xmrig | e994582186041cbf471ff2b5bdfcde3fa3034b3c2fb2c0969f09e409e5d091ea

Analysis

max time kernel
27s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
Size

2.1MB
MD5

0264e9dedce55ca6ab3139705ab8756c
SHA1

ed378d7d5ce4f5e832763fb2fdf4f21719a8536f
SHA256

e994582186041cbf471ff2b5bdfcde3fa3034b3c2fb2c0969f09e409e5d091ea
SHA512

4d908af5e182d0506775ef1aaa811c2a4e6a2415a31620481bc15e5789c11ebfa7f91c7d813649ce30e6aaccee1d6f92ca283b9e05e3790e9ddaa023fd3159b4
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafws1PZ:NABQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 19 IoCs

miner

resource	yara_rule
behavioral2/memory/3588-48-0x00007FF679890000-0x00007FF679C82000-memory.dmp	xmrig
behavioral2/memory/548-45-0x00007FF6EF700000-0x00007FF6EFAF2000-memory.dmp	xmrig
behavioral2/memory/1492-54-0x00007FF60FDB0000-0x00007FF6101A2000-memory.dmp	xmrig
behavioral2/memory/1636-63-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp	xmrig
behavioral2/memory/924-70-0x00007FF7C7220000-0x00007FF7C7612000-memory.dmp	xmrig
behavioral2/memory/4000-112-0x00007FF74DDA0000-0x00007FF74E192000-memory.dmp	xmrig
behavioral2/memory/4584-117-0x00007FF65D1A0000-0x00007FF65D592000-memory.dmp	xmrig
behavioral2/memory/4804-119-0x00007FF70DA60000-0x00007FF70DE52000-memory.dmp	xmrig
behavioral2/memory/1656-118-0x00007FF67FE40000-0x00007FF680232000-memory.dmp	xmrig
behavioral2/memory/3716-113-0x00007FF689D00000-0x00007FF68A0F2000-memory.dmp	xmrig
behavioral2/memory/3692-107-0x00007FF761590000-0x00007FF761982000-memory.dmp	xmrig
behavioral2/memory/3160-106-0x00007FF6408B0000-0x00007FF640CA2000-memory.dmp	xmrig
behavioral2/memory/3752-78-0x00007FF7992B0000-0x00007FF7996A2000-memory.dmp	xmrig
behavioral2/memory/3124-73-0x00007FF792A80000-0x00007FF792E72000-memory.dmp	xmrig
behavioral2/memory/4628-133-0x00007FF7E75D0000-0x00007FF7E79C2000-memory.dmp	xmrig
behavioral2/memory/1592-145-0x00007FF629A90000-0x00007FF629E82000-memory.dmp	xmrig
behavioral2/memory/5052-2090-0x00007FF661140000-0x00007FF661532000-memory.dmp	xmrig
behavioral2/memory/4984-2093-0x00007FF6EAEC0000-0x00007FF6EB2B2000-memory.dmp	xmrig
behavioral2/memory/1664-2486-0x00007FF75FFC0000-0x00007FF7603B2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3176	powershell.exe
5	3176	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
548	bTWiiNw.exe
3588	FtPRcfn.exe
1492	CwMFxok.exe
1636	FZMXiCL.exe
3160	Xheqckd.exe
924	Rkaztkx.exe
3124	jsJNgqS.exe
3752	viVqReB.exe
3692	zDVFbyK.exe
4000	GRziTZe.exe
5052	MlRhLoe.exe
3716	FVKqZOG.exe
4984	ORaITSd.exe
4584	WmJeqtK.exe
1656	lNoVxNh.exe
1664	qhCBzeD.exe
4804	mNnPyGL.exe
5076	jzWUwsL.exe
4628	RPJujBf.exe
4480	HdfqCnH.exe
1592	ZIMgUJR.exe
2960	JVlkmRa.exe
1340	mMIUKda.exe
3872	IvRnPns.exe
1840	CCuNpQY.exe
3772	ywRjFVp.exe
2568	LEFCnAG.exe
4164	fueUCmq.exe
1108	nPQPaCQ.exe
4864	GLuUNXx.exe
2460	WunAngB.exe
3624	MGTCiWe.exe
2348	hTaKldA.exe
4208	YMTDZtK.exe
4916	mFYDgQZ.exe
1632	VWUxpKu.exe
1560	ccXYpEV.exe
2500	cyEvdkJ.exe
4436	CwgMooA.exe
4676	plhmMpz.exe
4828	THGjMnC.exe
2632	XUtIVKU.exe
876	YGLDBDm.exe
3236	MAKmttc.exe
1304	sxNdbSl.exe
2692	gvVjudv.exe
4824	jrVkZth.exe
4104	pluFVcA.exe
1644	aTuLGJn.exe
640	eVNZIeh.exe
2184	aMNsxTE.exe
4108	rNikDaG.exe
1856	olZVpdG.exe
720	TFNoHQW.exe
5024	SXDXReK.exe
5104	XSIBMaR.exe
4332	UnCyQaY.exe
1164	wNvqGhS.exe
3740	QqjeUxJ.exe
2188	NSjrdHb.exe
2980	hetfSvr.exe
4592	ELjlUuX.exe
5036	aKOXvrb.exe
2764	RIkVMXo.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/972-0-0x00007FF6CD380000-0x00007FF6CD772000-memory.dmp	upx
behavioral2/files/0x00090000000226f2-5.dat	upx
behavioral2/files/0x0008000000023435-29.dat	upx
behavioral2/memory/3588-48-0x00007FF679890000-0x00007FF679C82000-memory.dmp	upx
behavioral2/files/0x0007000000023437-39.dat	upx
behavioral2/files/0x0007000000023439-36.dat	upx
behavioral2/files/0x0007000000023438-35.dat	upx
behavioral2/memory/548-45-0x00007FF6EF700000-0x00007FF6EFAF2000-memory.dmp	upx
behavioral2/files/0x0007000000023436-37.dat	upx
behavioral2/files/0x00090000000233f4-16.dat	upx
behavioral2/files/0x0009000000023434-17.dat	upx
behavioral2/memory/1492-54-0x00007FF60FDB0000-0x00007FF6101A2000-memory.dmp	upx
behavioral2/memory/1636-63-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp	upx
behavioral2/memory/924-70-0x00007FF7C7220000-0x00007FF7C7612000-memory.dmp	upx
behavioral2/files/0x000700000002343f-77.dat	upx
behavioral2/files/0x000800000002343b-86.dat	upx
behavioral2/files/0x0007000000023441-91.dat	upx
behavioral2/files/0x0007000000023442-103.dat	upx
behavioral2/memory/4000-112-0x00007FF74DDA0000-0x00007FF74E192000-memory.dmp	upx
behavioral2/memory/4584-117-0x00007FF65D1A0000-0x00007FF65D592000-memory.dmp	upx
behavioral2/memory/5076-120-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp	upx
behavioral2/files/0x0007000000023443-121.dat	upx
behavioral2/memory/4804-119-0x00007FF70DA60000-0x00007FF70DE52000-memory.dmp	upx
behavioral2/memory/1656-118-0x00007FF67FE40000-0x00007FF680232000-memory.dmp	upx
behavioral2/memory/3716-113-0x00007FF689D00000-0x00007FF68A0F2000-memory.dmp	upx
behavioral2/memory/3692-107-0x00007FF761590000-0x00007FF761982000-memory.dmp	upx
behavioral2/memory/3160-106-0x00007FF6408B0000-0x00007FF640CA2000-memory.dmp	upx
behavioral2/files/0x000700000002343e-98.dat	upx
behavioral2/files/0x0007000000023440-97.dat	upx
behavioral2/memory/1664-96-0x00007FF75FFC0000-0x00007FF7603B2000-memory.dmp	upx
behavioral2/files/0x000700000002343d-90.dat	upx
behavioral2/memory/4984-88-0x00007FF6EAEC0000-0x00007FF6EB2B2000-memory.dmp	upx
behavioral2/files/0x000800000002343c-83.dat	upx
behavioral2/memory/3752-78-0x00007FF7992B0000-0x00007FF7996A2000-memory.dmp	upx
behavioral2/memory/5052-87-0x00007FF661140000-0x00007FF661532000-memory.dmp	upx
behavioral2/memory/3124-73-0x00007FF792A80000-0x00007FF792E72000-memory.dmp	upx
behavioral2/files/0x000700000002343a-66.dat	upx
behavioral2/files/0x0007000000023444-125.dat	upx
behavioral2/memory/4628-133-0x00007FF7E75D0000-0x00007FF7E79C2000-memory.dmp	upx
behavioral2/files/0x0007000000023446-137.dat	upx
behavioral2/memory/1592-145-0x00007FF629A90000-0x00007FF629E82000-memory.dmp	upx
behavioral2/files/0x0009000000023422-141.dat	upx
behavioral2/memory/4480-139-0x00007FF77F2A0000-0x00007FF77F692000-memory.dmp	upx
behavioral2/files/0x0007000000023445-138.dat	upx
behavioral2/files/0x0007000000023447-147.dat	upx
behavioral2/files/0x0007000000023449-158.dat	upx
behavioral2/files/0x0007000000023448-156.dat	upx
behavioral2/files/0x000700000002344c-179.dat	upx
behavioral2/files/0x000700000002344d-178.dat	upx
behavioral2/files/0x000700000002344e-186.dat	upx
behavioral2/files/0x0007000000023450-196.dat	upx
behavioral2/files/0x000700000002344f-191.dat	upx
behavioral2/files/0x000700000002344b-171.dat	upx
behavioral2/files/0x000700000002344a-166.dat	upx
behavioral2/memory/5052-2090-0x00007FF661140000-0x00007FF661532000-memory.dmp	upx
behavioral2/memory/4984-2093-0x00007FF6EAEC0000-0x00007FF6EB2B2000-memory.dmp	upx
behavioral2/memory/1664-2486-0x00007FF75FFC0000-0x00007FF7603B2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XBtqkZI.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\krMudET.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\JsCjHNu.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\vYTdUtk.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\pBvvQBY.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\qMjhiSN.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\uGVPgaT.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\aZolsBz.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\GzecvHE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\rThMCtd.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\FJVLGcA.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\XXqZlDq.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\pYBskyE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\dIjHRDy.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\YLArcSU.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\acvimuX.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\gUuWgph.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\FvJgdmb.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\IeoFHrG.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\xNgBPMZ.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\INsobzq.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\MBzrfEi.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\WBABfjP.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\INhuTbi.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\vazNBls.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\vweQPEx.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\iJiCvBE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\JWTjYPp.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\UJmXUvt.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\hSdgiNo.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\FHHyKRt.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\dsrkGdE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\CfxvzAq.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\zeaztzW.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\jvDvTpE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\SzxKoAE.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\sszefLl.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\QkKqOWV.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\BgdlOYc.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\MBYPztf.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\PKjsykr.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\oynNUGn.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\YwWfjco.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\EbRGjFd.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\AYRoEEl.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\SQReuMb.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\vfCZTer.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\fwUAVDM.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\arquEcH.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\BVtZVPt.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\aTuLGJn.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\pxxmsze.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\ccQuJtt.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\lbjLbPc.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\jjbAUGj.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\ZnwmvoW.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\gvVdYSs.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\cLFpGSK.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\sTYAkGI.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\yTAKkyz.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\BNPIxJK.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\zoDCVRH.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\NCbtMdk.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
File created	C:\Windows\System\WRSPbJz.exe	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3176	powershell.exe
3176	powershell.exe
3176	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
Token: SeDebugPrivilege	3176	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 3176	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	81
PID 972 wrote to memory of 3176	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	81
PID 972 wrote to memory of 548	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	82
PID 972 wrote to memory of 548	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	82
PID 972 wrote to memory of 3588	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	83
PID 972 wrote to memory of 3588	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	83
PID 972 wrote to memory of 1492	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	84
PID 972 wrote to memory of 1492	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	84
PID 972 wrote to memory of 1636	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	85
PID 972 wrote to memory of 1636	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	85
PID 972 wrote to memory of 3160	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	86
PID 972 wrote to memory of 3160	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	86
PID 972 wrote to memory of 924	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	87
PID 972 wrote to memory of 924	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	87
PID 972 wrote to memory of 3124	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	88
PID 972 wrote to memory of 3124	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	88
PID 972 wrote to memory of 3752	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	89
PID 972 wrote to memory of 3752	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	89
PID 972 wrote to memory of 3692	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	90
PID 972 wrote to memory of 3692	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	90
PID 972 wrote to memory of 4000	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	91
PID 972 wrote to memory of 4000	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	91
PID 972 wrote to memory of 5052	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	92
PID 972 wrote to memory of 5052	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	92
PID 972 wrote to memory of 3716	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	93
PID 972 wrote to memory of 3716	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	93
PID 972 wrote to memory of 4984	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	94
PID 972 wrote to memory of 4984	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	94
PID 972 wrote to memory of 4584	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	95
PID 972 wrote to memory of 4584	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	95
PID 972 wrote to memory of 1656	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	96
PID 972 wrote to memory of 1656	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	96
PID 972 wrote to memory of 1664	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	97
PID 972 wrote to memory of 1664	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	97
PID 972 wrote to memory of 4804	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	98
PID 972 wrote to memory of 4804	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	98
PID 972 wrote to memory of 5076	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	99
PID 972 wrote to memory of 5076	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	99
PID 972 wrote to memory of 4628	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	100
PID 972 wrote to memory of 4628	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	100
PID 972 wrote to memory of 4480	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	102
PID 972 wrote to memory of 4480	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	102
PID 972 wrote to memory of 1592	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	103
PID 972 wrote to memory of 1592	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	103
PID 972 wrote to memory of 2960	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	104
PID 972 wrote to memory of 2960	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	104
PID 972 wrote to memory of 1340	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	105
PID 972 wrote to memory of 1340	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	105
PID 972 wrote to memory of 3872	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	106
PID 972 wrote to memory of 3872	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	106
PID 972 wrote to memory of 1840	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	107
PID 972 wrote to memory of 1840	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	107
PID 972 wrote to memory of 3772	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	108
PID 972 wrote to memory of 3772	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	108
PID 972 wrote to memory of 2568	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	109
PID 972 wrote to memory of 2568	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	109
PID 972 wrote to memory of 4164	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	110
PID 972 wrote to memory of 4164	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	110
PID 972 wrote to memory of 1108	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	111
PID 972 wrote to memory of 1108	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	111
PID 972 wrote to memory of 4864	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	112
PID 972 wrote to memory of 4864	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	112
PID 972 wrote to memory of 2460	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	113
PID 972 wrote to memory of 2460	972	0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe	113

