xmrig | c9d2c0c23c1e1d57ca6bccda0588bbc91cbec20dd436791af2a8e8ab7104d743

Analysis

max time kernel
33s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 07:17

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
Size

1.6MB
MD5

04a832fc27015b2bfd4acf13149a43d0
SHA1

84c7c3e96de1ad191edbd95abba6260489456b76
SHA256

c9d2c0c23c1e1d57ca6bccda0588bbc91cbec20dd436791af2a8e8ab7104d743
SHA512

31471a4ab80c58d1c8998b48cb5baa7c26fdbcb63aa60a9fa5094c74195b954eac393bedaa03e438a3092e7ef4cef633915c5a6ccb7aa3d5c64c4cc3892c22bb
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82S73:NABc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral2/memory/3232-70-0x00007FF679000000-0x00007FF6793F2000-memory.dmp	xmrig
behavioral2/memory/2588-76-0x00007FF6441B0000-0x00007FF6445A2000-memory.dmp	xmrig
behavioral2/memory/1960-130-0x00007FF66CB20000-0x00007FF66CF12000-memory.dmp	xmrig
behavioral2/memory/2296-149-0x00007FF757C80000-0x00007FF758072000-memory.dmp	xmrig
behavioral2/memory/368-143-0x00007FF706A30000-0x00007FF706E22000-memory.dmp	xmrig
behavioral2/memory/3140-142-0x00007FF6A3830000-0x00007FF6A3C22000-memory.dmp	xmrig
behavioral2/memory/4708-136-0x00007FF6C7970000-0x00007FF6C7D62000-memory.dmp	xmrig
behavioral2/memory/1060-124-0x00007FF652250000-0x00007FF652642000-memory.dmp	xmrig
behavioral2/memory/4704-118-0x00007FF7E4990000-0x00007FF7E4D82000-memory.dmp	xmrig
behavioral2/memory/3672-117-0x00007FF669850000-0x00007FF669C42000-memory.dmp	xmrig
behavioral2/memory/4796-111-0x00007FF6AFC00000-0x00007FF6AFFF2000-memory.dmp	xmrig
behavioral2/memory/4504-105-0x00007FF718720000-0x00007FF718B12000-memory.dmp	xmrig
behavioral2/memory/2172-99-0x00007FF7A7980000-0x00007FF7A7D72000-memory.dmp	xmrig
behavioral2/memory/3544-95-0x00007FF72C2A0000-0x00007FF72C692000-memory.dmp	xmrig
behavioral2/memory/1560-94-0x00007FF7CE1F0000-0x00007FF7CE5E2000-memory.dmp	xmrig
behavioral2/memory/1348-90-0x00007FF79F330000-0x00007FF79F722000-memory.dmp	xmrig
behavioral2/memory/5100-77-0x00007FF613380000-0x00007FF613772000-memory.dmp	xmrig
behavioral2/memory/2796-57-0x00007FF6D3490000-0x00007FF6D3882000-memory.dmp	xmrig
behavioral2/memory/228-47-0x00007FF626E10000-0x00007FF627202000-memory.dmp	xmrig
behavioral2/memory/4896-3382-0x00007FF6E5AE0000-0x00007FF6E5ED2000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3168	vrLYPic.exe
1560	CHETEns.exe
228	HVkExYV.exe
3544	ShjuDxb.exe
2796	iuVERfq.exe
3232	dKhUKRs.exe
2588	fzzhViS.exe
2172	fjoerah.exe
4504	MjbiWhZ.exe
4796	pvjGXFw.exe
5100	ckbWFrW.exe
4896	GPtApdm.exe
1348	SlzEMTd.exe
3672	dafPouK.exe
4704	jLMGHDI.exe
1060	HPZKAhR.exe
1960	WpBsGmu.exe
4708	FlsVwPX.exe
3140	tNRofka.exe
368	YQRjJra.exe
2296	vYZzpdk.exe
1344	BwcDUJa.exe
1916	gMjNucs.exe
2652	fILTcuj.exe
2356	yFIQheg.exe
404	kZANlDL.exe
3304	cTByqBh.exe
2392	XolIxpu.exe
3920	UPzpmwv.exe
4048	uKZXdTi.exe
4484	esqZvHk.exe
2500	HAZXotZ.exe
3616	BzsPJBX.exe
2460	wljPajJ.exe
856	wrDGmTr.exe
3988	jCvJwOP.exe
4736	reidHcd.exe
2616	iwHcVSK.exe
840	DYKxMRh.exe
2488	qWAcOJg.exe
4352	LWpioFw.exe
3340	qiawpJm.exe
4660	xEsFpbo.exe
4548	kppWpjQ.exe
1352	DVuhDwQ.exe
4980	ZsUzpCW.exe
4908	mViEMCB.exe
940	XVYKjKs.exe
4420	gIYawQV.exe
468	LxTsnMm.exe
2956	IOVyeVX.exe
2012	GSsaDnf.exe
4712	bqXUejL.exe
1472	yagScns.exe
4320	aMvkMnR.exe
4652	nFjIMDl.exe
3780	JOtNgjQ.exe
1772	ClYFoAE.exe
3788	uQPoMWd.exe
1684	evXrCpM.exe
4192	uGKtNMV.exe
3372	QwfawXA.exe
1948	FeSiJEO.exe
3440	UsmGJAU.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4540-0-0x00007FF68F6C0000-0x00007FF68FAB2000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-16.dat	upx
behavioral2/files/0x000a000000023b90-17.dat	upx
behavioral2/files/0x000a000000023b92-32.dat	upx
behavioral2/files/0x000a000000023b94-42.dat	upx
behavioral2/files/0x000a000000023b95-49.dat	upx
behavioral2/files/0x000a000000023b97-59.dat	upx
behavioral2/memory/3232-70-0x00007FF679000000-0x00007FF6793F2000-memory.dmp	upx
behavioral2/memory/2588-76-0x00007FF6441B0000-0x00007FF6445A2000-memory.dmp	upx
behavioral2/memory/4896-84-0x00007FF6E5AE0000-0x00007FF6E5ED2000-memory.dmp	upx
behavioral2/files/0x000a000000023b9a-91.dat	upx
behavioral2/files/0x000b000000023b8b-96.dat	upx
behavioral2/files/0x000b000000023b9c-112.dat	upx
behavioral2/files/0x000a000000023b9e-121.dat	upx
behavioral2/memory/1960-130-0x00007FF66CB20000-0x00007FF66CF12000-memory.dmp	upx
behavioral2/memory/2296-149-0x00007FF757C80000-0x00007FF758072000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-180.dat	upx
behavioral2/files/0x000a000000023bac-197.dat	upx
behavioral2/files/0x000a000000023baa-195.dat	upx
behavioral2/files/0x000a000000023bab-192.dat	upx
behavioral2/files/0x000a000000023ba9-190.dat	upx
behavioral2/files/0x000a000000023ba8-185.dat	upx
behavioral2/files/0x000a000000023ba6-175.dat	upx
behavioral2/files/0x000a000000023ba5-170.dat	upx
behavioral2/files/0x000a000000023ba4-165.dat	upx
behavioral2/files/0x000a000000023ba3-160.dat	upx
behavioral2/files/0x000a000000023ba2-155.dat	upx
behavioral2/files/0x000a000000023ba1-150.dat	upx
behavioral2/files/0x000a000000023ba0-144.dat	upx
behavioral2/memory/368-143-0x00007FF706A30000-0x00007FF706E22000-memory.dmp	upx
behavioral2/memory/3140-142-0x00007FF6A3830000-0x00007FF6A3C22000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-137.dat	upx
behavioral2/memory/4708-136-0x00007FF6C7970000-0x00007FF6C7D62000-memory.dmp	upx
behavioral2/files/0x000b000000023b9b-125.dat	upx
behavioral2/memory/1060-124-0x00007FF652250000-0x00007FF652642000-memory.dmp	upx
behavioral2/files/0x000a000000023b9d-119.dat	upx
behavioral2/memory/4704-118-0x00007FF7E4990000-0x00007FF7E4D82000-memory.dmp	upx
behavioral2/memory/3672-117-0x00007FF669850000-0x00007FF669C42000-memory.dmp	upx
behavioral2/memory/4796-111-0x00007FF6AFC00000-0x00007FF6AFFF2000-memory.dmp	upx
behavioral2/memory/4504-105-0x00007FF718720000-0x00007FF718B12000-memory.dmp	upx
behavioral2/memory/2172-99-0x00007FF7A7980000-0x00007FF7A7D72000-memory.dmp	upx
behavioral2/memory/3544-95-0x00007FF72C2A0000-0x00007FF72C692000-memory.dmp	upx
behavioral2/memory/1560-94-0x00007FF7CE1F0000-0x00007FF7CE5E2000-memory.dmp	upx
behavioral2/memory/1348-90-0x00007FF79F330000-0x00007FF79F722000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-80.dat	upx
behavioral2/files/0x000a000000023b98-78.dat	upx
behavioral2/memory/5100-77-0x00007FF613380000-0x00007FF613772000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-62.dat	upx
behavioral2/memory/2796-57-0x00007FF6D3490000-0x00007FF6D3882000-memory.dmp	upx
behavioral2/memory/228-47-0x00007FF626E10000-0x00007FF627202000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-34.dat	upx
behavioral2/files/0x000a000000023b91-23.dat	upx
behavioral2/files/0x000a000000023b8e-18.dat	upx
behavioral2/files/0x000b000000023b8a-12.dat	upx
behavioral2/memory/3168-11-0x00007FF7D4490000-0x00007FF7D4882000-memory.dmp	upx
behavioral2/memory/4896-3382-0x00007FF6E5AE0000-0x00007FF6E5ED2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yerxMlk.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\bhfokkv.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\hXkmXll.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\DEEnPNn.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\orSRvsb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\WUxDJMD.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\TdvdDpW.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\KjpmhWj.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\McTxkcF.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\txPVhOv.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\JrSvizb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\UwBJDjr.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\COZqYwW.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\ZOVAUVg.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\DWOAIDs.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\pvSwhWM.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\kCLOcmz.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\JqzCynb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\RjllJLp.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\ZBYHarR.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\JLULPaR.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\qewNjbh.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\mBgOwju.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\CUxMDFP.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\fTrmYxU.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\resqQLZ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\dhjZlYT.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\MvpDdTe.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\EmNVscp.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\okqDKuI.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\EeSzLrt.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\sPTIpSu.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\YkVgmhF.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\peeOtYx.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\vAPvtOt.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\UNQaAXP.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\rtYNMSa.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\njrnVhw.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\xANvlvg.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\dtKnNzb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\oBssdPZ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\jbjbMCU.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\CyxNsJA.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\NVOdJpb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\YyogapX.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\LDivMnb.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\KAoQerv.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\lLYRGFf.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\vSdaGwE.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\SgsIseQ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\eZfdFHn.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\jIYsgcU.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\PKjtgBQ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\NbVbCIs.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\lMddaIJ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\tGNXonJ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\QNSTBzN.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\QDexkrJ.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\xfybHGh.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\wfKbKBg.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\xxFTsjX.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\gTMCeHn.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\bvqbgQV.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
File created	C:\Windows\System\ADvBYsD.exe	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1452	powershell.exe
1452	powershell.exe
1452	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
Token: SeDebugPrivilege	1452	powershell.exe
Token: SeLockMemoryPrivilege	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1452	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	85
