xmrig | 12bede5be696d90f1c88b05d3f43b9c63e5fb38e7fd6c3877bf92176c8bb896e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
Size

1.9MB
MD5

015cd7f00ae2f46d43429bcb683f99be
SHA1

08d99c19739f38cc3325a3594106a849efc9a247
SHA256

12bede5be696d90f1c88b05d3f43b9c63e5fb38e7fd6c3877bf92176c8bb896e
SHA512

288fc223aa86051c02ff1dc00bda611eec2d8874566739ac17f4dee20266a07f2908b54b3e74489f4137f15eb1098aa8579882ee9b8272b2d508f657f4ccc3f7
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHaf9I:NABv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/4592-63-0x00007FF774A20000-0x00007FF774E12000-memory.dmp	xmrig
behavioral2/memory/2664-65-0x00007FF7E4B10000-0x00007FF7E4F02000-memory.dmp	xmrig
behavioral2/memory/1424-61-0x00007FF601150000-0x00007FF601542000-memory.dmp	xmrig
behavioral2/memory/4348-56-0x00007FF7C0780000-0x00007FF7C0B72000-memory.dmp	xmrig
behavioral2/memory/3756-100-0x00007FF722850000-0x00007FF722C42000-memory.dmp	xmrig
behavioral2/memory/4832-135-0x00007FF6D22E0000-0x00007FF6D26D2000-memory.dmp	xmrig
behavioral2/memory/3764-136-0x00007FF6887C0000-0x00007FF688BB2000-memory.dmp	xmrig
behavioral2/memory/1184-150-0x00007FF7C85B0000-0x00007FF7C89A2000-memory.dmp	xmrig
behavioral2/memory/1372-149-0x00007FF66B3E0000-0x00007FF66B7D2000-memory.dmp	xmrig
behavioral2/memory/4512-139-0x00007FF6EDD90000-0x00007FF6EE182000-memory.dmp	xmrig
behavioral2/memory/3400-130-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp	xmrig
behavioral2/memory/5036-101-0x00007FF67F650000-0x00007FF67FA42000-memory.dmp	xmrig
behavioral2/memory/4644-1065-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp	xmrig
behavioral2/memory/4032-1692-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp	xmrig
behavioral2/memory/1388-2337-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp	xmrig
behavioral2/memory/2748-2357-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp	xmrig
behavioral2/memory/3900-2358-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp	xmrig
behavioral2/memory/3984-2372-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp	xmrig
behavioral2/memory/608-2373-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp	xmrig
behavioral2/memory/3756-2375-0x00007FF722850000-0x00007FF722C42000-memory.dmp	xmrig
behavioral2/memory/4644-2377-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp	xmrig
behavioral2/memory/4032-2380-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp	xmrig
behavioral2/memory/4424-2389-0x00007FF78FE00000-0x00007FF7901F2000-memory.dmp	xmrig
behavioral2/memory/4968-2391-0x00007FF634C80000-0x00007FF635072000-memory.dmp	xmrig
behavioral2/memory/4592-2388-0x00007FF774A20000-0x00007FF774E12000-memory.dmp	xmrig
behavioral2/memory/4348-2385-0x00007FF7C0780000-0x00007FF7C0B72000-memory.dmp	xmrig
behavioral2/memory/2664-2384-0x00007FF7E4B10000-0x00007FF7E4F02000-memory.dmp	xmrig
behavioral2/memory/1424-2382-0x00007FF601150000-0x00007FF601542000-memory.dmp	xmrig
behavioral2/memory/2748-2393-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp	xmrig
behavioral2/memory/1388-2395-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp	xmrig
behavioral2/memory/3400-2428-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp	xmrig
behavioral2/memory/1152-2441-0x00007FF714760000-0x00007FF714B52000-memory.dmp	xmrig
behavioral2/memory/3900-2443-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp	xmrig
behavioral2/memory/5036-2445-0x00007FF67F650000-0x00007FF67FA42000-memory.dmp	xmrig
behavioral2/memory/3984-2462-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp	xmrig
behavioral2/memory/608-2464-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp	xmrig
behavioral2/memory/3400-2466-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp	xmrig
behavioral2/memory/4832-2472-0x00007FF6D22E0000-0x00007FF6D26D2000-memory.dmp	xmrig
behavioral2/memory/1372-2471-0x00007FF66B3E0000-0x00007FF66B7D2000-memory.dmp	xmrig
behavioral2/memory/3764-2469-0x00007FF6887C0000-0x00007FF688BB2000-memory.dmp	xmrig
behavioral2/memory/1184-2479-0x00007FF7C85B0000-0x00007FF7C89A2000-memory.dmp	xmrig
behavioral2/memory/1152-2477-0x00007FF714760000-0x00007FF714B52000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
4	3368	powershell.exe
8	3368	powershell.exe
16	3368	powershell.exe
17	3368	powershell.exe
21	3368	powershell.exe
28	3368	powershell.exe
29	3368	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3756	txhowEf.exe
4644	dIEJtvV.exe
4424	kPKQyFG.exe
4032	xVkvPhB.exe
4592	cDqcDoi.exe
4968	jfDenrL.exe
4348	uQJbtxV.exe
2664	qfasCBV.exe
1424	JTDHyPF.exe
2748	zNUXzfJ.exe
1388	pYFazBx.exe
3900	MZRRCOn.exe
3984	RDrQgGD.exe
5036	dgXDoej.exe
608	VtDymRC.exe
1372	nnoVRgM.exe
3400	TOJBKSZ.exe
4832	iFJKQSs.exe
3764	BdZnzRA.exe
1184	UJBYlIE.exe
1152	txwTLRi.exe
3200	pVqqGJv.exe
4796	oWmjCQY.exe
1440	gdfrpcD.exe
2944	nvGeGSW.exe
5000	FZIjgva.exe
3708	DGRbaFB.exe
2896	kePLrke.exe
4296	nzMWWuD.exe
4680	GBbmFwO.exe
2344	unPfChC.exe
3700	FndLmdI.exe
3624	zFjHihl.exe
2940	IWwWUMt.exe
2256	yixzOKv.exe
4976	EIVfFIz.exe
3360	wkRyuNF.exe
3508	CYsGBIN.exe
3364	bSXzpFK.exe
4328	AXbccid.exe
4804	ArHnPCC.exe
1188	lUfSXHL.exe
4416	uNyOAbk.exe
936	HHhwEsK.exe
3524	JtUKrky.exe
1064	XJHUows.exe
4620	XsScDbA.exe
4728	GjnhplK.exe
4292	sQemVvT.exe
4916	ufGhbix.exe
3304	NxtUlBk.exe
3648	rJDCCtv.exe
2640	cmBeDVs.exe
3184	WcrEpGO.exe
2968	YAwTkaG.exe
3696	ESjOAlR.exe
4376	pskhuoa.exe
4880	eNSOXeY.exe
1772	NstOOiE.exe
436	guVhhSY.exe
3616	pdWSeyo.exe
1180	jyeprIE.exe
3724	mYWLYSB.exe
332	JAjHSaY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4512-0-0x00007FF6EDD90000-0x00007FF6EE182000-memory.dmp	upx
behavioral2/files/0x000800000002346d-7.dat	upx
behavioral2/files/0x0006000000022fa8-5.dat	upx
behavioral2/files/0x000700000002346f-25.dat	upx
behavioral2/files/0x000700000002346e-26.dat	upx
behavioral2/memory/4032-29-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp	upx
behavioral2/files/0x0007000000023471-34.dat	upx
behavioral2/memory/4968-41-0x00007FF634C80000-0x00007FF635072000-memory.dmp	upx
behavioral2/files/0x0007000000023472-51.dat	upx
behavioral2/memory/1388-62-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp	upx
behavioral2/memory/4592-63-0x00007FF774A20000-0x00007FF774E12000-memory.dmp	upx
behavioral2/files/0x0007000000023474-69.dat	upx
behavioral2/files/0x0007000000023475-67.dat	upx
behavioral2/memory/2748-66-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp	upx
behavioral2/memory/2664-65-0x00007FF7E4B10000-0x00007FF7E4F02000-memory.dmp	upx
behavioral2/memory/1424-61-0x00007FF601150000-0x00007FF601542000-memory.dmp	upx
behavioral2/memory/4348-56-0x00007FF7C0780000-0x00007FF7C0B72000-memory.dmp	upx
behavioral2/files/0x0007000000023473-49.dat	upx
behavioral2/files/0x0007000000023470-33.dat	upx
behavioral2/memory/4424-23-0x00007FF78FE00000-0x00007FF7901F2000-memory.dmp	upx
behavioral2/memory/4644-20-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp	upx
behavioral2/files/0x000800000002346a-15.dat	upx
behavioral2/memory/3756-12-0x00007FF722850000-0x00007FF722C42000-memory.dmp	upx
behavioral2/files/0x0007000000023476-85.dat	upx
behavioral2/memory/3900-90-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp	upx
behavioral2/files/0x0008000000023477-97.dat	upx
behavioral2/files/0x000800000002346b-95.dat	upx
behavioral2/memory/3984-92-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp	upx
behavioral2/memory/3756-100-0x00007FF722850000-0x00007FF722C42000-memory.dmp	upx
behavioral2/files/0x0008000000023478-103.dat	upx
behavioral2/files/0x000700000002347b-119.dat	upx
behavioral2/files/0x000700000002347a-123.dat	upx
behavioral2/files/0x000700000002347d-131.dat	upx
behavioral2/memory/4832-135-0x00007FF6D22E0000-0x00007FF6D26D2000-memory.dmp	upx
behavioral2/memory/3764-136-0x00007FF6887C0000-0x00007FF688BB2000-memory.dmp	upx
behavioral2/files/0x000700000002347f-145.dat	upx
behavioral2/files/0x000700000002347e-154.dat	upx
behavioral2/files/0x0007000000023481-158.dat	upx
behavioral2/files/0x0007000000023480-156.dat	upx
behavioral2/memory/1184-150-0x00007FF7C85B0000-0x00007FF7C89A2000-memory.dmp	upx
behavioral2/memory/1372-149-0x00007FF66B3E0000-0x00007FF66B7D2000-memory.dmp	upx
behavioral2/memory/4512-139-0x00007FF6EDD90000-0x00007FF6EE182000-memory.dmp	upx
behavioral2/memory/1152-138-0x00007FF714760000-0x00007FF714B52000-memory.dmp	upx
behavioral2/files/0x000700000002347c-125.dat	upx
behavioral2/memory/3400-130-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp	upx
behavioral2/files/0x0007000000023479-121.dat	upx
behavioral2/memory/608-122-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp	upx
behavioral2/memory/5036-101-0x00007FF67F650000-0x00007FF67FA42000-memory.dmp	upx
behavioral2/files/0x000700000002349c-208.dat	upx
behavioral2/files/0x0007000000023482-198.dat	upx
behavioral2/files/0x00070000000234a0-267.dat	upx
behavioral2/files/0x00070000000234a4-274.dat	upx
behavioral2/files/0x00070000000234a3-272.dat	upx
behavioral2/files/0x000700000002349d-265.dat	upx
behavioral2/files/0x00070000000234a7-385.dat	upx
behavioral2/files/0x00070000000234cf-391.dat	upx
behavioral2/files/0x00070000000234d2-398.dat	upx
behavioral2/memory/4644-1065-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp	upx
behavioral2/memory/4032-1692-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp	upx
behavioral2/memory/1388-2337-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp	upx
behavioral2/memory/2748-2357-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp	upx
behavioral2/memory/3900-2358-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp	upx
behavioral2/memory/3984-2372-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp	upx
