xmrig | bf37db301b28e2d123b435a1a1fa892b9c7f4026be4ac52a5e15feb847779a95

Analysis

max time kernel
18s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 14:26

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
Size

1.5MB
MD5

00f857b864f1cce2796488e4951cd5c8
SHA1

d729c0d654034757e97bb330f3865d46fd5ff673
SHA256

bf37db301b28e2d123b435a1a1fa892b9c7f4026be4ac52a5e15feb847779a95
SHA512

cf02543c922a614657ff151b5b96d784d8332f000a2b88d80df4e073cd30b9351d7fee50ed179dfb3443d8e3ae6b4c1364079ab64a265bdb6533622516b6609e
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82S7z:NABy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 19 IoCs

miner

resource	yara_rule
behavioral2/memory/5044-86-0x00007FF6B6640000-0x00007FF6B6A32000-memory.dmp	xmrig
behavioral2/memory/2128-90-0x00007FF62A280000-0x00007FF62A672000-memory.dmp	xmrig
behavioral2/memory/1124-95-0x00007FF6AD070000-0x00007FF6AD462000-memory.dmp	xmrig
behavioral2/memory/1180-378-0x00007FF78A500000-0x00007FF78A8F2000-memory.dmp	xmrig
behavioral2/memory/1684-377-0x00007FF61EED0000-0x00007FF61F2C2000-memory.dmp	xmrig
behavioral2/memory/3204-166-0x00007FF638680000-0x00007FF638A72000-memory.dmp	xmrig
behavioral2/memory/5112-155-0x00007FF603A60000-0x00007FF603E52000-memory.dmp	xmrig
behavioral2/memory/2012-149-0x00007FF62B1D0000-0x00007FF62B5C2000-memory.dmp	xmrig
behavioral2/memory/4024-148-0x00007FF7343B0000-0x00007FF7347A2000-memory.dmp	xmrig
behavioral2/memory/4716-144-0x00007FF6AE2D0000-0x00007FF6AE6C2000-memory.dmp	xmrig
behavioral2/memory/2324-139-0x00007FF6A1CE0000-0x00007FF6A20D2000-memory.dmp	xmrig
behavioral2/memory/4848-134-0x00007FF71AD40000-0x00007FF71B132000-memory.dmp	xmrig
behavioral2/memory/3896-118-0x00007FF6D5AB0000-0x00007FF6D5EA2000-memory.dmp	xmrig
behavioral2/memory/1916-117-0x00007FF7F45E0000-0x00007FF7F49D2000-memory.dmp	xmrig
behavioral2/memory/3252-112-0x00007FF628650000-0x00007FF628A42000-memory.dmp	xmrig
behavioral2/memory/4864-103-0x00007FF6ED950000-0x00007FF6EDD42000-memory.dmp	xmrig
behavioral2/memory/3892-94-0x00007FF6F0F30000-0x00007FF6F1322000-memory.dmp	xmrig
behavioral2/memory/2796-78-0x00007FF7AF230000-0x00007FF7AF622000-memory.dmp	xmrig
behavioral2/memory/1956-57-0x00007FF71AA10000-0x00007FF71AE02000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
7	4428	powershell.exe
11	4428	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4400	zMCgkCd.exe
4716	sSTvGSM.exe
1956	ZncXPtm.exe
2796	ohVnnzZ.exe
5044	wmdKDmI.exe
2128	PcgVjyN.exe
3892	muMAimq.exe
1124	AuqNuUn.exe
4864	FtUfWnb.exe
3252	haZUhWW.exe
1916	pAILsrm.exe
3896	zaHnDSW.exe
4024	FyJYGhW.exe
4848	QcjWIps.exe
2012	bOHdjhK.exe
5112	PcVDRcU.exe
3204	MXvKuGC.exe
1684	hNpGvom.exe
2324	hwExjGs.exe
1180	rvylVaO.exe
1860	gYkDQRd.exe
2224	mNgKuxl.exe
5100	RqftGwY.exe
884	RGAOoqQ.exe
3704	iXGfTku.exe
4440	BVUUHVw.exe
2136	rXRpCQF.exe
2592	KetXvUD.exe
2356	FajirtK.exe
3000	vaqpfIs.exe
2308	rcyxdfa.exe
1588	CSwVBpB.exe
1176	hpbOakH.exe
4712	TYCBEph.exe
1696	WqfrFFu.exe
212	xORYhCx.exe
4232	buOXeGG.exe
4388	LEnEykE.exe
1848	YwgpKxt.exe
1964	wAcmBrl.exe
3536	odbnRzB.exe
2436	Kfrhjzg.exe
3980	NoWDiDq.exe
4616	PMwTojB.exe
4132	sOeMpQB.exe
2920	WZVCDFE.exe
2528	shHGndb.exe
3880	bgcywQz.exe
1132	ibtMObJ.exe
3440	DStHmlF.exe
2104	tsNBwMX.exe
2740	rXQHPOE.exe
3380	XPADWNq.exe
3564	zHEZYeN.exe
3736	WkbQQyX.exe
3996	MLPfhSL.exe
2556	BPOKWSd.exe
1856	xYlUfZI.exe
4012	iOVnhrn.exe
2560	LghaQPp.exe
1240	PaqePIO.exe
668	MSkaHgY.exe
5132	JtgvEJd.exe
5160	DplnbOX.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/532-0-0x00007FF6D1010000-0x00007FF6D1402000-memory.dmp	upx
behavioral2/files/0x000d0000000233a4-5.dat	upx
behavioral2/files/0x00070000000233ec-14.dat	upx
behavioral2/files/0x00070000000233ee-20.dat	upx
behavioral2/files/0x000300000001e97c-29.dat	upx
behavioral2/memory/5044-86-0x00007FF6B6640000-0x00007FF6B6A32000-memory.dmp	upx
behavioral2/memory/2128-90-0x00007FF62A280000-0x00007FF62A672000-memory.dmp	upx
behavioral2/memory/1124-95-0x00007FF6AD070000-0x00007FF6AD462000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-122.dat	upx
behavioral2/files/0x0007000000023401-145.dat	upx
behavioral2/files/0x00070000000233ff-153.dat	upx
behavioral2/files/0x0007000000023404-177.dat	upx
behavioral2/memory/1180-378-0x00007FF78A500000-0x00007FF78A8F2000-memory.dmp	upx
behavioral2/memory/1684-377-0x00007FF61EED0000-0x00007FF61F2C2000-memory.dmp	upx
behavioral2/files/0x0007000000023409-194.dat	upx
behavioral2/files/0x0007000000023407-192.dat	upx
behavioral2/files/0x0007000000023408-189.dat	upx
behavioral2/files/0x0007000000023406-187.dat	upx
behavioral2/files/0x0007000000023405-182.dat	upx
behavioral2/files/0x0007000000023402-175.dat	upx
behavioral2/files/0x0007000000023403-170.dat	upx
behavioral2/memory/3204-166-0x00007FF638680000-0x00007FF638A72000-memory.dmp	upx
behavioral2/files/0x0007000000023400-161.dat	upx
behavioral2/files/0x00080000000233e9-159.dat	upx
behavioral2/memory/5112-155-0x00007FF603A60000-0x00007FF603E52000-memory.dmp	upx
behavioral2/memory/2012-149-0x00007FF62B1D0000-0x00007FF62B5C2000-memory.dmp	upx
behavioral2/memory/4024-148-0x00007FF7343B0000-0x00007FF7347A2000-memory.dmp	upx
behavioral2/memory/4716-144-0x00007FF6AE2D0000-0x00007FF6AE6C2000-memory.dmp	upx
behavioral2/memory/1860-140-0x00007FF72FF30000-0x00007FF730322000-memory.dmp	upx
behavioral2/memory/2324-139-0x00007FF6A1CE0000-0x00007FF6A20D2000-memory.dmp	upx
behavioral2/memory/4848-134-0x00007FF71AD40000-0x00007FF71B132000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-129.dat	upx
behavioral2/files/0x00080000000233f8-125.dat	upx
behavioral2/files/0x00070000000233fc-123.dat	upx
behavioral2/memory/3896-118-0x00007FF6D5AB0000-0x00007FF6D5EA2000-memory.dmp	upx
behavioral2/memory/1916-117-0x00007FF7F45E0000-0x00007FF7F49D2000-memory.dmp	upx
behavioral2/memory/3252-112-0x00007FF628650000-0x00007FF628A42000-memory.dmp	upx
behavioral2/files/0x00080000000233f9-105.dat	upx
behavioral2/memory/4864-103-0x00007FF6ED950000-0x00007FF6EDD42000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-99.dat	upx
behavioral2/memory/3892-94-0x00007FF6F0F30000-0x00007FF6F1322000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-100.dat	upx
behavioral2/files/0x00070000000233f6-92.dat	upx
behavioral2/files/0x00070000000233fa-97.dat	upx
behavioral2/files/0x00070000000233f5-80.dat	upx
behavioral2/memory/2796-78-0x00007FF7AF230000-0x00007FF7AF622000-memory.dmp	upx
behavioral2/files/0x00070000000233f4-64.dat	upx
behavioral2/files/0x00070000000233f3-62.dat	upx
behavioral2/files/0x00070000000233f2-60.dat	upx
behavioral2/memory/1956-57-0x00007FF71AA10000-0x00007FF71AE02000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-56.dat	upx
behavioral2/files/0x00070000000233f0-47.dat	upx
behavioral2/files/0x00070000000233ef-38.dat	upx
behavioral2/files/0x00070000000233ed-26.dat	upx
behavioral2/memory/4400-12-0x00007FF7C1C20000-0x00007FF7C2012000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NwdYmay.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\RGCfaSz.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\WAhgtVg.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\qCFWwug.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\EkxHeWf.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\QaXbdLb.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\KtrDrop.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ynXJrGZ.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\blbtXar.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\wlQdYYc.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\GkOqfoy.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ZAolCxg.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\CAvEDDe.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\IBZFmCx.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\sdeBfQs.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\kxCsQqb.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\eZbSaWu.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\buRTjMA.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\rfsbdQi.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\MXvKuGC.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ELqnNbI.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\zIcMXHo.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\LgHJBtj.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\tsNBwMX.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\uKoUFAn.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\klFJehs.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\CmoByEA.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ZjyJNcw.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\WkbQQyX.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\oiskCCv.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\fYyeQbW.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\yuJcYxi.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\FGkeSOc.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\Qpejnls.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\OPDgUYt.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\JyIueIl.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\OfmrvkY.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\PbXjAjB.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\BHiHCxu.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\fWfKJVj.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\YVcbSai.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\FlaJpXC.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\aPDkHWZ.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\xdeHCIw.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\FwDUdUe.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\TXOLfUv.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\DgZokQp.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\aqxRomK.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\gehGbfA.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\gwZQGOH.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\GRPaBUt.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ElUstYk.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\DPaZfyw.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\sYibuLq.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\wOAnTSA.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\AFmaTGJ.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\RFxVKHw.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\SVQQUcO.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\fRBBAGc.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\vNhTnBI.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\dWRjCkB.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\NxmnIGg.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\giDajCg.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