PID 4540 wrote to memory of 1452	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	85
PID 4540 wrote to memory of 3168	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	86
PID 4540 wrote to memory of 3168	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	86
PID 4540 wrote to memory of 1560	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	87
PID 4540 wrote to memory of 1560	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	87
PID 4540 wrote to memory of 228	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	88
PID 4540 wrote to memory of 228	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	88
PID 4540 wrote to memory of 3544	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	89
PID 4540 wrote to memory of 3544	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	89
PID 4540 wrote to memory of 2796	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	90
PID 4540 wrote to memory of 2796	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	90
PID 4540 wrote to memory of 3232	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	91
PID 4540 wrote to memory of 3232	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	91
PID 4540 wrote to memory of 2588	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	92
PID 4540 wrote to memory of 2588	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	92
PID 4540 wrote to memory of 2172	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	93
PID 4540 wrote to memory of 2172	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	93
PID 4540 wrote to memory of 4504	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	94
PID 4540 wrote to memory of 4504	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	94
PID 4540 wrote to memory of 4796	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	95
PID 4540 wrote to memory of 4796	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	95
PID 4540 wrote to memory of 5100	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	96
PID 4540 wrote to memory of 5100	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	96
PID 4540 wrote to memory of 4896	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	97
PID 4540 wrote to memory of 4896	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	97
PID 4540 wrote to memory of 1348	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	98
PID 4540 wrote to memory of 1348	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	98
PID 4540 wrote to memory of 3672	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	99
PID 4540 wrote to memory of 3672	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	99
PID 4540 wrote to memory of 4704	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	100
PID 4540 wrote to memory of 4704	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	100
PID 4540 wrote to memory of 1060	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	101
PID 4540 wrote to memory of 1060	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	101
PID 4540 wrote to memory of 1960	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	102
PID 4540 wrote to memory of 1960	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	102
PID 4540 wrote to memory of 4708	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	103
PID 4540 wrote to memory of 4708	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	103
PID 4540 wrote to memory of 3140	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	104
PID 4540 wrote to memory of 3140	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	104
PID 4540 wrote to memory of 368	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	105
PID 4540 wrote to memory of 368	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	105
PID 4540 wrote to memory of 2296	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	106
PID 4540 wrote to memory of 2296	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	106
PID 4540 wrote to memory of 1344	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	107
PID 4540 wrote to memory of 1344	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	107
PID 4540 wrote to memory of 1916	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	108
PID 4540 wrote to memory of 1916	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	108
PID 4540 wrote to memory of 2652	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	109
PID 4540 wrote to memory of 2652	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	109
PID 4540 wrote to memory of 2356	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	110
PID 4540 wrote to memory of 2356	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	110
PID 4540 wrote to memory of 404	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	111
PID 4540 wrote to memory of 404	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	111
PID 4540 wrote to memory of 3304	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	112
PID 4540 wrote to memory of 3304	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	112
PID 4540 wrote to memory of 2392	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	113
PID 4540 wrote to memory of 2392	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	113
PID 4540 wrote to memory of 3920	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	114
PID 4540 wrote to memory of 3920	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	114
PID 4540 wrote to memory of 4048	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	115
PID 4540 wrote to memory of 4048	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	115
PID 4540 wrote to memory of 4484	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	116
PID 4540 wrote to memory of 4484	4540	04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04a832fc27015b2bfd4acf13149a43d0_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1452
- C:\Windows\System\vrLYPic.exe
  C:\Windows\System\vrLYPic.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\CHETEns.exe
  C:\Windows\System\CHETEns.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\HVkExYV.exe
  C:\Windows\System\HVkExYV.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\ShjuDxb.exe
  C:\Windows\System\ShjuDxb.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\iuVERfq.exe
  C:\Windows\System\iuVERfq.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\dKhUKRs.exe
  C:\Windows\System\dKhUKRs.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\fzzhViS.exe
  C:\Windows\System\fzzhViS.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\fjoerah.exe
  C:\Windows\System\fjoerah.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\MjbiWhZ.exe
  C:\Windows\System\MjbiWhZ.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\pvjGXFw.exe
  C:\Windows\System\pvjGXFw.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\ckbWFrW.exe
  C:\Windows\System\ckbWFrW.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\GPtApdm.exe
  C:\Windows\System\GPtApdm.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\SlzEMTd.exe
  C:\Windows\System\SlzEMTd.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\dafPouK.exe
  C:\Windows\System\dafPouK.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\jLMGHDI.exe
  C:\Windows\System\jLMGHDI.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\HPZKAhR.exe
  C:\Windows\System\HPZKAhR.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\WpBsGmu.exe
  C:\Windows\System\WpBsGmu.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\FlsVwPX.exe
  C:\Windows\System\FlsVwPX.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\tNRofka.exe
  C:\Windows\System\tNRofka.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\YQRjJra.exe
  C:\Windows\System\YQRjJra.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\vYZzpdk.exe
  C:\Windows\System\vYZzpdk.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BwcDUJa.exe
  C:\Windows\System\BwcDUJa.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\gMjNucs.exe
  C:\Windows\System\gMjNucs.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\fILTcuj.exe
  C:\Windows\System\fILTcuj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\yFIQheg.exe
  C:\Windows\System\yFIQheg.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\kZANlDL.exe
  C:\Windows\System\kZANlDL.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\cTByqBh.exe
  C:\Windows\System\cTByqBh.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\XolIxpu.exe
  C:\Windows\System\XolIxpu.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\UPzpmwv.exe
  C:\Windows\System\UPzpmwv.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\uKZXdTi.exe
  C:\Windows\System\uKZXdTi.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\esqZvHk.exe
  C:\Windows\System\esqZvHk.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\HAZXotZ.exe
  C:\Windows\System\HAZXotZ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\BzsPJBX.exe
  C:\Windows\System\BzsPJBX.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\wljPajJ.exe
  C:\Windows\System\wljPajJ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\wrDGmTr.exe
  C:\Windows\System\wrDGmTr.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\jCvJwOP.exe
  C:\Windows\System\jCvJwOP.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\reidHcd.exe
  C:\Windows\System\reidHcd.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\iwHcVSK.exe
  C:\Windows\System\iwHcVSK.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\DYKxMRh.exe
  C:\Windows\System\DYKxMRh.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\qWAcOJg.exe
  C:\Windows\System\qWAcOJg.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\LWpioFw.exe
  C:\Windows\System\LWpioFw.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\qiawpJm.exe
  C:\Windows\System\qiawpJm.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\xEsFpbo.exe
  C:\Windows\System\xEsFpbo.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\kppWpjQ.exe
  C:\Windows\System\kppWpjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\DVuhDwQ.exe
  C:\Windows\System\DVuhDwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ZsUzpCW.exe
  C:\Windows\System\ZsUzpCW.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\mViEMCB.exe
  C:\Windows\System\mViEMCB.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\XVYKjKs.exe
  C:\Windows\System\XVYKjKs.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\gIYawQV.exe
  C:\Windows\System\gIYawQV.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\LxTsnMm.exe
  C:\Windows\System\LxTsnMm.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\IOVyeVX.exe
  C:\Windows\System\IOVyeVX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\GSsaDnf.exe
  C:\Windows\System\GSsaDnf.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\bqXUejL.exe
  C:\Windows\System\bqXUejL.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\yagScns.exe
  C:\Windows\System\yagScns.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\aMvkMnR.exe
  C:\Windows\System\aMvkMnR.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\nFjIMDl.exe
  C:\Windows\System\nFjIMDl.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\JOtNgjQ.exe
