:8788
- C:\Windows\System\cQadClS.exe
  C:\Windows\System\cQadClS.exe
  2⤵
  PID:8572
- C:\Windows\System\nCNsmTd.exe
  C:\Windows\System\nCNsmTd.exe
  2⤵
  PID:8724
- C:\Windows\System\hpJozHN.exe
  C:\Windows\System\hpJozHN.exe
  2⤵
  PID:9528
- C:\Windows\System\AfzCRyp.exe
  C:\Windows\System\AfzCRyp.exe
  2⤵
  PID:7976
- C:\Windows\System\qgfCJfk.exe
  C:\Windows\System\qgfCJfk.exe
  2⤵
  PID:9652
- C:\Windows\System\SxOeZBr.exe
  C:\Windows\System\SxOeZBr.exe
  2⤵
  PID:9500
- C:\Windows\System\WvAFxBX.exe
  C:\Windows\System\WvAFxBX.exe
  2⤵
  PID:9792
- C:\Windows\System\mheBhiQ.exe
  C:\Windows\System\mheBhiQ.exe
  2⤵
  PID:9296
- C:\Windows\System\pqPDHIZ.exe
  C:\Windows\System\pqPDHIZ.exe
  2⤵
  PID:12096
- C:\Windows\System\hvwiePF.exe
  C:\Windows\System\hvwiePF.exe
  2⤵
  PID:8064
- C:\Windows\System\ehtTKJh.exe
  C:\Windows\System\ehtTKJh.exe
  2⤵
  PID:11020
- C:\Windows\System\ERZuYCL.exe
  C:\Windows\System\ERZuYCL.exe
  2⤵
  PID:12844
- C:\Windows\System\BZaXGRu.exe
  C:\Windows\System\BZaXGRu.exe
  2⤵
  PID:12588
- C:\Windows\System\sWnxDfM.exe
  C:\Windows\System\sWnxDfM.exe
  2⤵
  PID:10212
- C:\Windows\System\FFQNPUa.exe
  C:\Windows\System\FFQNPUa.exe
  2⤵
  PID:8824
- C:\Windows\System\RhvAOLh.exe
  C:\Windows\System\RhvAOLh.exe
  2⤵
  PID:8976
- C:\Windows\System\vhgcUTB.exe
  C:\Windows\System\vhgcUTB.exe
  2⤵
  PID:13220
- C:\Windows\System\sQISNeY.exe
  C:\Windows\System\sQISNeY.exe
  2⤵
  PID:8876
- C:\Windows\System\QrVZekB.exe
  C:\Windows\System\QrVZekB.exe
  2⤵
  PID:12324
- C:\Windows\System\xDeUhDx.exe
  C:\Windows\System\xDeUhDx.exe
  2⤵
  PID:11344
- C:\Windows\System\TnFBYlc.exe
  C:\Windows\System\TnFBYlc.exe
  2⤵
  PID:9776
- C:\Windows\System\WMEQYpf.exe
  C:\Windows\System\WMEQYpf.exe
  2⤵
  PID:12624
- C:\Windows\System\ilYruWu.exe
  C:\Windows\System\ilYruWu.exe
  2⤵
  PID:11500
- C:\Windows\System\GTnVczK.exe
  C:\Windows\System\GTnVczK.exe
  2⤵
  PID:2792
- C:\Windows\System\MoqJLbK.exe
  C:\Windows\System\MoqJLbK.exe
  2⤵
  PID:11944
- C:\Windows\System\IdxCgnV.exe
  C:\Windows\System\IdxCgnV.exe
  2⤵
  PID:12032
- C:\Windows\System\OjkJLBJ.exe
  C:\Windows\System\OjkJLBJ.exe
  2⤵
  PID:12424
- C:\Windows\System\KEGSDuT.exe
  C:\Windows\System\KEGSDuT.exe
  2⤵
  PID:10472
- C:\Windows\System\EijraKg.exe
  C:\Windows\System\EijraKg.exe
  2⤵
  PID:12188
- C:\Windows\System\cwMExan.exe
  C:\Windows\System\cwMExan.exe
  2⤵
  PID:11188
- C:\Windows\System\IwAeUYp.exe
  C:\Windows\System\IwAeUYp.exe
  2⤵
  PID:8236
- C:\Windows\System\riHLYAk.exe
  C:\Windows\System\riHLYAk.exe
  2⤵
  PID:11668
- C:\Windows\System\tsKshuc.exe
  C:\Windows\System\tsKshuc.exe
  2⤵
  PID:8568
- C:\Windows\System\ynCgpJX.exe
  C:\Windows\System\ynCgpJX.exe
  2⤵
  PID:12636
- C:\Windows\System\ggZFNqi.exe
  C:\Windows\System\ggZFNqi.exe
  2⤵
  PID:10616
- C:\Windows\System\IvSMacu.exe
  C:\Windows\System\IvSMacu.exe
  2⤵
  PID:11940
- C:\Windows\System\GFvOWPP.exe
  C:\Windows\System\GFvOWPP.exe
  2⤵
  PID:11772
- C:\Windows\System\kHXoogP.exe
  C:\Windows\System\kHXoogP.exe
  2⤵
  PID:12632
- C:\Windows\System\cWiDbtw.exe
  C:\Windows\System\cWiDbtw.exe
  2⤵
  PID:12120
- C:\Windows\System\GhamtWd.exe
  C:\Windows\System\GhamtWd.exe
  2⤵
  PID:13016
- C:\Windows\System\kOFwEou.exe
  C:\Windows\System\kOFwEou.exe
  2⤵
  PID:11292
- C:\Windows\System\CqSQyFX.exe
  C:\Windows\System\CqSQyFX.exe
  2⤵
  PID:9872
- C:\Windows\System\lzfFeAb.exe
  C:\Windows\System\lzfFeAb.exe
  2⤵
  PID:9388
- C:\Windows\System\EcDcCnp.exe
  C:\Windows\System\EcDcCnp.exe
  2⤵
  PID:9580
- C:\Windows\System\DxchOWU.exe
  C:\Windows\System\DxchOWU.exe
  2⤵
  PID:13184
- C:\Windows\System\mczrvTE.exe
  C:\Windows\System\mczrvTE.exe
  2⤵
  PID:12232
- C:\Windows\System\cFfqkDq.exe
  C:\Windows\System\cFfqkDq.exe
  2⤵
  PID:11764
- C:\Windows\System\OOqENVk.exe
  C:\Windows\System\OOqENVk.exe
  2⤵
  PID:4928
- C:\Windows\System\kZPwtuo.exe
  C:\Windows\System\kZPwtuo.exe
  2⤵
  PID:7760
- C:\Windows\System\lYHUBbp.exe
  C:\Windows\System\lYHUBbp.exe
  2⤵
  PID:8888
- C:\Windows\System\PjZICAU.exe
  C:\Windows\System\PjZICAU.exe
  2⤵
  PID:10452
- C:\Windows\System\TXlgsmE.exe
  C:\Windows\System\TXlgsmE.exe
  2⤵
  PID:9016
- C:\Windows\System\JHmcItk.exe
  C:\Windows\System\JHmcItk.exe
  2⤵
  PID:10292
- C:\Windows\System\grOHjBW.exe
  C:\Windows\System\grOHjBW.exe
  2⤵
  PID:13280
- C:\Windows\System\iCoJFzj.exe
  C:\Windows\System\iCoJFzj.exe
  2⤵
  PID:11568
- C:\Windows\System\CGIwOnC.exe
  C:\Windows\System\CGIwOnC.exe
  2⤵
  PID:11664
- C:\Windows\System\bDuSOcY.exe
  C:\Windows\System\bDuSOcY.exe
  2⤵
  PID:12532
- C:\Windows\System\SFrtZSE.exe
  C:\Windows\System\SFrtZSE.exe
  2⤵
  PID:8684
- C:\Windows\System\fVeyByI.exe
  C:\Windows\System\fVeyByI.exe
  2⤵
  PID:9816
- C:\Windows\System\gBWcWzB.exe
  C:\Windows\System\gBWcWzB.exe
  2⤵
  PID:7268
- C:\Windows\System\iNHjZKr.exe
  C:\Windows\System\iNHjZKr.exe
  2⤵
  PID:10148
- C:\Windows\System\NfxuzJZ.exe
  C:\Windows\System\NfxuzJZ.exe
  2⤵
  PID:12172
- C:\Windows\System\ZvZegQf.exe
  C:\Windows\System\ZvZegQf.exe
  2⤵
  PID:9936
- C:\Windows\System\wneKbGA.exe
  C:\Windows\System\wneKbGA.exe
  2⤵
  PID:13144
- C:\Windows\System\jJNaLSP.exe
  C:\Windows\System\jJNaLSP.exe
  2⤵
  PID:11788
- C:\Windows\System\oairire.exe
  C:\Windows\System\oairire.exe
  2⤵
  PID:2088
- C:\Windows\System\iSHLPqk.exe
  C:\Windows\System\iSHLPqk.exe
  2⤵
  PID:4896
- C:\Windows\System\goiKScj.exe
  C:\Windows\System\goiKScj.exe
  2⤵
  PID:9244
- C:\Windows\System\tTeFXPo.exe
  C:\Windows\System\tTeFXPo.exe
  2⤵
  PID:828
- C:\Windows\System\zGRoYPo.exe
  C:\Windows\System\zGRoYPo.exe
  2⤵
  PID:3076
- C:\Windows\System\SUlQoTm.exe
  C:\Windows\System\SUlQoTm.exe
  2⤵
  PID:12256
- C:\Windows\System\BfOqKDr.exe
  C:\Windows\System\BfOqKDr.exe
  2⤵
  PID:8956
- C:\Windows\System\cUQrXBa.exe
  C:\Windows\System\cUQrXBa.exe
  2⤵
  PID:11520
- C:\Windows\System\CUXQndp.exe
  C:\Windows\System\CUXQndp.exe
  2⤵
  PID:11924
- C:\Windows\System\SfQYGep.exe
  C:\Windows\System\SfQYGep.exe
  2⤵
  PID:8808
- C:\Windows\System\beXsepu.exe
  C:\Windows\System\beXsepu.exe
  2⤵
  PID:10216
- C:\Windows\System\uYyYVIR.exe
  C:\Windows\System\uYyYVIR.exe
  2⤵
  PID:9468
- C:\Windows\System\DLrFOwU.exe
  C:\Windows\System\DLrFOwU.exe
  2⤵
  PID:7520
- C:\Windows\System\aFPKxkf.exe
  C:\Windows\System\aFPKxkf.exe
  2⤵
  PID:1620
- C:\Windows\System\zkPXMyY.exe
  C:\Windows\System\zkPXMyY.exe
  2⤵
  PID:11280
- C:\Windows\System\zunyvWg.exe
  C:\Windows\System\zunyvWg.exe
  2⤵
  PID:3880
- C:\Windows\System\mWyGxEC.exe
  C:\Windows\System\mWyGxEC.exe
  2⤵
  PID:11960
- C:\Windows\System\sTrDMmn.exe
  C:\Windows\System\sTrDMmn.exe
  2⤵
  PID:10144
- C:\Windows\System\XdQkNtm.exe
  C:\Windows\System\XdQkNtm.exe
  2⤵
  PID:4360
- C:\Windows\System\pjxIhLp.exe
  C:\Windows\System\pjxIhLp.exe
  2⤵
  PID:3300
- C:\Windows\System\OJgKrDV.exe
  C:\Windows\System\OJgKrDV.exe
  2⤵
  PID:6048
- C:\Windows\System\EIutWDg.exe
  C:\Windows\System\EIutWDg.exe
  2⤵
  PID:3660
- C:\Windows\System\BUHJZpi.exe
  C:\Windows\System\BUHJZpi.exe
  2⤵
  PID:7080