File created	C:\Windows\System\ydihwxm.exe	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4428	powershell.exe
4428	powershell.exe
4428	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
Token: SeDebugPrivilege	4428	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 4428	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	87
PID 532 wrote to memory of 4428	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	87
PID 532 wrote to memory of 4400	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	88
PID 532 wrote to memory of 4400	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	88
PID 532 wrote to memory of 4716	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	89
PID 532 wrote to memory of 4716	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	89
PID 532 wrote to memory of 1956	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	90
PID 532 wrote to memory of 1956	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	90
PID 532 wrote to memory of 2796	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	91
PID 532 wrote to memory of 2796	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	91
PID 532 wrote to memory of 5044	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	92
PID 532 wrote to memory of 5044	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	92
PID 532 wrote to memory of 2128	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	93
PID 532 wrote to memory of 2128	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	93
PID 532 wrote to memory of 3892	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	94
PID 532 wrote to memory of 3892	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	94
PID 532 wrote to memory of 1124	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	95
PID 532 wrote to memory of 1124	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	95
PID 532 wrote to memory of 4864	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	96
PID 532 wrote to memory of 4864	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	96
PID 532 wrote to memory of 3252	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	97
PID 532 wrote to memory of 3252	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	97
PID 532 wrote to memory of 1916	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	98
PID 532 wrote to memory of 1916	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	98
PID 532 wrote to memory of 3896	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	99
PID 532 wrote to memory of 3896	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	99
PID 532 wrote to memory of 4024	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	100
PID 532 wrote to memory of 4024	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	100
PID 532 wrote to memory of 4848	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	101
PID 532 wrote to memory of 4848	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	101
PID 532 wrote to memory of 2012	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	102
PID 532 wrote to memory of 2012	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	102
PID 532 wrote to memory of 5112	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	103
PID 532 wrote to memory of 5112	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	103
PID 532 wrote to memory of 3204	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	104
PID 532 wrote to memory of 3204	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	104
PID 532 wrote to memory of 1684	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	105
PID 532 wrote to memory of 1684	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	105
PID 532 wrote to memory of 2324	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	106
PID 532 wrote to memory of 2324	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	106
PID 532 wrote to memory of 1180	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	107
PID 532 wrote to memory of 1180	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	107
PID 532 wrote to memory of 1860	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	108
PID 532 wrote to memory of 1860	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	108
PID 532 wrote to memory of 2224	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	109
PID 532 wrote to memory of 2224	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	109
PID 532 wrote to memory of 5100	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	110
PID 532 wrote to memory of 5100	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	110
PID 532 wrote to memory of 884	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	111
PID 532 wrote to memory of 884	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	111
PID 532 wrote to memory of 3704	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	112
PID 532 wrote to memory of 3704	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	112
PID 532 wrote to memory of 4440	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	113
PID 532 wrote to memory of 4440	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	113
PID 532 wrote to memory of 2136	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	114
PID 532 wrote to memory of 2136	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	114
PID 532 wrote to memory of 2592	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	115
PID 532 wrote to memory of 2592	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	115
PID 532 wrote to memory of 2356	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	116
PID 532 wrote to memory of 2356	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	116
PID 532 wrote to memory of 3000	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	117
PID 532 wrote to memory of 3000	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	117
PID 532 wrote to memory of 2308	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	118
PID 532 wrote to memory of 2308	532	00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00f857b864f1cce2796488e4951cd5c8_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:532
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4428
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4428" "2984" "2904" "2988" "0" "0" "2992" "0" "0" "0" "0" "0"
    3⤵
    PID:13208
- C:\Windows\System\zMCgkCd.exe
  C:\Windows\System\zMCgkCd.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\sSTvGSM.exe
  C:\Windows\System\sSTvGSM.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\ZncXPtm.exe
  C:\Windows\System\ZncXPtm.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ohVnnzZ.exe
  C:\Windows\System\ohVnnzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\wmdKDmI.exe
  C:\Windows\System\wmdKDmI.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\PcgVjyN.exe
  C:\Windows\System\PcgVjyN.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\muMAimq.exe
  C:\Windows\System\muMAimq.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\AuqNuUn.exe
  C:\Windows\System\AuqNuUn.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\FtUfWnb.exe
  C:\Windows\System\FtUfWnb.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\haZUhWW.exe
  C:\Windows\System\haZUhWW.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\pAILsrm.exe
  C:\Windows\System\pAILsrm.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\zaHnDSW.exe
  C:\Windows\System\zaHnDSW.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\FyJYGhW.exe
  C:\Windows\System\FyJYGhW.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\QcjWIps.exe
  C:\Windows\System\QcjWIps.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\bOHdjhK.exe
  C:\Windows\System\bOHdjhK.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\PcVDRcU.exe
  C:\Windows\System\PcVDRcU.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\MXvKuGC.exe
  C:\Windows\System\MXvKuGC.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\hNpGvom.exe
  C:\Windows\System\hNpGvom.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\hwExjGs.exe
  C:\Windows\System\hwExjGs.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\rvylVaO.exe
  C:\Windows\System\rvylVaO.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\gYkDQRd.exe
  C:\Windows\System\gYkDQRd.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\mNgKuxl.exe
  C:\Windows\System\mNgKuxl.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\RqftGwY.exe
  C:\Windows\System\RqftGwY.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\RGAOoqQ.exe
  C:\Windows\System\RGAOoqQ.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\iXGfTku.exe
  C:\Windows\System\iXGfTku.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\BVUUHVw.exe
  C:\Windows\System\BVUUHVw.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\rXRpCQF.exe
  C:\Windows\System\rXRpCQF.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\KetXvUD.exe
  C:\Windows\System\KetXvUD.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\FajirtK.exe
  C:\Windows\System\FajirtK.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\vaqpfIs.exe
  C:\Windows\System\vaqpfIs.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\rcyxdfa.exe
  C:\Windows\System\rcyxdfa.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\CSwVBpB.exe
  C:\Windows\System\CSwVBpB.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\hpbOakH.exe
  C:\Windows\System\hpbOakH.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\TYCBEph.exe
  C:\Windows\System\TYCBEph.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\WqfrFFu.exe
  C:\Windows\System\WqfrFFu.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\xORYhCx.exe
  C:\Windows\System\xORYhCx.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\buOXeGG.exe
  C:\Windows\System\buOXeGG.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\LEnEykE.exe
  C:\Windows\System\LEnEykE.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\YwgpKxt.exe
  C:\Windows\System\YwgpKxt.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\wAcmBrl.exe
  C:\Windows\System\wAcmBrl.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\odbnRzB.exe
  C:\Windows\System\odbnRzB.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\Kfrhjzg.exe
  C:\Windows\System\Kfrhjzg.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\NoWDiDq.exe
  C:\Windows\System\NoWDiDq.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\PMwTojB.exe
  C:\Windows\System\PMwTojB.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\sOeMpQB.exe
  C:\Windows\System\sOeMpQB.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\WZVCDFE.exe
  C:\Windows\System\WZVCDFE.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\shHGndb.exe
  C:\Windows\System\shHGndb.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\bgcywQz.exe
