xmrig | 5cda0a6cf40175e70e0d0c97cd014061ed40574381bd9452a5a9e3d354d4033c

Analysis

max time kernel
65s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
Size

2.2MB
MD5

05678c949a84e15eee7752e97212613c
SHA1

265ce928029c4edf62f3615c761891c7629905e8
SHA256

5cda0a6cf40175e70e0d0c97cd014061ed40574381bd9452a5a9e3d354d4033c
SHA512

93fa9795a64e1983563ba21fadf93ef69c66696b1701ee5da1dad90752cd69f8e761a040e14f7f3d66512f2abec12336a9fb07b88899f80c2b44d41308817c00
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrfV:NABw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/2768-134-0x00007FF6DF7D0000-0x00007FF6DFBC2000-memory.dmp	xmrig
behavioral2/memory/2716-143-0x00007FF62B580000-0x00007FF62B972000-memory.dmp	xmrig
behavioral2/memory/4908-173-0x00007FF7013A0000-0x00007FF701792000-memory.dmp	xmrig
behavioral2/memory/2236-179-0x00007FF7C0340000-0x00007FF7C0732000-memory.dmp	xmrig
behavioral2/memory/3936-167-0x00007FF771650000-0x00007FF771A42000-memory.dmp	xmrig
behavioral2/memory/4868-160-0x00007FF66A260000-0x00007FF66A652000-memory.dmp	xmrig
behavioral2/memory/4604-149-0x00007FF7DBBF0000-0x00007FF7DBFE2000-memory.dmp	xmrig
behavioral2/memory/380-139-0x00007FF61DF00000-0x00007FF61E2F2000-memory.dmp	xmrig
behavioral2/memory/3840-135-0x00007FF63CFE0000-0x00007FF63D3D2000-memory.dmp	xmrig
behavioral2/memory/3292-130-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp	xmrig
behavioral2/memory/1520-124-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp	xmrig
behavioral2/memory/4220-117-0x00007FF693790000-0x00007FF693B82000-memory.dmp	xmrig
behavioral2/memory/2324-108-0x00007FF67CB40000-0x00007FF67CF32000-memory.dmp	xmrig
behavioral2/memory/2164-104-0x00007FF61E020000-0x00007FF61E412000-memory.dmp	xmrig
behavioral2/memory/2240-95-0x00007FF7CEB10000-0x00007FF7CEF02000-memory.dmp	xmrig
behavioral2/memory/3856-82-0x00007FF6B3200000-0x00007FF6B35F2000-memory.dmp	xmrig
behavioral2/memory/3184-47-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp	xmrig
behavioral2/memory/1824-2097-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp	xmrig
behavioral2/memory/3172-2099-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp	xmrig
behavioral2/memory/3504-2098-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp	xmrig
behavioral2/memory/2164-2100-0x00007FF61E020000-0x00007FF61E412000-memory.dmp	xmrig
behavioral2/memory/3752-2101-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp	xmrig
behavioral2/memory/1520-2104-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp	xmrig
behavioral2/memory/1824-2111-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp	xmrig
behavioral2/memory/3292-2137-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp	xmrig
behavioral2/memory/3184-2136-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp	xmrig
behavioral2/memory/2768-2148-0x00007FF6DF7D0000-0x00007FF6DFBC2000-memory.dmp	xmrig
behavioral2/memory/3856-2156-0x00007FF6B3200000-0x00007FF6B35F2000-memory.dmp	xmrig
behavioral2/memory/3172-2154-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp	xmrig
behavioral2/memory/2240-2158-0x00007FF7CEB10000-0x00007FF7CEF02000-memory.dmp	xmrig
behavioral2/memory/3504-2150-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp	xmrig
behavioral2/memory/3840-2167-0x00007FF63CFE0000-0x00007FF63D3D2000-memory.dmp	xmrig
behavioral2/memory/380-2176-0x00007FF61DF00000-0x00007FF61E2F2000-memory.dmp	xmrig
behavioral2/memory/3936-2178-0x00007FF771650000-0x00007FF771A42000-memory.dmp	xmrig
behavioral2/memory/2164-2174-0x00007FF61E020000-0x00007FF61E412000-memory.dmp	xmrig
behavioral2/memory/4220-2171-0x00007FF693790000-0x00007FF693B82000-memory.dmp	xmrig
behavioral2/memory/3752-2169-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp	xmrig
behavioral2/memory/2716-2166-0x00007FF62B580000-0x00007FF62B972000-memory.dmp	xmrig
behavioral2/memory/4868-2162-0x00007FF66A260000-0x00007FF66A652000-memory.dmp	xmrig
behavioral2/memory/4604-2173-0x00007FF7DBBF0000-0x00007FF7DBFE2000-memory.dmp	xmrig
behavioral2/memory/2324-2164-0x00007FF67CB40000-0x00007FF67CF32000-memory.dmp	xmrig
behavioral2/memory/2236-2202-0x00007FF7C0340000-0x00007FF7C0732000-memory.dmp	xmrig
behavioral2/memory/4908-2185-0x00007FF7013A0000-0x00007FF701792000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1520	nWkjEwH.exe
1824	MluvoHY.exe
3184	KrUrzUB.exe
3292	pUWSWoQ.exe
3504	CgGaSDC.exe
2768	lBvybPt.exe
3172	LnvmZPx.exe
3856	zONNTXJ.exe
3840	rIpbuPz.exe
2240	kSJuHNz.exe
380	etsjRYG.exe
2164	CfkbzfT.exe
2716	VAEusoR.exe
2324	ECDEbkJ.exe
3752	sWdvidr.exe
4604	RddOyXq.exe
4220	IAjvOdN.exe
4868	UZDBhQL.exe
3936	vEtuKto.exe
4908	yKCyjkH.exe
2236	KfmuCAa.exe
4076	qjNgUSl.exe
1796	EVaeKBa.exe
1300	FJnqHgt.exe
2008	XAKEFcg.exe
4200	BiRhEmb.exe
2844	QFWFHtF.exe
3316	qgTbTJv.exe
376	koOevnB.exe
4108	NDiDHrM.exe
4864	lMKNVJb.exe
412	ReUkpRX.exe
4204	xXuEeVj.exe
1660	VnDmfNm.exe
3964	UPQxNhS.exe
2020	iMeolaQ.exe
408	RaUVULI.exe
3424	dBuwuun.exe
3472	soLwFvl.exe
3516	yOuOSZX.exe
4884	TDmgZDu.exe
4360	KbSDKdL.exe
4336	OybfnQU.exe
1552	vzuSlBn.exe
624	FkPVZQj.exe
4856	maAlHnn.exe
3600	dnfYmip.exe
2912	srpDXOT.exe
2728	CQaOwzE.exe
4688	sbyTnph.exe
5004	hCMrHuO.exe
4556	ZqJlgXs.exe
2288	oTXmPhX.exe
4616	WqdtKBq.exe
4184	OrUWPsu.exe
2752	oaDfFdP.exe
2000	CaspTBB.exe
1800	VoUuAdm.exe
2964	juOtCwv.exe
2376	JSxWDsI.exe
3240	sYAvkmL.exe
2900	AfaBnBV.exe
1540	HvaZRKM.exe
5096	fmziBsj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2344-0-0x00007FF6F8C30000-0x00007FF6F9022000-memory.dmp	upx
behavioral2/files/0x000b000000023b69-5.dat	upx
behavioral2/files/0x000a000000023b6e-8.dat	upx
behavioral2/files/0x000a000000023b6f-25.dat	upx
behavioral2/files/0x000a000000023b70-26.dat	upx
behavioral2/files/0x000a000000023b78-71.dat	upx
behavioral2/files/0x000a000000023b77-80.dat	upx
behavioral2/files/0x000a000000023b79-90.dat	upx
behavioral2/files/0x000b000000023b75-97.dat	upx
behavioral2/files/0x000a000000023b7d-105.dat	upx
behavioral2/files/0x000b000000023b6a-125.dat	upx
behavioral2/memory/2768-134-0x00007FF6DF7D0000-0x00007FF6DFBC2000-memory.dmp	upx
behavioral2/memory/2716-143-0x00007FF62B580000-0x00007FF62B972000-memory.dmp	upx
behavioral2/files/0x000a000000023b80-152.dat	upx
behavioral2/memory/4908-173-0x00007FF7013A0000-0x00007FF701792000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-190.dat	upx
behavioral2/files/0x000a000000023b8b-197.dat	upx
behavioral2/files/0x000a000000023b89-195.dat	upx
behavioral2/files/0x000a000000023b8a-192.dat	upx
behavioral2/files/0x000a000000023b87-185.dat	upx
behavioral2/files/0x000a000000023b86-180.dat	upx
behavioral2/memory/2236-179-0x00007FF7C0340000-0x00007FF7C0732000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-174.dat	upx
behavioral2/files/0x000a000000023b84-168.dat	upx
behavioral2/memory/3936-167-0x00007FF771650000-0x00007FF771A42000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-162.dat	upx
behavioral2/memory/4868-160-0x00007FF66A260000-0x00007FF66A652000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-156.dat	upx
behavioral2/files/0x000a000000023b81-154.dat	upx
behavioral2/files/0x000a000000023b7f-150.dat	upx
behavioral2/memory/4604-149-0x00007FF7DBBF0000-0x00007FF7DBFE2000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-145.dat	upx
behavioral2/memory/380-139-0x00007FF61DF00000-0x00007FF61E2F2000-memory.dmp	upx
behavioral2/memory/3840-135-0x00007FF63CFE0000-0x00007FF63D3D2000-memory.dmp	upx
behavioral2/memory/3292-130-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp	upx
behavioral2/memory/1520-124-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp	upx
behavioral2/memory/4220-117-0x00007FF693790000-0x00007FF693B82000-memory.dmp	upx
behavioral2/files/0x000a000000023b7c-113.dat	upx
behavioral2/memory/3752-109-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp	upx
behavioral2/memory/2324-108-0x00007FF67CB40000-0x00007FF67CF32000-memory.dmp	upx
behavioral2/memory/2164-104-0x00007FF61E020000-0x00007FF61E412000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-102.dat	upx
behavioral2/files/0x000b000000023b76-100.dat	upx
behavioral2/memory/2240-95-0x00007FF7CEB10000-0x00007FF7CEF02000-memory.dmp	upx
behavioral2/files/0x000a000000023b7a-93.dat	upx
behavioral2/memory/3856-82-0x00007FF6B3200000-0x00007FF6B35F2000-memory.dmp	upx
behavioral2/files/0x000a000000023b74-77.dat	upx
behavioral2/memory/3172-73-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp	upx
behavioral2/files/0x000a000000023b73-67.dat	upx
behavioral2/files/0x000a000000023b72-58.dat	upx
behavioral2/files/0x000a000000023b71-54.dat	upx
behavioral2/memory/3504-52-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp	upx
behavioral2/memory/3184-47-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp	upx
behavioral2/memory/1824-38-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp	upx
behavioral2/files/0x000a000000023b6d-17.dat	upx
behavioral2/memory/1824-2097-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp	upx
behavioral2/memory/3172-2099-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp	upx
behavioral2/memory/3504-2098-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp	upx
behavioral2/memory/2164-2100-0x00007FF61E020000-0x00007FF61E412000-memory.dmp	upx
behavioral2/memory/3752-2101-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp	upx
behavioral2/memory/1520-2104-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp	upx
behavioral2/memory/1824-2111-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp	upx
behavioral2/memory/3292-2137-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp	upx
behavioral2/memory/3184-2136-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\utkZqNT.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\JAnjMQt.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\tRuZiTk.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\SdiSdko.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\gzkHPTY.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\WAWoGJa.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\QjSVzVX.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\CdSgTIv.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\vywNOWw.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\yGgeLpv.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\JTPtiEz.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\lBvybPt.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\LnvmZPx.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\VNrtENh.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\aVPrVor.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\EXdpyTg.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\QMzUktd.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\mKdyiTK.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\NGPNYUw.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\qcXCupc.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\BNVCniS.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\LkECDel.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\oEmPwmc.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\MSaxTcU.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\MMEYPle.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\oDajRCt.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\TxpVMPK.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\RheyqYd.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\fjArrsA.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\ZEBxlst.