- C:\Windows\System\HMYSXLR.exe
  C:\Windows\System\HMYSXLR.exe
  2⤵
  PID:9896
- C:\Windows\System\PLWSCki.exe
  C:\Windows\System\PLWSCki.exe
  2⤵
  PID:12004
- C:\Windows\System\aDxOxaj.exe
  C:\Windows\System\aDxOxaj.exe
  2⤵
  PID:12168
- C:\Windows\System\OuoyeCc.exe
  C:\Windows\System\OuoyeCc.exe
  2⤵
  PID:1608
- C:\Windows\System\gMzjuyi.exe
  C:\Windows\System\gMzjuyi.exe
  2⤵
  PID:2856
- C:\Windows\System\UvxlDjQ.exe
  C:\Windows\System\UvxlDjQ.exe
  2⤵
  PID:5728
- C:\Windows\System\OgHBhDs.exe
  C:\Windows\System\OgHBhDs.exe
  2⤵
  PID:12564
- C:\Windows\System\ENocnRD.exe
  C:\Windows\System\ENocnRD.exe
  2⤵
  PID:4392
- C:\Windows\System\oqpuwUC.exe
  C:\Windows\System\oqpuwUC.exe
  2⤵
  PID:1728
- C:\Windows\System\nTkkpXM.exe
  C:\Windows\System\nTkkpXM.exe
  2⤵
  PID:12800
- C:\Windows\System\cPMWagm.exe
  C:\Windows\System\cPMWagm.exe
  2⤵
  PID:13324
- C:\Windows\System\QBULtUZ.exe
  C:\Windows\System\QBULtUZ.exe
  2⤵
  PID:13340
- C:\Windows\System\xsXNjlF.exe
  C:\Windows\System\xsXNjlF.exe
  2⤵
  PID:13360
- C:\Windows\System\mxzHwuO.exe
  C:\Windows\System\mxzHwuO.exe
  2⤵
  PID:13380
- C:\Windows\System\ejlJZZC.exe
  C:\Windows\System\ejlJZZC.exe
  2⤵
  PID:13400
- C:\Windows\System\JWhLlKe.exe
  C:\Windows\System\JWhLlKe.exe
  2⤵
  PID:13416
- C:\Windows\System\hvSRMuU.exe
  C:\Windows\System\hvSRMuU.exe
  2⤵
  PID:13436
- C:\Windows\System\CMOMexL.exe
  C:\Windows\System\CMOMexL.exe
  2⤵
  PID:13456
- C:\Windows\System\WWxEFSg.exe
  C:\Windows\System\WWxEFSg.exe
  2⤵
  PID:13480
- C:\Windows\System\aiWPzgL.exe
  C:\Windows\System\aiWPzgL.exe
  2⤵
  PID:13496
- C:\Windows\System\wuimNMy.exe
  C:\Windows\System\wuimNMy.exe
  2⤵
  PID:13512
- C:\Windows\System\mSHolYC.exe
  C:\Windows\System\mSHolYC.exe
  2⤵
  PID:13528
- C:\Windows\System\DplWSFi.exe
  C:\Windows\System\DplWSFi.exe
  2⤵
  PID:13552
- C:\Windows\System\KoPDpiQ.exe
  C:\Windows\System\KoPDpiQ.exe
  2⤵
  PID:13572
- C:\Windows\System\hoWnEAA.exe
  C:\Windows\System\hoWnEAA.exe
  2⤵
  PID:13588
- C:\Windows\System\NASzAML.exe
  C:\Windows\System\NASzAML.exe
  2⤵
  PID:13604
- C:\Windows\System\ayrsoOJ.exe
  C:\Windows\System\ayrsoOJ.exe
  2⤵
  PID:13620
- C:\Windows\System\OonRmCt.exe
  C:\Windows\System\OonRmCt.exe
  2⤵
  PID:13636
- C:\Windows\System\tZkMtQI.exe
  C:\Windows\System\tZkMtQI.exe
  2⤵
  PID:13652
- C:\Windows\System\SmDbJCZ.exe
  C:\Windows\System\SmDbJCZ.exe
  2⤵
  PID:13668
- C:\Windows\System\VdGofOG.exe
  C:\Windows\System\VdGofOG.exe
  2⤵
  PID:13684
- C:\Windows\System\FMDMBVe.exe
  C:\Windows\System\FMDMBVe.exe
  2⤵
  PID:13700
- C:\Windows\System\EZiqEPB.exe
  C:\Windows\System\EZiqEPB.exe
  2⤵
  PID:13720
- C:\Windows\System\sjQYvMv.exe
  C:\Windows\System\sjQYvMv.exe
  2⤵
  PID:13740
- C:\Windows\System\IkpwEgo.exe
  C:\Windows\System\IkpwEgo.exe
  2⤵
  PID:13756
- C:\Windows\System\OyeDRuQ.exe
  C:\Windows\System\OyeDRuQ.exe
  2⤵
  PID:13772
- C:\Windows\System\huWdybd.exe
  C:\Windows\System\huWdybd.exe
  2⤵
  PID:13788
- C:\Windows\System\rMJKzuK.exe
  C:\Windows\System\rMJKzuK.exe
  2⤵
  PID:13804
- C:\Windows\System\CxyFmOT.exe
  C:\Windows\System\CxyFmOT.exe
  2⤵
  PID:13820
- C:\Windows\System\XNoYtVG.exe
  C:\Windows\System\XNoYtVG.exe
  2⤵
  PID:13844
- C:\Windows\System\dOpaCQP.exe
  C:\Windows\System\dOpaCQP.exe
  2⤵
  PID:13860
- C:\Windows\System\bXbEOaz.exe
  C:\Windows\System\bXbEOaz.exe
  2⤵
  PID:13876
- C:\Windows\System\jFKydXd.exe
  C:\Windows\System\jFKydXd.exe
  2⤵
  PID:13892
- C:\Windows\System\noRiIVN.exe
  C:\Windows\System\noRiIVN.exe
  2⤵
  PID:13908
- C:\Windows\System\hknednI.exe
  C:\Windows\System\hknednI.exe
  2⤵
  PID:13924
- C:\Windows\System\YQvpRAU.exe
  C:\Windows\System\YQvpRAU.exe
  2⤵
  PID:13940
- C:\Windows\System\kRLXMCm.exe
  C:\Windows\System\kRLXMCm.exe
  2⤵
  PID:13956
- C:\Windows\System\CJSEDVC.exe
  C:\Windows\System\CJSEDVC.exe
  2⤵
  PID:13972
- C:\Windows\System\eZaflat.exe
  C:\Windows\System\eZaflat.exe
  2⤵
  PID:13988
- C:\Windows\System\YbLYgFR.exe
  C:\Windows\System\YbLYgFR.exe
  2⤵
  PID:14004
- C:\Windows\System\pNyjfaW.exe
  C:\Windows\System\pNyjfaW.exe
  2⤵
  PID:14020
- C:\Windows\System\BEkHxuO.exe
  C:\Windows\System\BEkHxuO.exe
  2⤵
  PID:14036
- C:\Windows\System\wNUGGfA.exe
  C:\Windows\System\wNUGGfA.exe
  2⤵
  PID:14056
- C:\Windows\System\lceuaEa.exe
  C:\Windows\System\lceuaEa.exe
  2⤵
  PID:14088
- C:\Windows\System\WbAlqVA.exe
  C:\Windows\System\WbAlqVA.exe
  2⤵
  PID:14104
- C:\Windows\System\OCnQRHQ.exe
  C:\Windows\System\OCnQRHQ.exe
  2⤵
  PID:14120
- C:\Windows\System\fohILol.exe
  C:\Windows\System\fohILol.exe
  2⤵
  PID:14136
- C:\Windows\System\MdPhFMf.exe
  C:\Windows\System\MdPhFMf.exe
  2⤵
  PID:14152
- C:\Windows\System\tiZpMbY.exe
  C:\Windows\System\tiZpMbY.exe
  2⤵
  PID:14168
- C:\Windows\System\WtjZXtk.exe
  C:\Windows\System\WtjZXtk.exe
  2⤵
  PID:14184
- C:\Windows\System\jPpSmpp.exe
  C:\Windows\System\jPpSmpp.exe
  2⤵
  PID:14200
- C:\Windows\System\EqNCXBo.exe
  C:\Windows\System\EqNCXBo.exe
  2⤵
  PID:14216
- C:\Windows\System\KrGJoIP.exe
  C:\Windows\System\KrGJoIP.exe
  2⤵
  PID:14232
- C:\Windows\System\MqlEirz.exe
  C:\Windows\System\MqlEirz.exe
  2⤵
  PID:14248
- C:\Windows\System\GYhTDBM.exe
  C:\Windows\System\GYhTDBM.exe
  2⤵
  PID:14264
- C:\Windows\System\ZxqLOzB.exe
  C:\Windows\System\ZxqLOzB.exe
  2⤵
  PID:14280
- C:\Windows\System\CjeyCzV.exe
  C:\Windows\System\CjeyCzV.exe
  2⤵
  PID:14296
- C:\Windows\System\zSWjIuU.exe
  C:\Windows\System\zSWjIuU.exe
  2⤵
  PID:14312
- C:\Windows\System\iptnFdD.exe
  C:\Windows\System\iptnFdD.exe
  2⤵
  PID:14332
- C:\Windows\System\djbNAMc.exe
  C:\Windows\System\djbNAMc.exe
  2⤵
  PID:13336
- C:\Windows\System\esZKKDR.exe
  C:\Windows\System\esZKKDR.exe
  2⤵
  PID:13368
- C:\Windows\System\tIDbgZk.exe
  C:\Windows\System\tIDbgZk.exe
  2⤵
  PID:13396
- C:\Windows\System\AmESbNT.exe
  C:\Windows\System\AmESbNT.exe
  2⤵
  PID:13448
- C:\Windows\System\OXlfvlY.exe
  C:\Windows\System\OXlfvlY.exe
  2⤵
  PID:13472
- C:\Windows\System\qrExyCD.exe
  C:\Windows\System\qrExyCD.exe
  2⤵
  PID:13492
- C:\Windows\System\VcJSQnj.exe
  C:\Windows\System\VcJSQnj.exe
  2⤵
  PID:13520
- C:\Windows\System\nsXWOTr.exe
  C:\Windows\System\nsXWOTr.exe
  2⤵
  PID:13564
- C:\Windows\System\ageURSa.exe
  C:\Windows\System\ageURSa.exe
  2⤵
  PID:13600
- C:\Windows\System\yodKbny.exe
  C:\Windows\System\yodKbny.exe
  2⤵
  PID:13468
- C:\Windows\System\BAJOWev.exe
  C:\Windows\System\BAJOWev.exe
  2⤵
  PID:13728
- C:\Windows\System\zVBcNLe.exe
  C:\Windows\System\zVBcNLe.exe
  2⤵
  PID:13784
- C:\Windows\System\MZWkAWh.exe
  C:\Windows\System\MZWkAWh.exe
  2⤵
  PID:13816
- C:\Windows\System\lcFPtBF.exe
  C:\Windows\System\lcFPtBF.exe
  2⤵
  PID:13868
- C:\Windows\System\NYswrHu.exe
  C:\Windows\System\NYswrHu.exe
  2⤵
  PID:13900
- C:\Windows\System\qPKyOYH.exe
  C:\Windows\System\qPKyOYH.exe
  2⤵
  PID:13948
- C:\Windows\System\VFOtoKa.exe
  C:\Windows\System\VFOtoKa.exe
  2⤵
  PID:13984
- C:\Windows\System\lysiApW.exe
  C:\Windows\System\lysiApW.exe
  2⤵
  PID:14016
- C:\Windows\System\YsuPUNZ.exe
  C:\Windows\System\YsuPUNZ.exe