behavioral2/memory/608-2373-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EmxQMry.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\nxvmifH.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\LiRlEAb.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\mAPwTYM.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\GzTdsCs.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\CoZJJtM.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\CPnaSTy.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\LsmAYfr.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\lUfSXHL.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\gEZiUyo.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\nFKnKzy.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\UdwKEJc.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\nEXvJGk.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\ISeZSZe.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\SIrBEPY.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\xuNaftj.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\MfgtKJO.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\wJcPcOj.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\cmRKmpj.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\qoZCGUf.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\Zoxmbix.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\BqdsSNa.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\FnHmsPA.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\aKNhyyy.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\JCIzvhW.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\OtcxSzf.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\BadbsnD.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\esWOtQO.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\yMADpui.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\nxlHsPr.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\HHhwEsK.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\kedthFy.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\FUZbidu.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\HvNwbNt.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\CnaSPWT.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\dpYdnTV.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\mfIfzSg.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\jJZzLNa.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\lMWKphl.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\AQqFAAZ.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\XgrXOjy.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\vhDWxTR.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\YJjVyxW.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\jWywPQP.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\TrIqUSG.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\pJJSdLV.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\lZGZlya.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\BlXyiIi.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\GBbmFwO.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\TOJBKSZ.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\GjnhplK.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\eQEZGeq.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\qtcxeCa.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\txhowEf.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\WcrEpGO.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\LALFwzJ.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\UOtglgO.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\wkRyuNF.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\Zyvmyvn.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\DztsAIH.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\meNIhnp.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\gorgTpm.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\vRCCXkc.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
File created	C:\Windows\System\iMKUJna.exe	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3368	powershell.exe
3368	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
Token: SeDebugPrivilege	3368	powershell.exe
Token: SeLockMemoryPrivilege	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3368	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	83
PID 4512 wrote to memory of 3368	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	83
PID 4512 wrote to memory of 3756	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	84
PID 4512 wrote to memory of 3756	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	84
PID 4512 wrote to memory of 4644	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	85
PID 4512 wrote to memory of 4644	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	85
PID 4512 wrote to memory of 4424	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	86
PID 4512 wrote to memory of 4424	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	86
PID 4512 wrote to memory of 4592	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	87
PID 4512 wrote to memory of 4592	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	87
PID 4512 wrote to memory of 4032	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	88
PID 4512 wrote to memory of 4032	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	88
PID 4512 wrote to memory of 4968	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	89
PID 4512 wrote to memory of 4968	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	89
PID 4512 wrote to memory of 4348	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	90
PID 4512 wrote to memory of 4348	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	90
PID 4512 wrote to memory of 1424	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	91
PID 4512 wrote to memory of 1424	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	91
PID 4512 wrote to memory of 2664	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	92
PID 4512 wrote to memory of 2664	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	92
PID 4512 wrote to memory of 2748	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	93
PID 4512 wrote to memory of 2748	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	93
PID 4512 wrote to memory of 1388	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	94
PID 4512 wrote to memory of 1388	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	94
PID 4512 wrote to memory of 3900	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	96
PID 4512 wrote to memory of 3900	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	96
PID 4512 wrote to memory of 3984	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	97
PID 4512 wrote to memory of 3984	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	97
PID 4512 wrote to memory of 5036	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	98
PID 4512 wrote to memory of 5036	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	98
PID 4512 wrote to memory of 608	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	99
PID 4512 wrote to memory of 608	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	99
PID 4512 wrote to memory of 1372	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	100
PID 4512 wrote to memory of 1372	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	100
PID 4512 wrote to memory of 3400	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	101
PID 4512 wrote to memory of 3400	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	101
PID 4512 wrote to memory of 4832	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	102
PID 4512 wrote to memory of 4832	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	102
PID 4512 wrote to memory of 3764	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	103
PID 4512 wrote to memory of 3764	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	103
PID 4512 wrote to memory of 1184	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	104
PID 4512 wrote to memory of 1184	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	104
PID 4512 wrote to memory of 1152	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	105
PID 4512 wrote to memory of 1152	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	105
PID 4512 wrote to memory of 3200	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	106
PID 4512 wrote to memory of 3200	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	106
PID 4512 wrote to memory of 4796	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	107
PID 4512 wrote to memory of 4796	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	107
PID 4512 wrote to memory of 1440	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	108
PID 4512 wrote to memory of 1440	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	108
PID 4512 wrote to memory of 2944	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	109
PID 4512 wrote to memory of 2944	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	109
PID 4512 wrote to memory of 5000	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	110
PID 4512 wrote to memory of 5000	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	110
PID 4512 wrote to memory of 3708	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	111
PID 4512 wrote to memory of 3708	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	111
PID 4512 wrote to memory of 2896	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	112
PID 4512 wrote to memory of 2896	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	112
PID 4512 wrote to memory of 4296	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	113
PID 4512 wrote to memory of 4296	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	113
PID 4512 wrote to memory of 4680	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	114
PID 4512 wrote to memory of 4680	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	114
PID 4512 wrote to memory of 2344	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	115
PID 4512 wrote to memory of 2344	4512	015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\015cd7f00ae2f46d43429bcb683f99be_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3368
- C:\Windows\System\txhowEf.exe
  C:\Windows\System\txhowEf.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\dIEJtvV.exe
  C:\Windows\System\dIEJtvV.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\kPKQyFG.exe
  C:\Windows\System\kPKQyFG.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\cDqcDoi.exe
  C:\Windows\System\cDqcDoi.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\xVkvPhB.exe
  C:\Windows\System\xVkvPhB.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jfDenrL.exe
  C:\Windows\System\jfDenrL.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\uQJbtxV.exe
  C:\Windows\System\uQJbtxV.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\JTDHyPF.exe
  C:\Windows\System\JTDHyPF.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\qfasCBV.exe
  C:\Windows\System\qfasCBV.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\zNUXzfJ.exe
  C:\Windows\System\zNUXzfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\pYFazBx.exe
  C:\Windows\System\pYFazBx.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\MZRRCOn.exe
  C:\Windows\System\MZRRCOn.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\RDrQgGD.exe
  C:\Windows\System\RDrQgGD.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\dgXDoej.exe
  C:\Windows\System\dgXDoej.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\VtDymRC.exe
  C:\Windows\System\VtDymRC.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\nnoVRgM.exe
  C:\Windows\System\nnoVRgM.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\TOJBKSZ.exe
  C:\Windows\System\TOJBKSZ.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\iFJKQSs.exe
  C:\Windows\System\iFJKQSs.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\BdZnzRA.exe
  C:\Windows\System\BdZnzRA.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\UJBYlIE.exe
  C:\Windows\System\UJBYlIE.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\txwTLRi.exe
  C:\Windows\System\txwTLRi.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\pVqqGJv.exe
  C:\Windows\System\pVqqGJv.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\oWmjCQY.exe
  C:\Windows\System\oWmjCQY.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\gdfrpcD.exe
  C:\Windows\System\gdfrpcD.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\nvGeGSW.exe
  C:\Windows\System\nvGeGSW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FZIjgva.exe
  C:\Windows\System\FZIjgva.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\DGRbaFB.exe
  C:\Windows\System\DGRbaFB.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\kePLrke.exe
  C:\Windows\System\kePLrke.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nzMWWuD.exe