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\nobcUGx.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\sFFkclh.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\SdjZNBZ.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\NJeVMBL.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\nrgvdlK.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\WsxlDzL.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\dAsRaTu.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\fqcZwEm.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\ZHxldLa.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\RPphkpR.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\BiRhEmb.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\yvgvqEu.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\pTtGTiL.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\DkgmUTI.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\LCjvtsk.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\MUwAGBy.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\VvKFdtX.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\phFXWDs.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\ZhzQtQn.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\diPRypj.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\GkclQZe.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\FHfnUbW.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\wPTyMvU.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\yKCyjkH.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\oTXmPhX.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\FkPVZQj.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\oxkmdkH.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\DZQZXkL.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\HacvwJu.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\kYehslx.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\QncMOWk.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\etsjRYG.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\lMKNVJb.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
File created	C:\Windows\System\fzSSaYD.exe	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4232	powershell.exe
4232	powershell.exe
4232	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4232	powershell.exe
Token: SeLockMemoryPrivilege	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 4232	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	84
PID 2344 wrote to memory of 4232	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	84
PID 2344 wrote to memory of 1520	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	85
PID 2344 wrote to memory of 1520	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	85
PID 2344 wrote to memory of 1824	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	86
PID 2344 wrote to memory of 1824	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	86
PID 2344 wrote to memory of 3184	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	87
PID 2344 wrote to memory of 3184	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	87
PID 2344 wrote to memory of 3292	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	88
PID 2344 wrote to memory of 3292	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	88
PID 2344 wrote to memory of 3504	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	89
PID 2344 wrote to memory of 3504	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	89
PID 2344 wrote to memory of 2768	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	90
PID 2344 wrote to memory of 2768	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	90
PID 2344 wrote to memory of 3172	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	91
PID 2344 wrote to memory of 3172	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	91
PID 2344 wrote to memory of 3856	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	92
PID 2344 wrote to memory of 3856	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	92
PID 2344 wrote to memory of 3840	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	93
PID 2344 wrote to memory of 3840	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	93
PID 2344 wrote to memory of 2240	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	94
PID 2344 wrote to memory of 2240	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	94
PID 2344 wrote to memory of 380	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	95
PID 2344 wrote to memory of 380	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	95
PID 2344 wrote to memory of 2164	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	96
PID 2344 wrote to memory of 2164	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	96
PID 2344 wrote to memory of 2716	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	97
PID 2344 wrote to memory of 2716	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	97
PID 2344 wrote to memory of 2324	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	98
PID 2344 wrote to memory of 2324	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	98
PID 2344 wrote to memory of 3752	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	99
PID 2344 wrote to memory of 3752	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	99
PID 2344 wrote to memory of 4604	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	100
PID 2344 wrote to memory of 4604	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	100
PID 2344 wrote to memory of 4220	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	101
PID 2344 wrote to memory of 4220	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	101
PID 2344 wrote to memory of 4868	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	102
PID 2344 wrote to memory of 4868	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	102
PID 2344 wrote to memory of 3936	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	103
PID 2344 wrote to memory of 3936	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	103
PID 2344 wrote to memory of 4908	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	104
PID 2344 wrote to memory of 4908	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	104
PID 2344 wrote to memory of 2236	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	105
PID 2344 wrote to memory of 2236	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	105
PID 2344 wrote to memory of 4076	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	106
PID 2344 wrote to memory of 4076	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	106
PID 2344 wrote to memory of 1796	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	107
PID 2344 wrote to memory of 1796	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	107
PID 2344 wrote to memory of 1300	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	108
PID 2344 wrote to memory of 1300	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	108
PID 2344 wrote to memory of 2008	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	109
PID 2344 wrote to memory of 2008	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	109
PID 2344 wrote to memory of 4200	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	110
PID 2344 wrote to memory of 4200	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	110
PID 2344 wrote to memory of 2844	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	111
PID 2344 wrote to memory of 2844	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	111
PID 2344 wrote to memory of 3316	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	112
PID 2344 wrote to memory of 3316	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	112
PID 2344 wrote to memory of 376	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	113
PID 2344 wrote to memory of 376	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	113
PID 2344 wrote to memory of 4108	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	114
PID 2344 wrote to memory of 4108	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	114
PID 2344 wrote to memory of 4864	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	115
PID 2344 wrote to memory of 4864	2344	05678c949a84e15eee7752e97212613c_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\05678c949a84e15eee7752e97212613c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05678c949a84e15eee7752e97212613c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4232
- C:\Windows\System\nWkjEwH.exe
  C:\Windows\System\nWkjEwH.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\MluvoHY.exe
  C:\Windows\System\MluvoHY.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\KrUrzUB.exe
  C:\Windows\System\KrUrzUB.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\pUWSWoQ.exe
  C:\Windows\System\pUWSWoQ.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\CgGaSDC.exe
  C:\Windows\System\CgGaSDC.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\lBvybPt.exe
  C:\Windows\System\lBvybPt.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\LnvmZPx.exe
  C:\Windows\System\LnvmZPx.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\zONNTXJ.exe
  C:\Windows\System\zONNTXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\rIpbuPz.exe
  C:\Windows\System\rIpbuPz.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\kSJuHNz.exe
  C:\Windows\System\kSJuHNz.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\etsjRYG.exe
  C:\Windows\System\etsjRYG.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\CfkbzfT.exe
  C:\Windows\System\CfkbzfT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\VAEusoR.exe
  C:\Windows\System\VAEusoR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ECDEbkJ.exe
  C:\Windows\System\ECDEbkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\sWdvidr.exe
  C:\Windows\System\sWdvidr.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\RddOyXq.exe
  C:\Windows\System\RddOyXq.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\IAjvOdN.exe
  C:\Windows\System\IAjvOdN.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\UZDBhQL.exe
  C:\Windows\System\UZDBhQL.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\vEtuKto.exe
  C:\Windows\System\vEtuKto.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\yKCyjkH.exe
  C:\Windows\System\yKCyjkH.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\KfmuCAa.exe
  C:\Windows\System\KfmuCAa.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\qjNgUSl.exe
  C:\Windows\System\qjNgUSl.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\EVaeKBa.exe
  C:\Windows\System\EVaeKBa.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\FJnqHgt.exe
  C:\Windows\System\FJnqHgt.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\XAKEFcg.exe
  C:\Windows\System\XAKEFcg.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\BiRhEmb.exe
  C:\Windows\System\BiRhEmb.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\QFWFHtF.exe
  C:\Windows\System\QFWFHtF.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\qgTbTJv.exe
  C:\Windows\System\qgTbTJv.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\koOevnB.exe
  C:\Windows\System\koOevnB.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\NDiDHrM.exe
  C:\Windows\System\NDiDHrM.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\lMKNVJb.exe
  C:\Windows\System\lMKNVJb.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\ReUkpRX.exe
  C:\Windows\System\ReUkpRX.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\xXuEeVj.exe