C:\Users\Admin\AppData\Local\Temp\0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0264e9dedce55ca6ab3139705ab8756c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3176
- C:\Windows\System\bTWiiNw.exe
  C:\Windows\System\bTWiiNw.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\FtPRcfn.exe
  C:\Windows\System\FtPRcfn.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\CwMFxok.exe
  C:\Windows\System\CwMFxok.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\FZMXiCL.exe
  C:\Windows\System\FZMXiCL.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\Xheqckd.exe
  C:\Windows\System\Xheqckd.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\Rkaztkx.exe
  C:\Windows\System\Rkaztkx.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\jsJNgqS.exe
  C:\Windows\System\jsJNgqS.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\viVqReB.exe
  C:\Windows\System\viVqReB.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\zDVFbyK.exe
  C:\Windows\System\zDVFbyK.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\GRziTZe.exe
  C:\Windows\System\GRziTZe.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\MlRhLoe.exe
  C:\Windows\System\MlRhLoe.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\FVKqZOG.exe
  C:\Windows\System\FVKqZOG.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\ORaITSd.exe
  C:\Windows\System\ORaITSd.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\WmJeqtK.exe
  C:\Windows\System\WmJeqtK.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\lNoVxNh.exe
  C:\Windows\System\lNoVxNh.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\qhCBzeD.exe
  C:\Windows\System\qhCBzeD.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\mNnPyGL.exe
  C:\Windows\System\mNnPyGL.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\jzWUwsL.exe
  C:\Windows\System\jzWUwsL.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\RPJujBf.exe
  C:\Windows\System\RPJujBf.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\HdfqCnH.exe
  C:\Windows\System\HdfqCnH.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\ZIMgUJR.exe
  C:\Windows\System\ZIMgUJR.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\JVlkmRa.exe
  C:\Windows\System\JVlkmRa.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\mMIUKda.exe
  C:\Windows\System\mMIUKda.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\IvRnPns.exe
  C:\Windows\System\IvRnPns.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\CCuNpQY.exe
  C:\Windows\System\CCuNpQY.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\ywRjFVp.exe
  C:\Windows\System\ywRjFVp.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\LEFCnAG.exe
  C:\Windows\System\LEFCnAG.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\fueUCmq.exe
  C:\Windows\System\fueUCmq.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\nPQPaCQ.exe
  C:\Windows\System\nPQPaCQ.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\GLuUNXx.exe
  C:\Windows\System\GLuUNXx.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\WunAngB.exe
  C:\Windows\System\WunAngB.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\MGTCiWe.exe
  C:\Windows\System\MGTCiWe.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\hTaKldA.exe
  C:\Windows\System\hTaKldA.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\YMTDZtK.exe
  C:\Windows\System\YMTDZtK.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\mFYDgQZ.exe
  C:\Windows\System\mFYDgQZ.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\VWUxpKu.exe
  C:\Windows\System\VWUxpKu.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ccXYpEV.exe
  C:\Windows\System\ccXYpEV.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\cyEvdkJ.exe
  C:\Windows\System\cyEvdkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\CwgMooA.exe
  C:\Windows\System\CwgMooA.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\plhmMpz.exe
  C:\Windows\System\plhmMpz.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\THGjMnC.exe
  C:\Windows\System\THGjMnC.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\XUtIVKU.exe
  C:\Windows\System\XUtIVKU.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\YGLDBDm.exe
  C:\Windows\System\YGLDBDm.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\MAKmttc.exe
  C:\Windows\System\MAKmttc.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\sxNdbSl.exe
  C:\Windows\System\sxNdbSl.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\gvVjudv.exe
  C:\Windows\System\gvVjudv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\jrVkZth.exe
  C:\Windows\System\jrVkZth.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\pluFVcA.exe
  C:\Windows\System\pluFVcA.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\aTuLGJn.exe
  C:\Windows\System\aTuLGJn.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\eVNZIeh.exe
  C:\Windows\System\eVNZIeh.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\aMNsxTE.exe
  C:\Windows\System\aMNsxTE.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\rNikDaG.exe
  C:\Windows\System\rNikDaG.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\olZVpdG.exe
  C:\Windows\System\olZVpdG.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\TFNoHQW.exe
  C:\Windows\System\TFNoHQW.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\SXDXReK.exe
  C:\Windows\System\SXDXReK.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\XSIBMaR.exe
  C:\Windows\System\XSIBMaR.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\UnCyQaY.exe
  C:\Windows\System\UnCyQaY.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\wNvqGhS.exe
  C:\Windows\System\wNvqGhS.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\QqjeUxJ.exe
  C:\Windows\System\QqjeUxJ.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\hetfSvr.exe
  C:\Windows\System\hetfSvr.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\NSjrdHb.exe
  C:\Windows\System\NSjrdHb.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ELjlUuX.exe
  C:\Windows\System\ELjlUuX.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\aKOXvrb.exe
  C:\Windows\System\aKOXvrb.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\RIkVMXo.exe
  C:\Windows\System\RIkVMXo.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\goxuiBI.exe
  C:\Windows\System\goxuiBI.exe
  2⤵
  PID:1964
- C:\Windows\System\MKuRzkt.exe
  C:\Windows\System\MKuRzkt.exe
  2⤵
  PID:3212
- C:\Windows\System\AZidMnK.exe
  C:\Windows\System\AZidMnK.exe
  2⤵
  PID:404
- C:\Windows\System\aERkmhv.exe
  C:\Windows\System\aERkmhv.exe
  2⤵
  PID:3572
- C:\Windows\System\KlZRvdb.exe
  C:\Windows\System\KlZRvdb.exe
  2⤵
  PID:3616
- C:\Windows\System\ltBrvsF.exe
  C:\Windows\System\ltBrvsF.exe
  2⤵
  PID:4416
- C:\Windows\System\dQfnMEY.exe
  C:\Windows\System\dQfnMEY.exe
  2⤵
  PID:3284
- C:\Windows\System\emWPOEp.exe
  C:\Windows\System\emWPOEp.exe
  2⤵
  PID:3944
- C:\Windows\System\MBmSBzJ.exe
  C:\Windows\System\MBmSBzJ.exe
  2⤵
  PID:3972
- C:\Windows\System\zEEJOKG.exe
  C:\Windows\System\zEEJOKG.exe
  2⤵
  PID:2208
- C:\Windows\System\lkQAxup.exe
  C:\Windows\System\lkQAxup.exe
  2⤵
  PID:3828
- C:\Windows\System\TkzuNiX.exe
  C:\Windows\System\TkzuNiX.exe
  2⤵
  PID:1460
- C:\Windows\System\jdgVedr.exe
  C:\Windows\System\jdgVedr.exe
  2⤵
  PID:3448
- C:\Windows\System\sqVGppX.exe
  C:\Windows\System\sqVGppX.exe
  2⤵
  PID:4648
- C:\Windows\System\VMyOJap.exe
  C:\Windows\System\VMyOJap.exe
  2⤵
  PID:1472
- C:\Windows\System\DhNiXph.exe
  C:\Windows\System\DhNiXph.exe
  2⤵
  PID:212
- C:\Windows\System\ZzxxJFA.exe
  C:\Windows\System\ZzxxJFA.exe
  2⤵
  PID:1172
- C:\Windows\System\NoZjvkY.exe
  C:\Windows\System\NoZjvkY.exe
  2⤵
  PID:3560
- C:\Windows\System\zumQzsb.exe
  C:\Windows\System\zumQzsb.exe
  2⤵
  PID:1588
- C:\Windows\System\FMuCTTW.exe
  C:\Windows\System\FMuCTTW.exe
  2⤵
  PID:2216
- C:\Windows\System\WLeuIEz.exe
  C:\Windows\System\WLeuIEz.exe
  2⤵
  PID:1212
- C:\Windows\System\ncvyqUq.exe
  C:\Windows\System\ncvyqUq.exe
  2⤵
  PID:2316
- C:\Windows\System\LbatiHq.exe
  C:\Windows\System\LbatiHq.exe
  2⤵
  PID:916
- C:\Windows\System\rDNTqbs.exe
  C:\Windows\System\rDNTqbs.exe
  2⤵
  PID:4148
- C:\Windows\System\Crvuryl.exe
  C:\Windows\System\Crvuryl.exe
  2⤵
  PID:1548
- C:\Windows\System\rMDPARS.exe
  C:\Windows\System\rMDPARS.exe
  2⤵
  PID:620
- C:\Windows\System\oYtbIsy.exe
  C:\Windows\System\oYtbIsy.exe
  2⤵
  PID:1188
- C:\Windows\System\NIAcRTg.exe
  C:\Windows\System\NIAcRTg.exe
  2⤵
  PID:2392
- C:\Windows\System\nPKAJzr.exe
  C:\Windows\System\nPKAJzr.exe
  2⤵
  PID:4408
- C:\Windows\System\HPGGQAU.exe
  C:\Windows\System\HPGGQAU.exe
  2⤵
  PID:4352
- C:\Windows\System\PSxvFtk.exe
  C:\Windows\System\PSxvFtk.exe
  2⤵
  PID:2404
- C:\Windows\System\XwifIlw.exe
  C:\Windows\System\XwifIlw.exe
  2⤵
  PID:3220
- C:\Windows\System\AdeMtfz.exe
  C:\Windows\System\AdeMtfz.exe
  2⤵
  PID:3248
- C:\Windows\System\efoBctq.exe
  C:\Windows\System\efoBctq.exe
  2⤵
  PID:5132
- C:\Windows\System\zYsujqu.exe
  C:\Windows\System\zYsujqu.exe
  2⤵
  PID:5156
- C:\Windows\System\NaxfsDU.exe
  C:\Windows\System\NaxfsDU.exe
  2⤵
  PID:5188
- C:\Windows\System\ZwSHqXU.exe
  C:\Windows\System\ZwSHqXU.exe
  2⤵
  PID:5216
- C:\Windows\System\ykQsWWn.exe
  C:\Windows\System\ykQsWWn.exe
  2⤵
  PID:5284
- C:\Windows\System\UfoGNNf.exe
  C:\Windows\System\UfoGNNf.exe
  2⤵
  PID:5300
- C:\Windows\System\kgAdtqB.exe
  C:\Windows\System\kgAdtqB.exe
  2⤵
  PID:5336
- C:\Windows\System\AYRoEEl.exe
  C:\Windows\System\AYRoEEl.exe
  2⤵
  PID:5368
- C:\Windows\System\CXjTDYN.exe
  C:\Windows\System\CXjTDYN.exe
  2⤵
  PID:5388
- C:\Windows\System\OUSzNpa.exe
  C:\Windows\System\OUSzNpa.exe
  2⤵
  PID:5428
- C:\Windows\System\DuFqGhh.exe
  C:\Windows\System\DuFqGhh.exe
  2⤵
  PID:5452
- C:\Windows\System\xTOEPYJ.exe
  C:\Windows\System\xTOEPYJ.exe
  2⤵
  PID:5480
- C:\Windows\System\PbEKmpI.exe
  C:\Windows\System\PbEKmpI.exe
  2⤵
  PID:5508
- C:\Windows\System\hzwnQJi.exe
  C:\Windows\System\hzwnQJi.exe