  C:\Windows\System\nzMWWuD.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\GBbmFwO.exe
  C:\Windows\System\GBbmFwO.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\unPfChC.exe
  C:\Windows\System\unPfChC.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\FndLmdI.exe
  C:\Windows\System\FndLmdI.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\zFjHihl.exe
  C:\Windows\System\zFjHihl.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\IWwWUMt.exe
  C:\Windows\System\IWwWUMt.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\yixzOKv.exe
  C:\Windows\System\yixzOKv.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\EIVfFIz.exe
  C:\Windows\System\EIVfFIz.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\wkRyuNF.exe
  C:\Windows\System\wkRyuNF.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\CYsGBIN.exe
  C:\Windows\System\CYsGBIN.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\bSXzpFK.exe
  C:\Windows\System\bSXzpFK.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\AXbccid.exe
  C:\Windows\System\AXbccid.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ArHnPCC.exe
  C:\Windows\System\ArHnPCC.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\lUfSXHL.exe
  C:\Windows\System\lUfSXHL.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\uNyOAbk.exe
  C:\Windows\System\uNyOAbk.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\HHhwEsK.exe
  C:\Windows\System\HHhwEsK.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\JtUKrky.exe
  C:\Windows\System\JtUKrky.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\XJHUows.exe
  C:\Windows\System\XJHUows.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\XsScDbA.exe
  C:\Windows\System\XsScDbA.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\GjnhplK.exe
  C:\Windows\System\GjnhplK.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\sQemVvT.exe
  C:\Windows\System\sQemVvT.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\ufGhbix.exe
  C:\Windows\System\ufGhbix.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\NxtUlBk.exe
  C:\Windows\System\NxtUlBk.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\rJDCCtv.exe
  C:\Windows\System\rJDCCtv.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\cmBeDVs.exe
  C:\Windows\System\cmBeDVs.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WcrEpGO.exe
  C:\Windows\System\WcrEpGO.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\YAwTkaG.exe
  C:\Windows\System\YAwTkaG.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ESjOAlR.exe
  C:\Windows\System\ESjOAlR.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\pskhuoa.exe
  C:\Windows\System\pskhuoa.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\eNSOXeY.exe
  C:\Windows\System\eNSOXeY.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\NstOOiE.exe
  C:\Windows\System\NstOOiE.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\guVhhSY.exe
  C:\Windows\System\guVhhSY.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\pdWSeyo.exe
  C:\Windows\System\pdWSeyo.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\jyeprIE.exe
  C:\Windows\System\jyeprIE.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\mYWLYSB.exe
  C:\Windows\System\mYWLYSB.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\JAjHSaY.exe
  C:\Windows\System\JAjHSaY.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\fFJAUnd.exe
  C:\Windows\System\fFJAUnd.exe
  2⤵
  PID:4812
- C:\Windows\System\DGWsKix.exe
  C:\Windows\System\DGWsKix.exe
  2⤵
  PID:3152
- C:\Windows\System\YqiuwAW.exe
  C:\Windows\System\YqiuwAW.exe
  2⤵
  PID:1804
- C:\Windows\System\RlPEAla.exe
  C:\Windows\System\RlPEAla.exe
  2⤵
  PID:3812
- C:\Windows\System\VjTtPGS.exe
  C:\Windows\System\VjTtPGS.exe
  2⤵
  PID:2040
- C:\Windows\System\bZFDbVV.exe
  C:\Windows\System\bZFDbVV.exe
  2⤵
  PID:4448
- C:\Windows\System\cHJOdkZ.exe
  C:\Windows\System\cHJOdkZ.exe
  2⤵
  PID:4948
- C:\Windows\System\ALCcCkx.exe
  C:\Windows\System\ALCcCkx.exe
  2⤵
  PID:4508
- C:\Windows\System\TrIqUSG.exe
  C:\Windows\System\TrIqUSG.exe
  2⤵
  PID:3192
- C:\Windows\System\zlhlhie.exe
  C:\Windows\System\zlhlhie.exe
  2⤵
  PID:1100
- C:\Windows\System\mhYkixe.exe
  C:\Windows\System\mhYkixe.exe
  2⤵
  PID:2368
- C:\Windows\System\rRjcdyG.exe
  C:\Windows\System\rRjcdyG.exe
  2⤵
  PID:2868
- C:\Windows\System\RboOlgT.exe
  C:\Windows\System\RboOlgT.exe
  2⤵
  PID:2396
- C:\Windows\System\TIjZJcE.exe
  C:\Windows\System\TIjZJcE.exe
  2⤵
  PID:3564
- C:\Windows\System\spTBeXP.exe
  C:\Windows\System\spTBeXP.exe
  2⤵
  PID:5108
- C:\Windows\System\WEIMkwa.exe
  C:\Windows\System\WEIMkwa.exe
  2⤵
  PID:4136
- C:\Windows\System\UUMIyrm.exe
  C:\Windows\System\UUMIyrm.exe
  2⤵
  PID:4748
- C:\Windows\System\AQqFAAZ.exe
  C:\Windows\System\AQqFAAZ.exe
  2⤵
  PID:4552
- C:\Windows\System\zHWWPEg.exe
  C:\Windows\System\zHWWPEg.exe
  2⤵
  PID:944
- C:\Windows\System\RrQPBpp.exe
  C:\Windows\System\RrQPBpp.exe
  2⤵
  PID:1436
- C:\Windows\System\xktoSAo.exe
  C:\Windows\System\xktoSAo.exe
  2⤵
  PID:2712
- C:\Windows\System\vAlZaJM.exe
  C:\Windows\System\vAlZaJM.exe
  2⤵
  PID:1976
- C:\Windows\System\GzTdsCs.exe
  C:\Windows\System\GzTdsCs.exe
  2⤵
  PID:4280
- C:\Windows\System\gnFnlHQ.exe
  C:\Windows\System\gnFnlHQ.exe
  2⤵
  PID:4912
- C:\Windows\System\LJtIpqj.exe
  C:\Windows\System\LJtIpqj.exe
  2⤵
  PID:5080
- C:\Windows\System\WLhtjuB.exe
  C:\Windows\System\WLhtjuB.exe
  2⤵
  PID:524
- C:\Windows\System\DTAEFkw.exe
  C:\Windows\System\DTAEFkw.exe
  2⤵
  PID:3540
- C:\Windows\System\LALFwzJ.exe
  C:\Windows\System\LALFwzJ.exe
  2⤵
  PID:4412
- C:\Windows\System\dRMqCKM.exe
  C:\Windows\System\dRMqCKM.exe
  2⤵
  PID:5124
- C:\Windows\System\QnAIAdL.exe
  C:\Windows\System\QnAIAdL.exe
  2⤵
  PID:5140
- C:\Windows\System\EFkpzVq.exe
  C:\Windows\System\EFkpzVq.exe
  2⤵
  PID:5164
- C:\Windows\System\fZGwzbj.exe
  C:\Windows\System\fZGwzbj.exe
  2⤵
  PID:5184
- C:\Windows\System\MWyPZCj.exe
  C:\Windows\System\MWyPZCj.exe
  2⤵
  PID:5204
- C:\Windows\System\lZGZlya.exe
  C:\Windows\System\lZGZlya.exe
  2⤵
  PID:5228
- C:\Windows\System\meNIhnp.exe
  C:\Windows\System\meNIhnp.exe
  2⤵
  PID:5252
- C:\Windows\System\bHFaWCv.exe
  C:\Windows\System\bHFaWCv.exe
  2⤵
  PID:5268
- C:\Windows\System\pJJSdLV.exe
  C:\Windows\System\pJJSdLV.exe
  2⤵
  PID:5292
- C:\Windows\System\RyqiRnj.exe
  C:\Windows\System\RyqiRnj.exe
  2⤵
  PID:5360
- C:\Windows\System\GfQuTLw.exe
  C:\Windows\System\GfQuTLw.exe
  2⤵
  PID:5380
- C:\Windows\System\CdWRxKK.exe
  C:\Windows\System\CdWRxKK.exe
  2⤵
  PID:5412
- C:\Windows\System\dFdOmbR.exe
  C:\Windows\System\dFdOmbR.exe
  2⤵
  PID:5436
- C:\Windows\System\WPqefTW.exe
  C:\Windows\System\WPqefTW.exe
  2⤵
  PID:5472
- C:\Windows\System\Zyvmyvn.exe
  C:\Windows\System\Zyvmyvn.exe
  2⤵
  PID:5496
- C:\Windows\System\zNwQlIn.exe
  C:\Windows\System\zNwQlIn.exe
  2⤵
  PID:5512
- C:\Windows\System\iKpbgwn.exe
  C:\Windows\System\iKpbgwn.exe
  2⤵
  PID:5536
- C:\Windows\System\qrEvGiP.exe
  C:\Windows\System\qrEvGiP.exe
  2⤵
  PID:5572
- C:\Windows\System\tVpiDTl.exe
  C:\Windows\System\tVpiDTl.exe
  2⤵
  PID:5592
- C:\Windows\System\ygoSTWX.exe
  C:\Windows\System\ygoSTWX.exe
  2⤵
  PID:5616
- C:\Windows\System\vGloFOM.exe
  C:\Windows\System\vGloFOM.exe
  2⤵
  PID:5644
- C:\Windows\System\LEDsAeY.exe
  C:\Windows\System\LEDsAeY.exe
  2⤵
  PID:5676
- C:\Windows\System\fpvLVCR.exe
  C:\Windows\System\fpvLVCR.exe
  2⤵
  PID:5708
- C:\Windows\System\fLigujo.exe
  C:\Windows\System\fLigujo.exe
  2⤵
  PID:5732
- C:\Windows\System\ewvxIIJ.exe
  C:\Windows\System\ewvxIIJ.exe
  2⤵
  PID:5784
- C:\Windows\System\jPFylHH.exe
  C:\Windows\System\jPFylHH.exe
  2⤵
  PID:5820
- C:\Windows\System\iDiuEbw.exe
  C:\Windows\System\iDiuEbw.exe
  2⤵
  PID:5840
- C:\Windows\System\UhViwzA.exe
  C:\Windows\System\UhViwzA.exe
  2⤵
  PID:5896
- C:\Windows\System\SlgsfLx.exe
  C:\Windows\System\SlgsfLx.exe
  2⤵
  PID:5916
- C:\Windows\System\VuFxoKO.exe
  C:\Windows\System\VuFxoKO.exe
  2⤵
  PID:5940
- C:\Windows\System\mIKNcFu.exe
  C:\Windows\System\mIKNcFu.exe
  2⤵
  PID:5964
- C:\Windows\System\EuSUwoh.exe
  C:\Windows\System\EuSUwoh.exe
  2⤵
  PID:5980
- C:\Windows\System\qoZCGUf.exe
  C:\Windows\System\qoZCGUf.exe
  2⤵
  PID:5996
- C:\Windows\System\JCIzvhW.exe
  C:\Windows\System\JCIzvhW.exe
  2⤵
  PID:6016
- C:\Windows\System\mBhHZcR.exe
  C:\Windows\System\mBhHZcR.exe
  2⤵
  PID:6076
- C:\Windows\System\RxrylwF.exe
  C:\Windows\System\RxrylwF.exe
  2⤵
  PID:6108
- C:\Windows\System\CWGyqlX.exe
  C:\Windows\System\CWGyqlX.exe
  2⤵
  PID:6124
- C:\Windows\System\PicQnbL.exe
  C:\Windows\System\PicQnbL.exe
  2⤵
  PID:1900
- C:\Windows\System\rLKkYXB.exe
  C:\Windows\System\rLKkYXB.exe
  2⤵
  PID:5196
- C:\Windows\System\HcCpNJO.exe
  C:\Windows\System\HcCpNJO.exe
  2⤵
  PID:5288
- C:\Windows\System\FwtMxIx.exe
  C:\Windows\System\FwtMxIx.exe
  2⤵
  PID:5348
- C:\Windows\System\wzSWetD.exe
  C:\Windows\System\wzSWetD.exe
  2⤵
  PID:5404
- C:\Windows\System\AmPrgid.exe
  C:\Windows\System\AmPrgid.exe
  2⤵
  PID:5488
- C:\Windows\System\WitBPSi.exe
  C:\Windows\System\WitBPSi.exe
  2⤵
  PID:5464
- C:\Windows\System\lDHWJJk.exe
  C:\Windows\System\lDHWJJk.exe
  2⤵
  PID:5528
- C:\Windows\System\FnHmsPA.exe
  C:\Windows\System\FnHmsPA.exe
  2⤵
  PID:5760
- C:\Windows\System\fyLhrhI.exe
  C:\Windows\System\fyLhrhI.exe
  2⤵
  PID:5728
- C:\Windows\System\MYDwfFZ.exe
  C:\Windows\System\MYDwfFZ.exe
  2⤵
  PID:5836
- C:\Windows\System\BGsvaWR.exe
  C:\Windows\System\BGsvaWR.exe
  2⤵
  PID:5876
- C:\Windows\System\CoZJJtM.exe
  C:\Windows\System\CoZJJtM.exe
  2⤵
  PID:5888
- C:\Windows\System\lWJGVcM.exe
  C:\Windows\System\lWJGVcM.exe
  2⤵
  PID:6024
- C:\Windows\System\YMXPgmG.exe
  C:\Windows\System\YMXPgmG.exe
  2⤵
  PID:6120
- C:\Windows\System\dCTEevL.exe
  C:\Windows\System\dCTEevL.exe
  2⤵
  PID:5180
- C:\Windows\System\lOjHIHp.exe
  C:\Windows\System\lOjHIHp.exe
  2⤵
  PID:5260
- C:\Windows\System\dMbIEUm.exe
  C:\Windows\System\dMbIEUm.exe
  2⤵
  PID:5480
- C:\Windows\System\MpBZpMW.exe
  C:\Windows\System\MpBZpMW.exe
  2⤵
  PID:5432
- C:\Windows\System\MplIGzj.exe
  C:\Windows\System\MplIGzj.exe
  2⤵
  PID:5584
- C:\Windows\System\KMrDeXa.exe
  C:\Windows\System\KMrDeXa.exe
  2⤵
  PID:5672
- C:\Windows\System\FUeZMmU.exe
  C:\Windows\System\FUeZMmU.exe
  2⤵
  PID:5804
- C:\Windows\System\vDXCZIo.exe
  C:\Windows\System\vDXCZIo.exe
  2⤵
  PID:5812
- C:\Windows\System\YPWHAwB.exe
  C:\Windows\System\YPWHAwB.exe
  2⤵
  PID:6012
- C:\Windows\System\rAKqGdW.exe
  C:\Windows\System\rAKqGdW.exe
  2⤵
  PID:5264
- C:\Windows\System\dCrCqQZ.exe
  C:\Windows\System\dCrCqQZ.exe
  2⤵
  PID:5492
- C:\Windows\System\LlZFUIA.exe
  C:\Windows\System\LlZFUIA.exe
  2⤵
  PID:5684
- C:\Windows\System\hhrOzaU.exe
  C:\Windows\System\hhrOzaU.exe
  2⤵
  PID:5236
- C:\Windows\System\SxHrOMn.exe
  C:\Windows\System\SxHrOMn.exe
  2⤵
  PID:6160
- C:\Windows\System\mjGArAa.exe
  C:\Windows\System\mjGArAa.exe
  2⤵
  PID:6180
- C:\Windows\System\xpQohen.exe
  C:\Windows\System\xpQohen.exe
  2⤵
  PID:6204
- C:\Windows\System\xfujDFB.exe
  C:\Windows\System\xfujDFB.exe
  2⤵
  PID:6220
- C:\Windows\System\RHccMhx.exe