  2⤵
  PID:14048
- C:\Windows\System\FtnzLAQ.exe
  C:\Windows\System\FtnzLAQ.exe
  2⤵
  PID:14100
- C:\Windows\System\ULlqsMs.exe
  C:\Windows\System\ULlqsMs.exe
  2⤵
  PID:14132
- C:\Windows\System\lWpgZPz.exe
  C:\Windows\System\lWpgZPz.exe
  2⤵
  PID:4112
- C:\Windows\System\YQAPUDu.exe
  C:\Windows\System\YQAPUDu.exe
  2⤵
  PID:14160
- C:\Windows\System\FOfxdnY.exe
  C:\Windows\System\FOfxdnY.exe
  2⤵
  PID:14192
- C:\Windows\System\OOudofH.exe
  C:\Windows\System\OOudofH.exe
  2⤵
  PID:14224
- C:\Windows\System\xrhIDAB.exe
  C:\Windows\System\xrhIDAB.exe
  2⤵
  PID:14256
- C:\Windows\System\eMgpsnj.exe
  C:\Windows\System\eMgpsnj.exe
  2⤵
  PID:1548
- C:\Windows\System\FdMkEys.exe
  C:\Windows\System\FdMkEys.exe
  2⤵
  PID:14308
- C:\Windows\System\nztxcxR.exe
  C:\Windows\System\nztxcxR.exe
  2⤵
  PID:13352
- C:\Windows\System\JmzYEPD.exe
  C:\Windows\System\JmzYEPD.exe
  2⤵
  PID:13432
- C:\Windows\System\EBytVYI.exe
  C:\Windows\System\EBytVYI.exe
  2⤵
  PID:13508
- C:\Windows\System\vJPuTVs.exe
  C:\Windows\System\vJPuTVs.exe
  2⤵
  PID:13628
- C:\Windows\System\xzLbmTI.exe
  C:\Windows\System\xzLbmTI.exe
  2⤵
  PID:13696
- C:\Windows\System\mhonTRX.exe
  C:\Windows\System\mhonTRX.exe
  2⤵
  PID:1652
- C:\Windows\System\oEVAYzM.exe
  C:\Windows\System\oEVAYzM.exe
  2⤵
  PID:4220
- C:\Windows\System\XxFJYxD.exe
  C:\Windows\System\XxFJYxD.exe
  2⤵
  PID:13692
- C:\Windows\System\wlhjYjX.exe
  C:\Windows\System\wlhjYjX.exe
  2⤵
  PID:13936
- C:\Windows\System\ZnJgXjt.exe
  C:\Windows\System\ZnJgXjt.exe
  2⤵
  PID:1268
- C:\Windows\System\bEgvYXn.exe
  C:\Windows\System\bEgvYXn.exe
  2⤵
  PID:13752
- C:\Windows\System\XzLGZPR.exe
  C:\Windows\System\XzLGZPR.exe
  2⤵
  PID:14012
- C:\Windows\System\TiACFHF.exe
  C:\Windows\System\TiACFHF.exe
  2⤵
  PID:14128
- C:\Windows\System\Bmslkqh.exe
  C:\Windows\System\Bmslkqh.exe
  2⤵
  PID:3132
- C:\Windows\System\IQpvBlq.exe
  C:\Windows\System\IQpvBlq.exe
  2⤵
  PID:13548
- C:\Windows\System\PDiZCgP.exe
  C:\Windows\System\PDiZCgP.exe
  2⤵
  PID:1664
- C:\Windows\System\DTuWcRZ.exe
  C:\Windows\System\DTuWcRZ.exe
  2⤵
  PID:14032
- C:\Windows\System\TdRcCRQ.exe
  C:\Windows\System\TdRcCRQ.exe
  2⤵
  PID:13332
- C:\Windows\System\vyFeILY.exe
  C:\Windows\System\vyFeILY.exe
  2⤵
  PID:14208
- C:\Windows\System\tdtzzDE.exe
  C:\Windows\System\tdtzzDE.exe
  2⤵
  PID:4936
- C:\Windows\System\fPmfZOf.exe
  C:\Windows\System\fPmfZOf.exe
  2⤵
  PID:1584
- C:\Windows\System\fssuhWl.exe
  C:\Windows\System\fssuhWl.exe
  2⤵
  PID:576
- C:\Windows\System\eRJiHam.exe
  C:\Windows\System\eRJiHam.exe
  2⤵
  PID:1388
- C:\Windows\System\JdUYsio.exe
  C:\Windows\System\JdUYsio.exe
  2⤵
  PID:1220
- C:\Windows\System\PAhUHoa.exe
  C:\Windows\System\PAhUHoa.exe
  2⤵
  PID:14240
- C:\Windows\System\ZrTBiZO.exe
  C:\Windows\System\ZrTBiZO.exe
  2⤵
  PID:1412
- C:\Windows\System\mzgBBGO.exe
  C:\Windows\System\mzgBBGO.exe
  2⤵
  PID:3888
- C:\Windows\System\FiUMBuQ.exe
  C:\Windows\System\FiUMBuQ.exe
  2⤵
  PID:1016
- C:\Windows\System\SEWFpdJ.exe
  C:\Windows\System\SEWFpdJ.exe
  2⤵
  PID:1028
- C:\Windows\System\McYnmIC.exe
  C:\Windows\System\McYnmIC.exe
  2⤵
  PID:2132
- C:\Windows\System\tcMLlbA.exe
  C:\Windows\System\tcMLlbA.exe
  2⤵
  PID:3396
- C:\Windows\System\gMONmmy.exe
  C:\Windows\System\gMONmmy.exe
  2⤵
  PID:12596
- C:\Windows\System\IDHfJTZ.exe
  C:\Windows\System\IDHfJTZ.exe
  2⤵
  PID:5468
- C:\Windows\System\ywDiMwX.exe
  C:\Windows\System\ywDiMwX.exe
  2⤵
  PID:13888
- C:\Windows\System\iSzeSBi.exe
  C:\Windows\System\iSzeSBi.exe
  2⤵
  PID:1760
- C:\Windows\System\hgKebjU.exe
  C:\Windows\System\hgKebjU.exe
  2⤵
  PID:13768
- C:\Windows\System\MLgtEjc.exe
  C:\Windows\System\MLgtEjc.exe
  2⤵
  PID:14304
- C:\Windows\System\yKBbmgM.exe
  C:\Windows\System\yKBbmgM.exe
  2⤵
  PID:13732
- C:\Windows\System\nlUySHV.exe
  C:\Windows\System\nlUySHV.exe
  2⤵
  PID:6424
- C:\Windows\System\NMHPqTI.exe
  C:\Windows\System\NMHPqTI.exe
  2⤵
  PID:1856
- C:\Windows\System\WACgtkc.exe
  C:\Windows\System\WACgtkc.exe
  2⤵
  PID:4520
- C:\Windows\System\nKWBYMT.exe
  C:\Windows\System\nKWBYMT.exe
  2⤵
  PID:4228
- C:\Windows\System\VrfrnwG.exe
  C:\Windows\System\VrfrnwG.exe
  2⤵
  PID:1316
- C:\Windows\System\LhUgwED.exe
  C:\Windows\System\LhUgwED.exe
  2⤵
  PID:14364
- C:\Windows\System\dPxPDXv.exe
  C:\Windows\System\dPxPDXv.exe
  2⤵
  PID:14404
- C:\Windows\System\VvwnIGX.exe
  C:\Windows\System\VvwnIGX.exe
  2⤵
  PID:15120
- C:\Windows\System\vwHEGTS.exe
  C:\Windows\System\vwHEGTS.exe
  2⤵
  PID:15136
- C:\Windows\System\Iqvrval.exe
  C:\Windows\System\Iqvrval.exe
  2⤵
  PID:15152
- C:\Windows\System\IBLHgVC.exe
  C:\Windows\System\IBLHgVC.exe
  2⤵
  PID:15168
- C:\Windows\System\OjMWggR.exe
  C:\Windows\System\OjMWggR.exe
  2⤵
  PID:15184
- C:\Windows\System\wvDNDPv.exe
  C:\Windows\System\wvDNDPv.exe
  2⤵
  PID:15208
- C:\Windows\System\VyhyXIa.exe
  C:\Windows\System\VyhyXIa.exe
  2⤵
  PID:15224
- C:\Windows\System\oeluxiO.exe
  C:\Windows\System\oeluxiO.exe
  2⤵
  PID:15240
- C:\Windows\System\KMegmlw.exe
  C:\Windows\System\KMegmlw.exe
  2⤵
  PID:15256
- C:\Windows\System\bmhXVsS.exe
  C:\Windows\System\bmhXVsS.exe
  2⤵
  PID:15272
- C:\Windows\System\dckQBDL.exe
  C:\Windows\System\dckQBDL.exe
  2⤵
  PID:15288
- C:\Windows\System\PcyGGwN.exe
  C:\Windows\System\PcyGGwN.exe
  2⤵
  PID:15304
- C:\Windows\System\NsaEoXc.exe
  C:\Windows\System\NsaEoXc.exe
  2⤵
  PID:15320
- C:\Windows\System\QyKzZmj.exe
  C:\Windows\System\QyKzZmj.exe
  2⤵
  PID:15336
- C:\Windows\System\hzDPWpV.exe
  C:\Windows\System\hzDPWpV.exe
  2⤵
  PID:15352
- C:\Windows\System\YufJbOP.exe
  C:\Windows\System\YufJbOP.exe
  2⤵
  PID:14352
- C:\Windows\System\HTVHRQK.exe
  C:\Windows\System\HTVHRQK.exe
  2⤵
  PID:14360
- C:\Windows\System\pzxtQjT.exe
  C:\Windows\System\pzxtQjT.exe
  2⤵
  PID:14384
- C:\Windows\System\JGRBNGF.exe
  C:\Windows\System\JGRBNGF.exe
  2⤵
  PID:14416
- C:\Windows\System\PYcDCrC.exe
  C:\Windows\System\PYcDCrC.exe
  2⤵
  PID:14440
- C:\Windows\System\oTrdCdb.exe
  C:\Windows\System\oTrdCdb.exe
  2⤵
  PID:14456
- C:\Windows\System\NagbIzd.exe
  C:\Windows\System\NagbIzd.exe
  2⤵
  PID:14388
- C:\Windows\System\HGVIApD.exe
  C:\Windows\System\HGVIApD.exe
  2⤵
  PID:13964
- C:\Windows\System\hXtozZo.exe
  C:\Windows\System\hXtozZo.exe
  2⤵
  PID:1036
- C:\Windows\System\hJSBPoI.exe
  C:\Windows\System\hJSBPoI.exe
  2⤵
  PID:14488
- C:\Windows\System\FwRmWyd.exe
  C:\Windows\System\FwRmWyd.exe
  2⤵
  PID:14508
- C:\Windows\System\ggCKMpp.exe
  C:\Windows\System\ggCKMpp.exe
  2⤵
  PID:14528
- C:\Windows\System\TOhiKpA.exe
  C:\Windows\System\TOhiKpA.exe
  2⤵
  PID:14544
- C:\Windows\System\hnRCpVr.exe
  C:\Windows\System\hnRCpVr.exe
  2⤵
  PID:14560
- C:\Windows\System\PWdPssw.exe
  C:\Windows\System\PWdPssw.exe
  2⤵
  PID:14576
- C:\Windows\System\mWWRlvB.exe
  C:\Windows\System\mWWRlvB.exe
  2⤵
  PID:14592
- C:\Windows\System\HuRXwpP.exe
  C:\Windows\System\HuRXwpP.exe
  2⤵
  PID:14608
- C:\Windows\System\SrcWEnT.exe
  C:\Windows\System\SrcWEnT.exe
  2⤵
  PID:14628
- C:\Windows\System\mARxNgD.exe
  C:\Windows\System\mARxNgD.exe