  2⤵
  PID:5532
- C:\Windows\System\UYxAQMj.exe
  C:\Windows\System\UYxAQMj.exe
  2⤵
  PID:5556
- C:\Windows\System\DzJLUSp.exe
  C:\Windows\System\DzJLUSp.exe
  2⤵
  PID:5584
- C:\Windows\System\DIOzOhp.exe
  C:\Windows\System\DIOzOhp.exe
  2⤵
  PID:5612
- C:\Windows\System\LhchqlA.exe
  C:\Windows\System\LhchqlA.exe
  2⤵
  PID:5632
- C:\Windows\System\jJeCLxP.exe
  C:\Windows\System\jJeCLxP.exe
  2⤵
  PID:5660
- C:\Windows\System\WcjvzpQ.exe
  C:\Windows\System\WcjvzpQ.exe
  2⤵
  PID:5704
- C:\Windows\System\WBkjWyM.exe
  C:\Windows\System\WBkjWyM.exe
  2⤵
  PID:5720
- C:\Windows\System\mhBIFgu.exe
  C:\Windows\System\mhBIFgu.exe
  2⤵
  PID:5744
- C:\Windows\System\sgqcgeg.exe
  C:\Windows\System\sgqcgeg.exe
  2⤵
  PID:5788
- C:\Windows\System\MmSNfBM.exe
  C:\Windows\System\MmSNfBM.exe
  2⤵
  PID:5820
- C:\Windows\System\vlxzsWx.exe
  C:\Windows\System\vlxzsWx.exe
  2⤵
  PID:5848
- C:\Windows\System\CpLrAzb.exe
  C:\Windows\System\CpLrAzb.exe
  2⤵
  PID:5880
- C:\Windows\System\HzBGrYh.exe
  C:\Windows\System\HzBGrYh.exe
  2⤵
  PID:5904
- C:\Windows\System\BkXXonQ.exe
  C:\Windows\System\BkXXonQ.exe
  2⤵
  PID:5924
- C:\Windows\System\OxfvYnW.exe
  C:\Windows\System\OxfvYnW.exe
  2⤵
  PID:5948
- C:\Windows\System\ObdrhOY.exe
  C:\Windows\System\ObdrhOY.exe
  2⤵
  PID:5976
- C:\Windows\System\Vvqftcv.exe
  C:\Windows\System\Vvqftcv.exe
  2⤵
  PID:6000
- C:\Windows\System\xrBuRYx.exe
  C:\Windows\System\xrBuRYx.exe
  2⤵
  PID:6024
- C:\Windows\System\aPAtrUb.exe
  C:\Windows\System\aPAtrUb.exe
  2⤵
  PID:6068
- C:\Windows\System\zmxWIrC.exe
  C:\Windows\System\zmxWIrC.exe
  2⤵
  PID:6096
- C:\Windows\System\xQQLZoA.exe
  C:\Windows\System\xQQLZoA.exe
  2⤵
  PID:6116
- C:\Windows\System\wxsseZc.exe
  C:\Windows\System\wxsseZc.exe
  2⤵
  PID:1988
- C:\Windows\System\tQBSTfl.exe
  C:\Windows\System\tQBSTfl.exe
  2⤵
  PID:1112
- C:\Windows\System\DyPomJP.exe
  C:\Windows\System\DyPomJP.exe
  2⤵
  PID:5208
- C:\Windows\System\VqfInof.exe
  C:\Windows\System\VqfInof.exe
  2⤵
  PID:5296
- C:\Windows\System\KBwDmZM.exe
  C:\Windows\System\KBwDmZM.exe
  2⤵
  PID:5356
- C:\Windows\System\DHBebMs.exe
  C:\Windows\System\DHBebMs.exe
  2⤵
  PID:5420
- C:\Windows\System\ozXIiJx.exe
  C:\Windows\System\ozXIiJx.exe
  2⤵
  PID:5472
- C:\Windows\System\DdRiLuc.exe
  C:\Windows\System\DdRiLuc.exe
  2⤵
  PID:5572
- C:\Windows\System\oNGPeCD.exe
  C:\Windows\System\oNGPeCD.exe
  2⤵
  PID:5596
- C:\Windows\System\XVTIGtt.exe
  C:\Windows\System\XVTIGtt.exe
  2⤵
  PID:5676
- C:\Windows\System\dtDGLsQ.exe
  C:\Windows\System\dtDGLsQ.exe
  2⤵
  PID:5696
- C:\Windows\System\TYsJYJZ.exe
  C:\Windows\System\TYsJYJZ.exe
  2⤵
  PID:5776
- C:\Windows\System\FgdjPIM.exe
  C:\Windows\System\FgdjPIM.exe
  2⤵
  PID:5864
- C:\Windows\System\ydjMKqc.exe
  C:\Windows\System\ydjMKqc.exe
  2⤵
  PID:5960
- C:\Windows\System\DaSfApy.exe
  C:\Windows\System\DaSfApy.exe
  2⤵
  PID:5968
- C:\Windows\System\ssOtXMF.exe
  C:\Windows\System\ssOtXMF.exe
  2⤵
  PID:6084
- C:\Windows\System\thXZScG.exe
  C:\Windows\System\thXZScG.exe
  2⤵
  PID:4132
- C:\Windows\System\tQOvdoG.exe
  C:\Windows\System\tQOvdoG.exe
  2⤵
  PID:4020
- C:\Windows\System\woXpERp.exe
  C:\Windows\System\woXpERp.exe
  2⤵
  PID:5292
- C:\Windows\System\sAiFzeP.exe
  C:\Windows\System\sAiFzeP.exe
  2⤵
  PID:5348
- C:\Windows\System\fZKhwFV.exe
  C:\Windows\System\fZKhwFV.exe
  2⤵
  PID:5468
- C:\Windows\System\jgxZVHt.exe
  C:\Windows\System\jgxZVHt.exe
  2⤵
  PID:5624
- C:\Windows\System\fDYoKPk.exe
  C:\Windows\System\fDYoKPk.exe
  2⤵
  PID:5652
- C:\Windows\System\AHHOzIh.exe
  C:\Windows\System\AHHOzIh.exe
  2⤵
  PID:5772
- C:\Windows\System\yXsTwyb.exe
  C:\Windows\System\yXsTwyb.exe
  2⤵
  PID:5856
- C:\Windows\System\JYEQQpG.exe
  C:\Windows\System\JYEQQpG.exe
  2⤵
  PID:5996
- C:\Windows\System\FBURqeP.exe
  C:\Windows\System\FBURqeP.exe
  2⤵
  PID:6136
- C:\Windows\System\Ajrlfrn.exe
  C:\Windows\System\Ajrlfrn.exe
  2⤵
  PID:5344
- C:\Windows\System\oKjJvIt.exe
  C:\Windows\System\oKjJvIt.exe
  2⤵
  PID:5276
- C:\Windows\System\YyIgtMQ.exe
  C:\Windows\System\YyIgtMQ.exe
  2⤵
  PID:6188
- C:\Windows\System\ufRdPuB.exe
  C:\Windows\System\ufRdPuB.exe
  2⤵
  PID:6208
- C:\Windows\System\VoVwbEP.exe
  C:\Windows\System\VoVwbEP.exe
  2⤵
  PID:6256
- C:\Windows\System\bwxYnzN.exe
  C:\Windows\System\bwxYnzN.exe
  2⤵
  PID:6316
- C:\Windows\System\VgxhJbx.exe
  C:\Windows\System\VgxhJbx.exe
  2⤵
  PID:6332
- C:\Windows\System\iArPZDV.exe
  C:\Windows\System\iArPZDV.exe
  2⤵
  PID:6352
- C:\Windows\System\NqrNKZW.exe
  C:\Windows\System\NqrNKZW.exe
  2⤵
  PID:6372
- C:\Windows\System\OjjQDBo.exe
  C:\Windows\System\OjjQDBo.exe
  2⤵
  PID:6416
- C:\Windows\System\AGrotXw.exe
  C:\Windows\System\AGrotXw.exe
  2⤵
  PID:6432
- C:\Windows\System\DndwhpD.exe
  C:\Windows\System\DndwhpD.exe
  2⤵
  PID:6452
- C:\Windows\System\LKzFBWd.exe
  C:\Windows\System\LKzFBWd.exe
  2⤵
  PID:6516
- C:\Windows\System\oVKljkc.exe
  C:\Windows\System\oVKljkc.exe
  2⤵
  PID:6536
- C:\Windows\System\aUMcwpu.exe
  C:\Windows\System\aUMcwpu.exe
  2⤵
  PID:6564
- C:\Windows\System\DRBImAz.exe
  C:\Windows\System\DRBImAz.exe
  2⤵
  PID:6580
- C:\Windows\System\FYXPXxY.exe
  C:\Windows\System\FYXPXxY.exe
  2⤵
  PID:6608
- C:\Windows\System\WFNWNwv.exe
  C:\Windows\System\WFNWNwv.exe
  2⤵
  PID:6628
- C:\Windows\System\Uvyvmqn.exe
  C:\Windows\System\Uvyvmqn.exe
  2⤵
  PID:6688
- C:\Windows\System\TzavPJh.exe
  C:\Windows\System\TzavPJh.exe
  2⤵
  PID:6712
- C:\Windows\System\vGLjuxH.exe
  C:\Windows\System\vGLjuxH.exe
  2⤵
  PID:6736
- C:\Windows\System\LTwDzrB.exe
  C:\Windows\System\LTwDzrB.exe
  2⤵
  PID:6808
- C:\Windows\System\PKZawbt.exe
  C:\Windows\System\PKZawbt.exe
  2⤵
  PID:6824
- C:\Windows\System\IFcUNLp.exe
  C:\Windows\System\IFcUNLp.exe
  2⤵
  PID:6840
- C:\Windows\System\hepFwvt.exe
  C:\Windows\System\hepFwvt.exe
  2⤵
  PID:6856
- C:\Windows\System\RowEtTc.exe
  C:\Windows\System\RowEtTc.exe
  2⤵
  PID:6872
- C:\Windows\System\EJvpvhp.exe
  C:\Windows\System\EJvpvhp.exe
  2⤵
  PID:6888
- C:\Windows\System\qxGlMjV.exe
  C:\Windows\System\qxGlMjV.exe
  2⤵
  PID:6904
- C:\Windows\System\GVnsWFS.exe
  C:\Windows\System\GVnsWFS.exe
  2⤵
  PID:6920
- C:\Windows\System\TjTgDqf.exe
  C:\Windows\System\TjTgDqf.exe
  2⤵
  PID:6936
- C:\Windows\System\JSbQeMQ.exe
  C:\Windows\System\JSbQeMQ.exe
  2⤵
  PID:6952
- C:\Windows\System\qPJbWZp.exe
  C:\Windows\System\qPJbWZp.exe
  2⤵
  PID:6972
- C:\Windows\System\sxvtfvD.exe
  C:\Windows\System\sxvtfvD.exe
  2⤵
  PID:7028
- C:\Windows\System\oBXVXPt.exe
  C:\Windows\System\oBXVXPt.exe
  2⤵
  PID:7068
- C:\Windows\System\XoKTwJw.exe
  C:\Windows\System\XoKTwJw.exe
  2⤵
  PID:7092
- C:\Windows\System\mgrIdGc.exe
  C:\Windows\System\mgrIdGc.exe
  2⤵
  PID:5764
- C:\Windows\System\LUsGKbs.exe
  C:\Windows\System\LUsGKbs.exe
  2⤵
  PID:5644
- C:\Windows\System\kxHBVqZ.exe
  C:\Windows\System\kxHBVqZ.exe
  2⤵
  PID:6180
- C:\Windows\System\JdrQyug.exe
  C:\Windows\System\JdrQyug.exe
  2⤵
  PID:5440
- C:\Windows\System\NyYtHrF.exe
  C:\Windows\System\NyYtHrF.exe
  2⤵
  PID:6288
- C:\Windows\System\qTTnBqW.exe
  C:\Windows\System\qTTnBqW.exe
  2⤵
  PID:6528
- C:\Windows\System\gnlKKev.exe
  C:\Windows\System\gnlKKev.exe
  2⤵
  PID:6500
- C:\Windows\System\WRSPbJz.exe
  C:\Windows\System\WRSPbJz.exe
  2⤵
  PID:6656
- C:\Windows\System\KxpBxSz.exe
  C:\Windows\System\KxpBxSz.exe
  2⤵
  PID:6648
- C:\Windows\System\roSVMvc.exe
  C:\Windows\System\roSVMvc.exe
  2⤵
  PID:6760
- C:\Windows\System\yZQiuFs.exe
  C:\Windows\System\yZQiuFs.exe
  2⤵
  PID:6880
- C:\Windows\System\TaimOZi.exe
  C:\Windows\System\TaimOZi.exe
  2⤵
  PID:6732
- C:\Windows\System\VIEVsZy.exe
  C:\Windows\System\VIEVsZy.exe
  2⤵
  PID:6768
- C:\Windows\System\lcfNqYX.exe
  C:\Windows\System\lcfNqYX.exe
  2⤵
  PID:6816
- C:\Windows\System\dvWgTso.exe
  C:\Windows\System\dvWgTso.exe
  2⤵
  PID:7008
- C:\Windows\System\lWRyeyA.exe
  C:\Windows\System\lWRyeyA.exe
  2⤵
  PID:7024
- C:\Windows\System\ORqHapO.exe
  C:\Windows\System\ORqHapO.exe
  2⤵
  PID:7088
- C:\Windows\System\mrogpCL.exe
  C:\Windows\System\mrogpCL.exe
  2⤵
  PID:7120
- C:\Windows\System\DJdhvoY.exe
  C:\Windows\System\DJdhvoY.exe
  2⤵
  PID:6244
- C:\Windows\System\IHDbPjB.exe
  C:\Windows\System\IHDbPjB.exe
  2⤵
  PID:6444
- C:\Windows\System\iDAckIs.exe
  C:\Windows\System\iDAckIs.exe
  2⤵
  PID:6544
- C:\Windows\System\cgWkUCq.exe
  C:\Windows\System\cgWkUCq.exe
  2⤵
  PID:6620
- C:\Windows\System\QuDDPDU.exe
  C:\Windows\System\QuDDPDU.exe
  2⤵
  PID:6744
- C:\Windows\System\FoTQSfi.exe
  C:\Windows\System\FoTQSfi.exe
  2⤵
  PID:6788
- C:\Windows\System\IzwDBwr.exe
  C:\Windows\System\IzwDBwr.exe
  2⤵
  PID:6928
- C:\Windows\System\LZbIcqT.exe
  C:\Windows\System\LZbIcqT.exe
  2⤵
  PID:6076
- C:\Windows\System\bjCDbQk.exe
  C:\Windows\System\bjCDbQk.exe
  2⤵
  PID:7164
- C:\Windows\System\oLMZQqg.exe
  C:\Windows\System\oLMZQqg.exe
  2⤵
  PID:6676
- C:\Windows\System\ARdyWYK.exe
  C:\Windows\System\ARdyWYK.exe
  2⤵
  PID:5836
- C:\Windows\System\dSxkfgF.exe
  C:\Windows\System\dSxkfgF.exe
  2⤵
  PID:6728
- C:\Windows\System\RdxWkOj.exe
  C:\Windows\System\RdxWkOj.exe
  2⤵
  PID:7192
- C:\Windows\System\sNABWoL.exe
  C:\Windows\System\sNABWoL.exe
  2⤵
  PID:7224
- C:\Windows\System\DrVisEW.exe
  C:\Windows\System\DrVisEW.exe
  2⤵
  PID:7244
- C:\Windows\System\KwyEXRU.exe
  C:\Windows\System\KwyEXRU.exe
  2⤵
  PID:7292
- C:\Windows\System\hwLplWk.exe
  C:\Windows\System\hwLplWk.exe
  2⤵
  PID:7312
- C:\Windows\System\wbLNPAe.exe
  C:\Windows\System\wbLNPAe.exe
  2⤵
  PID:7344
- C:\Windows\System\dwPvPka.exe
  C:\Windows\System\dwPvPka.exe
  2⤵
  PID:7364
- C:\Windows\System\uYlSIuo.exe
  C:\Windows\System\uYlSIuo.exe
  2⤵
  PID:7404
- C:\Windows\System\QMOHIOO.exe
  C:\Windows\System\QMOHIOO.exe
  2⤵
  PID:7424
- C:\Windows\System\ctQiNFE.exe
  C:\Windows\System\ctQiNFE.exe
  2⤵
  PID:7452
- C:\Windows\System\muzCasq.exe
  C:\Windows\System\muzCasq.exe
  2⤵