  C:\Windows\System\JOtNgjQ.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\ClYFoAE.exe
  C:\Windows\System\ClYFoAE.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\uQPoMWd.exe
  C:\Windows\System\uQPoMWd.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\evXrCpM.exe
  C:\Windows\System\evXrCpM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\uGKtNMV.exe
  C:\Windows\System\uGKtNMV.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\QwfawXA.exe
  C:\Windows\System\QwfawXA.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\FeSiJEO.exe
  C:\Windows\System\FeSiJEO.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\UsmGJAU.exe
  C:\Windows\System\UsmGJAU.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\cyaNYqb.exe
  C:\Windows\System\cyaNYqb.exe
  2⤵
  PID:2340
- C:\Windows\System\HArzKjv.exe
  C:\Windows\System\HArzKjv.exe
  2⤵
  PID:2544
- C:\Windows\System\gzEcOOL.exe
  C:\Windows\System\gzEcOOL.exe
  2⤵
  PID:4336
- C:\Windows\System\eXZzzYQ.exe
  C:\Windows\System\eXZzzYQ.exe
  2⤵
  PID:1308
- C:\Windows\System\iLKunBB.exe
  C:\Windows\System\iLKunBB.exe
  2⤵
  PID:2468
- C:\Windows\System\knOTSQB.exe
  C:\Windows\System\knOTSQB.exe
  2⤵
  PID:4028
- C:\Windows\System\KjpmhWj.exe
  C:\Windows\System\KjpmhWj.exe
  2⤵
  PID:732
- C:\Windows\System\FBMQVrO.exe
  C:\Windows\System\FBMQVrO.exe
  2⤵
  PID:1592
- C:\Windows\System\gVVBkBG.exe
  C:\Windows\System\gVVBkBG.exe
  2⤵
  PID:3596
- C:\Windows\System\KAoQerv.exe
  C:\Windows\System\KAoQerv.exe
  2⤵
  PID:4308
- C:\Windows\System\OVuEseu.exe
  C:\Windows\System\OVuEseu.exe
  2⤵
  PID:5140
- C:\Windows\System\zpEtWbN.exe
  C:\Windows\System\zpEtWbN.exe
  2⤵
  PID:5168
- C:\Windows\System\GDXLnOt.exe
  C:\Windows\System\GDXLnOt.exe
  2⤵
  PID:5188
- C:\Windows\System\wPfesLd.exe
  C:\Windows\System\wPfesLd.exe
  2⤵
  PID:5216
- C:\Windows\System\ABDWldt.exe
  C:\Windows\System\ABDWldt.exe
  2⤵
  PID:5248
- C:\Windows\System\pqBDOGq.exe
  C:\Windows\System\pqBDOGq.exe
  2⤵
  PID:5276
- C:\Windows\System\xlFFDKH.exe
  C:\Windows\System\xlFFDKH.exe
  2⤵
  PID:5304
- C:\Windows\System\ZtdaWYp.exe
  C:\Windows\System\ZtdaWYp.exe
  2⤵
  PID:5328
- C:\Windows\System\qgJEaxI.exe
  C:\Windows\System\qgJEaxI.exe
  2⤵
  PID:5360
- C:\Windows\System\XmjQuHT.exe
  C:\Windows\System\XmjQuHT.exe
  2⤵
  PID:5388
- C:\Windows\System\RbPNSwZ.exe
  C:\Windows\System\RbPNSwZ.exe
  2⤵
  PID:5416
- C:\Windows\System\OqDpfCq.exe
  C:\Windows\System\OqDpfCq.exe
  2⤵
  PID:5444
- C:\Windows\System\SyLiGVk.exe
  C:\Windows\System\SyLiGVk.exe
  2⤵
  PID:5468
- C:\Windows\System\oFBxGJj.exe
  C:\Windows\System\oFBxGJj.exe
  2⤵
  PID:5496
- C:\Windows\System\OdtbzyY.exe
  C:\Windows\System\OdtbzyY.exe
  2⤵
  PID:5528
- C:\Windows\System\tCoZwoq.exe
  C:\Windows\System\tCoZwoq.exe
  2⤵
  PID:5556
- C:\Windows\System\bVbfVoE.exe
  C:\Windows\System\bVbfVoE.exe
  2⤵
  PID:5584
- C:\Windows\System\rnHBvAh.exe
  C:\Windows\System\rnHBvAh.exe
  2⤵
  PID:5612
- C:\Windows\System\ItIZFGm.exe
  C:\Windows\System\ItIZFGm.exe
  2⤵
  PID:5640
- C:\Windows\System\rMwOUgz.exe
  C:\Windows\System\rMwOUgz.exe
  2⤵
  PID:5664
- C:\Windows\System\pkSJEwQ.exe
  C:\Windows\System\pkSJEwQ.exe
  2⤵
  PID:5692
- C:\Windows\System\KNrYQbo.exe
  C:\Windows\System\KNrYQbo.exe
  2⤵
  PID:5724
- C:\Windows\System\sFkxyeg.exe
  C:\Windows\System\sFkxyeg.exe
  2⤵
  PID:5752
- C:\Windows\System\QCcbVYK.exe
  C:\Windows\System\QCcbVYK.exe
  2⤵
  PID:5780
- C:\Windows\System\FOaUoiQ.exe
  C:\Windows\System\FOaUoiQ.exe
  2⤵
  PID:5808
- C:\Windows\System\hEHGYtd.exe
  C:\Windows\System\hEHGYtd.exe
  2⤵
  PID:5832
- C:\Windows\System\dlbKcuq.exe
  C:\Windows\System\dlbKcuq.exe
  2⤵
  PID:5860
- C:\Windows\System\gpmThxK.exe
  C:\Windows\System\gpmThxK.exe
  2⤵
  PID:5888
- C:\Windows\System\imTEWou.exe
  C:\Windows\System\imTEWou.exe
  2⤵
  PID:5916
- C:\Windows\System\oEyWdEE.exe
  C:\Windows\System\oEyWdEE.exe
  2⤵
  PID:5948
- C:\Windows\System\EeSzLrt.exe
  C:\Windows\System\EeSzLrt.exe
  2⤵
  PID:5972
- C:\Windows\System\lBPJavm.exe
  C:\Windows\System\lBPJavm.exe
  2⤵
  PID:6000
- C:\Windows\System\JLULPaR.exe
  C:\Windows\System\JLULPaR.exe
  2⤵
  PID:6028
- C:\Windows\System\dhjZlYT.exe
  C:\Windows\System\dhjZlYT.exe
  2⤵
  PID:6064
- C:\Windows\System\ksIduhE.exe
  C:\Windows\System\ksIduhE.exe
  2⤵
  PID:6088
- C:\Windows\System\MevNmSd.exe
  C:\Windows\System\MevNmSd.exe
  2⤵
  PID:6116
- C:\Windows\System\pzmMeAB.exe
  C:\Windows\System\pzmMeAB.exe
  2⤵
  PID:2936
- C:\Windows\System\COZqYwW.exe
  C:\Windows\System\COZqYwW.exe
  2⤵
  PID:2084
- C:\Windows\System\aXRvhAU.exe
  C:\Windows\System\aXRvhAU.exe
  2⤵
  PID:3116
- C:\Windows\System\jdiWezf.exe
  C:\Windows\System\jdiWezf.exe
  2⤵
  PID:3356
- C:\Windows\System\FCELFAR.exe
  C:\Windows\System\FCELFAR.exe
  2⤵
  PID:672
- C:\Windows\System\kvMzYUp.exe
  C:\Windows\System\kvMzYUp.exe
  2⤵
  PID:4488
- C:\Windows\System\inqNxSd.exe
  C:\Windows\System\inqNxSd.exe
  2⤵
  PID:5156
- C:\Windows\System\yQUwzem.exe
  C:\Windows\System\yQUwzem.exe
  2⤵
  PID:5208
- C:\Windows\System\hEqbiqW.exe
  C:\Windows\System\hEqbiqW.exe
  2⤵
  PID:5284
- C:\Windows\System\PbbTqws.exe
  C:\Windows\System\PbbTqws.exe
  2⤵
  PID:5344
- C:\Windows\System\msUSPGY.exe
  C:\Windows\System\msUSPGY.exe
  2⤵
  PID:5460
- C:\Windows\System\lUYZGoc.exe
  C:\Windows\System\lUYZGoc.exe
  2⤵
  PID:5488
- C:\Windows\System\KwWkWIR.exe
  C:\Windows\System\KwWkWIR.exe
  2⤵
  PID:448
- C:\Windows\System\zAgyGyX.exe
  C:\Windows\System\zAgyGyX.exe
  2⤵
  PID:5576
- C:\Windows\System\uUeSRrz.exe
  C:\Windows\System\uUeSRrz.exe
  2⤵
  PID:5628
- C:\Windows\System\fvtoFvS.exe
  C:\Windows\System\fvtoFvS.exe
  2⤵
  PID:5684
- C:\Windows\System\zhLtKSP.exe
  C:\Windows\System\zhLtKSP.exe
  2⤵
  PID:5732
- C:\Windows\System\RwQSlOA.exe
  C:\Windows\System\RwQSlOA.exe
  2⤵
  PID:2736
- C:\Windows\System\KEzPZgu.exe
  C:\Windows\System\KEzPZgu.exe
  2⤵
  PID:5844
- C:\Windows\System\XCioSSY.exe
  C:\Windows\System\XCioSSY.exe
  2⤵
  PID:5900
- C:\Windows\System\kaxLYOQ.exe
  C:\Windows\System\kaxLYOQ.exe
  2⤵
  PID:5964
- C:\Windows\System\CBinjtg.exe
  C:\Windows\System\CBinjtg.exe
  2⤵
  PID:6020
- C:\Windows\System\FUYxqPr.exe
  C:\Windows\System\FUYxqPr.exe
  2⤵
  PID:6096
- C:\Windows\System\tvaSOMg.exe
  C:\Windows\System\tvaSOMg.exe
  2⤵
  PID:4904
- C:\Windows\System\aDIrQsV.exe
  C:\Windows\System\aDIrQsV.exe
  2⤵
  PID:3772
- C:\Windows\System\uYUDZTy.exe
  C:\Windows\System\uYUDZTy.exe
  2⤵
  PID:3120
- C:\Windows\System\mHZIxxi.exe
  C:\Windows\System\mHZIxxi.exe
  2⤵
  PID:5180
- C:\Windows\System\nVRwbNc.exe
  C:\Windows\System\nVRwbNc.exe
  2⤵
  PID:5256
- C:\Windows\System\APytsZU.exe
  C:\Windows\System\APytsZU.exe
  2⤵
  PID:5368
- C:\Windows\System\tLSiQiJ.exe
  C:\Windows\System\tLSiQiJ.exe
  2⤵
  PID:5484
- C:\Windows\System\jTvroJY.exe
  C:\Windows\System\jTvroJY.exe
  2⤵
  PID:2308
- C:\Windows\System\QGBCjZc.exe
  C:\Windows\System\QGBCjZc.exe
  2⤵
  PID:5768
- C:\Windows\System\SjkqHMD.exe
  C:\Windows\System\SjkqHMD.exe
  2⤵
  PID:5872
- C:\Windows\System\WiHPBrB.exe
  C:\Windows\System\WiHPBrB.exe
  2⤵
  PID:1568
- C:\Windows\System\qEfuvCY.exe
  C:\Windows\System\qEfuvCY.exe
  2⤵
  PID:3460
- C:\Windows\System\EqexiZw.exe
  C:\Windows\System\EqexiZw.exe
  2⤵
  PID:4360
- C:\Windows\System\AVWGWNO.exe
  C:\Windows\System\AVWGWNO.exe
  2⤵
  PID:2028
- C:\Windows\System\cqjmuEU.exe
  C:\Windows\System\cqjmuEU.exe
  2⤵
  PID:5516
- C:\Windows\System\rnWKciR.exe
  C:\Windows\System\rnWKciR.exe
  2⤵
  PID:3720
- C:\Windows\System\mrNHmGi.exe
  C:\Windows\System\mrNHmGi.exe
  2⤵
  PID:5340
- C:\Windows\System\ivSzlPl.exe
  C:\Windows\System\ivSzlPl.exe
  2⤵
  PID:5816
- C:\Windows\System\AsfSlUW.exe
  C:\Windows\System\AsfSlUW.exe
  2⤵
  PID:5992
- C:\Windows\System\jFoOMbY.exe
  C:\Windows\System\jFoOMbY.exe
  2⤵
  PID:3816
- C:\Windows\System\tkEIuQP.exe
  C:\Windows\System\tkEIuQP.exe
  2⤵
  PID:4224
- C:\Windows\System\VzmWaly.exe
  C:\Windows\System\VzmWaly.exe
  2⤵
  PID:4464
- C:\Windows\System\VqnSQbg.exe
  C:\Windows\System\VqnSQbg.exe
  2⤵
  PID:1256
- C:\Windows\System\vTGDJWv.exe
  C:\Windows\System\vTGDJWv.exe
  2⤵
  PID:5620
- C:\Windows\System\TNlirjR.exe
  C:\Windows\System\TNlirjR.exe
  2⤵
  PID:1488
- C:\Windows\System\uyBghmI.exe
  C:\Windows\System\uyBghmI.exe
  2⤵
  PID:4304
- C:\Windows\System\RbhUSsd.exe
  C:\Windows\System\RbhUSsd.exe
  2⤵
  PID:2524
- C:\Windows\System\hjeLbTN.exe
  C:\Windows\System\hjeLbTN.exe
  2⤵
  PID:5236
- C:\Windows\System\kZhyWIf.exe
  C:\Windows\System\kZhyWIf.exe
  2⤵
  PID:5452
- C:\Windows\System\JhxPbkY.exe
  C:\Windows\System\JhxPbkY.exe
  2⤵
  PID:5932
- C:\Windows\System\BtpPomg.exe
  C:\Windows\System\BtpPomg.exe
  2⤵
  PID:6160
- C:\Windows\System\zVdouLR.exe
  C:\Windows\System\zVdouLR.exe
  2⤵
  PID:6188
- C:\Windows\System\YVcWBtq.exe
  C:\Windows\System\YVcWBtq.exe
  2⤵
  PID:6236
- C:\Windows\System\bvqbgQV.exe
  C:\Windows\System\bvqbgQV.exe
  2⤵
  PID:6260
- C:\Windows\System\xYQSRys.exe
  C:\Windows\System\xYQSRys.exe
  2⤵
  PID:6280
- C:\Windows\System\XiuMGSq.exe
  C:\Windows\System\XiuMGSq.exe
  2⤵
  PID:6296
- C:\Windows\System\nNklOcl.exe
  C:\Windows\System\nNklOcl.exe
  2⤵
  PID:6320
- C:\Windows\System\NgsfbAI.exe
  C:\Windows\System\NgsfbAI.exe
  2⤵
  PID:6364
- C:\Windows\System\czhBIdo.exe
  C:\Windows\System\czhBIdo.exe
  2⤵
  PID:6384
- C:\Windows\System\kwGLcJi.exe
  C:\Windows\System\kwGLcJi.exe
  2⤵
  PID:6404
- C:\Windows\System\lDJOXHQ.exe
  C:\Windows\System\lDJOXHQ.exe
  2⤵
  PID:6420
- C:\Windows\System\aQxQALZ.exe
  C:\Windows\System\aQxQALZ.exe
  2⤵
  PID:6440
- C:\Windows\System\VhThicH.exe
  C:\Windows\System\VhThicH.exe
  2⤵
  PID:6468
- C:\Windows\System\ZOVAUVg.exe
  C:\Windows\System\ZOVAUVg.exe
  2⤵
  PID:6536
- C:\Windows\System\KDmfudC.exe
  C:\Windows\System\KDmfudC.exe
  2⤵
  PID:6552
- C:\Windows\System\WkPTyqe.exe
  C:\Windows\System\WkPTyqe.exe
  2⤵
  PID:6576
- C:\Windows\System\oXyNxGl.exe
  C:\Windows\System\oXyNxGl.exe
  2⤵
  PID:6596
- C:\Windows\System\WudcWoO.exe
  C:\Windows\System\WudcWoO.exe
  2⤵
  PID:6612
- C:\Windows\System\VwsKuRN.exe
  C:\Windows\System\VwsKuRN.exe
  2⤵
  PID:6640
- C:\Windows\System\NzUGfir.exe
  C:\Windows\System\NzUGfir.exe
  2⤵
  PID:6668
- C:\Windows\System\zWYlmQG.exe
  C:\Windows\System\zWYlmQG.exe
  2⤵
  PID:6696
- C:\Windows\System\lxzjWNY.exe
  C:\Windows\System\lxzjWNY.exe
  2⤵
  PID:6716
- C:\Windows\System\nponuEe.exe
  C:\Windows\System\nponuEe.exe
  2⤵
  PID:6736
- C:\Windows\System\ylZeuNB.exe
  C:\Windows\System\ylZeuNB.exe
  2⤵
  PID:6788
- C:\Windows\System\tZopZwP.exe
  C:\Windows\System\tZopZwP.exe
  2⤵
  PID:6808
- C:\Windows\System\hjSGdFD.exe
  C:\Windows\System\hjSGdFD.exe
  2⤵
  PID:6868
- C:\Windows\System\zKCNKgB.exe
  C:\Windows\System\zKCNKgB.exe
  2⤵
  PID:6896
- C:\Windows\System\CfwkGxK.exe
  C:\Windows\System\CfwkGxK.exe
  2⤵
  PID:6940
- C:\Windows\System\eZfdFHn.exe
  C:\Windows\System\eZfdFHn.exe
  2⤵
  PID:6960
- C:\Windows\System\ShClaSC.exe
  C:\Windows\System\ShClaSC.exe
  2⤵
  PID:6980
- C:\Windows\System\DWOAIDs.exe
  C:\Windows\System\DWOAIDs.exe
  2⤵
  PID:6996
- C:\Windows\System\EHOEsmv.exe