  2⤵
  PID:14640
- C:\Windows\System\iuihiIB.exe
  C:\Windows\System\iuihiIB.exe
  2⤵
  PID:14656
- C:\Windows\System\cqaKTHH.exe
  C:\Windows\System\cqaKTHH.exe
  2⤵
  PID:14672
- C:\Windows\System\dFtbbKJ.exe
  C:\Windows\System\dFtbbKJ.exe
  2⤵
  PID:14688
- C:\Windows\System\VCRgbDp.exe
  C:\Windows\System\VCRgbDp.exe
  2⤵
  PID:14704
- C:\Windows\System\bUjEwvH.exe
  C:\Windows\System\bUjEwvH.exe
  2⤵
  PID:14720
- C:\Windows\System\alYqPUQ.exe
  C:\Windows\System\alYqPUQ.exe
  2⤵
  PID:14736
- C:\Windows\System\wqEGZXL.exe
  C:\Windows\System\wqEGZXL.exe
  2⤵
  PID:14752
- C:\Windows\System\VYIVxNc.exe
  C:\Windows\System\VYIVxNc.exe
  2⤵
  PID:14768
- C:\Windows\System\fTrIFUF.exe
  C:\Windows\System\fTrIFUF.exe
  2⤵
  PID:14784
- C:\Windows\System\uPBLLOd.exe
  C:\Windows\System\uPBLLOd.exe
  2⤵
  PID:14804
- C:\Windows\System\ZRxVFsj.exe
  C:\Windows\System\ZRxVFsj.exe
  2⤵
  PID:336
- C:\Windows\System\MeaQiqp.exe
  C:\Windows\System\MeaQiqp.exe
  2⤵
  PID:14988
- C:\Windows\System\sRejmiP.exe
  C:\Windows\System\sRejmiP.exe
  2⤵
  PID:15332
- C:\Windows\System\JywOcqW.exe
  C:\Windows\System\JywOcqW.exe
  2⤵
  PID:14376
- C:\Windows\System\EGaFqAA.exe
  C:\Windows\System\EGaFqAA.exe
  2⤵
  PID:14380
- C:\Windows\System\WfmXFRv.exe
  C:\Windows\System\WfmXFRv.exe
  2⤵
  PID:14436
- C:\Windows\System\WAvIEJW.exe
  C:\Windows\System\WAvIEJW.exe
  2⤵
  PID:2352
- C:\Windows\System\wBDHrkp.exe
  C:\Windows\System\wBDHrkp.exe
  2⤵
  PID:1724
- C:\Windows\System\zgYHUvD.exe
  C:\Windows\System\zgYHUvD.exe
  2⤵
  PID:11852
- C:\Windows\System\zSuglKz.exe
  C:\Windows\System\zSuglKz.exe
  2⤵
  PID:14468
- C:\Windows\System\IoHxRFH.exe
  C:\Windows\System\IoHxRFH.exe
  2⤵
  PID:6220
- C:\Windows\System\bGKyudo.exe
  C:\Windows\System\bGKyudo.exe
  2⤵
  PID:14504
- C:\Windows\System\LxlLCXv.exe
  C:\Windows\System\LxlLCXv.exe
  2⤵
  PID:14520
- C:\Windows\System\PysgrAt.exe
  C:\Windows\System\PysgrAt.exe
  2⤵
  PID:14556
- C:\Windows\System\SgvBrEQ.exe
  C:\Windows\System\SgvBrEQ.exe
  2⤵
  PID:14584
- C:\Windows\System\IHWNJGU.exe
  C:\Windows\System\IHWNJGU.exe
  2⤵
  PID:1240
- C:\Windows\System\rhAwkid.exe
  C:\Windows\System\rhAwkid.exe
  2⤵
  PID:14616
- C:\Windows\System\HULSDxv.exe
  C:\Windows\System\HULSDxv.exe
  2⤵
  PID:1044
- C:\Windows\System\KPBllet.exe
  C:\Windows\System\KPBllet.exe
  2⤵
  PID:14684
- C:\Windows\System\ksuhmSl.exe
  C:\Windows\System\ksuhmSl.exe
  2⤵
  PID:14716
- C:\Windows\System\XfluXgT.exe
  C:\Windows\System\XfluXgT.exe
  2⤵
  PID:14748
- C:\Windows\System\bBSfOdH.exe
  C:\Windows\System\bBSfOdH.exe
  2⤵
  PID:14780
- C:\Windows\System\GGSOtSZ.exe
  C:\Windows\System\GGSOtSZ.exe
  2⤵
  PID:3560
- C:\Windows\System\TBCzZuo.exe
  C:\Windows\System\TBCzZuo.exe
  2⤵
  PID:3540
- C:\Windows\System\gBZjcyF.exe
  C:\Windows\System\gBZjcyF.exe
  2⤵
  PID:14832
- C:\Windows\System\IJUPvBo.exe
  C:\Windows\System\IJUPvBo.exe
  2⤵
  PID:14852
- C:\Windows\System\HSBPhXx.exe
  C:\Windows\System\HSBPhXx.exe
  2⤵
  PID:14872
- C:\Windows\System\THFLGGe.exe
  C:\Windows\System\THFLGGe.exe
  2⤵
  PID:14900
- C:\Windows\System\TPQgblb.exe
  C:\Windows\System\TPQgblb.exe
  2⤵
  PID:14920
- C:\Windows\System\AVFbFGZ.exe
  C:\Windows\System\AVFbFGZ.exe
  2⤵
  PID:1076
- C:\Windows\System\fOgREDW.exe
  C:\Windows\System\fOgREDW.exe
  2⤵
  PID:684
- C:\Windows\System\ZOjKuRP.exe
  C:\Windows\System\ZOjKuRP.exe
  2⤵
  PID:2080
- C:\Windows\System\bZurHCi.exe
  C:\Windows\System\bZurHCi.exe
  2⤵
  PID:14932
- C:\Windows\System\NglgyVx.exe
  C:\Windows\System\NglgyVx.exe
  2⤵
  PID:14940
- C:\Windows\System\XfJJtND.exe
  C:\Windows\System\XfJJtND.exe
  2⤵
  PID:14964
- C:\Windows\System\iaOUkiE.exe
  C:\Windows\System\iaOUkiE.exe
  2⤵
  PID:6596
- C:\Windows\System\jHehIhL.exe
  C:\Windows\System\jHehIhL.exe
  2⤵
  PID:14968
- C:\Windows\System\XmbHxfU.exe
  C:\Windows\System\XmbHxfU.exe
  2⤵
  PID:14996
- C:\Windows\System\qcscFvn.exe
  C:\Windows\System\qcscFvn.exe
  2⤵
  PID:15032
- C:\Windows\System\JXEkAEr.exe
  C:\Windows\System\JXEkAEr.exe
  2⤵
  PID:15056
- C:\Windows\System\VLMyOce.exe
  C:\Windows\System\VLMyOce.exe
  2⤵
  PID:15072
- C:\Windows\System\pUvmdfy.exe
  C:\Windows\System\pUvmdfy.exe
  2⤵
  PID:15096
- C:\Windows\System\RJMDBTd.exe
  C:\Windows\System\RJMDBTd.exe
  2⤵
  PID:4192
- C:\Windows\System\BSaNwKW.exe
  C:\Windows\System\BSaNwKW.exe
  2⤵
  PID:15104
- C:\Windows\System\qEyGtRk.exe
  C:\Windows\System\qEyGtRk.exe
  2⤵
  PID:3916
- C:\Windows\System\qYHYktj.exe
  C:\Windows\System\qYHYktj.exe
  2⤵
  PID:15180
- C:\Windows\System\hgXKUJS.exe
  C:\Windows\System\hgXKUJS.exe
  2⤵
  PID:15216
- C:\Windows\System\bemQzfF.exe
  C:\Windows\System\bemQzfF.exe
  2⤵
  PID:15296
- C:\Windows\System\COAurRo.exe
  C:\Windows\System\COAurRo.exe
  2⤵
  PID:15300
- C:\Windows\System\rjPgTBq.exe
  C:\Windows\System\rjPgTBq.exe
  2⤵
  PID:13764
- C:\Windows\System\lywAOOI.exe
  C:\Windows\System\lywAOOI.exe
  2⤵
  PID:1764
- C:\Windows\System\CajrVce.exe
  C:\Windows\System\CajrVce.exe
  2⤵
  PID:14424
- C:\Windows\System\SmEuYGJ.exe
  C:\Windows\System\SmEuYGJ.exe
  2⤵
  PID:14500
- C:\Windows\System\fVoPbpn.exe
  C:\Windows\System\fVoPbpn.exe
  2⤵
  PID:2980
- C:\Windows\System\xvXKWGe.exe
  C:\Windows\System\xvXKWGe.exe
  2⤵
  PID:4992
- C:\Windows\System\tmgTyuL.exe
  C:\Windows\System\tmgTyuL.exe
  2⤵
  PID:14604
- C:\Windows\System\vOTzJYU.exe
  C:\Windows\System\vOTzJYU.exe
  2⤵
  PID:4700
- C:\Windows\System\XSRVnpf.exe
  C:\Windows\System\XSRVnpf.exe
  2⤵
  PID:14700
- C:\Windows\System\LtZXELF.exe
  C:\Windows\System\LtZXELF.exe
  2⤵
  PID:14776
- C:\Windows\System\UVuKcmd.exe
  C:\Windows\System\UVuKcmd.exe
  2⤵
  PID:14820
- C:\Windows\System\IEtOJcI.exe
  C:\Windows\System\IEtOJcI.exe
  2⤵
  PID:3564
- C:\Windows\System\kYRoQfX.exe
  C:\Windows\System\kYRoQfX.exe
  2⤵
  PID:14828
- C:\Windows\System\ZuxngQw.exe
  C:\Windows\System\ZuxngQw.exe
  2⤵
  PID:14844
- C:\Windows\System\ibJeQRF.exe
  C:\Windows\System\ibJeQRF.exe
  2⤵
  PID:14848
- C:\Windows\System\HgCuEDk.exe
  C:\Windows\System\HgCuEDk.exe
  2⤵
  PID:4964
- C:\Windows\System\fqcQgVP.exe
  C:\Windows\System\fqcQgVP.exe
  2⤵
  PID:14888
- C:\Windows\System\HYYuDoe.exe
  C:\Windows\System\HYYuDoe.exe
  2⤵
  PID:3360
- C:\Windows\System\rqSCdGw.exe
  C:\Windows\System\rqSCdGw.exe
  2⤵
  PID:2812
- C:\Windows\System\dObAhNe.exe
  C:\Windows\System\dObAhNe.exe
  2⤵
  PID:884
- C:\Windows\System\PDQTWcX.exe
  C:\Windows\System\PDQTWcX.exe
  2⤵
  PID:624
- C:\Windows\System\oXGzSyE.exe
  C:\Windows\System\oXGzSyE.exe
  2⤵
  PID:5016
- C:\Windows\System\SwxQVII.exe
  C:\Windows\System\SwxQVII.exe
  2⤵
  PID:880
- C:\Windows\System\jcSCHSh.exe
  C:\Windows\System\jcSCHSh.exe
  2⤵
  PID:15012
- C:\Windows\System\RjbrKyL.exe
  C:\Windows\System\RjbrKyL.exe
  2⤵
  PID:4996
- C:\Windows\System\YCzGAGT.exe
  C:\Windows\System\YCzGAGT.exe
  2⤵
  PID:6588
- C:\Windows\System\PWRhDNb.exe
  C:\Windows\System\PWRhDNb.exe
  2⤵
  PID:15036
- C:\Windows\System\AgSSyct.exe
  C:\Windows\System\AgSSyct.exe
  2⤵
  PID:3924
- C:\Windows\System\bevRoDh.exe