  C:\Windows\System\RHccMhx.exe
  2⤵
  PID:6248
- C:\Windows\System\AlxWFlJ.exe
  C:\Windows\System\AlxWFlJ.exe
  2⤵
  PID:6268
- C:\Windows\System\AyTVDIM.exe
  C:\Windows\System\AyTVDIM.exe
  2⤵
  PID:6296
- C:\Windows\System\OFqOulD.exe
  C:\Windows\System\OFqOulD.exe
  2⤵
  PID:6316
- C:\Windows\System\kIGsjAR.exe
  C:\Windows\System\kIGsjAR.exe
  2⤵
  PID:6372
- C:\Windows\System\ylbsbAa.exe
  C:\Windows\System\ylbsbAa.exe
  2⤵
  PID:6388
- C:\Windows\System\glJpWeV.exe
  C:\Windows\System\glJpWeV.exe
  2⤵
  PID:6412
- C:\Windows\System\oXuvBKh.exe
  C:\Windows\System\oXuvBKh.exe
  2⤵
  PID:6468
- C:\Windows\System\yceFFMj.exe
  C:\Windows\System\yceFFMj.exe
  2⤵
  PID:6484
- C:\Windows\System\sqlNlUp.exe
  C:\Windows\System\sqlNlUp.exe
  2⤵
  PID:6508
- C:\Windows\System\dzxFxys.exe
  C:\Windows\System\dzxFxys.exe
  2⤵
  PID:6528
- C:\Windows\System\BqdsSNa.exe
  C:\Windows\System\BqdsSNa.exe
  2⤵
  PID:6552
- C:\Windows\System\FmvcAyd.exe
  C:\Windows\System\FmvcAyd.exe
  2⤵
  PID:6568
- C:\Windows\System\ISeZSZe.exe
  C:\Windows\System\ISeZSZe.exe
  2⤵
  PID:6588
- C:\Windows\System\KTCqBva.exe
  C:\Windows\System\KTCqBva.exe
  2⤵
  PID:6612
- C:\Windows\System\TsGrIzu.exe
  C:\Windows\System\TsGrIzu.exe
  2⤵
  PID:6632
- C:\Windows\System\EzUytzE.exe
  C:\Windows\System\EzUytzE.exe
  2⤵
  PID:6652
- C:\Windows\System\xHchvEt.exe
  C:\Windows\System\xHchvEt.exe
  2⤵
  PID:6676
- C:\Windows\System\AlqgZQR.exe
  C:\Windows\System\AlqgZQR.exe
  2⤵
  PID:6736
- C:\Windows\System\fQGvjzf.exe
  C:\Windows\System\fQGvjzf.exe
  2⤵
  PID:6836
- C:\Windows\System\JKuSRmA.exe
  C:\Windows\System\JKuSRmA.exe
  2⤵
  PID:6860
- C:\Windows\System\CPnaSTy.exe
  C:\Windows\System\CPnaSTy.exe
  2⤵
  PID:6880
- C:\Windows\System\CHTZdlc.exe
  C:\Windows\System\CHTZdlc.exe
  2⤵
  PID:6900
- C:\Windows\System\YdiAMhZ.exe
  C:\Windows\System\YdiAMhZ.exe
  2⤵
  PID:6936
- C:\Windows\System\bKJhZBV.exe
  C:\Windows\System\bKJhZBV.exe
  2⤵
  PID:6956
- C:\Windows\System\yCngYRy.exe
  C:\Windows\System\yCngYRy.exe
  2⤵
  PID:7008
- C:\Windows\System\kedthFy.exe
  C:\Windows\System\kedthFy.exe
  2⤵
  PID:7052
- C:\Windows\System\btxufbT.exe
  C:\Windows\System\btxufbT.exe
  2⤵
  PID:7104
- C:\Windows\System\jbFzjLd.exe
  C:\Windows\System\jbFzjLd.exe
  2⤵
  PID:7128
- C:\Windows\System\UAnBUwt.exe
  C:\Windows\System\UAnBUwt.exe
  2⤵
  PID:7160
- C:\Windows\System\QBaMijl.exe
  C:\Windows\System\QBaMijl.exe
  2⤵
  PID:6168
- C:\Windows\System\uwaSAml.exe
  C:\Windows\System\uwaSAml.exe
  2⤵
  PID:6236
- C:\Windows\System\qZCSmEX.exe
  C:\Windows\System\qZCSmEX.exe
  2⤵
  PID:6188
- C:\Windows\System\dTXZVbV.exe
  C:\Windows\System\dTXZVbV.exe
  2⤵
  PID:6280
- C:\Windows\System\yojHsDP.exe
  C:\Windows\System\yojHsDP.exe
  2⤵
  PID:6360
- C:\Windows\System\LDkCsqG.exe
  C:\Windows\System\LDkCsqG.exe
  2⤵
  PID:6400
- C:\Windows\System\qyJnAsJ.exe
  C:\Windows\System\qyJnAsJ.exe
  2⤵
  PID:6516
- C:\Windows\System\JaPtCCJ.exe
  C:\Windows\System\JaPtCCJ.exe
  2⤵
  PID:6420
- C:\Windows\System\MfgtKJO.exe
  C:\Windows\System\MfgtKJO.exe
  2⤵
  PID:6684
- C:\Windows\System\MIpndIJ.exe
  C:\Windows\System\MIpndIJ.exe
  2⤵
  PID:6604
- C:\Windows\System\fwwXpII.exe
  C:\Windows\System\fwwXpII.exe
  2⤵
  PID:6648
- C:\Windows\System\vhDWxTR.exe
  C:\Windows\System\vhDWxTR.exe
  2⤵
  PID:6892
- C:\Windows\System\uJSihHY.exe
  C:\Windows\System\uJSihHY.exe
  2⤵
  PID:6952
- C:\Windows\System\sLtHhJh.exe
  C:\Windows\System\sLtHhJh.exe
  2⤵
  PID:6928
- C:\Windows\System\Cxlqwtx.exe
  C:\Windows\System\Cxlqwtx.exe
  2⤵
  PID:7048
- C:\Windows\System\PotEYMl.exe
  C:\Windows\System\PotEYMl.exe
  2⤵
  PID:7112
- C:\Windows\System\tHjpeDg.exe
  C:\Windows\System\tHjpeDg.exe
  2⤵
  PID:7124
- C:\Windows\System\gxDGUdt.exe
  C:\Windows\System\gxDGUdt.exe
  2⤵
  PID:5372
- C:\Windows\System\NbtBCuq.exe
  C:\Windows\System\NbtBCuq.exe
  2⤵
  PID:6328
- C:\Windows\System\qoJjuIi.exe
  C:\Windows\System\qoJjuIi.exe
  2⤵
  PID:1488
- C:\Windows\System\LopkDOA.exe
  C:\Windows\System\LopkDOA.exe
  2⤵
  PID:6576
- C:\Windows\System\OlqYPGx.exe
  C:\Windows\System\OlqYPGx.exe
  2⤵
  PID:6788
- C:\Windows\System\LDOlVgD.exe
  C:\Windows\System\LDOlVgD.exe
  2⤵
  PID:6932
- C:\Windows\System\VPIWspQ.exe
  C:\Windows\System\VPIWspQ.exe
  2⤵
  PID:7120
- C:\Windows\System\xKNebgB.exe
  C:\Windows\System\xKNebgB.exe
  2⤵
  PID:6192
- C:\Windows\System\jDdQihy.exe
  C:\Windows\System\jDdQihy.exe
  2⤵
  PID:6924
- C:\Windows\System\aAcQaKN.exe
  C:\Windows\System\aAcQaKN.exe
  2⤵
  PID:7136
- C:\Windows\System\zQqmQtJ.exe
  C:\Windows\System\zQqmQtJ.exe
  2⤵
  PID:6228
- C:\Windows\System\wMJDXIj.exe
  C:\Windows\System\wMJDXIj.exe
  2⤵
  PID:7000
- C:\Windows\System\JobtwvF.exe
  C:\Windows\System\JobtwvF.exe
  2⤵
  PID:7180
- C:\Windows\System\hBpEXuM.exe
  C:\Windows\System\hBpEXuM.exe
  2⤵
  PID:7200
- C:\Windows\System\SxTwylv.exe
  C:\Windows\System\SxTwylv.exe
  2⤵
  PID:7228
- C:\Windows\System\eIWsBNa.exe
  C:\Windows\System\eIWsBNa.exe
  2⤵
  PID:7268
- C:\Windows\System\QFlmZrk.exe
  C:\Windows\System\QFlmZrk.exe
  2⤵
  PID:7292
- C:\Windows\System\wILDzBm.exe
  C:\Windows\System\wILDzBm.exe
  2⤵
  PID:7312
- C:\Windows\System\OiCzXHu.exe
  C:\Windows\System\OiCzXHu.exe
  2⤵
  PID:7332
- C:\Windows\System\KeTLqPA.exe
  C:\Windows\System\KeTLqPA.exe
  2⤵
  PID:7356
- C:\Windows\System\GcXCbYc.exe
  C:\Windows\System\GcXCbYc.exe
  2⤵
  PID:7376
- C:\Windows\System\FIcjVtA.exe
  C:\Windows\System\FIcjVtA.exe
  2⤵
  PID:7432
- C:\Windows\System\LjhSDDI.exe
  C:\Windows\System\LjhSDDI.exe
  2⤵
  PID:7480
- C:\Windows\System\FQAdtHy.exe
  C:\Windows\System\FQAdtHy.exe
  2⤵
  PID:7508
- C:\Windows\System\LHARCjd.exe
  C:\Windows\System\LHARCjd.exe
  2⤵
  PID:7656
- C:\Windows\System\pkdwgBD.exe
  C:\Windows\System\pkdwgBD.exe
  2⤵
  PID:7672
- C:\Windows\System\pYuQWNp.exe
  C:\Windows\System\pYuQWNp.exe
  2⤵
  PID:7692
- C:\Windows\System\DyZEcLZ.exe
  C:\Windows\System\DyZEcLZ.exe
  2⤵
  PID:7712
- C:\Windows\System\wFqlJOk.exe
  C:\Windows\System\wFqlJOk.exe
  2⤵
  PID:7740
- C:\Windows\System\mqMyBtA.exe
  C:\Windows\System\mqMyBtA.exe
  2⤵
  PID:7756
- C:\Windows\System\gEZiUyo.exe
  C:\Windows\System\gEZiUyo.exe
  2⤵
  PID:7780
- C:\Windows\System\otgqlmn.exe
  C:\Windows\System\otgqlmn.exe
  2⤵
  PID:7796
- C:\Windows\System\oLlEuqT.exe
  C:\Windows\System\oLlEuqT.exe
  2⤵
  PID:7832
- C:\Windows\System\wxNzQZD.exe
  C:\Windows\System\wxNzQZD.exe
  2⤵
  PID:7848
- C:\Windows\System\RIVrSSW.exe
  C:\Windows\System\RIVrSSW.exe
  2⤵
  PID:7868
- C:\Windows\System\usVGrnS.exe
  C:\Windows\System\usVGrnS.exe
  2⤵
  PID:7888
- C:\Windows\System\GEtgabA.exe
  C:\Windows\System\GEtgabA.exe
  2⤵
  PID:7948
- C:\Windows\System\grAgTcO.exe
  C:\Windows\System\grAgTcO.exe
  2⤵
  PID:7964
- C:\Windows\System\iYepXFA.exe
  C:\Windows\System\iYepXFA.exe
  2⤵
  PID:8000
- C:\Windows\System\QXBorsT.exe
  C:\Windows\System\QXBorsT.exe
  2⤵
  PID:8036
- C:\Windows\System\jXLFjNl.exe
  C:\Windows\System\jXLFjNl.exe
  2⤵
  PID:8060
- C:\Windows\System\wJcPcOj.exe
  C:\Windows\System\wJcPcOj.exe
  2⤵
  PID:8092
- C:\Windows\System\pbkHEKB.exe
  C:\Windows\System\pbkHEKB.exe
  2⤵
  PID:8136
- C:\Windows\System\qjOjudn.exe
  C:\Windows\System\qjOjudn.exe
  2⤵
  PID:8160
- C:\Windows\System\aKNhyyy.exe
  C:\Windows\System\aKNhyyy.exe
  2⤵
  PID:8176
- C:\Windows\System\rNANRxg.exe
  C:\Windows\System\rNANRxg.exe
  2⤵
  PID:1192
- C:\Windows\System\eTSgTXu.exe
  C:\Windows\System\eTSgTXu.exe
  2⤵
  PID:7220
- C:\Windows\System\iEqWguS.exe
  C:\Windows\System\iEqWguS.exe
  2⤵
  PID:7260
- C:\Windows\System\PmMbxdY.exe
  C:\Windows\System\PmMbxdY.exe
  2⤵
  PID:7352
- C:\Windows\System\FzBxOGZ.exe
  C:\Windows\System\FzBxOGZ.exe
  2⤵
  PID:7392
- C:\Windows\System\bOHGjko.exe
  C:\Windows\System\bOHGjko.exe
  2⤵
  PID:7496
- C:\Windows\System\DoecDIn.exe
  C:\Windows\System\DoecDIn.exe
  2⤵
  PID:7632
- C:\Windows\System\dtrjzlJ.exe
  C:\Windows\System\dtrjzlJ.exe
  2⤵
  PID:7604
- C:\Windows\System\NtepSuI.exe
  C:\Windows\System\NtepSuI.exe
  2⤵
  PID:7628
- C:\Windows\System\rLhJXZN.exe
  C:\Windows\System\rLhJXZN.exe
  2⤵
  PID:7664
- C:\Windows\System\cTTJFIQ.exe
  C:\Windows\System\cTTJFIQ.exe
  2⤵
  PID:7704
- C:\Windows\System\JeROQdn.exe
  C:\Windows\System\JeROQdn.exe
  2⤵
  PID:7752
- C:\Windows\System\MfeEyZD.exe
  C:\Windows\System\MfeEyZD.exe
  2⤵
  PID:1928
- C:\Windows\System\eLySkAI.exe
  C:\Windows\System\eLySkAI.exe
  2⤵
  PID:7864
- C:\Windows\System\oOfaxrf.exe
  C:\Windows\System\oOfaxrf.exe
  2⤵
  PID:2044
- C:\Windows\System\DztsAIH.exe
  C:\Windows\System\DztsAIH.exe
  2⤵
  PID:7984
- C:\Windows\System\ILDFTvS.exe
  C:\Windows\System\ILDFTvS.exe
  2⤵
  PID:8044
- C:\Windows\System\VuLPFLy.exe
  C:\Windows\System\VuLPFLy.exe
  2⤵
  PID:8184
- C:\Windows\System\tkHOoqk.exe
  C:\Windows\System\tkHOoqk.exe
  2⤵
  PID:8168
- C:\Windows\System\XERpqii.exe
  C:\Windows\System\XERpqii.exe
  2⤵
  PID:7264
- C:\Windows\System\oCOCWey.exe
  C:\Windows\System\oCOCWey.exe
  2⤵
  PID:7452
- C:\Windows\System\CKKwxwQ.exe
  C:\Windows\System\CKKwxwQ.exe
  2⤵
  PID:7616
- C:\Windows\System\QnWAprV.exe
  C:\Windows\System\QnWAprV.exe
  2⤵
  PID:7556
- C:\Windows\System\rQHMVql.exe
  C:\Windows\System\rQHMVql.exe
  2⤵
  PID:7644
- C:\Windows\System\QIEGbvp.exe
  C:\Windows\System\QIEGbvp.exe
  2⤵
  PID:2480
- C:\Windows\System\SuEivyg.exe
  C:\Windows\System\SuEivyg.exe
  2⤵
  PID:7996
- C:\Windows\System\mUHFWBl.exe
  C:\Windows\System\mUHFWBl.exe
  2⤵
  PID:8084
- C:\Windows\System\PGPHbRs.exe
  C:\Windows\System\PGPHbRs.exe
  2⤵
  PID:7308
- C:\Windows\System\FKqIgOq.exe
  C:\Windows\System\FKqIgOq.exe
  2⤵
  PID:7600
- C:\Windows\System\MAmbjWS.exe
  C:\Windows\System\MAmbjWS.exe
  2⤵
  PID:7748
- C:\Windows\System\GHjmljC.exe
  C:\Windows\System\GHjmljC.exe
  2⤵
  PID:8056
- C:\Windows\System\MyfdTkJ.exe
  C:\Windows\System\MyfdTkJ.exe
  2⤵
  PID:8156
- C:\Windows\System\axRCnfR.exe
  C:\Windows\System\axRCnfR.exe
  2⤵
  PID:8216
- C:\Windows\System\HAeGopH.exe
  C:\Windows\System\HAeGopH.exe
  2⤵
  PID:8240
- C:\Windows\System\mmgAJgq.exe
  C:\Windows\System\mmgAJgq.exe
  2⤵
  PID:8284
- C:\Windows\System\ALKSWUK.exe
  C:\Windows\System\ALKSWUK.exe
  2⤵
  PID:8324
- C:\Windows\System\OzFFflB.exe
  C:\Windows\System\OzFFflB.exe
  2⤵
  PID:8340
- C:\Windows\System\DSKrJaW.exe
  C:\Windows\System\DSKrJaW.exe
  2⤵
  PID:8364
- C:\Windows\System\RGtWkSY.exe
  C:\Windows\System\RGtWkSY.exe
  2⤵
  PID:8388
- C:\Windows\System\ZZQVhry.exe
  C:\Windows\System\ZZQVhry.exe
  2⤵
  PID:8408
- C:\Windows\System\nDEAyQq.exe
  C:\Windows\System\nDEAyQq.exe
  2⤵
  PID:8436
- C:\Windows\System\KmkLWWa.exe
  C:\Windows\System\KmkLWWa.exe
  2⤵
  PID:8456
- C:\Windows\System\hVjtBcZ.exe
  C:\Windows\System\hVjtBcZ.exe
  2⤵
  PID:8480
- C:\Windows\System\oiJhrgo.exe
  C:\Windows\System\oiJhrgo.exe
  2⤵
  PID:8516
- C:\Windows\System\PHJHTTZ.exe
  C:\Windows\System\PHJHTTZ.exe
  2⤵
  PID:8540
- C:\Windows\System\BtnWPUf.exe
  C:\Windows\System\BtnWPUf.exe
  2⤵
  PID:8572
- C:\Windows\System\WxnwiiW.exe
  C:\Windows\System\WxnwiiW.exe
  2⤵
  PID:8588
- C:\Windows\System\BWPxmkD.exe
  C:\Windows\System\BWPxmkD.exe
  2⤵
  PID:8620
- C:\Windows\System\sKTmdrn.exe