  PID:7476
- C:\Windows\System\nRKwgSC.exe
  C:\Windows\System\nRKwgSC.exe
  2⤵
  PID:7516
- C:\Windows\System\ecZboWo.exe
  C:\Windows\System\ecZboWo.exe
  2⤵
  PID:7540
- C:\Windows\System\CAaCRFK.exe
  C:\Windows\System\CAaCRFK.exe
  2⤵
  PID:7564
- C:\Windows\System\OtApqjb.exe
  C:\Windows\System\OtApqjb.exe
  2⤵
  PID:7584
- C:\Windows\System\pseQTNL.exe
  C:\Windows\System\pseQTNL.exe
  2⤵
  PID:7604
- C:\Windows\System\klzcBll.exe
  C:\Windows\System\klzcBll.exe
  2⤵
  PID:7624
- C:\Windows\System\aiFTilT.exe
  C:\Windows\System\aiFTilT.exe
  2⤵
  PID:7656
- C:\Windows\System\dUcyRsw.exe
  C:\Windows\System\dUcyRsw.exe
  2⤵
  PID:7680
- C:\Windows\System\FWNTrYT.exe
  C:\Windows\System\FWNTrYT.exe
  2⤵
  PID:7736
- C:\Windows\System\KqBsLTv.exe
  C:\Windows\System\KqBsLTv.exe
  2⤵
  PID:7756
- C:\Windows\System\cWePVky.exe
  C:\Windows\System\cWePVky.exe
  2⤵
  PID:7780
- C:\Windows\System\ybcyTZL.exe
  C:\Windows\System\ybcyTZL.exe
  2⤵
  PID:7804
- C:\Windows\System\ARfiiXr.exe
  C:\Windows\System\ARfiiXr.exe
  2⤵
  PID:7832
- C:\Windows\System\TfcyGJn.exe
  C:\Windows\System\TfcyGJn.exe
  2⤵
  PID:7876
- C:\Windows\System\MZUAOOi.exe
  C:\Windows\System\MZUAOOi.exe
  2⤵
  PID:7908
- C:\Windows\System\xpFtJtu.exe
  C:\Windows\System\xpFtJtu.exe
  2⤵
  PID:7928
- C:\Windows\System\SqbZkLH.exe
  C:\Windows\System\SqbZkLH.exe
  2⤵
  PID:7952
- C:\Windows\System\TRSefqT.exe
  C:\Windows\System\TRSefqT.exe
  2⤵
  PID:7976
- C:\Windows\System\woaRXCC.exe
  C:\Windows\System\woaRXCC.exe
  2⤵
  PID:8012
- C:\Windows\System\rwLxNZJ.exe
  C:\Windows\System\rwLxNZJ.exe
  2⤵
  PID:8036
- C:\Windows\System\yMMRhUd.exe
  C:\Windows\System\yMMRhUd.exe
  2⤵
  PID:8056
- C:\Windows\System\flmPDHM.exe
  C:\Windows\System\flmPDHM.exe
  2⤵
  PID:8076
- C:\Windows\System\KqoeNVW.exe
  C:\Windows\System\KqoeNVW.exe
  2⤵
  PID:8112
- C:\Windows\System\fRZDaPn.exe
  C:\Windows\System\fRZDaPn.exe
  2⤵
  PID:8152
- C:\Windows\System\rJmgqmw.exe
  C:\Windows\System\rJmgqmw.exe
  2⤵
  PID:8184
- C:\Windows\System\HtFjOON.exe
  C:\Windows\System\HtFjOON.exe
  2⤵
  PID:7220
- C:\Windows\System\PxmqzaH.exe
  C:\Windows\System\PxmqzaH.exe
  2⤵
  PID:7240
- C:\Windows\System\ZJboDMC.exe
  C:\Windows\System\ZJboDMC.exe
  2⤵
  PID:7284
- C:\Windows\System\pjrGjSr.exe
  C:\Windows\System\pjrGjSr.exe
  2⤵
  PID:7384
- C:\Windows\System\PnbZITh.exe
  C:\Windows\System\PnbZITh.exe
  2⤵
  PID:7444
- C:\Windows\System\YRqiRAB.exe
  C:\Windows\System\YRqiRAB.exe
  2⤵
  PID:7492
- C:\Windows\System\nwToIev.exe
  C:\Windows\System\nwToIev.exe
  2⤵
  PID:7560
- C:\Windows\System\khjzgLc.exe
  C:\Windows\System\khjzgLc.exe
  2⤵
  PID:7580
- C:\Windows\System\IVhrrKH.exe
  C:\Windows\System\IVhrrKH.exe
  2⤵
  PID:7664
- C:\Windows\System\TADrMtn.exe
  C:\Windows\System\TADrMtn.exe
  2⤵
  PID:7812
- C:\Windows\System\GxIwoyt.exe
  C:\Windows\System\GxIwoyt.exe
  2⤵
  PID:7776
- C:\Windows\System\rYdSokL.exe
  C:\Windows\System\rYdSokL.exe
  2⤵
  PID:7848
- C:\Windows\System\udxMagT.exe
  C:\Windows\System\udxMagT.exe
  2⤵
  PID:7924
- C:\Windows\System\PDiZCgP.exe
  C:\Windows\System\PDiZCgP.exe
  2⤵
  PID:7988
- C:\Windows\System\AhiRcCo.exe
  C:\Windows\System\AhiRcCo.exe
  2⤵
  PID:8028
- C:\Windows\System\qQnNxLU.exe
  C:\Windows\System\qQnNxLU.exe
  2⤵
  PID:8108
- C:\Windows\System\vQmTOdO.exe
  C:\Windows\System\vQmTOdO.exe
  2⤵
  PID:7184
- C:\Windows\System\QMqGLXA.exe
  C:\Windows\System\QMqGLXA.exe
  2⤵
  PID:7396
- C:\Windows\System\UksPsPS.exe
  C:\Windows\System\UksPsPS.exe
  2⤵
  PID:7420
- C:\Windows\System\mlWMBFY.exe
  C:\Windows\System\mlWMBFY.exe
  2⤵
  PID:7548
- C:\Windows\System\WFmlxJw.exe
  C:\Windows\System\WFmlxJw.exe
  2⤵
  PID:7828
- C:\Windows\System\DAsMwaR.exe
  C:\Windows\System\DAsMwaR.exe
  2⤵
  PID:7900
- C:\Windows\System\YDXzEzQ.exe
  C:\Windows\System\YDXzEzQ.exe
  2⤵
  PID:8048
- C:\Windows\System\DtqcrLX.exe
  C:\Windows\System\DtqcrLX.exe
  2⤵
  PID:8144
- C:\Windows\System\HMrjkYo.exe
  C:\Windows\System\HMrjkYo.exe
  2⤵
  PID:7160
- C:\Windows\System\kcVIKze.exe
  C:\Windows\System\kcVIKze.exe
  2⤵
  PID:7332
- C:\Windows\System\bYQiNNg.exe
  C:\Windows\System\bYQiNNg.exe
  2⤵
  PID:7968
- C:\Windows\System\LEGEQCb.exe
  C:\Windows\System\LEGEQCb.exe
  2⤵
  PID:7960
- C:\Windows\System\CFyBUzB.exe
  C:\Windows\System\CFyBUzB.exe
  2⤵
  PID:8212
- C:\Windows\System\bZnWLHY.exe
  C:\Windows\System\bZnWLHY.exe
  2⤵
  PID:8256
- C:\Windows\System\AXcDuMc.exe
  C:\Windows\System\AXcDuMc.exe
  2⤵
  PID:8280
- C:\Windows\System\wWFwTWO.exe
  C:\Windows\System\wWFwTWO.exe
  2⤵
  PID:8304
- C:\Windows\System\pYBskyE.exe
  C:\Windows\System\pYBskyE.exe
  2⤵
  PID:8332
- C:\Windows\System\jjbAUGj.exe
  C:\Windows\System\jjbAUGj.exe
  2⤵
  PID:8352
- C:\Windows\System\tpFWsyI.exe
  C:\Windows\System\tpFWsyI.exe
  2⤵
  PID:8408
- C:\Windows\System\lLvILqI.exe
  C:\Windows\System\lLvILqI.exe
  2⤵
  PID:8440
- C:\Windows\System\zsLNjIs.exe
  C:\Windows\System\zsLNjIs.exe
  2⤵
  PID:8460
- C:\Windows\System\eAcuFZS.exe
  C:\Windows\System\eAcuFZS.exe
  2⤵
  PID:8484
- C:\Windows\System\gxJhzZL.exe
  C:\Windows\System\gxJhzZL.exe
  2⤵
  PID:8512
- C:\Windows\System\olSpJLN.exe
  C:\Windows\System\olSpJLN.exe
  2⤵
  PID:8532
- C:\Windows\System\rKoaVLm.exe
  C:\Windows\System\rKoaVLm.exe
  2⤵
  PID:8576
- C:\Windows\System\yKqbZKH.exe
  C:\Windows\System\yKqbZKH.exe
  2⤵
  PID:8608
- C:\Windows\System\yrkRtLD.exe
  C:\Windows\System\yrkRtLD.exe
  2⤵
  PID:8652
- C:\Windows\System\zYINACv.exe
  C:\Windows\System\zYINACv.exe
  2⤵
  PID:8692
- C:\Windows\System\EDHarTm.exe
  C:\Windows\System\EDHarTm.exe
  2⤵
  PID:8712
- C:\Windows\System\saVRjXc.exe
  C:\Windows\System\saVRjXc.exe
  2⤵
  PID:8728
- C:\Windows\System\WShSkwl.exe
  C:\Windows\System\WShSkwl.exe
  2⤵
  PID:8748
- C:\Windows\System\jMhSHPS.exe
  C:\Windows\System\jMhSHPS.exe
  2⤵
  PID:8772
- C:\Windows\System\ItKuAdO.exe
  C:\Windows\System\ItKuAdO.exe
  2⤵
  PID:8804
- C:\Windows\System\GgSYUej.exe
  C:\Windows\System\GgSYUej.exe
  2⤵
  PID:8824
- C:\Windows\System\ZHaMzcS.exe
  C:\Windows\System\ZHaMzcS.exe
  2⤵
  PID:8864
- C:\Windows\System\yQwtXFD.exe
  C:\Windows\System\yQwtXFD.exe
  2⤵
  PID:8896
- C:\Windows\System\hJRzBgq.exe
  C:\Windows\System\hJRzBgq.exe
  2⤵
  PID:8920
- C:\Windows\System\OxRhGKG.exe
  C:\Windows\System\OxRhGKG.exe
  2⤵
  PID:8948
- C:\Windows\System\PRElCtH.exe
  C:\Windows\System\PRElCtH.exe
  2⤵
  PID:8988
- C:\Windows\System\ShsNhwc.exe
  C:\Windows\System\ShsNhwc.exe
  2⤵
  PID:9004
- C:\Windows\System\DfZiEtp.exe
  C:\Windows\System\DfZiEtp.exe
  2⤵
  PID:9056
- C:\Windows\System\nkqwCLb.exe
  C:\Windows\System\nkqwCLb.exe
  2⤵
  PID:9072
- C:\Windows\System\NAXLmEl.exe
  C:\Windows\System\NAXLmEl.exe
  2⤵
  PID:9116
- C:\Windows\System\ObBawks.exe
  C:\Windows\System\ObBawks.exe
  2⤵
  PID:9140
- C:\Windows\System\GSfIubo.exe
  C:\Windows\System\GSfIubo.exe
  2⤵
  PID:9168
- C:\Windows\System\QXVajjC.exe
  C:\Windows\System\QXVajjC.exe
  2⤵
  PID:9184
- C:\Windows\System\Ovajkbc.exe
  C:\Windows\System\Ovajkbc.exe
  2⤵
  PID:9212
- C:\Windows\System\TcWhNJT.exe
  C:\Windows\System\TcWhNJT.exe
  2⤵
  PID:7752
- C:\Windows\System\MBzrfEi.exe
  C:\Windows\System\MBzrfEi.exe
  2⤵
  PID:7596
- C:\Windows\System\Vevardy.exe
  C:\Windows\System\Vevardy.exe
  2⤵
  PID:8248
- C:\Windows\System\ZRczhKX.exe
  C:\Windows\System\ZRczhKX.exe
  2⤵
  PID:8364
- C:\Windows\System\YETHmFe.exe
  C:\Windows\System\YETHmFe.exe
  2⤵
  PID:8372
- C:\Windows\System\muavxlD.exe
  C:\Windows\System\muavxlD.exe
  2⤵
  PID:8428
- C:\Windows\System\MsGmftr.exe
  C:\Windows\System\MsGmftr.exe
  2⤵
  PID:8476
- C:\Windows\System\uLxELII.exe
  C:\Windows\System\uLxELII.exe
  2⤵
  PID:8524
- C:\Windows\System\xovEqAo.exe
  C:\Windows\System\xovEqAo.exe
  2⤵
  PID:8680
- C:\Windows\System\kaCIVZQ.exe
  C:\Windows\System\kaCIVZQ.exe
  2⤵
  PID:8724
- C:\Windows\System\gWtnJKT.exe
  C:\Windows\System\gWtnJKT.exe
  2⤵
  PID:8740
- C:\Windows\System\oAJlWYe.exe
  C:\Windows\System\oAJlWYe.exe
  2⤵
  PID:8816
- C:\Windows\System\DQWADPL.exe
  C:\Windows\System\DQWADPL.exe
  2⤵
  PID:8880
- C:\Windows\System\kklaUTq.exe
  C:\Windows\System\kklaUTq.exe
  2⤵
  PID:8904
- C:\Windows\System\QhkpLRj.exe
  C:\Windows\System\QhkpLRj.exe
  2⤵
  PID:8996
- C:\Windows\System\oMZHnGb.exe
  C:\Windows\System\oMZHnGb.exe
  2⤵
  PID:9152
- C:\Windows\System\KiAyNIK.exe
  C:\Windows\System\KiAyNIK.exe
  2⤵
  PID:9192
- C:\Windows\System\nrPJJov.exe
  C:\Windows\System\nrPJJov.exe
  2⤵
  PID:8348
- C:\Windows\System\EnWJJKT.exe
  C:\Windows\System\EnWJJKT.exe
  2⤵
  PID:8508
- C:\Windows\System\ojVQOpN.exe
  C:\Windows\System\ojVQOpN.exe
  2⤵
  PID:8664
- C:\Windows\System\TBStYOi.exe
  C:\Windows\System\TBStYOi.exe
  2⤵
  PID:8764
- C:\Windows\System\RZWpKcH.exe
  C:\Windows\System\RZWpKcH.exe
  2⤵
  PID:8872
- C:\Windows\System\yYJhKSB.exe
  C:\Windows\System\yYJhKSB.exe
  2⤵
  PID:8972
- C:\Windows\System\jHRcctD.exe
  C:\Windows\System\jHRcctD.exe
  2⤵
  PID:9160
- C:\Windows\System\HDVklpA.exe
  C:\Windows\System\HDVklpA.exe
  2⤵
  PID:9204
- C:\Windows\System\mkgxpWx.exe
  C:\Windows\System\mkgxpWx.exe
  2⤵
  PID:8592
- C:\Windows\System\fswbrVH.exe
  C:\Windows\System\fswbrVH.exe
  2⤵
  PID:8296
- C:\Windows\System\rYhdiXq.exe
  C:\Windows\System\rYhdiXq.exe
  2⤵
  PID:9240
- C:\Windows\System\NXruxiA.exe
  C:\Windows\System\NXruxiA.exe
  2⤵
  PID:9268
- C:\Windows\System\UcwEuRK.exe
  C:\Windows\System\UcwEuRK.exe
  2⤵
  PID:9300
- C:\Windows\System\MgOYxwf.exe
  C:\Windows\System\MgOYxwf.exe
  2⤵
  PID:9328
- C:\Windows\System\yirygSv.exe
  C:\Windows\System\yirygSv.exe
  2⤵
  PID:9356
- C:\Windows\System\jjFWdIT.exe
  C:\Windows\System\jjFWdIT.exe
  2⤵
  PID:9384
- C:\Windows\System\shqkTBm.exe
  C:\Windows\System\shqkTBm.exe
  2⤵
  PID:9400
- C:\Windows\System\IqpaHov.exe
  C:\Windows\System\IqpaHov.exe
  2⤵
  PID:9424
- C:\Windows\System\pBIoTQd.exe
  C:\Windows\System\pBIoTQd.exe
  2⤵
  PID:9440