  C:\Windows\System\bevRoDh.exe
  2⤵
  PID:10752
- C:\Windows\System\mhZuhDQ.exe
  C:\Windows\System\mhZuhDQ.exe
  2⤵
  PID:4540
- C:\Windows\System\jODgdqa.exe
  C:\Windows\System\jODgdqa.exe
  2⤵
  PID:2996
- C:\Windows\System\ifsXwIF.exe
  C:\Windows\System\ifsXwIF.exe
  2⤵
  PID:15080
- C:\Windows\System\BFIpuVh.exe
  C:\Windows\System\BFIpuVh.exe
  2⤵
  PID:1904
- C:\Windows\System\brNFutf.exe
  C:\Windows\System\brNFutf.exe
  2⤵
  PID:3612
- C:\Windows\System\RSkGGsi.exe
  C:\Windows\System\RSkGGsi.exe
  2⤵
  PID:15108
- C:\Windows\System\ENWVRKE.exe
  C:\Windows\System\ENWVRKE.exe
  2⤵
  PID:3148
- C:\Windows\System\oSujvxP.exe
  C:\Windows\System\oSujvxP.exe
  2⤵
  PID:5664
- C:\Windows\System\LBkuALp.exe
  C:\Windows\System\LBkuALp.exe
  2⤵
  PID:5628
- C:\Windows\System\aFtoDcz.exe
  C:\Windows\System\aFtoDcz.exe
  2⤵
  PID:2444
- C:\Windows\System\cBAuraW.exe
  C:\Windows\System\cBAuraW.exe
  2⤵
  PID:5348
- C:\Windows\System\vpqJhhg.exe
  C:\Windows\System\vpqJhhg.exe
  2⤵
  PID:4368
- C:\Windows\System\NPERRjW.exe
  C:\Windows\System\NPERRjW.exe
  2⤵
  PID:15264
- C:\Windows\System\uuBkuRF.exe
  C:\Windows\System\uuBkuRF.exe
  2⤵
  PID:15116
- C:\Windows\System\KPcnQrC.exe
  C:\Windows\System\KPcnQrC.exe
  2⤵
  PID:15160
- C:\Windows\System\nVsDBgs.exe
  C:\Windows\System\nVsDBgs.exe
  2⤵
  PID:5692
- C:\Windows\System\nhufHTB.exe
  C:\Windows\System\nhufHTB.exe
  2⤵
  PID:15316
- C:\Windows\System\XguVHUR.exe
  C:\Windows\System\XguVHUR.exe
  2⤵
  PID:14412
- C:\Windows\System\RxdUxHb.exe
  C:\Windows\System\RxdUxHb.exe
  2⤵
  PID:5592
- C:\Windows\System\zXfgEkf.exe
  C:\Windows\System\zXfgEkf.exe
  2⤵
  PID:14552
- C:\Windows\System\TGfDQMs.exe
  C:\Windows\System\TGfDQMs.exe
  2⤵
  PID:14624
- C:\Windows\System\VzlQooW.exe
  C:\Windows\System\VzlQooW.exe
  2⤵
  PID:14664
- C:\Windows\System\RfRoJEV.exe
  C:\Windows\System\RfRoJEV.exe
  2⤵
  PID:14764
- C:\Windows\System\wbSwHLO.exe
  C:\Windows\System\wbSwHLO.exe
  2⤵
  PID:4532
- C:\Windows\System\YKbxLMy.exe
  C:\Windows\System\YKbxLMy.exe
  2⤵
  PID:14824
- C:\Windows\System\fOOTHRE.exe
  C:\Windows\System\fOOTHRE.exe
  2⤵
  PID:2436
- C:\Windows\System\DpZigyM.exe
  C:\Windows\System\DpZigyM.exe
  2⤵
  PID:14884
- C:\Windows\System\bOVRRdE.exe
  C:\Windows\System\bOVRRdE.exe
  2⤵
  PID:6176
- C:\Windows\System\zRQcLHp.exe
  C:\Windows\System\zRQcLHp.exe
  2⤵
  PID:14908
- C:\Windows\System\TJRKkCe.exe
  C:\Windows\System\TJRKkCe.exe
  2⤵
  PID:6020
- C:\Windows\System\mmPyGtT.exe
  C:\Windows\System\mmPyGtT.exe
  2⤵
  PID:4048
- C:\Windows\System\cWoVgaH.exe
  C:\Windows\System\cWoVgaH.exe
  2⤵
  PID:13644
- C:\Windows\System\yGaGveY.exe
  C:\Windows\System\yGaGveY.exe
  2⤵
  PID:1196
- C:\Windows\System\UPunzLe.exe
  C:\Windows\System\UPunzLe.exe
  2⤵
  PID:2520
- C:\Windows\System\FMATInI.exe
  C:\Windows\System\FMATInI.exe
  2⤵
  PID:4712
- C:\Windows\System\ATfoSBt.exe
  C:\Windows\System\ATfoSBt.exe
  2⤵
  PID:3104
- C:\Windows\System\uqYrciU.exe
  C:\Windows\System\uqYrciU.exe
  2⤵
  PID:6268
- C:\Windows\System\sdmjjwV.exe
  C:\Windows\System\sdmjjwV.exe
  2⤵
  PID:15044
- C:\Windows\System\UkzljbE.exe
  C:\Windows\System\UkzljbE.exe
  2⤵
  PID:6660
- C:\Windows\System\VHYNxKl.exe
  C:\Windows\System\VHYNxKl.exe
  2⤵
  PID:6284
- C:\Windows\System\hhtuVbC.exe
  C:\Windows\System\hhtuVbC.exe
  2⤵
  PID:4076
- C:\Windows\System\cifqkQv.exe
  C:\Windows\System\cifqkQv.exe
  2⤵
  PID:1624
- C:\Windows\System\sDkCqPh.exe
  C:\Windows\System\sDkCqPh.exe
  2⤵
  PID:4388
- C:\Windows\System\nfFmnfV.exe
  C:\Windows\System\nfFmnfV.exe
  2⤵
  PID:2408
- C:\Windows\System\vXytDqd.exe
  C:\Windows\System\vXytDqd.exe
  2⤵
  PID:3208
- C:\Windows\System\uyVhzFt.exe
  C:\Windows\System\uyVhzFt.exe
  2⤵
  PID:5684
- C:\Windows\System\WbxCrtU.exe
  C:\Windows\System\WbxCrtU.exe
  2⤵
  PID:5252
- C:\Windows\System\RaLgrpW.exe
  C:\Windows\System\RaLgrpW.exe
  2⤵
  PID:4600
- C:\Windows\System\qtIMqeh.exe
  C:\Windows\System\qtIMqeh.exe
  2⤵
  PID:3608
- C:\Windows\System\GjbWQrT.exe
  C:\Windows\System\GjbWQrT.exe
  2⤵
  PID:3620
- C:\Windows\System\NpuaHNT.exe
  C:\Windows\System\NpuaHNT.exe
  2⤵
  PID:4864
- C:\Windows\System\wRGlCcK.exe
  C:\Windows\System\wRGlCcK.exe
  2⤵
  PID:548
- C:\Windows\System\HTbfbcI.exe
  C:\Windows\System\HTbfbcI.exe
  2⤵
  PID:5964
- C:\Windows\System\SpHtnCg.exe
  C:\Windows\System\SpHtnCg.exe
  2⤵
  PID:5960
- C:\Windows\System\ETrSVdm.exe
  C:\Windows\System\ETrSVdm.exe
  2⤵
  PID:4364
- C:\Windows\System\HELTZsK.exe
  C:\Windows\System\HELTZsK.exe
  2⤵
  PID:5284
- C:\Windows\System\ZUNZESI.exe
  C:\Windows\System\ZUNZESI.exe
  2⤵
  PID:5956
- C:\Windows\System\YHQlEeb.exe
  C:\Windows\System\YHQlEeb.exe
  2⤵
  PID:3908
- C:\Windows\System\biamRjD.exe
  C:\Windows\System\biamRjD.exe
  2⤵
  PID:6024
- C:\Windows\System\khLhYtj.exe
  C:\Windows\System\khLhYtj.exe
  2⤵
  PID:5648
- C:\Windows\System\spdLtNX.exe
  C:\Windows\System\spdLtNX.exe
  2⤵
  PID:3724
- C:\Windows\System\QEEUcRc.exe
  C:\Windows\System\QEEUcRc.exe
  2⤵
  PID:6180
- C:\Windows\System\rWLXrwE.exe
  C:\Windows\System\rWLXrwE.exe
  2⤵
  PID:3164
- C:\Windows\System\aufujfA.exe
  C:\Windows\System\aufujfA.exe
  2⤵
  PID:6340
- C:\Windows\System\JbSWCxR.exe
  C:\Windows\System\JbSWCxR.exe
  2⤵
  PID:5528
- C:\Windows\System\KVtTsRv.exe
  C:\Windows\System\KVtTsRv.exe
  2⤵
  PID:6252
- C:\Windows\System\VwRSWPj.exe
  C:\Windows\System\VwRSWPj.exe
  2⤵
  PID:4568
- C:\Windows\System\hoYOqdJ.exe
  C:\Windows\System\hoYOqdJ.exe
  2⤵
  PID:5416
- C:\Windows\System\LzuNmKB.exe
  C:\Windows\System\LzuNmKB.exe
  2⤵
  PID:6164
- C:\Windows\System\YmgmiaQ.exe
  C:\Windows\System\YmgmiaQ.exe
  2⤵
  PID:5508
- C:\Windows\System\qLeECMW.exe
  C:\Windows\System\qLeECMW.exe
  2⤵
  PID:5448
- C:\Windows\System\anyrKHa.exe
  C:\Windows\System\anyrKHa.exe
  2⤵
  PID:15312
- C:\Windows\System\qSmDTFu.exe
  C:\Windows\System\qSmDTFu.exe
  2⤵
  PID:6384
- C:\Windows\System\JhVNSzJ.exe
  C:\Windows\System\JhVNSzJ.exe
  2⤵
  PID:6524
- C:\Windows\System\YMEILfT.exe
  C:\Windows\System\YMEILfT.exe
  2⤵
  PID:5424
- C:\Windows\System\EPkxDYh.exe
  C:\Windows\System\EPkxDYh.exe
  2⤵
  PID:6552
- C:\Windows\System\bDYHysO.exe
  C:\Windows\System\bDYHysO.exe
  2⤵
  PID:4960
- C:\Windows\System\YeYchkZ.exe
  C:\Windows\System\YeYchkZ.exe
  2⤵
  PID:3992
- C:\Windows\System\gFYoCku.exe
  C:\Windows\System\gFYoCku.exe
  2⤵
  PID:14868
- C:\Windows\System\WJxIzVq.exe
  C:\Windows\System\WJxIzVq.exe
  2⤵
  PID:4332
- C:\Windows\System\SULnnwg.exe
  C:\Windows\System\SULnnwg.exe
  2⤵
  PID:5588
- C:\Windows\System\ApbdqFT.exe
  C:\Windows\System\ApbdqFT.exe
  2⤵
  PID:2376
- C:\Windows\System\nyJxFCf.exe
  C:\Windows\System\nyJxFCf.exe
  2⤵
  PID:14984
- C:\Windows\System\MsQfGKa.exe
  C:\Windows\System\MsQfGKa.exe
  2⤵
  PID:5992
- C:\Windows\System\HVbNkcn.exe
  C:\Windows\System\HVbNkcn.exe
  2⤵
  PID:6196
- C:\Windows\System\WezTkCA.exe
  C:\Windows\System\WezTkCA.exe
  2⤵
  PID:1508
- C:\Windows\System\NOHhDqT.exe
  C:\Windows\System\NOHhDqT.exe
  2⤵
  PID:14976
- C:\Windows\System\kmCDvnL.exe
  C:\Windows\System\kmCDvnL.exe
  2⤵
  PID:1228