  C:\Windows\System\sKTmdrn.exe
  2⤵
  PID:8680
- C:\Windows\System\eSXgYqV.exe
  C:\Windows\System\eSXgYqV.exe
  2⤵
  PID:8704
- C:\Windows\System\KdmGGom.exe
  C:\Windows\System\KdmGGom.exe
  2⤵
  PID:8732
- C:\Windows\System\SbCWYBZ.exe
  C:\Windows\System\SbCWYBZ.exe
  2⤵
  PID:8748
- C:\Windows\System\nWzlMnD.exe
  C:\Windows\System\nWzlMnD.exe
  2⤵
  PID:8772
- C:\Windows\System\hEXVOxx.exe
  C:\Windows\System\hEXVOxx.exe
  2⤵
  PID:8788
- C:\Windows\System\VopuEBE.exe
  C:\Windows\System\VopuEBE.exe
  2⤵
  PID:8816
- C:\Windows\System\ttMCzwD.exe
  C:\Windows\System\ttMCzwD.exe
  2⤵
  PID:8848
- C:\Windows\System\sIBvZVP.exe
  C:\Windows\System\sIBvZVP.exe
  2⤵
  PID:8880
- C:\Windows\System\wFnNguu.exe
  C:\Windows\System\wFnNguu.exe
  2⤵
  PID:8928
- C:\Windows\System\JOsXuUX.exe
  C:\Windows\System\JOsXuUX.exe
  2⤵
  PID:8952
- C:\Windows\System\vFVxCYo.exe
  C:\Windows\System\vFVxCYo.exe
  2⤵
  PID:8972
- C:\Windows\System\QikKdLg.exe
  C:\Windows\System\QikKdLg.exe
  2⤵
  PID:8992
- C:\Windows\System\fzqRSsR.exe
  C:\Windows\System\fzqRSsR.exe
  2⤵
  PID:9044
- C:\Windows\System\MAhLOjE.exe
  C:\Windows\System\MAhLOjE.exe
  2⤵
  PID:9064
- C:\Windows\System\AcdsJuv.exe
  C:\Windows\System\AcdsJuv.exe
  2⤵
  PID:9084
- C:\Windows\System\cHAoXlj.exe
  C:\Windows\System\cHAoXlj.exe
  2⤵
  PID:9136
- C:\Windows\System\OCINRoW.exe
  C:\Windows\System\OCINRoW.exe
  2⤵
  PID:9160
- C:\Windows\System\YFyPAOO.exe
  C:\Windows\System\YFyPAOO.exe
  2⤵
  PID:9180
- C:\Windows\System\ypQyOfi.exe
  C:\Windows\System\ypQyOfi.exe
  2⤵
  PID:9200
- C:\Windows\System\fzzXHUp.exe
  C:\Windows\System\fzzXHUp.exe
  2⤵
  PID:7788
- C:\Windows\System\LHMnCdl.exe
  C:\Windows\System\LHMnCdl.exe
  2⤵
  PID:7528
- C:\Windows\System\oVvRZkk.exe
  C:\Windows\System\oVvRZkk.exe
  2⤵
  PID:8232
- C:\Windows\System\RRWAstG.exe
  C:\Windows\System\RRWAstG.exe
  2⤵
  PID:8304
- C:\Windows\System\qNWQOOD.exe
  C:\Windows\System\qNWQOOD.exe
  2⤵
  PID:8356
- C:\Windows\System\qVlGnCN.exe
  C:\Windows\System\qVlGnCN.exe
  2⤵
  PID:8424
- C:\Windows\System\AiDBCkJ.exe
  C:\Windows\System\AiDBCkJ.exe
  2⤵
  PID:8508
- C:\Windows\System\mofrngZ.exe
  C:\Windows\System\mofrngZ.exe
  2⤵
  PID:8552
- C:\Windows\System\XZDEQcI.exe
  C:\Windows\System\XZDEQcI.exe
  2⤵
  PID:8688
- C:\Windows\System\wfFSAjB.exe
  C:\Windows\System\wfFSAjB.exe
  2⤵
  PID:8784
- C:\Windows\System\wnhTBeC.exe
  C:\Windows\System\wnhTBeC.exe
  2⤵
  PID:8808
- C:\Windows\System\gOSsNgM.exe
  C:\Windows\System\gOSsNgM.exe
  2⤵
  PID:8944
- C:\Windows\System\eCPmAIP.exe
  C:\Windows\System\eCPmAIP.exe
  2⤵
  PID:8980
- C:\Windows\System\JoURSwY.exe
  C:\Windows\System\JoURSwY.exe
  2⤵
  PID:9080
- C:\Windows\System\gorgTpm.exe
  C:\Windows\System\gorgTpm.exe
  2⤵
  PID:9108
- C:\Windows\System\goNKviU.exe
  C:\Windows\System\goNKviU.exe
  2⤵
  PID:8224
- C:\Windows\System\rwnfyTD.exe
  C:\Windows\System\rwnfyTD.exe
  2⤵
  PID:7192
- C:\Windows\System\FXwiOaR.exe
  C:\Windows\System\FXwiOaR.exe
  2⤵
  PID:8352
- C:\Windows\System\KbWnCWj.exe
  C:\Windows\System\KbWnCWj.exe
  2⤵
  PID:8404
- C:\Windows\System\YNIPgzL.exe
  C:\Windows\System\YNIPgzL.exe
  2⤵
  PID:8640
- C:\Windows\System\zJQsERq.exe
  C:\Windows\System\zJQsERq.exe
  2⤵
  PID:8768
- C:\Windows\System\cRuyxqI.exe
  C:\Windows\System\cRuyxqI.exe
  2⤵
  PID:9056
- C:\Windows\System\XFOTdLf.exe
  C:\Windows\System\XFOTdLf.exe
  2⤵
  PID:9156
- C:\Windows\System\HvKXjLu.exe
  C:\Windows\System\HvKXjLu.exe
  2⤵
  PID:8396
- C:\Windows\System\eOXAvwN.exe
  C:\Windows\System\eOXAvwN.exe
  2⤵
  PID:8940
- C:\Windows\System\HjJnEfN.exe
  C:\Windows\System\HjJnEfN.exe
  2⤵
  PID:9092
- C:\Windows\System\BjnfHMl.exe
  C:\Windows\System\BjnfHMl.exe
  2⤵
  PID:8744
- C:\Windows\System\SqTrsvD.exe
  C:\Windows\System\SqTrsvD.exe
  2⤵
  PID:9220
- C:\Windows\System\nFKnKzy.exe
  C:\Windows\System\nFKnKzy.exe
  2⤵
  PID:9240
- C:\Windows\System\CIHiNUY.exe
  C:\Windows\System\CIHiNUY.exe
  2⤵
  PID:9284
- C:\Windows\System\lnuLrAh.exe
  C:\Windows\System\lnuLrAh.exe
  2⤵
  PID:9308
- C:\Windows\System\lDNrhDB.exe
  C:\Windows\System\lDNrhDB.exe
  2⤵
  PID:9324
- C:\Windows\System\DEIzhRy.exe
  C:\Windows\System\DEIzhRy.exe
  2⤵
  PID:9344
- C:\Windows\System\nNDElNE.exe
  C:\Windows\System\nNDElNE.exe
  2⤵
  PID:9364
- C:\Windows\System\pPljmDd.exe
  C:\Windows\System\pPljmDd.exe
  2⤵
  PID:9384
- C:\Windows\System\AxZAJPS.exe
  C:\Windows\System\AxZAJPS.exe
  2⤵
  PID:9412
- C:\Windows\System\akXKmNZ.exe
  C:\Windows\System\akXKmNZ.exe
  2⤵
  PID:9428
- C:\Windows\System\amBhkal.exe
  C:\Windows\System\amBhkal.exe
  2⤵
  PID:9472
- C:\Windows\System\oZOxXKf.exe
  C:\Windows\System\oZOxXKf.exe
  2⤵
  PID:9492
- C:\Windows\System\mfIfzSg.exe
  C:\Windows\System\mfIfzSg.exe
  2⤵
  PID:9536
- C:\Windows\System\NUlVAOQ.exe
  C:\Windows\System\NUlVAOQ.exe
  2⤵
  PID:9572
- C:\Windows\System\hVpUyez.exe
  C:\Windows\System\hVpUyez.exe
  2⤵
  PID:9604
- C:\Windows\System\vRCCXkc.exe
  C:\Windows\System\vRCCXkc.exe
  2⤵
  PID:9620
- C:\Windows\System\yOgUbmF.exe
  C:\Windows\System\yOgUbmF.exe
  2⤵
  PID:9636
- C:\Windows\System\viskAjC.exe
  C:\Windows\System\viskAjC.exe
  2⤵
  PID:9688
- C:\Windows\System\EVOktEn.exe
  C:\Windows\System\EVOktEn.exe
  2⤵
  PID:9716
- C:\Windows\System\jAIhsEs.exe
  C:\Windows\System\jAIhsEs.exe
  2⤵
  PID:9744
- C:\Windows\System\KDmiIOz.exe
  C:\Windows\System\KDmiIOz.exe
  2⤵
  PID:9764
- C:\Windows\System\htQydGG.exe
  C:\Windows\System\htQydGG.exe
  2⤵
  PID:9784
- C:\Windows\System\cmRKmpj.exe
  C:\Windows\System\cmRKmpj.exe
  2⤵
  PID:9824
- C:\Windows\System\yMADpui.exe
  C:\Windows\System\yMADpui.exe
  2⤵
  PID:9852
- C:\Windows\System\LiQLldY.exe
  C:\Windows\System\LiQLldY.exe
  2⤵
  PID:9904
- C:\Windows\System\RNkgmoN.exe
  C:\Windows\System\RNkgmoN.exe
  2⤵
  PID:9924
- C:\Windows\System\bHmekZB.exe
  C:\Windows\System\bHmekZB.exe
  2⤵
  PID:9964
- C:\Windows\System\tAONbsu.exe
  C:\Windows\System\tAONbsu.exe
  2⤵
  PID:9988
- C:\Windows\System\MYiGvxA.exe
  C:\Windows\System\MYiGvxA.exe
  2⤵
  PID:10012
- C:\Windows\System\HawYiBe.exe
  C:\Windows\System\HawYiBe.exe
  2⤵
  PID:10032
- C:\Windows\System\QVXPNqc.exe
  C:\Windows\System\QVXPNqc.exe
  2⤵
  PID:10056
- C:\Windows\System\AuWldgF.exe
  C:\Windows\System\AuWldgF.exe
  2⤵
  PID:10084
- C:\Windows\System\iitLuym.exe
  C:\Windows\System\iitLuym.exe
  2⤵
  PID:10128
- C:\Windows\System\TWLVYMi.exe
  C:\Windows\System\TWLVYMi.exe
  2⤵
  PID:10148
- C:\Windows\System\zOcMJsT.exe
  C:\Windows\System\zOcMJsT.exe
  2⤵
  PID:10168
- C:\Windows\System\MAvEUvE.exe
  C:\Windows\System\MAvEUvE.exe
  2⤵
  PID:10192
- C:\Windows\System\WAKihcN.exe
  C:\Windows\System\WAKihcN.exe
  2⤵
  PID:10224
- C:\Windows\System\kmiRxEc.exe
  C:\Windows\System\kmiRxEc.exe
  2⤵
  PID:9300
- C:\Windows\System\nrdDCfk.exe
  C:\Windows\System\nrdDCfk.exe
  2⤵
  PID:9292
- C:\Windows\System\bGDtKSQ.exe
  C:\Windows\System\bGDtKSQ.exe
  2⤵
  PID:9320
- C:\Windows\System\lkZJOZW.exe
  C:\Windows\System\lkZJOZW.exe
  2⤵
  PID:9448
- C:\Windows\System\XODyWVt.exe
  C:\Windows\System\XODyWVt.exe
  2⤵
  PID:9464
- C:\Windows\System\yLwZLum.exe
  C:\Windows\System\yLwZLum.exe
  2⤵
  PID:9564
- C:\Windows\System\ObWEMsj.exe
  C:\Windows\System\ObWEMsj.exe
  2⤵
  PID:9528
- C:\Windows\System\trrpseD.exe
  C:\Windows\System\trrpseD.exe
  2⤵
  PID:9652
- C:\Windows\System\iZVcITu.exe
  C:\Windows\System\iZVcITu.exe
  2⤵
  PID:9732
- C:\Windows\System\hKVGRyY.exe
  C:\Windows\System\hKVGRyY.exe
  2⤵
  PID:9756
- C:\Windows\System\BFOGrvK.exe
  C:\Windows\System\BFOGrvK.exe
  2⤵
  PID:9796
- C:\Windows\System\YHnPHhW.exe
  C:\Windows\System\YHnPHhW.exe
  2⤵
  PID:9916
- C:\Windows\System\upWEdTs.exe
  C:\Windows\System\upWEdTs.exe
  2⤵
  PID:9956
- C:\Windows\System\iMKUJna.exe
  C:\Windows\System\iMKUJna.exe
  2⤵
  PID:10048
- C:\Windows\System\mmfVQhz.exe
  C:\Windows\System\mmfVQhz.exe
  2⤵
  PID:10140
- C:\Windows\System\KhchvQd.exe
  C:\Windows\System\KhchvQd.exe
  2⤵
  PID:952
- C:\Windows\System\QlBATEP.exe
  C:\Windows\System\QlBATEP.exe
  2⤵
  PID:9340
- C:\Windows\System\MbGbrgb.exe
  C:\Windows\System\MbGbrgb.exe
  2⤵
  PID:9420
- C:\Windows\System\tbIWVgM.exe
  C:\Windows\System\tbIWVgM.exe
  2⤵
  PID:9616
- C:\Windows\System\fsOxgpP.exe
  C:\Windows\System\fsOxgpP.exe
  2⤵
  PID:9780
- C:\Windows\System\bnOcNqw.exe
  C:\Windows\System\bnOcNqw.exe
  2⤵
  PID:10020
- C:\Windows\System\wdihrRB.exe
  C:\Windows\System\wdihrRB.exe
  2⤵
  PID:10144
- C:\Windows\System\eQEZGeq.exe
  C:\Windows\System\eQEZGeq.exe
  2⤵
  PID:10096
- C:\Windows\System\VsARmYM.exe
  C:\Windows\System\VsARmYM.exe
  2⤵
  PID:9508
- C:\Windows\System\TxVEuKa.exe
  C:\Windows\System\TxVEuKa.exe
  2⤵
  PID:9708
- C:\Windows\System\WttXZSn.exe
  C:\Windows\System\WttXZSn.exe
  2⤵
  PID:10068
- C:\Windows\System\WTihHQx.exe
  C:\Windows\System\WTihHQx.exe
  2⤵
  PID:9944
- C:\Windows\System\QRbuRtL.exe
  C:\Windows\System\QRbuRtL.exe
  2⤵
  PID:10256
- C:\Windows\System\aamIxNf.exe
  C:\Windows\System\aamIxNf.exe
  2⤵
  PID:10280
- C:\Windows\System\lZOnllE.exe
  C:\Windows\System\lZOnllE.exe
  2⤵
  PID:10308
- C:\Windows\System\fqwquFm.exe
  C:\Windows\System\fqwquFm.exe
  2⤵
  PID:10336
- C:\Windows\System\zqKucxc.exe
  C:\Windows\System\zqKucxc.exe
  2⤵
  PID:10368
- C:\Windows\System\UxORYLZ.exe
  C:\Windows\System\UxORYLZ.exe
  2⤵
  PID:10384
- C:\Windows\System\qqwMalE.exe
  C:\Windows\System\qqwMalE.exe
  2⤵
  PID:10448
- C:\Windows\System\qtcxeCa.exe
  C:\Windows\System\qtcxeCa.exe
  2⤵
  PID:10468
- C:\Windows\System\RjnbFAB.exe
  C:\Windows\System\RjnbFAB.exe
  2⤵
  PID:10496
- C:\Windows\System\SlLzxWo.exe
  C:\Windows\System\SlLzxWo.exe
  2⤵
  PID:10520
- C:\Windows\System\KORNdKr.exe
  C:\Windows\System\KORNdKr.exe
  2⤵
  PID:10560
- C:\Windows\System\KMWoddW.exe
  C:\Windows\System\KMWoddW.exe
  2⤵
  PID:10580
- C:\Windows\System\xUJuaQY.exe
  C:\Windows\System\xUJuaQY.exe
  2⤵
  PID:10624
- C:\Windows\System\FUZbidu.exe
  C:\Windows\System\FUZbidu.exe
  2⤵
  PID:10644
- C:\Windows\System\ozuGlWt.exe
  C:\Windows\System\ozuGlWt.exe
  2⤵
  PID:10664
- C:\Windows\System\wZYCvRV.exe
  C:\Windows\System\wZYCvRV.exe
  2⤵
  PID:10692
- C:\Windows\System\yINsKBw.exe
  C:\Windows\System\yINsKBw.exe
  2⤵
  PID:10720
- C:\Windows\System\ToQvKeh.exe
  C:\Windows\System\ToQvKeh.exe
  2⤵
  PID:10744
- C:\Windows\System\UdwKEJc.exe
  C:\Windows\System\UdwKEJc.exe
  2⤵
  PID:10764
- C:\Windows\System\jWywPQP.exe
  C:\Windows\System\jWywPQP.exe
  2⤵
  PID:10788
- C:\Windows\System\SosoAVI.exe
  C:\Windows\System\SosoAVI.exe
  2⤵
  PID:10808
- C:\Windows\System\CnaSPWT.exe
  C:\Windows\System\CnaSPWT.exe
  2⤵
  PID:10836
- C:\Windows\System\pLnjNpW.exe
  C:\Windows\System\pLnjNpW.exe
  2⤵
  PID:10900
- C:\Windows\System\bJhCgNX.exe
  C:\Windows\System\bJhCgNX.exe
  2⤵
  PID:10920
- C:\Windows\System\sBrLcbP.exe
  C:\Windows\System\sBrLcbP.exe
  2⤵
  PID:11004
- C:\Windows\System\cPJPpKz.exe
  C:\Windows\System\cPJPpKz.exe
  2⤵
  PID:11048
- C:\Windows\System\nxvmifH.exe
  C:\Windows\System\nxvmifH.exe
  2⤵
  PID:11068
- C:\Windows\System\oMQvMRT.exe
  C:\Windows\System\oMQvMRT.exe
  2⤵
  PID:11088
- C:\Windows\System\enwYwuU.exe
