xmrig | b9d8a7ed925a777ce176c0b0387085a86ad510d7e8c199bb3a8a644a5deebae3

Analysis

max time kernel
137s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 06:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
Size

1.8MB
MD5

0b486d9809a1e7fe7f15fece03f1309c
SHA1

25c1abfa66736622c1c191193d6a8d3553097e81
SHA256

b9d8a7ed925a777ce176c0b0387085a86ad510d7e8c199bb3a8a644a5deebae3
SHA512

5f39f88c157a2c30dcdb95686cb8ccec42d35256f2049dbffb55ca323ef4acc56cb7d989ccca50ebbc8ba44f8b8e71fcf7342a6260ca9e7fb7751d512a792222
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrI5y:NABc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/3348-136-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp	xmrig
behavioral2/memory/3044-241-0x00007FF63C250000-0x00007FF63C642000-memory.dmp	xmrig
behavioral2/memory/5076-264-0x00007FF69F7E0000-0x00007FF69FBD2000-memory.dmp	xmrig
behavioral2/memory/4928-277-0x00007FF73B8E0000-0x00007FF73BCD2000-memory.dmp	xmrig
behavioral2/memory/4568-284-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp	xmrig
behavioral2/memory/2252-285-0x00007FF629EA0000-0x00007FF62A292000-memory.dmp	xmrig
behavioral2/memory/1872-283-0x00007FF70E110000-0x00007FF70E502000-memory.dmp	xmrig
behavioral2/memory/2464-282-0x00007FF784580000-0x00007FF784972000-memory.dmp	xmrig
behavioral2/memory/996-281-0x00007FF684290000-0x00007FF684682000-memory.dmp	xmrig
behavioral2/memory/3984-280-0x00007FF67FCB0000-0x00007FF6800A2000-memory.dmp	xmrig
behavioral2/memory/4116-278-0x00007FF737DF0000-0x00007FF7381E2000-memory.dmp	xmrig
behavioral2/memory/3804-276-0x00007FF701E50000-0x00007FF702242000-memory.dmp	xmrig
behavioral2/memory/1476-275-0x00007FF620540000-0x00007FF620932000-memory.dmp	xmrig
behavioral2/memory/5016-257-0x00007FF7C0600000-0x00007FF7C09F2000-memory.dmp	xmrig
behavioral2/memory/3852-253-0x00007FF7F6970000-0x00007FF7F6D62000-memory.dmp	xmrig
behavioral2/memory/3968-238-0x00007FF7BFE60000-0x00007FF7C0252000-memory.dmp	xmrig
behavioral2/memory/3124-212-0x00007FF6FFE70000-0x00007FF700262000-memory.dmp	xmrig
behavioral2/memory/5048-189-0x00007FF67D0A0000-0x00007FF67D492000-memory.dmp	xmrig
behavioral2/memory/4400-170-0x00007FF708C90000-0x00007FF709082000-memory.dmp	xmrig
behavioral2/memory/3932-117-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp	xmrig
behavioral2/memory/2852-23-0x00007FF639590000-0x00007FF639982000-memory.dmp	xmrig
behavioral2/memory/1348-3230-0x00007FF7A7030000-0x00007FF7A7422000-memory.dmp	xmrig
behavioral2/memory/2852-3296-0x00007FF639590000-0x00007FF639982000-memory.dmp	xmrig
behavioral2/memory/3348-3298-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp	xmrig
behavioral2/memory/4400-3306-0x00007FF708C90000-0x00007FF709082000-memory.dmp	xmrig
behavioral2/memory/3932-3304-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp	xmrig
behavioral2/memory/1872-3300-0x00007FF70E110000-0x00007FF70E502000-memory.dmp	xmrig
behavioral2/memory/4568-3302-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp	xmrig
behavioral2/memory/3044-3310-0x00007FF63C250000-0x00007FF63C642000-memory.dmp	xmrig
behavioral2/memory/5048-3312-0x00007FF67D0A0000-0x00007FF67D492000-memory.dmp	xmrig
behavioral2/memory/1476-3328-0x00007FF620540000-0x00007FF620932000-memory.dmp	xmrig
behavioral2/memory/3984-3330-0x00007FF67FCB0000-0x00007FF6800A2000-memory.dmp	xmrig
behavioral2/memory/4928-3326-0x00007FF73B8E0000-0x00007FF73BCD2000-memory.dmp	xmrig
behavioral2/memory/2252-3324-0x00007FF629EA0000-0x00007FF62A292000-memory.dmp	xmrig
behavioral2/memory/5016-3318-0x00007FF7C0600000-0x00007FF7C09F2000-memory.dmp	xmrig
behavioral2/memory/3968-3316-0x00007FF7BFE60000-0x00007FF7C0252000-memory.dmp	xmrig
behavioral2/memory/3804-3314-0x00007FF701E50000-0x00007FF702242000-memory.dmp	xmrig
behavioral2/memory/5076-3322-0x00007FF69F7E0000-0x00007FF69FBD2000-memory.dmp	xmrig
behavioral2/memory/3852-3320-0x00007FF7F6970000-0x00007FF7F6D62000-memory.dmp	xmrig
behavioral2/memory/3124-3308-0x00007FF6FFE70000-0x00007FF700262000-memory.dmp	xmrig
behavioral2/memory/996-3333-0x00007FF684290000-0x00007FF684682000-memory.dmp	xmrig
behavioral2/memory/4116-3339-0x00007FF737DF0000-0x00007FF7381E2000-memory.dmp	xmrig
behavioral2/memory/2464-3337-0x00007FF784580000-0x00007FF784972000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
9	4340	powershell.exe
11	4340	powershell.exe
13	4340	powershell.exe
14	4340	powershell.exe
16	4340	powershell.exe
17	4340	powershell.exe
18	4340	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2852	fCbVLYU.exe
3932	XeFthLy.exe
1872	HKzWcid.exe
3348	PykUJSF.exe
4400	UDAHwDb.exe
5048	RDqNBoV.exe
4568	insaCvy.exe
3124	Gvxfryl.exe
3968	EQOznFC.exe
3044	ZaTRpNi.exe
3852	LFZMFwh.exe
5016	VecZpwU.exe
5076	VaUBfXT.exe
1476	VYwxRny.exe
3804	gljSfzU.exe
2252	NRoMmmO.exe
4928	nUBigOn.exe
4116	XGtQUwT.exe
3984	yZlxhQs.exe
996	CNxBDHk.exe
2464	uFuhojU.exe
3912	MCrQHYf.exe
4968	MstfZZG.exe
1688	bmTSJzD.exe
4460	ejZdkkF.exe
548	rXVuMne.exe
4300	xnMCfwU.exe
2868	XFedfXx.exe
1552	mpkUOtM.exe
552	xBcstKC.exe
1352	jmRTvff.exe
3160	WlKslHK.exe
1564	hkeWuVm.exe
4824	MpqaUjx.exe
4076	CFRRVNH.exe
3724	ArGuMrn.exe
3480	BfkTXvK.exe
4596	BYpmSYa.exe
2228	SsaAgHk.exe
3484	CArNCEV.exe
1252	SKUAULH.exe
4304	vlpVulO.exe
2016	orlyogP.exe
636	yOsifUz.exe
3884	ZWHAUeI.exe
4424	xllyRgG.exe
4360	JiFvxAT.exe
4780	NgPJyYr.exe
2864	gENHQGM.exe
1264	smQQyGD.exe
4288	ZIJwtCw.exe
4432	BPJaAia.exe
3032	lJPHQDr.exe
1812	FqqOCNn.exe
2176	hJGgORg.exe
3688	gYFTxWo.exe
4452	wevKdYS.exe
3684	YsKNnmu.exe
540	KEcxbHt.exe
4448	KJEUFdL.exe
532	azODKYR.exe
4812	ugfFUab.exe
4688	qcavtAd.exe
2172	UqBDdwf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1348-0-0x00007FF7A7030000-0x00007FF7A7422000-memory.dmp	upx
behavioral2/files/0x000b000000023b9c-10.dat	upx
behavioral2/files/0x000a000000023ba2-35.dat	upx
behavioral2/files/0x000a000000023ba9-70.dat	upx
behavioral2/memory/3348-136-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp	upx
behavioral2/files/0x000a000000023bbc-171.dat	upx
behavioral2/memory/3044-241-0x00007FF63C250000-0x00007FF63C642000-memory.dmp	upx
behavioral2/memory/5076-264-0x00007FF69F7E0000-0x00007FF69FBD2000-memory.dmp	upx
behavioral2/memory/4928-277-0x00007FF73B8E0000-0x00007FF73BCD2000-memory.dmp	upx
behavioral2/memory/4568-284-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp	upx
behavioral2/memory/2252-285-0x00007FF629EA0000-0x00007FF62A292000-memory.dmp	upx
behavioral2/memory/1872-283-0x00007FF70E110000-0x00007FF70E502000-memory.dmp	upx
behavioral2/memory/2464-282-0x00007FF784580000-0x00007FF784972000-memory.dmp	upx
behavioral2/memory/996-281-0x00007FF684290000-0x00007FF684682000-memory.dmp	upx
behavioral2/memory/3984-280-0x00007FF67FCB0000-0x00007FF6800A2000-memory.dmp	upx
behavioral2/memory/4116-278-0x00007FF737DF0000-0x00007FF7381E2000-memory.dmp	upx
behavioral2/memory/3804-276-0x00007FF701E50000-0x00007FF702242000-memory.dmp	upx
behavioral2/memory/1476-275-0x00007FF620540000-0x00007FF620932000-memory.dmp	upx
behavioral2/memory/5016-257-0x00007FF7C0600000-0x00007FF7C09F2000-memory.dmp	upx
behavioral2/memory/3852-253-0x00007FF7F6970000-0x00007FF7F6D62000-memory.dmp	upx
behavioral2/memory/3968-238-0x00007FF7BFE60000-0x00007FF7C0252000-memory.dmp	upx
behavioral2/memory/3124-212-0x00007FF6FFE70000-0x00007FF700262000-memory.dmp	upx
behavioral2/memory/5048-189-0x00007FF67D0A0000-0x00007FF67D492000-memory.dmp	upx
behavioral2/files/0x000a000000023bb9-185.dat	upx
behavioral2/files/0x000a000000023bbe-184.dat	upx
behavioral2/files/0x000b000000023b9a-183.dat	upx
behavioral2/files/0x0031000000023bb6-179.dat	upx
behavioral2/memory/4400-170-0x00007FF708C90000-0x00007FF709082000-memory.dmp	upx
behavioral2/files/0x000a000000023bb2-160.dat	upx
behavioral2/files/0x000a000000023bb0-149.dat	upx
behavioral2/files/0x0031000000023bb5-147.dat	upx
behavioral2/files/0x0031000000023bb4-146.dat	upx
behavioral2/files/0x000a000000023bb3-145.dat	upx
behavioral2/files/0x000a000000023baf-142.dat	upx
behavioral2/files/0x000a000000023bae-141.dat	upx
behavioral2/files/0x000a000000023bbb-140.dat	upx
behavioral2/files/0x000a000000023bad-135.dat	upx
behavioral2/files/0x000a000000023bb8-131.dat	upx
behavioral2/files/0x000a000000023bb7-130.dat	upx
behavioral2/files/0x000a000000023bb1-150.dat	upx
behavioral2/files/0x000a000000023bba-139.dat	upx
behavioral2/memory/3932-117-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-113.dat	upx
behavioral2/files/0x000a000000023bab-109.dat	upx
behavioral2/files/0x000a000000023ba8-102.dat	upx
behavioral2/files/0x000a000000023ba7-90.dat	upx
behavioral2/files/0x000a000000023ba6-82.dat	upx
behavioral2/files/0x000a000000023baa-77.dat	upx
behavioral2/files/0x000a000000023ba4-66.dat	upx
behavioral2/files/0x000a000000023ba3-54.dat	upx
behavioral2/files/0x000a000000023ba1-52.dat	upx
behavioral2/files/0x000a000000023ba5-59.dat	upx
behavioral2/files/0x000a000000023ba0-30.dat	upx
behavioral2/files/0x000a000000023b9d-29.dat	upx
behavioral2/files/0x000a000000023b9e-40.dat	upx
behavioral2/memory/2852-23-0x00007FF639590000-0x00007FF639982000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-19.dat	upx
behavioral2/memory/1348-3230-0x00007FF7A7030000-0x00007FF7A7422000-memory.dmp	upx
behavioral2/memory/2852-3296-0x00007FF639590000-0x00007FF639982000-memory.dmp	upx
behavioral2/memory/3348-3298-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp	upx
behavioral2/memory/4400-3306-0x00007FF708C90000-0x00007FF709082000-memory.dmp	upx
behavioral2/memory/3932-3304-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp	upx
behavioral2/memory/1872-3300-0x00007FF70E110000-0x00007FF70E502000-memory.dmp	upx
behavioral2/memory/4568-3302-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\psxwuDA.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\rWwDYTq.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\asdcAXe.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\mdgwMkS.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\eLAIeFy.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\ZVShxFH.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\qAuezKe.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\gLJEcRb.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\XmpFTmf.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\yUIxJBS.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\UQudKTH.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\DGrOHRE.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\AidhLyT.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\RleaDoA.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\cftVjCR.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\lcgiqNT.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\vdaybIn.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\PhaoEpy.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\oBwUoRT.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\ZjjUiXO.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\OkQyCQi.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\KWnJQwU.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\knvQylF.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\dbKUSSX.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\BeuiftT.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\pdsVtxR.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\iNxEtnr.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\pNUjiTp.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\beDhroS.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\rGoBKid.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\TSonUHY.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\menjwUE.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\oLxWlkz.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\AnInjxN.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\roRCylF.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\ykKuWPl.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\gZInklZ.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\RNqOcuM.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\rJVbyDY.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\FAwhqKQ.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\EdgdAhP.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\VBGnGeC.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\UkQMXUk.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\LImDFdB.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\PwcEDvB.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\qzOxZLl.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\zXXOlac.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\UtvmqaV.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\GOynEZc.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\zTywwgr.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\WyODUss.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\BRqEGwT.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\YewsQXB.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\fRyaphD.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\YpoInlJ.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\RdaZItE.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\GShiriU.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\VdzVODD.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\QPrfKNy.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\clGXmGj.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\JxFnSDV.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\HSliOda.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\ZAwtbng.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