  C:\Windows\System\xXuEeVj.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\VnDmfNm.exe
  C:\Windows\System\VnDmfNm.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\UPQxNhS.exe
  C:\Windows\System\UPQxNhS.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\iMeolaQ.exe
  C:\Windows\System\iMeolaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RaUVULI.exe
  C:\Windows\System\RaUVULI.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\dBuwuun.exe
  C:\Windows\System\dBuwuun.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\soLwFvl.exe
  C:\Windows\System\soLwFvl.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\yOuOSZX.exe
  C:\Windows\System\yOuOSZX.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\TDmgZDu.exe
  C:\Windows\System\TDmgZDu.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\KbSDKdL.exe
  C:\Windows\System\KbSDKdL.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\OybfnQU.exe
  C:\Windows\System\OybfnQU.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\vzuSlBn.exe
  C:\Windows\System\vzuSlBn.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\FkPVZQj.exe
  C:\Windows\System\FkPVZQj.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\maAlHnn.exe
  C:\Windows\System\maAlHnn.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\dnfYmip.exe
  C:\Windows\System\dnfYmip.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\srpDXOT.exe
  C:\Windows\System\srpDXOT.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\CQaOwzE.exe
  C:\Windows\System\CQaOwzE.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\sbyTnph.exe
  C:\Windows\System\sbyTnph.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\hCMrHuO.exe
  C:\Windows\System\hCMrHuO.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ZqJlgXs.exe
  C:\Windows\System\ZqJlgXs.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\oTXmPhX.exe
  C:\Windows\System\oTXmPhX.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\WqdtKBq.exe
  C:\Windows\System\WqdtKBq.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\OrUWPsu.exe
  C:\Windows\System\OrUWPsu.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\oaDfFdP.exe
  C:\Windows\System\oaDfFdP.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\CaspTBB.exe
  C:\Windows\System\CaspTBB.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\VoUuAdm.exe
  C:\Windows\System\VoUuAdm.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\juOtCwv.exe
  C:\Windows\System\juOtCwv.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\JSxWDsI.exe
  C:\Windows\System\JSxWDsI.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\sYAvkmL.exe
  C:\Windows\System\sYAvkmL.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\AfaBnBV.exe
  C:\Windows\System\AfaBnBV.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\HvaZRKM.exe
  C:\Windows\System\HvaZRKM.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\fmziBsj.exe
  C:\Windows\System\fmziBsj.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\ZuUntQx.exe
  C:\Windows\System\ZuUntQx.exe
  2⤵
  PID:4392
- C:\Windows\System\VDKDhdp.exe
  C:\Windows\System\VDKDhdp.exe
  2⤵
  PID:2224
- C:\Windows\System\SdiSdko.exe
  C:\Windows\System\SdiSdko.exe
  2⤵
  PID:3616
- C:\Windows\System\OiTBSZc.exe
  C:\Windows\System\OiTBSZc.exe
  2⤵
  PID:956
- C:\Windows\System\besiFFW.exe
  C:\Windows\System\besiFFW.exe
  2⤵
  PID:2704
- C:\Windows\System\evwZxDc.exe
  C:\Windows\System\evwZxDc.exe
  2⤵
  PID:3556
- C:\Windows\System\nmrPREf.exe
  C:\Windows\System\nmrPREf.exe
  2⤵
  PID:2888
- C:\Windows\System\YjXwbsc.exe
  C:\Windows\System\YjXwbsc.exe
  2⤵
  PID:4120
- C:\Windows\System\GcNVfxm.exe
  C:\Windows\System\GcNVfxm.exe
  2⤵
  PID:5152
- C:\Windows\System\OvTQwkT.exe
  C:\Windows\System\OvTQwkT.exe
  2⤵
  PID:5180
- C:\Windows\System\ivnNHan.exe
  C:\Windows\System\ivnNHan.exe
  2⤵
  PID:5208
- C:\Windows\System\gzkHPTY.exe
  C:\Windows\System\gzkHPTY.exe
  2⤵
  PID:5236
- C:\Windows\System\mtamZem.exe
  C:\Windows\System\mtamZem.exe
  2⤵
  PID:5264
- C:\Windows\System\ajzlllV.exe
  C:\Windows\System\ajzlllV.exe
  2⤵
  PID:5288
- C:\Windows\System\jTgdZSI.exe
  C:\Windows\System\jTgdZSI.exe
  2⤵
  PID:5320
- C:\Windows\System\wnSokMC.exe
  C:\Windows\System\wnSokMC.exe
  2⤵
  PID:5348
- C:\Windows\System\VDkmBYj.exe
  C:\Windows\System\VDkmBYj.exe
  2⤵
  PID:5376
- C:\Windows\System\WODhuNW.exe
  C:\Windows\System\WODhuNW.exe
  2⤵
  PID:5404
- C:\Windows\System\TroOynX.exe
  C:\Windows\System\TroOynX.exe
  2⤵
  PID:5432
- C:\Windows\System\EBjXTWq.exe
  C:\Windows\System\EBjXTWq.exe
  2⤵
  PID:5460
- C:\Windows\System\YWXWAgf.exe
  C:\Windows\System\YWXWAgf.exe
  2⤵
  PID:5488
- C:\Windows\System\yczfUZQ.exe
  C:\Windows\System\yczfUZQ.exe
  2⤵
  PID:5516
- C:\Windows\System\YfBkxSJ.exe
  C:\Windows\System\YfBkxSJ.exe
  2⤵
  PID:5544
- C:\Windows\System\DkhazFb.exe
  C:\Windows\System\DkhazFb.exe
  2⤵
  PID:5572
- C:\Windows\System\zvFfNWk.exe
  C:\Windows\System\zvFfNWk.exe
  2⤵
  PID:5596
- C:\Windows\System\VqtIShq.exe
  C:\Windows\System\VqtIShq.exe
  2⤵
  PID:5628
- C:\Windows\System\rmuxBHe.exe
  C:\Windows\System\rmuxBHe.exe
  2⤵
  PID:5656
- C:\Windows\System\kCacOFi.exe
  C:\Windows\System\kCacOFi.exe
  2⤵
  PID:5684
- C:\Windows\System\eDYBtJN.exe
  C:\Windows\System\eDYBtJN.exe
  2⤵
  PID:5712
- C:\Windows\System\nnlwfII.exe
  C:\Windows\System\nnlwfII.exe
  2⤵
  PID:5740
- C:\Windows\System\vbKHaZA.exe
  C:\Windows\System\vbKHaZA.exe
  2⤵
  PID:5768
- C:\Windows\System\YqshSAY.exe
  C:\Windows\System\YqshSAY.exe
  2⤵
  PID:5796
- C:\Windows\System\HeipFIC.exe
  C:\Windows\System\HeipFIC.exe
  2⤵
  PID:5824
- C:\Windows\System\jNFTSrC.exe
  C:\Windows\System\jNFTSrC.exe
  2⤵
  PID:5852
- C:\Windows\System\KRTplGQ.exe
  C:\Windows\System\KRTplGQ.exe
  2⤵
  PID:5880
- C:\Windows\System\YtwtvOD.exe
  C:\Windows\System\YtwtvOD.exe
  2⤵
  PID:5908
- C:\Windows\System\auepgPo.exe
  C:\Windows\System\auepgPo.exe
  2⤵
  PID:5932
- C:\Windows\System\SSHcluc.exe
  C:\Windows\System\SSHcluc.exe
  2⤵
  PID:5964
- C:\Windows\System\PzOgRVe.exe
  C:\Windows\System\PzOgRVe.exe
  2⤵
  PID:5988
- C:\Windows\System\Imagxzh.exe
  C:\Windows\System\Imagxzh.exe
  2⤵
  PID:6020
- C:\Windows\System\drxNnOW.exe
  C:\Windows\System\drxNnOW.exe
  2⤵
  PID:6048
- C:\Windows\System\YtQRDOV.exe
  C:\Windows\System\YtQRDOV.exe
  2⤵
  PID:6076
- C:\Windows\System\yxRFdxn.exe
  C:\Windows\System\yxRFdxn.exe
  2⤵
  PID:6104
- C:\Windows\System\vXuNZvk.exe
  C:\Windows\System\vXuNZvk.exe
  2⤵
  PID:6132
- C:\Windows\System\PQYetPf.exe
  C:\Windows\System\PQYetPf.exe
  2⤵
  PID:4316
- C:\Windows\System\CbHIsmm.exe
  C:\Windows\System\CbHIsmm.exe
  2⤵
  PID:2004
- C:\Windows\System\ZSbePGR.exe
  C:\Windows\System\ZSbePGR.exe
  2⤵
  PID:2612
- C:\Windows\System\WWydhuQ.exe
  C:\Windows\System\WWydhuQ.exe
  2⤵
  PID:4144
- C:\Windows\System\oxkmdkH.exe
  C:\Windows\System\oxkmdkH.exe
  2⤵
  PID:5164
- C:\Windows\System\MoJEnGA.exe
  C:\Windows\System\MoJEnGA.exe
  2⤵
  PID:5224
- C:\Windows\System\bQWlCIY.exe
  C:\Windows\System\bQWlCIY.exe
  2⤵
  PID:5284
- C:\Windows\System\YDWPZUk.exe
  C:\Windows\System\YDWPZUk.exe
  2⤵
  PID:5360
- C:\Windows\System\CwYRqPJ.exe
  C:\Windows\System\CwYRqPJ.exe
  2⤵
  PID:5396
- C:\Windows\System\DZQZXkL.exe
  C:\Windows\System\DZQZXkL.exe
  2⤵
  PID:5472
- C:\Windows\System\BBOeuic.exe
  C:\Windows\System\BBOeuic.exe
  2⤵
  PID:5532
- C:\Windows\System\nobcUGx.exe
  C:\Windows\System\nobcUGx.exe
  2⤵
  PID:5592
- C:\Windows\System\ptWSnba.exe
  C:\Windows\System\ptWSnba.exe
  2⤵
  PID:5668
- C:\Windows\System\pVfULOD.exe
  C:\Windows\System\pVfULOD.exe
  2⤵
  PID:5728
- C:\Windows\System\BtucJtl.exe
  C:\Windows\System\BtucJtl.exe
  2⤵
  PID:5788
- C:\Windows\System\utkZqNT.exe
  C:\Windows\System\utkZqNT.exe
  2⤵
  PID:5864
- C:\Windows\System\vPwhMIK.exe
  C:\Windows\System\vPwhMIK.exe
  2⤵
  PID:5924
- C:\Windows\System\kXEBnYe.exe
  C:\Windows\System\kXEBnYe.exe
  2⤵
  PID:5984
- C:\Windows\System\acrnIZb.exe
  C:\Windows\System\acrnIZb.exe
  2⤵
  PID:6060
- C:\Windows\System\SHfeWNS.exe
  C:\Windows\System\SHfeWNS.exe
  2⤵
  PID:6120
- C:\Windows\System\srCRxWC.exe
  C:\Windows\System\srCRxWC.exe
  2⤵
  PID:4580
- C:\Windows\System\WYLCPMU.exe
  C:\Windows\System\WYLCPMU.exe
  2⤵
  PID:4188
- C:\Windows\System\GeDrpyR.exe
  C:\Windows\System\GeDrpyR.exe
  2⤵
  PID:5192
- C:\Windows\System\MBWbNFx.exe
  C:\Windows\System\MBWbNFx.exe
  2⤵
  PID:5336
- C:\Windows\System\ojGexTH.exe
  C:\Windows\System\ojGexTH.exe
  2⤵
  PID:5448
- C:\Windows\System\tKTqGuj.exe
  C:\Windows\System\tKTqGuj.exe
  2⤵
  PID:5584
- C:\Windows\System\ERCKpDI.exe
  C:\Windows\System\ERCKpDI.exe
  2⤵
  PID:5760
- C:\Windows\System\HCFcQmq.exe
  C:\Windows\System\HCFcQmq.exe
  2⤵
  PID:5892
- C:\Windows\System\PtTJsdl.exe
  C:\Windows\System\PtTJsdl.exe
  2⤵
  PID:5976
- C:\Windows\System\LWiiKXV.exe
  C:\Windows\System\LWiiKXV.exe
  2⤵
  PID:228
- C:\Windows\System\xACXppv.exe
  C:\Windows\System\xACXppv.exe
  2⤵
  PID:5140
- C:\Windows\System\zLLcbqj.exe
  C:\Windows\System\zLLcbqj.exe
  2⤵
  PID:5308
- C:\Windows\System\NEoloxd.exe
  C:\Windows\System\NEoloxd.exe
  2⤵
  PID:6172
- C:\Windows\System\whVrdxo.exe
  C:\Windows\System\whVrdxo.exe
  2⤵
  PID:6200
- C:\Windows\System\QkNknmy.exe
  C:\Windows\System\QkNknmy.exe
  2⤵
  PID:6228
- C:\Windows\System\xYXOOyI.exe
  C:\Windows\System\xYXOOyI.exe
  2⤵
  PID:6256
- C:\Windows\System\YGnjDVg.exe
  C:\Windows\System\YGnjDVg.exe
  2⤵
  PID:6280
- C:\Windows\System\kBMYQfg.exe
  C:\Windows\System\kBMYQfg.exe
  2⤵
  PID:6312
- C:\Windows\System\KJoxIdN.exe
  C:\Windows\System\KJoxIdN.exe
  2⤵
  PID:6340
- C:\Windows\System\kwBSiKY.exe
  C:\Windows\System\kwBSiKY.exe
  2⤵
  PID:6376
- C:\Windows\System\Nhchjca.exe
  C:\Windows\System\Nhchjca.exe
  2⤵
  PID:6404
- C:\Windows\System\rNHnCeP.exe
  C:\Windows\System\rNHnCeP.exe
  2⤵
  PID:6432
- C:\Windows\System\FayooFE.exe
  C:\Windows\System\FayooFE.exe
  2⤵
  PID:6452
- C:\Windows\System\YeHmdOL.exe
  C:\Windows\System\YeHmdOL.exe
  2⤵
  PID:6480
- C:\Windows\System\oDajRCt.exe
  C:\Windows\System\oDajRCt.exe
  2⤵
  PID:6508
- C:\Windows\System\BhMrqgs.exe
  C:\Windows\System\BhMrqgs.exe
  2⤵
  PID:6536
- C:\Windows\System\pTxHpKN.exe
  C:\Windows\System\pTxHpKN.exe
  2⤵
  PID:6564
- C:\Windows\System\vyXVIEp.exe
  C:\Windows\System\vyXVIEp.exe
  2⤵
  PID:6592
- C:\Windows\System\gpaloHP.exe
  C:\Windows\System\gpaloHP.exe
  2⤵
  PID:6620
- C:\Windows\System\uQKzeQx.exe
  C:\Windows\System\uQKzeQx.exe
  2⤵
  PID:6648
- C:\Windows\System\jqlSqTe.exe
  C:\Windows\System\jqlSqTe.exe
  2⤵
  PID:6676
- C:\Windows\System\XJEOAQM.exe
  C:\Windows\System\XJEOAQM.exe
  2⤵
  PID:6704
- C:\Windows\System\fdBreWO.exe
  C:\Windows\System\fdBreWO.exe
  2⤵
  PID:6732
- C:\Windows\System\pFAAbKo.exe
  C:\Windows\System\pFAAbKo.exe
  2⤵
  PID:6760
- C:\Windows\System\mlXhnvI.exe
  C:\Windows\System\mlXhnvI.exe
  2⤵
  PID:6788
- C:\Windows\System\HacvwJu.exe
  C:\Windows\System\HacvwJu.exe
  2⤵
  PID:6816
- C:\Windows\System\GEQtwUX.exe
  C:\Windows\System\GEQtwUX.exe
  2⤵
  PID:6844
- C:\Windows\System\RzzGrEV.exe
  C:\Windows\System\RzzGrEV.exe
  2⤵
  PID:6872
- C:\Windows\System\KvYmUmY.exe
  C:\Windows\System\KvYmUmY.exe
  2⤵
  PID:6900
- C:\Windows\System\tJSpoVS.exe
  C:\Windows\System\tJSpoVS.exe
  2⤵
  PID:6928
- C:\Windows\System\gISEnnB.exe
  C:\Windows\System\gISEnnB.exe
  2⤵
  PID:6956
- C:\Windows\System\oBbeOrA.exe