  C:\Windows\System\bgcywQz.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\ibtMObJ.exe
  C:\Windows\System\ibtMObJ.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\DStHmlF.exe
  C:\Windows\System\DStHmlF.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\tsNBwMX.exe
  C:\Windows\System\tsNBwMX.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\rXQHPOE.exe
  C:\Windows\System\rXQHPOE.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\XPADWNq.exe
  C:\Windows\System\XPADWNq.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\zHEZYeN.exe
  C:\Windows\System\zHEZYeN.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\WkbQQyX.exe
  C:\Windows\System\WkbQQyX.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\MLPfhSL.exe
  C:\Windows\System\MLPfhSL.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\BPOKWSd.exe
  C:\Windows\System\BPOKWSd.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xYlUfZI.exe
  C:\Windows\System\xYlUfZI.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\iOVnhrn.exe
  C:\Windows\System\iOVnhrn.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\LghaQPp.exe
  C:\Windows\System\LghaQPp.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PaqePIO.exe
  C:\Windows\System\PaqePIO.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\MSkaHgY.exe
  C:\Windows\System\MSkaHgY.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\JtgvEJd.exe
  C:\Windows\System\JtgvEJd.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\DplnbOX.exe
  C:\Windows\System\DplnbOX.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\MYTpiBE.exe
  C:\Windows\System\MYTpiBE.exe
  2⤵
  PID:5192
- C:\Windows\System\BSojssv.exe
  C:\Windows\System\BSojssv.exe
  2⤵
  PID:5216
- C:\Windows\System\pJlTknz.exe
  C:\Windows\System\pJlTknz.exe
  2⤵
  PID:5248
- C:\Windows\System\RRkOZmx.exe
  C:\Windows\System\RRkOZmx.exe
  2⤵
  PID:5276
- C:\Windows\System\MtWHEDk.exe
  C:\Windows\System\MtWHEDk.exe
  2⤵
  PID:5324
- C:\Windows\System\KlsgAGS.exe
  C:\Windows\System\KlsgAGS.exe
  2⤵
  PID:5344
- C:\Windows\System\frGbYWT.exe
  C:\Windows\System\frGbYWT.exe
  2⤵
  PID:5368
- C:\Windows\System\RDoOqXZ.exe
  C:\Windows\System\RDoOqXZ.exe
  2⤵
  PID:5396
- C:\Windows\System\NjCSkgr.exe
  C:\Windows\System\NjCSkgr.exe
  2⤵
  PID:5424
- C:\Windows\System\aZPYBAy.exe
  C:\Windows\System\aZPYBAy.exe
  2⤵
  PID:5464
- C:\Windows\System\fHPKJoi.exe
  C:\Windows\System\fHPKJoi.exe
  2⤵
  PID:5488
- C:\Windows\System\geQnwrc.exe
  C:\Windows\System\geQnwrc.exe
  2⤵
  PID:5520
- C:\Windows\System\iWHYTUo.exe
  C:\Windows\System\iWHYTUo.exe
  2⤵
  PID:5548
- C:\Windows\System\MgzJJrF.exe
  C:\Windows\System\MgzJJrF.exe
  2⤵
  PID:5576
- C:\Windows\System\RPlcMOe.exe
  C:\Windows\System\RPlcMOe.exe
  2⤵
  PID:5608
- C:\Windows\System\cVonkcz.exe
  C:\Windows\System\cVonkcz.exe
  2⤵
  PID:5636
- C:\Windows\System\BCwaXyK.exe
  C:\Windows\System\BCwaXyK.exe
  2⤵
  PID:5664
- C:\Windows\System\WaTnJOu.exe
  C:\Windows\System\WaTnJOu.exe
  2⤵
  PID:5696
- C:\Windows\System\OSkLeqg.exe
  C:\Windows\System\OSkLeqg.exe
  2⤵
  PID:5720
- C:\Windows\System\SjPZxVg.exe
  C:\Windows\System\SjPZxVg.exe
  2⤵
  PID:5748
- C:\Windows\System\LrxFMlo.exe
  C:\Windows\System\LrxFMlo.exe
  2⤵
  PID:5772
- C:\Windows\System\EkxHeWf.exe
  C:\Windows\System\EkxHeWf.exe
  2⤵
  PID:5800
- C:\Windows\System\eXTdmSz.exe
  C:\Windows\System\eXTdmSz.exe
  2⤵
  PID:5828
- C:\Windows\System\uYvZoYL.exe
  C:\Windows\System\uYvZoYL.exe
  2⤵
  PID:5860
- C:\Windows\System\KIhReHg.exe
  C:\Windows\System\KIhReHg.exe
  2⤵
  PID:5888
- C:\Windows\System\nKESdbu.exe
  C:\Windows\System\nKESdbu.exe
  2⤵
  PID:5912
- C:\Windows\System\pVKSQxb.exe
  C:\Windows\System\pVKSQxb.exe
  2⤵
  PID:5940
- C:\Windows\System\rxwzNnb.exe
  C:\Windows\System\rxwzNnb.exe
  2⤵
  PID:5984
- C:\Windows\System\OPDgUYt.exe
  C:\Windows\System\OPDgUYt.exe
  2⤵
  PID:6024
- C:\Windows\System\uKoUFAn.exe
  C:\Windows\System\uKoUFAn.exe
  2⤵
  PID:6040
- C:\Windows\System\gfFXWwX.exe
  C:\Windows\System\gfFXWwX.exe
  2⤵
  PID:6060
- C:\Windows\System\pvCxHHA.exe
  C:\Windows\System\pvCxHHA.exe
  2⤵
  PID:6132
- C:\Windows\System\WJrjZft.exe
  C:\Windows\System\WJrjZft.exe
  2⤵
  PID:1576
- C:\Windows\System\uhzSUdM.exe
  C:\Windows\System\uhzSUdM.exe
  2⤵
  PID:5104
- C:\Windows\System\uMPjhzA.exe
  C:\Windows\System\uMPjhzA.exe
  2⤵
  PID:3660
- C:\Windows\System\TlGbNmQ.exe
  C:\Windows\System\TlGbNmQ.exe
  2⤵
  PID:2196
- C:\Windows\System\nTRTciJ.exe
  C:\Windows\System\nTRTciJ.exe
  2⤵
  PID:5144
- C:\Windows\System\mfCOYQE.exe
  C:\Windows\System\mfCOYQE.exe
  2⤵
  PID:5208
- C:\Windows\System\fevbsjv.exe
  C:\Windows\System\fevbsjv.exe
  2⤵
  PID:5268
- C:\Windows\System\OxOhIvb.exe
  C:\Windows\System\OxOhIvb.exe
  2⤵
  PID:5356
- C:\Windows\System\mjKUbyW.exe
  C:\Windows\System\mjKUbyW.exe
  2⤵
  PID:5452
- C:\Windows\System\DvUwUUq.exe
  C:\Windows\System\DvUwUUq.exe
  2⤵
  PID:5532
- C:\Windows\System\OmHQHON.exe
  C:\Windows\System\OmHQHON.exe
  2⤵
  PID:5592
- C:\Windows\System\OdOxlOZ.exe
  C:\Windows\System\OdOxlOZ.exe
  2⤵
  PID:5620
- C:\Windows\System\rKNdsQj.exe
  C:\Windows\System\rKNdsQj.exe
  2⤵
  PID:5676
- C:\Windows\System\gGSarJH.exe
  C:\Windows\System\gGSarJH.exe
  2⤵
  PID:5704
- C:\Windows\System\ykMRaur.exe
  C:\Windows\System\ykMRaur.exe
  2⤵
  PID:5764
- C:\Windows\System\DnkozTE.exe
  C:\Windows\System\DnkozTE.exe
  2⤵
  PID:4288
- C:\Windows\System\fxtARfM.exe
  C:\Windows\System\fxtARfM.exe
  2⤵
  PID:3048
- C:\Windows\System\hnHVWwp.exe
  C:\Windows\System\hnHVWwp.exe
  2⤵
  PID:5872
- C:\Windows\System\ElUstYk.exe
  C:\Windows\System\ElUstYk.exe
  2⤵
  PID:5928
- C:\Windows\System\xjQfMRu.exe
  C:\Windows\System\xjQfMRu.exe
  2⤵
  PID:5972
- C:\Windows\System\CYuAXAo.exe
  C:\Windows\System\CYuAXAo.exe
  2⤵
  PID:5980
- C:\Windows\System\BxzCSEW.exe
  C:\Windows\System\BxzCSEW.exe
  2⤵
  PID:4872
- C:\Windows\System\lFEVnjE.exe
  C:\Windows\System\lFEVnjE.exe
  2⤵
  PID:4996
- C:\Windows\System\axmTDtX.exe
  C:\Windows\System\axmTDtX.exe
  2⤵
  PID:4488
- C:\Windows\System\bJamEXt.exe
  C:\Windows\System\bJamEXt.exe
  2⤵
  PID:2700
- C:\Windows\System\XyHNRHR.exe
  C:\Windows\System\XyHNRHR.exe
  2⤵
  PID:2364
- C:\Windows\System\MmUDgjl.exe
  C:\Windows\System\MmUDgjl.exe
  2⤵
  PID:4260
- C:\Windows\System\CBobdMH.exe
  C:\Windows\System\CBobdMH.exe
  2⤵
  PID:4068
- C:\Windows\System\lbtFaoC.exe
  C:\Windows\System\lbtFaoC.exe
  2⤵
  PID:2912
- C:\Windows\System\SHSqUWN.exe
  C:\Windows\System\SHSqUWN.exe
  2⤵
  PID:4448
- C:\Windows\System\RrdgyTF.exe
  C:\Windows\System\RrdgyTF.exe
  2⤵
  PID:5296
- C:\Windows\System\SAymlvR.exe
  C:\Windows\System\SAymlvR.exe
  2⤵
  PID:5404
- C:\Windows\System\qraaSQu.exe
  C:\Windows\System\qraaSQu.exe
  2⤵
  PID:5508
- C:\Windows\System\tLRQzIP.exe
  C:\Windows\System\tLRQzIP.exe
  2⤵
  PID:5760
- C:\Windows\System\vjJLpnu.exe
  C:\Windows\System\vjJLpnu.exe
  2⤵
  PID:6052
- C:\Windows\System\LvENLVr.exe
  C:\Windows\System\LvENLVr.exe
  2⤵
  PID:6012
- C:\Windows\System\TkeuuOl.exe
  C:\Windows\System\TkeuuOl.exe
  2⤵
  PID:6120
- C:\Windows\System\xnOiLWG.exe
  C:\Windows\System\xnOiLWG.exe
  2⤵
  PID:3688
- C:\Windows\System\QaXbdLb.exe
  C:\Windows\System\QaXbdLb.exe
  2⤵
  PID:1596
- C:\Windows\System\sdeBfQs.exe
  C:\Windows\System\sdeBfQs.exe
  2⤵
  PID:1172
- C:\Windows\System\NGeUFNm.exe
  C:\Windows\System\NGeUFNm.exe
  2⤵
  PID:1876
- C:\Windows\System\zHpNjoE.exe
  C:\Windows\System\zHpNjoE.exe
  2⤵
  PID:5816
- C:\Windows\System\fnuKnbg.exe
  C:\Windows\System\fnuKnbg.exe
  2⤵
  PID:6004
- C:\Windows\System\KtrDrop.exe
  C:\Windows\System\KtrDrop.exe
  2⤵
  PID:1732
- C:\Windows\System\aKKmUSD.exe
  C:\Windows\System\aKKmUSD.exe
  2⤵
  PID:6148
- C:\Windows\System\ojVLkoq.exe
  C:\Windows\System\ojVLkoq.exe
  2⤵
  PID:6188
- C:\Windows\System\XhUKQPO.exe
  C:\Windows\System\XhUKQPO.exe
  2⤵
  PID:6204
- C:\Windows\System\PaWnPZP.exe
  C:\Windows\System\PaWnPZP.exe
  2⤵
  PID:6232
- C:\Windows\System\ynXJrGZ.exe
  C:\Windows\System\ynXJrGZ.exe
  2⤵
  PID:6292
- C:\Windows\System\hnNdgiX.exe
  C:\Windows\System\hnNdgiX.exe
  2⤵
  PID:6316
- C:\Windows\System\CbzDGXe.exe
  C:\Windows\System\CbzDGXe.exe
  2⤵
  PID:6340
- C:\Windows\System\RduBAPO.exe
  C:\Windows\System\RduBAPO.exe
  2⤵
  PID:6368
- C:\Windows\System\kqVEdjq.exe
  C:\Windows\System\kqVEdjq.exe
  2⤵
  PID:6400
- C:\Windows\System\iVTQCHY.exe
  C:\Windows\System\iVTQCHY.exe
  2⤵
  PID:6444
- C:\Windows\System\QGxYQdR.exe
  C:\Windows\System\QGxYQdR.exe
  2⤵
  PID:6468
- C:\Windows\System\ZKRdikT.exe
  C:\Windows\System\ZKRdikT.exe
  2⤵
  PID:6500
- C:\Windows\System\OLyLomZ.exe
  C:\Windows\System\OLyLomZ.exe
  2⤵
  PID:6520
- C:\Windows\System\gWUKfou.exe
  C:\Windows\System\gWUKfou.exe
  2⤵
  PID:6536
- C:\Windows\System\eXjRzhv.exe
  C:\Windows\System\eXjRzhv.exe
  2⤵
  PID:6568
- C:\Windows\System\xjQGBur.exe
  C:\Windows\System\xjQGBur.exe
  2⤵
  PID:6588
- C:\Windows\System\CASfRkl.exe
  C:\Windows\System\CASfRkl.exe
  2⤵
  PID:6604
- C:\Windows\System\nsDuFXt.exe
  C:\Windows\System\nsDuFXt.exe
  2⤵
  PID:6628
- C:\Windows\System\FYgYtiH.exe
  C:\Windows\System\FYgYtiH.exe
  2⤵
  PID:6648
- C:\Windows\System\jgsutYZ.exe
  C:\Windows\System\jgsutYZ.exe
  2⤵
  PID:6668
- C:\Windows\System\YqsHvFv.exe
  C:\Windows\System\YqsHvFv.exe
  2⤵
  PID:6692
- C:\Windows\System\LFvnIGR.exe
  C:\Windows\System\LFvnIGR.exe
  2⤵
  PID:6712
- C:\Windows\System\SLjsxYY.exe
  C:\Windows\System\SLjsxYY.exe
  2⤵
  PID:6732
- C:\Windows\System\dmBhLxv.exe
  C:\Windows\System\dmBhLxv.exe
  2⤵
  PID:6748
- C:\Windows\System\xhbtWcs.exe
  C:\Windows\System\xhbtWcs.exe
  2⤵
  PID:6800
- C:\Windows\System\dBGTFNk.exe
  C:\Windows\System\dBGTFNk.exe
  2⤵
  PID:6824
- C:\Windows\System\LrhDNmp.exe
  C:\Windows\System\LrhDNmp.exe
  2⤵
  PID:6844
- C:\Windows\System\biUsnJb.exe
  C:\Windows\System\biUsnJb.exe
  2⤵
  PID:6916
- C:\Windows\System\YcSjHRr.exe
  C:\Windows\System\YcSjHRr.exe
  2⤵
  PID:6964
- C:\Windows\System\ukLYpLr.exe
  C:\Windows\System\ukLYpLr.exe
  2⤵
  PID:7000
- C:\Windows\System\GwQDVsW.exe
  C:\Windows\System\GwQDVsW.exe
  2⤵
  PID:7032
- C:\Windows\System\SgyqLSs.exe
  C:\Windows\System\SgyqLSs.exe
  2⤵
  PID:7048
- C:\Windows\System\oWDXTCH.exe
  C:\Windows\System\oWDXTCH.exe
  2⤵
  PID:7072
- C:\Windows\System\XilmNht.exe
  C:\Windows\System\XilmNht.exe
  2⤵
  PID:7088
- C:\Windows\System\wmSrjvu.exe
  C:\Windows\System\wmSrjvu.exe
  2⤵
  PID:7136
- C:\Windows\System\OaMoLzL.exe
  C:\Windows\System\OaMoLzL.exe
  2⤵
  PID:7152
- C:\Windows\System\FdLHDzv.exe
  C:\Windows\System\FdLHDzv.exe
  2⤵
  PID:4788
- C:\Windows\System\WNIAXZE.exe
  C:\Windows\System\WNIAXZE.exe
  2⤵
  PID:6196
- C:\Windows\System\ZuLILnT.exe