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13716

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13504

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4936

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14000

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14956

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14968

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14992

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:15024

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:15044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jwoyfzdz.ahy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CACUwJf.exe

Filesize
1.9MB

MD5
1d42db230b60225afed2d8cafeb4d3c7

SHA1
498d15001b92c229fc672e76185004e717814cec

SHA256
a6b912697f7d6a342ebc048f0c2b0fd879f83bbd12f1463ecbe83bd4c5902d0c

SHA512
cea7578d4537dc453ef0d8c6942427a6c0a31f41c283995a23e8230c205e95634788308261d22b379177172e4485bf6153cfee97b69bfedac473b78eb79cdf7e

Download Submit
C:\Windows\System\FaSYEEV.exe

Filesize
1.9MB

MD5
eef93e8f3060f3d53a5d25eab0b9bd80

SHA1
87315a318a213f742bef42890eecada4d3bfeae5

SHA256
1d2ab381e0075ac45740e444ab0471433068dd0c89cf80dc409a49a169cc1c3f

SHA512
a80ca149a7acfd451cccbce37c57f6319021d2c0eacd33c0d312be7f57d0b7add1f3ba1b34368f1ec5d9a60525154e8e5cff451b3242137af91ac2ef8557a2f7

Download Submit
C:\Windows\System\GVhEtHG.exe

Filesize
1.8MB

MD5
ffbb296f0769504857ac58b35326c4d6

SHA1
5a89929331dcec92631d48beca882528faa3dfee

SHA256
70f5044c112682e2f1133340cf8db75eb4fc145db554bb780ba5e70fab65041c

SHA512
19353a7cf1c4a8c3c8b93dd639a973bc372cb3b1b18a0e646bec3dca96864044922ff180bd87ae1e85aaec8b078c7e0223d254f892336edc73676a950353c002

Download Submit
C:\Windows\System\GbJLMpd.exe

Filesize
1.9MB

MD5
1af0fc30901a5795ab3992c492fe90b5

SHA1
86537bdd86c79e33e8353bb5c80a161b97e23fb6

SHA256
646757c17ec7268417b4c4e098632e5841f3c841c2fa3562e47487bc90819958

SHA512
d25cb02014136f3aeb53370cdf11874f3793ee75e2532a989055a8f23f63de55e5dde15836c8db29e195a74aec75f2f01354b4c0f8c13e1a7f47c1f9b1fe4bef

Download Submit
C:\Windows\System\HHrURlZ.exe

Filesize
1.9MB

MD5
8a90332f4f476cb487448a5d11c8119f

SHA1
5cae78fb174715b5985a9ea9d24ae61163a9ec67

SHA256
0f32d8e669ddc33a09f8cee2e0e8058697520d6289860d13f5737f465313675b

SHA512
dc8eb0edd432439e5d5e5566a5505d705086f94bab799903d05e61ab5670110a4afc39f3052b2bdd46a250d1c8a003ecc637599eaa98e631c68c10bd16a6361e

Download Submit
C:\Windows\System\IGtRIrf.exe

Filesize
1.9MB

MD5
c34009088593e3a9146995255a8ebaf9

SHA1
ee2c41b61b3542ebd776205c16f95a0644ac7e72

SHA256
07aaf7207714550a3549490c9c892fcfe253ca3e714c7ad7f97d01be766e82d9

SHA512
2cf8348bc714615073144eaf3f0686872a5b65d5a5afca6ee8669f708c20f5f639ba8bcf5b01b400a61baed25ddf22b0bdab64ead6cb05bfbfba5842bae4ec92

Download Submit
C:\Windows\System\KZiIxQy.exe

Filesize
1.9MB

MD5
cb22f7c827b7007722284c57d9da3175

SHA1
141dc73b2bd5993ec9c6085771afacf616a856ee

SHA256
cbecbb45d829d60eb56b0f07997527fc2a77bdd2b70c2dd4331d646dd6967364

SHA512
c9e3a6e484d4508d73b24228daa1ae35dc3b590193c96ae0e57757b92e5737ebce94023614cb1690ac527def27f510bff3f6f0ea70c7593139e1468be2a34984

Download Submit
C:\Windows\System\MZpWiEe.exe

Filesize
1.9MB

MD5
a530ba93fc2fc5c11513c1b23cd31e96

SHA1
d169d0606a11cd91aa840a6fd4762ff7aafa19d0

SHA256
71c095b974c1bcbb4bc973db3cb6b6f4e5f6c2883f0947f00fc72368c6c96ea7

SHA512
1ac63d6c9726b2f5c590a6391e3da3895f59a8268fd83312063e239b1b6ee33328c6ca8e9360edef0c42ca35dee69c6814479a96df540999ec6e449bd55cec98

Download Submit
C:\Windows\System\NSKTVHw.exe

Filesize
1.9MB

MD5
207e7e1f724171475a5b6c0e8ea44ca6

SHA1
507d1041f4fb0ef63feece826a3cdbb890fbade0

SHA256
3d4465988b2acda5b21da8c36d22054c96c40aab0a293569cc4c8b76e3b4e295

SHA512
c1a2a71bcaefedb89e1470eff84cc0052e94e5bb0b0b8e7db9d1a7c4dbc7314f5c7decfb582bc8785dcb59072cbf8e71cae981b52ebf4078186bf66ee006a739

Download Submit
C:\Windows\System\OKuRSod.exe

Filesize
1.9MB

MD5
f1c3ffadce9f210552d93756f36cbe2a

SHA1
898b5dda054f63b5ef3520f0b3105a74eec12b34

SHA256
8305a3379d519396920711b85c3ecbde07605fa2bba02d4c00e9938f64e2892d

SHA512
38ba7cc42101072763a64dbce51e79263202d5d5e22f0dec8525cc82fb746a3bd040b41a7e93837f8519a594bd0e675be271111ff5a808e1ed76110c5fdb712b