  C:\Windows\System\oBbeOrA.exe
  2⤵
  PID:6984
- C:\Windows\System\JjgPgOQ.exe
  C:\Windows\System\JjgPgOQ.exe
  2⤵
  PID:7008
- C:\Windows\System\FHcRITb.exe
  C:\Windows\System\FHcRITb.exe
  2⤵
  PID:7040
- C:\Windows\System\AfczuCZ.exe
  C:\Windows\System\AfczuCZ.exe
  2⤵
  PID:7064
- C:\Windows\System\TxpVMPK.exe
  C:\Windows\System\TxpVMPK.exe
  2⤵
  PID:7096
- C:\Windows\System\uhZSPdE.exe
  C:\Windows\System\uhZSPdE.exe
  2⤵
  PID:7124
- C:\Windows\System\DMYmIuX.exe
  C:\Windows\System\DMYmIuX.exe
  2⤵
  PID:7152
- C:\Windows\System\XuwEgVX.exe
  C:\Windows\System\XuwEgVX.exe
  2⤵
  PID:3064
- C:\Windows\System\ALEFowc.exe
  C:\Windows\System\ALEFowc.exe
  2⤵
  PID:5816
- C:\Windows\System\vpnfOuN.exe
  C:\Windows\System\vpnfOuN.exe
  2⤵
  PID:3764
- C:\Windows\System\cgiKqoJ.exe
  C:\Windows\System\cgiKqoJ.exe
  2⤵
  PID:4292
- C:\Windows\System\nIJcSJR.exe
  C:\Windows\System\nIJcSJR.exe
  2⤵
  PID:3508
- C:\Windows\System\VEBqAcs.exe
  C:\Windows\System\VEBqAcs.exe
  2⤵
  PID:6212
- C:\Windows\System\ZQSIEnz.exe
  C:\Windows\System\ZQSIEnz.exe
  2⤵
  PID:6244
- C:\Windows\System\CBbagXM.exe
  C:\Windows\System\CBbagXM.exe
  2⤵
  PID:4824
- C:\Windows\System\ceBByVq.exe
  C:\Windows\System\ceBByVq.exe
  2⤵
  PID:6332
- C:\Windows\System\JhHDDXK.exe
  C:\Windows\System\JhHDDXK.exe
  2⤵
  PID:6468
- C:\Windows\System\DLpnZKN.exe
  C:\Windows\System\DLpnZKN.exe
  2⤵
  PID:6496
- C:\Windows\System\QlIBopb.exe
  C:\Windows\System\QlIBopb.exe
  2⤵
  PID:6528
- C:\Windows\System\OYtSZKD.exe
  C:\Windows\System\OYtSZKD.exe
  2⤵
  PID:2644
- C:\Windows\System\ZVQuOJa.exe
  C:\Windows\System\ZVQuOJa.exe
  2⤵
  PID:4784
- C:\Windows\System\ChjnOTr.exe
  C:\Windows\System\ChjnOTr.exe
  2⤵
  PID:6608
- C:\Windows\System\YHrvoEj.exe
  C:\Windows\System\YHrvoEj.exe
  2⤵
  PID:6660
- C:\Windows\System\AUZoIHM.exe
  C:\Windows\System\AUZoIHM.exe
  2⤵
  PID:6720
- C:\Windows\System\dAsRaTu.exe
  C:\Windows\System\dAsRaTu.exe
  2⤵
  PID:5036
- C:\Windows\System\YahRJXA.exe
  C:\Windows\System\YahRJXA.exe
  2⤵
  PID:6776
- C:\Windows\System\LUSGPri.exe
  C:\Windows\System\LUSGPri.exe
  2⤵
  PID:6808
- C:\Windows\System\PKBqeGr.exe
  C:\Windows\System\PKBqeGr.exe
  2⤵
  PID:6836
- C:\Windows\System\ARMImUe.exe
  C:\Windows\System\ARMImUe.exe
  2⤵
  PID:4704
- C:\Windows\System\iJeXnCe.exe
  C:\Windows\System\iJeXnCe.exe
  2⤵
  PID:6912
- C:\Windows\System\yvgvqEu.exe
  C:\Windows\System\yvgvqEu.exe
  2⤵
  PID:6940
- C:\Windows\System\xaLGMMR.exe
  C:\Windows\System\xaLGMMR.exe
  2⤵
  PID:6972
- C:\Windows\System\LbMbaDW.exe
  C:\Windows\System\LbMbaDW.exe
  2⤵
  PID:3604
- C:\Windows\System\gjZVBxZ.exe
  C:\Windows\System\gjZVBxZ.exe
  2⤵
  PID:7024
- C:\Windows\System\QgMXtcp.exe
  C:\Windows\System\QgMXtcp.exe
  2⤵
  PID:7056
- C:\Windows\System\sCfEIJT.exe
  C:\Windows\System\sCfEIJT.exe
  2⤵
  PID:7088
- C:\Windows\System\EzyzlEg.exe
  C:\Windows\System\EzyzlEg.exe
  2⤵
  PID:7140
- C:\Windows\System\FmkRtcb.exe
  C:\Windows\System\FmkRtcb.exe
  2⤵
  PID:5696
- C:\Windows\System\GvIfihh.exe
  C:\Windows\System\GvIfihh.exe
  2⤵
  PID:6096
- C:\Windows\System\fqcZwEm.exe
  C:\Windows\System\fqcZwEm.exe
  2⤵
  PID:6164
- C:\Windows\System\GfBmweI.exe
  C:\Windows\System\GfBmweI.exe
  2⤵
  PID:4636
- C:\Windows\System\gJkxKAJ.exe
  C:\Windows\System\gJkxKAJ.exe
  2⤵
  PID:2088
- C:\Windows\System\IcVPoRv.exe
  C:\Windows\System\IcVPoRv.exe
  2⤵
  PID:6276
- C:\Windows\System\KiqHsBP.exe
  C:\Windows\System\KiqHsBP.exe
  2⤵
  PID:1336
- C:\Windows\System\ejClQCa.exe
  C:\Windows\System\ejClQCa.exe
  2⤵
  PID:4560
- C:\Windows\System\gFBZxnz.exe
  C:\Windows\System\gFBZxnz.exe
  2⤵
  PID:4448
- C:\Windows\System\lShovjK.exe
  C:\Windows\System\lShovjK.exe
  2⤵
  PID:4660
- C:\Windows\System\uYRlvkd.exe
  C:\Windows\System\uYRlvkd.exe
  2⤵
  PID:436
- C:\Windows\System\oyMpOIY.exe
  C:\Windows\System\oyMpOIY.exe
  2⤵
  PID:6492
- C:\Windows\System\yJxyuej.exe
  C:\Windows\System\yJxyuej.exe
  2⤵
  PID:2708
- C:\Windows\System\IGKZZVM.exe
  C:\Windows\System\IGKZZVM.exe
  2⤵
  PID:3660
- C:\Windows\System\ESlPkCz.exe
  C:\Windows\System\ESlPkCz.exe
  2⤵
  PID:6916
- C:\Windows\System\SJxnxCa.exe
  C:\Windows\System\SJxnxCa.exe
  2⤵
  PID:4224
- C:\Windows\System\oiOqqIz.exe
  C:\Windows\System\oiOqqIz.exe
  2⤵
  PID:6860
- C:\Windows\System\AStizoa.exe
  C:\Windows\System\AStizoa.exe
  2⤵
  PID:468
- C:\Windows\System\ABmPbyy.exe
  C:\Windows\System\ABmPbyy.exe
  2⤵
  PID:5116
- C:\Windows\System\KILcJeJ.exe
  C:\Windows\System\KILcJeJ.exe
  2⤵
  PID:3212
- C:\Windows\System\WAWoGJa.exe
  C:\Windows\System\WAWoGJa.exe
  2⤵
  PID:7112
- C:\Windows\System\SUuTkzV.exe
  C:\Windows\System\SUuTkzV.exe
  2⤵
  PID:1148
- C:\Windows\System\FFnVatw.exe
  C:\Windows\System\FFnVatw.exe
  2⤵
  PID:704
- C:\Windows\System\FxFVZdG.exe
  C:\Windows\System\FxFVZdG.exe
  2⤵
  PID:2084
- C:\Windows\System\nXwdrKi.exe
  C:\Windows\System\nXwdrKi.exe
  2⤵
  PID:6832
- C:\Windows\System\RCaahwt.exe
  C:\Windows\System\RCaahwt.exe
  2⤵
  PID:7200
- C:\Windows\System\MiaImER.exe
  C:\Windows\System\MiaImER.exe
  2⤵
  PID:7220
- C:\Windows\System\oQKsSNu.exe
  C:\Windows\System\oQKsSNu.exe
  2⤵
  PID:7240
- C:\Windows\System\rzfsYsu.exe
  C:\Windows\System\rzfsYsu.exe
  2⤵
  PID:7264
- C:\Windows\System\EEnLGCx.exe
  C:\Windows\System\EEnLGCx.exe
  2⤵
  PID:7284
- C:\Windows\System\NIVsUOh.exe
  C:\Windows\System\NIVsUOh.exe
  2⤵
  PID:7312
- C:\Windows\System\ZAYAnzW.exe
  C:\Windows\System\ZAYAnzW.exe
  2⤵
  PID:7328
- C:\Windows\System\QRFAKPo.exe
  C:\Windows\System\QRFAKPo.exe
  2⤵
  PID:7360
- C:\Windows\System\jJJTwnF.exe
  C:\Windows\System\jJJTwnF.exe
  2⤵
  PID:7388
- C:\Windows\System\TwPDHQn.exe
  C:\Windows\System\TwPDHQn.exe
  2⤵
  PID:7412
- C:\Windows\System\OoDxuvz.exe
  C:\Windows\System\OoDxuvz.exe
  2⤵
  PID:7436
- C:\Windows\System\fZZQTGg.exe
  C:\Windows\System\fZZQTGg.exe
  2⤵
  PID:7456
- C:\Windows\System\xOjEmWi.exe
  C:\Windows\System\xOjEmWi.exe
  2⤵
  PID:7484
- C:\Windows\System\vLiLbtk.exe
  C:\Windows\System\vLiLbtk.exe
  2⤵
  PID:7504
- C:\Windows\System\osRFrAR.exe
  C:\Windows\System\osRFrAR.exe
  2⤵
  PID:7528
- C:\Windows\System\azFspyy.exe
  C:\Windows\System\azFspyy.exe
  2⤵
  PID:7552
- C:\Windows\System\wNTudht.exe
  C:\Windows\System\wNTudht.exe
  2⤵
  PID:7580
- C:\Windows\System\RqbqIVH.exe
  C:\Windows\System\RqbqIVH.exe
  2⤵
  PID:7600
- C:\Windows\System\DQfdMRv.exe
  C:\Windows\System\DQfdMRv.exe
  2⤵
  PID:7624
- C:\Windows\System\QjSVzVX.exe
  C:\Windows\System\QjSVzVX.exe
  2⤵
  PID:7640
- C:\Windows\System\bBaAdwC.exe
  C:\Windows\System\bBaAdwC.exe
  2⤵
  PID:7664
- C:\Windows\System\VQyCoeW.exe
  C:\Windows\System\VQyCoeW.exe
  2⤵
  PID:7688
- C:\Windows\System\gaSmooz.exe
  C:\Windows\System\gaSmooz.exe
  2⤵
  PID:7704
- C:\Windows\System\IzFQKvv.exe
  C:\Windows\System\IzFQKvv.exe
  2⤵
  PID:7724
- C:\Windows\System\NxUvMWe.exe
  C:\Windows\System\NxUvMWe.exe
  2⤵
  PID:7744
- C:\Windows\System\aLnIfnu.exe
  C:\Windows\System\aLnIfnu.exe
  2⤵
  PID:7772
- C:\Windows\System\jOxPbvp.exe
  C:\Windows\System\jOxPbvp.exe
  2⤵
  PID:7792
- C:\Windows\System\ZozmGqO.exe
  C:\Windows\System\ZozmGqO.exe
  2⤵
  PID:7812
- C:\Windows\System\ERhyRcP.exe
  C:\Windows\System\ERhyRcP.exe
  2⤵
  PID:7836
- C:\Windows\System\qkTBIxp.exe
  C:\Windows\System\qkTBIxp.exe
  2⤵
  PID:7852
- C:\Windows\System\oBTwNEx.exe
  C:\Windows\System\oBTwNEx.exe
  2⤵
  PID:7876
- C:\Windows\System\OBVZhzA.exe
  C:\Windows\System\OBVZhzA.exe
  2⤵
  PID:7896
- C:\Windows\System\XMKuCos.exe
  C:\Windows\System\XMKuCos.exe
  2⤵
  PID:7920
- C:\Windows\System\royiHKc.exe
  C:\Windows\System\royiHKc.exe
  2⤵
  PID:7944
- C:\Windows\System\qEboCHQ.exe
  C:\Windows\System\qEboCHQ.exe
  2⤵
  PID:7964
- C:\Windows\System\BhAmCxV.exe
  C:\Windows\System\BhAmCxV.exe
  2⤵
  PID:7984
- C:\Windows\System\FdjYPxX.exe
  C:\Windows\System\FdjYPxX.exe
  2⤵
  PID:8008
- C:\Windows\System\ijKTIhS.exe
  C:\Windows\System\ijKTIhS.exe
  2⤵
  PID:8032
- C:\Windows\System\pehkUtM.exe
  C:\Windows\System\pehkUtM.exe
  2⤵
  PID:8052
- C:\Windows\System\gctYZVJ.exe
  C:\Windows\System\gctYZVJ.exe
  2⤵
  PID:8072
- C:\Windows\System\CdSgTIv.exe
  C:\Windows\System\CdSgTIv.exe
  2⤵
  PID:8100
- C:\Windows\System\IasRcrw.exe
  C:\Windows\System\IasRcrw.exe
  2⤵
  PID:8120
- C:\Windows\System\aAuhdtC.exe
  C:\Windows\System\aAuhdtC.exe
  2⤵
  PID:8140
- C:\Windows\System\pArAGTT.exe
  C:\Windows\System\pArAGTT.exe
  2⤵
  PID:8164
- C:\Windows\System\eowlqCi.exe
  C:\Windows\System\eowlqCi.exe
  2⤵
  PID:8188
- C:\Windows\System\iaTmODn.exe
  C:\Windows\System\iaTmODn.exe
  2⤵
  PID:3104
- C:\Windows\System\SdjZNBZ.exe
  C:\Windows\System\SdjZNBZ.exe
  2⤵
  PID:7176
- C:\Windows\System\DAmjeLp.exe
  C:\Windows\System\DAmjeLp.exe
  2⤵
  PID:7280
- C:\Windows\System\EiYHjWK.exe
  C:\Windows\System\EiYHjWK.exe
  2⤵
  PID:4656
- C:\Windows\System\pFGJRaS.exe
  C:\Windows\System\pFGJRaS.exe
  2⤵
  PID:6552
- C:\Windows\System\qaojIoa.exe
  C:\Windows\System\qaojIoa.exe
  2⤵
  PID:3120
- C:\Windows\System\rPackiO.exe
  C:\Windows\System\rPackiO.exe
  2⤵
  PID:7548
- C:\Windows\System\FWUuCBs.exe
  C:\Windows\System\FWUuCBs.exe
  2⤵
  PID:7304
- C:\Windows\System\wRnyJxN.exe
  C:\Windows\System\wRnyJxN.exe
  2⤵
  PID:7616
- C:\Windows\System\XMmtubH.exe
  C:\Windows\System\XMmtubH.exe
  2⤵
  PID:7684
- C:\Windows\System\WCwgccx.exe
  C:\Windows\System\WCwgccx.exe
  2⤵
  PID:1576
- C:\Windows\System\BNVCniS.exe
  C:\Windows\System\BNVCniS.exe
  2⤵
  PID:7736
- C:\Windows\System\SdhwvRd.exe
  C:\Windows\System\SdhwvRd.exe
  2⤵
  PID:7236
- C:\Windows\System\qFKsgef.exe
  C:\Windows\System\qFKsgef.exe
  2⤵
  PID:7256
- C:\Windows\System\JmKfaUy.exe
  C:\Windows\System\JmKfaUy.exe
  2⤵
  PID:7784
- C:\Windows\System\TuaoXPc.exe
  C:\Windows\System\TuaoXPc.exe
  2⤵
  PID:7608
- C:\Windows\System\zARQVPT.exe
  C:\Windows\System\zARQVPT.exe
  2⤵
  PID:7648
- C:\Windows\System\WHCOmII.exe
  C:\Windows\System\WHCOmII.exe
  2⤵
  PID:7696
- C:\Windows\System\pImGsIY.exe
  C:\Windows\System\pImGsIY.exe
  2⤵
  PID:8028
- C:\Windows\System\AeaCvnu.exe
  C:\Windows\System\AeaCvnu.exe
  2⤵
  PID:7524
- C:\Windows\System\WUrqRXs.exe
  C:\Windows\System\WUrqRXs.exe
  2⤵
  PID:8156
- C:\Windows\System\WelQfcB.exe
  C:\Windows\System\WelQfcB.exe
  2⤵
  PID:1792
- C:\Windows\System\wPKpJnj.exe
  C:\Windows\System\wPKpJnj.exe
  2⤵
  PID:7804
- C:\Windows\System\gGpWsgH.exe
  C:\Windows\System\gGpWsgH.exe
  2⤵
  PID:6892
- C:\Windows\System\gEVIQbc.exe
  C:\Windows\System\gEVIQbc.exe
  2⤵
  PID:7860
- C:\Windows\System\gHygOiy.exe
  C:\Windows\System\gHygOiy.exe
  2⤵
  PID:7544
- C:\Windows\System\QCsYwDz.exe
  C:\Windows\System\QCsYwDz.exe
  2⤵
  PID:8196
- C:\Windows\System\PcDsWIs.exe
  C:\Windows\System\PcDsWIs.exe
  2⤵
  PID:8220
- C:\Windows\System\tfvccpn.exe
  C:\Windows\System\tfvccpn.exe
  2⤵
  PID:8236
- C:\Windows\System\wMyVxzB.exe
  C:\Windows\System\wMyVxzB.exe
  2⤵
  PID:8268
- C:\Windows\System\mXPFyRB.exe
  C:\Windows\System\mXPFyRB.exe
  2⤵
  PID:8288
- C:\Windows\System\fFzuEDz.exe
  C:\Windows\System\fFzuEDz.exe
  2⤵
  PID:8308
- C:\Windows\System\WggZBdI.exe
  C:\Windows\System\WggZBdI.exe
  2⤵
  PID:8328
- C:\Windows\System\gpXVeyr.exe
  C:\Windows\System\gpXVeyr.exe
  2⤵
  PID:8356
- C:\Windows\System\cgpKxgp.exe
  C:\Windows\System\cgpKxgp.exe
  2⤵
  PID:8384
- C:\Windows\System\JAnjMQt.exe
  C:\Windows\System\JAnjMQt.exe
  2⤵
  PID:8404