  C:\Windows\System\ZuLILnT.exe
  2⤵
  PID:6252
- C:\Windows\System\BYtaxLo.exe
  C:\Windows\System\BYtaxLo.exe
  2⤵
  PID:6280
- C:\Windows\System\beVSAFx.exe
  C:\Windows\System\beVSAFx.exe
  2⤵
  PID:6324
- C:\Windows\System\zVoaKlv.exe
  C:\Windows\System\zVoaKlv.exe
  2⤵
  PID:6376
- C:\Windows\System\xtuOMcI.exe
  C:\Windows\System\xtuOMcI.exe
  2⤵
  PID:6420
- C:\Windows\System\SjIobGc.exe
  C:\Windows\System\SjIobGc.exe
  2⤵
  PID:1816
- C:\Windows\System\KKIltos.exe
  C:\Windows\System\KKIltos.exe
  2⤵
  PID:6512
- C:\Windows\System\Ltdjkrz.exe
  C:\Windows\System\Ltdjkrz.exe
  2⤵
  PID:6664
- C:\Windows\System\ACCUTiA.exe
  C:\Windows\System\ACCUTiA.exe
  2⤵
  PID:6772
- C:\Windows\System\bQtEgmM.exe
  C:\Windows\System\bQtEgmM.exe
  2⤵
  PID:6792
- C:\Windows\System\WoAEiFn.exe
  C:\Windows\System\WoAEiFn.exe
  2⤵
  PID:6896
- C:\Windows\System\BOOCvYB.exe
  C:\Windows\System\BOOCvYB.exe
  2⤵
  PID:7012
- C:\Windows\System\PnQNTJG.exe
  C:\Windows\System\PnQNTJG.exe
  2⤵
  PID:6996
- C:\Windows\System\DPaZfyw.exe
  C:\Windows\System\DPaZfyw.exe
  2⤵
  PID:7124
- C:\Windows\System\lISqevI.exe
  C:\Windows\System\lISqevI.exe
  2⤵
  PID:4912
- C:\Windows\System\ELqnNbI.exe
  C:\Windows\System\ELqnNbI.exe
  2⤵
  PID:6212
- C:\Windows\System\kChUjtW.exe
  C:\Windows\System\kChUjtW.exe
  2⤵
  PID:6288
- C:\Windows\System\BHiHCxu.exe
  C:\Windows\System\BHiHCxu.exe
  2⤵
  PID:6300
- C:\Windows\System\RAamQzb.exe
  C:\Windows\System\RAamQzb.exe
  2⤵
  PID:6464
- C:\Windows\System\sYibuLq.exe
  C:\Windows\System\sYibuLq.exe
  2⤵
  PID:6436
- C:\Windows\System\DgpxpMT.exe
  C:\Windows\System\DgpxpMT.exe
  2⤵
  PID:6624
- C:\Windows\System\ySLZQCd.exe
  C:\Windows\System\ySLZQCd.exe
  2⤵
  PID:6884
- C:\Windows\System\aIjlBat.exe
  C:\Windows\System\aIjlBat.exe
  2⤵
  PID:2584
- C:\Windows\System\iSfoImH.exe
  C:\Windows\System\iSfoImH.exe
  2⤵
  PID:6328
- C:\Windows\System\GnIrOEf.exe
  C:\Windows\System\GnIrOEf.exe
  2⤵
  PID:6488
- C:\Windows\System\IdLNRKK.exe
  C:\Windows\System\IdLNRKK.exe
  2⤵
  PID:5056
- C:\Windows\System\dOYVKFj.exe
  C:\Windows\System\dOYVKFj.exe
  2⤵
  PID:7084
- C:\Windows\System\NwdYmay.exe
  C:\Windows\System\NwdYmay.exe
  2⤵
  PID:6228
- C:\Windows\System\dWRjCkB.exe
  C:\Windows\System\dWRjCkB.exe
  2⤵
  PID:4772
- C:\Windows\System\ZsUJHNl.exe
  C:\Windows\System\ZsUJHNl.exe
  2⤵
  PID:7184
- C:\Windows\System\oiskCCv.exe
  C:\Windows\System\oiskCCv.exe
  2⤵
  PID:7200
- C:\Windows\System\fgSVbsm.exe
  C:\Windows\System\fgSVbsm.exe
  2⤵
  PID:7244
- C:\Windows\System\kINUibW.exe
  C:\Windows\System\kINUibW.exe
  2⤵
  PID:7260
- C:\Windows\System\RGCfaSz.exe
  C:\Windows\System\RGCfaSz.exe
  2⤵
  PID:7276
- C:\Windows\System\RulJnaZ.exe
  C:\Windows\System\RulJnaZ.exe
  2⤵
  PID:7300
- C:\Windows\System\psLkARx.exe
  C:\Windows\System\psLkARx.exe
  2⤵
  PID:7316
- C:\Windows\System\WjEakMP.exe
  C:\Windows\System\WjEakMP.exe
  2⤵
  PID:7340
- C:\Windows\System\OlbunTm.exe
  C:\Windows\System\OlbunTm.exe
  2⤵
  PID:7356
- C:\Windows\System\fQtjUZK.exe
  C:\Windows\System\fQtjUZK.exe
  2⤵
  PID:7376
- C:\Windows\System\kncHuXk.exe
  C:\Windows\System\kncHuXk.exe
  2⤵
  PID:7396
- C:\Windows\System\qNPkTKN.exe
  C:\Windows\System\qNPkTKN.exe
  2⤵
  PID:7416
- C:\Windows\System\vnWxLqq.exe
  C:\Windows\System\vnWxLqq.exe
  2⤵
  PID:7476
- C:\Windows\System\wapQXvv.exe
  C:\Windows\System\wapQXvv.exe
  2⤵
  PID:7512
- C:\Windows\System\UlYbnnL.exe
  C:\Windows\System\UlYbnnL.exe
  2⤵
  PID:7540
- C:\Windows\System\HLOIQlg.exe
  C:\Windows\System\HLOIQlg.exe
  2⤵
  PID:7556
- C:\Windows\System\kxCsQqb.exe
  C:\Windows\System\kxCsQqb.exe
  2⤵
  PID:7584
- C:\Windows\System\LqLGPkQ.exe
  C:\Windows\System\LqLGPkQ.exe
  2⤵
  PID:7616
- C:\Windows\System\HxMOKmc.exe
  C:\Windows\System\HxMOKmc.exe
  2⤵
  PID:7664
- C:\Windows\System\cteKZsZ.exe
  C:\Windows\System\cteKZsZ.exe
  2⤵
  PID:7688
- C:\Windows\System\QZGLENB.exe
  C:\Windows\System\QZGLENB.exe
  2⤵
  PID:7712
- C:\Windows\System\qClrkEq.exe
  C:\Windows\System\qClrkEq.exe
  2⤵
  PID:7732
- C:\Windows\System\FEdwdFY.exe
  C:\Windows\System\FEdwdFY.exe
  2⤵
  PID:7792
- C:\Windows\System\gxMfoFL.exe
  C:\Windows\System\gxMfoFL.exe
  2⤵
  PID:7808
- C:\Windows\System\aQBFXRp.exe
  C:\Windows\System\aQBFXRp.exe
  2⤵
  PID:7828
- C:\Windows\System\PLAxeYM.exe
  C:\Windows\System\PLAxeYM.exe
  2⤵
  PID:7848
- C:\Windows\System\RNLxgsR.exe
  C:\Windows\System\RNLxgsR.exe
  2⤵
  PID:7888
- C:\Windows\System\EmcXkIE.exe
  C:\Windows\System\EmcXkIE.exe
  2⤵
  PID:7948
- C:\Windows\System\fWfKJVj.exe
  C:\Windows\System\fWfKJVj.exe
  2⤵
  PID:7980
- C:\Windows\System\wOAnTSA.exe
  C:\Windows\System\wOAnTSA.exe
  2⤵
  PID:8000
- C:\Windows\System\iwFZnRD.exe
  C:\Windows\System\iwFZnRD.exe
  2⤵
  PID:8020
- C:\Windows\System\jxGsvMJ.exe
  C:\Windows\System\jxGsvMJ.exe
  2⤵
  PID:8040
- C:\Windows\System\IyEwTWg.exe
  C:\Windows\System\IyEwTWg.exe
  2⤵
  PID:8056
- C:\Windows\System\zrjdDDp.exe
  C:\Windows\System\zrjdDDp.exe
  2⤵
  PID:8088
- C:\Windows\System\ZSBcMQg.exe
  C:\Windows\System\ZSBcMQg.exe
  2⤵
  PID:8136
- C:\Windows\System\gYZRCHc.exe
  C:\Windows\System\gYZRCHc.exe
  2⤵
  PID:8152
- C:\Windows\System\VXscECF.exe
  C:\Windows\System\VXscECF.exe
  2⤵
  PID:3004
- C:\Windows\System\GPiVKUX.exe
  C:\Windows\System\GPiVKUX.exe
  2⤵
  PID:7220
- C:\Windows\System\ujPWWLQ.exe
  C:\Windows\System\ujPWWLQ.exe
  2⤵
  PID:7256
- C:\Windows\System\KHDZIFT.exe
  C:\Windows\System\KHDZIFT.exe
  2⤵
  PID:7332
- C:\Windows\System\VyWlDmr.exe
  C:\Windows\System\VyWlDmr.exe
  2⤵
  PID:7348
- C:\Windows\System\NQMnxtC.exe
  C:\Windows\System\NQMnxtC.exe
  2⤵
  PID:7456
- C:\Windows\System\KYOOLEM.exe
  C:\Windows\System\KYOOLEM.exe
  2⤵
  PID:7520
- C:\Windows\System\fCAWzOo.exe
  C:\Windows\System\fCAWzOo.exe
  2⤵
  PID:7696
- C:\Windows\System\npDkyHZ.exe
  C:\Windows\System\npDkyHZ.exe
  2⤵
  PID:7684
- C:\Windows\System\epfpKpG.exe
  C:\Windows\System\epfpKpG.exe
  2⤵
  PID:7804
- C:\Windows\System\ofMsNqd.exe
  C:\Windows\System\ofMsNqd.exe
  2⤵
  PID:7844
- C:\Windows\System\NxQAnAV.exe
  C:\Windows\System\NxQAnAV.exe
  2⤵
  PID:7900
- C:\Windows\System\fmxGfcp.exe
  C:\Windows\System\fmxGfcp.exe
  2⤵
  PID:7960
- C:\Windows\System\cCMhLel.exe
  C:\Windows\System\cCMhLel.exe
  2⤵
  PID:7992
- C:\Windows\System\hAKexIM.exe
  C:\Windows\System\hAKexIM.exe
  2⤵
  PID:8028
- C:\Windows\System\bIcDatM.exe
  C:\Windows\System\bIcDatM.exe
  2⤵
  PID:8172
- C:\Windows\System\ZBCUxlY.exe
  C:\Windows\System\ZBCUxlY.exe
  2⤵
  PID:6552
- C:\Windows\System\ZnGPPrE.exe
  C:\Windows\System\ZnGPPrE.exe
  2⤵
  PID:7284
- C:\Windows\System\BnXrHIi.exe
  C:\Windows\System\BnXrHIi.exe
  2⤵
  PID:7368
- C:\Windows\System\mbxGwZC.exe
  C:\Windows\System\mbxGwZC.exe
  2⤵
  PID:7612
- C:\Windows\System\XYICXHM.exe
  C:\Windows\System\XYICXHM.exe
  2⤵
  PID:7940
- C:\Windows\System\MoapHIo.exe
  C:\Windows\System\MoapHIo.exe
  2⤵
  PID:7868
- C:\Windows\System\PUUMrqY.exe
  C:\Windows\System\PUUMrqY.exe
  2⤵
  PID:8128
- C:\Windows\System\QUiWBnU.exe
  C:\Windows\System\QUiWBnU.exe
  2⤵
  PID:8184
- C:\Windows\System\zPlPyrf.exe
  C:\Windows\System\zPlPyrf.exe
  2⤵
  PID:7608
- C:\Windows\System\aqxRomK.exe
  C:\Windows\System\aqxRomK.exe
  2⤵
  PID:7680
- C:\Windows\System\vqusDkN.exe
  C:\Windows\System\vqusDkN.exe
  2⤵
  PID:7352
- C:\Windows\System\JkEATWY.exe
  C:\Windows\System\JkEATWY.exe
  2⤵
  PID:8220
- C:\Windows\System\ylRIvvw.exe
  C:\Windows\System\ylRIvvw.exe
  2⤵
  PID:8244
- C:\Windows\System\eQmeMWJ.exe
  C:\Windows\System\eQmeMWJ.exe
  2⤵
  PID:8264
- C:\Windows\System\kmLZbpT.exe
  C:\Windows\System\kmLZbpT.exe
  2⤵
  PID:8288
- C:\Windows\System\ltniPMU.exe
  C:\Windows\System\ltniPMU.exe
  2⤵
  PID:8304
- C:\Windows\System\ZAolCxg.exe
  C:\Windows\System\ZAolCxg.exe
  2⤵
  PID:8328
- C:\Windows\System\cJFqxwG.exe
  C:\Windows\System\cJFqxwG.exe
  2⤵
  PID:8344
- C:\Windows\System\stNLQPp.exe
  C:\Windows\System\stNLQPp.exe
  2⤵
  PID:8408
- C:\Windows\System\hCJXzfY.exe
  C:\Windows\System\hCJXzfY.exe
  2⤵
  PID:8428
- C:\Windows\System\zThpujp.exe
  C:\Windows\System\zThpujp.exe
  2⤵
  PID:8452
- C:\Windows\System\FwxbYYG.exe
  C:\Windows\System\FwxbYYG.exe
  2⤵
  PID:8468
- C:\Windows\System\KgTZuXX.exe
  C:\Windows\System\KgTZuXX.exe
  2⤵
  PID:8512
- C:\Windows\System\MjLlzWB.exe
  C:\Windows\System\MjLlzWB.exe
  2⤵
  PID:8532
- C:\Windows\System\PVRqRdF.exe
  C:\Windows\System\PVRqRdF.exe
  2⤵
  PID:8576
- C:\Windows\System\BjTRCYb.exe
  C:\Windows\System\BjTRCYb.exe
  2⤵
  PID:8608
- C:\Windows\System\iLCHIbR.exe
  C:\Windows\System\iLCHIbR.exe
  2⤵
  PID:8632
- C:\Windows\System\JkJzYnz.exe
  C:\Windows\System\JkJzYnz.exe
  2⤵
  PID:8676
- C:\Windows\System\MffzwzL.exe
  C:\Windows\System\MffzwzL.exe
  2⤵
  PID:8732
- C:\Windows\System\PAMROYN.exe
  C:\Windows\System\PAMROYN.exe
  2⤵
  PID:8756
- C:\Windows\System\VaEiUEw.exe
  C:\Windows\System\VaEiUEw.exe
  2⤵
  PID:8776
- C:\Windows\System\pTxxClE.exe
  C:\Windows\System\pTxxClE.exe
  2⤵
  PID:8816
- C:\Windows\System\fScfkRr.exe
  C:\Windows\System\fScfkRr.exe
  2⤵
  PID:8832
- C:\Windows\System\GACLUnx.exe
  C:\Windows\System\GACLUnx.exe
  2⤵
  PID:8876
- C:\Windows\System\GGtoXaP.exe
  C:\Windows\System\GGtoXaP.exe
  2⤵
  PID:8908
- C:\Windows\System\JyIueIl.exe
  C:\Windows\System\JyIueIl.exe
  2⤵
  PID:8936
- C:\Windows\System\gehGbfA.exe
  C:\Windows\System\gehGbfA.exe
  2⤵
  PID:9000
- C:\Windows\System\jAUTsUI.exe
  C:\Windows\System\jAUTsUI.exe
  2⤵
  PID:9020
- C:\Windows\System\xdeHCIw.exe
  C:\Windows\System\xdeHCIw.exe
  2⤵
  PID:9048
- C:\Windows\System\RUcgXfY.exe
  C:\Windows\System\RUcgXfY.exe
  2⤵
  PID:9068
- C:\Windows\System\sdulNpS.exe
  C:\Windows\System\sdulNpS.exe
  2⤵
  PID:9092
- C:\Windows\System\TOebMFD.exe
  C:\Windows\System\TOebMFD.exe
  2⤵
  PID:9124
- C:\Windows\System\qQbHfJh.exe
  C:\Windows\System\qQbHfJh.exe
  2⤵
  PID:9140
- C:\Windows\System\LTnEVVg.exe
  C:\Windows\System\LTnEVVg.exe
  2⤵
  PID:9208
- C:\Windows\System\slXWoDO.exe
  C:\Windows\System\slXWoDO.exe
  2⤵
  PID:7328
- C:\Windows\System\dskSBbT.exe
  C:\Windows\System\dskSBbT.exe
  2⤵
  PID:8312
- C:\Windows\System\PEmtGad.exe
  C:\Windows\System\PEmtGad.exe
  2⤵
  PID:8376
- C:\Windows\System\LFvoNuq.exe
  C:\Windows\System\LFvoNuq.exe
  2⤵
  PID:8276
- C:\Windows\System\dtNyhRa.exe
  C:\Windows\System\dtNyhRa.exe
  2⤵
  PID:8480
- C:\Windows\System\tlsNEle.exe
  C:\Windows\System\tlsNEle.exe
  2⤵
  PID:8424
- C:\Windows\System\aHfgQoU.exe
  C:\Windows\System\aHfgQoU.exe
  2⤵
  PID:8560
- C:\Windows\System\gwZQGOH.exe
  C:\Windows\System\gwZQGOH.exe
  2⤵
  PID:8656
- C:\Windows\System\zIcMXHo.exe
  C:\Windows\System\zIcMXHo.exe
  2⤵
  PID:8724
- C:\Windows\System\dYhQwSF.exe