  C:\Windows\System\EHOEsmv.exe
  2⤵
  PID:7024
- C:\Windows\System\AmdseiK.exe
  C:\Windows\System\AmdseiK.exe
  2⤵
  PID:7044
- C:\Windows\System\FzyjQjM.exe
  C:\Windows\System\FzyjQjM.exe
  2⤵
  PID:7060
- C:\Windows\System\AbpFZxS.exe
  C:\Windows\System\AbpFZxS.exe
  2⤵
  PID:7080
- C:\Windows\System\UaHkkWk.exe
  C:\Windows\System\UaHkkWk.exe
  2⤵
  PID:7132
- C:\Windows\System\nkIgqrV.exe
  C:\Windows\System\nkIgqrV.exe
  2⤵
  PID:4316
- C:\Windows\System\GJljGTo.exe
  C:\Windows\System\GJljGTo.exe
  2⤵
  PID:6184
- C:\Windows\System\HIKDppU.exe
  C:\Windows\System\HIKDppU.exe
  2⤵
  PID:6232
- C:\Windows\System\CiSkiTd.exe
  C:\Windows\System\CiSkiTd.exe
  2⤵
  PID:6268
- C:\Windows\System\sPTIpSu.exe
  C:\Windows\System\sPTIpSu.exe
  2⤵
  PID:6376
- C:\Windows\System\DbrOmrt.exe
  C:\Windows\System\DbrOmrt.exe
  2⤵
  PID:6412
- C:\Windows\System\FFLhKgL.exe
  C:\Windows\System\FFLhKgL.exe
  2⤵
  PID:6436
- C:\Windows\System\WQFaIMe.exe
  C:\Windows\System\WQFaIMe.exe
  2⤵
  PID:6500
- C:\Windows\System\fTBoTDf.exe
  C:\Windows\System\fTBoTDf.exe
  2⤵
  PID:6548
- C:\Windows\System\EhBqSnK.exe
  C:\Windows\System\EhBqSnK.exe
  2⤵
  PID:6632
- C:\Windows\System\DpsTHEH.exe
  C:\Windows\System\DpsTHEH.exe
  2⤵
  PID:6680
- C:\Windows\System\JfTSzlJ.exe
  C:\Windows\System\JfTSzlJ.exe
  2⤵
  PID:6816
- C:\Windows\System\bhDMzfx.exe
  C:\Windows\System\bhDMzfx.exe
  2⤵
  PID:6760
- C:\Windows\System\IcBMjgz.exe
  C:\Windows\System\IcBMjgz.exe
  2⤵
  PID:6956
- C:\Windows\System\zzNhleD.exe
  C:\Windows\System\zzNhleD.exe
  2⤵
  PID:6988
- C:\Windows\System\TMDcMev.exe
  C:\Windows\System\TMDcMev.exe
  2⤵
  PID:1120
- C:\Windows\System\oPSlSpr.exe
  C:\Windows\System\oPSlSpr.exe
  2⤵
  PID:7116
- C:\Windows\System\uomhdRd.exe
  C:\Windows\System\uomhdRd.exe
  2⤵
  PID:7128
- C:\Windows\System\WrxpMom.exe
  C:\Windows\System\WrxpMom.exe
  2⤵
  PID:6328
- C:\Windows\System\qzqjJiG.exe
  C:\Windows\System\qzqjJiG.exe
  2⤵
  PID:6356
- C:\Windows\System\MALcNoM.exe
  C:\Windows\System\MALcNoM.exe
  2⤵
  PID:6676
- C:\Windows\System\GXZvaWz.exe
  C:\Windows\System\GXZvaWz.exe
  2⤵
  PID:6864
- C:\Windows\System\QyBZqmg.exe
  C:\Windows\System\QyBZqmg.exe
  2⤵
  PID:7052
- C:\Windows\System\kQPrmOo.exe
  C:\Windows\System\kQPrmOo.exe
  2⤵
  PID:7112
- C:\Windows\System\oTxSiVd.exe
  C:\Windows\System\oTxSiVd.exe
  2⤵
  PID:6156
- C:\Windows\System\cvzlXmL.exe
  C:\Windows\System\cvzlXmL.exe
  2⤵
  PID:6532
- C:\Windows\System\QpkHFMe.exe
  C:\Windows\System\QpkHFMe.exe
  2⤵
  PID:6400
- C:\Windows\System\heMBcBf.exe
  C:\Windows\System\heMBcBf.exe
  2⤵
  PID:7180
- C:\Windows\System\CmannMY.exe
  C:\Windows\System\CmannMY.exe
  2⤵
  PID:7200
- C:\Windows\System\EqXVyrz.exe
  C:\Windows\System\EqXVyrz.exe
  2⤵
  PID:7244
- C:\Windows\System\lsQOgHE.exe
  C:\Windows\System\lsQOgHE.exe
  2⤵
  PID:7288
- C:\Windows\System\CToCFew.exe
  C:\Windows\System\CToCFew.exe
  2⤵
  PID:7316
- C:\Windows\System\GZThfjl.exe
  C:\Windows\System\GZThfjl.exe
  2⤵
  PID:7364
- C:\Windows\System\gohVNjo.exe
  C:\Windows\System\gohVNjo.exe
  2⤵
  PID:7384
- C:\Windows\System\dCzqTcC.exe
  C:\Windows\System\dCzqTcC.exe
  2⤵
  PID:7408
- C:\Windows\System\AeRcgZu.exe
  C:\Windows\System\AeRcgZu.exe
  2⤵
  PID:7428
- C:\Windows\System\JRJQLIF.exe
  C:\Windows\System\JRJQLIF.exe
  2⤵
  PID:7448
- C:\Windows\System\zFNOrpS.exe
  C:\Windows\System\zFNOrpS.exe
  2⤵
  PID:7472
- C:\Windows\System\gUeQXdc.exe
  C:\Windows\System\gUeQXdc.exe
  2⤵
  PID:7496
- C:\Windows\System\pxjRVkG.exe
  C:\Windows\System\pxjRVkG.exe
  2⤵
  PID:7524
- C:\Windows\System\YZxdyvf.exe
  C:\Windows\System\YZxdyvf.exe
  2⤵
  PID:7556
- C:\Windows\System\CnTBkrE.exe
  C:\Windows\System\CnTBkrE.exe
  2⤵
  PID:7616
- C:\Windows\System\dqiNoWM.exe
  C:\Windows\System\dqiNoWM.exe
  2⤵
  PID:7640
- C:\Windows\System\TaaQBHh.exe
  C:\Windows\System\TaaQBHh.exe
  2⤵
  PID:7664
- C:\Windows\System\yOyvBlB.exe
  C:\Windows\System\yOyvBlB.exe
  2⤵
  PID:7680
- C:\Windows\System\pRAtYRG.exe
  C:\Windows\System\pRAtYRG.exe
  2⤵
  PID:7712
- C:\Windows\System\YYVZAWE.exe
  C:\Windows\System\YYVZAWE.exe
  2⤵
  PID:7732
- C:\Windows\System\UVIRUEB.exe
  C:\Windows\System\UVIRUEB.exe
  2⤵
  PID:7748
- C:\Windows\System\nOVNojK.exe
  C:\Windows\System\nOVNojK.exe
  2⤵
  PID:7772
- C:\Windows\System\NSYsJeR.exe
  C:\Windows\System\NSYsJeR.exe
  2⤵
  PID:7820
- C:\Windows\System\FyaTMvH.exe
  C:\Windows\System\FyaTMvH.exe
  2⤵
  PID:7848
- C:\Windows\System\KDtmXNW.exe
  C:\Windows\System\KDtmXNW.exe
  2⤵
  PID:7872
- C:\Windows\System\xFbxQPj.exe
  C:\Windows\System\xFbxQPj.exe
  2⤵
  PID:7912
- C:\Windows\System\nkrnoKi.exe
  C:\Windows\System\nkrnoKi.exe
  2⤵
  PID:7944
- C:\Windows\System\RoFXLek.exe
  C:\Windows\System\RoFXLek.exe
  2⤵
  PID:7964
- C:\Windows\System\nIboPdM.exe
  C:\Windows\System\nIboPdM.exe
  2⤵
  PID:7988
- C:\Windows\System\CjaKQjU.exe
  C:\Windows\System\CjaKQjU.exe
  2⤵
  PID:8016
- C:\Windows\System\HhcPeBq.exe
  C:\Windows\System\HhcPeBq.exe
  2⤵
  PID:8040
- C:\Windows\System\DaCKsIu.exe
  C:\Windows\System\DaCKsIu.exe
  2⤵
  PID:8056
- C:\Windows\System\AEofKlV.exe
  C:\Windows\System\AEofKlV.exe
  2⤵
  PID:8104
- C:\Windows\System\cFkhxNQ.exe
  C:\Windows\System\cFkhxNQ.exe
  2⤵
  PID:8140
- C:\Windows\System\kfRrynb.exe
  C:\Windows\System\kfRrynb.exe
  2⤵
  PID:8180
- C:\Windows\System\cCTxNXO.exe
  C:\Windows\System\cCTxNXO.exe
  2⤵
  PID:6460
- C:\Windows\System\EzQZfuP.exe
  C:\Windows\System\EzQZfuP.exe
  2⤵
  PID:7196
- C:\Windows\System\wRCMRSu.exe
  C:\Windows\System\wRCMRSu.exe
  2⤵
  PID:7240
- C:\Windows\System\QFOnbKy.exe
  C:\Windows\System\QFOnbKy.exe
  2⤵
  PID:7272
- C:\Windows\System\TXtjhtr.exe
  C:\Windows\System\TXtjhtr.exe
  2⤵
  PID:7360
- C:\Windows\System\vTExWYk.exe
  C:\Windows\System\vTExWYk.exe
  2⤵
  PID:7460
- C:\Windows\System\mqWSqHM.exe
  C:\Windows\System\mqWSqHM.exe
  2⤵
  PID:7552
- C:\Windows\System\atMHmDJ.exe
  C:\Windows\System\atMHmDJ.exe
  2⤵
  PID:7624
- C:\Windows\System\ADvBYsD.exe
  C:\Windows\System\ADvBYsD.exe
  2⤵
  PID:7656
- C:\Windows\System\LsDrOdZ.exe
  C:\Windows\System\LsDrOdZ.exe
  2⤵
  PID:7700
- C:\Windows\System\zWsIGBQ.exe
  C:\Windows\System\zWsIGBQ.exe
  2⤵
  PID:7740
- C:\Windows\System\MyooqyZ.exe
  C:\Windows\System\MyooqyZ.exe
  2⤵
  PID:7844
- C:\Windows\System\awPqSfI.exe
  C:\Windows\System\awPqSfI.exe
  2⤵
  PID:7828
- C:\Windows\System\lVptHXI.exe
  C:\Windows\System\lVptHXI.exe
  2⤵
  PID:7940
- C:\Windows\System\jgUBfPf.exe
  C:\Windows\System\jgUBfPf.exe
  2⤵
  PID:8032
- C:\Windows\System\daBIFEg.exe
  C:\Windows\System\daBIFEg.exe
  2⤵
  PID:8064
- C:\Windows\System\hfAUXPx.exe
  C:\Windows\System\hfAUXPx.exe
  2⤵
  PID:6728
- C:\Windows\System\iDHtLym.exe
  C:\Windows\System\iDHtLym.exe
  2⤵
  PID:7532
- C:\Windows\System\sQBuAaj.exe
  C:\Windows\System\sQBuAaj.exe
  2⤵
  PID:7692
- C:\Windows\System\zCWhqIO.exe
  C:\Windows\System\zCWhqIO.exe
  2⤵
  PID:7632
- C:\Windows\System\pvSwhWM.exe
  C:\Windows\System\pvSwhWM.exe
  2⤵
  PID:7960
- C:\Windows\System\YfKXNed.exe
  C:\Windows\System\YfKXNed.exe
  2⤵
  PID:7904
- C:\Windows\System\heFVuVg.exe
  C:\Windows\System\heFVuVg.exe
  2⤵
  PID:8084
- C:\Windows\System\lQldGUC.exe
  C:\Windows\System\lQldGUC.exe
  2⤵
  PID:8100
- C:\Windows\System\iqMNUDA.exe
  C:\Windows\System\iqMNUDA.exe
  2⤵
  PID:7396
- C:\Windows\System\wZzDiSC.exe
  C:\Windows\System\wZzDiSC.exe
  2⤵
  PID:7596
- C:\Windows\System\inwyXZT.exe
  C:\Windows\System\inwyXZT.exe
  2⤵
  PID:8200
- C:\Windows\System\MvGboaK.exe
  C:\Windows\System\MvGboaK.exe
  2⤵
  PID:8228
- C:\Windows\System\IGKeZSM.exe
  C:\Windows\System\IGKeZSM.exe
  2⤵
  PID:8244
- C:\Windows\System\cFMBHGA.exe
  C:\Windows\System\cFMBHGA.exe
  2⤵
  PID:8268
- C:\Windows\System\QxqkeXc.exe
  C:\Windows\System\QxqkeXc.exe
  2⤵
  PID:8300
- C:\Windows\System\ItPQkTg.exe
  C:\Windows\System\ItPQkTg.exe
  2⤵
  PID:8328
- C:\Windows\System\xjCpztZ.exe
  C:\Windows\System\xjCpztZ.exe
  2⤵
  PID:8372
- C:\Windows\System\WWMKRQT.exe
  C:\Windows\System\WWMKRQT.exe
  2⤵
  PID:8392
- C:\Windows\System\iHfFjHG.exe
  C:\Windows\System\iHfFjHG.exe
  2⤵
  PID:8428
- C:\Windows\System\mGOLggL.exe
  C:\Windows\System\mGOLggL.exe
  2⤵
  PID:8456
- C:\Windows\System\HIBeubO.exe
  C:\Windows\System\HIBeubO.exe
  2⤵
  PID:8476
- C:\Windows\System\MpKMCij.exe
  C:\Windows\System\MpKMCij.exe
  2⤵
  PID:8492
- C:\Windows\System\rGvghkG.exe
  C:\Windows\System\rGvghkG.exe
  2⤵
  PID:8508
- C:\Windows\System\XDxAoXJ.exe
  C:\Windows\System\XDxAoXJ.exe
  2⤵
  PID:8564
- C:\Windows\System\AjtywMd.exe
  C:\Windows\System\AjtywMd.exe
  2⤵
  PID:8604
- C:\Windows\System\FcLROCv.exe
  C:\Windows\System\FcLROCv.exe
  2⤵
  PID:8632
- C:\Windows\System\GuIcwiF.exe
  C:\Windows\System\GuIcwiF.exe
  2⤵
  PID:8648
- C:\Windows\System\JDEybCd.exe
  C:\Windows\System\JDEybCd.exe
  2⤵
  PID:8672
- C:\Windows\System\XDLiUnI.exe
  C:\Windows\System\XDLiUnI.exe
  2⤵
  PID:8696
- C:\Windows\System\vhLsBPj.exe
  C:\Windows\System\vhLsBPj.exe
  2⤵
  PID:8716
- C:\Windows\System\Ncpwwxd.exe
  C:\Windows\System\Ncpwwxd.exe
  2⤵
  PID:8764
- C:\Windows\System\TeBddBo.exe
  C:\Windows\System\TeBddBo.exe
  2⤵
  PID:8812
- C:\Windows\System\CfaXGcU.exe
  C:\Windows\System\CfaXGcU.exe
  2⤵
  PID:8840
- C:\Windows\System\rqPMZyw.exe
  C:\Windows\System\rqPMZyw.exe
  2⤵
  PID:8860
- C:\Windows\System\TAznXBS.exe
  C:\Windows\System\TAznXBS.exe
  2⤵
  PID:8880
- C:\Windows\System\KpsOvXr.exe
  C:\Windows\System\KpsOvXr.exe
  2⤵
  PID:8900
- C:\Windows\System\nNbVDJy.exe
  C:\Windows\System\nNbVDJy.exe
  2⤵
  PID:8928
- C:\Windows\System\FvqZPoX.exe
  C:\Windows\System\FvqZPoX.exe
  2⤵
  PID:8948
- C:\Windows\System\PDYpmLU.exe
  C:\Windows\System\PDYpmLU.exe
  2⤵
  PID:8976
- C:\Windows\System\aJtWsmo.exe
  C:\Windows\System\aJtWsmo.exe
  2⤵
  PID:8992
- C:\Windows\System\YGjRrVk.exe
  C:\Windows\System\YGjRrVk.exe
  2⤵
  PID:9016
- C:\Windows\System\KRIDaaQ.exe
  C:\Windows\System\KRIDaaQ.exe
  2⤵
  PID:9036
- C:\Windows\System\jyeWsWk.exe
  C:\Windows\System\jyeWsWk.exe
  2⤵
  PID:9084
- C:\Windows\System\qEJtaaT.exe
  C:\Windows\System\qEJtaaT.exe
  2⤵
  PID:9120
- C:\Windows\System\DLMKllv.exe
  C:\Windows\System\DLMKllv.exe
  2⤵
  PID:9180
- C:\Windows\System\rPOMqbt.exe
  C:\Windows\System\rPOMqbt.exe
  2⤵
  PID:9208
- C:\Windows\System\qERessG.exe
  C:\Windows\System\qERessG.exe
  2⤵
  PID:7440
- C:\Windows\System\OowhvqR.exe
  C:\Windows\System\OowhvqR.exe
  2⤵
  PID:8132
- C:\Windows\System\ywbcnSq.exe
  C:\Windows\System\ywbcnSq.exe
  2⤵
  PID:8196
- C:\Windows\System\pcEnxDD.exe
  C:\Windows\System\pcEnxDD.exe
  2⤵
  PID:8240
- C:\Windows\System\ogchuge.exe
  C:\Windows\System\ogchuge.exe
  2⤵
  PID:8340
- C:\Windows\System\vgDGrSZ.exe
  C:\Windows\System\vgDGrSZ.exe
  2⤵
  PID:8368
- C:\Windows\System\awAiWMM.exe
  C:\Windows\System\awAiWMM.exe
  2⤵
  PID:8384
- C:\Windows\System\owVAMUy.exe
  C:\Windows\System\owVAMUy.exe
  2⤵
  PID:8536
- C:\Windows\System\BxsbqWJ.exe
  C:\Windows\System\BxsbqWJ.exe
  2⤵
  PID:8656
- C:\Windows\System\tIKWbLz.exe
  C:\Windows\System\tIKWbLz.exe
  2⤵
  PID:8712
- C:\Windows\System\FINpOmA.exe