- C:\Windows\System\ScnpGXv.exe
  C:\Windows\System\ScnpGXv.exe
  2⤵
  PID:8424
- C:\Windows\System\EpLDike.exe
  C:\Windows\System\EpLDike.exe
  2⤵
  PID:8444
- C:\Windows\System\AaWvlXk.exe
  C:\Windows\System\AaWvlXk.exe
  2⤵
  PID:8468
- C:\Windows\System\rGzPZtJ.exe
  C:\Windows\System\rGzPZtJ.exe
  2⤵
  PID:8496
- C:\Windows\System\qnuDrdP.exe
  C:\Windows\System\qnuDrdP.exe
  2⤵
  PID:8520
- C:\Windows\System\AxKmtaI.exe
  C:\Windows\System\AxKmtaI.exe
  2⤵
  PID:8544
- C:\Windows\System\COtXOqi.exe
  C:\Windows\System\COtXOqi.exe
  2⤵
  PID:8564
- C:\Windows\System\hSMmVCj.exe
  C:\Windows\System\hSMmVCj.exe
  2⤵
  PID:8584
- C:\Windows\System\ItDrQVo.exe
  C:\Windows\System\ItDrQVo.exe
  2⤵
  PID:8612
- C:\Windows\System\dDCNlYT.exe
  C:\Windows\System\dDCNlYT.exe
  2⤵
  PID:8628
- C:\Windows\System\iBVnFRR.exe
  C:\Windows\System\iBVnFRR.exe
  2⤵
  PID:8648
- C:\Windows\System\tRuZiTk.exe
  C:\Windows\System\tRuZiTk.exe
  2⤵
  PID:8672
- C:\Windows\System\sFFkclh.exe
  C:\Windows\System\sFFkclh.exe
  2⤵
  PID:8696
- C:\Windows\System\WecKHGl.exe
  C:\Windows\System\WecKHGl.exe
  2⤵
  PID:8720
- C:\Windows\System\eLCRGqO.exe
  C:\Windows\System\eLCRGqO.exe
  2⤵
  PID:8740
- C:\Windows\System\cHEoKjo.exe
  C:\Windows\System\cHEoKjo.exe
  2⤵
  PID:8760
- C:\Windows\System\fjaOtGQ.exe
  C:\Windows\System\fjaOtGQ.exe
  2⤵
  PID:8784
- C:\Windows\System\gaSlIoh.exe
  C:\Windows\System\gaSlIoh.exe
  2⤵
  PID:8804
- C:\Windows\System\ydzffOL.exe
  C:\Windows\System\ydzffOL.exe
  2⤵
  PID:8820
- C:\Windows\System\nPcSUUl.exe
  C:\Windows\System\nPcSUUl.exe
  2⤵
  PID:8844
- C:\Windows\System\vywNOWw.exe
  C:\Windows\System\vywNOWw.exe
  2⤵
  PID:8864
- C:\Windows\System\baNkGtk.exe
  C:\Windows\System\baNkGtk.exe
  2⤵
  PID:8884
- C:\Windows\System\sHZMxBH.exe
  C:\Windows\System\sHZMxBH.exe
  2⤵
  PID:8908
- C:\Windows\System\pmsMtfI.exe
  C:\Windows\System\pmsMtfI.exe
  2⤵
  PID:8928
- C:\Windows\System\GXtDXDi.exe
  C:\Windows\System\GXtDXDi.exe
  2⤵
  PID:8952
- C:\Windows\System\VovKzVO.exe
  C:\Windows\System\VovKzVO.exe
  2⤵
  PID:8972
- C:\Windows\System\BNPSfUf.exe
  C:\Windows\System\BNPSfUf.exe
  2⤵
  PID:8996
- C:\Windows\System\dtsYaGt.exe
  C:\Windows\System\dtsYaGt.exe
  2⤵
  PID:9020
- C:\Windows\System\oMlwMho.exe
  C:\Windows\System\oMlwMho.exe
  2⤵
  PID:9044
- C:\Windows\System\LQVCleR.exe
  C:\Windows\System\LQVCleR.exe
  2⤵
  PID:9064
- C:\Windows\System\sNBnujM.exe
  C:\Windows\System\sNBnujM.exe
  2⤵
  PID:9108
- C:\Windows\System\HnydwxZ.exe
  C:\Windows\System\HnydwxZ.exe
  2⤵
  PID:9132
- C:\Windows\System\FHxuuav.exe
  C:\Windows\System\FHxuuav.exe
  2⤵
  PID:9156
- C:\Windows\System\ThMRDpO.exe
  C:\Windows\System\ThMRDpO.exe
  2⤵
  PID:7480
- C:\Windows\System\CviqPbU.exe
  C:\Windows\System\CviqPbU.exe
  2⤵
  PID:9016
- C:\Windows\System\IgckpsL.exe
  C:\Windows\System\IgckpsL.exe
  2⤵
  PID:8680
- C:\Windows\System\PnqIrKh.exe
  C:\Windows\System\PnqIrKh.exe
  2⤵
  PID:8536
- C:\Windows\System\hKClDSk.exe
  C:\Windows\System\hKClDSk.exe
  2⤵
  PID:8320
- C:\Windows\System\JcJsFaj.exe
  C:\Windows\System\JcJsFaj.exe
  2⤵
  PID:7912
- C:\Windows\System\hTSpULM.exe
  C:\Windows\System\hTSpULM.exe
  2⤵
  PID:9140
- C:\Windows\System\BPSgCvm.exe
  C:\Windows\System\BPSgCvm.exe
  2⤵
  PID:7380
- C:\Windows\System\tiSksHo.exe
  C:\Windows\System\tiSksHo.exe
  2⤵
  PID:9252
- C:\Windows\System\HGWVHAh.exe
  C:\Windows\System\HGWVHAh.exe
  2⤵
  PID:9268
- C:\Windows\System\mJkTxqf.exe
  C:\Windows\System\mJkTxqf.exe
  2⤵
  PID:9292
- C:\Windows\System\FeMzRxM.exe
  C:\Windows\System\FeMzRxM.exe
  2⤵
  PID:9316
- C:\Windows\System\IWMsdqJ.exe
  C:\Windows\System\IWMsdqJ.exe
  2⤵
  PID:9340
- C:\Windows\System\oJadhpG.exe
  C:\Windows\System\oJadhpG.exe
  2⤵
  PID:9360
- C:\Windows\System\jAXuCkV.exe
  C:\Windows\System\jAXuCkV.exe
  2⤵
  PID:9388
- C:\Windows\System\MvvuOkE.exe
  C:\Windows\System\MvvuOkE.exe
  2⤵
  PID:9420
- C:\Windows\System\AGUBZbD.exe
  C:\Windows\System\AGUBZbD.exe
  2⤵
  PID:9440
- C:\Windows\System\IMOqoKe.exe
  C:\Windows\System\IMOqoKe.exe
  2⤵
  PID:9464
- C:\Windows\System\JBGLUoC.exe
  C:\Windows\System\JBGLUoC.exe
  2⤵
  PID:9484
- C:\Windows\System\zeigYEJ.exe
  C:\Windows\System\zeigYEJ.exe
  2⤵
  PID:9516
- C:\Windows\System\ZnWizTm.exe
  C:\Windows\System\ZnWizTm.exe
  2⤵
  PID:9564
- C:\Windows\System\IzUhtKn.exe
  C:\Windows\System\IzUhtKn.exe
  2⤵
  PID:9584
- C:\Windows\System\ZCtAEiW.exe
  C:\Windows\System\ZCtAEiW.exe
  2⤵
  PID:9620
- C:\Windows\System\nemvtdL.exe
  C:\Windows\System\nemvtdL.exe
  2⤵
  PID:9660
- C:\Windows\System\BDptqbU.exe
  C:\Windows\System\BDptqbU.exe
  2⤵
  PID:9680
- C:\Windows\System\sMBxJeU.exe
  C:\Windows\System\sMBxJeU.exe
  2⤵
  PID:9704
- C:\Windows\System\XYUvDWp.exe
  C:\Windows\System\XYUvDWp.exe
  2⤵
  PID:9748
- C:\Windows\System\sfxiYdj.exe
  C:\Windows\System\sfxiYdj.exe
  2⤵
  PID:9780
- C:\Windows\System\BGnHzrI.exe
  C:\Windows\System\BGnHzrI.exe
  2⤵
  PID:9800
- C:\Windows\System\nArlEMI.exe
  C:\Windows\System\nArlEMI.exe
  2⤵
  PID:9820
- C:\Windows\System\RBEfvnK.exe
  C:\Windows\System\RBEfvnK.exe
  2⤵
  PID:9836
- C:\Windows\System\ReNVaNA.exe
  C:\Windows\System\ReNVaNA.exe
  2⤵
  PID:9864
- C:\Windows\System\lproyYf.exe
  C:\Windows\System\lproyYf.exe
  2⤵
  PID:9880
- C:\Windows\System\HfGlZji.exe
  C:\Windows\System\HfGlZji.exe
  2⤵
  PID:9904
- C:\Windows\System\kYehslx.exe
  C:\Windows\System\kYehslx.exe
  2⤵
  PID:9920
- C:\Windows\System\ykbzICy.exe
  C:\Windows\System\ykbzICy.exe
  2⤵
  PID:9956
- C:\Windows\System\gohtNjG.exe
  C:\Windows\System\gohtNjG.exe
  2⤵
  PID:10040
- C:\Windows\System\eOHHhsy.exe
  C:\Windows\System\eOHHhsy.exe
  2⤵
  PID:10060
- C:\Windows\System\oaNSqOu.exe
  C:\Windows\System\oaNSqOu.exe
  2⤵
  PID:10084
- C:\Windows\System\kFuHVSy.exe
  C:\Windows\System\kFuHVSy.exe
  2⤵
  PID:10108
- C:\Windows\System\yGgeLpv.exe
  C:\Windows\System\yGgeLpv.exe
  2⤵
  PID:10128
- C:\Windows\System\yMPPwIX.exe
  C:\Windows\System\yMPPwIX.exe
  2⤵
  PID:10148
- C:\Windows\System\QfGVpZR.exe
  C:\Windows\System\QfGVpZR.exe
  2⤵
  PID:10172
- C:\Windows\System\xcYHciT.exe
  C:\Windows\System\xcYHciT.exe
  2⤵
  PID:10196
- C:\Windows\System\hDwBJwg.exe
  C:\Windows\System\hDwBJwg.exe
  2⤵
  PID:10216
- C:\Windows\System\AYJySEI.exe
  C:\Windows\System\AYJySEI.exe
  2⤵
  PID:8936
- C:\Windows\System\YRbaAQG.exe
  C:\Windows\System\YRbaAQG.exe
  2⤵
  PID:9260
- C:\Windows\System\kGtBaBY.exe
  C:\Windows\System\kGtBaBY.exe
  2⤵
  PID:9352
- C:\Windows\System\iUlBSlo.exe
  C:\Windows\System\iUlBSlo.exe
  2⤵
  PID:9428
- C:\Windows\System\ucOPWnf.exe
  C:\Windows\System\ucOPWnf.exe
  2⤵
  PID:9508
- C:\Windows\System\zSfqMtM.exe
  C:\Windows\System\zSfqMtM.exe
  2⤵
  PID:9548
- C:\Windows\System\nwTLdkz.exe
  C:\Windows\System\nwTLdkz.exe
  2⤵
  PID:9636
- C:\Windows\System\KGQRfbp.exe
  C:\Windows\System\KGQRfbp.exe
  2⤵
  PID:9720
- C:\Windows\System\VPCKkjR.exe
  C:\Windows\System\VPCKkjR.exe
  2⤵
  PID:9760
- C:\Windows\System\bpZEUba.exe
  C:\Windows\System\bpZEUba.exe
  2⤵
  PID:9808
- C:\Windows\System\phFXWDs.exe
  C:\Windows\System\phFXWDs.exe
  2⤵
  PID:9896
- C:\Windows\System\gWZQSdh.exe
  C:\Windows\System\gWZQSdh.exe
  2⤵
  PID:9936
- C:\Windows\System\NFIgMcZ.exe
  C:\Windows\System\NFIgMcZ.exe
  2⤵
  PID:3952
- C:\Windows\System\JTzSqdF.exe
  C:\Windows\System\JTzSqdF.exe
  2⤵
  PID:4320
- C:\Windows\System\qhaNskI.exe
  C:\Windows\System\qhaNskI.exe
  2⤵
  PID:10080
- C:\Windows\System\VbukkeA.exe
  C:\Windows\System\VbukkeA.exe
  2⤵
  PID:10140
- C:\Windows\System\qWvNlsA.exe
  C:\Windows\System\qWvNlsA.exe
  2⤵
  PID:10228
- C:\Windows\System\Bwtnqwa.exe
  C:\Windows\System\Bwtnqwa.exe
  2⤵
  PID:9396
- C:\Windows\System\GhKVecg.exe
  C:\Windows\System\GhKVecg.exe
  2⤵
  PID:9416
- C:\Windows\System\TCgSPnl.exe
  C:\Windows\System\TCgSPnl.exe
  2⤵
  PID:9652
- C:\Windows\System\VianzNn.exe
  C:\Windows\System\VianzNn.exe
  2⤵
  PID:9772
- C:\Windows\System\sKFdEVu.exe
  C:\Windows\System\sKFdEVu.exe
  2⤵
  PID:9912
- C:\Windows\System\FIVqCOv.exe
  C:\Windows\System\FIVqCOv.exe
  2⤵
  PID:9964
- C:\Windows\System\dKbuHUF.exe
  C:\Windows\System\dKbuHUF.exe
  2⤵
  PID:10100
- C:\Windows\System\JNcFSHx.exe
  C:\Windows\System\JNcFSHx.exe
  2⤵
  PID:10156
- C:\Windows\System\bcXMDSw.exe
  C:\Windows\System\bcXMDSw.exe
  2⤵
  PID:9412
- C:\Windows\System\lcdkoHO.exe
  C:\Windows\System\lcdkoHO.exe
  2⤵
  PID:9916
- C:\Windows\System\TQtgilz.exe
  C:\Windows\System\TQtgilz.exe
  2⤵
  PID:9528
- C:\Windows\System\tdePpzS.exe
  C:\Windows\System\tdePpzS.exe
  2⤵
  PID:10244
- C:\Windows\System\hNcIznS.exe
  C:\Windows\System\hNcIznS.exe
  2⤵
  PID:10268
- C:\Windows\System\FjeNCsr.exe
  C:\Windows\System\FjeNCsr.exe
  2⤵
  PID:10296
- C:\Windows\System\kWkRAvX.exe
  C:\Windows\System\kWkRAvX.exe
  2⤵
  PID:10316
- C:\Windows\System\wMUlIYM.exe
  C:\Windows\System\wMUlIYM.exe
  2⤵
  PID:10352
- C:\Windows\System\IZMqXkH.exe
  C:\Windows\System\IZMqXkH.exe
  2⤵
  PID:10372
- C:\Windows\System\ULtfLIM.exe
  C:\Windows\System\ULtfLIM.exe
  2⤵
  PID:10388
- C:\Windows\System\VpblEvf.exe
  C:\Windows\System\VpblEvf.exe
  2⤵
  PID:10448
- C:\Windows\System\PFZeDyL.exe
  C:\Windows\System\PFZeDyL.exe
  2⤵
  PID:10488
- C:\Windows\System\DkgmUTI.exe
  C:\Windows\System\DkgmUTI.exe
  2⤵
  PID:10532
- C:\Windows\System\FsjAhGj.exe
  C:\Windows\System\FsjAhGj.exe
  2⤵
  PID:10560
- C:\Windows\System\vrcaEyT.exe
  C:\Windows\System\vrcaEyT.exe
  2⤵
  PID:10576
- C:\Windows\System\ZhzQtQn.exe
  C:\Windows\System\ZhzQtQn.exe
  2⤵
  PID:10592
- C:\Windows\System\zvKkwcO.exe
  C:\Windows\System\zvKkwcO.exe
  2⤵
  PID:10620
- C:\Windows\System\TuXnxob.exe
  C:\Windows\System\TuXnxob.exe
  2⤵
  PID:10652
- C:\Windows\System\JkJgbnl.exe
  C:\Windows\System\JkJgbnl.exe
  2⤵
  PID:10676
- C:\Windows\System\BvHhVTh.exe
  C:\Windows\System\BvHhVTh.exe
  2⤵
  PID:10696
- C:\Windows\System\DUEBIAC.exe
  C:\Windows\System\DUEBIAC.exe
  2⤵
  PID:10732
- C:\Windows\System\iJnsMfs.exe
  C:\Windows\System\iJnsMfs.exe
  2⤵
  PID:10784
- C:\Windows\System\UkNCQmG.exe
  C:\Windows\System\UkNCQmG.exe
  2⤵
  PID:10800
- C:\Windows\System\kNQpLPz.exe
  C:\Windows\System\kNQpLPz.exe
  2⤵
  PID:10828
- C:\Windows\System\JQBaYLO.exe
  C:\Windows\System\JQBaYLO.exe
  2⤵
  PID:10852
- C:\Windows\System\RheyqYd.exe
  C:\Windows\System\RheyqYd.exe
  2⤵
  PID:10872
- C:\Windows\System\JTPtiEz.exe
  C:\Windows\System\JTPtiEz.exe
  2⤵
  PID:10888
- C:\Windows\System\lvyKOuT.exe
  C:\Windows\System\lvyKOuT.exe
  2⤵
  PID:10912
- C:\Windows\System\fOSMqIM.exe
  C:\Windows\System\fOSMqIM.exe
  2⤵
  PID:10932
- C:\Windows\System\WQkmSjX.exe
  C:\Windows\System\WQkmSjX.exe
  2⤵
  PID:10956
- C:\Windows\System\asFlQKn.exe
  C:\Windows\System\asFlQKn.exe
  2⤵
  PID:10984
- C:\Windows\System\vSHxTUC.exe
  C:\Windows\System\vSHxTUC.exe
  2⤵
  PID:11004
- C:\Windows\System\OgqpFXb.exe
  C:\Windows\System\OgqpFXb.exe
  2⤵
  PID:11032
- C:\Windows\System\JVyQwZo.exe
  C:\Windows\System\JVyQwZo.exe
  2⤵
  PID:11108
- C:\Windows\System\egVQLbd.exe
  C:\Windows\System\egVQLbd.exe
  2⤵
  PID:11128
- C:\Windows\System\guBnJZW.exe
  C:\Windows\System\guBnJZW.exe
  2⤵
  PID:11156
- C:\Windows\System\QdfeoOf.exe
  C:\Windows\System\QdfeoOf.exe
  2⤵
  PID:11184
- C:\Windows\System\tmbdeMQ.exe
  C:\Windows\System\tmbdeMQ.exe
  2⤵
  PID:11216
- C:\Windows\System\VhhStQE.exe
  C:\Windows\System\VhhStQE.exe
  2⤵