File created	C:\Windows\System\TjpZZls.exe	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4340	powershell.exe
4340	powershell.exe
4340	powershell.exe
4340	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4340	powershell.exe
Token: SeLockMemoryPrivilege	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	13636	dwm.exe
Token: SeChangeNotifyPrivilege	13636	dwm.exe
Token: 33	13636	dwm.exe
Token: SeIncBasePriorityPrivilege	13636	dwm.exe
Token: SeShutdownPrivilege	13636	dwm.exe
Token: SeCreatePagefilePrivilege	13636	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 4340	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	85
PID 1348 wrote to memory of 4340	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	85
PID 1348 wrote to memory of 2852	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	86
PID 1348 wrote to memory of 2852	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	86
PID 1348 wrote to memory of 3932	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	87
PID 1348 wrote to memory of 3932	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	87
PID 1348 wrote to memory of 1872	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	88
PID 1348 wrote to memory of 1872	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	88
PID 1348 wrote to memory of 3348	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	89
PID 1348 wrote to memory of 3348	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	89
PID 1348 wrote to memory of 4400	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	90
PID 1348 wrote to memory of 4400	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	90
PID 1348 wrote to memory of 5048	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	91
PID 1348 wrote to memory of 5048	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	91
PID 1348 wrote to memory of 4568	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	92
PID 1348 wrote to memory of 4568	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	92
PID 1348 wrote to memory of 3124	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	93
PID 1348 wrote to memory of 3124	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	93
PID 1348 wrote to memory of 3968	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	94
PID 1348 wrote to memory of 3968	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	94
PID 1348 wrote to memory of 3044	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	95
PID 1348 wrote to memory of 3044	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	95
PID 1348 wrote to memory of 3852	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	96
PID 1348 wrote to memory of 3852	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	96
PID 1348 wrote to memory of 5016	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	97
PID 1348 wrote to memory of 5016	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	97
PID 1348 wrote to memory of 5076	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	98
PID 1348 wrote to memory of 5076	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	98
PID 1348 wrote to memory of 1476	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	99
PID 1348 wrote to memory of 1476	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	99
PID 1348 wrote to memory of 3804	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	100
PID 1348 wrote to memory of 3804	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	100
PID 1348 wrote to memory of 2252	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	101
PID 1348 wrote to memory of 2252	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	101
PID 1348 wrote to memory of 4928	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	102
PID 1348 wrote to memory of 4928	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	102
PID 1348 wrote to memory of 4116	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	103
PID 1348 wrote to memory of 4116	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	103
PID 1348 wrote to memory of 3984	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	104
PID 1348 wrote to memory of 3984	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	104
PID 1348 wrote to memory of 996	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	105
PID 1348 wrote to memory of 996	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	105
PID 1348 wrote to memory of 548	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	106
PID 1348 wrote to memory of 548	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	106
PID 1348 wrote to memory of 2464	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	107
PID 1348 wrote to memory of 2464	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	107
PID 1348 wrote to memory of 3912	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	108
PID 1348 wrote to memory of 3912	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	108
PID 1348 wrote to memory of 4968	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	109
PID 1348 wrote to memory of 4968	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	109
PID 1348 wrote to memory of 1688	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	110
PID 1348 wrote to memory of 1688	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	110
PID 1348 wrote to memory of 4460	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	111
PID 1348 wrote to memory of 4460	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	111
PID 1348 wrote to memory of 4300	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	112
PID 1348 wrote to memory of 4300	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	112
PID 1348 wrote to memory of 2868	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	113
PID 1348 wrote to memory of 2868	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	113
PID 1348 wrote to memory of 1552	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	114
PID 1348 wrote to memory of 1552	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	114
PID 1348 wrote to memory of 552	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	115
PID 1348 wrote to memory of 552	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	115
PID 1348 wrote to memory of 1352	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	116
PID 1348 wrote to memory of 1352	1348	0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0b486d9809a1e7fe7f15fece03f1309c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4340
- C:\Windows\System\fCbVLYU.exe
  C:\Windows\System\fCbVLYU.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\XeFthLy.exe
  C:\Windows\System\XeFthLy.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\HKzWcid.exe
  C:\Windows\System\HKzWcid.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\PykUJSF.exe
  C:\Windows\System\PykUJSF.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\UDAHwDb.exe
  C:\Windows\System\UDAHwDb.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\RDqNBoV.exe
  C:\Windows\System\RDqNBoV.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\insaCvy.exe
  C:\Windows\System\insaCvy.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\Gvxfryl.exe
  C:\Windows\System\Gvxfryl.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\EQOznFC.exe
  C:\Windows\System\EQOznFC.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\ZaTRpNi.exe
  C:\Windows\System\ZaTRpNi.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\LFZMFwh.exe
  C:\Windows\System\LFZMFwh.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\VecZpwU.exe
  C:\Windows\System\VecZpwU.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\VaUBfXT.exe
  C:\Windows\System\VaUBfXT.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\VYwxRny.exe
  C:\Windows\System\VYwxRny.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\gljSfzU.exe
  C:\Windows\System\gljSfzU.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\NRoMmmO.exe
  C:\Windows\System\NRoMmmO.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\nUBigOn.exe
  C:\Windows\System\nUBigOn.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XGtQUwT.exe
  C:\Windows\System\XGtQUwT.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\yZlxhQs.exe
  C:\Windows\System\yZlxhQs.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\CNxBDHk.exe
  C:\Windows\System\CNxBDHk.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\rXVuMne.exe
  C:\Windows\System\rXVuMne.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\uFuhojU.exe
  C:\Windows\System\uFuhojU.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\MCrQHYf.exe
  C:\Windows\System\MCrQHYf.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\MstfZZG.exe
  C:\Windows\System\MstfZZG.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\bmTSJzD.exe
  C:\Windows\System\bmTSJzD.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ejZdkkF.exe
  C:\Windows\System\ejZdkkF.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\xnMCfwU.exe
  C:\Windows\System\xnMCfwU.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\XFedfXx.exe
  C:\Windows\System\XFedfXx.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\mpkUOtM.exe
  C:\Windows\System\mpkUOtM.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\xBcstKC.exe
  C:\Windows\System\xBcstKC.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\jmRTvff.exe
  C:\Windows\System\jmRTvff.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\WlKslHK.exe
  C:\Windows\System\WlKslHK.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\hkeWuVm.exe
  C:\Windows\System\hkeWuVm.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\orlyogP.exe
  C:\Windows\System\orlyogP.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\MpqaUjx.exe
  C:\Windows\System\MpqaUjx.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\CFRRVNH.exe
  C:\Windows\System\CFRRVNH.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\ArGuMrn.exe
  C:\Windows\System\ArGuMrn.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\BfkTXvK.exe
  C:\Windows\System\BfkTXvK.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\BYpmSYa.exe
  C:\Windows\System\BYpmSYa.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\SsaAgHk.exe
  C:\Windows\System\SsaAgHk.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\CArNCEV.exe
  C:\Windows\System\CArNCEV.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\SKUAULH.exe
  C:\Windows\System\SKUAULH.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\vlpVulO.exe
  C:\Windows\System\vlpVulO.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\yOsifUz.exe
  C:\Windows\System\yOsifUz.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\ZWHAUeI.exe
  C:\Windows\System\ZWHAUeI.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\xllyRgG.exe
  C:\Windows\System\xllyRgG.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\JiFvxAT.exe
  C:\Windows\System\JiFvxAT.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\NgPJyYr.exe
  C:\Windows\System\NgPJyYr.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\gENHQGM.exe
  C:\Windows\System\gENHQGM.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\smQQyGD.exe
  C:\Windows\System\smQQyGD.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ZIJwtCw.exe
  C:\Windows\System\ZIJwtCw.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\BPJaAia.exe
  C:\Windows\System\BPJaAia.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\lJPHQDr.exe
  C:\Windows\System\lJPHQDr.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\FqqOCNn.exe
  C:\Windows\System\FqqOCNn.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\hJGgORg.exe
  C:\Windows\System\hJGgORg.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\gYFTxWo.exe
  C:\Windows\System\gYFTxWo.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\wevKdYS.exe
  C:\Windows\System\wevKdYS.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\YsKNnmu.exe
  C:\Windows\System\YsKNnmu.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\KEcxbHt.exe
  C:\Windows\System\KEcxbHt.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\KJEUFdL.exe
  C:\Windows\System\KJEUFdL.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\azODKYR.exe