  C:\Windows\System\dYhQwSF.exe
  2⤵
  PID:8808
- C:\Windows\System\gibjXoq.exe
  C:\Windows\System\gibjXoq.exe
  2⤵
  PID:8868
- C:\Windows\System\oeyGvxG.exe
  C:\Windows\System\oeyGvxG.exe
  2⤵
  PID:8924
- C:\Windows\System\dIDXnFB.exe
  C:\Windows\System\dIDXnFB.exe
  2⤵
  PID:9104
- C:\Windows\System\tzpTjXr.exe
  C:\Windows\System\tzpTjXr.exe
  2⤵
  PID:9172
- C:\Windows\System\oTHGCwY.exe
  C:\Windows\System\oTHGCwY.exe
  2⤵
  PID:9204
- C:\Windows\System\MNqXBeJ.exe
  C:\Windows\System\MNqXBeJ.exe
  2⤵
  PID:8216
- C:\Windows\System\uOtEvTI.exe
  C:\Windows\System\uOtEvTI.exe
  2⤵
  PID:8540
- C:\Windows\System\Mnsvsti.exe
  C:\Windows\System\Mnsvsti.exe
  2⤵
  PID:8388
- C:\Windows\System\wgNSZuF.exe
  C:\Windows\System\wgNSZuF.exe
  2⤵
  PID:8420
- C:\Windows\System\FvHTtLk.exe
  C:\Windows\System\FvHTtLk.exe
  2⤵
  PID:8448
- C:\Windows\System\MBvQOJu.exe
  C:\Windows\System\MBvQOJu.exe
  2⤵
  PID:8596
- C:\Windows\System\IPGenoO.exe
  C:\Windows\System\IPGenoO.exe
  2⤵
  PID:8672
- C:\Windows\System\VHqqmAV.exe
  C:\Windows\System\VHqqmAV.exe
  2⤵
  PID:8884
- C:\Windows\System\BdCHZCS.exe
  C:\Windows\System\BdCHZCS.exe
  2⤵
  PID:9088
- C:\Windows\System\GdslpvI.exe
  C:\Windows\System\GdslpvI.exe
  2⤵
  PID:9192
- C:\Windows\System\OWSQoBi.exe
  C:\Windows\System\OWSQoBi.exe
  2⤵
  PID:8600
- C:\Windows\System\DfhwGhy.exe
  C:\Windows\System\DfhwGhy.exe
  2⤵
  PID:9076
- C:\Windows\System\QQoBUQz.exe
  C:\Windows\System\QQoBUQz.exe
  2⤵
  PID:9224
- C:\Windows\System\WAhgtVg.exe
  C:\Windows\System\WAhgtVg.exe
  2⤵
  PID:9292
- C:\Windows\System\CbWiLml.exe
  C:\Windows\System\CbWiLml.exe
  2⤵
  PID:9336
- C:\Windows\System\dTUwSqV.exe
  C:\Windows\System\dTUwSqV.exe
  2⤵
  PID:9380
- C:\Windows\System\hRoLzDK.exe
  C:\Windows\System\hRoLzDK.exe
  2⤵
  PID:9396
- C:\Windows\System\NieoUzx.exe
  C:\Windows\System\NieoUzx.exe
  2⤵
  PID:9424
- C:\Windows\System\lPOykWD.exe
  C:\Windows\System\lPOykWD.exe
  2⤵
  PID:9440
- C:\Windows\System\fYPPXrR.exe
  C:\Windows\System\fYPPXrR.exe
  2⤵
  PID:9492
- C:\Windows\System\dzZUgAz.exe
  C:\Windows\System\dzZUgAz.exe
  2⤵
  PID:9512
- C:\Windows\System\GRPaBUt.exe
  C:\Windows\System\GRPaBUt.exe
  2⤵
  PID:9536
- C:\Windows\System\RJEdkoQ.exe
  C:\Windows\System\RJEdkoQ.exe
  2⤵
  PID:9552
- C:\Windows\System\QBgxosh.exe
  C:\Windows\System\QBgxosh.exe
  2⤵
  PID:9580
- C:\Windows\System\VjsrJGC.exe
  C:\Windows\System\VjsrJGC.exe
  2⤵
  PID:9608
- C:\Windows\System\SWigJaH.exe
  C:\Windows\System\SWigJaH.exe
  2⤵
  PID:9636
- C:\Windows\System\TVLKlUW.exe
  C:\Windows\System\TVLKlUW.exe
  2⤵
  PID:9688
- C:\Windows\System\DMSMueo.exe
  C:\Windows\System\DMSMueo.exe
  2⤵
  PID:9708
- C:\Windows\System\YuaXswe.exe
  C:\Windows\System\YuaXswe.exe
  2⤵
  PID:9728
- C:\Windows\System\KRSrxRr.exe
  C:\Windows\System\KRSrxRr.exe
  2⤵
  PID:9772
- C:\Windows\System\JNFTJLQ.exe
  C:\Windows\System\JNFTJLQ.exe
  2⤵
  PID:9792
- C:\Windows\System\IvHeQvK.exe
  C:\Windows\System\IvHeQvK.exe
  2⤵
  PID:9824
- C:\Windows\System\FQCtERP.exe
  C:\Windows\System\FQCtERP.exe
  2⤵
  PID:9852
- C:\Windows\System\ucAwUtd.exe
  C:\Windows\System\ucAwUtd.exe
  2⤵
  PID:9868
- C:\Windows\System\fYyeQbW.exe
  C:\Windows\System\fYyeQbW.exe
  2⤵
  PID:9904
- C:\Windows\System\auzTKAa.exe
  C:\Windows\System\auzTKAa.exe
  2⤵
  PID:9920
- C:\Windows\System\kaolgII.exe
  C:\Windows\System\kaolgII.exe
  2⤵
  PID:9940
- C:\Windows\System\IRknjVU.exe
  C:\Windows\System\IRknjVU.exe
  2⤵
  PID:9960
- C:\Windows\System\AVIgkra.exe
  C:\Windows\System\AVIgkra.exe
  2⤵
  PID:9992
- C:\Windows\System\ziOvIrG.exe
  C:\Windows\System\ziOvIrG.exe
  2⤵
  PID:10008
- C:\Windows\System\LpuAuHi.exe
  C:\Windows\System\LpuAuHi.exe
  2⤵
  PID:10076
- C:\Windows\System\hHtZcjB.exe
  C:\Windows\System\hHtZcjB.exe
  2⤵
  PID:10100
- C:\Windows\System\czNgMPU.exe
  C:\Windows\System\czNgMPU.exe
  2⤵
  PID:10132
- C:\Windows\System\FeRLaNK.exe
  C:\Windows\System\FeRLaNK.exe
  2⤵
  PID:10148
- C:\Windows\System\sDPKgPl.exe
  C:\Windows\System\sDPKgPl.exe
  2⤵
  PID:10176
- C:\Windows\System\OfmrvkY.exe
  C:\Windows\System\OfmrvkY.exe
  2⤵
  PID:10208
- C:\Windows\System\wPTZdpU.exe
  C:\Windows\System\wPTZdpU.exe
  2⤵
  PID:10236
- C:\Windows\System\bGWMtxC.exe
  C:\Windows\System\bGWMtxC.exe
  2⤵
  PID:8948
- C:\Windows\System\PHeTijS.exe
  C:\Windows\System\PHeTijS.exe
  2⤵
  PID:8524
- C:\Windows\System\yBewpHi.exe
  C:\Windows\System\yBewpHi.exe
  2⤵
  PID:9284
- C:\Windows\System\RfOHjHB.exe
  C:\Windows\System\RfOHjHB.exe
  2⤵
  PID:9388
- C:\Windows\System\QtTTxdQ.exe
  C:\Windows\System\QtTTxdQ.exe
  2⤵
  PID:9588
- C:\Windows\System\gTFXhTG.exe
  C:\Windows\System\gTFXhTG.exe
  2⤵
  PID:9600
- C:\Windows\System\zJryNsy.exe
  C:\Windows\System\zJryNsy.exe
  2⤵
  PID:9676
- C:\Windows\System\Wvlmbof.exe
  C:\Windows\System\Wvlmbof.exe
  2⤵
  PID:9700
- C:\Windows\System\qCFWwug.exe
  C:\Windows\System\qCFWwug.exe
  2⤵
  PID:9748
- C:\Windows\System\OywWLDp.exe
  C:\Windows\System\OywWLDp.exe
  2⤵
  PID:9836
- C:\Windows\System\vLxoNjW.exe
  C:\Windows\System\vLxoNjW.exe
  2⤵
  PID:9952
- C:\Windows\System\qjHldQy.exe
  C:\Windows\System\qjHldQy.exe
  2⤵
  PID:9912
- C:\Windows\System\UtYFXKh.exe
  C:\Windows\System\UtYFXKh.exe
  2⤵
  PID:10044
- C:\Windows\System\AWTCFqu.exe
  C:\Windows\System\AWTCFqu.exe
  2⤵
  PID:10108
- C:\Windows\System\XlpNCzB.exe
  C:\Windows\System\XlpNCzB.exe
  2⤵
  PID:10144
- C:\Windows\System\uUvmgrZ.exe
  C:\Windows\System\uUvmgrZ.exe
  2⤵
  PID:10188
- C:\Windows\System\dsYrZSj.exe
  C:\Windows\System\dsYrZSj.exe
  2⤵
  PID:8668
- C:\Windows\System\HnFdRhU.exe
  C:\Windows\System\HnFdRhU.exe
  2⤵
  PID:9316
- C:\Windows\System\jhnXzFA.exe
  C:\Windows\System\jhnXzFA.exe
  2⤵
  PID:9604
- C:\Windows\System\sfNMHNW.exe
  C:\Windows\System\sfNMHNW.exe
  2⤵
  PID:9804
- C:\Windows\System\qhdYavP.exe
  C:\Windows\System\qhdYavP.exe
  2⤵
  PID:9840
- C:\Windows\System\qFBTxQN.exe
  C:\Windows\System\qFBTxQN.exe
  2⤵
  PID:9956
- C:\Windows\System\ZzxDOtX.exe
  C:\Windows\System\ZzxDOtX.exe
  2⤵
  PID:9308
- C:\Windows\System\intBTIp.exe
  C:\Windows\System\intBTIp.exe
  2⤵
  PID:9528
- C:\Windows\System\HDKlsVX.exe
  C:\Windows\System\HDKlsVX.exe
  2⤵
  PID:9916
- C:\Windows\System\uldmFbV.exe
  C:\Windows\System\uldmFbV.exe
  2⤵
  PID:5288
- C:\Windows\System\kLMUZgt.exe
  C:\Windows\System\kLMUZgt.exe
  2⤵
  PID:10256
- C:\Windows\System\higGUPz.exe
  C:\Windows\System\higGUPz.exe
  2⤵
  PID:10284
- C:\Windows\System\mudCKli.exe
  C:\Windows\System\mudCKli.exe
  2⤵
  PID:10304
- C:\Windows\System\GsleFAz.exe
  C:\Windows\System\GsleFAz.exe
  2⤵
  PID:10332
- C:\Windows\System\LryrbjU.exe
  C:\Windows\System\LryrbjU.exe
  2⤵
  PID:10352
- C:\Windows\System\pDbgzkf.exe
  C:\Windows\System\pDbgzkf.exe
  2⤵
  PID:10372
- C:\Windows\System\QyNSUQw.exe
  C:\Windows\System\QyNSUQw.exe
  2⤵
  PID:10392
- C:\Windows\System\xkqOpYU.exe
  C:\Windows\System\xkqOpYU.exe
  2⤵
  PID:10436
- C:\Windows\System\rkvCCeU.exe
  C:\Windows\System\rkvCCeU.exe
  2⤵
  PID:10460
- C:\Windows\System\FZsejXB.exe
  C:\Windows\System\FZsejXB.exe
  2⤵
  PID:10480
- C:\Windows\System\lRAqgsN.exe
  C:\Windows\System\lRAqgsN.exe
  2⤵
  PID:10504
- C:\Windows\System\blbtXar.exe
  C:\Windows\System\blbtXar.exe
  2⤵
  PID:10564
- C:\Windows\System\soNOGnR.exe
  C:\Windows\System\soNOGnR.exe
  2⤵
  PID:10588
- C:\Windows\System\GdbkfnY.exe
  C:\Windows\System\GdbkfnY.exe
  2⤵
  PID:10616
- C:\Windows\System\FWQOBOh.exe
  C:\Windows\System\FWQOBOh.exe
  2⤵
  PID:10636
- C:\Windows\System\GHBTepW.exe
  C:\Windows\System\GHBTepW.exe
  2⤵
  PID:10664
- C:\Windows\System\jFTlInC.exe
  C:\Windows\System\jFTlInC.exe
  2⤵
  PID:10704
- C:\Windows\System\iFekVHG.exe
  C:\Windows\System\iFekVHG.exe
  2⤵
  PID:10732
- C:\Windows\System\CJIovba.exe
  C:\Windows\System\CJIovba.exe
  2⤵
  PID:10760
- C:\Windows\System\AoJuRwc.exe
  C:\Windows\System\AoJuRwc.exe
  2⤵
  PID:10776
- C:\Windows\System\HYJuzld.exe
  C:\Windows\System\HYJuzld.exe
  2⤵
  PID:10804
- C:\Windows\System\TyXnFcz.exe
  C:\Windows\System\TyXnFcz.exe
  2⤵
  PID:10832
- C:\Windows\System\nSYYzfv.exe
  C:\Windows\System\nSYYzfv.exe
  2⤵
  PID:10856
- C:\Windows\System\sxUnewh.exe
  C:\Windows\System\sxUnewh.exe
  2⤵
  PID:10876
- C:\Windows\System\qStJpGM.exe
  C:\Windows\System\qStJpGM.exe
  2⤵
  PID:10900
- C:\Windows\System\kuaXQyK.exe
  C:\Windows\System\kuaXQyK.exe
  2⤵
  PID:10916
- C:\Windows\System\CniVNyJ.exe
  C:\Windows\System\CniVNyJ.exe
  2⤵
  PID:10944
- C:\Windows\System\eZbSaWu.exe
  C:\Windows\System\eZbSaWu.exe
  2⤵
  PID:10960
- C:\Windows\System\UaqKYBS.exe
  C:\Windows\System\UaqKYBS.exe
  2⤵
  PID:10988
- C:\Windows\System\ZbxGMKI.exe
  C:\Windows\System\ZbxGMKI.exe
  2⤵
  PID:11008
- C:\Windows\System\JYtNzYB.exe
  C:\Windows\System\JYtNzYB.exe
  2⤵
  PID:11032
- C:\Windows\System\xReBNCG.exe
  C:\Windows\System\xReBNCG.exe
  2⤵
  PID:11048
- C:\Windows\System\klFJehs.exe
  C:\Windows\System\klFJehs.exe
  2⤵
  PID:11144
- C:\Windows\System\VQokTDw.exe
  C:\Windows\System\VQokTDw.exe
  2⤵
  PID:11180
- C:\Windows\System\DLDrCZU.exe
  C:\Windows\System\DLDrCZU.exe
  2⤵
  PID:11200
- C:\Windows\System\itCFgew.exe
  C:\Windows\System\itCFgew.exe
  2⤵
  PID:11224
- C:\Windows\System\RPwBgsm.exe
  C:\Windows\System\RPwBgsm.exe
  2⤵
  PID:11244
- C:\Windows\System\IsfEzsq.exe
  C:\Windows\System\IsfEzsq.exe
  2⤵
  PID:10092
- C:\Windows\System\sqbouJm.exe
  C:\Windows\System\sqbouJm.exe
  2⤵
  PID:10280
- C:\Windows\System\YQblegA.exe
  C:\Windows\System\YQblegA.exe
  2⤵
  PID:10328
- C:\Windows\System\QYhwbkL.exe
  C:\Windows\System\QYhwbkL.exe
  2⤵
  PID:10416
- C:\Windows\System\RPLazoq.exe
  C:\Windows\System\RPLazoq.exe
  2⤵
  PID:10444
- C:\Windows\System\PbXjAjB.exe
  C:\Windows\System\PbXjAjB.exe
  2⤵
  PID:10488
- C:\Windows\System\DdOcpen.exe
  C:\Windows\System\DdOcpen.exe
  2⤵
  PID:10536
- C:\Windows\System\dmvicHK.exe
  C:\Windows\System\dmvicHK.exe
  2⤵
  PID:10768
- C:\Windows\System\toaoDNW.exe
  C:\Windows\System\toaoDNW.exe
  2⤵
  PID:10848
- C:\Windows\System\zbBXfcQ.exe
  C:\Windows\System\zbBXfcQ.exe
  2⤵
  PID:10924
- C:\Windows\System\AuJjfIg.exe
  C:\Windows\System\AuJjfIg.exe
  2⤵
  PID:10956
- C:\Windows\System\yaWKHpC.exe
  C:\Windows\System\yaWKHpC.exe
  2⤵
  PID:10968
- C:\Windows\System\vUYNUuU.exe
  C:\Windows\System\vUYNUuU.exe
  2⤵
  PID:11040
- C:\Windows\System\HpAfQqD.exe
  C:\Windows\System\HpAfQqD.exe
  2⤵
  PID:11056
- C:\Windows\System\fLoEGJA.exe
  C:\Windows\System\fLoEGJA.exe
  2⤵
  PID:11260
- C:\Windows\System\qddCEEl.exe
  C:\Windows\System\qddCEEl.exe
  2⤵
  PID:10112
- C:\Windows\System\FGkeSOc.exe
  C:\Windows\System\FGkeSOc.exe
  2⤵
  PID:10540
- C:\Windows\System\qwjfCgK.exe
  C:\Windows\System\qwjfCgK.exe
  2⤵