  PID:11240
- C:\Windows\System\ijWNqNG.exe
  C:\Windows\System\ijWNqNG.exe
  2⤵
  PID:10144
- C:\Windows\System\jtNrLZi.exe
  C:\Windows\System\jtNrLZi.exe
  2⤵
  PID:9228
- C:\Windows\System\XCitKbo.exe
  C:\Windows\System\XCitKbo.exe
  2⤵
  PID:10348
- C:\Windows\System\Gsctuot.exe
  C:\Windows\System\Gsctuot.exe
  2⤵
  PID:10364
- C:\Windows\System\BOujLVl.exe
  C:\Windows\System\BOujLVl.exe
  2⤵
  PID:10464
- C:\Windows\System\sKcoHeC.exe
  C:\Windows\System\sKcoHeC.exe
  2⤵
  PID:10484
- C:\Windows\System\XJWsJGh.exe
  C:\Windows\System\XJWsJGh.exe
  2⤵
  PID:10604
- C:\Windows\System\mDVrPMh.exe
  C:\Windows\System\mDVrPMh.exe
  2⤵
  PID:10668
- C:\Windows\System\fzSSaYD.exe
  C:\Windows\System\fzSSaYD.exe
  2⤵
  PID:10728
- C:\Windows\System\gTbUUQz.exe
  C:\Windows\System\gTbUUQz.exe
  2⤵
  PID:10776
- C:\Windows\System\BTfELtb.exe
  C:\Windows\System\BTfELtb.exe
  2⤵
  PID:10824
- C:\Windows\System\VaGtaOt.exe
  C:\Windows\System\VaGtaOt.exe
  2⤵
  PID:10904
- C:\Windows\System\LkECDel.exe
  C:\Windows\System\LkECDel.exe
  2⤵
  PID:10996
- C:\Windows\System\mdQxQvQ.exe
  C:\Windows\System\mdQxQvQ.exe
  2⤵
  PID:11016
- C:\Windows\System\fdMmhsa.exe
  C:\Windows\System\fdMmhsa.exe
  2⤵
  PID:11120
- C:\Windows\System\QPNJahc.exe
  C:\Windows\System\QPNJahc.exe
  2⤵
  PID:11136
- C:\Windows\System\FnLdDhT.exe
  C:\Windows\System\FnLdDhT.exe
  2⤵
  PID:11228
- C:\Windows\System\ZCbFNYs.exe
  C:\Windows\System\ZCbFNYs.exe
  2⤵
  PID:10328
- C:\Windows\System\RsJBdhR.exe
  C:\Windows\System\RsJBdhR.exe
  2⤵
  PID:10508
- C:\Windows\System\OhwXEJt.exe
  C:\Windows\System\OhwXEJt.exe
  2⤵
  PID:10528
- C:\Windows\System\bPLARnF.exe
  C:\Windows\System\bPLARnF.exe
  2⤵
  PID:10900
- C:\Windows\System\NoZXmdK.exe
  C:\Windows\System\NoZXmdK.exe
  2⤵
  PID:11248
- C:\Windows\System\mHEzOQH.exe
  C:\Windows\System\mHEzOQH.exe
  2⤵
  PID:11268
- C:\Windows\System\diPRypj.exe
  C:\Windows\System\diPRypj.exe
  2⤵
  PID:11284
- C:\Windows\System\fsOQGmn.exe
  C:\Windows\System\fsOQGmn.exe
  2⤵
  PID:11360
- C:\Windows\System\BsITiNv.exe
  C:\Windows\System\BsITiNv.exe
  2⤵
  PID:11400
- C:\Windows\System\rbfzxJy.exe
  C:\Windows\System\rbfzxJy.exe
  2⤵
  PID:11460
- C:\Windows\System\laoTovk.exe
  C:\Windows\System\laoTovk.exe
  2⤵
  PID:11500
- C:\Windows\System\NGPNYUw.exe
  C:\Windows\System\NGPNYUw.exe
  2⤵
  PID:11520
- C:\Windows\System\JuSOPfy.exe
  C:\Windows\System\JuSOPfy.exe
  2⤵
  PID:11552
- C:\Windows\System\tiNPEUt.exe
  C:\Windows\System\tiNPEUt.exe
  2⤵
  PID:11592
- C:\Windows\System\QizSaCM.exe
  C:\Windows\System\QizSaCM.exe
  2⤵
  PID:11612
- C:\Windows\System\JWoPTur.exe
  C:\Windows\System\JWoPTur.exe
  2⤵
  PID:11644
- C:\Windows\System\VsESEaW.exe
  C:\Windows\System\VsESEaW.exe
  2⤵
  PID:11680
- C:\Windows\System\pfEOnfY.exe
  C:\Windows\System\pfEOnfY.exe
  2⤵
  PID:11696
- C:\Windows\System\ZGuNYTJ.exe
  C:\Windows\System\ZGuNYTJ.exe
  2⤵
  PID:11716
- C:\Windows\System\aEZSAOP.exe
  C:\Windows\System\aEZSAOP.exe
  2⤵
  PID:11740
- C:\Windows\System\WbgGGBH.exe
  C:\Windows\System\WbgGGBH.exe
  2⤵
  PID:11780
- C:\Windows\System\CTMvUAw.exe
  C:\Windows\System\CTMvUAw.exe
  2⤵
  PID:11808
- C:\Windows\System\JYELzVb.exe
  C:\Windows\System\JYELzVb.exe
  2⤵
  PID:11848
- C:\Windows\System\MMnEpUf.exe
  C:\Windows\System\MMnEpUf.exe
  2⤵
  PID:11872
- C:\Windows\System\LekUdQE.exe
  C:\Windows\System\LekUdQE.exe
  2⤵
  PID:11892
- C:\Windows\System\TzaNgtz.exe
  C:\Windows\System\TzaNgtz.exe
  2⤵
  PID:11912
- C:\Windows\System\EgIvOZF.exe
  C:\Windows\System\EgIvOZF.exe
  2⤵
  PID:11936
- C:\Windows\System\dlVBfNY.exe
  C:\Windows\System\dlVBfNY.exe
  2⤵
  PID:11956
- C:\Windows\System\NJeVMBL.exe
  C:\Windows\System\NJeVMBL.exe
  2⤵
  PID:11980
- C:\Windows\System\SCxFiAH.exe
  C:\Windows\System\SCxFiAH.exe
  2⤵
  PID:11996
- C:\Windows\System\cGxoEMz.exe
  C:\Windows\System\cGxoEMz.exe
  2⤵
  PID:12040
- C:\Windows\System\NbTkgtn.exe
  C:\Windows\System\NbTkgtn.exe
  2⤵
  PID:12080
- C:\Windows\System\LexGBoo.exe
  C:\Windows\System\LexGBoo.exe
  2⤵
  PID:12104
- C:\Windows\System\uYwmkPO.exe
  C:\Windows\System\uYwmkPO.exe
  2⤵
  PID:12124
- C:\Windows\System\bEvOAYA.exe
  C:\Windows\System\bEvOAYA.exe
  2⤵
  PID:12148
- C:\Windows\System\iuHbQzO.exe
  C:\Windows\System\iuHbQzO.exe
  2⤵
  PID:12200
- C:\Windows\System\qplBDZw.exe
  C:\Windows\System\qplBDZw.exe
  2⤵
  PID:12220
- C:\Windows\System\BGhtNxX.exe
  C:\Windows\System\BGhtNxX.exe
  2⤵
  PID:12248
- C:\Windows\System\xoYuDMF.exe
  C:\Windows\System\xoYuDMF.exe
  2⤵
  PID:10612
- C:\Windows\System\ZHxldLa.exe
  C:\Windows\System\ZHxldLa.exe
  2⤵
  PID:10884
- C:\Windows\System\AxXfhcv.exe
  C:\Windows\System\AxXfhcv.exe
  2⤵
  PID:10344
- C:\Windows\System\PiIsbrX.exe
  C:\Windows\System\PiIsbrX.exe
  2⤵
  PID:11092
- C:\Windows\System\oBLIgxN.exe
  C:\Windows\System\oBLIgxN.exe
  2⤵
  PID:11320
- C:\Windows\System\OrXmPOY.exe
  C:\Windows\System\OrXmPOY.exe
  2⤵
  PID:10692
- C:\Windows\System\xsCdqZw.exe
  C:\Windows\System\xsCdqZw.exe
  2⤵
  PID:10980
- C:\Windows\System\huCDReO.exe
  C:\Windows\System\huCDReO.exe
  2⤵
  PID:11316
- C:\Windows\System\uMRppSY.exe
  C:\Windows\System\uMRppSY.exe
  2⤵
  PID:11476
- C:\Windows\System\KOxCMsB.exe
  C:\Windows\System\KOxCMsB.exe
  2⤵
  PID:11540
- C:\Windows\System\NwUZTPt.exe
  C:\Windows\System\NwUZTPt.exe
  2⤵
  PID:11624
- C:\Windows\System\qGVKeTo.exe
  C:\Windows\System\qGVKeTo.exe
  2⤵
  PID:11652
- C:\Windows\System\yPYYLSU.exe
  C:\Windows\System\yPYYLSU.exe
  2⤵
  PID:11708
- C:\Windows\System\XidDUMR.exe
  C:\Windows\System\XidDUMR.exe
  2⤵
  PID:11772
- C:\Windows\System\eOcHdNB.exe
  C:\Windows\System\eOcHdNB.exe
  2⤵
  PID:11828
- C:\Windows\System\hIJFKxh.exe
  C:\Windows\System\hIJFKxh.exe
  2⤵
  PID:11860
- C:\Windows\System\kIoPash.exe
  C:\Windows\System\kIoPash.exe
  2⤵
  PID:11924
- C:\Windows\System\qkcLvrd.exe
  C:\Windows\System\qkcLvrd.exe
  2⤵
  PID:11972
- C:\Windows\System\hwhAquO.exe
  C:\Windows\System\hwhAquO.exe
  2⤵
  PID:12020
- C:\Windows\System\aObawaV.exe
  C:\Windows\System\aObawaV.exe
  2⤵
  PID:744
- C:\Windows\System\KOQObYc.exe
  C:\Windows\System\KOQObYc.exe
  2⤵
  PID:12076
- C:\Windows\System\pKwgwsz.exe
  C:\Windows\System\pKwgwsz.exe
  2⤵
  PID:12136
- C:\Windows\System\IofFqnY.exe
  C:\Windows\System\IofFqnY.exe
  2⤵
  PID:12216
- C:\Windows\System\LbWrbwy.exe
  C:\Windows\System\LbWrbwy.exe
  2⤵
  PID:4268
- C:\Windows\System\oEmPwmc.exe
  C:\Windows\System\oEmPwmc.exe
  2⤵
  PID:11280
- C:\Windows\System\JmceMoq.exe
  C:\Windows\System\JmceMoq.exe
  2⤵
  PID:10860
- C:\Windows\System\tYKmFJB.exe
  C:\Windows\System\tYKmFJB.exe
  2⤵
  PID:11448
- C:\Windows\System\lIfLbNq.exe
  C:\Windows\System\lIfLbNq.exe
  2⤵
  PID:11672
- C:\Windows\System\YkovSgI.exe
  C:\Windows\System\YkovSgI.exe
  2⤵
  PID:11920
- C:\Windows\System\LffVjih.exe
  C:\Windows\System\LffVjih.exe
  2⤵
  PID:11908
- C:\Windows\System\nbrmvoK.exe
  C:\Windows\System\nbrmvoK.exe
  2⤵
  PID:12072
- C:\Windows\System\OJTMoeG.exe
  C:\Windows\System\OJTMoeG.exe
  2⤵
  PID:12240
- C:\Windows\System\TqgRcUc.exe
  C:\Windows\System\TqgRcUc.exe
  2⤵
  PID:11368
- C:\Windows\System\RPphkpR.exe
  C:\Windows\System\RPphkpR.exe
  2⤵
  PID:11436
- C:\Windows\System\CmxFvcP.exe
  C:\Windows\System\CmxFvcP.exe
  2⤵
  PID:11804
- C:\Windows\System\VCyPWzK.exe
  C:\Windows\System\VCyPWzK.exe
  2⤵
  PID:11948
- C:\Windows\System\FeEBwur.exe
  C:\Windows\System\FeEBwur.exe
  2⤵
  PID:12180
- C:\Windows\System\wmPKVBl.exe
  C:\Windows\System\wmPKVBl.exe
  2⤵
  PID:11428
- C:\Windows\System\PHvqTat.exe
  C:\Windows\System\PHvqTat.exe
  2⤵
  PID:11276
- C:\Windows\System\gIMdoQY.exe
  C:\Windows\System\gIMdoQY.exe
  2⤵
  PID:12308
- C:\Windows\System\hXkiAoe.exe
  C:\Windows\System\hXkiAoe.exe
  2⤵
  PID:12328
- C:\Windows\System\UeWHRzV.exe
  C:\Windows\System\UeWHRzV.exe
  2⤵
  PID:12352
- C:\Windows\System\FDZtKsr.exe
  C:\Windows\System\FDZtKsr.exe
  2⤵
  PID:12384
- C:\Windows\System\qcXCupc.exe
  C:\Windows\System\qcXCupc.exe
  2⤵
  PID:12408
- C:\Windows\System\wqdEiQB.exe
  C:\Windows\System\wqdEiQB.exe
  2⤵
  PID:12428
- C:\Windows\System\fNkqKnY.exe
  C:\Windows\System\fNkqKnY.exe
  2⤵
  PID:12456
- C:\Windows\System\eEvYEhi.exe
  C:\Windows\System\eEvYEhi.exe
  2⤵
  PID:12492
- C:\Windows\System\OWeescf.exe
  C:\Windows\System\OWeescf.exe
  2⤵
  PID:12516
- C:\Windows\System\FaauaCY.exe
  C:\Windows\System\FaauaCY.exe
  2⤵
  PID:12568
- C:\Windows\System\ofuWLeo.exe
  C:\Windows\System\ofuWLeo.exe
  2⤵
  PID:12608
- C:\Windows\System\fEazbzk.exe
  C:\Windows\System\fEazbzk.exe
  2⤵
  PID:12628
- C:\Windows\System\ZovoeFs.exe
  C:\Windows\System\ZovoeFs.exe
  2⤵
  PID:12664
- C:\Windows\System\OHstmfC.exe
  C:\Windows\System\OHstmfC.exe
  2⤵
  PID:12688
- C:\Windows\System\AeEcufu.exe
  C:\Windows\System\AeEcufu.exe
  2⤵
  PID:12712
- C:\Windows\System\IOuWTIl.exe
  C:\Windows\System\IOuWTIl.exe
  2⤵
  PID:12740
- C:\Windows\System\WePFhHs.exe
  C:\Windows\System\WePFhHs.exe
  2⤵
  PID:12764
- C:\Windows\System\RNnLPQh.exe
  C:\Windows\System\RNnLPQh.exe
  2⤵
  PID:12788
- C:\Windows\System\QWcYpxW.exe
  C:\Windows\System\QWcYpxW.exe
  2⤵
  PID:12812
- C:\Windows\System\pnGdANE.exe
  C:\Windows\System\pnGdANE.exe
  2⤵
  PID:12844
- C:\Windows\System\wcBOCYI.exe
  C:\Windows\System\wcBOCYI.exe
  2⤵
  PID:12872
- C:\Windows\System\FkQqXpQ.exe
  C:\Windows\System\FkQqXpQ.exe
  2⤵
  PID:12900
- C:\Windows\System\eXgvbgP.exe
  C:\Windows\System\eXgvbgP.exe
  2⤵
  PID:12924
- C:\Windows\System\Dsmroto.exe
  C:\Windows\System\Dsmroto.exe
  2⤵
  PID:12944
- C:\Windows\System\qvuMRzw.exe
  C:\Windows\System\qvuMRzw.exe
  2⤵
  PID:12964
- C:\Windows\System\uVoKEdq.exe
  C:\Windows\System\uVoKEdq.exe
  2⤵
  PID:12988
- C:\Windows\System\MsVidUr.exe
  C:\Windows\System\MsVidUr.exe
  2⤵
  PID:13052
- C:\Windows\System\lQkpnig.exe
  C:\Windows\System\lQkpnig.exe
  2⤵
  PID:13072
- C:\Windows\System\yfNUxMh.exe
  C:\Windows\System\yfNUxMh.exe
  2⤵
  PID:13092
- C:\Windows\System\DgcBKUv.exe
  C:\Windows\System\DgcBKUv.exe
  2⤵
  PID:13156
- C:\Windows\System\DDuZWLA.exe
  C:\Windows\System\DDuZWLA.exe
  2⤵
  PID:13172
- C:\Windows\System\MZPUlQl.exe
  C:\Windows\System\MZPUlQl.exe
  2⤵
  PID:12396
- C:\Windows\System\oJBXGvZ.exe
  C:\Windows\System\oJBXGvZ.exe
  2⤵
  PID:12752
- C:\Windows\System\msbmYWw.exe
  C:\Windows\System\msbmYWw.exe
  2⤵
  PID:12808
- C:\Windows\System\EXdpyTg.exe
  C:\Windows\System\EXdpyTg.exe
  2⤵
  PID:12836
- C:\Windows\System\pTtGTiL.exe
  C:\Windows\System\pTtGTiL.exe
  2⤵
  PID:12892
- C:\Windows\System\YSsWgMX.exe
  C:\Windows\System\YSsWgMX.exe
  2⤵
  PID:12940
- C:\Windows\System\yxhEWnL.exe
  C:\Windows\System\yxhEWnL.exe
  2⤵
  PID:12980
- C:\Windows\System\owyKGye.exe
  C:\Windows\System\owyKGye.exe
  2⤵
  PID:13064
- C:\Windows\System\PASFwfr.exe
  C:\Windows\System\PASFwfr.exe
  2⤵
  PID:13140
- C:\Windows\System\kBdombW.exe
  C:\Windows\System\kBdombW.exe
  2⤵
  PID:1960
- C:\Windows\System\NEHGpJv.exe
  C:\Windows\System\NEHGpJv.exe
  2⤵
  PID:13196
- C:\Windows\System\GwxCzKy.exe
  C:\Windows\System\GwxCzKy.exe
  2⤵
  PID:13232
- C:\Windows\System\UnHHjCX.exe
  C:\Windows\System\UnHHjCX.exe
  2⤵
  PID:13260
- C:\Windows\System\RvOsjmM.exe
  C:\Windows\System\RvOsjmM.exe
  2⤵
  PID:13248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pfdggwzk.sab.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BiRhEmb.exe