  C:\Windows\System\azODKYR.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\ugfFUab.exe
  C:\Windows\System\ugfFUab.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\qcavtAd.exe
  C:\Windows\System\qcavtAd.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\UqBDdwf.exe
  C:\Windows\System\UqBDdwf.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RbKsLFf.exe
  C:\Windows\System\RbKsLFf.exe
  2⤵
  PID:5040
- C:\Windows\System\yEwGSbO.exe
  C:\Windows\System\yEwGSbO.exe
  2⤵
  PID:2524
- C:\Windows\System\oaNMWJI.exe
  C:\Windows\System\oaNMWJI.exe
  2⤵
  PID:4356
- C:\Windows\System\nNIqOvz.exe
  C:\Windows\System\nNIqOvz.exe
  2⤵
  PID:624
- C:\Windows\System\ONaSwAO.exe
  C:\Windows\System\ONaSwAO.exe
  2⤵
  PID:1164
- C:\Windows\System\OkQyCQi.exe
  C:\Windows\System\OkQyCQi.exe
  2⤵
  PID:2460
- C:\Windows\System\ZAwtbng.exe
  C:\Windows\System\ZAwtbng.exe
  2⤵
  PID:3232
- C:\Windows\System\OVbOawV.exe
  C:\Windows\System\OVbOawV.exe
  2⤵
  PID:2296
- C:\Windows\System\DRckZkE.exe
  C:\Windows\System\DRckZkE.exe
  2⤵
  PID:2624
- C:\Windows\System\uCxyukJ.exe
  C:\Windows\System\uCxyukJ.exe
  2⤵
  PID:3024
- C:\Windows\System\wnjlcSy.exe
  C:\Windows\System\wnjlcSy.exe
  2⤵
  PID:3432
- C:\Windows\System\vZdzeaz.exe
  C:\Windows\System\vZdzeaz.exe
  2⤵
  PID:4548
- C:\Windows\System\SwMfwix.exe
  C:\Windows\System\SwMfwix.exe
  2⤵
  PID:4312
- C:\Windows\System\BwSsrkh.exe
  C:\Windows\System\BwSsrkh.exe
  2⤵
  PID:1268
- C:\Windows\System\tBbGrfn.exe
  C:\Windows\System\tBbGrfn.exe
  2⤵
  PID:3648
- C:\Windows\System\TjpZZls.exe
  C:\Windows\System\TjpZZls.exe
  2⤵
  PID:5108
- C:\Windows\System\UzjLDPa.exe
  C:\Windows\System\UzjLDPa.exe
  2⤵
  PID:4440
- C:\Windows\System\AcUpwfc.exe
  C:\Windows\System\AcUpwfc.exe
  2⤵
  PID:4540
- C:\Windows\System\MbZZscG.exe
  C:\Windows\System\MbZZscG.exe
  2⤵
  PID:3236
- C:\Windows\System\GHPaJaN.exe
  C:\Windows\System\GHPaJaN.exe
  2⤵
  PID:1420
- C:\Windows\System\bUmRatc.exe
  C:\Windows\System\bUmRatc.exe
  2⤵
  PID:4948
- C:\Windows\System\WyODUss.exe
  C:\Windows\System\WyODUss.exe
  2⤵
  PID:2084
- C:\Windows\System\vtHlDxa.exe
  C:\Windows\System\vtHlDxa.exe
  2⤵
  PID:5032
- C:\Windows\System\TekPrNm.exe
  C:\Windows\System\TekPrNm.exe
  2⤵
  PID:3552
- C:\Windows\System\dGkVPfi.exe
  C:\Windows\System\dGkVPfi.exe
  2⤵
  PID:4296
- C:\Windows\System\LccEGMK.exe
  C:\Windows\System\LccEGMK.exe
  2⤵
  PID:5136
- C:\Windows\System\mRwgKha.exe
  C:\Windows\System\mRwgKha.exe
  2⤵
  PID:5164
- C:\Windows\System\oSTljXB.exe
  C:\Windows\System\oSTljXB.exe
  2⤵
  PID:5188
- C:\Windows\System\NLtmuLv.exe
  C:\Windows\System\NLtmuLv.exe
  2⤵
  PID:5216
- C:\Windows\System\MPbirMd.exe
  C:\Windows\System\MPbirMd.exe
  2⤵
  PID:5240
- C:\Windows\System\TPldeXx.exe
  C:\Windows\System\TPldeXx.exe
  2⤵
  PID:5260
- C:\Windows\System\idyUeLn.exe
  C:\Windows\System\idyUeLn.exe
  2⤵
  PID:5276
- C:\Windows\System\aztrhcX.exe
  C:\Windows\System\aztrhcX.exe
  2⤵
  PID:5324
- C:\Windows\System\OXiCGIh.exe
  C:\Windows\System\OXiCGIh.exe
  2⤵
  PID:5340
- C:\Windows\System\RLfqSuT.exe
  C:\Windows\System\RLfqSuT.exe
  2⤵
  PID:5372
- C:\Windows\System\pVWwNQr.exe
  C:\Windows\System\pVWwNQr.exe
  2⤵
  PID:5404
- C:\Windows\System\EtXaGtH.exe
  C:\Windows\System\EtXaGtH.exe
  2⤵
  PID:5420
- C:\Windows\System\YQqpjhw.exe
  C:\Windows\System\YQqpjhw.exe
  2⤵
  PID:5444
- C:\Windows\System\GwkHwQE.exe
  C:\Windows\System\GwkHwQE.exe
  2⤵
  PID:5468
- C:\Windows\System\SoCGsAn.exe
  C:\Windows\System\SoCGsAn.exe
  2⤵
  PID:5488
- C:\Windows\System\VZcEavH.exe
  C:\Windows\System\VZcEavH.exe
  2⤵
  PID:5516
- C:\Windows\System\xueRQUf.exe
  C:\Windows\System\xueRQUf.exe
  2⤵
  PID:5536
- C:\Windows\System\xGjbjYH.exe
  C:\Windows\System\xGjbjYH.exe
  2⤵
  PID:5564
- C:\Windows\System\gUDvFuh.exe
  C:\Windows\System\gUDvFuh.exe
  2⤵
  PID:5584
- C:\Windows\System\tOtYJIS.exe
  C:\Windows\System\tOtYJIS.exe
  2⤵
  PID:5604
- C:\Windows\System\mADVAlk.exe
  C:\Windows\System\mADVAlk.exe
  2⤵
  PID:5636
- C:\Windows\System\lmCJhmg.exe
  C:\Windows\System\lmCJhmg.exe
  2⤵
  PID:5660
- C:\Windows\System\oqHmHIR.exe
  C:\Windows\System\oqHmHIR.exe
  2⤵
  PID:5676
- C:\Windows\System\bEJKWJZ.exe
  C:\Windows\System\bEJKWJZ.exe
  2⤵
  PID:5700
- C:\Windows\System\JidYuIu.exe
  C:\Windows\System\JidYuIu.exe
  2⤵
  PID:5728
- C:\Windows\System\KwrzERh.exe
  C:\Windows\System\KwrzERh.exe
  2⤵
  PID:5748
- C:\Windows\System\risxhLc.exe
  C:\Windows\System\risxhLc.exe
  2⤵
  PID:5768
- C:\Windows\System\rWwDYTq.exe
  C:\Windows\System\rWwDYTq.exe
  2⤵
  PID:5788
- C:\Windows\System\eBHOZjS.exe
  C:\Windows\System\eBHOZjS.exe
  2⤵
  PID:5812
- C:\Windows\System\kXIIbij.exe
  C:\Windows\System\kXIIbij.exe
  2⤵
  PID:5828
- C:\Windows\System\joKGPqf.exe
  C:\Windows\System\joKGPqf.exe
  2⤵
  PID:5852
- C:\Windows\System\KWnJQwU.exe
  C:\Windows\System\KWnJQwU.exe
  2⤵
  PID:5876
- C:\Windows\System\qFUsWOX.exe
  C:\Windows\System\qFUsWOX.exe
  2⤵
  PID:5892
- C:\Windows\System\IiPspef.exe
  C:\Windows\System\IiPspef.exe
  2⤵
  PID:5916
- C:\Windows\System\nRUwPwq.exe
  C:\Windows\System\nRUwPwq.exe
  2⤵
  PID:5940
- C:\Windows\System\tzdriYa.exe
  C:\Windows\System\tzdriYa.exe
  2⤵
  PID:5964
- C:\Windows\System\mCxjLwi.exe
  C:\Windows\System\mCxjLwi.exe
  2⤵
  PID:5984
- C:\Windows\System\UvWosSZ.exe
  C:\Windows\System\UvWosSZ.exe
  2⤵
  PID:6016
- C:\Windows\System\tiBARxG.exe
  C:\Windows\System\tiBARxG.exe
  2⤵
  PID:6044
- C:\Windows\System\YqzfeKm.exe
  C:\Windows\System\YqzfeKm.exe
  2⤵
  PID:6064
- C:\Windows\System\MandUCw.exe
  C:\Windows\System\MandUCw.exe
  2⤵
  PID:6092
- C:\Windows\System\IHvjErO.exe
  C:\Windows\System\IHvjErO.exe
  2⤵
  PID:6116
- C:\Windows\System\IWHqpAu.exe
  C:\Windows\System\IWHqpAu.exe
  2⤵
  PID:2140
- C:\Windows\System\vWPnxzW.exe
  C:\Windows\System\vWPnxzW.exe
  2⤵
  PID:4996
- C:\Windows\System\AGGFaZK.exe
  C:\Windows\System\AGGFaZK.exe
  2⤵
  PID:4816
- C:\Windows\System\ioBaZQq.exe
  C:\Windows\System\ioBaZQq.exe
  2⤵
  PID:5144
- C:\Windows\System\poWnWQC.exe
  C:\Windows\System\poWnWQC.exe
  2⤵
  PID:2612
- C:\Windows\System\VZTnVzp.exe
  C:\Windows\System\VZTnVzp.exe
  2⤵
  PID:2372
- C:\Windows\System\qqqZIut.exe
  C:\Windows\System\qqqZIut.exe
  2⤵
  PID:5004
- C:\Windows\System\rcJrAGn.exe
  C:\Windows\System\rcJrAGn.exe
  2⤵
  PID:5352
- C:\Windows\System\hGTcRwR.exe
  C:\Windows\System\hGTcRwR.exe
  2⤵
  PID:3580
- C:\Windows\System\ZitqBnJ.exe
  C:\Windows\System\ZitqBnJ.exe
  2⤵
  PID:5400
- C:\Windows\System\pCbPQRj.exe
  C:\Windows\System\pCbPQRj.exe
  2⤵
  PID:5312
- C:\Windows\System\cepyqbB.exe
  C:\Windows\System\cepyqbB.exe
  2⤵
  PID:5544
- C:\Windows\System\oNCLldc.exe
  C:\Windows\System\oNCLldc.exe
  2⤵
  PID:5232
- C:\Windows\System\djnUEMt.exe
  C:\Windows\System\djnUEMt.exe
  2⤵
  PID:5284
- C:\Windows\System\BuPkltB.exe
  C:\Windows\System\BuPkltB.exe
  2⤵
  PID:5612
- C:\Windows\System\EOFyEqG.exe
  C:\Windows\System\EOFyEqG.exe
  2⤵
  PID:5796
- C:\Windows\System\LImDFdB.exe
  C:\Windows\System\LImDFdB.exe
  2⤵
  PID:5440
- C:\Windows\System\ZciVRWg.exe
  C:\Windows\System\ZciVRWg.exe
  2⤵
  PID:5464
- C:\Windows\System\iewUqIV.exe
  C:\Windows\System\iewUqIV.exe
  2⤵
  PID:5952
- C:\Windows\System\XTFxaPN.exe
  C:\Windows\System\XTFxaPN.exe
  2⤵
  PID:5744
- C:\Windows\System\BRqEGwT.exe
  C:\Windows\System\BRqEGwT.exe
  2⤵
  PID:5572
- C:\Windows\System\PwcEDvB.exe
  C:\Windows\System\PwcEDvB.exe
  2⤵
  PID:5908
- C:\Windows\System\mlLTQtv.exe
  C:\Windows\System\mlLTQtv.exe
  2⤵
  PID:5364
- C:\Windows\System\FzfobxR.exe
  C:\Windows\System\FzfobxR.exe
  2⤵
  PID:5948
- C:\Windows\System\FaFhNWo.exe
  C:\Windows\System\FaFhNWo.exe
  2⤵
  PID:5992
- C:\Windows\System\YxKOayX.exe
  C:\Windows\System\YxKOayX.exe
  2⤵
  PID:5504
- C:\Windows\System\YHcYgag.exe
  C:\Windows\System\YHcYgag.exe
  2⤵
  PID:5196
- C:\Windows\System\nOGnTnk.exe
  C:\Windows\System\nOGnTnk.exe
  2⤵
  PID:5764
- C:\Windows\System\gCeKAxy.exe
  C:\Windows\System\gCeKAxy.exe
  2⤵
  PID:6156
- C:\Windows\System\rPrsLXI.exe
  C:\Windows\System\rPrsLXI.exe
  2⤵
  PID:6180
- C:\Windows\System\bDnLIFJ.exe
  C:\Windows\System\bDnLIFJ.exe
  2⤵
  PID:6196
- C:\Windows\System\lBmDgSI.exe
  C:\Windows\System\lBmDgSI.exe
  2⤵
  PID:6220
- C:\Windows\System\cHhKEnP.exe
  C:\Windows\System\cHhKEnP.exe
  2⤵
  PID:6256
- C:\Windows\System\CuxHNiU.exe
  C:\Windows\System\CuxHNiU.exe
  2⤵
  PID:6272
- C:\Windows\System\UkJCGHG.exe
  C:\Windows\System\UkJCGHG.exe
  2⤵
  PID:6300
- C:\Windows\System\yKLcsFe.exe
  C:\Windows\System\yKLcsFe.exe
  2⤵
  PID:6316
- C:\Windows\System\EoCNIbX.exe
  C:\Windows\System\EoCNIbX.exe
  2⤵
  PID:6340
- C:\Windows\System\QUFvXuE.exe
  C:\Windows\System\QUFvXuE.exe
  2⤵
  PID:6372
- C:\Windows\System\WezRQzM.exe
  C:\Windows\System\WezRQzM.exe
  2⤵
  PID:6396
- C:\Windows\System\aQNKORG.exe
  C:\Windows\System\aQNKORG.exe
  2⤵
  PID:6416
- C:\Windows\System\awoQpFv.exe
  C:\Windows\System\awoQpFv.exe
  2⤵
  PID:6440
- C:\Windows\System\kaUWnkU.exe
  C:\Windows\System\kaUWnkU.exe
  2⤵
  PID:6460
- C:\Windows\System\TpKvyiG.exe
  C:\Windows\System\TpKvyiG.exe
  2⤵
  PID:6484
- C:\Windows\System\aVEqbAU.exe
  C:\Windows\System\aVEqbAU.exe
  2⤵
  PID:6500
- C:\Windows\System\yUIxJBS.exe
  C:\Windows\System\yUIxJBS.exe
  2⤵
  PID:6520
- C:\Windows\System\OGWYmwJ.exe
  C:\Windows\System\OGWYmwJ.exe
  2⤵
  PID:6544
- C:\Windows\System\BjGyrhe.exe
  C:\Windows\System\BjGyrhe.exe
  2⤵
  PID:6568
- C:\Windows\System\GAsWzLM.exe
  C:\Windows\System\GAsWzLM.exe
  2⤵
  PID:6588
- C:\Windows\System\DgBjohu.exe
  C:\Windows\System\DgBjohu.exe
  2⤵
  PID:6604
- C:\Windows\System\PnIflMv.exe
  C:\Windows\System\PnIflMv.exe
  2⤵
  PID:6628
- C:\Windows\System\YSmhXqs.exe
  C:\Windows\System\YSmhXqs.exe
  2⤵
  PID:6644
- C:\Windows\System\MYNcLra.exe
  C:\Windows\System\MYNcLra.exe
  2⤵
  PID:6676
- C:\Windows\System\MoWZDcb.exe
  C:\Windows\System\MoWZDcb.exe
  2⤵
  PID:6692
- C:\Windows\System\wHaOSoT.exe
  C:\Windows\System\wHaOSoT.exe
  2⤵
  PID:6716
- C:\Windows\System\beDhroS.exe
  C:\Windows\System\beDhroS.exe
  2⤵
  PID:6732
- C:\Windows\System\FNisbTb.exe
  C:\Windows\System\FNisbTb.exe
  2⤵
  PID:6760
- C:\Windows\System\hUecTEV.exe
  C:\Windows\System\hUecTEV.exe
  2⤵
  PID:6776
- C:\Windows\System\mHbFXba.exe
  C:\Windows\System\mHbFXba.exe
  2⤵
  PID:6800
- C:\Windows\System\ixgMVjF.exe
  C:\Windows\System\ixgMVjF.exe
  2⤵
  PID:6824
- C:\Windows\System\LjszYEF.exe
  C:\Windows\System\LjszYEF.exe
  2⤵
  PID:6848
- C:\Windows\System\oPgahBi.exe
  C:\Windows\System\oPgahBi.exe
  2⤵
  PID:6868
- C:\Windows\System\MsFdbDQ.exe
  C:\Windows\System\MsFdbDQ.exe
  2⤵
  PID:6888
- C:\Windows\System\UQudKTH.exe
  C:\Windows\System\UQudKTH.exe
  2⤵
  PID:6904
- C:\Windows\System\brNvXLV.exe
  C:\Windows\System\brNvXLV.exe
  2⤵
  PID:6928
- C:\Windows\System\tBaKgFb.exe
  C:\Windows\System\tBaKgFb.exe
  2⤵
  PID:6952
- C:\Windows\System\qsgVmJs.exe
  C:\Windows\System\qsgVmJs.exe
  2⤵
  PID:6968
- C:\Windows\System\iCvfUpa.exe
  C:\Windows\System\iCvfUpa.exe
  2⤵
  PID:6992
- C:\Windows\System\DlUybwT.exe
  C:\Windows\System\DlUybwT.exe
  2⤵
  PID:7012
- C:\Windows\System\rGoBKid.exe
  C:\Windows\System\rGoBKid.exe
  2⤵
  PID:7032
- C:\Windows\System\NrfFQWD.exe
  C:\Windows\System\NrfFQWD.exe
  2⤵
  PID:7060
- C:\Windows\System\xWQNLqn.exe
  C:\Windows\System\xWQNLqn.exe
  2⤵
  PID:7076
- C:\Windows\System\OeXSdZb.exe
  C:\Windows\System\OeXSdZb.exe
  2⤵
  PID:7100
- C:\Windows\System\rGHUPbz.exe
  C:\Windows\System\rGHUPbz.exe
  2⤵
  PID:7120
- C:\Windows\System\ooBGXiX.exe
  C:\Windows\System\ooBGXiX.exe
  2⤵
  PID:7144
- C:\Windows\System\ayoNHrZ.exe
  C:\Windows\System\ayoNHrZ.exe
  2⤵
  PID:7164
- C:\Windows\System\bGMtjzr.exe
  C:\Windows\System\bGMtjzr.exe
  2⤵
  PID:6112
- C:\Windows\System\fyqKlMx.exe
  C:\Windows\System\fyqKlMx.exe
  2⤵
  PID:5836
- C:\Windows\System\futvoVH.exe
  C:\Windows\System\futvoVH.exe
  2⤵
  PID:4492
- C:\Windows\System\AARASgF.exe
  C:\Windows\System\AARASgF.exe
  2⤵
  PID:4428
- C:\Windows\System\gQAggPD.exe
  C:\Windows\System\gQAggPD.exe
  2⤵
  PID:5360
- C:\Windows\System\NDkKntg.exe
  C:\Windows\System\NDkKntg.exe
  2⤵
  PID:5600
- C:\Windows\System\WpaOIBG.exe
  C:\Windows\System\WpaOIBG.exe
  2⤵
  PID:5428
- C:\Windows\System\ywUUjAE.exe
  C:\Windows\System\ywUUjAE.exe
  2⤵
  PID:6280
- C:\Windows\System\XzsETQX.exe
  C:\Windows\System\XzsETQX.exe
  2⤵
  PID:5452
- C:\Windows\System\JbAqpJH.exe
  C:\Windows\System\JbAqpJH.exe
  2⤵
  PID:6392
- C:\Windows\System\xphRinX.exe
  C:\Windows\System\xphRinX.exe
  2⤵
  PID:5976
- C:\Windows\System\VatIrID.exe
  C:\Windows\System\VatIrID.exe
  2⤵
  PID:5560
- C:\Windows\System\fSGcjzG.exe
  C:\Windows\System\fSGcjzG.exe
  2⤵
  PID:6836
- C:\Windows\System\zsuEPiD.exe
  C:\Windows\System\zsuEPiD.exe
  2⤵
  PID:6900