  C:\Windows\System\enwYwuU.exe
  2⤵
  PID:11108
- C:\Windows\System\dUgmwjm.exe
  C:\Windows\System\dUgmwjm.exe
  2⤵
  PID:11144
- C:\Windows\System\FClNJok.exe
  C:\Windows\System\FClNJok.exe
  2⤵
  PID:11168
- C:\Windows\System\pNqoLjX.exe
  C:\Windows\System\pNqoLjX.exe
  2⤵
  PID:11188
- C:\Windows\System\LiRlEAb.exe
  C:\Windows\System\LiRlEAb.exe
  2⤵
  PID:11208
- C:\Windows\System\OmcIcOd.exe
  C:\Windows\System\OmcIcOd.exe
  2⤵
  PID:11236
- C:\Windows\System\ljGkhnM.exe
  C:\Windows\System\ljGkhnM.exe
  2⤵
  PID:11252
- C:\Windows\System\YHTZlMU.exe
  C:\Windows\System\YHTZlMU.exe
  2⤵
  PID:10364
- C:\Windows\System\KFeITTw.exe
  C:\Windows\System\KFeITTw.exe
  2⤵
  PID:10400
- C:\Windows\System\QYROkvo.exe
  C:\Windows\System\QYROkvo.exe
  2⤵
  PID:10476
- C:\Windows\System\FWqKLpN.exe
  C:\Windows\System\FWqKLpN.exe
  2⤵
  PID:10596
- C:\Windows\System\TUIiqPR.exe
  C:\Windows\System\TUIiqPR.exe
  2⤵
  PID:10640
- C:\Windows\System\wutieSg.exe
  C:\Windows\System\wutieSg.exe
  2⤵
  PID:10700
- C:\Windows\System\SIrBEPY.exe
  C:\Windows\System\SIrBEPY.exe
  2⤵
  PID:10728
- C:\Windows\System\XlUuhFe.exe
  C:\Windows\System\XlUuhFe.exe
  2⤵
  PID:10760
- C:\Windows\System\AfObahw.exe
  C:\Windows\System\AfObahw.exe
  2⤵
  PID:10852
- C:\Windows\System\QGdhxHV.exe
  C:\Windows\System\QGdhxHV.exe
  2⤵
  PID:10832
- C:\Windows\System\xtboACT.exe
  C:\Windows\System\xtboACT.exe
  2⤵
  PID:10972
- C:\Windows\System\Zoxmbix.exe
  C:\Windows\System\Zoxmbix.exe
  2⤵
  PID:10860
- C:\Windows\System\wwlHVjJ.exe
  C:\Windows\System\wwlHVjJ.exe
  2⤵
  PID:11084
- C:\Windows\System\YTsGaKz.exe
  C:\Windows\System\YTsGaKz.exe
  2⤵
  PID:11156
- C:\Windows\System\KQGUldR.exe
  C:\Windows\System\KQGUldR.exe
  2⤵
  PID:11204
- C:\Windows\System\xEXUMtP.exe
  C:\Windows\System\xEXUMtP.exe
  2⤵
  PID:9772
- C:\Windows\System\MLQxmph.exe
  C:\Windows\System\MLQxmph.exe
  2⤵
  PID:9532
- C:\Windows\System\xuNaftj.exe
  C:\Windows\System\xuNaftj.exe
  2⤵
  PID:10464
- C:\Windows\System\VobIGex.exe
  C:\Windows\System\VobIGex.exe
  2⤵
  PID:10548
- C:\Windows\System\tJkfeCY.exe
  C:\Windows\System\tJkfeCY.exe
  2⤵
  PID:10756
- C:\Windows\System\dYwgcdy.exe
  C:\Windows\System\dYwgcdy.exe
  2⤵
  PID:10936
- C:\Windows\System\iXfsGfJ.exe
  C:\Windows\System\iXfsGfJ.exe
  2⤵
  PID:10864
- C:\Windows\System\AyypoRm.exe
  C:\Windows\System\AyypoRm.exe
  2⤵
  PID:11076
- C:\Windows\System\seMtjCR.exe
  C:\Windows\System\seMtjCR.exe
  2⤵
  PID:11228
- C:\Windows\System\RNnXYVs.exe
  C:\Windows\System\RNnXYVs.exe
  2⤵
  PID:10320
- C:\Windows\System\wFPEBbq.exe
  C:\Windows\System\wFPEBbq.exe
  2⤵
  PID:10544
- C:\Windows\System\bDnsbtq.exe
  C:\Windows\System\bDnsbtq.exe
  2⤵
  PID:11028
- C:\Windows\System\sFIasNP.exe
  C:\Windows\System\sFIasNP.exe
  2⤵
  PID:11124
- C:\Windows\System\vMqxTTA.exe
  C:\Windows\System\vMqxTTA.exe
  2⤵
  PID:8256
- C:\Windows\System\guLsDpq.exe
  C:\Windows\System\guLsDpq.exe
  2⤵
  PID:11276
- C:\Windows\System\aoIAmOo.exe
  C:\Windows\System\aoIAmOo.exe
  2⤵
  PID:11308
- C:\Windows\System\aizqxht.exe
  C:\Windows\System\aizqxht.exe
  2⤵
  PID:11332
- C:\Windows\System\UMeluPl.exe
  C:\Windows\System\UMeluPl.exe
  2⤵
  PID:11356
- C:\Windows\System\TTpfmGv.exe
  C:\Windows\System\TTpfmGv.exe
  2⤵
  PID:11376
- C:\Windows\System\Hktycpj.exe
  C:\Windows\System\Hktycpj.exe
  2⤵
  PID:11408
- C:\Windows\System\ECRLUKj.exe
  C:\Windows\System\ECRLUKj.exe
  2⤵
  PID:11436
- C:\Windows\System\RXkxike.exe
  C:\Windows\System\RXkxike.exe
  2⤵
  PID:11464
- C:\Windows\System\yQsRjRa.exe
  C:\Windows\System\yQsRjRa.exe
  2⤵
  PID:11480
- C:\Windows\System\nmekXEz.exe
  C:\Windows\System\nmekXEz.exe
  2⤵
  PID:11504
- C:\Windows\System\sLrytYy.exe
  C:\Windows\System\sLrytYy.exe
  2⤵
  PID:11532
- C:\Windows\System\IldiogY.exe
  C:\Windows\System\IldiogY.exe
  2⤵
  PID:11560
- C:\Windows\System\OadDUYZ.exe
  C:\Windows\System\OadDUYZ.exe
  2⤵
  PID:11588
- C:\Windows\System\dLNAeVK.exe
  C:\Windows\System\dLNAeVK.exe
  2⤵
  PID:11616
- C:\Windows\System\OcQvqeh.exe
  C:\Windows\System\OcQvqeh.exe
  2⤵
  PID:11652
- C:\Windows\System\XeAoKkn.exe
  C:\Windows\System\XeAoKkn.exe
  2⤵
  PID:11672
- C:\Windows\System\RhaLxMC.exe
  C:\Windows\System\RhaLxMC.exe
  2⤵
  PID:11700
- C:\Windows\System\gWRvYvc.exe
  C:\Windows\System\gWRvYvc.exe
  2⤵
  PID:11716
- C:\Windows\System\BlXyiIi.exe
  C:\Windows\System\BlXyiIi.exe
  2⤵
  PID:11756
- C:\Windows\System\WzgywdJ.exe
  C:\Windows\System\WzgywdJ.exe
  2⤵
  PID:11784
- C:\Windows\System\oCjzjDq.exe
  C:\Windows\System\oCjzjDq.exe
  2⤵
  PID:11812
- C:\Windows\System\GwgeqSW.exe
  C:\Windows\System\GwgeqSW.exe
  2⤵
  PID:11840
- C:\Windows\System\eKBLgOw.exe
  C:\Windows\System\eKBLgOw.exe
  2⤵
  PID:11904
- C:\Windows\System\iycmPTZ.exe
  C:\Windows\System\iycmPTZ.exe
  2⤵
  PID:11924
- C:\Windows\System\dSmLEpM.exe
  C:\Windows\System\dSmLEpM.exe
  2⤵
  PID:11948
- C:\Windows\System\jmAPUid.exe
  C:\Windows\System\jmAPUid.exe
  2⤵
  PID:11964
- C:\Windows\System\EkKCAIW.exe
  C:\Windows\System\EkKCAIW.exe
  2⤵
  PID:11996
- C:\Windows\System\qzzNriq.exe
  C:\Windows\System\qzzNriq.exe
  2⤵
  PID:12016
- C:\Windows\System\mjJwcsp.exe
  C:\Windows\System\mjJwcsp.exe
  2⤵
  PID:12064
- C:\Windows\System\HmszQCV.exe
  C:\Windows\System\HmszQCV.exe
  2⤵
  PID:12096
- C:\Windows\System\RWviCXT.exe
  C:\Windows\System\RWviCXT.exe
  2⤵
  PID:12116
- C:\Windows\System\XsLMshx.exe
  C:\Windows\System\XsLMshx.exe
  2⤵
  PID:12132
- C:\Windows\System\jJZzLNa.exe
  C:\Windows\System\jJZzLNa.exe
  2⤵
  PID:12152
- C:\Windows\System\eOzkfSo.exe
  C:\Windows\System\eOzkfSo.exe
  2⤵
  PID:12176
- C:\Windows\System\QhnqcEF.exe
  C:\Windows\System\QhnqcEF.exe
  2⤵
  PID:12196
- C:\Windows\System\rQrZIyy.exe
  C:\Windows\System\rQrZIyy.exe
  2⤵
  PID:12236
- C:\Windows\System\kdooBlP.exe
  C:\Windows\System\kdooBlP.exe
  2⤵
  PID:12260
- C:\Windows\System\nUXPZwv.exe
  C:\Windows\System\nUXPZwv.exe
  2⤵
  PID:12284
- C:\Windows\System\zPPOKgg.exe
  C:\Windows\System\zPPOKgg.exe
  2⤵
  PID:11292
- C:\Windows\System\EPsFiqa.exe
  C:\Windows\System\EPsFiqa.exe
  2⤵
  PID:11388
- C:\Windows\System\imMKqgc.exe
  C:\Windows\System\imMKqgc.exe
  2⤵
  PID:11488
- C:\Windows\System\OtcxSzf.exe
  C:\Windows\System\OtcxSzf.exe
  2⤵
  PID:11548
- C:\Windows\System\BMzMvKf.exe
  C:\Windows\System\BMzMvKf.exe
  2⤵
  PID:11580
- C:\Windows\System\VWtiiny.exe
  C:\Windows\System\VWtiiny.exe
  2⤵
  PID:11692
- C:\Windows\System\BadbsnD.exe
  C:\Windows\System\BadbsnD.exe
  2⤵
  PID:11772
- C:\Windows\System\WqJrOKX.exe
  C:\Windows\System\WqJrOKX.exe
  2⤵
  PID:11736
- C:\Windows\System\FMwVqCg.exe
  C:\Windows\System\FMwVqCg.exe
  2⤵
  PID:11832
- C:\Windows\System\PomtmSh.exe
  C:\Windows\System\PomtmSh.exe
  2⤵
  PID:11956
- C:\Windows\System\TZiVOQy.exe
  C:\Windows\System\TZiVOQy.exe
  2⤵
  PID:11960
- C:\Windows\System\ctRtMaW.exe
  C:\Windows\System\ctRtMaW.exe
  2⤵
  PID:12040
- C:\Windows\System\IYWeeKZ.exe
  C:\Windows\System\IYWeeKZ.exe
  2⤵
  PID:12088
- C:\Windows\System\UjYiFqi.exe
  C:\Windows\System\UjYiFqi.exe
  2⤵
  PID:12144
- C:\Windows\System\FooItsN.exe
  C:\Windows\System\FooItsN.exe
  2⤵
  PID:11300
- C:\Windows\System\xulMSdF.exe
  C:\Windows\System\xulMSdF.exe
  2⤵
  PID:12252
- C:\Windows\System\COunydP.exe
  C:\Windows\System\COunydP.exe
  2⤵
  PID:11420
- C:\Windows\System\yeqXvAI.exe
  C:\Windows\System\yeqXvAI.exe
  2⤵
  PID:11476
- C:\Windows\System\gUtmZaN.exe
  C:\Windows\System\gUtmZaN.exe
  2⤵
  PID:5060
- C:\Windows\System\aVYgvbw.exe
  C:\Windows\System\aVYgvbw.exe
  2⤵
  PID:11752
- C:\Windows\System\KPgmXyG.exe
  C:\Windows\System\KPgmXyG.exe
  2⤵
  PID:11804
- C:\Windows\System\nexoYlt.exe
  C:\Windows\System\nexoYlt.exe
  2⤵
  PID:11988
- C:\Windows\System\MvRlOtQ.exe
  C:\Windows\System\MvRlOtQ.exe
  2⤵
  PID:12232
- C:\Windows\System\CsRbVAj.exe
  C:\Windows\System\CsRbVAj.exe
  2⤵
  PID:12192
- C:\Windows\System\egUpvoJ.exe
  C:\Windows\System\egUpvoJ.exe
  2⤵
  PID:11796
- C:\Windows\System\GWJyGIQ.exe
  C:\Windows\System\GWJyGIQ.exe
  2⤵
  PID:11944
- C:\Windows\System\nOPSDxq.exe
  C:\Windows\System\nOPSDxq.exe
  2⤵
  PID:12124
- C:\Windows\System\HvNwbNt.exe
  C:\Windows\System\HvNwbNt.exe
  2⤵
  PID:12312
- C:\Windows\System\bgGnADa.exe
  C:\Windows\System\bgGnADa.exe
  2⤵
  PID:12332
- C:\Windows\System\AMVHPtS.exe
  C:\Windows\System\AMVHPtS.exe
  2⤵
  PID:12352
- C:\Windows\System\DUKGHdK.exe
  C:\Windows\System\DUKGHdK.exe
  2⤵
  PID:12372
- C:\Windows\System\CRorAvv.exe
  C:\Windows\System\CRorAvv.exe
  2⤵
  PID:12412
- C:\Windows\System\ycaevbj.exe
  C:\Windows\System\ycaevbj.exe
  2⤵
  PID:12452
- C:\Windows\System\UOrOhdv.exe
  C:\Windows\System\UOrOhdv.exe
  2⤵
  PID:12476
- C:\Windows\System\VcWnODh.exe
  C:\Windows\System\VcWnODh.exe
  2⤵
  PID:12504
- C:\Windows\System\iJKgdyq.exe
  C:\Windows\System\iJKgdyq.exe
  2⤵
  PID:12524
- C:\Windows\System\PtiGgAF.exe
  C:\Windows\System\PtiGgAF.exe
  2⤵
  PID:12540
- C:\Windows\System\YdZxdYj.exe
  C:\Windows\System\YdZxdYj.exe
  2⤵
  PID:12560
- C:\Windows\System\LAStaHl.exe
  C:\Windows\System\LAStaHl.exe
  2⤵
  PID:12600
- C:\Windows\System\UwVJaZA.exe
  C:\Windows\System\UwVJaZA.exe
  2⤵
  PID:12628
- C:\Windows\System\LsmAYfr.exe
  C:\Windows\System\LsmAYfr.exe
  2⤵
  PID:12652
- C:\Windows\System\nEXvJGk.exe
  C:\Windows\System\nEXvJGk.exe
  2⤵
  PID:12684
- C:\Windows\System\YJjVyxW.exe
  C:\Windows\System\YJjVyxW.exe
  2⤵
  PID:12712
- C:\Windows\System\CkJaEzX.exe
  C:\Windows\System\CkJaEzX.exe
  2⤵
  PID:12736
- C:\Windows\System\zKdzvPg.exe
  C:\Windows\System\zKdzvPg.exe
  2⤵
  PID:12756
- C:\Windows\System\wqvwxyU.exe
  C:\Windows\System\wqvwxyU.exe
  2⤵
  PID:12808
- C:\Windows\System\SURMBcw.exe
  C:\Windows\System\SURMBcw.exe
  2⤵
  PID:12836
- C:\Windows\System\yjyyufj.exe
  C:\Windows\System\yjyyufj.exe
  2⤵
  PID:12860
- C:\Windows\System\nYXHoIY.exe
  C:\Windows\System\nYXHoIY.exe
  2⤵
  PID:12876
- C:\Windows\System\WgZIIET.exe
  C:\Windows\System\WgZIIET.exe
  2⤵
  PID:12896
- C:\Windows\System\ALSTdEU.exe
  C:\Windows\System\ALSTdEU.exe
  2⤵
  PID:12916
- C:\Windows\System\IeNtzdX.exe
  C:\Windows\System\IeNtzdX.exe
  2⤵
  PID:12940
- C:\Windows\System\ewDZhTN.exe
  C:\Windows\System\ewDZhTN.exe
  2⤵
  PID:12964
- C:\Windows\System\bReOjBX.exe
  C:\Windows\System\bReOjBX.exe
  2⤵
  PID:12984
- C:\Windows\System\XTUOLiB.exe
  C:\Windows\System\XTUOLiB.exe
  2⤵
  PID:13004
- C:\Windows\System\oBosoqK.exe
  C:\Windows\System\oBosoqK.exe
  2⤵
  PID:13028
- C:\Windows\System\LotnsDE.exe
  C:\Windows\System\LotnsDE.exe
  2⤵
  PID:13076
- C:\Windows\System\CcTDYdK.exe
  C:\Windows\System\CcTDYdK.exe
  2⤵
  PID:13100
- C:\Windows\System\yGRojQw.exe
  C:\Windows\System\yGRojQw.exe
  2⤵
  PID:13152
- C:\Windows\System\gLFmmoD.exe
  C:\Windows\System\gLFmmoD.exe
  2⤵
  PID:13200
- C:\Windows\System\AnwQZkh.exe
  C:\Windows\System\AnwQZkh.exe
  2⤵
  PID:12404
- C:\Windows\System\RiuecqN.exe
  C:\Windows\System\RiuecqN.exe
  2⤵
  PID:12448
- C:\Windows\System\YtzPzDI.exe
  C:\Windows\System\YtzPzDI.exe
  2⤵
  PID:12512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ltvfu1qu.gzs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BdZnzRA.exe