Filesize
2.2MB

MD5
33cd2e1bf8074af0cc93bfc997001083

SHA1
bb3dcab2b6b2ce69366c74bc70e541b840ea07d1

SHA256
1c36b24d13d23e1582df776272852c6305b2c6ae205a8c18ecf72c91c2cbffd7

SHA512
24262dfaeea0d388977491fc7b0e7f05205b5f5244b14f6c5aa7be07bdb6439418c3a8ff48980fc5f739cd352029e12099afc120606c83d2d028c369188813bd

Download Submit
C:\Windows\System\CfkbzfT.exe

Filesize
2.2MB

MD5
e213f7942819f6687163293931a7444a

SHA1
efe159619477f1cdd6b274d52439224cdfd81e09

SHA256
75a6b3ea9e86140ef476bc89600fb61632155db6ef2e75bf1a84372ef74249d3

SHA512
589a6331f9bdbb2be31b3ba626edcc030fbedca41683a764327976e63dedc4c38edea12539111a4500e9cee1dd1b014428c5a617eb233815bb6ceaf1d877c8a2

Download Submit
C:\Windows\System\CgGaSDC.exe

Filesize
2.2MB

MD5
da3ea703d9a1546554b69c5f4f65c06c

SHA1
2d10658a427e89cdba218d80f435c0a5b6fdf72a

SHA256
0986fae32e31c4d2f6bb0ee0279095ba6e6988bf3b8d6b0b8222081f078f46d6

SHA512
70f16cac9063604dc2890b7b38e7e1d771a8d3a4bb701eefc5850ca7d3ceff695e241d087553cb4ccef99b2336a0304dab9be52bc5d07170fc91bb562f545ec3

Download Submit
C:\Windows\System\ECDEbkJ.exe

Filesize
2.2MB

MD5
1e428bb0872fa397308d42930f3d2d8b

SHA1
bae57edca1800a132a301c423fe57ad8b65fcdac

SHA256
953013e5bb7edd18eef569f876360872fc6ab2bb0dc71e39dfea2c8a72db0db7

SHA512
8b9abddddae439d6eb5e8482a94143e4a0a0c09457b0f4a311b585cad72d9c86d9990b543d8290658fef79a6bb7d6bca85ded2fdcf2ab95df2af84f93ce70fbb

Download Submit
C:\Windows\System\EVaeKBa.exe

Filesize
2.2MB

MD5
58bc30d7f660d2dad242ae5bc5e080ed

SHA1
6678a0de015b0899792e6cffe34bc78020a6516d

SHA256
decc03802c48dab31f997e5981f97d485ffc497350140a66850c8f14053c416c

SHA512
228801fd6fefd1d9e16e2af6568abb8c0d342701c4230469228e6bde486141d1b0fe213cc937a8d60ca73f1108adef01d7cf849d24a1db3ae8ff3ce129f72d2f

Download Submit
C:\Windows\System\FJnqHgt.exe

Filesize
2.2MB

MD5
23e2467334e81689ccd42bdfbbed6943

SHA1
3459a39b0fe8ebb1536fe0591f39755d3dc496ad

SHA256
5133a92b58d88eb02c4f1f091212723ae315a4123dd5d6aee36f3ef2491240fa

SHA512
45aeb3cf821f16b78bceffb784922fcf316fa7d847c379804a12c775730e183c7d6e70b5035423c4a0c31e1b1fe225e8e4c3d27b66ccebde517b4d77040ce8fc

Download Submit
C:\Windows\System\IAjvOdN.exe

Filesize
2.2MB

MD5
36ccec63d90aa82f65a134ad3b3fadc2

SHA1
bae1ca571cea7731098dd11010c7e5d3dd4c9e74

SHA256
eb8541b99a66aee8f052611d7b816f3eebbe427869eb7da90daadf57962787fd

SHA512
333c421b3f0bcda9eee808782290a7696a4c4df234043f5d6bea760580ca4895914eb423eaa3f312f322ae64f15abf2dcd9a99ad5785d3f13aed032c1a4ca37d

Download Submit
C:\Windows\System\KfmuCAa.exe

Filesize
2.2MB

MD5
a733c3e16e9a9c756d5618de121aff14

SHA1
984e68559e165c4f446eb0960cb05825053dec43

SHA256
2f305d6fa584aeba4e106b27335caf1ac41d454f93aa4ac9a24108c44c6bf8f0

SHA512
de7617c09540d1964c0485b4e77358917069b21b412316e321e501ff89ea57ae3ecea3cc6a905b6bf86bc389f02ff8341211ad585b77939f74aed566c6fc131d

Download Submit
C:\Windows\System\KrUrzUB.exe

Filesize
2.2MB

MD5
5886bdc1bcac598c10e5cf990e4829a5

SHA1
0c26307efb4eb93df35ff8c505c34e2cd8f5f57e

SHA256
76ef31c0342aea82395f0e1ffa5a51a9901b3c7b2fa08302f3cb498998ddb848

SHA512
776d9120c66f9ccbf1fa0f3f2c66b66a892e3492282c6fe74d5fda5ae8e54f9b79c23e82ec9f62a1c02bcbdc9512aed8aba157db4a108df1c7456c2b277c4929

Download Submit
C:\Windows\System\LnvmZPx.exe

Filesize
2.2MB

MD5
8127eee72b9231921080bb030f518d6f

SHA1
3886f2af99c45514578862d5afa2033a68e19864

SHA256
7a7657fbac7179cc6558a60d73e5e9ccf2d531999c8f0d7ac28d50e0bf3a21cd

SHA512
50dad73ce34b64558d81cc42b65e1c4df70923bb6161d7e59b9d3ddc2d2a01efbed67388fa2ee985cdb1c7fb9742c65d25d3ca20ed5c9e3f6412c6c178be8f5d

Download Submit
C:\Windows\System\MluvoHY.exe

Filesize
2.2MB

MD5
a6cec601e6681e72389e3885466792eb

SHA1
597e6c0d63ececd1e03a1bbe18a98a9a349e3736

SHA256
33990df1bb0fd99be39988ad73ff4533f6666826d7b2dfeb3811d0236e591d2f

SHA512
dc1d7c9a007fe56c7740e6b30a53135bc256c0498b4ca23d13ac9a6df78192f81d8f11117d67200254834c240b5f12f4d2c2d9014877d98f590ee8519529094b

Download Submit
C:\Windows\System\NDiDHrM.exe

Filesize
2.2MB

MD5
e25f205f6f1653d1ec33bdbf3ba31d86

SHA1
b3621d7f1ef78154d7fe11b96cb3a99e577c483d

SHA256
61c72a608934a69d4dc8a91f1335b16f7f5673b6d9c8c202ed26a4d6ed1d8f69

SHA512
2a5ba1b082ae7c2509db509f5976cc8c4ceb2ac5230cf07c9618adb8cc4d3202a8fdc6171104a9c9556f02692ff91169ced9bd09ece06857f0fba9e22d3bb7c5

Download Submit
C:\Windows\System\QFWFHtF.exe

Filesize
2.2MB

MD5
971b19055b165425c9fec810003fcc90

SHA1
4d6982f7573c0f031fce8717bd194e499fd0f74e

SHA256
efc3bbd6a0ed1a8981f7d3e8c57eb46a89edf3a3132ca8011a70288eb1322ca1

SHA512
e9607c6cab12a28f0ffd96b933dddf968bb6fa853ac51046fde36281e79c7349992c2e94f31e7254f546f3a4f75cd56cf1af8f958aafcb8132a76922b05121eb