  PID:10368
- C:\Windows\System\zoyqZjv.exe
  C:\Windows\System\zoyqZjv.exe
  2⤵
  PID:10628
- C:\Windows\System\bhSbchi.exe
  C:\Windows\System\bhSbchi.exe
  2⤵
  PID:10884
- C:\Windows\System\FwDUdUe.exe
  C:\Windows\System\FwDUdUe.exe
  2⤵
  PID:11192
- C:\Windows\System\TukDgrI.exe
  C:\Windows\System\TukDgrI.exe
  2⤵
  PID:11100
- C:\Windows\System\lwAluiQ.exe
  C:\Windows\System\lwAluiQ.exe
  2⤵
  PID:10456
- C:\Windows\System\iLaaFxE.exe
  C:\Windows\System\iLaaFxE.exe
  2⤵
  PID:10724
- C:\Windows\System\CzracyS.exe
  C:\Windows\System\CzracyS.exe
  2⤵
  PID:11216
- C:\Windows\System\lMYSxCO.exe
  C:\Windows\System\lMYSxCO.exe
  2⤵
  PID:11272
- C:\Windows\System\iLipzxT.exe
  C:\Windows\System\iLipzxT.exe
  2⤵
  PID:11304
- C:\Windows\System\oNAwNnR.exe
  C:\Windows\System\oNAwNnR.exe
  2⤵
  PID:11328
- C:\Windows\System\EwwwmYZ.exe
  C:\Windows\System\EwwwmYZ.exe
  2⤵
  PID:11348
- C:\Windows\System\YhhhKoY.exe
  C:\Windows\System\YhhhKoY.exe
  2⤵
  PID:11404
- C:\Windows\System\gZeUqJp.exe
  C:\Windows\System\gZeUqJp.exe
  2⤵
  PID:11424
- C:\Windows\System\ckpOjtn.exe
  C:\Windows\System\ckpOjtn.exe
  2⤵
  PID:11448
- C:\Windows\System\CAvEDDe.exe
  C:\Windows\System\CAvEDDe.exe
  2⤵
  PID:11468
- C:\Windows\System\jEXQkXK.exe
  C:\Windows\System\jEXQkXK.exe
  2⤵
  PID:11488
- C:\Windows\System\StucKmi.exe
  C:\Windows\System\StucKmi.exe
  2⤵
  PID:11508
- C:\Windows\System\ASTkUmI.exe
  C:\Windows\System\ASTkUmI.exe
  2⤵
  PID:11548
- C:\Windows\System\xtDhMXe.exe
  C:\Windows\System\xtDhMXe.exe
  2⤵
  PID:11600
- C:\Windows\System\lDYeuyj.exe
  C:\Windows\System\lDYeuyj.exe
  2⤵
  PID:11632
- C:\Windows\System\wOkaZua.exe
  C:\Windows\System\wOkaZua.exe
  2⤵
  PID:11676
- C:\Windows\System\mNftTmR.exe
  C:\Windows\System\mNftTmR.exe
  2⤵
  PID:11692
- C:\Windows\System\gZeprLq.exe
  C:\Windows\System\gZeprLq.exe
  2⤵
  PID:11728
- C:\Windows\System\SWjDWIM.exe
  C:\Windows\System\SWjDWIM.exe
  2⤵
  PID:11744
- C:\Windows\System\LgHJBtj.exe
  C:\Windows\System\LgHJBtj.exe
  2⤵
  PID:11768
- C:\Windows\System\jQkjwqH.exe
  C:\Windows\System\jQkjwqH.exe
  2⤵
  PID:11788
- C:\Windows\System\qDzawPV.exe
  C:\Windows\System\qDzawPV.exe
  2⤵
  PID:11804
- C:\Windows\System\xPOmMyG.exe
  C:\Windows\System\xPOmMyG.exe
  2⤵
  PID:11828
- C:\Windows\System\GHIeAGB.exe
  C:\Windows\System\GHIeAGB.exe
  2⤵
  PID:11844
- C:\Windows\System\kQlxAVa.exe
  C:\Windows\System\kQlxAVa.exe
  2⤵
  PID:11864
- C:\Windows\System\UMgcpsc.exe
  C:\Windows\System\UMgcpsc.exe
  2⤵
  PID:11888
- C:\Windows\System\njUOsMI.exe
  C:\Windows\System\njUOsMI.exe
  2⤵
  PID:11932
- C:\Windows\System\JogPCyY.exe
  C:\Windows\System\JogPCyY.exe
  2⤵
  PID:11952
- C:\Windows\System\drlUeBI.exe
  C:\Windows\System\drlUeBI.exe
  2⤵
  PID:12020
- C:\Windows\System\NvkfraC.exe
  C:\Windows\System\NvkfraC.exe
  2⤵
  PID:12040
- C:\Windows\System\QIJsJui.exe
  C:\Windows\System\QIJsJui.exe
  2⤵
  PID:12068
- C:\Windows\System\ejBNlZe.exe
  C:\Windows\System\ejBNlZe.exe
  2⤵
  PID:12112
- C:\Windows\System\yuJcYxi.exe
  C:\Windows\System\yuJcYxi.exe
  2⤵
  PID:12132
- C:\Windows\System\RFxVKHw.exe
  C:\Windows\System\RFxVKHw.exe
  2⤵
  PID:12160
- C:\Windows\System\nJeWKdf.exe
  C:\Windows\System\nJeWKdf.exe
  2⤵
  PID:12180
- C:\Windows\System\NYMpveT.exe
  C:\Windows\System\NYMpveT.exe
  2⤵
  PID:12208
- C:\Windows\System\SjBuZeM.exe
  C:\Windows\System\SjBuZeM.exe
  2⤵
  PID:12256
- C:\Windows\System\qfIzZff.exe
  C:\Windows\System\qfIzZff.exe
  2⤵
  PID:12280
- C:\Windows\System\IBZFmCx.exe
  C:\Windows\System\IBZFmCx.exe
  2⤵
  PID:11044
- C:\Windows\System\PYxuxuN.exe
  C:\Windows\System\PYxuxuN.exe
  2⤵
  PID:11320
- C:\Windows\System\wlQdYYc.exe
  C:\Windows\System\wlQdYYc.exe
  2⤵
  PID:11384
- C:\Windows\System\rgjsepC.exe
  C:\Windows\System\rgjsepC.exe
  2⤵
  PID:11444
- C:\Windows\System\OQqLOND.exe
  C:\Windows\System\OQqLOND.exe
  2⤵
  PID:11528
- C:\Windows\System\JMlKYGl.exe
  C:\Windows\System\JMlKYGl.exe
  2⤵
  PID:11500
- C:\Windows\System\ccfRWzC.exe
  C:\Windows\System\ccfRWzC.exe
  2⤵
  PID:11544
- C:\Windows\System\FiFFesD.exe
  C:\Windows\System\FiFFesD.exe
  2⤵
  PID:11708
- C:\Windows\System\NxmnIGg.exe
  C:\Windows\System\NxmnIGg.exe
  2⤵
  PID:11780
- C:\Windows\System\qOvqbHS.exe
  C:\Windows\System\qOvqbHS.exe
  2⤵
  PID:11784
- C:\Windows\System\beJwuby.exe
  C:\Windows\System\beJwuby.exe
  2⤵
  PID:11840
- C:\Windows\System\TXOLfUv.exe
  C:\Windows\System\TXOLfUv.exe
  2⤵
  PID:11964
- C:\Windows\System\lFGmxzf.exe
  C:\Windows\System\lFGmxzf.exe
  2⤵
  PID:12032
- C:\Windows\System\YVcbSai.exe
  C:\Windows\System\YVcbSai.exe
  2⤵
  PID:12172
- C:\Windows\System\XpKgNRQ.exe
  C:\Windows\System\XpKgNRQ.exe
  2⤵
  PID:12204
- C:\Windows\System\RPFDqQN.exe
  C:\Windows\System\RPFDqQN.exe
  2⤵
  PID:11324
- C:\Windows\System\gMQbOsy.exe
  C:\Windows\System\gMQbOsy.exe
  2⤵
  PID:11464
- C:\Windows\System\AXROJyz.exe
  C:\Windows\System\AXROJyz.exe
  2⤵
  PID:11520
- C:\Windows\System\hyKuUTd.exe
  C:\Windows\System\hyKuUTd.exe
  2⤵
  PID:11764
- C:\Windows\System\TUOrlCG.exe
  C:\Windows\System\TUOrlCG.exe
  2⤵
  PID:11796
- C:\Windows\System\giDajCg.exe
  C:\Windows\System\giDajCg.exe
  2⤵
  PID:11896
- C:\Windows\System\UWtqPiN.exe
  C:\Windows\System\UWtqPiN.exe
  2⤵
  PID:12104
- C:\Windows\System\atUEyze.exe
  C:\Windows\System\atUEyze.exe
  2⤵
  PID:11416
- C:\Windows\System\rfsbdQi.exe
  C:\Windows\System\rfsbdQi.exe
  2⤵
  PID:11432
- C:\Windows\System\zTuOGcl.exe
  C:\Windows\System\zTuOGcl.exe
  2⤵
  PID:10348
- C:\Windows\System\DHJcrHs.exe
  C:\Windows\System\DHJcrHs.exe
  2⤵
  PID:12276
- C:\Windows\System\kykfuZl.exe
  C:\Windows\System\kykfuZl.exe
  2⤵
  PID:11652
- C:\Windows\System\FraPBKN.exe
  C:\Windows\System\FraPBKN.exe
  2⤵
  PID:12088
- C:\Windows\System\EbontsY.exe
  C:\Windows\System\EbontsY.exe
  2⤵
  PID:11616
- C:\Windows\System\ArQHYiV.exe
  C:\Windows\System\ArQHYiV.exe
  2⤵
  PID:1048
- C:\Windows\System\snjqFJi.exe
  C:\Windows\System\snjqFJi.exe
  2⤵
  PID:12320
- C:\Windows\System\UZVUDui.exe
  C:\Windows\System\UZVUDui.exe
  2⤵
  PID:12344
- C:\Windows\System\MNxizxD.exe
  C:\Windows\System\MNxizxD.exe
  2⤵
  PID:12364
- C:\Windows\System\Qpejnls.exe
  C:\Windows\System\Qpejnls.exe
  2⤵
  PID:12408
- C:\Windows\System\tflNnfb.exe
  C:\Windows\System\tflNnfb.exe
  2⤵
  PID:12432
- C:\Windows\System\ClzEUtD.exe
  C:\Windows\System\ClzEUtD.exe
  2⤵
  PID:12448
- C:\Windows\System\XzidXNg.exe
  C:\Windows\System\XzidXNg.exe
  2⤵
  PID:12492
- C:\Windows\System\csLJqgH.exe
  C:\Windows\System\csLJqgH.exe
  2⤵
  PID:12520
- C:\Windows\System\HHTPTUS.exe
  C:\Windows\System\HHTPTUS.exe
  2⤵
  PID:12548
- C:\Windows\System\qzUAEki.exe
  C:\Windows\System\qzUAEki.exe
  2⤵
  PID:12564
- C:\Windows\System\dNvLEbC.exe
  C:\Windows\System\dNvLEbC.exe
  2⤵
  PID:12588
- C:\Windows\System\ocpAFwW.exe
  C:\Windows\System\ocpAFwW.exe
  2⤵
  PID:12604
- C:\Windows\System\ZsoHtdE.exe
  C:\Windows\System\ZsoHtdE.exe
  2⤵
  PID:12624
- C:\Windows\System\epsrwlJ.exe
  C:\Windows\System\epsrwlJ.exe
  2⤵
  PID:12660
- C:\Windows\System\sMbeRbX.exe
  C:\Windows\System\sMbeRbX.exe
  2⤵
  PID:12696
- C:\Windows\System\ooivqwv.exe
  C:\Windows\System\ooivqwv.exe
  2⤵
  PID:12736
- C:\Windows\System\WHAqxfB.exe
  C:\Windows\System\WHAqxfB.exe
  2⤵
  PID:12760
- C:\Windows\System\aPOeyHo.exe
  C:\Windows\System\aPOeyHo.exe
  2⤵
  PID:12776
- C:\Windows\System\RcEwmMA.exe
  C:\Windows\System\RcEwmMA.exe
  2⤵
  PID:12804
- C:\Windows\System\yhrHKay.exe
  C:\Windows\System\yhrHKay.exe
  2⤵
  PID:12824
- C:\Windows\System\NjXnABk.exe
  C:\Windows\System\NjXnABk.exe
  2⤵
  PID:12848
- C:\Windows\System\jqdKqZy.exe
  C:\Windows\System\jqdKqZy.exe
  2⤵
  PID:12868
- C:\Windows\System\buRTjMA.exe
  C:\Windows\System\buRTjMA.exe
  2⤵
  PID:12892
- C:\Windows\System\tKOTyde.exe
  C:\Windows\System\tKOTyde.exe
  2⤵
  PID:12920
- C:\Windows\System\nVhEoSj.exe
  C:\Windows\System\nVhEoSj.exe
  2⤵
  PID:12960
- C:\Windows\System\ftLOlti.exe
  C:\Windows\System\ftLOlti.exe
  2⤵
  PID:12976
- C:\Windows\System\ZRbRFcl.exe
  C:\Windows\System\ZRbRFcl.exe
  2⤵
  PID:12996
- C:\Windows\System\myWAVTD.exe
  C:\Windows\System\myWAVTD.exe
  2⤵
  PID:13020
- C:\Windows\System\EDSlCuv.exe
  C:\Windows\System\EDSlCuv.exe
  2⤵
  PID:13044
- C:\Windows\System\zEllfSO.exe
  C:\Windows\System\zEllfSO.exe
  2⤵
  PID:13064
- C:\Windows\System\uHgqmyh.exe
  C:\Windows\System\uHgqmyh.exe
  2⤵
  PID:13104
- C:\Windows\System\AWzZLhW.exe
  C:\Windows\System\AWzZLhW.exe
  2⤵
  PID:13148
- C:\Windows\System\SVQQUcO.exe
  C:\Windows\System\SVQQUcO.exe
  2⤵
  PID:13172
- C:\Windows\System\FlaJpXC.exe
  C:\Windows\System\FlaJpXC.exe
  2⤵
  PID:13188
- C:\Windows\System\LqKITKr.exe
  C:\Windows\System\LqKITKr.exe
  2⤵
  PID:13212
- C:\Windows\System\mCvnDhH.exe
  C:\Windows\System\mCvnDhH.exe
  2⤵
  PID:13264
- C:\Windows\System\QRFprFh.exe
  C:\Windows\System\QRFprFh.exe
  2⤵
  PID:13288
- C:\Windows\System\MBfNlck.exe
  C:\Windows\System\MBfNlck.exe
  2⤵
  PID:12300
- C:\Windows\System\kkHBAqX.exe
  C:\Windows\System\kkHBAqX.exe
  2⤵
  PID:12336
- C:\Windows\System\zvhfxka.exe
  C:\Windows\System\zvhfxka.exe
  2⤵
  PID:12404
- C:\Windows\System\mkVftZj.exe
  C:\Windows\System\mkVftZj.exe
  2⤵
  PID:12512
- C:\Windows\System\SPwCDpY.exe
  C:\Windows\System\SPwCDpY.exe
  2⤵
  PID:12584
- C:\Windows\System\ZjyJNcw.exe
  C:\Windows\System\ZjyJNcw.exe
  2⤵
  PID:12860
- C:\Windows\System\eQwBEiD.exe
  C:\Windows\System\eQwBEiD.exe
  2⤵
  PID:12816
- C:\Windows\System\mhkWqSV.exe
  C:\Windows\System\mhkWqSV.exe
  2⤵
  PID:12968
- C:\Windows\System\EZCUYmB.exe
  C:\Windows\System\EZCUYmB.exe
  2⤵
  PID:13128
- C:\Windows\System\HuRuphZ.exe
  C:\Windows\System\HuRuphZ.exe
  2⤵
  PID:13156
- C:\Windows\System\QupWPbs.exe
  C:\Windows\System\QupWPbs.exe
  2⤵
  PID:13180
- C:\Windows\System\LsqnwPb.exe
  C:\Windows\System\LsqnwPb.exe
  2⤵
  PID:13252
- C:\Windows\System\QkdBzVu.exe
  C:\Windows\System\QkdBzVu.exe
  2⤵
  PID:4344
- C:\Windows\System\QrrkxdK.exe
  C:\Windows\System\QrrkxdK.exe
  2⤵
  PID:12500
- C:\Windows\System\EcFOcNX.exe
  C:\Windows\System\EcFOcNX.exe
  2⤵
  PID:12576
- C:\Windows\System\VmwGIxs.exe
  C:\Windows\System\VmwGIxs.exe
  2⤵
  PID:12652
- C:\Windows\System\YiyuwRt.exe
  C:\Windows\System\YiyuwRt.exe
  2⤵
  PID:12744
- C:\Windows\System\ryFoipG.exe
  C:\Windows\System\ryFoipG.exe
  2⤵
  PID:12796
- C:\Windows\System\trqyLVP.exe
  C:\Windows\System\trqyLVP.exe
  2⤵
  PID:12948
- C:\Windows\System\LZKHdnz.exe
  C:\Windows\System\LZKHdnz.exe
  2⤵
  PID:13072
- C:\Windows\System\hlGWELy.exe
  C:\Windows\System\hlGWELy.exe
  2⤵
  PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bwqehgoy.uxr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AuqNuUn.exe