- C:\Windows\System\EbuWLDN.exe
  C:\Windows\System\EbuWLDN.exe
  2⤵
  PID:7000
- C:\Windows\System\wiSxrpH.exe
  C:\Windows\System\wiSxrpH.exe
  2⤵
  PID:7176
- C:\Windows\System\kcEILXu.exe
  C:\Windows\System\kcEILXu.exe
  2⤵
  PID:7200
- C:\Windows\System\hjNMGlb.exe
  C:\Windows\System\hjNMGlb.exe
  2⤵
  PID:7216
- C:\Windows\System\ZxSPwPs.exe
  C:\Windows\System\ZxSPwPs.exe
  2⤵
  PID:7240
- C:\Windows\System\nMPNKFL.exe
  C:\Windows\System\nMPNKFL.exe
  2⤵
  PID:7264
- C:\Windows\System\LwaRHBh.exe
  C:\Windows\System\LwaRHBh.exe
  2⤵
  PID:7284
- C:\Windows\System\AwezFqn.exe
  C:\Windows\System\AwezFqn.exe
  2⤵
  PID:7300
- C:\Windows\System\XgdZAAL.exe
  C:\Windows\System\XgdZAAL.exe
  2⤵
  PID:7328
- C:\Windows\System\RNqOcuM.exe
  C:\Windows\System\RNqOcuM.exe
  2⤵
  PID:7348
- C:\Windows\System\cfJoKBn.exe
  C:\Windows\System\cfJoKBn.exe
  2⤵
  PID:7364
- C:\Windows\System\RdaZItE.exe
  C:\Windows\System\RdaZItE.exe
  2⤵
  PID:7392
- C:\Windows\System\EFJBctp.exe
  C:\Windows\System\EFJBctp.exe
  2⤵
  PID:7412
- C:\Windows\System\SKIlFET.exe
  C:\Windows\System\SKIlFET.exe
  2⤵
  PID:7436
- C:\Windows\System\mZLdhpG.exe
  C:\Windows\System\mZLdhpG.exe
  2⤵
  PID:7456
- C:\Windows\System\pyDTwjB.exe
  C:\Windows\System\pyDTwjB.exe
  2⤵
  PID:7480
- C:\Windows\System\pCFdRSp.exe
  C:\Windows\System\pCFdRSp.exe
  2⤵
  PID:7496
- C:\Windows\System\EAaprPH.exe
  C:\Windows\System\EAaprPH.exe
  2⤵
  PID:7512
- C:\Windows\System\TSonUHY.exe
  C:\Windows\System\TSonUHY.exe
  2⤵
  PID:7536
- C:\Windows\System\nBkgIRw.exe
  C:\Windows\System\nBkgIRw.exe
  2⤵
  PID:7556
- C:\Windows\System\CqIhtUd.exe
  C:\Windows\System\CqIhtUd.exe
  2⤵
  PID:7576
- C:\Windows\System\jbCwtfR.exe
  C:\Windows\System\jbCwtfR.exe
  2⤵
  PID:7600
- C:\Windows\System\lxCHMWI.exe
  C:\Windows\System\lxCHMWI.exe
  2⤵
  PID:7620
- C:\Windows\System\ugnAWWD.exe
  C:\Windows\System\ugnAWWD.exe
  2⤵
  PID:7640
- C:\Windows\System\ZovFGId.exe
  C:\Windows\System\ZovFGId.exe
  2⤵
  PID:7660
- C:\Windows\System\rpbuzwa.exe
  C:\Windows\System\rpbuzwa.exe
  2⤵
  PID:7684
- C:\Windows\System\IXzzhNw.exe
  C:\Windows\System\IXzzhNw.exe
  2⤵
  PID:7700
- C:\Windows\System\fxdBmLJ.exe
  C:\Windows\System\fxdBmLJ.exe
  2⤵
  PID:7724
- C:\Windows\System\nyCbqMM.exe
  C:\Windows\System\nyCbqMM.exe
  2⤵
  PID:7748
- C:\Windows\System\HDFqktq.exe
  C:\Windows\System\HDFqktq.exe
  2⤵
  PID:7764
- C:\Windows\System\cftVjCR.exe
  C:\Windows\System\cftVjCR.exe
  2⤵
  PID:7788
- C:\Windows\System\XxRGVfk.exe
  C:\Windows\System\XxRGVfk.exe
  2⤵
  PID:7812
- C:\Windows\System\asdcAXe.exe
  C:\Windows\System\asdcAXe.exe
  2⤵
  PID:7828
- C:\Windows\System\PCVZpdT.exe
  C:\Windows\System\PCVZpdT.exe
  2⤵
  PID:7852
- C:\Windows\System\qdbdseZ.exe
  C:\Windows\System\qdbdseZ.exe
  2⤵
  PID:7876
- C:\Windows\System\zIXBVSv.exe
  C:\Windows\System\zIXBVSv.exe
  2⤵
  PID:7892
- C:\Windows\System\Eflaupq.exe
  C:\Windows\System\Eflaupq.exe
  2⤵
  PID:7916
- C:\Windows\System\LnwpNyX.exe
  C:\Windows\System\LnwpNyX.exe
  2⤵
  PID:7936
- C:\Windows\System\wLqgeVR.exe
  C:\Windows\System\wLqgeVR.exe
  2⤵
  PID:7956
- C:\Windows\System\vawVsXx.exe
  C:\Windows\System\vawVsXx.exe
  2⤵
  PID:7984
- C:\Windows\System\FOcQPUU.exe
  C:\Windows\System\FOcQPUU.exe
  2⤵
  PID:8000
- C:\Windows\System\RldhpaC.exe
  C:\Windows\System\RldhpaC.exe
  2⤵
  PID:8024
- C:\Windows\System\NEQOvUQ.exe
  C:\Windows\System\NEQOvUQ.exe
  2⤵
  PID:8040
- C:\Windows\System\fJlTzTp.exe
  C:\Windows\System\fJlTzTp.exe
  2⤵
  PID:8060
- C:\Windows\System\pfividL.exe
  C:\Windows\System\pfividL.exe
  2⤵
  PID:8080
- C:\Windows\System\yyhdaof.exe
  C:\Windows\System\yyhdaof.exe
  2⤵
  PID:8100
- C:\Windows\System\bbsjixY.exe
  C:\Windows\System\bbsjixY.exe
  2⤵
  PID:8120
- C:\Windows\System\DrMLPSB.exe
  C:\Windows\System\DrMLPSB.exe
  2⤵
  PID:6336
- C:\Windows\System\YTZPdPy.exe
  C:\Windows\System\YTZPdPy.exe
  2⤵
  PID:6924
- C:\Windows\System\MUETRcC.exe
  C:\Windows\System\MUETRcC.exe
  2⤵
  PID:6552
- C:\Windows\System\asRzbfZ.exe
  C:\Windows\System\asRzbfZ.exe
  2⤵
  PID:7044
- C:\Windows\System\hAmmCZg.exe
  C:\Windows\System\hAmmCZg.exe
  2⤵
  PID:6452
- C:\Windows\System\FfseqXt.exe
  C:\Windows\System\FfseqXt.exe
  2⤵
  PID:7296
- C:\Windows\System\CnLaEFm.exe
  C:\Windows\System\CnLaEFm.exe
  2⤵
  PID:7492
- C:\Windows\System\mXQnEBi.exe
  C:\Windows\System\mXQnEBi.exe
  2⤵
  PID:6584
- C:\Windows\System\fbDhVMM.exe
  C:\Windows\System\fbDhVMM.exe
  2⤵
  PID:6712
- C:\Windows\System\COdUkyh.exe
  C:\Windows\System\COdUkyh.exe
  2⤵
  PID:6756
- C:\Windows\System\Tchbrhc.exe
  C:\Windows\System\Tchbrhc.exe
  2⤵
  PID:7836
- C:\Windows\System\AldjCyt.exe
  C:\Windows\System\AldjCyt.exe
  2⤵
  PID:6288
- C:\Windows\System\waaNOMk.exe
  C:\Windows\System\waaNOMk.exe
  2⤵
  PID:6880
- C:\Windows\System\FosBTDY.exe
  C:\Windows\System\FosBTDY.exe
  2⤵
  PID:6984
- C:\Windows\System\VbzKKSI.exe
  C:\Windows\System\VbzKKSI.exe
  2⤵
  PID:7504
- C:\Windows\System\DpMiNTt.exe
  C:\Windows\System\DpMiNTt.exe
  2⤵
  PID:7272
- C:\Windows\System\iYHyzVx.exe
  C:\Windows\System\iYHyzVx.exe
  2⤵
  PID:8136
- C:\Windows\System\YZhIZHl.exe
  C:\Windows\System\YZhIZHl.exe
  2⤵
  PID:7212
- C:\Windows\System\BWeNsfV.exe
  C:\Windows\System\BWeNsfV.exe
  2⤵
  PID:7088
- C:\Windows\System\OfIsGsz.exe
  C:\Windows\System\OfIsGsz.exe
  2⤵
  PID:7308
- C:\Windows\System\FIjXhDW.exe
  C:\Windows\System\FIjXhDW.exe
  2⤵
  PID:5272
- C:\Windows\System\oSPmjCE.exe
  C:\Windows\System\oSPmjCE.exe
  2⤵
  PID:8196
- C:\Windows\System\JMjtdDj.exe
  C:\Windows\System\JMjtdDj.exe
  2⤵
  PID:8228
- C:\Windows\System\ruVFrWl.exe
  C:\Windows\System\ruVFrWl.exe
  2⤵
  PID:8248
- C:\Windows\System\ICckdKO.exe
  C:\Windows\System\ICckdKO.exe
  2⤵
  PID:8272
- C:\Windows\System\vCGtAFw.exe
  C:\Windows\System\vCGtAFw.exe
  2⤵
  PID:8296
- C:\Windows\System\upVlIdC.exe
  C:\Windows\System\upVlIdC.exe
  2⤵
  PID:8328
- C:\Windows\System\GxIzkeE.exe
  C:\Windows\System\GxIzkeE.exe
  2⤵
  PID:8344
- C:\Windows\System\NGJjWoY.exe
  C:\Windows\System\NGJjWoY.exe
  2⤵
  PID:8364
- C:\Windows\System\QYeurNZ.exe
  C:\Windows\System\QYeurNZ.exe
  2⤵
  PID:8388
- C:\Windows\System\cqtiKTE.exe
  C:\Windows\System\cqtiKTE.exe
  2⤵
  PID:8404
- C:\Windows\System\obwuJeA.exe
  C:\Windows\System\obwuJeA.exe
  2⤵
  PID:8424
- C:\Windows\System\FTvaaye.exe
  C:\Windows\System\FTvaaye.exe
  2⤵
  PID:8448
- C:\Windows\System\xqXBkyP.exe
  C:\Windows\System\xqXBkyP.exe
  2⤵
  PID:8468
- C:\Windows\System\WxxqWdN.exe
  C:\Windows\System\WxxqWdN.exe
  2⤵
  PID:8488
- C:\Windows\System\lRibfBz.exe
  C:\Windows\System\lRibfBz.exe
  2⤵
  PID:8532
- C:\Windows\System\arXFbbg.exe
  C:\Windows\System\arXFbbg.exe
  2⤵
  PID:8552
- C:\Windows\System\ncolnDh.exe
  C:\Windows\System\ncolnDh.exe
  2⤵
  PID:8572
- C:\Windows\System\QgSMfnp.exe
  C:\Windows\System\QgSMfnp.exe
  2⤵
  PID:8592
- C:\Windows\System\aBCJpgi.exe
  C:\Windows\System\aBCJpgi.exe
  2⤵
  PID:8616
- C:\Windows\System\LeblTLd.exe
  C:\Windows\System\LeblTLd.exe
  2⤵
  PID:8640
- C:\Windows\System\qlDgYnt.exe
  C:\Windows\System\qlDgYnt.exe
  2⤵
  PID:8664
- C:\Windows\System\DWxTevD.exe
  C:\Windows\System\DWxTevD.exe
  2⤵
  PID:8680
- C:\Windows\System\KAKQCip.exe
  C:\Windows\System\KAKQCip.exe
  2⤵
  PID:8704
- C:\Windows\System\imJvnJR.exe
  C:\Windows\System\imJvnJR.exe
  2⤵
  PID:8728
- C:\Windows\System\zYXXRhW.exe
  C:\Windows\System\zYXXRhW.exe
  2⤵
  PID:8752
- C:\Windows\System\dBStJrk.exe
  C:\Windows\System\dBStJrk.exe
  2⤵
  PID:8772
- C:\Windows\System\CGvTyHY.exe
  C:\Windows\System\CGvTyHY.exe
  2⤵
  PID:8796
- C:\Windows\System\qsdnybm.exe
  C:\Windows\System\qsdnybm.exe
  2⤵
  PID:8816
- C:\Windows\System\xgiFiGl.exe
  C:\Windows\System\xgiFiGl.exe
  2⤵
  PID:8848
- C:\Windows\System\YewsQXB.exe
  C:\Windows\System\YewsQXB.exe
  2⤵
  PID:8884
- C:\Windows\System\aqgPeMc.exe
  C:\Windows\System\aqgPeMc.exe
  2⤵
  PID:8908
- C:\Windows\System\jlNxjJK.exe
  C:\Windows\System\jlNxjJK.exe
  2⤵
  PID:8928
- C:\Windows\System\JtrKlKc.exe
  C:\Windows\System\JtrKlKc.exe
  2⤵
  PID:8952
- C:\Windows\System\dBCXsLa.exe
  C:\Windows\System\dBCXsLa.exe
  2⤵
  PID:8972
- C:\Windows\System\IcCuOFY.exe
  C:\Windows\System\IcCuOFY.exe
  2⤵
  PID:8988
- C:\Windows\System\GODLQAi.exe
  C:\Windows\System\GODLQAi.exe
  2⤵
  PID:9012
- C:\Windows\System\JYFMuqi.exe
  C:\Windows\System\JYFMuqi.exe
  2⤵
  PID:9040
- C:\Windows\System\lVsBVLN.exe
  C:\Windows\System\lVsBVLN.exe
  2⤵
  PID:9056
- C:\Windows\System\jauctBJ.exe
  C:\Windows\System\jauctBJ.exe
  2⤵
  PID:9080
- C:\Windows\System\CgabRFP.exe
  C:\Windows\System\CgabRFP.exe
  2⤵
  PID:9112
- C:\Windows\System\KeqgqAE.exe
  C:\Windows\System\KeqgqAE.exe
  2⤵
  PID:9136
- C:\Windows\System\VipPSkw.exe
  C:\Windows\System\VipPSkw.exe
  2⤵
  PID:9160
- C:\Windows\System\WVtAUcv.exe
  C:\Windows\System\WVtAUcv.exe
  2⤵
  PID:9180
- C:\Windows\System\zugNKUW.exe
  C:\Windows\System\zugNKUW.exe
  2⤵
  PID:9200
- C:\Windows\System\YBoScOn.exe
  C:\Windows\System\YBoScOn.exe
  2⤵
  PID:792
- C:\Windows\System\nMhrGOf.exe
  C:\Windows\System\nMhrGOf.exe
  2⤵
  PID:6080
- C:\Windows\System\qMbFaMG.exe
  C:\Windows\System\qMbFaMG.exe
  2⤵
  PID:7720
- C:\Windows\System\hitwwEc.exe
  C:\Windows\System\hitwwEc.exe
  2⤵
  PID:7808
- C:\Windows\System\AnhAbBy.exe
  C:\Windows\System\AnhAbBy.exe
  2⤵
  PID:8008
- C:\Windows\System\atdgbJl.exe
  C:\Windows\System\atdgbJl.exe
  2⤵
  PID:6192
- C:\Windows\System\aRqciyT.exe
  C:\Windows\System\aRqciyT.exe
  2⤵
  PID:6408
- C:\Windows\System\WKrvtYu.exe
  C:\Windows\System\WKrvtYu.exe
  2⤵
  PID:8092
- C:\Windows\System\pTYgYeG.exe
  C:\Windows\System\pTYgYeG.exe
  2⤵
  PID:7964
- C:\Windows\System\NCMCtSz.exe
  C:\Windows\System\NCMCtSz.exe
  2⤵
  PID:6820
- C:\Windows\System\dxbUJrG.exe
  C:\Windows\System\dxbUJrG.exe
  2⤵
  PID:6948
- C:\Windows\System\BdTVOZu.exe
  C:\Windows\System\BdTVOZu.exe
  2⤵
  PID:7188
- C:\Windows\System\lIkBHUJ.exe
  C:\Windows\System\lIkBHUJ.exe
  2⤵
  PID:7596
- C:\Windows\System\lcgiqNT.exe
  C:\Windows\System\lcgiqNT.exe
  2⤵
  PID:8036
- C:\Windows\System\vcKpDJZ.exe
  C:\Windows\System\vcKpDJZ.exe
  2⤵
  PID:6940
- C:\Windows\System\NaXDBpL.exe
  C:\Windows\System\NaXDBpL.exe
  2⤵
  PID:8132
- C:\Windows\System\yEQvHxq.exe
  C:\Windows\System\yEQvHxq.exe
  2⤵
  PID:7236
- C:\Windows\System\fJcQBSD.exe
  C:\Windows\System\fJcQBSD.exe
  2⤵
  PID:4556
- C:\Windows\System\IVuzrwE.exe
  C:\Windows\System\IVuzrwE.exe
  2⤵
  PID:7544
- C:\Windows\System\vdCMZEy.exe
  C:\Windows\System\vdCMZEy.exe
  2⤵
  PID:8340
- C:\Windows\System\HhZzkuX.exe
  C:\Windows\System\HhZzkuX.exe
  2⤵
  PID:7760
- C:\Windows\System\KtLVlLA.exe
  C:\Windows\System\KtLVlLA.exe
  2⤵
  PID:7952
- C:\Windows\System\nVTuYFW.exe
  C:\Windows\System\nVTuYFW.exe
  2⤵
  PID:8020
- C:\Windows\System\ZOErYRs.exe
  C:\Windows\System\ZOErYRs.exe
  2⤵
  PID:8544
- C:\Windows\System\lAShMYG.exe
  C:\Windows\System\lAShMYG.exe
  2⤵
  PID:9228
- C:\Windows\System\IOiPPbb.exe
  C:\Windows\System\IOiPPbb.exe
  2⤵
  PID:9252
- C:\Windows\System\YSxREOY.exe
  C:\Windows\System\YSxREOY.exe
  2⤵
  PID:9276
- C:\Windows\System\DrABYNZ.exe
  C:\Windows\System\DrABYNZ.exe
  2⤵
  PID:9300
- C:\Windows\System\FVdbdcK.exe
  C:\Windows\System\FVdbdcK.exe
  2⤵
  PID:9324
- C:\Windows\System\VrZlssa.exe
  C:\Windows\System\VrZlssa.exe
  2⤵
  PID:9348
- C:\Windows\System\ZVhElqM.exe
  C:\Windows\System\ZVhElqM.exe
  2⤵
  PID:9368
- C:\Windows\System\ZBJwiZf.exe
  C:\Windows\System\ZBJwiZf.exe
  2⤵
  PID:9388
- C:\Windows\System\gvwSrwj.exe
  C:\Windows\System\gvwSrwj.exe
  2⤵
  PID:9412
- C:\Windows\System\ZYVKEKt.exe
  C:\Windows\System\ZYVKEKt.exe
  2⤵
  PID:9436
- C:\Windows\System\LaFqpPy.exe
  C:\Windows\System\LaFqpPy.exe
  2⤵
  PID:9464
- C:\Windows\System\EJvvrTV.exe
  C:\Windows\System\EJvvrTV.exe
  2⤵
  PID:9488
- C:\Windows\System\hoCxnzM.exe
  C:\Windows\System\hoCxnzM.exe
  2⤵
  PID:9504
- C:\Windows\System\EgFxGyG.exe
  C:\Windows\System\EgFxGyG.exe
  2⤵
  PID:9524
- C:\Windows\System\imTQGXu.exe
  C:\Windows\System\imTQGXu.exe
  2⤵
  PID:9544
- C:\Windows\System\kiIEKNZ.exe
  C:\Windows\System\kiIEKNZ.exe
  2⤵
  PID:9564
- C:\Windows\System\WuVQXPv.exe
  C:\Windows\System\WuVQXPv.exe
  2⤵
  PID:9588
- C:\Windows\System\ndpDAaQ.exe
  C:\Windows\System\ndpDAaQ.exe
  2⤵
  PID:9608
- C:\Windows\System\LPDVOMT.exe
  C:\Windows\System\LPDVOMT.exe
  2⤵
  PID:9632
- C:\Windows\System\vroKktC.exe
  C:\Windows\System\vroKktC.exe
  2⤵
  PID:9652
- C:\Windows\System\HUmCytb.exe
  C:\Windows\System\HUmCytb.exe
  2⤵
  PID:9676
- C:\Windows\System\liQpoEw.exe
  C:\Windows\System\liQpoEw.exe
  2⤵
  PID:9696
- C:\Windows\System\OZkjvOR.exe
  C:\Windows\System\OZkjvOR.exe
  2⤵
  PID:9716
- C:\Windows\System\ylwwmPk.exe
  C:\Windows\System\ylwwmPk.exe
  2⤵
  PID:9740
- C:\Windows\System\alrypDh.exe