  C:\Windows\System\FINpOmA.exe
  2⤵
  PID:8784
- C:\Windows\System\GTVvCPQ.exe
  C:\Windows\System\GTVvCPQ.exe
  2⤵
  PID:8852
- C:\Windows\System\vRXZGnk.exe
  C:\Windows\System\vRXZGnk.exe
  2⤵
  PID:8832
- C:\Windows\System\iiXtcyE.exe
  C:\Windows\System\iiXtcyE.exe
  2⤵
  PID:9012
- C:\Windows\System\kFyAqlM.exe
  C:\Windows\System\kFyAqlM.exe
  2⤵
  PID:9112
- C:\Windows\System\NZklzBd.exe
  C:\Windows\System\NZklzBd.exe
  2⤵
  PID:9116
- C:\Windows\System\lytzewi.exe
  C:\Windows\System\lytzewi.exe
  2⤵
  PID:9200
- C:\Windows\System\lVCzcwn.exe
  C:\Windows\System\lVCzcwn.exe
  2⤵
  PID:8220
- C:\Windows\System\KWSrMNP.exe
  C:\Windows\System\KWSrMNP.exe
  2⤵
  PID:8264
- C:\Windows\System\vaNvmvV.exe
  C:\Windows\System\vaNvmvV.exe
  2⤵
  PID:8548
- C:\Windows\System\XiZlYhi.exe
  C:\Windows\System\XiZlYhi.exe
  2⤵
  PID:8640
- C:\Windows\System\WbRQCoA.exe
  C:\Windows\System\WbRQCoA.exe
  2⤵
  PID:8660
- C:\Windows\System\VEZBPAd.exe
  C:\Windows\System\VEZBPAd.exe
  2⤵
  PID:8800
- C:\Windows\System\phnkrBr.exe
  C:\Windows\System\phnkrBr.exe
  2⤵
  PID:8964
- C:\Windows\System\HWRfmUp.exe
  C:\Windows\System\HWRfmUp.exe
  2⤵
  PID:9064
- C:\Windows\System\DGJGrmD.exe
  C:\Windows\System\DGJGrmD.exe
  2⤵
  PID:7600
- C:\Windows\System\PMRhKRE.exe
  C:\Windows\System\PMRhKRE.exe
  2⤵
  PID:8688
- C:\Windows\System\OcWCxPI.exe
  C:\Windows\System\OcWCxPI.exe
  2⤵
  PID:8796
- C:\Windows\System\IxVEWPQ.exe
  C:\Windows\System\IxVEWPQ.exe
  2⤵
  PID:9024
- C:\Windows\System\qewNjbh.exe
  C:\Windows\System\qewNjbh.exe
  2⤵
  PID:8448
- C:\Windows\System\zIOXPQI.exe
  C:\Windows\System\zIOXPQI.exe
  2⤵
  PID:9240
- C:\Windows\System\UkhLrpk.exe
  C:\Windows\System\UkhLrpk.exe
  2⤵
  PID:9264
- C:\Windows\System\tjUlwfJ.exe
  C:\Windows\System\tjUlwfJ.exe
  2⤵
  PID:9288
- C:\Windows\System\BMKxfZr.exe
  C:\Windows\System\BMKxfZr.exe
  2⤵
  PID:9308
- C:\Windows\System\ZkwZKto.exe
  C:\Windows\System\ZkwZKto.exe
  2⤵
  PID:9328
- C:\Windows\System\EVzZavL.exe
  C:\Windows\System\EVzZavL.exe
  2⤵
  PID:9356
- C:\Windows\System\eavQZTh.exe
  C:\Windows\System\eavQZTh.exe
  2⤵
  PID:9400
- C:\Windows\System\CjZgemm.exe
  C:\Windows\System\CjZgemm.exe
  2⤵
  PID:9420
- C:\Windows\System\pMwMOmQ.exe
  C:\Windows\System\pMwMOmQ.exe
  2⤵
  PID:9500
- C:\Windows\System\mBVfiCy.exe
  C:\Windows\System\mBVfiCy.exe
  2⤵
  PID:9536
- C:\Windows\System\rGZoIZV.exe
  C:\Windows\System\rGZoIZV.exe
  2⤵
  PID:9552
- C:\Windows\System\erFoiNL.exe
  C:\Windows\System\erFoiNL.exe
  2⤵
  PID:9572
- C:\Windows\System\VGzbboC.exe
  C:\Windows\System\VGzbboC.exe
  2⤵
  PID:9596
- C:\Windows\System\LXxqnJV.exe
  C:\Windows\System\LXxqnJV.exe
  2⤵
  PID:9616
- C:\Windows\System\gkoAjPB.exe
  C:\Windows\System\gkoAjPB.exe
  2⤵
  PID:9632
- C:\Windows\System\VDIvySy.exe
  C:\Windows\System\VDIvySy.exe
  2⤵
  PID:9656
- C:\Windows\System\RERphuj.exe
  C:\Windows\System\RERphuj.exe
  2⤵
  PID:9720
- C:\Windows\System\zKchbSr.exe
  C:\Windows\System\zKchbSr.exe
  2⤵
  PID:9764
- C:\Windows\System\uNHbIXa.exe
  C:\Windows\System\uNHbIXa.exe
  2⤵
  PID:9784
- C:\Windows\System\qYqCCoR.exe
  C:\Windows\System\qYqCCoR.exe
  2⤵
  PID:9812
- C:\Windows\System\JCdajHd.exe
  C:\Windows\System\JCdajHd.exe
  2⤵
  PID:9828
- C:\Windows\System\RPlgBmb.exe
  C:\Windows\System\RPlgBmb.exe
  2⤵
  PID:9848
- C:\Windows\System\CudIniH.exe
  C:\Windows\System\CudIniH.exe
  2⤵
  PID:9872
- C:\Windows\System\pombVul.exe
  C:\Windows\System\pombVul.exe
  2⤵
  PID:9904
- C:\Windows\System\IQqVUKA.exe
  C:\Windows\System\IQqVUKA.exe
  2⤵
  PID:9928
- C:\Windows\System\TrTtnrm.exe
  C:\Windows\System\TrTtnrm.exe
  2⤵
  PID:9948
- C:\Windows\System\CRIgAsx.exe
  C:\Windows\System\CRIgAsx.exe
  2⤵
  PID:9968
- C:\Windows\System\EkrQSdB.exe
  C:\Windows\System\EkrQSdB.exe
  2⤵
  PID:9988
- C:\Windows\System\NGPfmuE.exe
  C:\Windows\System\NGPfmuE.exe
  2⤵
  PID:10008
- C:\Windows\System\bUhziEc.exe
  C:\Windows\System\bUhziEc.exe
  2⤵
  PID:10048
- C:\Windows\System\yubTWQK.exe
  C:\Windows\System\yubTWQK.exe
  2⤵
  PID:10112
- C:\Windows\System\HrkDWvR.exe
  C:\Windows\System\HrkDWvR.exe
  2⤵
  PID:10144
- C:\Windows\System\NuJRkYP.exe
  C:\Windows\System\NuJRkYP.exe
  2⤵
  PID:10172
- C:\Windows\System\inhDzkc.exe
  C:\Windows\System\inhDzkc.exe
  2⤵
  PID:10208
- C:\Windows\System\hmknmNe.exe
  C:\Windows\System\hmknmNe.exe
  2⤵
  PID:9224
- C:\Windows\System\saAlxwm.exe
  C:\Windows\System\saAlxwm.exe
  2⤵
  PID:9296
- C:\Windows\System\mEBsyOT.exe
  C:\Windows\System\mEBsyOT.exe
  2⤵
  PID:9440
- C:\Windows\System\ogmUHlg.exe
  C:\Windows\System\ogmUHlg.exe
  2⤵
  PID:9524
- C:\Windows\System\QAuZQZk.exe
  C:\Windows\System\QAuZQZk.exe
  2⤵
  PID:9680
- C:\Windows\System\vvKKXXh.exe
  C:\Windows\System\vvKKXXh.exe
  2⤵
  PID:9628
- C:\Windows\System\mmXfySk.exe
  C:\Windows\System\mmXfySk.exe
  2⤵
  PID:9748
- C:\Windows\System\lrMJLzr.exe
  C:\Windows\System\lrMJLzr.exe
  2⤵
  PID:9808
- C:\Windows\System\xWdNCGU.exe
  C:\Windows\System\xWdNCGU.exe
  2⤵
  PID:9824
- C:\Windows\System\IEZXrrI.exe
  C:\Windows\System\IEZXrrI.exe
  2⤵
  PID:9868
- C:\Windows\System\oUepUVC.exe
  C:\Windows\System\oUepUVC.exe
  2⤵
  PID:9900
- C:\Windows\System\jNgkjiB.exe
  C:\Windows\System\jNgkjiB.exe
  2⤵
  PID:9956
- C:\Windows\System\rWLxkJG.exe
  C:\Windows\System\rWLxkJG.exe
  2⤵
  PID:10120
- C:\Windows\System\VZUifLU.exe
  C:\Windows\System\VZUifLU.exe
  2⤵
  PID:10236
- C:\Windows\System\WTSotiy.exe
  C:\Windows\System\WTSotiy.exe
  2⤵
  PID:10224
- C:\Windows\System\BaDoqaB.exe
  C:\Windows\System\BaDoqaB.exe
  2⤵
  PID:10188
- C:\Windows\System\VWASJGV.exe
  C:\Windows\System\VWASJGV.exe
  2⤵
  PID:9492
- C:\Windows\System\hWDPUOJ.exe
  C:\Windows\System\hWDPUOJ.exe
  2⤵
  PID:9592
- C:\Windows\System\obCpuxe.exe
  C:\Windows\System\obCpuxe.exe
  2⤵
  PID:9352
- C:\Windows\System\FYCoIlk.exe
  C:\Windows\System\FYCoIlk.exe
  2⤵
  PID:9920
- C:\Windows\System\ykWvpIr.exe
  C:\Windows\System\ykWvpIr.exe
  2⤵
  PID:9708
- C:\Windows\System\KkLkeFD.exe
  C:\Windows\System\KkLkeFD.exe
  2⤵
  PID:9804
- C:\Windows\System\cmzdikJ.exe
  C:\Windows\System\cmzdikJ.exe
  2⤵
  PID:9844
- C:\Windows\System\BwhQfXw.exe
  C:\Windows\System\BwhQfXw.exe
  2⤵
  PID:10088
- C:\Windows\System\zZgxmET.exe
  C:\Windows\System\zZgxmET.exe
  2⤵
  PID:9564
- C:\Windows\System\kqxhlXu.exe
  C:\Windows\System\kqxhlXu.exe
  2⤵
  PID:9560
- C:\Windows\System\tSNlskk.exe
  C:\Windows\System\tSNlskk.exe
  2⤵
  PID:10060
- C:\Windows\System\FDAqYCi.exe
  C:\Windows\System\FDAqYCi.exe
  2⤵
  PID:10168
- C:\Windows\System\uwCtPRg.exe
  C:\Windows\System\uwCtPRg.exe
  2⤵
  PID:10040
- C:\Windows\System\dcFkHpZ.exe
  C:\Windows\System\dcFkHpZ.exe
  2⤵
  PID:10260
- C:\Windows\System\SjOTrlP.exe
  C:\Windows\System\SjOTrlP.exe
  2⤵
  PID:10312
- C:\Windows\System\CIzzxYr.exe
  C:\Windows\System\CIzzxYr.exe
  2⤵
  PID:10352
- C:\Windows\System\DpVampX.exe
  C:\Windows\System\DpVampX.exe
  2⤵
  PID:10388
- C:\Windows\System\lBLUcrx.exe
  C:\Windows\System\lBLUcrx.exe
  2⤵
  PID:10408
- C:\Windows\System\opnlAur.exe
  C:\Windows\System\opnlAur.exe
  2⤵
  PID:10436
- C:\Windows\System\wnJVmwc.exe
  C:\Windows\System\wnJVmwc.exe
  2⤵
  PID:10460
- C:\Windows\System\eycFohX.exe
  C:\Windows\System\eycFohX.exe
  2⤵
  PID:10488
- C:\Windows\System\PPwmDCm.exe
  C:\Windows\System\PPwmDCm.exe
  2⤵
  PID:10508
- C:\Windows\System\CwQXYTm.exe
  C:\Windows\System\CwQXYTm.exe
  2⤵
  PID:10524
- C:\Windows\System\Bmjrgxh.exe
  C:\Windows\System\Bmjrgxh.exe
  2⤵
  PID:10560
- C:\Windows\System\IZxsNjY.exe
  C:\Windows\System\IZxsNjY.exe
  2⤵
  PID:10576
- C:\Windows\System\tvCbGtv.exe
  C:\Windows\System\tvCbGtv.exe
  2⤵
  PID:10596
- C:\Windows\System\xPUVrVY.exe
  C:\Windows\System\xPUVrVY.exe
  2⤵
  PID:10632
- C:\Windows\System\fdeuHgQ.exe
  C:\Windows\System\fdeuHgQ.exe
  2⤵
  PID:10692
- C:\Windows\System\xbQXAIJ.exe
  C:\Windows\System\xbQXAIJ.exe
  2⤵
  PID:10720
- C:\Windows\System\LWKVgwc.exe
  C:\Windows\System\LWKVgwc.exe
  2⤵
  PID:10764
- C:\Windows\System\nuXZwZh.exe
  C:\Windows\System\nuXZwZh.exe
  2⤵
  PID:10780
- C:\Windows\System\PvRlqFy.exe
  C:\Windows\System\PvRlqFy.exe
  2⤵
  PID:10800
- C:\Windows\System\gVYRTZY.exe
  C:\Windows\System\gVYRTZY.exe
  2⤵
  PID:10816
- C:\Windows\System\XHzauPc.exe
  C:\Windows\System\XHzauPc.exe
  2⤵
  PID:10868
- C:\Windows\System\WTaxQre.exe
  C:\Windows\System\WTaxQre.exe
  2⤵
  PID:10896
- C:\Windows\System\MClPJDf.exe
  C:\Windows\System\MClPJDf.exe
  2⤵
  PID:10920
- C:\Windows\System\YtkmmrQ.exe
  C:\Windows\System\YtkmmrQ.exe
  2⤵
  PID:10948
- C:\Windows\System\ieDtrOM.exe
  C:\Windows\System\ieDtrOM.exe
  2⤵
  PID:10968
- C:\Windows\System\RVNwqyd.exe
  C:\Windows\System\RVNwqyd.exe
  2⤵
  PID:10996
- C:\Windows\System\qNJABEA.exe
  C:\Windows\System\qNJABEA.exe
  2⤵
  PID:11024
- C:\Windows\System\LiHUmbD.exe
  C:\Windows\System\LiHUmbD.exe
  2⤵
  PID:11052
- C:\Windows\System\ZsKkFAA.exe
  C:\Windows\System\ZsKkFAA.exe
  2⤵
  PID:11076
- C:\Windows\System\EtOtabJ.exe
  C:\Windows\System\EtOtabJ.exe
  2⤵
  PID:11096
- C:\Windows\System\ZPYPVTR.exe
  C:\Windows\System\ZPYPVTR.exe
  2⤵
  PID:11112
- C:\Windows\System\qvpmBuP.exe
  C:\Windows\System\qvpmBuP.exe
  2⤵
  PID:11136
- C:\Windows\System\FcuWliX.exe
  C:\Windows\System\FcuWliX.exe
  2⤵
  PID:11156
- C:\Windows\System\sKIZwmB.exe
  C:\Windows\System\sKIZwmB.exe
  2⤵
  PID:11208
- C:\Windows\System\csNouQK.exe
  C:\Windows\System\csNouQK.exe
  2⤵
  PID:11224
- C:\Windows\System\yzuYAbt.exe
  C:\Windows\System\yzuYAbt.exe
  2⤵
  PID:11248
- C:\Windows\System\mRBrxNF.exe
  C:\Windows\System\mRBrxNF.exe
  2⤵
  PID:9772
- C:\Windows\System\rNuIwgU.exe
  C:\Windows\System\rNuIwgU.exe
  2⤵
  PID:10324
- C:\Windows\System\EPbmNYR.exe
  C:\Windows\System\EPbmNYR.exe
  2⤵
  PID:10400
- C:\Windows\System\kkdTwRR.exe
  C:\Windows\System\kkdTwRR.exe
  2⤵
  PID:10456
- C:\Windows\System\mgHdaxV.exe
  C:\Windows\System\mgHdaxV.exe
  2⤵
  PID:10572
- C:\Windows\System\oNLWWnW.exe
  C:\Windows\System\oNLWWnW.exe
  2⤵
  PID:10588
- C:\Windows\System\tDjgPiP.exe
  C:\Windows\System\tDjgPiP.exe
  2⤵
  PID:10620
- C:\Windows\System\QXgrmWf.exe
  C:\Windows\System\QXgrmWf.exe
  2⤵
  PID:10740
- C:\Windows\System\rdoSXBg.exe
  C:\Windows\System\rdoSXBg.exe
  2⤵
  PID:10792
- C:\Windows\System\wzuxFIw.exe
  C:\Windows\System\wzuxFIw.exe
  2⤵
  PID:10876
- C:\Windows\System\eaLxPnq.exe
  C:\Windows\System\eaLxPnq.exe
  2⤵
  PID:10892
- C:\Windows\System\ifPHgFu.exe
  C:\Windows\System\ifPHgFu.exe
  2⤵
  PID:10936
- C:\Windows\System\FcYYJtY.exe
  C:\Windows\System\FcYYJtY.exe
  2⤵
  PID:3224
- C:\Windows\System\kCLOcmz.exe
  C:\Windows\System\kCLOcmz.exe
  2⤵
  PID:11068
- C:\Windows\System\JJDsWKw.exe
  C:\Windows\System\JJDsWKw.exe
  2⤵
  PID:11108
- C:\Windows\System\SyuosBZ.exe
  C:\Windows\System\SyuosBZ.exe
  2⤵
  PID:1404
- C:\Windows\System\ZXRGLUS.exe
  C:\Windows\System\ZXRGLUS.exe
  2⤵
  PID:11196
- C:\Windows\System\jQhUryZ.exe
  C:\Windows\System\jQhUryZ.exe
  2⤵
  PID:11244
- C:\Windows\System\ZhmKFYl.exe
  C:\Windows\System\ZhmKFYl.exe
  2⤵
  PID:10404
- C:\Windows\System\NpfqVuH.exe
  C:\Windows\System\NpfqVuH.exe
  2⤵
  PID:10516