- C:\Windows\System\CCwbCHV.exe
  C:\Windows\System\CCwbCHV.exe
  2⤵
  PID:9460
- C:\Windows\System\vxVLmSK.exe
  C:\Windows\System\vxVLmSK.exe
  2⤵
  PID:9484
- C:\Windows\System\UvIKJrd.exe
  C:\Windows\System\UvIKJrd.exe
  2⤵
  PID:9508
- C:\Windows\System\QkOhNDB.exe
  C:\Windows\System\QkOhNDB.exe
  2⤵
  PID:9548
- C:\Windows\System\inhmYzd.exe
  C:\Windows\System\inhmYzd.exe
  2⤵
  PID:9620
- C:\Windows\System\SlHefpJ.exe
  C:\Windows\System\SlHefpJ.exe
  2⤵
  PID:9660
- C:\Windows\System\nKPCESr.exe
  C:\Windows\System\nKPCESr.exe
  2⤵
  PID:9684
- C:\Windows\System\erGMjST.exe
  C:\Windows\System\erGMjST.exe
  2⤵
  PID:9704
- C:\Windows\System\RAVkpuJ.exe
  C:\Windows\System\RAVkpuJ.exe
  2⤵
  PID:9724
- C:\Windows\System\IjISYVL.exe
  C:\Windows\System\IjISYVL.exe
  2⤵
  PID:9764
- C:\Windows\System\UZIbwKP.exe
  C:\Windows\System\UZIbwKP.exe
  2⤵
  PID:9780
- C:\Windows\System\GwmXHPP.exe
  C:\Windows\System\GwmXHPP.exe
  2⤵
  PID:9828
- C:\Windows\System\xkrVCfe.exe
  C:\Windows\System\xkrVCfe.exe
  2⤵
  PID:9844
- C:\Windows\System\EBjVlGE.exe
  C:\Windows\System\EBjVlGE.exe
  2⤵
  PID:9864
- C:\Windows\System\JgnASoY.exe
  C:\Windows\System\JgnASoY.exe
  2⤵
  PID:9888
- C:\Windows\System\oNCRfPz.exe
  C:\Windows\System\oNCRfPz.exe
  2⤵
  PID:9932
- C:\Windows\System\iOqcOhx.exe
  C:\Windows\System\iOqcOhx.exe
  2⤵
  PID:9956
- C:\Windows\System\opITbql.exe
  C:\Windows\System\opITbql.exe
  2⤵
  PID:9980
- C:\Windows\System\TtSDzHH.exe
  C:\Windows\System\TtSDzHH.exe
  2⤵
  PID:10012
- C:\Windows\System\HVGzEXD.exe
  C:\Windows\System\HVGzEXD.exe
  2⤵
  PID:10040
- C:\Windows\System\byaVcSI.exe
  C:\Windows\System\byaVcSI.exe
  2⤵
  PID:10056
- C:\Windows\System\dOgeNCZ.exe
  C:\Windows\System\dOgeNCZ.exe
  2⤵
  PID:10076
- C:\Windows\System\cPIXwEs.exe
  C:\Windows\System\cPIXwEs.exe
  2⤵
  PID:10100
- C:\Windows\System\XewkmwZ.exe
  C:\Windows\System\XewkmwZ.exe
  2⤵
  PID:10128
- C:\Windows\System\BeOAXhS.exe
  C:\Windows\System\BeOAXhS.exe
  2⤵
  PID:10212
- C:\Windows\System\zmSlonb.exe
  C:\Windows\System\zmSlonb.exe
  2⤵
  PID:10232
- C:\Windows\System\ZwyjmDz.exe
  C:\Windows\System\ZwyjmDz.exe
  2⤵
  PID:9264
- C:\Windows\System\AJvwCEq.exe
  C:\Windows\System\AJvwCEq.exe
  2⤵
  PID:9284
- C:\Windows\System\nOfxKFW.exe
  C:\Windows\System\nOfxKFW.exe
  2⤵
  PID:9372
- C:\Windows\System\MmYrAQA.exe
  C:\Windows\System\MmYrAQA.exe
  2⤵
  PID:9420
- C:\Windows\System\zeKWZho.exe
  C:\Windows\System\zeKWZho.exe
  2⤵
  PID:9476
- C:\Windows\System\NoWlSkQ.exe
  C:\Windows\System\NoWlSkQ.exe
  2⤵
  PID:9592
- C:\Windows\System\ddatmBG.exe
  C:\Windows\System\ddatmBG.exe
  2⤵
  PID:9676
- C:\Windows\System\iuLApaV.exe
  C:\Windows\System\iuLApaV.exe
  2⤵
  PID:9716
- C:\Windows\System\bzWPScg.exe
  C:\Windows\System\bzWPScg.exe
  2⤵
  PID:9748
- C:\Windows\System\EeKsTzX.exe
  C:\Windows\System\EeKsTzX.exe
  2⤵
  PID:9836
- C:\Windows\System\TCoUnhD.exe
  C:\Windows\System\TCoUnhD.exe
  2⤵
  PID:9908
- C:\Windows\System\uLfzzHC.exe
  C:\Windows\System\uLfzzHC.exe
  2⤵
  PID:9948
- C:\Windows\System\dllnxGP.exe
  C:\Windows\System\dllnxGP.exe
  2⤵
  PID:10024
- C:\Windows\System\uxDiLqo.exe
  C:\Windows\System\uxDiLqo.exe
  2⤵
  PID:10092
- C:\Windows\System\VkwsOQG.exe
  C:\Windows\System\VkwsOQG.exe
  2⤵
  PID:10148
- C:\Windows\System\ntghsPx.exe
  C:\Windows\System\ntghsPx.exe
  2⤵
  PID:10184
- C:\Windows\System\TPQzNXl.exe
  C:\Windows\System\TPQzNXl.exe
  2⤵
  PID:10228
- C:\Windows\System\jYkfvIk.exe
  C:\Windows\System\jYkfvIk.exe
  2⤵
  PID:9396
- C:\Windows\System\jXSOXCy.exe
  C:\Windows\System\jXSOXCy.exe
  2⤵
  PID:9468
- C:\Windows\System\MOrhZGN.exe
  C:\Windows\System\MOrhZGN.exe
  2⤵
  PID:9604
- C:\Windows\System\lUAuGKV.exe
  C:\Windows\System\lUAuGKV.exe
  2⤵
  PID:9772
- C:\Windows\System\PwHFGAe.exe
  C:\Windows\System\PwHFGAe.exe
  2⤵
  PID:9884
- C:\Windows\System\CKhzGdb.exe
  C:\Windows\System\CKhzGdb.exe
  2⤵
  PID:10120
- C:\Windows\System\ssPNhPR.exe
  C:\Windows\System\ssPNhPR.exe
  2⤵
  PID:10144
- C:\Windows\System\JxJvZtb.exe
  C:\Windows\System\JxJvZtb.exe
  2⤵
  PID:10136
- C:\Windows\System\hjDqMcr.exe
  C:\Windows\System\hjDqMcr.exe
  2⤵
  PID:9640
- C:\Windows\System\NXvryHg.exe
  C:\Windows\System\NXvryHg.exe
  2⤵
  PID:9880
- C:\Windows\System\DBMQeaL.exe
  C:\Windows\System\DBMQeaL.exe
  2⤵
  PID:10084
- C:\Windows\System\smRtiuI.exe
  C:\Windows\System\smRtiuI.exe
  2⤵
  PID:9820
- C:\Windows\System\IXDXhUr.exe
  C:\Windows\System\IXDXhUr.exe
  2⤵
  PID:10248
- C:\Windows\System\dOPQeBe.exe
  C:\Windows\System\dOPQeBe.exe
  2⤵
  PID:10268
- C:\Windows\System\ahrqPvK.exe
  C:\Windows\System\ahrqPvK.exe
  2⤵
  PID:10296
- C:\Windows\System\YIRgAbD.exe
  C:\Windows\System\YIRgAbD.exe
  2⤵
  PID:10340
- C:\Windows\System\QWeCGLt.exe
  C:\Windows\System\QWeCGLt.exe
  2⤵
  PID:10356
- C:\Windows\System\ipDYpps.exe
  C:\Windows\System\ipDYpps.exe
  2⤵
  PID:10392
- C:\Windows\System\lZMlbiF.exe
  C:\Windows\System\lZMlbiF.exe
  2⤵
  PID:10436
- C:\Windows\System\JiwHZxH.exe
  C:\Windows\System\JiwHZxH.exe
  2⤵
  PID:10460
- C:\Windows\System\qzlaueZ.exe
  C:\Windows\System\qzlaueZ.exe
  2⤵
  PID:10480
- C:\Windows\System\HxhQmbU.exe
  C:\Windows\System\HxhQmbU.exe
  2⤵
  PID:10504
- C:\Windows\System\zhtbbzc.exe
  C:\Windows\System\zhtbbzc.exe
  2⤵
  PID:10524
- C:\Windows\System\kjPTGPu.exe
  C:\Windows\System\kjPTGPu.exe
  2⤵
  PID:10552
- C:\Windows\System\IDbyPgl.exe
  C:\Windows\System\IDbyPgl.exe
  2⤵
  PID:10588
- C:\Windows\System\kgNOnQE.exe
  C:\Windows\System\kgNOnQE.exe
  2⤵
  PID:10608
- C:\Windows\System\ULFHGeC.exe
  C:\Windows\System\ULFHGeC.exe
  2⤵
  PID:10648
- C:\Windows\System\ZROVIjr.exe
  C:\Windows\System\ZROVIjr.exe
  2⤵
  PID:10684
- C:\Windows\System\SRpGLuu.exe
  C:\Windows\System\SRpGLuu.exe
  2⤵
  PID:10708
- C:\Windows\System\EIykHko.exe
  C:\Windows\System\EIykHko.exe
  2⤵
  PID:10728
- C:\Windows\System\QinKPnw.exe
  C:\Windows\System\QinKPnw.exe
  2⤵
  PID:10760
- C:\Windows\System\aRmrOAM.exe
  C:\Windows\System\aRmrOAM.exe
  2⤵
  PID:10796
- C:\Windows\System\wirVXMa.exe
  C:\Windows\System\wirVXMa.exe
  2⤵
  PID:10820
- C:\Windows\System\kaaOTqs.exe
  C:\Windows\System\kaaOTqs.exe
  2⤵
  PID:10852
- C:\Windows\System\DMPJzUL.exe
  C:\Windows\System\DMPJzUL.exe
  2⤵
  PID:10868
- C:\Windows\System\QryDjOX.exe
  C:\Windows\System\QryDjOX.exe
  2⤵
  PID:10896
- C:\Windows\System\ABYaUeR.exe
  C:\Windows\System\ABYaUeR.exe
  2⤵
  PID:10924
- C:\Windows\System\BtrJdjY.exe
  C:\Windows\System\BtrJdjY.exe
  2⤵
  PID:10968
- C:\Windows\System\AboTEZz.exe
  C:\Windows\System\AboTEZz.exe
  2⤵
  PID:10984
- C:\Windows\System\raKBsDx.exe
  C:\Windows\System\raKBsDx.exe
  2⤵
  PID:11012
- C:\Windows\System\tpkVTcE.exe
  C:\Windows\System\tpkVTcE.exe
  2⤵
  PID:11040
- C:\Windows\System\ARrzCQQ.exe
  C:\Windows\System\ARrzCQQ.exe
  2⤵
  PID:11068
- C:\Windows\System\pFeUfda.exe
  C:\Windows\System\pFeUfda.exe
  2⤵
  PID:11112
- C:\Windows\System\JoLQxSp.exe
  C:\Windows\System\JoLQxSp.exe
  2⤵
  PID:11140
- C:\Windows\System\SFPblgk.exe
  C:\Windows\System\SFPblgk.exe
  2⤵
  PID:11188
- C:\Windows\System\iJGbvpM.exe
  C:\Windows\System\iJGbvpM.exe
  2⤵
  PID:11204
- C:\Windows\System\fAOwkDh.exe
  C:\Windows\System\fAOwkDh.exe
  2⤵
  PID:11228
- C:\Windows\System\wybtFxG.exe
  C:\Windows\System\wybtFxG.exe
  2⤵
  PID:11248
- C:\Windows\System\tnAPpfO.exe
  C:\Windows\System\tnAPpfO.exe
  2⤵
  PID:10244
- C:\Windows\System\lJaQSEt.exe
  C:\Windows\System\lJaQSEt.exe
  2⤵
  PID:10308
- C:\Windows\System\nqdkuap.exe
  C:\Windows\System\nqdkuap.exe
  2⤵
  PID:10348
- C:\Windows\System\rsmtTJW.exe
  C:\Windows\System\rsmtTJW.exe
  2⤵
  PID:10428
- C:\Windows\System\XRySuGJ.exe
  C:\Windows\System\XRySuGJ.exe
  2⤵
  PID:9612
- C:\Windows\System\EGdAWUk.exe
  C:\Windows\System\EGdAWUk.exe
  2⤵
  PID:10544
- C:\Windows\System\DhOQLYm.exe
  C:\Windows\System\DhOQLYm.exe
  2⤵
  PID:10604
- C:\Windows\System\MfVZFFN.exe
  C:\Windows\System\MfVZFFN.exe
  2⤵
  PID:10636
- C:\Windows\System\YxnWcJU.exe
  C:\Windows\System\YxnWcJU.exe
  2⤵
  PID:10772
- C:\Windows\System\CBPnrWO.exe
  C:\Windows\System\CBPnrWO.exe
  2⤵
  PID:10832
- C:\Windows\System\oTHTSyZ.exe
  C:\Windows\System\oTHTSyZ.exe
  2⤵
  PID:10884
- C:\Windows\System\vGnlbnH.exe
  C:\Windows\System\vGnlbnH.exe
  2⤵
  PID:11020
- C:\Windows\System\lYYNXLB.exe
  C:\Windows\System\lYYNXLB.exe
  2⤵
  PID:11028
- C:\Windows\System\CMRgKry.exe
  C:\Windows\System\CMRgKry.exe
  2⤵
  PID:11120
- C:\Windows\System\WNHObPk.exe
  C:\Windows\System\WNHObPk.exe
  2⤵
  PID:11168
- C:\Windows\System\xwNxrIM.exe
  C:\Windows\System\xwNxrIM.exe
  2⤵
  PID:11216
- C:\Windows\System\FwfwfYS.exe
  C:\Windows\System\FwfwfYS.exe
  2⤵
  PID:10388
- C:\Windows\System\RvTBPMT.exe
  C:\Windows\System\RvTBPMT.exe
  2⤵
  PID:10532
- C:\Windows\System\RWfpBNl.exe
  C:\Windows\System\RWfpBNl.exe
  2⤵
  PID:10496
- C:\Windows\System\iMQjCuH.exe
  C:\Windows\System\iMQjCuH.exe
  2⤵
  PID:10668
- C:\Windows\System\gMbItXI.exe
  C:\Windows\System\gMbItXI.exe
  2⤵
  PID:10812
- C:\Windows\System\hTvGSSx.exe
  C:\Windows\System\hTvGSSx.exe
  2⤵
  PID:10976
- C:\Windows\System\IeCIbJX.exe
  C:\Windows\System\IeCIbJX.exe
  2⤵
  PID:11100
- C:\Windows\System\qpRatJK.exe
  C:\Windows\System\qpRatJK.exe
  2⤵
  PID:10376
- C:\Windows\System\BXhtRSd.exe
  C:\Windows\System\BXhtRSd.exe
  2⤵
  PID:10748
- C:\Windows\System\WZSBRhA.exe
  C:\Windows\System\WZSBRhA.exe
  2⤵
  PID:10456
- C:\Windows\System\biBIoUf.exe
  C:\Windows\System\biBIoUf.exe
  2⤵
  PID:11080
- C:\Windows\System\hZXPMAQ.exe
  C:\Windows\System\hZXPMAQ.exe
  2⤵
  PID:11088
- C:\Windows\System\JMmVPSg.exe
  C:\Windows\System\JMmVPSg.exe
  2⤵
  PID:11284
- C:\Windows\System\QynMNpx.exe
  C:\Windows\System\QynMNpx.exe
  2⤵
  PID:11312
- C:\Windows\System\hgkrydr.exe
  C:\Windows\System\hgkrydr.exe
  2⤵
  PID:11340
- C:\Windows\System\bAPFLRN.exe
  C:\Windows\System\bAPFLRN.exe
  2⤵
  PID:11368