Download Submit
C:\Windows\System\ONqfMUW.exe

Filesize
1.9MB

MD5
05e71496c82597cd5bc6b5da3b10ca2f

SHA1
b6cbe9593ed2b3fefff4e8240ed1d25aceba261f

SHA256
dee87b10dbd9d3dbe3bb8f201f8eedf080e49903270a03fee0197ea587ead445

SHA512
4323ad046167fc45bff927857b701997b383886170bc031de9e28711fd6c43afacca85afadbfde648cf5f5f9814115b2caf7c7c140c16c79e8e2b530ecc31d2a

Download Submit
C:\Windows\System\PIhzOYN.exe

Filesize
1.9MB

MD5
80637421ff583838bfb5d0d7717aa6c4

SHA1
3e5556f6e0867c68d009f5cb1b3bc7840ece0945

SHA256
846b7c351a0e35c7331ba11613c1855bcf59422a358079f0699cad5978d83969

SHA512
b34597fa44e8efbb24246a0be7586eb3fd1673a0aed9d2fa76128b9a875878ba2a926014d84a06e12c001eb0859db02a02d9f02e7b37fd353d670e735e35a25a

Download Submit
C:\Windows\System\QHcRItU.exe

Filesize
1.9MB

MD5
7eb51165958e9f5c4f6dd4ac9ea5dcf0

SHA1
ec0ff3ed024ded4023684581c1f7df8e3f41b2a5

SHA256
0bd01b4620e76d815039f77aba315fb95e62fac63867245f91b9b837322ce45b

SHA512
81a969c3ed2ef7deb0a898f34553dded6b3bfb44e117339dcf614907ba07a4f34c92999d665f6d3496de76613e144e99153c26a3d9d32aa246fe248e2ef7a763

Download Submit
C:\Windows\System\QcNIrOe.exe

Filesize
1.8MB

MD5
784cb3c767558014508e4635d55a5f0d

SHA1
0f0f0718baad1916aa352d0d3a0e0430c23cd6ef

SHA256
36163d94f2a079095e7d3ea2c30f40550f01717b3598a848f7f292d2872cd315

SHA512
2c740a8bb1b5e6c710b7cf259c976d29bbe2781c09f17e1ef11a97db51ba2ed8122edcbf0b2658dcd88ce55f1adfa4ccb75ba46779d23cda57ff6f2995fdba5b

Download Submit
C:\Windows\System\RaoUPHO.exe

Filesize
1.9MB

MD5
3e93dd385eda2b983c12e3d8adf17385

SHA1
b8e73c21c9279f2bb2b3bd8ae39ffb5c2d202668

SHA256
38c67ea4921d387c47c7a24986bca46125b2c302e84d385e88b1bf26b732b4f4

SHA512
83657b5a1876f7012dd7e593a4dffc1c529ca5f4c8ee6719e01e8b7dec706d594abcf7d5d471a0d21774533a5671bbddf1bb0b00be963b261c51e3e006358e4f

Download Submit
C:\Windows\System\TBvAnFt.exe

Filesize
1.9MB

MD5
7c1220b849e9bffd2af8576e959d1245

SHA1
d575a9cadc7c44867eba83aa668ac741c4fc99f3

SHA256
2c45f8124d433c88499ce08137b9553d80092671784f53c4bea438e50f8403fa

SHA512
d1804ec1d8b0953d75025360e2955d2777044cb46b3d48b06b897ccd85e793a617f1240104b3300249a26fef7d5c402172a92b8465aa87cb9496594dd3eac75c

Download Submit
C:\Windows\System\TlLgarz.exe

Filesize
1.9MB

MD5
aee68410d7224882a39f12960b8cc27c

SHA1
1cb5f36e8136519ebf6b0670318795e5de235326

SHA256
72c5964d022c4c5ff642e1a3b07b2bd87d33fdcd85842d9d31e4cccdb404c5cc

SHA512
392161dce53b6e298f9f8903623830be44836151815952e7ed9e16205ec8c4bd4ed83d48964c4ab7150cffae775f9c8a3b494e226aafb5897168cb4b5d23c608

Download Submit
C:\Windows\System\VIagpbs.exe

Filesize
1.9MB

MD5
54efc6c89db6ae8f4dc5b1213094ca12

SHA1
4af331892927c5ca817fc5839850a75c6d10179a

SHA256
60949602f500444fe77c9adf967383a3f74306e05e4efa1c7f462cc9a11fac15

SHA512
787fb2513525b316dcd56b0b6dc3d98d7b80aedaff98911d76b289ef81e92dfffaaa718702f984fbc253e2a11fedcdbced33d5c731c560624767690b9ff63bbd

Download Submit
C:\Windows\System\XIOgTNR.exe

Filesize
1.9MB

MD5
7666b2a103d3aaf3424a95412745f894

SHA1
f6ec7a72d737a3a1155bade536d5849a205eb33c

SHA256
a5431831554b5dcd12227890626773b89e8e4c8cada028fc2b39dd96d3d5c1fe

SHA512
b3e7d89546a099ef675856ae2856180dcd914a461bc7d37b5fe607185e22f7a41e749cf71c6fe4aafb7a5d7c71d0e6a997c84e04c7844dd1aa0f405a171cb397

Download Submit
C:\Windows\System\bscbWPg.exe

Filesize
1.9MB

MD5
9d0421f037c542a8f1d759210db0615b

SHA1
4eec9e4eb735eed8fe8bcc5d66ef053b555b3537

SHA256
28d443800903c5f3daa6b79f1604a5d3216e638c4ebf94642a76f55a48f8d4e3

SHA512
74a6da79b0a592a04a44b2b6af73ae3c3520bc101bc6e870cbee9b1c4b2da4042073a90fba9843ae784aae2dc9a961fc6a8d284645cd112826d41ca1a1b3289b

Download Submit
C:\Windows\System\cPTqlKX.exe

Filesize
1.8MB

MD5
595379db035c6048dd8ba4d31d8c2fcd

SHA1
e8c4504f11dd9c08cef50f4866a26894b4885d34

SHA256
743f05352d095aecd9eda3d5d66d6b05162774b1c27f57665ac281756646b776

SHA512
97408d3be742f2ea636591c6668982845355dc11f6d26c56af2a80a2e807e5ff456639d3b37be374226bcec8300c118e54834b7332c5f0205ffd4e7c9e2dbdf0

Download Submit
C:\Windows\System\dMAbWdS.exe

Filesize
1.9MB

MD5
c481866a4c6eff6924986deaabe20360

SHA1
d786edca834ac19c00041184f1cff718a57025be

SHA256
dc3e54a4ef1f6823714630d8249183a9aa28073dad708a863b8cd34484310e63

SHA512
9964a1a93436566456e79c76a60c3f98a6addd8f1f0cbcb8543dac267d62d5f4c38ce2e0eaaa78d515554678fee66c9e411fef40dfe49f0d2d50a60268ad3757

Download Submit
C:\Windows\System\dPVzxwD.exe

Filesize
1.8MB

MD5
c697ce92a635cb23785f4a729605166f

SHA1
78678c84fd032e1ee873c3f14031bcd9525160e8

SHA256
6e42d2d5913701616e919bf0cc7a355ec2661dae7225d20f517f54f7d252dd63

SHA512
61429071293445e5cfd84753936c20e758ce3d38ecc0b361f1c140848977aa44f76601dfe98d6c9905fdf26ab07fb5423b0e4b04e04905b0044b9ff39eacd796

Download Submit
C:\Windows\System\fNDjKqH.exe

Filesize
1.9MB

MD5
af988e1bbaf01a2f0c2f60e8846ac04a

SHA1
7c765c36a876aaaed104926e4b47509dfa16e98e

SHA256
4a45c4134ced53a0e9f1461b3c0192d5a5751ce1e59a6df64126a8d5040da3b4

SHA512
5f6febeb28f420658abbb213afb482ea0581f528f4bdb6d3152ecbd2689a1c2ef3c5b932c239a0b19443674178066dbab33e00accbec875dfd922c8a002ec053

Download Submit
C:\Windows\System\hNvtWCS.exe

Filesize
1.9MB

MD5
99f81ad9e0a17d4513abcd5eaedfe021

SHA1
18c91a5d8908c145a986e6efaa1c378d9e8a1453

SHA256
95a1ca98643ab5740d590dc9e8d468e5c2f60599f89ab6e656221b8a2513ff41

SHA512
2023e8801f73a90c832fb4be7ca0937e3c99a65c90d47597b4e2c5a7bd254037efb3aa6bf9e46263c5c162a340ebcd95ccea558a388e62e7f854e4a60a5e410c

Download Submit
C:\Windows\System\jNywLhJ.exe

Filesize
1.9MB

MD5
266b7395e1b057165f5488e86996b36c

SHA1
98999cf988600bd93fa1997b19e5df886ed515d8

SHA256
f187513b6875befc11d85f8a817e93233b652a7d82842023dd3bc7535f6300f4

SHA512
3ba4680f4361b40cc67b2e121bf4ea347aad41ae96a341aa9e67d2a41647da82dd5936da4a01126819695233841d89fef6fecd0be29013d80ab1892cac5d200c

Download Submit
C:\Windows\System\kPcFKCQ.exe

Filesize
1.9MB

MD5
af08631782c3b9e7e341774c2e5476e8

SHA1
529f323b183f6b60c0df13d62239f54662a9f5e6

SHA256
31af47d7e61cfbc13099b24a7ece57ae9bc0c507acab39cfc5ed80ff87ef52bb

SHA512
a2b91edea7049ba254511152d6e33be4bd4438dc7d97f450e99e172894284ec000124a762f425c7d1cd9967ef66f17ca1261ada8c839c448af5163b1d87a9217

Download Submit
C:\Windows\System\lMipdEE.exe

Filesize
1.9MB

MD5
e5dd83d5c6a12feddb0d510b695cac7e

SHA1
61f3c5c05cab727d87323919f2a910e1d0da9ce5

SHA256
68325afffe3aa58b55fe334befc380a052d420b0bf110735a74e5673ee163564

SHA512
4ef4dc0ff7d7046c818c1d9ca3a7e82cbd702029649ba378a04934cfc5e5a65f89d6eb20fa92519e12f0b44acabe2fee60047675515e1ead05265c67e2996af1

Download Submit
C:\Windows\System\lSFThoM.exe

Filesize
1.9MB

MD5
72f45d2e4a5da25c1df69a0f54e7305b

SHA1
0a34f988b619455f0bce665f068f75dbaeada7b5

SHA256
a23a11ca3c77ecf4ebde97446ab70d91476d8379dfb0f67cddd7dfe0d45fc787

SHA512
baafd4539ad970eb99ce15dac8a5181fa575b68dda3807de3be36efe5a52815c69c3426fddd4bfd088f2337b30ae9755698fbf9fc26a2060ab612d67a7df84aa