- C:\Windows\System\TrzTVQm.exe
  C:\Windows\System\TrzTVQm.exe
  2⤵
  PID:10772
- C:\Windows\System\HhnWsAj.exe
  C:\Windows\System\HhnWsAj.exe
  2⤵
  PID:10736
- C:\Windows\System\RAbuIQv.exe
  C:\Windows\System\RAbuIQv.exe
  2⤵
  PID:11088
- C:\Windows\System\ZcaDRNV.exe
  C:\Windows\System\ZcaDRNV.exe
  2⤵
  PID:11256
- C:\Windows\System\iSSRdXh.exe
  C:\Windows\System\iSSRdXh.exe
  2⤵
  PID:10380
- C:\Windows\System\obzxpoK.exe
  C:\Windows\System\obzxpoK.exe
  2⤵
  PID:10796
- C:\Windows\System\qJkCDaR.exe
  C:\Windows\System\qJkCDaR.exe
  2⤵
  PID:10988
- C:\Windows\System\DocHhSb.exe
  C:\Windows\System\DocHhSb.exe
  2⤵
  PID:11072
- C:\Windows\System\TloqGli.exe
  C:\Windows\System\TloqGli.exe
  2⤵
  PID:1136
- C:\Windows\System\AzzEYVN.exe
  C:\Windows\System\AzzEYVN.exe
  2⤵
  PID:10888
- C:\Windows\System\daxuNuE.exe
  C:\Windows\System\daxuNuE.exe
  2⤵
  PID:11312
- C:\Windows\System\SGYcgnB.exe
  C:\Windows\System\SGYcgnB.exe
  2⤵
  PID:11332
- C:\Windows\System\gnUGbDR.exe
  C:\Windows\System\gnUGbDR.exe
  2⤵
  PID:11348
- C:\Windows\System\jsmlaoq.exe
  C:\Windows\System\jsmlaoq.exe
  2⤵
  PID:11368
- C:\Windows\System\BrFwJaK.exe
  C:\Windows\System\BrFwJaK.exe
  2⤵
  PID:11404
- C:\Windows\System\OXascjD.exe
  C:\Windows\System\OXascjD.exe
  2⤵
  PID:11428
- C:\Windows\System\aqtcFnW.exe
  C:\Windows\System\aqtcFnW.exe
  2⤵
  PID:11452
- C:\Windows\System\CKxNQgN.exe
  C:\Windows\System\CKxNQgN.exe
  2⤵
  PID:11468
- C:\Windows\System\PpPRQqp.exe
  C:\Windows\System\PpPRQqp.exe
  2⤵
  PID:11504
- C:\Windows\System\LUbkXHP.exe
  C:\Windows\System\LUbkXHP.exe
  2⤵
  PID:11528
- C:\Windows\System\nRfHTNO.exe
  C:\Windows\System\nRfHTNO.exe
  2⤵
  PID:11552
- C:\Windows\System\RQzUSjK.exe
  C:\Windows\System\RQzUSjK.exe
  2⤵
  PID:11592
- C:\Windows\System\UiKjfqj.exe
  C:\Windows\System\UiKjfqj.exe
  2⤵
  PID:11648
- C:\Windows\System\GDRQjoz.exe
  C:\Windows\System\GDRQjoz.exe
  2⤵
  PID:11672
- C:\Windows\System\DsPSamH.exe
  C:\Windows\System\DsPSamH.exe
  2⤵
  PID:11696
- C:\Windows\System\sWSMRqN.exe
  C:\Windows\System\sWSMRqN.exe
  2⤵
  PID:11724
- C:\Windows\System\eqovXSo.exe
  C:\Windows\System\eqovXSo.exe
  2⤵
  PID:11740
- C:\Windows\System\YtDTFdS.exe
  C:\Windows\System\YtDTFdS.exe
  2⤵
  PID:11760
- C:\Windows\System\lHdwLYP.exe
  C:\Windows\System\lHdwLYP.exe
  2⤵
  PID:11788
- C:\Windows\System\svigJUk.exe
  C:\Windows\System\svigJUk.exe
  2⤵
  PID:12028
- C:\Windows\System\FoMjpNk.exe
  C:\Windows\System\FoMjpNk.exe
  2⤵
  PID:12056
- C:\Windows\System\rikHGqT.exe
  C:\Windows\System\rikHGqT.exe
  2⤵
  PID:12088
- C:\Windows\System\hTDXcPw.exe
  C:\Windows\System\hTDXcPw.exe
  2⤵
  PID:12108
- C:\Windows\System\drRMCeV.exe
  C:\Windows\System\drRMCeV.exe
  2⤵
  PID:12124
- C:\Windows\System\MTPtRRY.exe
  C:\Windows\System\MTPtRRY.exe
  2⤵
  PID:12152
- C:\Windows\System\liMNvvC.exe
  C:\Windows\System\liMNvvC.exe
  2⤵
  PID:12168
- C:\Windows\System\ClOOGlV.exe
  C:\Windows\System\ClOOGlV.exe
  2⤵
  PID:12256
- C:\Windows\System\oEAXhuv.exe
  C:\Windows\System\oEAXhuv.exe
  2⤵
  PID:12272
- C:\Windows\System\EwdPQfi.exe
  C:\Windows\System\EwdPQfi.exe
  2⤵
  PID:10760
- C:\Windows\System\RWTkWff.exe
  C:\Windows\System\RWTkWff.exe
  2⤵
  PID:11328
- C:\Windows\System\NxzUIOG.exe
  C:\Windows\System\NxzUIOG.exe
  2⤵
  PID:11388
- C:\Windows\System\evnPCoi.exe
  C:\Windows\System\evnPCoi.exe
  2⤵
  PID:11420
- C:\Windows\System\HiRDisn.exe
  C:\Windows\System\HiRDisn.exe
  2⤵
  PID:11464
- C:\Windows\System\MgfZuem.exe
  C:\Windows\System\MgfZuem.exe
  2⤵
  PID:11568
- C:\Windows\System\bOjYSdG.exe
  C:\Windows\System\bOjYSdG.exe
  2⤵
  PID:11608
- C:\Windows\System\eouQVCy.exe
  C:\Windows\System\eouQVCy.exe
  2⤵
  PID:11644
- C:\Windows\System\ayngLcr.exe
  C:\Windows\System\ayngLcr.exe
  2⤵
  PID:11692
- C:\Windows\System\jeNfRAR.exe
  C:\Windows\System\jeNfRAR.exe
  2⤵
  PID:11756
- C:\Windows\System\yhrhCQt.exe
  C:\Windows\System\yhrhCQt.exe
  2⤵
  PID:11864
- C:\Windows\System\TOcLZjL.exe
  C:\Windows\System\TOcLZjL.exe
  2⤵
  PID:12036
- C:\Windows\System\tQPyCHB.exe
  C:\Windows\System\tQPyCHB.exe
  2⤵
  PID:11932
- C:\Windows\System\vzuhJID.exe
  C:\Windows\System\vzuhJID.exe
  2⤵
  PID:12096
- C:\Windows\System\hznsuCO.exe
  C:\Windows\System\hznsuCO.exe
  2⤵
  PID:12136
- C:\Windows\System\huhBuxb.exe
  C:\Windows\System\huhBuxb.exe
  2⤵
  PID:12160
- C:\Windows\System\mHUiulz.exe
  C:\Windows\System\mHUiulz.exe
  2⤵
  PID:12224
- C:\Windows\System\xKsTFQS.exe
  C:\Windows\System\xKsTFQS.exe
  2⤵
  PID:4364
- C:\Windows\System\gxGJvoh.exe
  C:\Windows\System\gxGJvoh.exe
  2⤵
  PID:12000
- C:\Windows\System\NOsOCxD.exe
  C:\Windows\System\NOsOCxD.exe
  2⤵
  PID:12020
- C:\Windows\System\EwbfQpd.exe
  C:\Windows\System\EwbfQpd.exe
  2⤵
  PID:3668
- C:\Windows\System\FZSCOFW.exe
  C:\Windows\System\FZSCOFW.exe
  2⤵
  PID:3412
- C:\Windows\System\QKYXqdi.exe
  C:\Windows\System\QKYXqdi.exe
  2⤵
  PID:2024
- C:\Windows\System\wgmTDjZ.exe
  C:\Windows\System\wgmTDjZ.exe
  2⤵
  PID:4152
- C:\Windows\System\WlwTzVV.exe
  C:\Windows\System\WlwTzVV.exe
  2⤵
  PID:11480
- C:\Windows\System\XOBAFXV.exe
  C:\Windows\System\XOBAFXV.exe
  2⤵
  PID:11524
- C:\Windows\System\fFSnozq.exe
  C:\Windows\System\fFSnozq.exe
  2⤵
  PID:11664
- C:\Windows\System\JqzCynb.exe
  C:\Windows\System\JqzCynb.exe
  2⤵
  PID:10756
- C:\Windows\System\FhOCmIY.exe
  C:\Windows\System\FhOCmIY.exe
  2⤵
  PID:11784
- C:\Windows\System\QuPJMHI.exe
  C:\Windows\System\QuPJMHI.exe
  2⤵
  PID:11900
- C:\Windows\System\bUEAnem.exe
  C:\Windows\System\bUEAnem.exe
  2⤵
  PID:11940
- C:\Windows\System\dXBZiJM.exe
  C:\Windows\System\dXBZiJM.exe
  2⤵
  PID:11896
- C:\Windows\System\gvnSyLB.exe
  C:\Windows\System\gvnSyLB.exe
  2⤵
  PID:1300
- C:\Windows\System\EtawxTz.exe
  C:\Windows\System\EtawxTz.exe
  2⤵
  PID:11444
- C:\Windows\System\NVOdJpb.exe
  C:\Windows\System\NVOdJpb.exe
  2⤵
  PID:11536
- C:\Windows\System\KEgsrQh.exe
  C:\Windows\System\KEgsrQh.exe
  2⤵
  PID:11416
- C:\Windows\System\jcXmCKP.exe
  C:\Windows\System\jcXmCKP.exe
  2⤵
  PID:11992
- C:\Windows\System\MZKRxPQ.exe
  C:\Windows\System\MZKRxPQ.exe
  2⤵
  PID:11004
- C:\Windows\System\nmKdHLU.exe
  C:\Windows\System\nmKdHLU.exe
  2⤵
  PID:11736
- C:\Windows\System\RjvxXnD.exe
  C:\Windows\System\RjvxXnD.exe
  2⤵
  PID:12328
- C:\Windows\System\ILYgVoE.exe
  C:\Windows\System\ILYgVoE.exe
  2⤵
  PID:12356
- C:\Windows\System\VSQxKwG.exe
  C:\Windows\System\VSQxKwG.exe
  2⤵
  PID:12384
- C:\Windows\System\LxkqJNz.exe
  C:\Windows\System\LxkqJNz.exe
  2⤵
  PID:12408
- C:\Windows\System\CpOFdPk.exe
  C:\Windows\System\CpOFdPk.exe
  2⤵
  PID:12436
- C:\Windows\System\IEbNBgR.exe
  C:\Windows\System\IEbNBgR.exe
  2⤵
  PID:12468
- C:\Windows\System\YpEosjb.exe
  C:\Windows\System\YpEosjb.exe
  2⤵
  PID:12488
- C:\Windows\System\ZIdlzgU.exe
  C:\Windows\System\ZIdlzgU.exe
  2⤵
  PID:12540
- C:\Windows\System\kMomRnF.exe
  C:\Windows\System\kMomRnF.exe
  2⤵
  PID:12564
- C:\Windows\System\vOZoGsb.exe
  C:\Windows\System\vOZoGsb.exe
  2⤵
  PID:12584
- C:\Windows\System\fgyfDrz.exe
  C:\Windows\System\fgyfDrz.exe
  2⤵
  PID:12604
- C:\Windows\System\ItrIAym.exe
  C:\Windows\System\ItrIAym.exe
  2⤵
  PID:12628
- C:\Windows\System\tOBxDPc.exe
  C:\Windows\System\tOBxDPc.exe
  2⤵
  PID:12652
- C:\Windows\System\NOaHVrN.exe
  C:\Windows\System\NOaHVrN.exe
  2⤵
  PID:12704
- C:\Windows\System\qQItbyl.exe
  C:\Windows\System\qQItbyl.exe
  2⤵
  PID:12732
- C:\Windows\System\WowYBln.exe
  C:\Windows\System\WowYBln.exe
  2⤵
  PID:12760
- C:\Windows\System\MvpDdTe.exe
  C:\Windows\System\MvpDdTe.exe
  2⤵
  PID:12780
- C:\Windows\System\HaiTkYV.exe
  C:\Windows\System\HaiTkYV.exe
  2⤵
  PID:12820
- C:\Windows\System\dIUhrtx.exe
  C:\Windows\System\dIUhrtx.exe
  2⤵
  PID:12844
- C:\Windows\System\xXVJhBw.exe
  C:\Windows\System\xXVJhBw.exe
  2⤵
  PID:12872
- C:\Windows\System\VWZjcYj.exe
  C:\Windows\System\VWZjcYj.exe
  2⤵
  PID:12896
- C:\Windows\System\xjTITdj.exe
  C:\Windows\System\xjTITdj.exe
  2⤵
  PID:12932
- C:\Windows\System\ByDFwzJ.exe
  C:\Windows\System\ByDFwzJ.exe
  2⤵
  PID:12956
- C:\Windows\System\LfOuJuS.exe
  C:\Windows\System\LfOuJuS.exe
  2⤵
  PID:12988
- C:\Windows\System\OmhlTxF.exe
  C:\Windows\System\OmhlTxF.exe
  2⤵
  PID:13012
- C:\Windows\System\htRLuZp.exe
  C:\Windows\System\htRLuZp.exe
  2⤵
  PID:13032
- C:\Windows\System\PdpnNyF.exe
  C:\Windows\System\PdpnNyF.exe
  2⤵
  PID:13048
- C:\Windows\System\TNSLvXC.exe
  C:\Windows\System\TNSLvXC.exe
  2⤵
  PID:13064
- C:\Windows\System\ghKguYm.exe
  C:\Windows\System\ghKguYm.exe
  2⤵
  PID:13080
- C:\Windows\System\YRWFsyq.exe
  C:\Windows\System\YRWFsyq.exe
  2⤵
  PID:13096
- C:\Windows\System\XPLIcFZ.exe
  C:\Windows\System\XPLIcFZ.exe
  2⤵
  PID:12520
- C:\Windows\System\pAIzPZf.exe
  C:\Windows\System\pAIzPZf.exe
  2⤵
  PID:12600
- C:\Windows\System\gMJgIVW.exe
  C:\Windows\System\gMJgIVW.exe
  2⤵
  PID:12660
- C:\Windows\System\xWBkEhb.exe
  C:\Windows\System\xWBkEhb.exe
  2⤵
  PID:12700
- C:\Windows\System\EPPVrzC.exe
  C:\Windows\System\EPPVrzC.exe
  2⤵
  PID:12776
- C:\Windows\System\CVaSFiP.exe
  C:\Windows\System\CVaSFiP.exe
  2⤵
  PID:12800
- C:\Windows\System\MoFsEVV.exe
  C:\Windows\System\MoFsEVV.exe
  2⤵
  PID:12840
- C:\Windows\System\eKaHFYY.exe
  C:\Windows\System\eKaHFYY.exe
  2⤵
  PID:12980
- C:\Windows\System\KnFooDc.exe
  C:\Windows\System\KnFooDc.exe
  2⤵
  PID:13000
- C:\Windows\System\gVoRtDU.exe
  C:\Windows\System\gVoRtDU.exe
  2⤵
  PID:13108
- C:\Windows\System\MrvRNJx.exe
  C:\Windows\System\MrvRNJx.exe
  2⤵
  PID:13092
- C:\Windows\System\lfoVUzj.exe
  C:\Windows\System\lfoVUzj.exe
  2⤵
  PID:13200
- C:\Windows\System\uZUbdrA.exe
  C:\Windows\System\uZUbdrA.exe
  2⤵
  PID:13152
- C:\Windows\System\lMHGhFS.exe
  C:\Windows\System\lMHGhFS.exe
  2⤵
  PID:13264
- C:\Windows\System\cSWvYFi.exe
  C:\Windows\System\cSWvYFi.exe
  2⤵
  PID:13304
- C:\Windows\System\nRiApmp.exe
  C:\Windows\System\nRiApmp.exe
  2⤵
  PID:13308
- C:\Windows\System\CTCDpXj.exe
  C:\Windows\System\CTCDpXj.exe
  2⤵
  PID:4976
- C:\Windows\System\qKsRSgR.exe
  C:\Windows\System\qKsRSgR.exe
  2⤵
  PID:13276
- C:\Windows\System\rurQXXL.exe
  C:\Windows\System\rurQXXL.exe
  2⤵
  PID:12352
- C:\Windows\System\wpIrYtW.exe
  C:\Windows\System\wpIrYtW.exe
  2⤵
  PID:12816
- C:\Windows\System\tcokzhh.exe
  C:\Windows\System\tcokzhh.exe
  2⤵
  PID:13296
- C:\Windows\System\sOWvPIY.exe
  C:\Windows\System\sOWvPIY.exe
  2⤵
  PID:12348
- C:\Windows\System\cGGFyhh.exe
  C:\Windows\System\cGGFyhh.exe
  2⤵
  PID:12372
- C:\Windows\System\pHOwNba.exe
  C:\Windows\System\pHOwNba.exe
  2⤵
  PID:4428
- C:\Windows\System\IZXqJvZ.exe
  C:\Windows\System\IZXqJvZ.exe
  2⤵
  PID:12464
- C:\Windows\System\PnzleQC.exe
  C:\Windows\System\PnzleQC.exe
  2⤵
  PID:13148
- C:\Windows\System\gsDBZgj.exe
  C:\Windows\System\gsDBZgj.exe
  2⤵
  PID:1968
- C:\Windows\System\kYpkafU.exe
  C:\Windows\System\kYpkafU.exe
  2⤵
  PID:13040
- C:\Windows\System\rHkEQwM.exe
  C:\Windows\System\rHkEQwM.exe
  2⤵
  PID:13176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hmred4ii.o3c.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwcDUJa.exe