Filesize
1.9MB

MD5
e134157e0e7901e414f294158909e0c7

SHA1
c4be4c739d16ec3a7598864b2ab24b3c6ae22c5c

SHA256
87db9172093063175fb01bf49e4d66d45ceee669bf7641eb39a6000f796d14d6

SHA512
62c44e0615bce91bec5eaf1f454d55bd9cd4a9570dcab17a9d5125520ed7cf93e695a6ba3aa2aecc3bb8c339d031f6f14fdf2ec4135bae4d09bee52742b7129b

Download Submit
C:\Windows\System\DGRbaFB.exe

Filesize
1.9MB

MD5
3de36091e97c2ebfd49a5fd3366b24bd

SHA1
42aa73d9ee416a6037e96cf7a9e5ac9cae580164

SHA256
6216d3423924ae430c7e7cce90326077818aa92a5ee91e33e3bc27d24a357873

SHA512
56cca4ed76d3aecee4bf63763925020e8534aa8ce1313771f499ba9866435d405c21704e518a364ad2122c3d2b9043bfba4c9a4e87d4f8afe110604ca177646a

Download Submit
C:\Windows\System\FZIjgva.exe

Filesize
1.9MB

MD5
41f9617b4d788b10b9376e01976d29f9

SHA1
f622abf8516d2529860a5c99258d8848baf435c2

SHA256
da7af8c25f9c7926ae5e75efe05bea7261bcb563dbf00b8922b380a37a932866

SHA512
482640b67c2c193db7c291de01d01a6d70b92527b9357a08c798de3b3b07fdded26c3e5821edd469e86e5904f369be12b48899882857dd3ec916717084703acd

Download Submit
C:\Windows\System\FndLmdI.exe

Filesize
1.9MB

MD5
63466a504410bc6ecbfd0e7d7765e4a0

SHA1
935b70abdcd86e62f73d76914bc8c1d81d1ffccd

SHA256
b61296700cf928c206fad91ad49990db194e7a06c05ff3e0b5efdeec2539904e

SHA512
9906e6544ea5c381afbdbdaee9c7978927bc37741c266cc2908850275a0c636582313a31c7e29a6f82a5b7706e2525ef2e9ed01a5fe82736fb8d4d552fe141cc

Download Submit
C:\Windows\System\GBbmFwO.exe

Filesize
1.9MB

MD5
234635f782cacab40740f1b64bb92489

SHA1
9a347a221801bb504e10c89d1ddde955f2d04632

SHA256
8240fc38e649056f6c818f851ff59ef79bab937353fd595f49adf27ce8946a13

SHA512
a715430fda0205eefd3a299ffacd09ebcce0020179108e5aadd700304abf1f2feb176e4a14bade21882e5d5081da2bdf3c34516c4fa3f878abdaff958cafbf37

Download Submit
C:\Windows\System\JTDHyPF.exe

Filesize
1.9MB

MD5
9819b20e6a14253bbaa838eddc44e980

SHA1
7cc508d1cff1c321b4ddcc77afef8e1ba9eb41c7

SHA256
e2e88e9a4cb2646c3c621f20d6dafe0a591ab3c0b782deee14832cca76bc10f8

SHA512
bafb2ffc6b06d4d58a485eb4878c05498df10b9983a1f1d02feb7dffb38252ec115554ff97e2397e49406e0446ef1187859dbf0b3115b5ae6ab1ef1e2ef79546

Download Submit
C:\Windows\System\LtMRgqT.exe

Filesize
8B

MD5
30a9dfceb37577cb23b97b50ee0ca790

SHA1
b56360a546aafbfa7ce003cd05916a7ab7239259

SHA256
44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4

SHA512
f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

Download Submit
C:\Windows\System\MZRRCOn.exe

Filesize
1.9MB

MD5
4643bb0aaf4ff9613fed524a66f7f9a9

SHA1
35ec5892a643239b699e2558583a57fc93e4b834

SHA256
9e9b9d9604e2bd0d2659cacb0047da6a648cd26d01b2b2934c24b7899c9fab63

SHA512
7b1bd22b94198988131d2105beb9b0272ef92e513a2214dfe695d0f5a877b8e1edc6bc93e4fe0d335a6ad841b91e01d32cb155425c4daf99b10e383839f3a2c9

Download Submit
C:\Windows\System\RDrQgGD.exe

Filesize
1.9MB

MD5
25cb552669996c1120004d73fe9a7b9f

SHA1
cdd37a9bfe55b17bb1240efde13f32f2eb6d81d0

SHA256
c2744c4ec8ec60d50896c45192772b0adb027b97eeb89430fb6f3fc98c9c2dab

SHA512
3e5d7e499c9a363d768571f8d0672b28396314ee2939e00fb7b6871f915ec0f0d92eb3d7e5bb7927cb8826721b3fab95b15f573dc06964c4a311f1001be4d7bb

Download Submit
C:\Windows\System\TOJBKSZ.exe

Filesize
1.9MB

MD5
7d3b130a93fde33be2c1896a62947e44

SHA1
c7b0611f80eca11d3383e1c81ddd7ec03945bd32

SHA256
654fae0533cee205482326f079677aa35b48fecb0350fde812621110524b66a1

SHA512
c8cb73c4f4eea07c0dbdb15824ffc143fdf1e9c2f726ea78a091644a9a89c0eadd2edd90c0633bb3d7b0a457a9eca4b81b58ffd53d1fe052e962dbcacb9df3b1

Download Submit
C:\Windows\System\UJBYlIE.exe

Filesize
1.9MB

MD5
1e56f3f4fe54d38c8b1cdeb72c72cc61

SHA1
56365c3c8e0d6262eec1bacd81c53a7732cda022

SHA256
4293d9b53d9569ee5f954722597fe49665a2b9a11b08e4f3408dfba7a9661d31

SHA512
bdc6d3a0f6ac489cecc51af58919f354107be5bfb4babb83da3cad02b3cee982ae7b97f7487d7a6bb60354451f70e8bf957debf584368ea8c0a71577b9d27477

Download Submit
C:\Windows\System\VtDymRC.exe

Filesize
1.9MB

MD5
fa83f17dd6601e4d4f305d4f8bbd38a1

SHA1
fe3808fb86e31f4eb820f5b52a7a75665478c897

SHA256
5df469306a5c5dfff83082d7098033547fde22f90286f6abc79e51a15bc665b1

SHA512
d9350690baad238900674db25793f41ede25bdc3bd2a345feb55741bc380890eeff67dfc704417a289841b928f5baea5fea8fc6b49baed3beb181971ad4adec6

Download Submit
C:\Windows\System\cDqcDoi.exe

Filesize
1.9MB

MD5
8f80e3ee7d480195bf5f3f01ebbe5072

SHA1
b06835a4c03356de4eba1bd51453cfa6f09f29b3

SHA256
e05ee3d543b6e1eba9f7feeb0a8844abbd3861ea03fda744c2ba79b94a84bde6

SHA512
0eb079f1c09bba1867c4fb3e890559ecb456126e609f1399151de4881980c419c1ddbc81d1768e76e3e0fb7b4c5a8a8b1274c69c5d0978083ea738e98711b189

Download Submit
C:\Windows\System\dIEJtvV.exe

Filesize
1.9MB

MD5
19eaec1c06011350e682dcb21a09a302

SHA1
9d4feaddff1f69463d871f07954d5156027631cc

SHA256
f03a24704ec03096f244d5d0c33f0d9f4d82fd0a170bbe77057a61af4e75439a

SHA512
5fcd3557e3df0b7df45730cbf5e3bac245e736b0457713345251955ae24eb96433642cface0b474052603e42174c8fc3141c24cc6dc0dcc9b2b700dd130a4989

Download Submit
C:\Windows\System\dgXDoej.exe

Filesize
1.9MB

MD5
91901ea7619bbff5f81f35a219b52838

SHA1
eb7056b12a0d84899cf18ee8557e1bec8ebeff0e

SHA256
84cae4641c183815d58753ddfaf2fd481a5c9904dbcdc0cc83f79bbbe9f233af

SHA512
be97929778f3817880438dddd18f00dd2b245badc3b91cfbabdf0e8f3fc8428ef393767e95e4654708f6edf7f7b2cad0825163eecebf0cd6ab19012936b3fb40

Download Submit
C:\Windows\System\gdfrpcD.exe

Filesize
1.9MB

MD5
62beddbee4cbfee9f7d75afc9b85605a

SHA1
5aaeb01827b082e3b5b395caeb0118b18c18f8e1

SHA256
da869a9e8f3423ca8ca73a200df881edfcc4906895273fb0c1c45aa010d125f3

SHA512
ca5535c79c8effee652dd237654ef941868335202aa79caa085c685bb5e327d7ff78dd55a5f88d5f80dfb5cf983bbb6f786bb68e0eabd1c2839d6fc56178a71a

Download Submit
C:\Windows\System\iFJKQSs.exe

Filesize
1.9MB

MD5
db9b6abf7964fde4c27d65682d914f57

SHA1
c4113e81a33ac0a35a13c2b5d2359dc2926ddd86

SHA256
7db30bef3d97ca02b0b817bcb3225919f4613716f50f961e48626665cb29fbc3

SHA512
cb229c8ad1b865a3b45246cc634095471c6bd2be96a73b662f5329184cd6ca14929aa8780a751ec4061d6d6b155a6be5c95c9b7fa4e4f946acad727aa16c5005

Download Submit
C:\Windows\System\jfDenrL.exe

Filesize
1.9MB

MD5
eb64fdd579deec7e3fc2325e2d720a1a

SHA1
917b4cdf8a6230d1a07c1dc3f477d72842c5eda8

SHA256
12a5faffd3331eefded36e4e2edb99a0c2bd0d92f874a49161cb8ad4f543ab4c

SHA512
a2b7438e591d6bc79597eeb161cc22c76d67fbd071e59d45a54f4bce94d225ef156a9df257c5a4727fe8d2ffa538ed7896de6c14670d93be977b788d341947e4

Download Submit
C:\Windows\System\kPKQyFG.exe

Filesize
1.9MB

MD5
fa2b2c826c7470bde8833a61296a0079

SHA1
bdb6d4c0337d2989a4b79ed4ecb9d467deef264e

SHA256
314700e84b7f105c4472802113a6b93b414f35ef5a152b27c9e8931b966881c5

SHA512
d5b39e5f25f36d2c43c576fa679ab94ce44294719961a5b7b9952a896b54b39d854b2058de812be8e479c6355f68b726c1c7121648d64de48da189f01eee84de

Download Submit
C:\Windows\System\kePLrke.exe

Filesize
1.9MB

MD5
7c2c5fedb9b601c7317bedceae6f1e65

SHA1
0638e1e0094f927b91e533feb4a5b39ae48ec860

SHA256
356e9455cce0d7cae582912cafb33d0ef08df26d231ea79e06f58c600215d42f

SHA512
459d1bfef8a4e741c98f44b82024b7b9d1d51a47148536284838758744b56a499a40dd10cb1020533d1a5313b03805dc867a7ba31e34429fd930495cf144a16e