  C:\Windows\System\alrypDh.exe
  2⤵
  PID:9760
- C:\Windows\System\aIYPaqX.exe
  C:\Windows\System\aIYPaqX.exe
  2⤵
  PID:9780
- C:\Windows\System\TAnvvTf.exe
  C:\Windows\System\TAnvvTf.exe
  2⤵
  PID:9808
- C:\Windows\System\TyYGNnH.exe
  C:\Windows\System\TyYGNnH.exe
  2⤵
  PID:9828
- C:\Windows\System\XJSFFUt.exe
  C:\Windows\System\XJSFFUt.exe
  2⤵
  PID:9848
- C:\Windows\System\dsbjIay.exe
  C:\Windows\System\dsbjIay.exe
  2⤵
  PID:9876
- C:\Windows\System\PhvJPzU.exe
  C:\Windows\System\PhvJPzU.exe
  2⤵
  PID:9896
- C:\Windows\System\VfQouKm.exe
  C:\Windows\System\VfQouKm.exe
  2⤵
  PID:9920
- C:\Windows\System\pDEJcyN.exe
  C:\Windows\System\pDEJcyN.exe
  2⤵
  PID:9944
- C:\Windows\System\lAGFHvQ.exe
  C:\Windows\System\lAGFHvQ.exe
  2⤵
  PID:9960
- C:\Windows\System\mZFWnCR.exe
  C:\Windows\System\mZFWnCR.exe
  2⤵
  PID:9984
- C:\Windows\System\QHLoPyT.exe
  C:\Windows\System\QHLoPyT.exe
  2⤵
  PID:10016
- C:\Windows\System\XqTDRIg.exe
  C:\Windows\System\XqTDRIg.exe
  2⤵
  PID:10036
- C:\Windows\System\kLliSiT.exe
  C:\Windows\System\kLliSiT.exe
  2⤵
  PID:10056
- C:\Windows\System\ILWrDVv.exe
  C:\Windows\System\ILWrDVv.exe
  2⤵
  PID:10084
- C:\Windows\System\DUcmfHD.exe
  C:\Windows\System\DUcmfHD.exe
  2⤵
  PID:10104
- C:\Windows\System\isnlEUy.exe
  C:\Windows\System\isnlEUy.exe
  2⤵
  PID:10128
- C:\Windows\System\yqEuJXc.exe
  C:\Windows\System\yqEuJXc.exe
  2⤵
  PID:10148
- C:\Windows\System\rOPFbEv.exe
  C:\Windows\System\rOPFbEv.exe
  2⤵
  PID:10172
- C:\Windows\System\gVYOqhn.exe
  C:\Windows\System\gVYOqhn.exe
  2⤵
  PID:10192
- C:\Windows\System\AIjpSmv.exe
  C:\Windows\System\AIjpSmv.exe
  2⤵
  PID:10208
- C:\Windows\System\RAeTOrB.exe
  C:\Windows\System\RAeTOrB.exe
  2⤵
  PID:10232
- C:\Windows\System\eUpJfgJ.exe
  C:\Windows\System\eUpJfgJ.exe
  2⤵
  PID:8600
- C:\Windows\System\VftEPbd.exe
  C:\Windows\System\VftEPbd.exe
  2⤵
  PID:8784
- C:\Windows\System\yxnMpHM.exe
  C:\Windows\System\yxnMpHM.exe
  2⤵
  PID:7884
- C:\Windows\System\YelXurC.exe
  C:\Windows\System\YelXurC.exe
  2⤵
  PID:7756
- C:\Windows\System\EPflOpj.exe
  C:\Windows\System\EPflOpj.exe
  2⤵
  PID:7632
- C:\Windows\System\SkneIQC.exe
  C:\Windows\System\SkneIQC.exe
  2⤵
  PID:8828
- C:\Windows\System\xLyrKQu.exe
  C:\Windows\System\xLyrKQu.exe
  2⤵
  PID:8960
- C:\Windows\System\LqNCnTD.exe
  C:\Windows\System\LqNCnTD.exe
  2⤵
  PID:9008
- C:\Windows\System\Znnlixq.exe
  C:\Windows\System\Znnlixq.exe
  2⤵
  PID:9048
- C:\Windows\System\ECAHOxB.exe
  C:\Windows\System\ECAHOxB.exe
  2⤵
  PID:9096
- C:\Windows\System\aiTOGNt.exe
  C:\Windows\System\aiTOGNt.exe
  2⤵
  PID:9124
- C:\Windows\System\lOrmMYV.exe
  C:\Windows\System\lOrmMYV.exe
  2⤵
  PID:6268
- C:\Windows\System\jMSNnph.exe
  C:\Windows\System\jMSNnph.exe
  2⤵
  PID:7228
- C:\Windows\System\UynaprD.exe
  C:\Windows\System\UynaprD.exe
  2⤵
  PID:7040
- C:\Windows\System\ruVYUCO.exe
  C:\Windows\System\ruVYUCO.exe
  2⤵
  PID:7800
- C:\Windows\System\euyTaWz.exe
  C:\Windows\System\euyTaWz.exe
  2⤵
  PID:8072
- C:\Windows\System\RDxopLR.exe
  C:\Windows\System\RDxopLR.exe
  2⤵
  PID:8260
- C:\Windows\System\fRyaphD.exe
  C:\Windows\System\fRyaphD.exe
  2⤵
  PID:6976
- C:\Windows\System\FnZzWxm.exe
  C:\Windows\System\FnZzWxm.exe
  2⤵
  PID:8372
- C:\Windows\System\XWosBWA.exe
  C:\Windows\System\XWosBWA.exe
  2⤵
  PID:7508
- C:\Windows\System\YVbfCbw.exe
  C:\Windows\System\YVbfCbw.exe
  2⤵
  PID:8548
- C:\Windows\System\sUbNmpb.exe
  C:\Windows\System\sUbNmpb.exe
  2⤵
  PID:9224
- C:\Windows\System\jolKdcB.exe
  C:\Windows\System\jolKdcB.exe
  2⤵
  PID:8736
- C:\Windows\System\RDRwPrV.exe
  C:\Windows\System\RDRwPrV.exe
  2⤵
  PID:8760
- C:\Windows\System\kfNQqsR.exe
  C:\Windows\System\kfNQqsR.exe
  2⤵
  PID:8808
- C:\Windows\System\aiZtJUQ.exe
  C:\Windows\System\aiZtJUQ.exe
  2⤵
  PID:9364
- C:\Windows\System\hndkfxY.exe
  C:\Windows\System\hndkfxY.exe
  2⤵
  PID:6356
- C:\Windows\System\gaqZBEK.exe
  C:\Windows\System\gaqZBEK.exe
  2⤵
  PID:9380
- C:\Windows\System\iVSESOl.exe
  C:\Windows\System\iVSESOl.exe
  2⤵
  PID:9052
- C:\Windows\System\YYZSXZo.exe
  C:\Windows\System\YYZSXZo.exe
  2⤵
  PID:10256
- C:\Windows\System\LmNzWDH.exe
  C:\Windows\System\LmNzWDH.exe
  2⤵
  PID:10276
- C:\Windows\System\yVIbebd.exe
  C:\Windows\System\yVIbebd.exe
  2⤵
  PID:10304
- C:\Windows\System\dzLUVJv.exe
  C:\Windows\System\dzLUVJv.exe
  2⤵
  PID:10344
- C:\Windows\System\qgDHYjG.exe
  C:\Windows\System\qgDHYjG.exe
  2⤵
  PID:10364
- C:\Windows\System\IvgxWhC.exe
  C:\Windows\System\IvgxWhC.exe
  2⤵
  PID:10384
- C:\Windows\System\PKSuEZt.exe
  C:\Windows\System\PKSuEZt.exe
  2⤵
  PID:10404
- C:\Windows\System\acWmwaA.exe
  C:\Windows\System\acWmwaA.exe
  2⤵
  PID:10432
- C:\Windows\System\ykKuWPl.exe
  C:\Windows\System\ykKuWPl.exe
  2⤵
  PID:10452
- C:\Windows\System\YGPkyGk.exe
  C:\Windows\System\YGPkyGk.exe
  2⤵
  PID:10476
- C:\Windows\System\dTwpnrB.exe
  C:\Windows\System\dTwpnrB.exe
  2⤵
  PID:10496
- C:\Windows\System\RkWvEnM.exe
  C:\Windows\System\RkWvEnM.exe
  2⤵
  PID:10520
- C:\Windows\System\WgETtHO.exe
  C:\Windows\System\WgETtHO.exe
  2⤵
  PID:10544
- C:\Windows\System\eJcgIqL.exe
  C:\Windows\System\eJcgIqL.exe
  2⤵
  PID:10568
- C:\Windows\System\ogStGNs.exe
  C:\Windows\System\ogStGNs.exe
  2⤵
  PID:10584
- C:\Windows\System\UBLrahO.exe
  C:\Windows\System\UBLrahO.exe
  2⤵
  PID:10604
- C:\Windows\System\JMlwDHa.exe
  C:\Windows\System\JMlwDHa.exe
  2⤵
  PID:10628
- C:\Windows\System\xHCjBuu.exe
  C:\Windows\System\xHCjBuu.exe
  2⤵
  PID:10648
- C:\Windows\System\MjMjRjH.exe
  C:\Windows\System\MjMjRjH.exe
  2⤵
  PID:10672
- C:\Windows\System\gJjRNct.exe
  C:\Windows\System\gJjRNct.exe
  2⤵
  PID:10696
- C:\Windows\System\dfGNykK.exe
  C:\Windows\System\dfGNykK.exe
  2⤵
  PID:10720
- C:\Windows\System\HhAYIUd.exe
  C:\Windows\System\HhAYIUd.exe
  2⤵
  PID:10744
- C:\Windows\System\mdgwMkS.exe
  C:\Windows\System\mdgwMkS.exe
  2⤵
  PID:10764
- C:\Windows\System\mPfreTJ.exe
  C:\Windows\System\mPfreTJ.exe
  2⤵
  PID:10788
- C:\Windows\System\oOUTCsp.exe
  C:\Windows\System\oOUTCsp.exe
  2⤵
  PID:10812
- C:\Windows\System\JoWeDzD.exe
  C:\Windows\System\JoWeDzD.exe
  2⤵
  PID:10832
- C:\Windows\System\RnNWTCI.exe
  C:\Windows\System\RnNWTCI.exe
  2⤵
  PID:10852
- C:\Windows\System\NliHGXZ.exe
  C:\Windows\System\NliHGXZ.exe
  2⤵
  PID:10876
- C:\Windows\System\pgnfHez.exe
  C:\Windows\System\pgnfHez.exe
  2⤵
  PID:10896
- C:\Windows\System\aGWWkvK.exe
  C:\Windows\System\aGWWkvK.exe
  2⤵
  PID:10920
- C:\Windows\System\BzQFXZE.exe
  C:\Windows\System\BzQFXZE.exe
  2⤵
  PID:10944
- C:\Windows\System\AKhdPxs.exe
  C:\Windows\System\AKhdPxs.exe
  2⤵
  PID:10968
- C:\Windows\System\iDTmUgj.exe
  C:\Windows\System\iDTmUgj.exe
  2⤵
  PID:10984
- C:\Windows\System\YfHFFsU.exe
  C:\Windows\System\YfHFFsU.exe
  2⤵
  PID:11008
- C:\Windows\System\eTfkybz.exe
  C:\Windows\System\eTfkybz.exe
  2⤵
  PID:11028
- C:\Windows\System\knvQylF.exe
  C:\Windows\System\knvQylF.exe
  2⤵
  PID:11052
- C:\Windows\System\aDxctvD.exe
  C:\Windows\System\aDxctvD.exe
  2⤵
  PID:11080
- C:\Windows\System\GShiriU.exe
  C:\Windows\System\GShiriU.exe
  2⤵
  PID:11108
- C:\Windows\System\ftPgRYI.exe
  C:\Windows\System\ftPgRYI.exe
  2⤵
  PID:11128
- C:\Windows\System\anZwZvk.exe
  C:\Windows\System\anZwZvk.exe
  2⤵
  PID:11148
- C:\Windows\System\MvcZmZE.exe
  C:\Windows\System\MvcZmZE.exe
  2⤵
  PID:11172
- C:\Windows\System\egqBnVX.exe
  C:\Windows\System\egqBnVX.exe
  2⤵
  PID:11200
- C:\Windows\System\rHiXUHV.exe
  C:\Windows\System\rHiXUHV.exe
  2⤵
  PID:11224
- C:\Windows\System\BWseNMi.exe
  C:\Windows\System\BWseNMi.exe
  2⤵
  PID:11244
- C:\Windows\System\xoHqSZW.exe
  C:\Windows\System\xoHqSZW.exe
  2⤵
  PID:6700
- C:\Windows\System\eRWXKLi.exe
  C:\Windows\System\eRWXKLi.exe
  2⤵
  PID:9684
- C:\Windows\System\wJfvprW.exe
  C:\Windows\System\wJfvprW.exe
  2⤵
  PID:9748
- C:\Windows\System\jineity.exe
  C:\Windows\System\jineity.exe
  2⤵
  PID:9824
- C:\Windows\System\LnhZOLq.exe
  C:\Windows\System\LnhZOLq.exe
  2⤵
  PID:9840
- C:\Windows\System\wxaUviN.exe
  C:\Windows\System\wxaUviN.exe
  2⤵
  PID:9952
- C:\Windows\System\UrxuLaX.exe
  C:\Windows\System\UrxuLaX.exe
  2⤵
  PID:5156
- C:\Windows\System\VWnaPCR.exe
  C:\Windows\System\VWnaPCR.exe
  2⤵
  PID:10064
- C:\Windows\System\tiZEJlx.exe
  C:\Windows\System\tiZEJlx.exe
  2⤵
  PID:10092
- C:\Windows\System\JxMyHEP.exe
  C:\Windows\System\JxMyHEP.exe
  2⤵
  PID:10224
- C:\Windows\System\iAHVZFY.exe
  C:\Windows\System\iAHVZFY.exe
  2⤵
  PID:7908
- C:\Windows\System\AFbPvoM.exe
  C:\Windows\System\AFbPvoM.exe
  2⤵
  PID:7528
- C:\Windows\System\XJdyGTf.exe
  C:\Windows\System\XJdyGTf.exe
  2⤵
  PID:8484
- C:\Windows\System\KSDpsDp.exe
  C:\Windows\System\KSDpsDp.exe
  2⤵
  PID:8528
- C:\Windows\System\jIxZnwz.exe
  C:\Windows\System\jIxZnwz.exe
  2⤵
  PID:6744
- C:\Windows\System\OBJErso.exe
  C:\Windows\System\OBJErso.exe
  2⤵
  PID:9244
- C:\Windows\System\AlWNqfo.exe
  C:\Windows\System\AlWNqfo.exe
  2⤵
  PID:7208
- C:\Windows\System\FAhzYTb.exe
  C:\Windows\System\FAhzYTb.exe
  2⤵
  PID:8688
- C:\Windows\System\gRpbsOS.exe
  C:\Windows\System\gRpbsOS.exe
  2⤵
  PID:11280
- C:\Windows\System\CGgpNtD.exe
  C:\Windows\System\CGgpNtD.exe
  2⤵
  PID:11300
- C:\Windows\System\POIalSR.exe
  C:\Windows\System\POIalSR.exe
  2⤵
  PID:11320
- C:\Windows\System\ZnqFnPy.exe
  C:\Windows\System\ZnqFnPy.exe
  2⤵
  PID:11344
- C:\Windows\System\rmPymuO.exe
  C:\Windows\System\rmPymuO.exe
  2⤵
  PID:11368
- C:\Windows\System\KAnhYFV.exe
  C:\Windows\System\KAnhYFV.exe
  2⤵
  PID:11384
- C:\Windows\System\QgkQddS.exe
  C:\Windows\System\QgkQddS.exe
  2⤵
  PID:11408
- C:\Windows\System\VNybCGf.exe
  C:\Windows\System\VNybCGf.exe
  2⤵
  PID:11432
- C:\Windows\System\tmFwXUR.exe
  C:\Windows\System\tmFwXUR.exe
  2⤵
  PID:11456
- C:\Windows\System\hcytBUM.exe
  C:\Windows\System\hcytBUM.exe
  2⤵
  PID:11476
- C:\Windows\System\ktoDIYa.exe
  C:\Windows\System\ktoDIYa.exe
  2⤵
  PID:11492
- C:\Windows\System\xGKyAGI.exe
  C:\Windows\System\xGKyAGI.exe
  2⤵
  PID:11516
- C:\Windows\System\rJVbyDY.exe
  C:\Windows\System\rJVbyDY.exe
  2⤵
  PID:11544
- C:\Windows\System\XLTFijE.exe
  C:\Windows\System\XLTFijE.exe
  2⤵
  PID:11568
- C:\Windows\System\KBFWGbb.exe
  C:\Windows\System\KBFWGbb.exe
  2⤵
  PID:11592
- C:\Windows\System\NOsYEnO.exe
  C:\Windows\System\NOsYEnO.exe
  2⤵
  PID:11616
- C:\Windows\System\gKeydQZ.exe
  C:\Windows\System\gKeydQZ.exe
  2⤵
  PID:11636
- C:\Windows\System\aMtuggA.exe
  C:\Windows\System\aMtuggA.exe
  2⤵
  PID:11656
- C:\Windows\System\SZDwXEi.exe
  C:\Windows\System\SZDwXEi.exe
  2⤵
  PID:11680
- C:\Windows\System\UrpNbQe.exe
  C:\Windows\System\UrpNbQe.exe
  2⤵
  PID:11700
- C:\Windows\System\dihMCCX.exe
  C:\Windows\System\dihMCCX.exe
  2⤵
  PID:11720
- C:\Windows\System\EqHPfKU.exe
  C:\Windows\System\EqHPfKU.exe
  2⤵
  PID:11744
- C:\Windows\System\yNioFVu.exe
  C:\Windows\System\yNioFVu.exe
  2⤵
  PID:11764
- C:\Windows\System\bjvvMoA.exe
  C:\Windows\System\bjvvMoA.exe
  2⤵
  PID:11788
- C:\Windows\System\TABWXSU.exe
  C:\Windows\System\TABWXSU.exe
  2⤵
  PID:11812
- C:\Windows\System\mrRPNQw.exe
  C:\Windows\System\mrRPNQw.exe
  2⤵
  PID:11832
- C:\Windows\System\TNsONJQ.exe
  C:\Windows\System\TNsONJQ.exe
  2⤵
  PID:11860
- C:\Windows\System\YVnAXfa.exe
  C:\Windows\System\YVnAXfa.exe
  2⤵
  PID:11884
- C:\Windows\System\UgBYdBm.exe
  C:\Windows\System\UgBYdBm.exe
  2⤵
  PID:11904
- C:\Windows\System\VHisCgV.exe
  C:\Windows\System\VHisCgV.exe
  2⤵
  PID:11928
- C:\Windows\System\LJHCCtb.exe
  C:\Windows\System\LJHCCtb.exe
  2⤵
  PID:11952
- C:\Windows\System\ChMglRU.exe
  C:\Windows\System\ChMglRU.exe
  2⤵
  PID:11972
- C:\Windows\System\uxyuoXQ.exe
  C:\Windows\System\uxyuoXQ.exe
  2⤵
  PID:11996
- C:\Windows\System\OZkHeyo.exe
  C:\Windows\System\OZkHeyo.exe
  2⤵
  PID:12012
- C:\Windows\System\jhtzEZM.exe
  C:\Windows\System\jhtzEZM.exe
  2⤵
  PID:12036
- C:\Windows\System\tZxUxyR.exe
  C:\Windows\System\tZxUxyR.exe
  2⤵
  PID:12064
- C:\Windows\System\vysBuBP.exe
  C:\Windows\System\vysBuBP.exe
  2⤵
  PID:12088
- C:\Windows\System\QCgwdkj.exe
  C:\Windows\System\QCgwdkj.exe
  2⤵
  PID:12108
- C:\Windows\System\eoTLoHN.exe
  C:\Windows\System\eoTLoHN.exe
  2⤵
  PID:12128
- C:\Windows\System\sAHJpIC.exe
  C:\Windows\System\sAHJpIC.exe
  2⤵
  PID:12148
- C:\Windows\System\apTAXVq.exe
  C:\Windows\System\apTAXVq.exe
  2⤵
  PID:12172
- C:\Windows\System\yCAHnxg.exe
  C:\Windows\System\yCAHnxg.exe
  2⤵
  PID:12192
- C:\Windows\System\augMpUE.exe
  C:\Windows\System\augMpUE.exe
  2⤵
  PID:12220
- C:\Windows\System\kPvqziv.exe
  C:\Windows\System\kPvqziv.exe
  2⤵
  PID:12244
- C:\Windows\System\DdqKahJ.exe
  C:\Windows\System\DdqKahJ.exe
  2⤵
  PID:12272
- C:\Windows\System\oRpwNIT.exe
  C:\Windows\System\oRpwNIT.exe
  2⤵
  PID:9288
- C:\Windows\System\uYzUlNb.exe