Download Submit
C:\Windows\System\lWChzEX.exe

Filesize
1.9MB

MD5
a3792766a9f6bd1d444b76a4aac533bb

SHA1
150c2231c5bfa75d418541ecdc56c78afe15fb55

SHA256
26c3fc5898aceadb964d252e6d7dc164e314019eaacf689eb37dea55b2462c45

SHA512
6d8739957e5e601184275651deac0f456c0af3a96221f617b3fbdcbb71cad4142d1f3373eed373f0576635513204edbd3fdee5c7b839460ad6d0b757bd83024d

Download Submit
C:\Windows\System\mSlmmWp.exe

Filesize
1.9MB

MD5
b22135aac446cc9b9610f2e61ee23b62

SHA1
5d5521cc01b97e27743af735ca400a23b46f8d6b

SHA256
741535463e24a77aba444fa35ed6abf1ebd2d1ce11e846373ae836b52936aaa1

SHA512
b92cbe51b79abd13ce12c7ae8f98edcd3ae12045ac80c1800324de81815f1f16a96bf00025806e7e6bb38fe16026c359083d91626a886c16195b70f3f4425419

Download Submit
C:\Windows\System\pApmZem.exe

Filesize
1.9MB

MD5
c5f452c69544bb020ba720dff6573949

SHA1
5bbf2c4f57e9505c8bc8a00c33055f25851f07c4

SHA256
f3c0be59caa1296219bddb33263b659fd8e671c420b63a8964f082e09c4cab13

SHA512
c02c7c6b4eb7864d89d5458c1ccf44ed991377d5c85c4aaf5f130838b4acc987a4c04f4b118eeb37b168b9323eac99b942b9a6d147b3cd5b9bcf594bc30d9cbd

Download Submit
C:\Windows\System\plNAvTN.exe

Filesize
1.8MB

MD5
8581db23a4db29fa8a0a61d87882056a

SHA1
91df95c6964a42cdd6f4ba8fa9f62369bb75f217

SHA256
fa6e665870d473609cc727b07e759a581265fb1e7b8b0b6cd6ac6a00b34d461c

SHA512
b3a92cb9d21dad82da6ca6db549f2921eff12a9d7e81dc0c2422caf7c41685972fa605959a86a3660af6bd07496f198d381caef0fe2ccd45195ddd7958ce754a

Download Submit
C:\Windows\System\qgsxvgy.exe

Filesize
1.9MB

MD5
f1f3a97c60b045a1555bd0252c5b3a5f

SHA1
9caea41a9ade10cc27fc17c76c2f0d158bd8a2d4

SHA256
3481c5f7bff2fe01990bae14c04a5f6b4b54aa6b42e6f2c0847d33e74f3fad8e

SHA512
418796c8b880c158f47c3330f4e49725817fdba8e9dd265618ae29e006e0617237da1eba0f7673a9ebbb54df653e69f4ab14e5908f713da9dc8b8757062adbd0

Download Submit
C:\Windows\System\sDKfRLD.exe

Filesize
1.8MB

MD5
cdcb5470f2e1eabe834082b1107b77cb

SHA1
82391de80b1fb3eb0984f0fec8001395f3a3fd6f

SHA256
4c85f06cb06b4a87587f5772dacb726e34ea4ec22ae2267040403c945f46a8c9

SHA512
cb19d791b2315069abbaa6cd9a90ffebae9c8595efc1aae9c0b72612bbb238f43ee570c955d8c12d6c5998a1bcbc52669f0ffdd662344379d8625b44eb4880d6

Download Submit
C:\Windows\System\vckBflj.exe

Filesize
1.9MB

MD5
cc3d87e8a6d9fc24f23cfc991f11c4db

SHA1
18fd54e439d8fbb889f49db69bd13ad0c6500218

SHA256
c42f8146f63bc2b332cf37c1d9862c36726f04dfde79ceec3f4aa763db0c90c8

SHA512
bcc7de7234ab6ada04523c3e891d067a5ddd7fe54e224f901da101a0b9d28c912a13ee0c8ab2e79d9d514ded11bed2f688064f55c9dc0871a9cae0384b0d6765

Download Submit
C:\Windows\System\wGvBkGv.exe

Filesize
1.8MB

MD5
a651feba8f4ebf064cfa7a5d32163dd4

SHA1
6fbecdcc0a3d550334b32b6bc668c545da7210ab

SHA256
3d999fead8a596e82c62603033e2014e4e5eee955aca9d3f731ccb4aaec1f7d2

SHA512
e83c45c0102a17907fbbaec510f41e42f0946a89e1faaf387d4e6e758cb7ac5bd4cc84c2bef9d40a4fd8c5862373ea9508df3e6167a0a23f704dcdd3c23dd745

Download Submit
C:\Windows\System\zTYBuDt.exe

Filesize
1.9MB

MD5
008b891af1d45ac7067ec9e69a42d207

SHA1
782a2cb46a18dc88f6c44830b0cfd7106612a058

SHA256
e926c6b32363c90ce84c62f711c5e891eda2733b096d3f8fef00ff437207e07a

SHA512
638cea5c67a51c194c76a3b3708c8eae30a5da9ba62150b113e3bce12b0181614e09fdc396c091ddd2d256a0ac3916d7f039c5b1ba704a8536fc9efec3b5ac02

Download Submit
memory/760-5685-0x00007FF6733D0000-0x00007FF6737C2000-memory.dmp

Filesize
3.9MB

Download
memory/760-342-0x00007FF6733D0000-0x00007FF6737C2000-memory.dmp

Filesize
3.9MB

Download
memory/1092-391-0x000001B73A200000-0x000001B73A222000-memory.dmp

Filesize
136KB

Download
memory/1092-349-0x00007FFF0F370000-0x00007FFF0FE31000-memory.dmp

Filesize
10.8MB

Download
memory/1092-2499-0x000001B73B280000-0x000001B73BA26000-memory.dmp

Filesize
7.6MB

Download
memory/1092-77-0x000001B73A260000-0x000001B73A270000-memory.dmp

Filesize
64KB

Download
memory/1408-5673-0x00007FF766F50000-0x00007FF767342000-memory.dmp

Filesize
3.9MB

Download
memory/1408-184-0x00007FF766F50000-0x00007FF767342000-memory.dmp

Filesize
3.9MB

Download
memory/1424-5656-0x00007FF677350000-0x00007FF677742000-memory.dmp

Filesize
3.9MB

Download
memory/1424-244-0x00007FF677350000-0x00007FF677742000-memory.dmp

Filesize
3.9MB

Download
memory/1452-348-0x00007FF7A8AF0000-0x00007FF7A8EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1452-5731-0x00007FF7A8AF0000-0x00007FF7A8EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1752-351-0x00007FF763DE0000-0x00007FF7641D2000-memory.dmp

Filesize
3.9MB

Download
memory/1752-5639-0x00007FF763DE0000-0x00007FF7641D2000-memory.dmp

Filesize
3.9MB

Download
memory/1952-293-0x00007FF70F980000-0x00007FF70FD72000-memory.dmp

Filesize
3.9MB

Download
memory/1952-5679-0x00007FF70F980000-0x00007FF70FD72000-memory.dmp

Filesize
3.9MB

Download
memory/2032-298-0x00007FF753750000-0x00007FF753B42000-memory.dmp

Filesize
3.9MB

Download
memory/2032-5713-0x00007FF753750000-0x00007FF753B42000-memory.dmp

Filesize
3.9MB

Download
memory/2368-1-0x000002B962BB0000-0x000002B962BC0000-memory.dmp

Filesize
64KB

Download
memory/2368-0-0x00007FF607AF0000-0x00007FF607EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2908-343-0x00007FF6D3B40000-0x00007FF6D3F32000-memory.dmp

Filesize
3.9MB

Download
memory/2908-5687-0x00007FF6D3B40000-0x00007FF6D3F32000-memory.dmp

Filesize
3.9MB

Download
memory/3084-180-0x00007FF679610000-0x00007FF679A02000-memory.dmp

Filesize
3.9MB

Download
memory/3084-5675-0x00007FF679610000-0x00007FF679A02000-memory.dmp

Filesize
3.9MB

Download
memory/3248-46-0x00007FF6698E0000-0x00007FF669CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3248-5653-0x00007FF6698E0000-0x00007FF669CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3264-5643-0x00007FF7DA5E0000-0x00007FF7DA9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3264-74-0x00007FF7DA5E0000-0x00007FF7DA9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3352-340-0x00007FF6D65E0000-0x00007FF6D69D2000-memory.dmp

Filesize
3.9MB

Download
memory/3352-5716-0x00007FF6D65E0000-0x00007FF6D69D2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-5651-0x00007FF649780000-0x00007FF649B72000-memory.dmp

Filesize
3.9MB

Download
memory/3412-5156-0x00007FF649780000-0x00007FF649B72000-memory.dmp

Filesize
3.9MB

Download
memory/3412-78-0x00007FF649780000-0x00007FF649B72000-memory.dmp

Filesize
3.9MB

Download
memory/3456-5696-0x00007FF7BD260000-0x00007FF7BD652000-memory.dmp

Filesize
3.9MB

Download
memory/3456-345-0x00007FF7BD260000-0x00007FF7BD652000-memory.dmp

Filesize
3.9MB

Download
memory/4296-5626-0x00007FF63E5D0000-0x00007FF63E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4296-21-0x00007FF63E5D0000-0x00007FF63E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4472-5719-0x00007FF6ED340000-0x00007FF6ED732000-memory.dmp

Filesize
3.9MB

Download
memory/4472-347-0x00007FF6ED340000-0x00007FF6ED732000-memory.dmp

Filesize
3.9MB

Download
memory/4484-346-0x00007FF6902F0000-0x00007FF6906E2000-memory.dmp

Filesize
3.9MB

Download
memory/4484-5705-0x00007FF6902F0000-0x00007FF6906E2000-memory.dmp

Filesize
3.9MB

Download
memory/4784-5634-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp

Filesize
3.9MB

Download
memory/4784-350-0x00007FF7B74B0000-0x00007FF7B78A2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-5665-0x00007FF622A20000-0x00007FF622E12000-memory.dmp

Filesize
3.9MB

Download
memory/4916-128-0x00007FF622A20000-0x00007FF622E12000-memory.dmp

Filesize
3.9MB

Download
memory/4968-5618-0x00007FF73F420000-0x00007FF73F812000-memory.dmp

Filesize
3.9MB

Download
memory/4968-10-0x00007FF73F420000-0x00007FF73F812000-memory.dmp

Filesize
3.9MB

Download
memory/5076-5691-0x00007FF7B4930000-0x00007FF7B4D22000-memory.dmp

Filesize
3.9MB

Download
memory/5076-344-0x00007FF7B4930000-0x00007FF7B4D22000-memory.dmp

Filesize
3.9MB

Download