Filesize
1.6MB

MD5
6ada2e0f2511f2dc2016bf72b233431c

SHA1
26310d5da7a1269bd14b80a58bb5cf26437f76e0

SHA256
e9241d313be4e309e756f713838c828816d0e2e7243269294c3be4cd54725503

SHA512
5eba64494998812871b3bd53da85660028d2ae87f948d6791d559c070b550019631523c81655bd6130aad06378302e2e7cb19d94dbcda5f9b2c1dcd65fb54056

Download Submit
C:\Windows\System\BzsPJBX.exe

Filesize
1.6MB

MD5
f400a98456b0d3dba43286ee0906a887

SHA1
b198219cc694b353db10d92c67f7d8e1b6d6f067

SHA256
429a145efcb8fad26fd92f20ad488056aaa526fb0a94e00ea38393ef4c30a3e2

SHA512
905efcd5c7c0e44141b7c9653e0dfc32b59a11588b7f8ceddc38d95e5dd1591ee4d3f97e165f6786bb72ba99e305c7721d03ab5a1fd13617169ca75601afa687

Download Submit
C:\Windows\System\CHETEns.exe

Filesize
1.6MB

MD5
2f6454df58dab1a427f18cd864ee250b

SHA1
bc66ccdacdb6be3443ccaa54d8a5a72f9b1261ff

SHA256
1739d9a036334c3dccf96fc3af664dce3d461347b7ebc97912c0492e7a4e7807

SHA512
ad7fe60d3fd2949609f6e7108d2df11b690c03b56520de80ae8718e3124e9f8774bc7cd7783fd97936432101b0ea386d2b5f881bf7e99a924d3af4266edcc7d5

Download Submit
C:\Windows\System\DIKMtDk.exe

Filesize
8B

MD5
b49dcae1cb96a3961bbf3c7e828df3fc

SHA1
b6a61e8c14e4eaf8b86e1ea01b6213f2fe71eba3

SHA256
ea62c63c15dc9c111185b4dfe1e678759a0ea400fad5cadef7f3ecb24644fb80

SHA512
ca189f04e3a1079d2fb9606dc8c0e14d6269ca702291fc9b4ae3cfed4073ce466059a13aac0ac63eaadf01c9989841066970ab8a6f072b15a264bb27a0942d96

Download Submit
C:\Windows\System\FlsVwPX.exe

Filesize
1.6MB

MD5
5510d8da223d484377a68ea25411f25e

SHA1
bca2ba5bbac62bf356f3a4c442aab754b0519764

SHA256
d14be0928905b2e948ef07b8dbedfc3f128800f56ce98c3e15cae3435d05b512

SHA512
299c48363a9fc7fa967fc4ae29f2c88e57a8cbe6c0d009e018318fcaf918dd76105aca7ad464ad58b586c5fc8519aa1aadd1c7ec07adfe0e40da01ed8c2cd5af

Download Submit
C:\Windows\System\GPtApdm.exe

Filesize
1.6MB

MD5
a062d03d56ad17f992a0091574d9c9a1

SHA1
84f889903b24336033158fe42d9615ed6bec1ea1

SHA256
e409208e1e599fe28cfa61d81fa0b26dabed5ef897331df381d943c996363af7

SHA512
d1d18dc722825cd057ad52cbb164b49405308a1dfcf5408c2f017c36deab63b6a846d750b3f31d4c6e3b251529c9cde86354f06dbb9517d2a2ccb044890d7492

Download Submit
C:\Windows\System\HAZXotZ.exe

Filesize
1.6MB

MD5
ccee26538b78b38d488ac6259b47edcd

SHA1
9c0d4dd551f1bf48be5dd843369230662a6a29dd

SHA256
3a4dbe6868f80553afc6731bbf2ed04646905317e66ac1e60dd3f7ed656c1bcf

SHA512
fec4b04f2e98d9f4c8185f3904df5af3ad0382fa4c32e7c974bafddb5848e6120132b62b91925ad0d7e2ab22fd2524ab25999fc65544e640c35336d4f24a7b6d

Download Submit
C:\Windows\System\HPZKAhR.exe

Filesize
1.6MB

MD5
36b0ae43667064081fd5163ab7eeb11c

SHA1
db9ceac2b272c8f9a3431409c95fac084b3a2d21

SHA256
9f02794aca5f9f74cbea2a4b422120ea4da1734ef73bc2f57c540ed40d084009

SHA512
79f568b672a59f5699f729008d1302e501f9d830970348199ca547ece3a5716897437654bb1ca1e343d1e068fec2dea9f4c24564dec7dcb5b12d8e1771a74773

Download Submit
C:\Windows\System\HVkExYV.exe

Filesize
1.6MB

MD5
7474fb3d01ff34a4f5a548bab5e7eaec

SHA1
fc5212920b82ccf1fa8e36d4983054b6726cf67c

SHA256
083d2db17d729a832f47172adbe4dc21e7e24f66ed51cea570855ae3035b309e

SHA512
b799d43943c7357a0b4639d7b94e56a63c67c6df00e3e075f34c9ae4a529ccc960efdf5f2641eb099c91808dd6a704e1c00dc4559d2057f5e2dfd7876e80ada4

Download Submit
C:\Windows\System\MjbiWhZ.exe

Filesize
1.6MB

MD5
51004367f496b55b95ce9abcbc4d5f42

SHA1
c308f66716089711b9ef2263dc30f0cc8c400621

SHA256
73eb05f5164547a669bd8159b7299b4032e6cb8888ac91b100b2afcd9fac0b39

SHA512
c80c292e493f6cb70e7e7f0fa6f1a41c2ca17a516a55d82b7ddadfcb880f05198cedc114159308bc2600b5c7e78060e5cd0db5bf81281a6418f57cc865f12044

Download Submit
C:\Windows\System\ShjuDxb.exe

Filesize
1.6MB

MD5
697b8bdb173b51a30a536db2913b0932

SHA1
3dc4d013d69430645655139c5ddecee66dc74a78

SHA256
b8dbf0c07949237e8761c07edb8b2f6a5b33893b3f80fe330437849cbb89bf37

SHA512
93c1e2548673595c8af545937fc48e1bf329b6b890c8a0b366a7aa2565edefcbc38c49344023d1e07ced806c2be0f746a646286309847f5680099d4ad635adff

Download Submit
C:\Windows\System\SlzEMTd.exe

Filesize
1.6MB

MD5
db112df6256eeb0003a5cd5b33247497

SHA1
3135870cb5bcdc50e5ac252315cf56efd4456f79

SHA256
918efa5ff7e887592c3b5dd96a933fb4cd0c10b1787b6f479c0cfc3b567ec94b

SHA512
0d349e7d5f039f288a4ef6719206efe512b1eb1fe6a5e192d1b164a04aec5c636e9af17bf0c975c872bdf5768656f33e26e29a0349e015979a73109e6ad0eb87

Download Submit
C:\Windows\System\UPzpmwv.exe

Filesize
1.6MB

MD5
1faf2c55041458ee08264e503e4ff514

SHA1
b51315e6d9525453d610394c33e77f52c348bf61

SHA256
1162c41b4737ffdd84d4c5c3f2165d01fd9aae2e60c011ee287aa064aca6439f

SHA512
5bd32d92b601b2142e7555ff91d02ff1a8630dc280cb0b2b11a15f4ecf44365d4a7e870e94d14107153b8dcec9887e55790540c935cfb47cccbeea7b55980f76

Download Submit
C:\Windows\System\WpBsGmu.exe

Filesize
1.6MB

MD5
749ed20f0afc035d6afc3757b627f934

SHA1
d4204db545eb94f442d33ad00d308720c7359187

SHA256
3a18e767debab0017b526a2267da0967ae7c87083b927b14aaba06f8858c0965

SHA512
ea8ed5cad04260eab37c490c20c3f7140670215787798f0bcb1666626ed6bdad9d74621d96284c0d1ea09fb7912cbeb70c252f2532ebef8cc13ac7c3fe682687

Download Submit
C:\Windows\System\XolIxpu.exe

Filesize
1.6MB

MD5
5cd12ff7b3155c698e71e707790364fd

SHA1
446c905472c9cafbd4d44ef87e04e333b8ede66b

SHA256
2ee12be8ecdfb522c1d18088505d83305636f43dce299ac0e9554c9406648fef

SHA512
3c513ac1dc7b31cd5ffef820242bffcbbd871c3f365838f92258f9eda4d1ca1d42bfdd609bc0fcaaf25e6d2d4be1e598f771aec6e94715f4b91d271f1915fe2f