  C:\Windows\System\uYzUlNb.exe
  2⤵
  PID:8856
- C:\Windows\System\kscmCHE.exe
  C:\Windows\System\kscmCHE.exe
  2⤵
  PID:9220
- C:\Windows\System\PuukZyW.exe
  C:\Windows\System\PuukZyW.exe
  2⤵
  PID:9376
- C:\Windows\System\HeRWnCa.exe
  C:\Windows\System\HeRWnCa.exe
  2⤵
  PID:9476
- C:\Windows\System\JdKZIKf.exe
  C:\Windows\System\JdKZIKf.exe
  2⤵
  PID:9064
- C:\Windows\System\NeSPdyz.exe
  C:\Windows\System\NeSPdyz.exe
  2⤵
  PID:9560
- C:\Windows\System\NEESMwJ.exe
  C:\Windows\System\NEESMwJ.exe
  2⤵
  PID:9604
- C:\Windows\System\clJrFbr.exe
  C:\Windows\System\clJrFbr.exe
  2⤵
  PID:10376
- C:\Windows\System\chaRbpr.exe
  C:\Windows\System\chaRbpr.exe
  2⤵
  PID:10424
- C:\Windows\System\vAfeeNS.exe
  C:\Windows\System\vAfeeNS.exe
  2⤵
  PID:9712
- C:\Windows\System\qQJMYFo.exe
  C:\Windows\System\qQJMYFo.exe
  2⤵
  PID:10596
- C:\Windows\System\QcFjLJD.exe
  C:\Windows\System\QcFjLJD.exe
  2⤵
  PID:3068
- C:\Windows\System\lWzkFrt.exe
  C:\Windows\System\lWzkFrt.exe
  2⤵
  PID:10668
- C:\Windows\System\QRzGBfw.exe
  C:\Windows\System\QRzGBfw.exe
  2⤵
  PID:9796
- C:\Windows\System\UMADzci.exe
  C:\Windows\System\UMADzci.exe
  2⤵
  PID:7912
- C:\Windows\System\nwtRBqo.exe
  C:\Windows\System\nwtRBqo.exe
  2⤵
  PID:10872
- C:\Windows\System\ymlAzOk.exe
  C:\Windows\System\ymlAzOk.exe
  2⤵
  PID:9980
- C:\Windows\System\gFpMtYz.exe
  C:\Windows\System\gFpMtYz.exe
  2⤵
  PID:9992
- C:\Windows\System\lHyoSki.exe
  C:\Windows\System\lHyoSki.exe
  2⤵
  PID:10960
- C:\Windows\System\aqsBvIt.exe
  C:\Windows\System\aqsBvIt.exe
  2⤵
  PID:11004
- C:\Windows\System\BtGbmEH.exe
  C:\Windows\System\BtGbmEH.exe
  2⤵
  PID:10032
- C:\Windows\System\pexSLHc.exe
  C:\Windows\System\pexSLHc.exe
  2⤵
  PID:10052
- C:\Windows\System\aDuKnHJ.exe
  C:\Windows\System\aDuKnHJ.exe
  2⤵
  PID:11104
- C:\Windows\System\iRSHPba.exe
  C:\Windows\System\iRSHPba.exe
  2⤵
  PID:12304
- C:\Windows\System\PrCZgDJ.exe
  C:\Windows\System\PrCZgDJ.exe
  2⤵
  PID:12320
- C:\Windows\System\pKASXVd.exe
  C:\Windows\System\pKASXVd.exe
  2⤵
  PID:12344
- C:\Windows\System\jPuewnJ.exe
  C:\Windows\System\jPuewnJ.exe
  2⤵
  PID:12368
- C:\Windows\System\BVVLAKI.exe
  C:\Windows\System\BVVLAKI.exe
  2⤵
  PID:12392
- C:\Windows\System\hKeVrak.exe
  C:\Windows\System\hKeVrak.exe
  2⤵
  PID:12416
- C:\Windows\System\voWuGfA.exe
  C:\Windows\System\voWuGfA.exe
  2⤵
  PID:12432
- C:\Windows\System\zDFzWyo.exe
  C:\Windows\System\zDFzWyo.exe
  2⤵
  PID:12456
- C:\Windows\System\kzLPEMC.exe
  C:\Windows\System\kzLPEMC.exe
  2⤵
  PID:12480
- C:\Windows\System\YJhkOjE.exe
  C:\Windows\System\YJhkOjE.exe
  2⤵
  PID:12508
- C:\Windows\System\yvIZwOr.exe
  C:\Windows\System\yvIZwOr.exe
  2⤵
  PID:12528
- C:\Windows\System\DifeOvO.exe
  C:\Windows\System\DifeOvO.exe
  2⤵
  PID:12548
- C:\Windows\System\VNkoEfG.exe
  C:\Windows\System\VNkoEfG.exe
  2⤵
  PID:12576
- C:\Windows\System\hWoAKUX.exe
  C:\Windows\System\hWoAKUX.exe
  2⤵
  PID:12596
- C:\Windows\System\XlhpICr.exe
  C:\Windows\System\XlhpICr.exe
  2⤵
  PID:12616
- C:\Windows\System\yBpbQEs.exe
  C:\Windows\System\yBpbQEs.exe
  2⤵
  PID:12644
- C:\Windows\System\qzOxZLl.exe
  C:\Windows\System\qzOxZLl.exe
  2⤵
  PID:12660
- C:\Windows\System\PhATnve.exe
  C:\Windows\System\PhATnve.exe
  2⤵
  PID:12680
- C:\Windows\System\PKlklSc.exe
  C:\Windows\System\PKlklSc.exe
  2⤵
  PID:12704
- C:\Windows\System\CtHXtzW.exe
  C:\Windows\System\CtHXtzW.exe
  2⤵
  PID:12728
- C:\Windows\System\npiSSlr.exe
  C:\Windows\System\npiSSlr.exe
  2⤵
  PID:12748
- C:\Windows\System\UQLmCcY.exe
  C:\Windows\System\UQLmCcY.exe
  2⤵
  PID:12772
- C:\Windows\System\bsSCyzp.exe
  C:\Windows\System\bsSCyzp.exe
  2⤵
  PID:12800
- C:\Windows\System\qdcGntK.exe
  C:\Windows\System\qdcGntK.exe
  2⤵
  PID:12824
- C:\Windows\System\PWyuyQS.exe
  C:\Windows\System\PWyuyQS.exe
  2⤵
  PID:12844
- C:\Windows\System\lVIdstb.exe
  C:\Windows\System\lVIdstb.exe
  2⤵
  PID:12868
- C:\Windows\System\xpUYyzx.exe
  C:\Windows\System\xpUYyzx.exe
  2⤵
  PID:12104
- C:\Windows\System\aWqkFgt.exe
  C:\Windows\System\aWqkFgt.exe
  2⤵
  PID:12240
- C:\Windows\System\pheAqIB.exe
  C:\Windows\System\pheAqIB.exe
  2⤵
  PID:9616
- C:\Windows\System\EkuGWIx.exe
  C:\Windows\System\EkuGWIx.exe
  2⤵
  PID:10616
- C:\Windows\System\iBWKRvI.exe
  C:\Windows\System\iBWKRvI.exe
  2⤵
  PID:11060
- C:\Windows\System\ONDMIAX.exe
  C:\Windows\System\ONDMIAX.exe
  2⤵
  PID:11380
- C:\Windows\System\DycLvVE.exe
  C:\Windows\System\DycLvVE.exe
  2⤵
  PID:11404
- C:\Windows\System\YMeSxqM.exe
  C:\Windows\System\YMeSxqM.exe
  2⤵
  PID:2308
- C:\Windows\System\FRnfAis.exe
  C:\Windows\System\FRnfAis.exe
  2⤵
  PID:13248
- C:\Windows\System\qMkteYP.exe
  C:\Windows\System\qMkteYP.exe
  2⤵
  PID:12492
- C:\Windows\System\rcICFmK.exe
  C:\Windows\System\rcICFmK.exe
  2⤵
  PID:11800
- C:\Windows\System\cATUIXy.exe
  C:\Windows\System\cATUIXy.exe
  2⤵
  PID:11940
- C:\Windows\System\EHtPeBh.exe
  C:\Windows\System\EHtPeBh.exe
  2⤵
  PID:12056
- C:\Windows\System\hvVQqPm.exe
  C:\Windows\System\hvVQqPm.exe
  2⤵
  PID:12136
- C:\Windows\System\cXYyQHa.exe
  C:\Windows\System\cXYyQHa.exe
  2⤵
  PID:12624
- C:\Windows\System\JkoRKjF.exe
  C:\Windows\System\JkoRKjF.exe
  2⤵
  PID:12636
- C:\Windows\System\SrtvbCe.exe
  C:\Windows\System\SrtvbCe.exe
  2⤵
  PID:12724
- C:\Windows\System\CFFYLnZ.exe
  C:\Windows\System\CFFYLnZ.exe
  2⤵
  PID:12780
- C:\Windows\System\msLZVvE.exe
  C:\Windows\System\msLZVvE.exe
  2⤵
  PID:12840
- C:\Windows\System\HITPCHM.exe
  C:\Windows\System\HITPCHM.exe
  2⤵
  PID:8588
- C:\Windows\System\tghFVqh.exe
  C:\Windows\System\tghFVqh.exe
  2⤵
  PID:11856
- C:\Windows\System\VIyOxia.exe
  C:\Windows\System\VIyOxia.exe
  2⤵
  PID:6536
- C:\Windows\System\ufMIzCO.exe
  C:\Windows\System\ufMIzCO.exe
  2⤵
  PID:10580
- C:\Windows\System\sDfKbGt.exe
  C:\Windows\System\sDfKbGt.exe
  2⤵
  PID:11020
- C:\Windows\System\vBSqLER.exe
  C:\Windows\System\vBSqLER.exe
  2⤵
  PID:10992
- C:\Windows\System\KuPAtOz.exe
  C:\Windows\System\KuPAtOz.exe
  2⤵
  PID:7780
- C:\Windows\System\qNycnlH.exe
  C:\Windows\System\qNycnlH.exe
  2⤵
  PID:11212
- C:\Windows\System\SgcVHmM.exe
  C:\Windows\System\SgcVHmM.exe
  2⤵
  PID:10804
- C:\Windows\System\bGdakKU.exe
  C:\Windows\System\bGdakKU.exe
  2⤵
  PID:11044
- C:\Windows\System\ICgAsNC.exe
  C:\Windows\System\ICgAsNC.exe
  2⤵
  PID:11556
- C:\Windows\System\eoKMRdN.exe
  C:\Windows\System\eoKMRdN.exe
  2⤵
  PID:8748
- C:\Windows\System\oLxWlkz.exe
  C:\Windows\System\oLxWlkz.exe
  2⤵
  PID:10268
- C:\Windows\System\FHblEWe.exe
  C:\Windows\System\FHblEWe.exe
  2⤵
  PID:10412
- C:\Windows\System\XyhqwlK.exe
  C:\Windows\System\XyhqwlK.exe
  2⤵
  PID:10540
- C:\Windows\System\czjdgKG.exe
  C:\Windows\System\czjdgKG.exe
  2⤵
  PID:12992
- C:\Windows\System\veEUsVA.exe
  C:\Windows\System\veEUsVA.exe
  2⤵
  PID:10800
- C:\Windows\System\OoAaScT.exe
  C:\Windows\System\OoAaScT.exe
  2⤵
  PID:10952
- C:\Windows\System\CNCngJX.exe
  C:\Windows\System\CNCngJX.exe
  2⤵
  PID:7820
- C:\Windows\System\WzyDMPF.exe
  C:\Windows\System\WzyDMPF.exe
  2⤵
  PID:10396
- C:\Windows\System\uZgPiDu.exe
  C:\Windows\System\uZgPiDu.exe
  2⤵
  PID:9032
- C:\Windows\System\artMQnO.exe
  C:\Windows\System\artMQnO.exe
  2⤵
  PID:13208
- C:\Windows\System\AGvGkIs.exe
  C:\Windows\System\AGvGkIs.exe
  2⤵
  PID:8904
- C:\Windows\System\PqWBERK.exe
  C:\Windows\System\PqWBERK.exe
  2⤵
  PID:10888
- C:\Windows\System\dJpfWFF.exe
  C:\Windows\System\dJpfWFF.exe
  2⤵
  PID:12428
- C:\Windows\System\mqoazCg.exe
  C:\Windows\System\mqoazCg.exe
  2⤵
  PID:11676
- C:\Windows\System\lkEAFMt.exe
  C:\Windows\System\lkEAFMt.exe
  2⤵
  PID:12820
- C:\Windows\System\SvRhYwf.exe
  C:\Windows\System\SvRhYwf.exe
  2⤵
  PID:12880
- C:\Windows\System\DRUlXdb.exe
  C:\Windows\System\DRUlXdb.exe
  2⤵
  PID:7020
- C:\Windows\System\OUZjtNf.exe
  C:\Windows\System\OUZjtNf.exe
  2⤵
  PID:11336
- C:\Windows\System\eSpSPtj.exe
  C:\Windows\System\eSpSPtj.exe
  2⤵
  PID:11552
- C:\Windows\System\CHsRZAp.exe
  C:\Windows\System\CHsRZAp.exe
  2⤵
  PID:11712
- C:\Windows\System\gtyIXWQ.exe
  C:\Windows\System\gtyIXWQ.exe
  2⤵
  PID:1956
- C:\Windows\System\RNJuAaI.exe
  C:\Windows\System\RNJuAaI.exe
  2⤵
  PID:11024
- C:\Windows\System\NrfbgPa.exe
  C:\Windows\System\NrfbgPa.exe
  2⤵
  PID:12544
- C:\Windows\System\LANwnSb.exe
  C:\Windows\System\LANwnSb.exe
  2⤵
  PID:3696
- C:\Windows\System\aPyNFBt.exe
  C:\Windows\System\aPyNFBt.exe
  2⤵
  PID:11512
- C:\Windows\System\audkyCR.exe
  C:\Windows\System\audkyCR.exe
  2⤵
  PID:9092
- C:\Windows\System\sPiEJTX.exe
  C:\Windows\System\sPiEJTX.exe
  2⤵
  PID:12024
- C:\Windows\System\iNxEtnr.exe
  C:\Windows\System\iNxEtnr.exe
  2⤵
  PID:9660
- C:\Windows\System\lJlSNXV.exe
  C:\Windows\System\lJlSNXV.exe
  2⤵
  PID:13228
- C:\Windows\System\vlpPkcn.exe
  C:\Windows\System\vlpPkcn.exe
  2⤵
  PID:12948
- C:\Windows\System\WtgJLgQ.exe
  C:\Windows\System\WtgJLgQ.exe
  2⤵
  PID:11040
- C:\Windows\System\lrqGMRb.exe
  C:\Windows\System\lrqGMRb.exe
  2⤵
  PID:12356
- C:\Windows\System\BZBTOeJ.exe
  C:\Windows\System\BZBTOeJ.exe
  2⤵
  PID:12408
- C:\Windows\System\tyIHeLf.exe
  C:\Windows\System\tyIHeLf.exe
  2⤵
  PID:4504
- C:\Windows\System\HFwvIUt.exe
  C:\Windows\System\HFwvIUt.exe
  2⤵
  PID:9708
- C:\Windows\System\xGuxKVZ.exe
  C:\Windows\System\xGuxKVZ.exe
  2⤵
  PID:9496
- C:\Windows\System\zBkClZB.exe
  C:\Windows\System\zBkClZB.exe
  2⤵
  PID:9772
- C:\Windows\System\XEdEyLW.exe
  C:\Windows\System\XEdEyLW.exe
  2⤵
  PID:11424
- C:\Windows\System\zReSpFp.exe
  C:\Windows\System\zReSpFp.exe
  2⤵
  PID:12464
- C:\Windows\System\WYDHDyc.exe
  C:\Windows\System\WYDHDyc.exe
  2⤵
  PID:4788
- C:\Windows\System\OFBGkSl.exe
  C:\Windows\System\OFBGkSl.exe
  2⤵
  PID:12120
- C:\Windows\System\RQTHOMa.exe
  C:\Windows\System\RQTHOMa.exe
  2⤵
  PID:10508
- C:\Windows\System\cKPhhjf.exe
  C:\Windows\System\cKPhhjf.exe
  2⤵
  PID:4332
- C:\Windows\System\lGTFCoe.exe
  C:\Windows\System\lGTFCoe.exe
  2⤵
  PID:12908
- C:\Windows\System\rYmWAJS.exe
  C:\Windows\System\rYmWAJS.exe
  2⤵
  PID:2684
- C:\Windows\System\BabmrDk.exe
  C:\Windows\System\BabmrDk.exe
  2⤵
  PID:11872
- C:\Windows\System\WQmgTGV.exe
  C:\Windows\System\WQmgTGV.exe
  2⤵
  PID:13300
- C:\Windows\System\JIPUhBB.exe
  C:\Windows\System\JIPUhBB.exe
  2⤵
  PID:5308
- C:\Windows\System\gjbJJLy.exe
  C:\Windows\System\gjbJJLy.exe
  2⤵
  PID:6516
- C:\Windows\System\FocWIsO.exe
  C:\Windows\System\FocWIsO.exe
  2⤵
  PID:13232
- C:\Windows\System\PnJytbq.exe
  C:\Windows\System\PnJytbq.exe
  2⤵
  PID:10504
- C:\Windows\System\aiUUxwZ.exe
  C:\Windows\System\aiUUxwZ.exe
  2⤵
  PID:10360
- C:\Windows\System\adtWJgx.exe
  C:\Windows\System\adtWJgx.exe
  2⤵
  PID:2992
- C:\Windows\System\ZAotGXb.exe
  C:\Windows\System\ZAotGXb.exe
  2⤵
  PID:11488
- C:\Windows\System\liDBnNA.exe
  C:\Windows\System\liDBnNA.exe
  2⤵
  PID:11848
- C:\Windows\System\FaeZFDl.exe
  C:\Windows\System\FaeZFDl.exe
  2⤵
  PID:9332
- C:\Windows\System\TMzCxJL.exe
  C:\Windows\System\TMzCxJL.exe
  2⤵
  PID:13372
- C:\Windows\System\tPcPmdm.exe
  C:\Windows\System\tPcPmdm.exe
  2⤵
  PID:13392
- C:\Windows\System\HQhKbtv.exe
  C:\Windows\System\HQhKbtv.exe
  2⤵
  PID:13408
- C:\Windows\System\mXBBRzq.exe
  C:\Windows\System\mXBBRzq.exe
  2⤵
  PID:13444
- C:\Windows\System\lkuicXV.exe
  C:\Windows\System\lkuicXV.exe
  2⤵
  PID:13492
- C:\Windows\System\eWfayOc.exe
  C:\Windows\System\eWfayOc.exe
  2⤵
  PID:13556
- C:\Windows\System\BKBpmOf.exe
  C:\Windows\System\BKBpmOf.exe
  2⤵
  PID:13704
- C:\Windows\System\MKvomBp.exe
  C:\Windows\System\MKvomBp.exe
  2⤵
  PID:13844
- C:\Windows\System\zstCurN.exe
  C:\Windows\System\zstCurN.exe
  2⤵
  PID:13884
- C:\Windows\System\kObwoJO.exe
  C:\Windows\System\kObwoJO.exe
  2⤵
  PID:13912
- C:\Windows\System\tpczfIK.exe
  C:\Windows\System\tpczfIK.exe
  2⤵
  PID:13972
- C:\Windows\System\ZFZRaPd.exe
  C:\Windows\System\ZFZRaPd.exe
  2⤵
  PID:14024
- C:\Windows\System\AlqcTij.exe
  C:\Windows\System\AlqcTij.exe
  2⤵
  PID:14140
- C:\Windows\System\AnInjxN.exe
  C:\Windows\System\AnInjxN.exe
  2⤵
  PID:14180
- C:\Windows\System\vOngDFt.exe
  C:\Windows\System\vOngDFt.exe
  2⤵
  PID:14200
- C:\Windows\System\OwqWlsq.exe
  C:\Windows\System\OwqWlsq.exe
  2⤵
  PID:14272
- C:\Windows\System\EcumXgr.exe
  C:\Windows\System\EcumXgr.exe
  2⤵
  PID:7472
- C:\Windows\System\YQjvaHj.exe
  C:\Windows\System\YQjvaHj.exe
  2⤵
  PID:13684
- C:\Windows\System\nmXYidV.exe
  C:\Windows\System\nmXYidV.exe
  2⤵
  PID:13508
- C:\Windows\System\gZInklZ.exe
  C:\Windows\System\gZInklZ.exe
  2⤵
  PID:13776
- C:\Windows\System\tTFCNbr.exe
  C:\Windows\System\tTFCNbr.exe
  2⤵
  PID:13568
- C:\Windows\System\QkBHEsr.exe
  C:\Windows\System\QkBHEsr.exe
  2⤵
  PID:10932
- C:\Windows\System\WcOcOUM.exe
  C:\Windows\System\WcOcOUM.exe
  2⤵
  PID:13436