Filesize
1.5MB

MD5
cbe8c9d79c05ffdeec44065dd19597b4

SHA1
8083ea58b8f7633510013733263e20396b2674ad

SHA256
401c941b853191abaac6752db9c83f9c919d2b9310657c20dacb53a47b1c9acf

SHA512
c9b4c888e2794a9e508d31c949ade97f4a00ae7ae62d0dc490b1b1f03e499d80ff6926afa1b4af9bb4f656da0e2d87b5b5cc13dae3fe4e3a49efa48662607ed5

Download Submit
C:\Windows\System\BVUUHVw.exe

Filesize
1.5MB

MD5
628286db7d3ea84c14da2d78c537f844

SHA1
d21557d9ac8720485138661c3ac6a5d9723db521

SHA256
3abb1c93f5710658addf1b302bdd2f8dbcdd7d6b538d5efade180ad4eaa9133e

SHA512
da24cc0d2d1eb66aa2de8a6f9b18b5ad79cf7d4181421f8ec3b1f4e573b67680d927dbca278baa9a62d3b9a6584ea6f96263e5b75161f359accb7eebfc85813c

Download Submit
C:\Windows\System\CSwVBpB.exe

Filesize
1.5MB

MD5
727cb0469ac89f0f91b3ecc3b2f74b38

SHA1
360935829898990d4d09f0fc308c9227866c9c90

SHA256
4c2c911bc709ad64374fcd627abd4c9ba89284503d14e2992e0d25e9f87401a4

SHA512
b00f31b8e96d3310f5f06717251f93e817cc849a0140da71bac4b50d07630f53604983e04ad4cc5d17c59bfb691313fc332ef18b440da03976a52d657d756a00

Download Submit
C:\Windows\System\FajirtK.exe

Filesize
1.5MB

MD5
392d0ae10151bb9403dcd27900404b2f

SHA1
4a05ba05d7724e56fb4e1505351607de59600088

SHA256
885fa8a31461a70f1b2055cd6e779cae836d1bc476eb64b6c2d4704aa0f2a3f7

SHA512
c51bc657a2d001c08c329f06b6f21447d0537caa1fed763d46586ded561adf945921e4b548bf770936c67ec8212d04850ea94f941201d1463463939b3bfcc88c

Download Submit
C:\Windows\System\FtUfWnb.exe

Filesize
1.5MB

MD5
474558cfb699ece38c776879379a0cf9

SHA1
5b2327bfda16f4d9f4e38443689b31a5e0b85c85

SHA256
9db172eaefc373994a2aae59e982564593900977c553e213767311f70ecdd9d6

SHA512
ad27bc70b47a17947a2e1f151bdebdc17edb9a834b174e9cd8e75bc2ff1410fb38dbb02a2498587bae94c8dbe9a432e72f7ab92c929b243918334f466ca50d8c

Download Submit
C:\Windows\System\FyJYGhW.exe

Filesize
1.5MB

MD5
e547513a75851ad0b9014d0c119f0f5d

SHA1
5ba0598939d98bcec92ae471b0674159fa7928f6

SHA256
6f9c3a71ac6531ffa57e461061fe9989a21c2fd506557f461e13c478eb00ae48

SHA512
e164a57b24f1feb622705dcebc96a134c22d8efc2854d3ee9f4065e93716baa31ee8cfa3b9bb1d42cfd74f2dac273942498a219891c8869fbbb0e1d5b4acd35e

Download Submit
C:\Windows\System\KetXvUD.exe

Filesize
1.5MB

MD5
f719a2266fd70913bc5e59eea84fa4a1

SHA1
ae0760ca31f7679421aa1d0db4a145abb0e403ad

SHA256
7ba5a79375e470ebeb7a090de0455273030095e7d4883bf9d6b5964d3bd538c6

SHA512
c1c2a13610d43e386715b9ce1d014b4f5d64b66490a801359bc2a19dd731ca44138454e9b42c11b8830e410cb1960135a7700f8567cc0d7199fcda7e4f558a0c

Download Submit
C:\Windows\System\MXvKuGC.exe

Filesize
1.5MB

MD5
ea98773016b4efe635ad67bede5fddcf

SHA1
d2f1b7ba9ceb31a070bd96740b4d8d91987baf98

SHA256
3c3954255934778767efc492c1044468933af432e5a7897d580e1d128eab9fac

SHA512
2ee64300eadf08eaeb24f0c7ddad18061bd5259f7cec24b2b2d36e527fdb478718f46ffc4ff7c21c7f27d9a29d74b8b7fe056779331dcf912ff35964b9f4bb6f

Download Submit
C:\Windows\System\PcVDRcU.exe

Filesize
1.5MB

MD5
91e9a0ded933df2d7bb77101babe8ece

SHA1
f725bb80ff0d2903964fa881b7c682d0468c72cc

SHA256
0e926bbe7ba315c682a42e8bcb3bf17e800183ac2a5ba654bb4a83bb3900cf9c

SHA512
5c8b550169764d6ac3d10b341d1c243bd31ea0a221230684e23711b6e53ca75d981a904f0abcaa347c523d592b8dc0ebf787dbafa626776786be908c4a0eb210

Download Submit
C:\Windows\System\PcgVjyN.exe

Filesize
1.5MB

MD5
e448da42d212396fbda5e6fea1e097be

SHA1
3f60c2d6fb2f105309b8043a33bd370a4a40d508

SHA256
c1f974261e412a9277c8f5d00acf0b4ec13db9b9753dbcf0c319acc4bdc2a8d8

SHA512
6964dadc01e540572e9fa45025ec8c3f86cd7b3d94382814e1713c7aea51f73263988087d71d1df01f5932edf724245c3f020bd66c62d57a152beced26ab3e94

Download Submit
C:\Windows\System\QcjWIps.exe

Filesize
1.5MB

MD5
d1e1fefeb8f8a2661e2b73bf66040561

SHA1
203a110b0d5b0a821934ed463e9cdfcb38afd4d1

SHA256
5dc6106e068e789bafdc798e44b0e8cc651e9c40c1038ede5fce47cf9c56e857

SHA512
0a4fc7624bafa64dde9560e2753c6859d854c65b3de77a6ab8a56e59754ea5501ba608b88023bc3185e56701fa37c489ace37e089b6f84c8b53588fcde533295

Download Submit
C:\Windows\System\RGAOoqQ.exe

Filesize
1.5MB

MD5
2caf6bd88b5f4fff2d0fa366bc8db66e

SHA1
ab36538c3c68823d4bd412a4cbfccc13cc6f1a7d

SHA256
dbf4b3f07c93489887b7e2a624cab60320f587b23045a80f8edf502b50694a6f

SHA512
33714e04afee323bb023abbefe269697b94d5fee84d87e9f765a65128a4dfa23bc4aba1082d0280570c8bc883b2d7166618fe412f67bea49d6b0168256b50c7a

Download Submit
C:\Windows\System\RqftGwY.exe

Filesize
1.5MB

MD5
bddb587da499dda9f26d9b35f9443399

SHA1
95d932be6aa46c9ddd6f1f2988a738ba2cdd5bfe

SHA256
46c1285e4730c1e9617790620f5e69c24a6bd2160e0fab804643b7efdc57c4e5

SHA512
6bc7f971c76fd927fa0921bf26e129036dddfb064a9f7c47cb4b4f94b9c7a5e24744aa2c8d211af2933a14d6aebe43a6b454251f8b204800f4a881387701c930

Download Submit
C:\Windows\System\ZncXPtm.exe

Filesize
1.5MB

MD5
69e537e61f29af3e05f48bb640f7cef9

SHA1
89b9ef35a3b58a22169f5cc4d730848fad0f765f

SHA256
4040c66602a144405a6e1c6d9410dad333d4b0ab9373204bab634a8b87903da1

SHA512
4a663dafac53c32db15ee5bfbe2b526ab9a3a6e7b5598e090a767410d69f089a6de431d55b7eac88ade795e36d8d4668d33754e295a13ef01454923e134a7575

Download Submit
C:\Windows\System\bOHdjhK.exe

Filesize
1.5MB

MD5
9f74175104aeace9614c8e2e3e3140f8

SHA1
5298fcd775240dabda1be60d64fc3599de54798f

SHA256
123225be6dce2c11c5fb28422b5d5bd2baadef8271b5b1d71f8a50f51481b86e

SHA512
29ad8520949a84309a7a883cb4d2a1dd16651f9440671ed14b4b5eb7d122f6024f7483e5585b5c3bf9ba5277824a0cd20c19ae74ce79cc8a9492be1fd78c64e2