- C:\Windows\System\ImdLidQ.exe
  C:\Windows\System\ImdLidQ.exe
  2⤵
  PID:11392
- C:\Windows\System\NmDdJrE.exe
  C:\Windows\System\NmDdJrE.exe
  2⤵
  PID:11408
- C:\Windows\System\dGhjfFz.exe
  C:\Windows\System\dGhjfFz.exe
  2⤵
  PID:11428
- C:\Windows\System\KBuHiLn.exe
  C:\Windows\System\KBuHiLn.exe
  2⤵
  PID:11476
- C:\Windows\System\zrMyecm.exe
  C:\Windows\System\zrMyecm.exe
  2⤵
  PID:11496
- C:\Windows\System\lwKCncN.exe
  C:\Windows\System\lwKCncN.exe
  2⤵
  PID:11516
- C:\Windows\System\YKXvmJh.exe
  C:\Windows\System\YKXvmJh.exe
  2⤵
  PID:11544
- C:\Windows\System\PGmqktt.exe
  C:\Windows\System\PGmqktt.exe
  2⤵
  PID:11564
- C:\Windows\System\VWwZyfu.exe
  C:\Windows\System\VWwZyfu.exe
  2⤵
  PID:11632
- C:\Windows\System\nSOxDtu.exe
  C:\Windows\System\nSOxDtu.exe
  2⤵
  PID:11656
- C:\Windows\System\tmTyNIU.exe
  C:\Windows\System\tmTyNIU.exe
  2⤵
  PID:11704
- C:\Windows\System\PtDzQLy.exe
  C:\Windows\System\PtDzQLy.exe
  2⤵
  PID:11728
- C:\Windows\System\gWmLGiF.exe
  C:\Windows\System\gWmLGiF.exe
  2⤵
  PID:11756
- C:\Windows\System\jYjpFVx.exe
  C:\Windows\System\jYjpFVx.exe
  2⤵
  PID:11780
- C:\Windows\System\ibkxlRU.exe
  C:\Windows\System\ibkxlRU.exe
  2⤵
  PID:11796
- C:\Windows\System\XtYgssu.exe
  C:\Windows\System\XtYgssu.exe
  2⤵
  PID:11844
- C:\Windows\System\tMbUvLc.exe
  C:\Windows\System\tMbUvLc.exe
  2⤵
  PID:11872
- C:\Windows\System\QqnePif.exe
  C:\Windows\System\QqnePif.exe
  2⤵
  PID:11892
- C:\Windows\System\BUjWONL.exe
  C:\Windows\System\BUjWONL.exe
  2⤵
  PID:11920
- C:\Windows\System\bzTNaXj.exe
  C:\Windows\System\bzTNaXj.exe
  2⤵
  PID:11936
- C:\Windows\System\xcDxtpC.exe
  C:\Windows\System\xcDxtpC.exe
  2⤵
  PID:11980
- C:\Windows\System\qMvHRrV.exe
  C:\Windows\System\qMvHRrV.exe
  2⤵
  PID:11996
- C:\Windows\System\MLilLwt.exe
  C:\Windows\System\MLilLwt.exe
  2⤵
  PID:12016
- C:\Windows\System\FCClyJt.exe
  C:\Windows\System\FCClyJt.exe
  2⤵
  PID:12048
- C:\Windows\System\bVKhaqL.exe
  C:\Windows\System\bVKhaqL.exe
  2⤵
  PID:12080
- C:\Windows\System\HqhFTej.exe
  C:\Windows\System\HqhFTej.exe
  2⤵
  PID:12104
- C:\Windows\System\FUAyxKN.exe
  C:\Windows\System\FUAyxKN.exe
  2⤵
  PID:12144
- C:\Windows\System\aLApIMp.exe
  C:\Windows\System\aLApIMp.exe
  2⤵
  PID:12172
- C:\Windows\System\BPIWLkH.exe
  C:\Windows\System\BPIWLkH.exe
  2⤵
  PID:12200
- C:\Windows\System\CouMwKV.exe
  C:\Windows\System\CouMwKV.exe
  2⤵
  PID:12224
- C:\Windows\System\FFYjnXH.exe
  C:\Windows\System\FFYjnXH.exe
  2⤵
  PID:12248
- C:\Windows\System\ScLMIBL.exe
  C:\Windows\System\ScLMIBL.exe
  2⤵
  PID:12268
- C:\Windows\System\xdIPtZc.exe
  C:\Windows\System\xdIPtZc.exe
  2⤵
  PID:11304
- C:\Windows\System\DfOKBcz.exe
  C:\Windows\System\DfOKBcz.exe
  2⤵
  PID:11348
- C:\Windows\System\wHWjROT.exe
  C:\Windows\System\wHWjROT.exe
  2⤵
  PID:11440
- C:\Windows\System\LTEPPZH.exe
  C:\Windows\System\LTEPPZH.exe
  2⤵
  PID:11452
- C:\Windows\System\AMvucEJ.exe
  C:\Windows\System\AMvucEJ.exe
  2⤵
  PID:11556
- C:\Windows\System\OfrIzAj.exe
  C:\Windows\System\OfrIzAj.exe
  2⤵
  PID:11696
- C:\Windows\System\UdHLoCT.exe
  C:\Windows\System\UdHLoCT.exe
  2⤵
  PID:11712
- C:\Windows\System\ISnsWoZ.exe
  C:\Windows\System\ISnsWoZ.exe
  2⤵
  PID:11772
- C:\Windows\System\TJrhiWu.exe
  C:\Windows\System\TJrhiWu.exe
  2⤵
  PID:11824
- C:\Windows\System\hPHOVHA.exe
  C:\Windows\System\hPHOVHA.exe
  2⤵
  PID:11864
- C:\Windows\System\rAbIKsH.exe
  C:\Windows\System\rAbIKsH.exe
  2⤵
  PID:11968
- C:\Windows\System\yNGLIsi.exe
  C:\Windows\System\yNGLIsi.exe
  2⤵
  PID:12036
- C:\Windows\System\ZiyAJRa.exe
  C:\Windows\System\ZiyAJRa.exe
  2⤵
  PID:12060
- C:\Windows\System\uUWqLgI.exe
  C:\Windows\System\uUWqLgI.exe
  2⤵
  PID:12136
- C:\Windows\System\NvxOAMy.exe
  C:\Windows\System\NvxOAMy.exe
  2⤵
  PID:12220
- C:\Windows\System\SaNlGfR.exe
  C:\Windows\System\SaNlGfR.exe
  2⤵
  PID:10720
- C:\Windows\System\pUNeIaD.exe
  C:\Windows\System\pUNeIaD.exe
  2⤵
  PID:11308
- C:\Windows\System\bkonLdL.exe
  C:\Windows\System\bkonLdL.exe
  2⤵
  PID:11444
- C:\Windows\System\QKqLeXy.exe
  C:\Windows\System\QKqLeXy.exe
  2⤵
  PID:11628
- C:\Windows\System\AdFSVWU.exe
  C:\Windows\System\AdFSVWU.exe
  2⤵
  PID:11840
- C:\Windows\System\FVdfbTl.exe
  C:\Windows\System\FVdfbTl.exe
  2⤵
  PID:8328
- C:\Windows\System\JIGbaRZ.exe
  C:\Windows\System\JIGbaRZ.exe
  2⤵
  PID:12188
- C:\Windows\System\kFnWwMV.exe
  C:\Windows\System\kFnWwMV.exe
  2⤵
  PID:11540
- C:\Windows\System\ROtyZwj.exe
  C:\Windows\System\ROtyZwj.exe
  2⤵
  PID:11860
- C:\Windows\System\cUiVTtN.exe
  C:\Windows\System\cUiVTtN.exe
  2⤵
  PID:1388
- C:\Windows\System\dFvDDXr.exe
  C:\Windows\System\dFvDDXr.exe
  2⤵
  PID:1240
- C:\Windows\System\iDcaDEt.exe
  C:\Windows\System\iDcaDEt.exe
  2⤵
  PID:12236
- C:\Windows\System\XTqrJaA.exe
  C:\Windows\System\XTqrJaA.exe
  2⤵
  PID:12192
- C:\Windows\System\rToZQgF.exe
  C:\Windows\System\rToZQgF.exe
  2⤵
  PID:11404
- C:\Windows\System\tBCVYEP.exe
  C:\Windows\System\tBCVYEP.exe
  2⤵
  PID:4248
- C:\Windows\System\lyXDofb.exe
  C:\Windows\System\lyXDofb.exe
  2⤵
  PID:11376
- C:\Windows\System\cDZykQQ.exe
  C:\Windows\System\cDZykQQ.exe
  2⤵
  PID:12312
- C:\Windows\System\bWvxqqc.exe
  C:\Windows\System\bWvxqqc.exe
  2⤵
  PID:12356
- C:\Windows\System\xgEMvNI.exe
  C:\Windows\System\xgEMvNI.exe
  2⤵
  PID:12380
- C:\Windows\System\UGVqYHl.exe
  C:\Windows\System\UGVqYHl.exe
  2⤵
  PID:12436
- C:\Windows\System\oOUbFRO.exe
  C:\Windows\System\oOUbFRO.exe
  2⤵
  PID:12464
- C:\Windows\System\iVgKKqC.exe
  C:\Windows\System\iVgKKqC.exe
  2⤵
  PID:12492
- C:\Windows\System\jjakwkn.exe
  C:\Windows\System\jjakwkn.exe
  2⤵
  PID:12532
- C:\Windows\System\CeeeEvR.exe
  C:\Windows\System\CeeeEvR.exe
  2⤵
  PID:12560
- C:\Windows\System\oWlCSSh.exe
  C:\Windows\System\oWlCSSh.exe
  2⤵
  PID:12596
- C:\Windows\System\OREsGoN.exe
  C:\Windows\System\OREsGoN.exe
  2⤵
  PID:12616
- C:\Windows\System\vztHfGZ.exe
  C:\Windows\System\vztHfGZ.exe
  2⤵
  PID:12636
- C:\Windows\System\YNNVBZN.exe
  C:\Windows\System\YNNVBZN.exe
  2⤵
  PID:12680
- C:\Windows\System\rnhwOsh.exe
  C:\Windows\System\rnhwOsh.exe
  2⤵
  PID:12700
- C:\Windows\System\WBJDwmI.exe
  C:\Windows\System\WBJDwmI.exe
  2⤵
  PID:12728
- C:\Windows\System\sIEXQnM.exe
  C:\Windows\System\sIEXQnM.exe
  2⤵
  PID:12764
- C:\Windows\System\IlmvmXI.exe
  C:\Windows\System\IlmvmXI.exe
  2⤵
  PID:12784
- C:\Windows\System\XNOqcJm.exe
  C:\Windows\System\XNOqcJm.exe
  2⤵
  PID:12812
- C:\Windows\System\wqbRsIv.exe
  C:\Windows\System\wqbRsIv.exe
  2⤵
  PID:12848
- C:\Windows\System\QkKqOWV.exe
  C:\Windows\System\QkKqOWV.exe
  2⤵
  PID:12868
- C:\Windows\System\xHGJpEx.exe
  C:\Windows\System\xHGJpEx.exe
  2⤵
  PID:12888
- C:\Windows\System\QNxawyy.exe
  C:\Windows\System\QNxawyy.exe
  2⤵
  PID:12908
- C:\Windows\System\ecrEwsr.exe
  C:\Windows\System\ecrEwsr.exe
  2⤵
  PID:12948
- C:\Windows\System\mjHeZdE.exe
  C:\Windows\System\mjHeZdE.exe
  2⤵
  PID:12972
- C:\Windows\System\gaiTJbb.exe
  C:\Windows\System\gaiTJbb.exe
  2⤵
  PID:13000
- C:\Windows\System\KTiitQb.exe
  C:\Windows\System\KTiitQb.exe
  2⤵
  PID:13020
- C:\Windows\System\XaXSOzf.exe
  C:\Windows\System\XaXSOzf.exe
  2⤵
  PID:13080
- C:\Windows\System\xxkamAL.exe
  C:\Windows\System\xxkamAL.exe
  2⤵
  PID:13100
- C:\Windows\System\mfimFdW.exe
  C:\Windows\System\mfimFdW.exe
  2⤵
  PID:13124
- C:\Windows\System\IguFOKZ.exe
  C:\Windows\System\IguFOKZ.exe
  2⤵
  PID:13144
- C:\Windows\System\xbyZbUe.exe
  C:\Windows\System\xbyZbUe.exe
  2⤵
  PID:13176
- C:\Windows\System\NcphpWP.exe
  C:\Windows\System\NcphpWP.exe
  2⤵
  PID:13204
- C:\Windows\System\zjIgcrx.exe
  C:\Windows\System\zjIgcrx.exe
  2⤵
  PID:13220
- C:\Windows\System\byiQBQp.exe
  C:\Windows\System\byiQBQp.exe
  2⤵
  PID:13272
- C:\Windows\System\HbArBxI.exe
  C:\Windows\System\HbArBxI.exe
  2⤵
  PID:11280
- C:\Windows\System\pvMTiQB.exe
  C:\Windows\System\pvMTiQB.exe
  2⤵
  PID:12008
- C:\Windows\System\Akqfocy.exe
  C:\Windows\System\Akqfocy.exe
  2⤵
  PID:12348
- C:\Windows\System\ndDwtNY.exe
  C:\Windows\System\ndDwtNY.exe
  2⤵
  PID:12376
- C:\Windows\System\xNWwyIK.exe
  C:\Windows\System\xNWwyIK.exe
  2⤵
  PID:12428
- C:\Windows\System\BnlAsKk.exe
  C:\Windows\System\BnlAsKk.exe
  2⤵
  PID:3152
- C:\Windows\System\LztvEZE.exe
  C:\Windows\System\LztvEZE.exe
  2⤵
  PID:12604
- C:\Windows\System\NZEICKG.exe
  C:\Windows\System\NZEICKG.exe
  2⤵
  PID:12556
- C:\Windows\System\UNnixBx.exe
  C:\Windows\System\UNnixBx.exe
  2⤵
  PID:12608
- C:\Windows\System\GqopurZ.exe
  C:\Windows\System\GqopurZ.exe
  2⤵
  PID:12672
- C:\Windows\System\jZxVeuA.exe
  C:\Windows\System\jZxVeuA.exe
  2⤵
  PID:1160
- C:\Windows\System\JyHVlUP.exe
  C:\Windows\System\JyHVlUP.exe
  2⤵
  PID:12708
- C:\Windows\System\QFqPjFM.exe
  C:\Windows\System\QFqPjFM.exe
  2⤵
  PID:12740
- C:\Windows\System\AlcYRjO.exe
  C:\Windows\System\AlcYRjO.exe
  2⤵
  PID:12808
- C:\Windows\System\uUvZYeb.exe
  C:\Windows\System\uUvZYeb.exe
  2⤵
  PID:12832
- C:\Windows\System\hbJGMVq.exe
  C:\Windows\System\hbJGMVq.exe
  2⤵
  PID:12884
- C:\Windows\System\srhmZzo.exe
  C:\Windows\System\srhmZzo.exe
  2⤵
  PID:13008
- C:\Windows\System\UQBFEGr.exe
  C:\Windows\System\UQBFEGr.exe
  2⤵
  PID:3076
- C:\Windows\System\INhuTbi.exe
  C:\Windows\System\INhuTbi.exe
  2⤵
  PID:13068
- C:\Windows\System\mFZDzij.exe
  C:\Windows\System\mFZDzij.exe
  2⤵
  PID:12692
- C:\Windows\System\vtStzeg.exe
  C:\Windows\System\vtStzeg.exe
  2⤵
  PID:12800
- C:\Windows\System\jJvCiaO.exe
  C:\Windows\System\jJvCiaO.exe
  2⤵
  PID:12880
- C:\Windows\System\OQrrbID.exe
  C:\Windows\System\OQrrbID.exe
  2⤵
  PID:13032
- C:\Windows\System\EWyJmHa.exe
  C:\Windows\System\EWyJmHa.exe
  2⤵
  PID:13064
- C:\Windows\System\YncUpHE.exe
  C:\Windows\System\YncUpHE.exe
  2⤵
  PID:13096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k5d50zcu.b3i.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CCuNpQY.exe