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SZ2TD4H5\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_de0n1ymy.myf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CFRRVNH.exe

Filesize
1.8MB

MD5
9d1b105f8afed209172c22cfa78f7e7b

SHA1
7b8f523a30ce3fc5146c31d5083bfae0cb0a2a0f

SHA256
0389ab37aa4be71ce25c787d3cf58708e0c7a87275a99e4fb39b77d9fdb1a940

SHA512
7d98138a85bf9b871248486b518ae7e0304ab955f8144ea7f270684efea4f0013296382520582db155d661bf093b1f8f3c15bf05177481a101a542aca830a241

Download Submit
C:\Windows\System\CNxBDHk.exe

Filesize
1.8MB

MD5
ea6102ebcd30e10e9259456b8f17ca14

SHA1
f06e469548a92c393e2a73f8d32c7486cef0e55f

SHA256
405bce71626981757ec70e4bb7beff3a21600f91ce4d17ac035a88a00115f5d6

SHA512
1d5532dd7535ed32e7ce022f3158375eee1299af4f5556abb080e831d998d3f28da1df53e9ec6fcc38ce2b868f09dde29b784343ad1e6d4bb11a71662ca2b87a

Download Submit
C:\Windows\System\EQOznFC.exe

Filesize
1.8MB

MD5
c70137b03e9231181cc95832e998361e

SHA1
a11714f462bb91c271de57e9a16605faad599422

SHA256
1c03db07bde11748cc425d78aa6f1634be1cf4eaf9ca833b6f89cea203330def

SHA512
88e06bf3c2a823c8cc8f5e2d6e9c07dbda4a39ab9f019dba8949a8171ea6e56e19693bb6844831e0b82809f7dc326dd32ac632b4d60285bcd3a7135d13ed9e19

Download Submit
C:\Windows\System\Gvxfryl.exe

Filesize
1.8MB

MD5
c203b859c1a30c0c72b1c9d7b7cf2e90

SHA1
ab0e1882a36a25e3f2fb7cf04554fe342a881e83

SHA256
8a7098dbf700acdbd8a42a3d1bcf0f3be1b63858340a1abf300119c43f3d9205

SHA512
d0bfcbf00fa1716650f35bfd9e0c25f2adae6edae37cb766f7241748d12700b6c46b03d8746a6f249942a5382d22ea5a285fdee944f0148ece553a970d01c5c6

Download Submit
C:\Windows\System\HKzWcid.exe

Filesize
1.8MB

MD5
0406b62c5adc1c2b7578338d7d732a95

SHA1
316aa60a9c7574714bcffa3d4c3d8d9732000162

SHA256
9d54ee3b055b521eb5199a7dc6a7a06049f87b5b49f2aadc8d90249870ef16cb

SHA512
05b196066cbc5fbbb6938e2b691b82fd0980bce42de4f5d692295a272c9b97729476560f40ec0839f778b7dc5485e0969ac725754785c7a875dedf47849f4c82

Download Submit
C:\Windows\System\KjBQYqT.exe

Filesize
8B

MD5
3277aa72bb7d7f1eb1043502fbd1c406

SHA1
8712dca2f3fbc82bf0cbbeecdc5d6a26c87f443c

SHA256
e94b62f30c9ce8b0b5cea14d4367a52fe08005d1bd56ca932a1fd7fc15c61bc9

SHA512
9fb0369549dba8937fb796cbc4ade6bacf540f10f98e02675f1b04c615cbb49e396cdbd25cd29de56c7bfb889c8464199939a84fa31434a75c020caeb4f9f503

Download Submit
C:\Windows\System\LFZMFwh.exe

Filesize
1.8MB

MD5
e5cf3295e2913e1f7942935d8d7b9d83

SHA1
5aa4bf0fdb3acad4b1a894aa474b3d795738621b

SHA256
a83b8ac8364be29e348c5b394a95186a5c972c6b29f4dde678cd7c6a77367cbf

SHA512
3c7eeb3803ac9c973ad0caada3fb8a78d90c882b5d4df90ae6698abba3dd0d817a78b52434079acb965624ad2d9f7e02d4ffc66a747ced4179476f5e4d7b34b2

Download Submit
C:\Windows\System\MCrQHYf.exe

Filesize
1.8MB

MD5
bf9d1d889f7c59865f09f847831651ee

SHA1
9754f7eb4c4a0f9142aa71d8ea7196db88eb70b8

SHA256
d3908d680c555bc28ea0e71a725fae0745da80d66c0aa50ba8b0fe4c05aaed86

SHA512
9b65ae54a76ec5f5616f79e3792373745ed6f7485608d067bd680078c8baaedf49f06edc1da60ea80487ef6cb49bdc80e9495d2b26a5fd1b2d5263661b19167d

Download Submit
C:\Windows\System\MpqaUjx.exe

Filesize
1.8MB

MD5
50e53ceef3f7a3f1b477f5cc5d7ada40

SHA1
65978f99200679eb5d7f7f506d4f6333240158d3

SHA256
2d7e26f934ba2418069fddcc7e8a9f51f3e43c4f904bef8d4a854ddd00261052

SHA512
67c4808e1f6c95fd0b080bb23b5a72d60a7ccca24f76b1f11bdedc663431d8afe97f637744caed9900e08f95a7712d7a5efce0b5779a847e117be1b95c9a6125

Download Submit
C:\Windows\System\MstfZZG.exe

Filesize
1.8MB

MD5
fc5b28a1f81f70dc0bcffa3f1c7ac156

SHA1
3946b27bcc08e6612d0b54562fb9e84f25661ca3

SHA256
564fb8ca2d51551d0802808fb26a25c307283b789f2b046f02ca707e0a6f2ebd

SHA512
aae0982609d0d3ee8a3775276df0ec46ad0b5c1f3fd1de82fa028b25f085ca245c3e26f51b8a964f695478e5d03f866a54923bf2576dc3efa1f8c0e114ec35f2

Download Submit
C:\Windows\System\NRoMmmO.exe

Filesize
1.8MB

MD5
e3a35d00ae780296bbe6611de39f3a1d

SHA1
bc29eb7c58721a6766545db5d73dcf600ebb77c3

SHA256
802278a98e20e386aad1b81fe7a4d31cbf0a7a5e984679f31c1a9001bc93ff06

SHA512
3cd62b3c670f8294fa9f1fa3c08092a7e0be684579aae9adee453b08d0bbd9bf7c1fddce3eaab379709139f9c36442e1ef9180cfec8fed3bb24164a5938d5aa8

Download Submit
C:\Windows\System\PykUJSF.exe

Filesize
1.8MB

MD5
a347bf34b74d489373125f34b3210682

SHA1
b2b6510af45a929de21050ccceb5dae05bd70687

SHA256
92728dc7433034c6a0fe6fe85380db652dff0b59b9beb69823b58a44ea5e2c56

SHA512
cef5263fb02429f3507f6fedf29322116aa8dade47c8b713daed222ba1ecef54a3b2692861974f5fc5ce7a6109353db06c223f599265527acc39d41efe4ad390

Download Submit
C:\Windows\System\RDqNBoV.exe

Filesize
1.8MB

MD5
506fb0ad3001f3a784686e74c4cbb090

SHA1
6dd0f997a0e0aebdc70abdcc3a6708939bc1fabc

SHA256
b2165fac3582af594901647f75040f5c09eca2dfefe914346f9a363cc70732db

SHA512
80fa0c0d5457a2724cffe4f4147318944adb61c9c882adf4dbdcebb83aed7c444a5707104c98ee7cf4d3f7b56ce0524066d9596b63a451e4abab4d05afb48fa2

Download Submit
C:\Windows\System\UDAHwDb.exe

Filesize
1.8MB

MD5
53d2548e478361f8afee6635ee0b7ea8

SHA1
8e08d193415a648d74d8a9fb957156070bc09fd3

SHA256
c412b216d83177ac19213bce39fbe293bd5e5439a54bc3e7943d17848edb8ec7

SHA512
cca61d9ac1544bc1cd7ba2c51a085afe9bc7c3fb93f99279a8bdcd2f21e63d8e8e9a23d226d9268bf2229a20de513abae72c5c6195d5343cfcd63bbec4ef2edc

Download Submit
C:\Windows\System\VYwxRny.exe

Filesize
1.8MB

MD5
b50d62fa85e8e87b316f1e5bceeed4ce

SHA1
43a3a23624bd2a6cf930c4e7bb1a2150270108f0

SHA256
2749a78f41bfb1b8263b791e6493258004638bd8a8230f20edc64c0cdc2d493e

SHA512
c35443689f387221ced130bd32a026d5da52cd63d6aa6fb598cad44084a7346056c493a522cfd0f7ae3bc421ad624a48428a44c21e13de1611875e234aa05a8b

Download Submit
C:\Windows\System\VaUBfXT.exe

Filesize
1.8MB

MD5
79a2eba07e37a76415934d97bcdbf1de

SHA1
422e83ced7536f0c167cf325a6fdfd044a2b604e

SHA256
b69ef471603e6581cff8feb41d06f30e31ad4ad7a863917571a150087e75cdda

SHA512
27c82a4e336ee80026e6849ebe0c2fc76e3ff57b721196f869b4a192163a59165c02cde9177d28edcd9b59e588588165dfca4212c20b847ec7fd75e004de4f3b

Download Submit
C:\Windows\System\VecZpwU.exe

Filesize
1.8MB

MD5
5049139e1c4e02d014780bbdb1ed587c

SHA1
f3823ea808019e151bb474b809d098dbdc34f1b4

SHA256
9bd9396d62d92d2c98330bf69e20bdcf0928412edaf87c92e90d8bb9658d0ddf

SHA512
69567127c85d2988f1c2d5ad886df8f79fdd7d8d92ada346baa3e00c14c0fbd24062aebabebeb1368a6eea4c859c06ea81c63b1016e71306e1395be39313101c