Download Submit
C:\Windows\System\nnoVRgM.exe

Filesize
1.9MB

MD5
877ec85993fa32735015ec98d4836fbd

SHA1
7c1982ecc8e088541c159f8bfc46b48656aadd0d

SHA256
49ed5dbd2373efe592e7d67ed5b8bd00ba9a0a0bfa2cc70e36c04a9b992a12ae

SHA512
a97e4a20244b9fdf16995614d1702de3c206a41befd5009f13fcec16e150f31f601c27ff032e83c4ca7868002a981f253a9b725444495fcd534881f7f369d5db

Download Submit
C:\Windows\System\nvGeGSW.exe

Filesize
1.9MB

MD5
f764c9ce371f078c16ba2f7fe36cab9b

SHA1
1764f9c75cc568b43a95f507d456bab478571faf

SHA256
89e4bf4731b2a0e073da07b2def9037d4de21d34b13e1d4bd6cc27eb2e7f5cd0

SHA512
0eac91617a970b8ae3594a5895a0a2674cbcb3fba5db21e3fd1ba93fffc86776b342d334fc3dccf5b38681e99cad4b9a2d8cc2efb941e0b3ca11bea0552e3a1a

Download Submit
C:\Windows\System\nzMWWuD.exe

Filesize
1.9MB

MD5
147e96bdd35820198d0b32074b8f7789

SHA1
abd10e37af44d07ff30ddfa803c22aefecc6b932

SHA256
18f2ecb3977a0c6f40332a1b1ef56a3348cdcf8fcc68022abddae651d081d3f2

SHA512
584d291b69db5e9770430e99e02c002cc3a137adf74505fa0117b9046bad9df6ff9f3bfa3a53ac2a33251bc64cf06b5552e6f3f9f88c1967c4bd4c396da03453

Download Submit
C:\Windows\System\oWmjCQY.exe

Filesize
1.9MB

MD5
50e98a7bf359907e7e0070ef31c1f835

SHA1
c487cf7fc9e9bd8dac2dba4dcdbaba5e145302e5

SHA256
61eba20c7eb220ad4d40b04202f591f806ce08eac13fe2eac6b48bf004e566ad

SHA512
8b46dd3e59678585b90e70c3cc4d77fd260ba6490d214953dab35b31d5e9ab02fe5ab57381809fbfbf7b4a136df149e835db0b95cf8581c93822ffe87d3ccd80

Download Submit
C:\Windows\System\pVqqGJv.exe

Filesize
1.9MB

MD5
f75d51cb9b3c173a3004b9ad36a836b3

SHA1
acde9221beeb516163152046dfabe558ff0708ff

SHA256
e22450ada5ea8174d571dcc0193f2d8d8dbad70979b19763432936371a0b8b05

SHA512
8bd46194867d786c2eed4ce60664a1ac07ecc0c7c380d5b3a8b9b2f88e3d25051cfdc16df22a89ec26baf17d1291e0372402fe6c4d44b77a6ace7b5b76a5f24e

Download Submit
C:\Windows\System\pYFazBx.exe

Filesize
1.9MB

MD5
43de3f1230a2fbefa486d40f57a17981

SHA1
b441d0b2d2f2844a0b9a95dea12bd0c09302a342

SHA256
2c10991d161225bd330123fa10726461462b446e2921047ec4958aeafef61490

SHA512
51ce04c53f772c6809863986c4fdfc02c4955e194a18f39c3cffbe0116b77ef2eba47ce25f0aa7715f5ee27dd5a6913cce2ab7a0582efbfbce18b8079aa2285d

Download Submit
C:\Windows\System\qfasCBV.exe

Filesize
1.9MB

MD5
0b3450a46c6410bef5dd43369d5ffdc4

SHA1
2a84b9cbd55f421db71122064e93b63c8e0c3868

SHA256
110b71189c5bf336811479f8df64d5d575758a5776a8b8db6e28c9957329c656

SHA512
07c82b3844f64d6b5b3be08ebac7940b9377eba96fd01054b53621dbff26d7c3d78faef5a880daf98d4517b53b117767c90b91b3fda99408b6ef4438a4aebe54

Download Submit
C:\Windows\System\txhowEf.exe

Filesize
1.9MB

MD5
255959dc24b301bbeca4df0ff1e69acc

SHA1
83f1278bebb56bb8823011b613298a7636b83486

SHA256
86cce1b53490282cc4a1f736432d6a7e4abcabe07a973a515db57f9ab0707794

SHA512
e3671a5f87cf06c8f085481591d87ed756722d20cc359e54f05d1f1b6844d4ef61f6edece8851215d6efb71dbfe29393367187dc06698038f79ab356adbbeec6

Download Submit
C:\Windows\System\txwTLRi.exe

Filesize
1.9MB

MD5
86cae399ac76089555d52beee20002e8

SHA1
ba64749a54acac602aaa1739b55ad8938e3fd27e

SHA256
28b0885f8c132ad1203f084398ad5d2dc393f4f00920b6b36141ebb5b6f07e5a

SHA512
5c128fdecaedba969bdca0fa747f2a1d226e8628dd4c26efd133f849fa7a2688bbd8c7675c8f83d62583daa4a2ac2553c76aa4166e959350417f34087d056636

Download Submit
C:\Windows\System\uQJbtxV.exe

Filesize
1.9MB

MD5
9e81549d7ef60c08aeb2d660a3f57f1f

SHA1
8c25a36a1af7430f9874faff2eae90c6774227dd

SHA256
3e8ce9c578b4f36043d8293c1eb2420c6ae7e9097202395c825aea10557cd424

SHA512
3107f16095ee783f32b3becb338f2d4d6a7a48d54af65edc153769fd70585795af2baaf44ece795c7bb5aed59db7244956e3ff92ad85d9a2069c9930b0b86f47

Download Submit
C:\Windows\System\unPfChC.exe

Filesize
1.9MB

MD5
27d241d8fe6f6fbe29345c8970906947

SHA1
7e382b0fcae15485c08998b22ff683a5e4d4cdd6

SHA256
d675b02a6e79888f5f4b056b2f58262dd64b77668517e590b2345dabcdace809

SHA512
f2c2cc496791af44dc03bc080570ddfaa808f4719f759d87ed3d810dab283041b9ca47c4f7f82df0c8d8e370f7370b4420760d9d92f8ab7568925eae730c9288

Download Submit
C:\Windows\System\xVkvPhB.exe

Filesize
1.9MB

MD5
aa3dc1a8a1504f95ee9065da9690e420

SHA1
86d6a3a8b8161e5ab989aaa9565696c1ae649a68

SHA256
af8d963950ccfd6447394d3b4e2f169a9aef75a7627be1ce4d563bcd3b6dbd24

SHA512
b02fbb3b7b3cdbeee18f55fdd11701eb012c6f220e3b39403363b964489fdf012c4083a0db627a04ecd4ad06b5ff866e4db3228d533029fbc256506de0d3029e

Download Submit
C:\Windows\System\zFjHihl.exe

Filesize
1.9MB

MD5
536a71849c914da3e70cd38f363b697b

SHA1
5b923328e059aca33ba67586b49aa2bd2c4597c5

SHA256
31961fd4231daed5b6502fa434c81ec17e6e301b78f4f3a6c24490d7fd151e2e

SHA512
f83527b79f0bc9497d8bd38307034a0c7e816628920f2e291e25a479f9c649ac4ad53f00d31c8bee624ec64aa0211e224d0a88ceab09a1cf49872ea157f27c4d

Download Submit
C:\Windows\System\zNUXzfJ.exe

Filesize
1.9MB

MD5
4729a013f3b6be570a2f81503cd61b59

SHA1
b83ddff27ac8a1c3bd558f65999278ac8001bc53

SHA256
f37ce5b335137d2ec84304d928063541c166150c875a4ad0f2114ad97615958a

SHA512
f7d43fc2311d5b8af9bcb50c12ca204736f8761c2db5c65b162bcb1184c995acd6f8b4010b665a1afd1d66d7e1c8a0a0a1fc616c4723d009146471e381411def

Download Submit
memory/608-2373-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp

Filesize
3.9MB

Download
memory/608-122-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp

Filesize
3.9MB

Download
memory/608-2464-0x00007FF7453F0000-0x00007FF7457E2000-memory.dmp

Filesize
3.9MB

Download
memory/1152-138-0x00007FF714760000-0x00007FF714B52000-memory.dmp

Filesize
3.9MB

Download
memory/1152-2477-0x00007FF714760000-0x00007FF714B52000-memory.dmp

Filesize
3.9MB

Download
memory/1152-2441-0x00007FF714760000-0x00007FF714B52000-memory.dmp

Filesize
3.9MB

Download
memory/1184-150-0x00007FF7C85B0000-0x00007FF7C89A2000-memory.dmp

Filesize
3.9MB

Download
memory/1184-2479-0x00007FF7C85B0000-0x00007FF7C89A2000-memory.dmp

Filesize
3.9MB

Download
memory/1372-2471-0x00007FF66B3E0000-0x00007FF66B7D2000-memory.dmp

Filesize
3.9MB

Download
memory/1372-149-0x00007FF66B3E0000-0x00007FF66B7D2000-memory.dmp

Filesize
3.9MB

Download
memory/1388-2337-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp

Filesize
3.9MB

Download
memory/1388-2395-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp

Filesize
3.9MB

Download
memory/1388-62-0x00007FF6C8350000-0x00007FF6C8742000-memory.dmp

Filesize
3.9MB

Download
memory/1424-2382-0x00007FF601150000-0x00007FF601542000-memory.dmp

Filesize
3.9MB

Download
memory/1424-61-0x00007FF601150000-0x00007FF601542000-memory.dmp

Filesize
3.9MB

Download
memory/2664-2384-0x00007FF7E4B10000-0x00007FF7E4F02000-memory.dmp

Filesize
3.9MB

Download
memory/2664-65-0x00007FF7E4B10000-0x00007FF7E4F02000-memory.dmp

Filesize
3.9MB

Download
memory/2748-2393-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp

Filesize
3.9MB

Download
memory/2748-2357-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp

Filesize
3.9MB

Download
memory/2748-66-0x00007FF6AB790000-0x00007FF6ABB82000-memory.dmp

Filesize
3.9MB

Download
memory/3368-81-0x00000208007B0000-0x0000020800F56000-memory.dmp

Filesize
7.6MB

Download
memory/3368-53-0x0000020798460000-0x0000020798470000-memory.dmp

Filesize
64KB

Download
memory/3368-2356-0x00007FFD8FA40000-0x00007FFD90501000-memory.dmp

Filesize
10.8MB

Download
memory/3368-2336-0x0000020798460000-0x0000020798470000-memory.dmp

Filesize
64KB

Download
memory/3368-76-0x00000207FDD80000-0x00000207FDDA2000-memory.dmp

Filesize
136KB

Download
memory/3368-64-0x00007FFD8FA40000-0x00007FFD90501000-memory.dmp

Filesize
10.8MB

Download
memory/3400-2466-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2428-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/3400-130-0x00007FF6EACC0000-0x00007FF6EB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/3756-100-0x00007FF722850000-0x00007FF722C42000-memory.dmp

Filesize
3.9MB

Download
memory/3756-2375-0x00007FF722850000-0x00007FF722C42000-memory.dmp

Filesize
3.9MB

Download
memory/3756-12-0x00007FF722850000-0x00007FF722C42000-memory.dmp

Filesize
3.9MB

Download
memory/3764-136-0x00007FF6887C0000-0x00007FF688BB2000-memory.dmp

Filesize
3.9MB

Download
memory/3764-2469-0x00007FF6887C0000-0x00007FF688BB2000-memory.dmp

Filesize
3.9MB

Download
memory/3900-2443-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp

Filesize
3.9MB

Download
memory/3900-90-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp

Filesize
3.9MB

Download
memory/3900-2358-0x00007FF7C2530000-0x00007FF7C2922000-memory.dmp

Filesize
3.9MB

Download
memory/3984-2372-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/3984-2462-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/3984-92-0x00007FF60D1D0000-0x00007FF60D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/4032-29-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp

Filesize
3.9MB

Download
memory/4032-2380-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp

Filesize
3.9MB

Download
memory/4032-1692-0x00007FF6FC210000-0x00007FF6FC602000-memory.dmp

Filesize
3.9MB

Download
memory/4348-56-0x00007FF7C0780000-0x00007FF7C0B72000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2385-0x00007FF7C0780000-0x00007FF7C0B72000-memory.dmp

Filesize
3.9MB

Download
memory/4424-2389-0x00007FF78FE00000-0x00007FF7901F2000-memory.dmp

Filesize
3.9MB

Download
memory/4424-23-0x00007FF78FE00000-0x00007FF7901F2000-memory.dmp

Filesize
3.9MB

Download
memory/4512-0-0x00007FF6EDD90000-0x00007FF6EE182000-memory.dmp

Filesize
3.9MB

Download
memory/4512-1-0x0000024686400000-0x0000024686410000-memory.dmp

Filesize
64KB

Download
memory/4512-139-0x00007FF6EDD90000-0x00007FF6EE182000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2388-0x00007FF774A20000-0x00007FF774E12000-memory.dmp

Filesize
3.9MB

Download
memory/4592-63-0x00007FF774A20000-0x00007FF774E12000-memory.dmp

Filesize
3.9MB

Download
memory/4644-1065-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp

Filesize
3.9MB

Download
memory/4644-2377-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp

Filesize
3.9MB

Download
memory/4644-20-0x00007FF6F7970000-0x00007FF6F7D62000-memory.dmp

Filesize
3.9MB

Download
memory/4832-2472-0x00007FF6D22E0000-0x00007FF6D26D2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-135-0x00007FF6D22E0000-0x00007FF6D26D2000-memory.dmp

Filesize
3.9MB

Download
memory/4968-41-0x00007FF634C80000-0x00007FF635072000-memory.dmp

Filesize
3.9MB

Download
memory/4968-2391-0x00007FF634C80000-0x00007FF635072000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2445-0x00007FF67F650000-0x00007FF67FA42000-memory.dmp

Filesize
3.9MB

Download
memory/5036-101-0x00007FF67F650000-0x00007FF67FA42000-memory.dmp

Filesize
3.9MB

Download