Filesize
2.1MB

MD5
48d3971e0e0ede70bc314f78a9edbf8e

SHA1
d5ea3d8b524f791641aa7cd0789294ac98a085cb

SHA256
a323714a3c7c9472a7cd5661c6d7787dcf3fbee8e328d8464f1c72f08ab0dbd9

SHA512
e3f152e033d6a4febcb93dd470d678922b9aaeca97297410319ec307f0584ac6b8aef0b8238ce6daabc955d607f696c264b9cedf64c89accf422c411ebdc442a

Download Submit
C:\Windows\System\CwMFxok.exe

Filesize
2.1MB

MD5
09dbf48025c07e2a56adc21bde48bc65

SHA1
f7292c2ba6ea5a76a11135f27f3c0844b975c314

SHA256
085712b9570118982e4529365ec9ddd31605ba7fef374c9f5fc2579baa298483

SHA512
e383bc6bc8daffb757b90495682067ca1e090cd3c372ab903e38733e94faf70486f6dba190e55d72b0e9f4200a7629cdc0f0a38d6038ac6b9bdf634b30a603f1

Download Submit
C:\Windows\System\FVKqZOG.exe

Filesize
2.1MB

MD5
bd4603b6499daec34aaf45d3a841a261

SHA1
d9410fecd615051e41c8e7850343e9604694c469

SHA256
d163ea21029427876b70588b8ecd0404c95aa94bfa13b7428293c605c314d2b1

SHA512
6e7b66e786d61061d2328bf8b22b6c8e311b44113098ece959f8bd8b726748101bb767d7c413213c150e5a520e80df9b85cbd5a7aa84e15e484b4c24aacc57ed

Download Submit
C:\Windows\System\FZMXiCL.exe

Filesize
2.1MB

MD5
60efdc79a6c52d43135dbc8886313fff

SHA1
01203b1b6c9b6dd9429b5eecd4d9c6d73592b5e3

SHA256
f1101060d397a4b9a508b723a10c4210c1ac091b32810171fb8d22e7ebf7072d

SHA512
8965f5aada8ceb9475825b1e4cca4cc774f69fce9fb2cbc622011a4814afb5f8ecb5ec7ad8be7d966cf2d4cba9e1a47e2efcae634208903db785743b17742b81

Download Submit
C:\Windows\System\FtPRcfn.exe

Filesize
2.1MB

MD5
e39a727182f4c4d3ba9da50adc68d974

SHA1
f46be672284bf1ef903ad9b904bed262789c12ef

SHA256
a6e8e79ef8e72c9555788896a7c4bfdcad05520ebd92d809b6797c436d7cbbc6

SHA512
66fa57c30c8a6403560a087c993280c66cd39ff0f9ecec35ee19e5680be5f5e17444ff8f2fe222af1898b28715b0e8af0c682f0b4d856f90139d20bc67c52f91

Download Submit
C:\Windows\System\GLuUNXx.exe

Filesize
2.1MB

MD5
539067c900f5a00a86bd14cfb63d4263

SHA1
46b154e78385a80ed1120af26d7492b9c9f69a6d

SHA256
de33061eb06804edd73df14c20d93cb5c66260c9ec4dbb0d46ec3c2b2d05bb19

SHA512
ba426df1ffda23adeae0827c565871c52b1ce16b6d36d50ca57355627c0364a2e14fbc572f4aed38b72e0ee0de6c78f357a2d58f7f8e61cb153d1457a227ae83

Download Submit
C:\Windows\System\GRziTZe.exe

Filesize
2.1MB

MD5
00caefc369016786d73ddd7423d4b484

SHA1
aeeab42bfbff09f8e6e2eb2bb0588efbc47cd0ba

SHA256
16f9fe719def84eee51aff382b0da394b88be11f4e5ca0d8ad9bc18874b6f786

SHA512
79a275227d4fb5226b2ce25528c731d5a1855a4d23b09c431972d729832e59579431ed7f4a781b9370e9f95eb7429fc5d3c3babee707e55fbca10a942e63b923

Download Submit
C:\Windows\System\HdfqCnH.exe

Filesize
2.1MB

MD5
2ba34c4306f5732ee5e67a99c1576181

SHA1
74cc8206a49fcd48c41f95a807230786d3e1ef65

SHA256
13b27fe09de798eff1e4958caddc2dc094b86d35f0ae61b171c65bf9db63ac36

SHA512
1146a3637c55d74c5c0c9411c0c5c105f74d74c2ae73ec78ddef96d8eec8b13c60c6449a3892d73c4641d4ef39514a56f835b52396e03dd039c342f96968bd15

Download Submit
C:\Windows\System\IvRnPns.exe

Filesize
2.1MB

MD5
93a8317f71a239c28827c0bfb7b43bcf

SHA1
b01f4f0931e1c29dea128972748dab020444452d

SHA256
8777f7af49b1f705ee760ddb762efdda73d8159d57fa21f0b2fa302ff2dc8251

SHA512
8b5925c46f1fd32c046d5c90cb5b54034062288199285c8f7209a7c1ed70155fb7e1199ee38fa18d02b934b0a1ab380d16fbd8560cfcb917b7751eb255465fc4

Download Submit
C:\Windows\System\JVlkmRa.exe

Filesize
2.1MB

MD5
6b7e79677be3e11eb504d1f15e71f7eb

SHA1
92a3558c982ba5952366ddf453246b6dc4f5d199

SHA256
357eea661683b8fe4fa4bbed57da8715032b4407420f6b65919fa86039edbe65

SHA512
3b55451f574db674773bafb7519bc6572c2fe84f198c6fba6f452b03451d254a69a6be13c395f305b314aae5fdf849a9dff203cc759e08a8306c25f248889a4a

Download Submit
C:\Windows\System\LBdrNZV.exe

Filesize
8B

MD5
2adac273ce248e8d242a4b12f749bb46

SHA1
300bd2c60c669d978305195f11eaf26c73d9e457

SHA256
5a695799bf8f73300a4f9c4a59fd25b209a2457abf1051a262d540e520557456

SHA512
011941b215532355e8e4d21af78180da68d2fe04927118ebe818ec14ec4bfb6a7a2d9aaa01fdfd0cd2c6dc84968b5f642ccf10cc92c29aa0e1d06bcf6f120232

Download Submit
C:\Windows\System\LEFCnAG.exe

Filesize
2.1MB

MD5
917bd5b616c564ff9e9416e270fb5d99

SHA1
39714667d12f64aa228ddd19434e02e4bb44e6b7

SHA256
4f09a466f3b3c78a15a72af0199340caec55c89011829ba5b7f8ace0c22b3600

SHA512
151b94364d55d575283e85f885a0c420dcfe1f20cfcf3dd73f82782db424ac079547ff4ec9cc007c514246f1275d3c29a83a2fba313ef4b0c70ccebac47070e2

Download Submit
C:\Windows\System\MGTCiWe.exe

Filesize
2.1MB

MD5
466f381d88ff6902ab9d630637867169

SHA1
9b1d8f5e0516b3d2cffc0bdc7c2af2a34e9c48a4

SHA256
df51d1147dcb11e6e0ab1afc3b9f1138eacfd7da261b01a41e7dc6577aa535a9

SHA512
06060f490a3ead1b153eed94a5322edb0db7f0101f50336d13a38e794bbea49877ad0b4ed61e99bfab086801c692821560428fdb010e522d998dcb7bdd3b2711

Download Submit
C:\Windows\System\MlRhLoe.exe

Filesize
2.1MB

MD5
adc31c5ca60c15fa998f9d2e51179e29

SHA1
d0aeb298d67a716b9285ef8a938c6e49eb317a8a

SHA256
f30654f9dc6fadd675f4835c3c7e122807439f500465cbf607bf6029ff4f7ebb

SHA512
996bd6bb93eae77c916d67d82ab82a0e08feba7640594300ba26639d89f91e65daa9c8b5db0d7fc17c2c237a323b593fb657b83de874dab655d57e35269ececc

Download Submit
C:\Windows\System\ORaITSd.exe

Filesize
2.1MB

MD5
f152b6d312b5ed54c4aa0f3fa4b030bd

SHA1
c0d395b188eb0a5739372253e28875bad5d635ff

SHA256
d49523ebf0ab07974e8411441ca483675e082ca0e0a2e2968adbd46e1e6e53b1

SHA512
45f3c0c4ec284bb112cb3a9298962b486a716bf184fdde389c09d06cd10836c9cc590e0676a862892c7e813320545d37264396b3796be4627747203bb151f071