Download Submit
C:\Windows\System\YQRjJra.exe

Filesize
1.6MB

MD5
bd240fb918f8de8c968f0c4b508a0d2e

SHA1
9696edc496ffd17f0c0abd45eb9d74011fb96b4e

SHA256
b45eefbbe16ba860a3861383f6976c6778073b5bf1a334cf3b75f8a981a9c282

SHA512
7df90b221f86705e1dd58cd003a37f926bbc83d4c12f6451d7e0a6c877621d380bd514201e6c3c38a6c0292c677c55f006e42d39d4c28d741a7568cde7dcf605

Download Submit
C:\Windows\System\cTByqBh.exe

Filesize
1.6MB

MD5
9f8e0de818a4112e4e9d022f68c541f6

SHA1
297e7ddddeb575eea0c39cb5ab66873c440932b6

SHA256
a972072f3c97b8ebe10ab44f191b7b97b54bda92aa61730e5f55ae11cb80dd81

SHA512
14afa56764d231a9f4e435cee9ca990a9393fa10d039bd5f0185e45e19266fe17f512fed481bd7a1bdb94bc7de5a1319d13786ca81465e2b29cf05fb4a0f3cb5

Download Submit
C:\Windows\System\ckbWFrW.exe

Filesize
1.6MB

MD5
6eda525a8f2e5c7a01323e450b6e35e9

SHA1
5bb33fb00579384ed822640de6e07fd0933e1453

SHA256
78cf9aae68574fe4494de02f6b85c23a133ade14a7e82981c5a13f69c36622bb

SHA512
cea16e6dd232d49d611369b93a378caa9f7b3bdf0834dcdb3497f8959c3343e853b4f8060118dc92631732957d80e1a56b4dc068de005f42cbff8b3304726ef6

Download Submit
C:\Windows\System\dKhUKRs.exe

Filesize
1.6MB

MD5
6340b139943af954296da6ded5613eb7

SHA1
72131c80fc0831f5db4179b1b6e3ff4cc5aa8fd5

SHA256
3fc412c764bb26879c637dc7433227bfd20bbd7b5d786475b1c5961bcb048ac1

SHA512
2684cc6468e773171209fc096d8343221044ff84deb70f344a3bb4cc05a4f9d8fdade0e1a0159c44f8c021eb2d0b833d06d4f41b1fbe159333e258c18af7aa55

Download Submit
C:\Windows\System\dafPouK.exe

Filesize
1.6MB

MD5
91ba5929b5a71e1454a696c896888a8f

SHA1
e71a8843baf50767c3b34b9d6e11fa84f5a16af4

SHA256
1dabc8f3e56389f59509ec49f416e7a9fcbf40be33b521749891ab14e2ca5f67

SHA512
7aa5ca4c2fe1eb830737862ddf8081b771b51d31f8f8123999ca8f493d87dd478bc185f74af4ddc783e5efceace4eba489afc76653f3ff4b843a6c6ff2a12357

Download Submit
C:\Windows\System\esqZvHk.exe

Filesize
1.6MB

MD5
b30859605faaf64bc35fa34ab6597705

SHA1
6a2c2e751b3a3901a32251ddf8d6c96eaf0c9017

SHA256
ecce4682d25bca4e516b835693069fb4ae893441fa88edaaa0527640a8ad6681

SHA512
a2d0e8d68fa8f4b24dd084e134d3c27548a3d36c65046cb366c8e6eb3f55b28eca3dfdef9ad0d5d755d8224e34201ed6dd9299c602cac5acc1370179cfffa9e3

Download Submit
C:\Windows\System\fILTcuj.exe

Filesize
1.6MB

MD5
c802455693206ffe57c801432c62a887

SHA1
23eefae048898cefa35e7d9b6059a7ab3bb39b67

SHA256
c906b5d0966fdf80d1fc4556ed10b5773944032b73ea51d65592dbed882cf309

SHA512
9ed6f8a0ecc07471ad19133ca74f1055d856b7db35e0b2cf810fad3b7af8e877a32bab26e9860176dbec594ef717a39ae0a5fb095c8398f4346894abe481a103

Download Submit
C:\Windows\System\fjoerah.exe

Filesize
1.6MB

MD5
ffe3bccc10c6e4eeb0ec8bd61864f9ac

SHA1
ed43e02e1b2e757c88204b93f9901a02cdfb0e5a

SHA256
4556b483e48b9e569e2e04b11dad9e310d7d828392cbdc9d5f5bbf6c6f89b92b

SHA512
ab11bf474c50a06b18a41d2856e840cff647fdf91fd4c48ceb7b48ee4f39ad98eb3f41eb5243f1d032fbd7475e1c5f9c0fb6317bd3b13cc8c37e5af2b47f0c2a

Download Submit
C:\Windows\System\fzzhViS.exe

Filesize
1.6MB

MD5
da0f255d30d1ba18ab9f3eed13465d05

SHA1
3a6fad4138e1ac0309d13818eabb149a6d382c1a

SHA256
cf21d027477842a61486898765f9a60261a3469789d5f8dff7bbee3132d957ee

SHA512
fa72b92f6472a9279ad423067a5c12d1e97629aebfa2e0d5bb8faf3a2e86695fed7322c299a3819f8c4321cbaa686e584ff0e3b6e8a674bd36e00c8d7f861f5d

Download Submit
C:\Windows\System\gMjNucs.exe

Filesize
1.6MB

MD5
c07d041cc2cd6e4b3da28746d1aac12f

SHA1
269818ad5b478c22647c221d51d370fc480d1231

SHA256
913746a3b73b988a2402ffa89ed2585dc23b412ae7143b0365830b2c814b142b

SHA512
ebdf0dbbfdd642d645235933dd9c9eb0208d6979d538e138446dda979da8a97cd5a43eae0850105024a1d076c824073cffdf8accfcaca27ea7b7ba9e005ff620

Download Submit
C:\Windows\System\iuVERfq.exe

Filesize
1.6MB

MD5
9bdf29e30edc88119df51495ba72f526

SHA1
cd45c8be4bd82066ff54af0fd0d5e327c4579272

SHA256
bbf71845b1c3223ebec1edbc17f80950610dfbc08f2daa55b37d69260a3facb8

SHA512
0e54d64f46922393ec4cace607387ae7b9a71cbd5a45188c101d8442ae8c633536eb36039a68aab90c94ac25d1f3c99dc9893d0c4c67397f1f26042f091d654f

Download Submit
C:\Windows\System\jLMGHDI.exe

Filesize
1.6MB

MD5
3dd86ba940127042475380ff88b6e615

SHA1
3550209b459cde4437fe26c1a9864a58ef172902

SHA256
96c91c414e62aafd8261635829d9704f331de6facc22cba56c8132bb676bf9d3

SHA512
1642027591dcccd2cbdf3618929bef11d798c7191390d6af76f867aff6344f1a32ff589fc50b9966ace2728aa2600c9369f4540f12050b0b9de57e7d42461223

Download Submit
C:\Windows\System\kZANlDL.exe

Filesize
1.6MB

MD5
ca0610f34796b224206855132ff0bfde

SHA1
541da0c604b0a3204e0bcbff1c025364a249b74d

SHA256
179ec0621b7256c0b944760699708d83e8af579f8e814fbbde1c7dafe8cd03a5

SHA512
a08185924cc89296084d0a9dfefa591cb8af4ffe56c89c0a91c967bc6d0cd898b228e20f770502482b82faf86327337df7f8f18844caaa4d8614eb6659acfe91

Download Submit
C:\Windows\System\pvjGXFw.exe

Filesize
1.6MB

MD5
f75c9968ac68ca6c2e61d55ba59f8613

SHA1
73eac28e19fb88f628563599dad1d3e7bf500439

SHA256
bd140980c293d267be99a66b53c0264a2c629434916ef56ed923e17b6d9dd0b3

SHA512
1d065ded5adefd468079b54b30e329fd0c1d136027b5adb48dc4088d92f2c7021e11f0a8b1aa300a10d4cdf92de90ae021e5693c7bb682685d71515ad5790efc

Download Submit
C:\Windows\System\tNRofka.exe

Filesize
1.6MB

MD5
93f5cc153f88163d6cfc81e219766afb

SHA1
6075c1de32786e9fec29154f41c1ddd9b06abd70

SHA256
af7bbfc326462126d2fba46a85858e93a02798c5a383afb6d791b733cba513e9

SHA512
fb02b7fe5157e00f97d748a179ede8b44e9a4140168e2fa9e2230efa92ce2eb475f9b6659a05676b315826d917070d81e0780a3eb73b3eeea70e9a135ddbd86a

Download Submit
C:\Windows\System\uKZXdTi.exe

Filesize
1.6MB

MD5
40c43dfb746603f7056225fd159482b7

SHA1
37c97e4943e3f51c06447541407d2b0b17ce31a1

SHA256
7c061cf0b2335c78d54e9f674f7da0c40848bf2a0ff049bb16053aabe8372090

SHA512
e015f6796833dec0597bfb228eff5cb3e0fc16b01bdbc253f1891cd88f6797960e9c3b91346dfee895e4d35eb91b01fc56263330b415c7b53d33fab35262ed24

Download Submit
C:\Windows\System\vYZzpdk.exe

Filesize
1.6MB

MD5
3c3ce052c9bb137a8e0dfb47795405d3

SHA1
0ec6a091e25dbbc5c7c3f8f6e3b6ca8d58b268d5

SHA256
26a67727b4b730520cccb29b8deb7cf7ef32925031d7bc85174259e268c8fdfd

SHA512
225d0af86e0efbae602b378409771e3afbf88aa832f1bd94e2cba131612a26328454d287c62a64097d655e0ef1adf93e2ff772014331618ec9be7fe50d67ab41

Download Submit
C:\Windows\System\vrLYPic.exe

Filesize
1.6MB

MD5
566661ebcef995ba0816f8491e94170a

SHA1
d1d1102b8f0bd3c2e1d9fe8c1fd37c2bc6420cc2

SHA256
e6365e696548439703bf45326c5a9ed88f813ba44ff08d76c7426f60e8c6abff

SHA512
fc17ce78bb21983b4747d2d49e61f2c84dcf0a96a01ad28803fe296f02fe3a9444430ddde3e25f1f6fb477471c35ba5cb274f516264f64726624ebd731a066c6

Download Submit
C:\Windows\System\yFIQheg.exe

Filesize
1.6MB

MD5
148febca794274d265d1df1d73e7a263

SHA1
d111188aaed28aef6974ab086851cb87143f075f

SHA256
02b39063f2a509ecde04dbc52ca29b0df3cdc68ae91cf1dd76285053b12629ca

SHA512
53f2be77e0ec1fc89d96c11157ec2336ca9e0eccbd5bf6ee8c559f1b91252db3503222555dc4c124cc43ce6eaf3b7a6d45a05a4977308646bf7245202e157d8c

Download Submit
memory/228-47-0x00007FF626E10000-0x00007FF627202000-memory.dmp

Filesize
3.9MB

Download
memory/368-143-0x00007FF706A30000-0x00007FF706E22000-memory.dmp

Filesize
3.9MB

Download
memory/1060-124-0x00007FF652250000-0x00007FF652642000-memory.dmp

Filesize
3.9MB

Download
memory/1348-90-0x00007FF79F330000-0x00007FF79F722000-memory.dmp

Filesize
3.9MB

Download
memory/1452-38-0x00007FFF62C00000-0x00007FFF636C1000-memory.dmp

Filesize
10.8MB

Download
memory/1452-83-0x000001D269510000-0x000001D269532000-memory.dmp

Filesize
136KB

Download
memory/1452-39-0x000001D269550000-0x000001D269560000-memory.dmp

Filesize
64KB

Download
memory/1452-40-0x000001D269550000-0x000001D269560000-memory.dmp

Filesize
64KB

Download
memory/1560-94-0x00007FF7CE1F0000-0x00007FF7CE5E2000-memory.dmp

Filesize
3.9MB

Download
memory/1960-130-0x00007FF66CB20000-0x00007FF66CF12000-memory.dmp

Filesize
3.9MB

Download
memory/2172-99-0x00007FF7A7980000-0x00007FF7A7D72000-memory.dmp

Filesize
3.9MB

Download
memory/2296-149-0x00007FF757C80000-0x00007FF758072000-memory.dmp

Filesize
3.9MB

Download
memory/2588-76-0x00007FF6441B0000-0x00007FF6445A2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-57-0x00007FF6D3490000-0x00007FF6D3882000-memory.dmp

Filesize
3.9MB

Download
memory/3140-142-0x00007FF6A3830000-0x00007FF6A3C22000-memory.dmp

Filesize
3.9MB

Download
memory/3168-11-0x00007FF7D4490000-0x00007FF7D4882000-memory.dmp

Filesize
3.9MB

Download
memory/3232-70-0x00007FF679000000-0x00007FF6793F2000-memory.dmp

Filesize
3.9MB

Download
memory/3544-95-0x00007FF72C2A0000-0x00007FF72C692000-memory.dmp

Filesize
3.9MB

Download
memory/3672-117-0x00007FF669850000-0x00007FF669C42000-memory.dmp

Filesize
3.9MB

Download
memory/4504-105-0x00007FF718720000-0x00007FF718B12000-memory.dmp

Filesize
3.9MB

Download
memory/4540-0-0x00007FF68F6C0000-0x00007FF68FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/4540-1-0x000001E7CA3B0000-0x000001E7CA3C0000-memory.dmp

Filesize
64KB

Download
memory/4704-118-0x00007FF7E4990000-0x00007FF7E4D82000-memory.dmp

Filesize
3.9MB

Download
memory/4708-136-0x00007FF6C7970000-0x00007FF6C7D62000-memory.dmp

Filesize
3.9MB

Download
memory/4796-111-0x00007FF6AFC00000-0x00007FF6AFFF2000-memory.dmp

Filesize
3.9MB

Download
memory/4896-84-0x00007FF6E5AE0000-0x00007FF6E5ED2000-memory.dmp

Filesize
3.9MB

Download
memory/4896-3382-0x00007FF6E5AE0000-0x00007FF6E5ED2000-memory.dmp

Filesize
3.9MB

Download
memory/5100-77-0x00007FF613380000-0x00007FF613772000-memory.dmp

Filesize
3.9MB

Download