Download Submit
C:\Windows\System\WlKslHK.exe

Filesize
1.8MB

MD5
56ea1a1b95dbe039bef1a7b3dc662be7

SHA1
20871b862adff07d90441d947b241003742e249c

SHA256
9ef1866153053a690c149d41224f946413252f8e69ae752f189c69f3428edf5d

SHA512
cd0ccd28805074129ae4bbecff6b932861818164914c75d5bed3289ece10155ffe55a9ea2c107baa02f2d21d07b067cfffbf122f64febd870dabec2ec75a35cf

Download Submit
C:\Windows\System\XFedfXx.exe

Filesize
1.8MB

MD5
2daf4144629060bb7d6c52ecd490da75

SHA1
dc5ca098c0767fdb99413f6cbf1a64bd8bbedc3f

SHA256
da8f01290d4638e3d194061b71dbf308ceac4fa5eb25733be149b866adc7136a

SHA512
0273f7f4f4767b47f3671de9f4b4e50d30e989d9d26f6e7a7741fc66590c24e05bbf08203d7715ece5d6df203b107aca14ec010246571a16e9332d3b2b784f4d

Download Submit
C:\Windows\System\XGtQUwT.exe

Filesize
1.8MB

MD5
fd96b03cf9ade0b91b88504a88b4438c

SHA1
c4eda8deecb3833e5f2ea7258cf084eb3857e5f8

SHA256
fbafa5e141c6e31b3a4802109f5c42e56a114fada7ce577c9d5ea84492d34100

SHA512
469b85b1472224c447340cc1f6d0330f679555269babc7145178655e25575c610bfef1c1800d27e3a6ec4334a31f21b39969223b0db6b1cfbacb60e435786714

Download Submit
C:\Windows\System\XeFthLy.exe

Filesize
1.8MB

MD5
69f3eda77a97c2350441e7e6024f1d83

SHA1
80652199755d740356945536f5e831e1dbb3db44

SHA256
9608b0272647604429df233d83c012f560e68eabc09cd6499f5d20670184e46c

SHA512
21051ed36dc15252db23cfff12ae0bd46603a2a347840cdfa6305fbe6c5d11d54ba6a05b1719d3a46d81867d9298878f021beef9d3aac01f421873f7f4140931

Download Submit
C:\Windows\System\ZaTRpNi.exe

Filesize
1.8MB

MD5
5ab1326d8b3db051bbfed9e41a33b9ae

SHA1
bf55227c4d97da5f592035bc817a54cf5d2906f6

SHA256
5696479ca2b4b14aabfd865e367be783982637142267db500197fb53bf613588

SHA512
0703331f72845d09b258f91b4cc776567f9a24ae9f15cbc04d689aafc362118b5800f916321f51f211307fce8575eaa62a19a44fd856627fe0737748a6858761

Download Submit
C:\Windows\System\bmTSJzD.exe

Filesize
1.8MB

MD5
bbe8c60a8bab28db4f4447d808cdf3da

SHA1
898c3283a764784b7ad4890adfeb387399f1ed7d

SHA256
2adce99aaf31149c13cb9c09b7af3a155ebb58aad6284b517c7c1cd255309582

SHA512
a509e85e4e8e5a6db5cfb202ee9205ab91a9d159502e03212fc6723e0f46f91bf3dc2f68675ced93b7fcf14661cb84734f89f998a68fba276aa9ad85918cda98

Download Submit
C:\Windows\System\ejZdkkF.exe

Filesize
1.8MB

MD5
98b03713100c9631d426f2f64bdedda8

SHA1
9459c08016cf52d00488cdb97c76f4ea08d8faef

SHA256
a11c8b52ecb2f3c2a87a491216ad7855927fd31bfa7ea781ff5f3fa206dce033

SHA512
890d2826a4e7b502a95c5f2478d445df28855a2bae9e0262a12c55bdf50b18bb0fb4d3edd528a687f56058cb37a8b10debeae0328da69d3f0eabedb5212557e1

Download Submit
C:\Windows\System\fCbVLYU.exe

Filesize
1.8MB

MD5
81b31e4bbd78d53d46bccbcbec91120b

SHA1
9eabdc3bbd2c82829fbacac07fd49c764dd7d7c9

SHA256
e3aea306b580eebbdd8602c20f1a878a2c7b449f3579464f4f3659ced029881c

SHA512
abafabc86264e117837a8e3147768cd7afea3678a92356b17d8d8bb414a7195d988885c8418db3d13cfa7d98461888d9f76abbf9d1e240f69eeeedd6c7fc50ae

Download Submit
C:\Windows\System\gljSfzU.exe

Filesize
1.8MB

MD5
b9b206febf4ff848fcd62d23c8264607

SHA1
4c576f7a64fdec4c4190f6b44fa9db491cae2f1b

SHA256
6560b3439b19cdaf6045b97f7d09648f1782ac1f4adf5fa136f2d192b049f5b6

SHA512
cd57271508fa1b3342e1ccd61456661098b3d5a6b77777f9106ae386105449cc236e712a3b468598d8bafda57bdece90e2d9af4e780ca0ac5987d0a46bc9c90f

Download Submit
C:\Windows\System\hkeWuVm.exe

Filesize
1.8MB

MD5
0157d06775a011bcdb7fbbc34b7a50ac

SHA1
a983ecf38c0de817c8b27b99b3462a92e5cc8b8c

SHA256
3a7474343f4872a11ce0eff73a0bf47985556078d6a38290ee0d59f037c6b14c

SHA512
d1c44990648a838af01639435eb93dac8b0430273e612f6e197e0a172aed32d4e4deeaa31a534f4147a647ec09dafdf4f7766a733e63a347308cba720ea5d9e6

Download Submit
C:\Windows\System\insaCvy.exe

Filesize
1.8MB

MD5
4d6ad978784af0bc751ea4001833f3fb

SHA1
1e74258b040a08abdaa477778b0f4e5e9164244d

SHA256
2cb31d60f20f12fd394188caf1dfa239b09f5a4490e77097e45403704579a026

SHA512
f1861ccf1901cb4d3230744d8d81b43fd2b39e5b3a6f6acd8e3b6b9054f29c6ef5a69ad618c203959e049e1f090018acb146be81056582d1adf79c0f9c3fd8d9

Download Submit
C:\Windows\System\jmRTvff.exe

Filesize
1.8MB

MD5
2f741fbd79355511ea326ad0a1d853f2

SHA1
289803a9e2da5530e421e9778b9951427cd52464

SHA256
f3d5a96af4d3ef58367cf8841bd7315101dbb49bb1376f85f89e678a41ae5992

SHA512
56150f3bf22eb326fc774831e8eca24c9a96e8037271b1aa34adb7a19095540d366b1a59c4ea6bda03ecf5a43e56fb63df6c3287f02703c22c148c4515b8fd88

Download Submit
C:\Windows\System\mpkUOtM.exe

Filesize
1.8MB

MD5
50d8a616465d790cc035f91bba8dcada

SHA1
4d9e1d2827584ad72e7df121b05e66c8bedc5bf6

SHA256
f7d04d7bca697080fb7ab16fc74f86b4e3fa798e317b937e7fae1df611603def

SHA512
4f3942876dc0d7ed87aa58d8aecf7710e84ddf6bc9c0a8a5a9202c11f88d8a0a854118083644f034c6bd8e28d629bc4247f1a632b451fcae05ddaac33c14229e

Download Submit
C:\Windows\System\nUBigOn.exe

Filesize
1.8MB

MD5
a54ad2b4bd6cbb565c6ee688bac745ee

SHA1
fdea31219db6e3ff24269f908d1a6d920db1e6a2

SHA256
0d0cf9ed5b5008dccb24d05636c9d6fe35a4bdc9084a777c32487b81961864eb

SHA512
7b0542933de6bdd079e02edb335c4b1849e733b7948583e19917abdec11437325c2ca3ec736d9a1d95b568b6f44bfb3b0e96d2c79b083d9f5301df080440753b

Download Submit
C:\Windows\System\rXVuMne.exe

Filesize
1.8MB

MD5
31b14a0e297d5aa9324f5d48620f08b0

SHA1
91af7cdc56f95e87a227551699574ba1bcde695e

SHA256
5dc6a8bffe74c3c130cda70b1f3ba1f67256e79226e089d5b5e0ab6837edc0cc

SHA512
b458ce36df3e257017e9498cd5f54068e812956811e053adf773c9a1820f09c1270fe46517da6463f33388ebe9cd8807887c9c1670b768bf751b0f955eb296d9

Download Submit
C:\Windows\System\uFuhojU.exe

Filesize
1.8MB

MD5
c2eda0900088c9f7abd3af1c3767ae4b

SHA1
65debf411798cccb83ed7b3d200741f9aca3999f

SHA256
18c652ce0f548a872b7aca1a8d0f21be4b450c787e107dae937d4c71f1a46b1f

SHA512
586e8845dd57178a72f2ffec785bd4da6df09fe3312ac89ce44752878491f4b34a3f81abd9609f2d3152bac1bfd8a54528757f738e74657745a404b0af31d114

Download Submit
C:\Windows\System\xBcstKC.exe

Filesize
1.8MB

MD5
adeec8da20ac048a3de5c5d82fb4bf23

SHA1
645fcfc56f1803f7d5a79c6cef1ff6038d3c35ca

SHA256
1c3a447e0d2eae4bda589aa1f9f843d198d1848e9220b02787b231de5f7da79b

SHA512
c29062310f05325285276cc9e9c9d53266fe262fd0c3d0076bc4be6b8b743828fecb04a34c9d077993337e776ef93a62c8c8e196e0305ee4b8b08248b1b3debf

Download Submit
C:\Windows\System\xnMCfwU.exe

Filesize
1.8MB

MD5
715e009f92984c70aa43c531aaebdeac

SHA1
d6bdd67692ecc588bf28273815cc46f73e56f297

SHA256
48245dcedfb3ec3e5ae1e1156b07d612e91bb759870cf731ca6c1517df03ba13

SHA512
d99a3b70f7fd0a38cdb62d63a3b7f95d3c4708c9547283a825cc5fb7835081f3a40358dbb59e25cad04a3426f744854fdc7e4f5f0366f39f7a92435572a98a44

Download Submit
C:\Windows\System\yZlxhQs.exe

Filesize
1.8MB

MD5
457dc21b96b03ef4133d1e0376c0bb98

SHA1
440092909d2a5bf29ac48c669a5709e5dcee92ad

SHA256
f7f95f01a4c9c1251d87b7b79e93f819e88000976654a9eacbbaeacddc43beba

SHA512
b65d4aaf6ecac0c0c3c140827ec181b560d7f2e359e4092c6f5b5b04ed26c356af3f63ceceef8f5a1db7e5ea92a1644dcdcc2060ff85dfdef45fe98dd386c8f6

Download Submit
memory/996-3333-0x00007FF684290000-0x00007FF684682000-memory.dmp

Filesize
3.9MB

Download
memory/996-281-0x00007FF684290000-0x00007FF684682000-memory.dmp

Filesize
3.9MB

Download
memory/1348-0-0x00007FF7A7030000-0x00007FF7A7422000-memory.dmp

Filesize
3.9MB

Download
memory/1348-3230-0x00007FF7A7030000-0x00007FF7A7422000-memory.dmp

Filesize
3.9MB

Download
memory/1348-1-0x0000029BC8D20000-0x0000029BC8D30000-memory.dmp

Filesize
64KB

Download
memory/1476-275-0x00007FF620540000-0x00007FF620932000-memory.dmp

Filesize
3.9MB

Download
memory/1476-3328-0x00007FF620540000-0x00007FF620932000-memory.dmp

Filesize
3.9MB

Download
memory/1872-3300-0x00007FF70E110000-0x00007FF70E502000-memory.dmp

Filesize
3.9MB

Download
memory/1872-283-0x00007FF70E110000-0x00007FF70E502000-memory.dmp

Filesize
3.9MB

Download
memory/2252-285-0x00007FF629EA0000-0x00007FF62A292000-memory.dmp

Filesize
3.9MB

Download
memory/2252-3324-0x00007FF629EA0000-0x00007FF62A292000-memory.dmp

Filesize
3.9MB

Download
memory/2464-282-0x00007FF784580000-0x00007FF784972000-memory.dmp

Filesize
3.9MB

Download
memory/2464-3337-0x00007FF784580000-0x00007FF784972000-memory.dmp

Filesize
3.9MB

Download
memory/2852-3296-0x00007FF639590000-0x00007FF639982000-memory.dmp

Filesize
3.9MB

Download
memory/2852-23-0x00007FF639590000-0x00007FF639982000-memory.dmp

Filesize
3.9MB

Download
memory/3044-3310-0x00007FF63C250000-0x00007FF63C642000-memory.dmp

Filesize
3.9MB

Download
memory/3044-241-0x00007FF63C250000-0x00007FF63C642000-memory.dmp

Filesize
3.9MB

Download
memory/3124-212-0x00007FF6FFE70000-0x00007FF700262000-memory.dmp

Filesize
3.9MB

Download
memory/3124-3308-0x00007FF6FFE70000-0x00007FF700262000-memory.dmp

Filesize
3.9MB

Download
memory/3348-136-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp

Filesize
3.9MB

Download
memory/3348-3298-0x00007FF79BF90000-0x00007FF79C382000-memory.dmp

Filesize
3.9MB

Download
memory/3804-3314-0x00007FF701E50000-0x00007FF702242000-memory.dmp

Filesize
3.9MB

Download
memory/3804-276-0x00007FF701E50000-0x00007FF702242000-memory.dmp

Filesize
3.9MB

Download
memory/3852-253-0x00007FF7F6970000-0x00007FF7F6D62000-memory.dmp

Filesize
3.9MB

Download
memory/3852-3320-0x00007FF7F6970000-0x00007FF7F6D62000-memory.dmp

Filesize
3.9MB

Download
memory/3932-3304-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp

Filesize
3.9MB

Download
memory/3932-117-0x00007FF6A1240000-0x00007FF6A1632000-memory.dmp

Filesize
3.9MB

Download
memory/3968-238-0x00007FF7BFE60000-0x00007FF7C0252000-memory.dmp

Filesize
3.9MB

Download
memory/3968-3316-0x00007FF7BFE60000-0x00007FF7C0252000-memory.dmp

Filesize
3.9MB

Download
memory/3984-3330-0x00007FF67FCB0000-0x00007FF6800A2000-memory.dmp

Filesize
3.9MB

Download
memory/3984-280-0x00007FF67FCB0000-0x00007FF6800A2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-3339-0x00007FF737DF0000-0x00007FF7381E2000-memory.dmp

Filesize
3.9MB

Download
memory/4116-278-0x00007FF737DF0000-0x00007FF7381E2000-memory.dmp

Filesize
3.9MB

Download
memory/4340-80-0x00007FFD04870000-0x00007FFD05331000-memory.dmp

Filesize
10.8MB

Download
memory/4340-223-0x000001A66BF90000-0x000001A66BFB2000-memory.dmp

Filesize
136KB

Download
memory/4340-286-0x000001A66CAD0000-0x000001A66D276000-memory.dmp

Filesize
7.6MB

Download
memory/4340-3567-0x00007FFD04870000-0x00007FFD05331000-memory.dmp

Filesize
10.8MB

Download
memory/4340-83-0x000001A66B9E0000-0x000001A66B9F0000-memory.dmp

Filesize
64KB

Download
memory/4400-3306-0x00007FF708C90000-0x00007FF709082000-memory.dmp

Filesize
3.9MB

Download
memory/4400-170-0x00007FF708C90000-0x00007FF709082000-memory.dmp

Filesize
3.9MB

Download
memory/4568-3302-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp

Filesize
3.9MB

Download
memory/4568-284-0x00007FF6DA980000-0x00007FF6DAD72000-memory.dmp

Filesize
3.9MB

Download
memory/4928-277-0x00007FF73B8E0000-0x00007FF73BCD2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-3326-0x00007FF73B8E0000-0x00007FF73BCD2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-3318-0x00007FF7C0600000-0x00007FF7C09F2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-257-0x00007FF7C0600000-0x00007FF7C09F2000-memory.dmp

Filesize
3.9MB

Download
memory/5048-3312-0x00007FF67D0A0000-0x00007FF67D492000-memory.dmp

Filesize
3.9MB

Download
memory/5048-189-0x00007FF67D0A0000-0x00007FF67D492000-memory.dmp

Filesize
3.9MB

Download
memory/5076-3322-0x00007FF69F7E0000-0x00007FF69FBD2000-memory.dmp

Filesize
3.9MB

Download
memory/5076-264-0x00007FF69F7E0000-0x00007FF69FBD2000-memory.dmp

Filesize
3.9MB

Download