Download Submit
C:\Windows\System\RPJujBf.exe

Filesize
2.1MB

MD5
9d2f1dfd767e419764e89f702eaf40f6

SHA1
e8b4dea4e0e1f5cc92a402d41f23d9ea1d2fe0b0

SHA256
91792a68b4b169a9e0cdefcc0189150a3022a58aed6efcd1b7051109e97fb3be

SHA512
e3ebb1eedc0778eab2f6649c32df90c2f66f0ca4acab7cf8d645f1cb19bdde1161ce035e8e1425334b82caa49c73fecffec7b26ba5ccdf8ffdd11b1e0d59fee4

Download Submit
C:\Windows\System\Rkaztkx.exe

Filesize
2.1MB

MD5
f7900fb1d2d480da75751753d83c69d6

SHA1
7a36ed769555a9159a6a14f40a9eb9a79d8a2163

SHA256
7719ecc4336383808e47dfdb3d9ec3108eb1c375747c21817ab5afe2a10819cb

SHA512
6bc6ff54b052f6e13d5dd3b61980922eb59aa43b6c1928634912f84ee4dc9a38aad593b4270b1f1a592f2547c4447f96ebf55fc2c892d3f6610f82d3ccc4ffd8

Download Submit
C:\Windows\System\WmJeqtK.exe

Filesize
2.1MB

MD5
cf0883876c70333b4f39c5a00c07ae05

SHA1
d8e6ac3672f1035ed8cf54e2bf472ac8e6ad37f9

SHA256
d2422a200285479966c9ba55f1ab74161279e4be26f691aa138bb9c94d7dc9f2

SHA512
b227b1f282a8ba81fe60fafde942108009186d1a95d6c87a598f391b0cd6b4db58593edf730f869af05470eafeb2b8f7b0469978b39698ad05703dca55940d80

Download Submit
C:\Windows\System\WunAngB.exe

Filesize
2.1MB

MD5
30e656a5dfe6a6c0ddab4bbdba7e9c8c

SHA1
ede6bb80a3e074e6283e72a3ebde862505dd0d73

SHA256
0bb633e64318ed076c030b8c553d86c2c9a2a4bb57a394f9b745e7b4e7941213

SHA512
562b09962fe74990dce48ed14a968059c04124634a2988c74d98758f88c312ea189b6af340c2ebc2738ad82134b75c812209b907e788fcca6341003e7408a15c

Download Submit
C:\Windows\System\Xheqckd.exe

Filesize
2.1MB

MD5
3ba8f4f8fdf6092b2f36ddc846ff8ed6

SHA1
85df03baaeaeba1b86b7e90f3ef434d90282e8cc

SHA256
f95c95c3e1161f9d08ce42134bffbe5ecd813ee5c30ceb909a3ec16852a39d6e

SHA512
b2c4a22113e4520edaeafca2703765de17563844addd359090cab63af9fd5f245119c028a5de4eeaa558374d0a6a4354daf5a9d2209231ed8da06ffee23eb111

Download Submit
C:\Windows\System\ZIMgUJR.exe

Filesize
2.1MB

MD5
563865830192ad7c550c0012c6aa8cfe

SHA1
d5035d0a134d6172f6cd340239c4b9bc24bf087a

SHA256
d1bb274cf6e02cdd6a8e35e850f4b929417d05667b7e9b7677f0749b880a4d92

SHA512
fa956da7633ad71ec0e64fa1ca4911fd648aa458782236a94a3fbac39f1070131b1f8206a3642c3479b76fae680226892c76de6b4edb1e4d8b08e655ba4816ef

Download Submit
C:\Windows\System\bTWiiNw.exe

Filesize
2.1MB

MD5
7faf8cfedf4de40d3e710e4e3319c99c

SHA1
e02ff61e89129fe42f47d977acf064cc8d8b1ab6

SHA256
d12403ed9c0fd56f25ea757888fa800219cdb5e91df754e3127d60db7360b3e5

SHA512
57886af756475f7c63d37f5cf7d0477c482da62e5f63b2f543198c50515d558ac077f20a751935e9b3a2909c05ea786479d1d0bf18f3b5fc2722fa7cdd15cb1d

Download Submit
C:\Windows\System\fueUCmq.exe

Filesize
2.1MB

MD5
a9693d3fdcc7ed7a348c680f96428775

SHA1
db15a922760cc64af9dde02f9956304475e212f8

SHA256
ef47f4ac3b8553f8279d16164b62531f1ecd813368c5a0a16a107480ca812a81

SHA512
bbfa32fe6a8ccfd85bc369036b53d765d426d9d0a2996fbdf642efb924f639cedb586e6bc5955b80c37a1c78c0ae52a81d8da5a98890795f29f2f18ae3a2b278

Download Submit
C:\Windows\System\jsJNgqS.exe

Filesize
2.1MB

MD5
a6de12a4202e4d458d644bc73000cf2e

SHA1
8ee58ced65598e1ec4990231fad85f0a883b0263

SHA256
e3ecb10980786b68ba3aec52a5daa591ed4ff4b3de004521c1a8d0cc27bdb86c

SHA512
ff6d9194f6db054310979a591521cc8872412040714f4f5f7068bba92ac56d28a8ba2ba622eeb701a92b75cf70f3447aead8808c629ac4bfc76cab5ebdd89a5b

Download Submit
C:\Windows\System\jzWUwsL.exe

Filesize
2.1MB

MD5
7b579b106bea91710b94dc6c71bd1d85

SHA1
e7783f36f06295f3a82aba634a1f9b110f70deb5

SHA256
93cb88fae732eb4f72053ccb7ae753ea1517465af8c5696de38d8b1e95fc37b4

SHA512
389f71aa473420fc4687c5b08eecc818d2995627598c835a32a3363db643e69c293e6eef764ed2f94e8898367e811bac5d8821f007ec9fdd527c840770192b2d

Download Submit
C:\Windows\System\lNoVxNh.exe

Filesize
2.1MB

MD5
369e27f70e72b6316ae580922c4e3e56

SHA1
e6c4d5ff1db5610645f4d449bb0adfbcd42ec03d

SHA256
edc9089ec29275208dc86092be3f250e1212580193f8b29e841766b2c7520df7

SHA512
ee9b6b640d6fdd7672f32740686e56bf49afb84c40731f6657d89251c67fe94d730ee3eccb2330e7da5864f9fd25446c8b5558421d7b361d1bf99f80b72791dc

Download Submit
C:\Windows\System\mMIUKda.exe

Filesize
2.1MB

MD5
a0f7a681a2971b685be7b5faf314b54c

SHA1
e10ccaa7b91de52935c0add93dbc96063264c196

SHA256
eab29309bb4098682e7ebd6e33bce21a383c8eb2d5061dddda70fca0d1f7f927

SHA512
11866a2203f0ef4804abf7af92e60f2656cf306b77fa8ed4476c733ad3e73bd9a19167470c0b87c0b584d273fa3337987b3d0180909a4ca2e8783f462ff222a2

Download Submit
C:\Windows\System\mNnPyGL.exe

Filesize
2.1MB

MD5
b740b96f5cf1fdd7b04f8bde979cc69f

SHA1
ef92fbd9ef5082f395c33206aa96b8456732f388

SHA256
d8a42a7c90b7b28996609d5b33b5080008d6434460398b40fcdfb3bd849ff240

SHA512
4b58d149a30471ebcd3dab51b12b7a61e774f899e9d7f1b449a326ffa7b6ffdf220fb1d187d1efbaed06f196efdff555083727d6d6ded609a426e98a443a3604

Download Submit
C:\Windows\System\nPQPaCQ.exe

Filesize
2.1MB

MD5
8a7cc6bdee682db65081364b91fd2c04

SHA1
9b0c6df88658c398ec1f4f968113c62cad3ebeb2

SHA256
0d181997090250f44cdbe991c3a166536790f5992301cd79f5719a45b07b5d84

SHA512
5f7ceb4c8fedd0644c0e6ede66c2558fbf8881cb7db5b28a9c2dd96eeb92923f38572bcab38bce5ee3f2c11206a45e0fe88d18f3eb760f4ee831720fd5eedfba

Download Submit
C:\Windows\System\qhCBzeD.exe

Filesize
2.1MB

MD5
54233abb62804a78b7753f4dd377e407

SHA1
7aec3e8111c6542a79730f13677a3943a69800ad

SHA256
e2762af2d3f89018881e438d9c11f9da7c2d458d7bb85949e379920fa880b177

SHA512
b5aaa949c2e27eac8b29c26aa60254a41ca19597b72a7f5ebeb1621382df8fa9772bd1abe20087cf21cac0b1960685bfadebdaa637f2c9fddd767ca787379f78

Download Submit
C:\Windows\System\viVqReB.exe

Filesize
2.1MB

MD5
9fb95053eea184676405f9093c3a5237

SHA1
5ce9bb22677d8692b662dee171ebef853bad735c

SHA256
9aef2ea0bdab98317b8d4bc3c8a80b67d791cc1d0660a5cecd8a6aba42a82f20

SHA512
80d7a17f09bd6f4155c6ad8f8b3598e59f8f150b4f8ed46f3e0cff4ff74620e9bd2829f1705d13f2f0784cf479929e919dbf50a9b7aedebdccc614024794991b

Download Submit
C:\Windows\System\ywRjFVp.exe

Filesize
2.1MB

MD5
5bcf9fdb5fd98addcc22fed5c11e6a2a

SHA1
f5c02fbceb447f649995e70b28fd5b2a897c5113

SHA256
0074c654e604b98e7c5f0ad4f928b3d79287d92adf6e3496e12bc62108194998

SHA512
d3478275cf51a36f04babb1c7ff41e0f6ff226ba0d1af4ac8f40907afbbb46b42db80e90ac27cd5a9f6d8dc5fdde6e2d0a92a8b737378eaf0311ae4ee3bf2bc4

Download Submit
C:\Windows\System\zDVFbyK.exe

Filesize
2.1MB

MD5
fa1ce3b909e38de940d482b245854b73

SHA1
34919ef9eb448075e0830846683ec96b8919544e

SHA256
c2b5fa5ebb00569059455d33f2d4149bbf5daa719945f900bb46a239d95afff0

SHA512
ac16db0ad75f68c0aa73e60854c3f4962982637f047fbdeb3641bc26869c9aad0cb6218305c61b09337c393b055d85f7ca06b112194ee9d02c41b9bb376601ae

Download Submit
memory/548-45-0x00007FF6EF700000-0x00007FF6EFAF2000-memory.dmp

Filesize
3.9MB

Download
memory/924-70-0x00007FF7C7220000-0x00007FF7C7612000-memory.dmp

Filesize
3.9MB

Download
memory/972-1-0x000001A686B90000-0x000001A686BA0000-memory.dmp

Filesize
64KB

Download
memory/972-0-0x00007FF6CD380000-0x00007FF6CD772000-memory.dmp

Filesize
3.9MB

Download
memory/1492-54-0x00007FF60FDB0000-0x00007FF6101A2000-memory.dmp

Filesize
3.9MB

Download
memory/1592-145-0x00007FF629A90000-0x00007FF629E82000-memory.dmp

Filesize
3.9MB

Download
memory/1636-63-0x00007FF7FB170000-0x00007FF7FB562000-memory.dmp

Filesize
3.9MB

Download
memory/1656-118-0x00007FF67FE40000-0x00007FF680232000-memory.dmp

Filesize
3.9MB

Download
memory/1664-2486-0x00007FF75FFC0000-0x00007FF7603B2000-memory.dmp

Filesize
3.9MB

Download
memory/1664-96-0x00007FF75FFC0000-0x00007FF7603B2000-memory.dmp

Filesize
3.9MB

Download
memory/3124-73-0x00007FF792A80000-0x00007FF792E72000-memory.dmp

Filesize
3.9MB

Download
memory/3160-106-0x00007FF6408B0000-0x00007FF640CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3176-46-0x000002054F160000-0x000002054F182000-memory.dmp

Filesize
136KB

Download
memory/3176-153-0x000002056A560000-0x000002056AD06000-memory.dmp

Filesize
7.6MB

Download
memory/3176-24-0x00007FF920940000-0x00007FF921401000-memory.dmp

Filesize
10.8MB

Download
memory/3176-26-0x000002054F0D0000-0x000002054F0E0000-memory.dmp

Filesize
64KB

Download
memory/3588-48-0x00007FF679890000-0x00007FF679C82000-memory.dmp

Filesize
3.9MB

Download
memory/3692-107-0x00007FF761590000-0x00007FF761982000-memory.dmp

Filesize
3.9MB

Download
memory/3716-113-0x00007FF689D00000-0x00007FF68A0F2000-memory.dmp

Filesize
3.9MB

Download
memory/3752-78-0x00007FF7992B0000-0x00007FF7996A2000-memory.dmp

Filesize
3.9MB

Download
memory/4000-112-0x00007FF74DDA0000-0x00007FF74E192000-memory.dmp

Filesize
3.9MB

Download
memory/4480-139-0x00007FF77F2A0000-0x00007FF77F692000-memory.dmp

Filesize
3.9MB

Download
memory/4584-117-0x00007FF65D1A0000-0x00007FF65D592000-memory.dmp

Filesize
3.9MB

Download
memory/4628-133-0x00007FF7E75D0000-0x00007FF7E79C2000-memory.dmp

Filesize
3.9MB

Download
memory/4804-119-0x00007FF70DA60000-0x00007FF70DE52000-memory.dmp

Filesize
3.9MB

Download
memory/4984-88-0x00007FF6EAEC0000-0x00007FF6EB2B2000-memory.dmp

Filesize
3.9MB

Download
memory/4984-2093-0x00007FF6EAEC0000-0x00007FF6EB2B2000-memory.dmp

Filesize
3.9MB

Download
memory/5052-87-0x00007FF661140000-0x00007FF661532000-memory.dmp

Filesize
3.9MB

Download
memory/5052-2090-0x00007FF661140000-0x00007FF661532000-memory.dmp

Filesize
3.9MB

Download
memory/5076-120-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp

Filesize
3.9MB

Download