Download Submit
C:\Windows\System\gYkDQRd.exe

Filesize
1.5MB

MD5
bc85113039ff71587ef778421cdd1c80

SHA1
b2fd5367ff32aace264c68162e1d64d999aecbc7

SHA256
66da280e6376380da2e7b6a0c4225c518059b4de22c6c1e26d69b55df405f1f1

SHA512
ff93750c206a0d98959577a21f8ba8942f58988f4db379605b87645142dea33c85f4367c846593df53601a88febe3f62ee1fab01bd284e7f306d8888f72d6c71

Download Submit
C:\Windows\System\hNpGvom.exe

Filesize
1.5MB

MD5
f83ded4bc4c438d4034a2d42db29dac7

SHA1
bec3f35530755d6fa6a9c5af342d993775be92bf

SHA256
1721aaf4cb90c7e091f5763b1508ff7bc4ab9aa353adc4445f021130a4c850ce

SHA512
14c88489f6f76ed4ef48260d51cfad4e5dc4fd04f99ef44f67416744f1e565ba1a81ca28ec95b2a2b527bd5d0e1fb86da2986362723acd3613997b467c72366a

Download Submit
C:\Windows\System\haZUhWW.exe

Filesize
1.5MB

MD5
957df8e9d5ff5581ef6a4567e0be3621

SHA1
a5c0e9765d9e77bf000a8c39124ea37601024d46

SHA256
ed4cd72f2ffc478587ceac87a65e01fe193f5cd055fcbf0e92769e7f2f7e9197

SHA512
dd63991516f92667535c21f7ec9eef54389ee820dec37c237f362a741dc6040549ab1ee3a7ce427d49b4e6d469a03f524f0ada3e6c654aac7f75eb6a2a4dfad7

Download Submit
C:\Windows\System\hpbOakH.exe

Filesize
1.5MB

MD5
053943ae4372b290aa323f275e8b03dd

SHA1
85f2588fd0c8b2d31d660464a3753a6bdc50d05e

SHA256
668a8a831e58ab7a2508cae91616b4e63c55b981446890b952b30677a43b5aa3

SHA512
f898767e891005d2d2733c0cd3fdefd1a8a25c3f425043bb5763331e03735ba57f957c64ebb27bff9e7e8c26729ca2b56f7f26bc372061248c145ff3f4ef0067

Download Submit
C:\Windows\System\hwExjGs.exe

Filesize
1.5MB

MD5
ac7bded036ae50db6e501fb25737b121

SHA1
c33898c9b7737ba05314cc20e1a75bc77404d817

SHA256
5d606e608c060f843b1148c6eb4461ff4c15521001b827d66dd29c49666c336f

SHA512
5f4d1ef78faa41d1aaf198b1a187a5ceed5bcbaf701cab7da086adf8c185ab99b82a6a20ac5947d2cbf720880ccda683b61a63b1dd450178276385174ad89838

Download Submit
C:\Windows\System\iXGfTku.exe

Filesize
1.5MB

MD5
7b835b893833912f8a060a3896b3980f

SHA1
66fabbd64d6c2b6909f6c387c17f28c3fa757e30

SHA256
063d6e5358f4ad28a4b71468a7f3b1b115c689f7f276d23c835d5545a3ae9e8d

SHA512
506a88d863fb531296938c1469f07b83551316cabd05883eff1bbde8b7ef5e49718e8a0ccdb232db122e5eb59512a9b9dc3beff60fb19dd60fe10ea12520eca1

Download Submit
C:\Windows\System\mNgKuxl.exe

Filesize
1.5MB

MD5
76de5bee906e81709311c8d86970c3bd

SHA1
36b604a9768ff37a8099862bbeaac4d41eb059cf

SHA256
0f43362f49edc8a2e80b0043d85bf27e28576c70eb7b025833f1f7862d5f297d

SHA512
fd60024d915c7e349f84b88ae14aba2ec510b063206f441ffb0131e17b28628cffc8d598c82d847b9434b13597d19daacd237ae5cd74a0e3fe213653ea190b0a

Download Submit
C:\Windows\System\muMAimq.exe

Filesize
1.5MB

MD5
3a65e07ada51f89c00108eb98d5eb014

SHA1
8fdd88f96668e15e0f1449a03858fe3f4a431a51

SHA256
2003c5e8e89bb74e59286a53319ac61b082467c750b67c1ed8f772424a350ed1

SHA512
dbfadd95a7d3bf760e7583f825900408f3c56c5eeb3db89381c2fb01d93b262af6387a0310ed873600c049ba8ad6f565e889ba2422bc9b3d2b476b6a36061c85

Download Submit
C:\Windows\System\ohVnnzZ.exe

Filesize
1.5MB

MD5
9ba6eec84782edccc19cee94a3d9dba9

SHA1
77cfdb23753d82000471a1d96091fd2be30391bd

SHA256
801a8976b9e4bdef69448b66bef112a26f92b708dcd46192f008db373fd8e90c

SHA512
f5fa888b9f4a9b4b96f3981e1db49a1b2fd4e4c6e87916ac7f5eafc8db419b00e83b811dd1621434007f88374dd2a2daabda99f0716eceaad6fb68d59cda82a6

Download Submit
C:\Windows\System\pAILsrm.exe

Filesize
1.5MB

MD5
00127b1d95517677ed1ee2947414d4b7

SHA1
2d56f09724023f93cd4acdcb14266890512bfed4

SHA256
919a31eba577c4298311391c61d0b2cbb3ef2870c42abf997c493714597167d5

SHA512
592c7b5be0cf123778571309606e710adb7c8d3687ab24a2f0e3cebfa6f273660e89ef73df6ca4d24273febbb4abbb59a335c9960d0667d55ada9218f74d442a

Download Submit
C:\Windows\System\rXRpCQF.exe

Filesize
1.5MB

MD5
c97b3cc52c5e57d84358e670ab671d8e

SHA1
629482e04c456a78766b8578f1c6e320d6011379

SHA256
386ea4c8cf9703b05ce34e2c03e489296cf5d24fbb0179fbf6a90c686b1b6c67

SHA512
a6f02149db200fc3e7e39745db08182b275a0e3e9821d313d0488df0d62529c435cacdcb4efae3c02db081f9201b9d4e83793d773d5f363ff77f4a7a5df4b9a7

Download Submit
C:\Windows\System\rcyxdfa.exe

Filesize
1.5MB

MD5
d5f326284968e9fc59e9d8ca94fe2324

SHA1
c4d090fc06b35f1a0c0579caab712e00e97bfcd5

SHA256
8aa1c27bb0b1958334224fd9ff86fe230fe149eed55efd81f0ce4e12a2fd8f9d

SHA512
22d7a72d9cfdb6b4a3d66795b6b82ef337f66bc7fed78a26f5e5c87863ece830e19e07ee2b3321ed45476922e810237c5c814abad626df9fd791bb6b4e6068e4

Download Submit
C:\Windows\System\rvylVaO.exe

Filesize
1.5MB

MD5
714ff49506678eb82fcc38c8c4899030

SHA1
17f6bef782880f4c420274ed8cad23b341ef2b63

SHA256
2a23a6e66783d5041acf1bb66aead4218cca97482bbdcfa0e29e3de1c0fe443c

SHA512
ba34b7b4866eb984a76a9f00cca95eafa645b9023acacf6a28241053fab6f76aaf6890bdb25f317e1f39fd44fc0c6a94d8cc5bc2cf690d1eb7b19f41a2ef6504

Download Submit
C:\Windows\System\sSTvGSM.exe

Filesize
1.5MB

MD5
7259a6a73e5ad9438171223d8bca0465

SHA1
6d078c6a6d2b6806f7be8acf092220e85ca72211

SHA256
bd025518e45e33df8daf070cc043edece3f75299fca768cddcafaabf184d5c8b

SHA512
2d4794e4719938733bad39d7d5fdf5b65a885d2e97427ff7206e7c1ff208c224824459dbb0f84cb89c4991a1a3f45d8e2a5a01d944fda4294db2daad282ac3ee

Download Submit
C:\Windows\System\vaqpfIs.exe

Filesize
1.5MB

MD5
34605af16723b019b7e9e13b1299cc63

SHA1
da4faf2b5d356535350a1b9db0e178d3956b6672

SHA256
7d054cb155ec8f558b0e15dcbef215c75065909c68708fbbd6a79ab7a40c4be3

SHA512
70a8b530a2ee773b5ec0a1d002bcdeae1a324525c976e8c1959963e1779511db5ac83974c4af7e18f18584265be4204c1080a1161332f3213feb85de123fdc1e

Download Submit
C:\Windows\System\wmdKDmI.exe

Filesize
1.5MB

MD5
6d61717b01898e38b350772036a78c94

SHA1
5b23b6aa547e8bd347a872d4a7031228c817f060

SHA256
8f7859108b8559e9d8ddd23b87b4c946c4db62755d8ebe7d304f32e6a512ae4c

SHA512
28948a841c5ae4e51b5a3bd775cd590fea75821db54f82dea2c9271fc1687a32d412b8d6edccac2894cca2525428fe841217c51256e35882c1df60055e01cb23

Download Submit
C:\Windows\System\zMCgkCd.exe

Filesize
1.5MB

MD5
fb214d2586a1ad118f83a1ba6445e653

SHA1
9dfdf6d167567fa8d7768efc3a2a76eb7d4d5581

SHA256
4b8ba891fec99137c7a8c2bbb380dc56dccb6149d14434e4c7272a10e996c478

SHA512
2a87a92cedc44e65dacf780f70527bac992d878166c19e2d3316abd1c587fd4b5726c3e1f103431a8b8b21d0b8cfb6dd8fdbb4141d691b07ea835afd51581f4c

Download Submit
C:\Windows\System\zaHnDSW.exe

Filesize
1.5MB

MD5
ef886e4c9a5f478f541e0b9124d322a6

SHA1
ad469b36300973c5b02b422322f755bff5694bf3

SHA256
4dfb7b506084195e6851125b28eb4e5d47e0e026465e8509df83a8a549beb488

SHA512
c3a143331a56afb01028923b60250709916797ebe5727461d6142b54b71cc18ad0363dcb03498a90bfb4b709fc45fcae70181043f5149a08774de5006fc3f5c3

Download Submit
memory/532-1-0x0000017976BE0000-0x0000017976BF0000-memory.dmp

Filesize
64KB

Download
memory/532-0-0x00007FF6D1010000-0x00007FF6D1402000-memory.dmp

Filesize
3.9MB

Download
memory/1124-95-0x00007FF6AD070000-0x00007FF6AD462000-memory.dmp

Filesize
3.9MB

Download
memory/1180-378-0x00007FF78A500000-0x00007FF78A8F2000-memory.dmp

Filesize
3.9MB

Download
memory/1684-377-0x00007FF61EED0000-0x00007FF61F2C2000-memory.dmp

Filesize
3.9MB

Download
memory/1860-140-0x00007FF72FF30000-0x00007FF730322000-memory.dmp

Filesize
3.9MB

Download
memory/1916-117-0x00007FF7F45E0000-0x00007FF7F49D2000-memory.dmp

Filesize
3.9MB

Download
memory/1956-57-0x00007FF71AA10000-0x00007FF71AE02000-memory.dmp

Filesize
3.9MB

Download
memory/2012-149-0x00007FF62B1D0000-0x00007FF62B5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2128-90-0x00007FF62A280000-0x00007FF62A672000-memory.dmp

Filesize
3.9MB

Download
memory/2324-139-0x00007FF6A1CE0000-0x00007FF6A20D2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-78-0x00007FF7AF230000-0x00007FF7AF622000-memory.dmp

Filesize
3.9MB

Download
memory/3204-166-0x00007FF638680000-0x00007FF638A72000-memory.dmp

Filesize
3.9MB

Download
memory/3252-112-0x00007FF628650000-0x00007FF628A42000-memory.dmp

Filesize
3.9MB

Download
memory/3892-94-0x00007FF6F0F30000-0x00007FF6F1322000-memory.dmp

Filesize
3.9MB

Download
memory/3896-118-0x00007FF6D5AB0000-0x00007FF6D5EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4024-148-0x00007FF7343B0000-0x00007FF7347A2000-memory.dmp

Filesize
3.9MB

Download
memory/4400-12-0x00007FF7C1C20000-0x00007FF7C2012000-memory.dmp

Filesize
3.9MB

Download
memory/4428-402-0x0000023C007B0000-0x0000023C00F56000-memory.dmp

Filesize
7.6MB

Download
memory/4428-76-0x0000023BFFFA0000-0x0000023BFFFC2000-memory.dmp

Filesize
136KB

Download
memory/4428-53-0x00007FFA9BDB0000-0x00007FFA9C871000-memory.dmp

Filesize
10.8MB

Download
memory/4428-13-0x0000023B9A110000-0x0000023B9A120000-memory.dmp

Filesize
64KB

Download
memory/4716-144-0x00007FF6AE2D0000-0x00007FF6AE6C2000-memory.dmp

Filesize
3.9MB

Download
memory/4848-134-0x00007FF71AD40000-0x00007FF71B132000-memory.dmp

Filesize
3.9MB

Download
memory/4864-103-0x00007FF6ED950000-0x00007FF6EDD42000-memory.dmp

Filesize
3.9MB

Download
memory/5044-86-0x00007FF6B6640000-0x00007FF6B6A32000-memory.dmp

Filesize
3.9MB

Download
memory/5112-155-0x00007FF603A60000-0x00007FF603E52000-memory.dmp

Filesize
3.9MB

Download