Download Submit
C:\Windows\System\RddOyXq.exe

Filesize
2.2MB

MD5
44d426ec0cc3caa6240d3abfc30d46b2

SHA1
87635ff100a8f0ec98c61fc6576f9c0a307e8cbe

SHA256
a40ececa4ef8d282f7637821b5f8c50c8d9194dc1aad4b98e7d628a6674fd9b9

SHA512
d514e18f7032f01fad693c3ba79733d92b60932e48309f800375af96421f7bad4079a8531d3968ec04f416aeaf336f512dde5fb51e622fd85fe149c61c32e568

Download Submit
C:\Windows\System\ReUkpRX.exe

Filesize
2.2MB

MD5
de190adb50937eb9cd97b66bbe08ba5d

SHA1
45b79102dbdfc8d53dfdb5ec2def52b1558d2c62

SHA256
24d69694c387f34aa1dc3b62099a47383d2e710f98d5902df2c26cfd23a4c68d

SHA512
dad6e4a78743e3ccb69dbe8ee8338d89e0fa6aa722e15bb677099d45bec77d9f850fabecd765acf014792689853d910b52c09ac2ddd6b97c96ddfa7298f1b192

Download Submit
C:\Windows\System\UZDBhQL.exe

Filesize
2.2MB

MD5
b17911110fca221adb80482926899258

SHA1
6328b0a19b6010739d789877a6a10d1335c2c032

SHA256
e1e9f9c7232d9665fef89a16e117f1b821e418a7878a499743c690f250668397

SHA512
64919d232537c694b98f8bac91f02e8fcc0f775b4200c5c9de9292de6e22646377a4a3908e0d99271c07271ff4395d039cecd902c168e4479647f6d4bf034e81

Download Submit
C:\Windows\System\VAEusoR.exe

Filesize
2.2MB

MD5
ed2196e641135c020ec7cb096582d44f

SHA1
34e706fd10d100d669d3e0ddf1560593ecaa4614

SHA256
db5038b3a5a3555a4a447d6e9b972b4a5ba85c24d1cf50249431a8907c896acb

SHA512
b1f28d014c7a74221afccd1c6f69c3d1fccd025812d1b59852b1cd3e3ba137f24e15837de88fbb22300a2f5e1de5df9a4fc4dbf79896a0bdd606cf2e65beeb15

Download Submit
C:\Windows\System\XAKEFcg.exe

Filesize
2.2MB

MD5
08d82840a5269709ef46b8d5ccffab90

SHA1
56dfc6200cce8710ed3be2c97ec8223503fda884

SHA256
7e600dc2ae11ea92fd2b2dcf39be40bec32ef2e71df12c0614e587cb10ca2e38

SHA512
6687ca5d3d15f343d95e0351ab9cf99d839ddfd09d5487c9d41dcbd2786ac2406c57a11ac2a9570a51a0b90212b0e5ae8bd2551c816d641c4a88910056f3f6fe

Download Submit
C:\Windows\System\etsjRYG.exe

Filesize
2.2MB

MD5
7ab786e0b9bde1f3dd1f536b0cae8d7a

SHA1
1f499cc165050d5a99ef879fe3ba552ed6e1179a

SHA256
f2de88bb89184378cf051982b412e7a2e9636a40087a68de377f012e1476d194

SHA512
dd55258c5246b35c25e60f82f917048f73ec6c8932197aa2211766998cf13276eb616d9464d23e834ba3fce1ab928575b25a3ae3caee72f61b5dea92e0cb6ffa

Download Submit
C:\Windows\System\kSJuHNz.exe

Filesize
2.2MB

MD5
05a63b745488777961cb3a9c76813543

SHA1
6c570ff5f4fb21f2d8d123d2da7d07a6efe97e31

SHA256
6ce41e6adccdd1dac463f8243db27562f818c4aeede6c575b0cc46aa25c77682

SHA512
57a45b053ec50f3564de163e7a602254925830919a0f62b7108b2d3c86b29ecf13c4ccf5e2d474c9553468bae9142b3771877342240d4e3e7bbe33d7650d90a8

Download Submit
C:\Windows\System\koOevnB.exe

Filesize
2.2MB

MD5
29c8876ac88f47e09a279ba9256ca51e

SHA1
382a95d8b90d259138c8fb1f5abda68d67cc37d9

SHA256
0aacae6b3df1788049e71c3601c4926f8c071b2a0e74dc4f4fac241866420290

SHA512
d1d3650cbcbd80d145fa14e9d3a86706299f2f1d417a09be9927e908f0bf5fba1e75b244fbc1f3e44000f5ff7ab486b86d6e2d8aee6415cb8c9d073fed78af54

Download Submit
C:\Windows\System\lBvybPt.exe

Filesize
2.2MB

MD5
49d3ccb1ab5b30cd179a7289f64c7bd9

SHA1
4969eb152ecda00063809d90bb2699befa05480f

SHA256
8ad8a6e6e7132a11677bad396db6b07bbd1920b61b92b8ef863c2c48dd7088f1

SHA512
b2a2e1c05a5aa1a3cfb647c3339589fca64a253b3ced032c330d66b026e513d0339fd82ad950ab0ef7a4d62090f797e329d46147320d39ad65c675ef994e060d

Download Submit
C:\Windows\System\lMKNVJb.exe

Filesize
2.2MB

MD5
d6a72de5adfc480371b850f7078c2f58

SHA1
cf87422501cf1315b3041fef47b6dcb114df58c0

SHA256
f70defcd43e7680c04176a2932a92a71e13465900900e729184a4b6624a1872c

SHA512
6b9223c35cf770a6bcef8599ef990c1201d1491a8a07bde5bc78264e4a2e1fd3386a87904d15e4b729af159e2db95a80335b7e8617792d2ecd2f87623a66c7e3

Download Submit
C:\Windows\System\nWkjEwH.exe

Filesize
2.2MB

MD5
ec45eac87ae385a96b3bf154672cde5e

SHA1
ad71ba24c09fdcc6257ab02ca93ce2848df6e57c

SHA256
d8728f5288cfc0d903af58b235e16e9d1353bb0ede8a1a9e72f575effde239a1

SHA512
493a0bea877d5e535f4cd97023b890ea6c1953a174e903578907ceaa31137a8b4fbe92f7ccb8158ad07a705158b551a2fc9180bdbdfb3f853c35182a7b78fd74

Download Submit
C:\Windows\System\pUWSWoQ.exe

Filesize
2.2MB

MD5
54e6ff0b19348cdb2ac4e85f8b96ae0c

SHA1
0e6193da6642f5c1893a89b288baf84875a40417

SHA256
cd3ab4d6e93ac09ef707f5c937b86d8ca8204fadb536b6d4c5de9fe073e9c1d0

SHA512
5df63c4064b3cde71a198a4cb7136b5bf1216aa54c8a7cd71ef5a40e4ee363ea9e0a4e832190c2b45527775e1639d43d3a9789aa9ef569f56410e71c4423a26a

Download Submit
C:\Windows\System\qgTbTJv.exe

Filesize
2.2MB

MD5
6e7e5a5986544935f78e4a36c27cfe60

SHA1
b874cba926775377303597faeb61940f7c007c4a

SHA256
4630f8d51a71ce7bf8c6b2751afcc481d2d8dd02b72427b5a1e7d3e9f86e3cd5

SHA512
7568288986e61c64673e94d78aa9122a09ad3e32114b8f3a05223144901774ed87c96ed3132eda343f3af0bfcdf3aa74b4fa991913c4db5c41424760cb19da63

Download Submit
C:\Windows\System\qjNgUSl.exe

Filesize
2.2MB

MD5
e31d416a49d51f6e8ff2220d2f91437c

SHA1
74244dd2ca9bb554fe11d0f05f37041cda13e668

SHA256
dcbbfb9204470874b2dffab2ce19df9041be39d8dd7535a5f9703ccb64ef32bb

SHA512
4970af23322a97e26fec52b9434ed23a1a10a90fdde303db42dcfaadf847a54a70b28ef11ae6ce895856fff67f7e07d362f072613271f9a659ff57dbf7dc7b8a

Download Submit
C:\Windows\System\rIpbuPz.exe

Filesize
2.2MB

MD5
3b41db02ca116b44f30046cfccefcce5

SHA1
71a3e7696d6b059daad9afd5b54da8dccff56a8d

SHA256
016f6beb01996597d839fd6af06c5d813b3fd41832707feae22f2d77945325aa

SHA512
304ff789faee6d01fc92797fd79f313a8c0374aa3769950602559614887ce7e341c54f4481b5325e9c898e8971ce277468ddd11a6064341b19247ce9aababd0e

Download Submit
C:\Windows\System\sWdvidr.exe

Filesize
2.2MB

MD5
c71a472f67f85b16454491129a5921ad

SHA1
9a1daeb8038fc07b8e05321e3bcc5ad25b67dfbb

SHA256
4b4ca5dc7b5a50c42a8ba6fe2e05919fa14ccca3f6cd6e889465c2cbfab11ac9

SHA512
91e0406c98917af80b2895696d258502b1bbcba1bcd49c1349a7458e423c036be84fcdd011392016a37d799e59427d100ab7752f1c332a9a4c069f1ee3be798d

Download Submit
C:\Windows\System\vEtuKto.exe

Filesize
2.2MB

MD5
b9275ab4920913232a4f8086c60b37cc

SHA1
45113d9b5e04f6125e679b1594a5c82078aa7673

SHA256
68119daa4a1f1c9e65a62c8cfdedc1042d33ebb88288b56ec58cae6430cfe827

SHA512
1c84aaa4290708c19564e1055a71b29ce99384199208d4daf9fece20fea7d2245d0c13d176eb60868e612b675a3d028a6b1dad01a02e2b4cdbe94d0f4b6aef19

Download Submit
C:\Windows\System\xXuEeVj.exe

Filesize
2.2MB

MD5
edd6a608d2feec6edbc5acdc6bb2cf37

SHA1
9ce88df5430ad0be6fb45b0f3feec07d35a98565

SHA256
f3fae89b5a72becd5ca92c1d3f58ea8fd1ce9488ee9c6234ff74ea4c36d4c99e

SHA512
58065c4ec61ae01f2ecff63abd9c0282ad685c1e74c66a4267b4e0d1fe9fc901b1bda1985af6aa298cf0cac8d717c944e39c2e640a572eb5f6a8d710a3b7e897

Download Submit
C:\Windows\System\yKCyjkH.exe

Filesize
2.2MB

MD5
1341d64b3cdd0ebf190e6f7e5804c5af

SHA1
877b3a3e440e72e6715708d5e3720edc78d9f163

SHA256
2db013c2765334092af3802a702744cf9e3cd38b71aa60d8de894336019e8647

SHA512
fff3de2eb89ca1548bb08efaa221575ccbd8015815987fe5ddacec6c5676b23dd81c0dcac0d50558ce774fc0590ccf79f08a1d41520063e44446d8176af2f1bc

Download Submit
C:\Windows\System\zONNTXJ.exe

Filesize
2.2MB

MD5
ce5d21e4c0614edf4431cfa3309a8702

SHA1
cf5d5ca78e224b3293ba3b9fed52d7405ae401fa

SHA256
fb16eeef4a6f29623fda844bf8bc6a60223966627235e537de6521540996373a

SHA512
95e6e34a8181e403ef122610dce1bac20a1b6d6bcbc9feabcbd6203d85ca8dc0f25ce5e03e403f31bd3fce15394ca79406a023bb8799ed368d27a048f1c364ac

Download Submit
memory/380-2176-0x00007FF61DF00000-0x00007FF61E2F2000-memory.dmp

Filesize
3.9MB

Download
memory/380-139-0x00007FF61DF00000-0x00007FF61E2F2000-memory.dmp

Filesize
3.9MB

Download
memory/1520-2104-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp

Filesize
3.9MB

Download
memory/1520-124-0x00007FF65E400000-0x00007FF65E7F2000-memory.dmp

Filesize
3.9MB

Download
memory/1824-2097-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1824-38-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1824-2111-0x00007FF6C48C0000-0x00007FF6C4CB2000-memory.dmp

Filesize
3.9MB

Download
memory/2164-104-0x00007FF61E020000-0x00007FF61E412000-memory.dmp

Filesize
3.9MB

Download
memory/2164-2100-0x00007FF61E020000-0x00007FF61E412000-memory.dmp

Filesize
3.9MB

Download
memory/2164-2174-0x00007FF61E020000-0x00007FF61E412000-memory.dmp

Filesize
3.9MB

Download
memory/2236-2202-0x00007FF7C0340000-0x00007FF7C0732000-memory.dmp

Filesize
3.9MB

Download
memory/2236-179-0x00007FF7C0340000-0x00007FF7C0732000-memory.dmp

Filesize
3.9MB

Download
memory/2240-2158-0x00007FF7CEB10000-0x00007FF7CEF02000-memory.dmp

Filesize
3.9MB

Download
memory/2240-95-0x00007FF7CEB10000-0x00007FF7CEF02000-memory.dmp

Filesize
3.9MB

Download
memory/2324-108-0x00007FF67CB40000-0x00007FF67CF32000-memory.dmp

Filesize
3.9MB

Download
memory/2324-2164-0x00007FF67CB40000-0x00007FF67CF32000-memory.dmp

Filesize
3.9MB

Download
memory/2344-0-0x00007FF6F8C30000-0x00007FF6F9022000-memory.dmp

Filesize
3.9MB

Download
memory/2344-1-0x000001E860C90000-0x000001E860CA0000-memory.dmp

Filesize
64KB

Download
memory/2716-2166-0x00007FF62B580000-0x00007FF62B972000-memory.dmp

Filesize
3.9MB

Download
memory/2716-143-0x00007FF62B580000-0x00007FF62B972000-memory.dmp

Filesize
3.9MB

Download
memory/2768-2148-0x00007FF6DF7D0000-0x00007FF6DFBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2768-134-0x00007FF6DF7D0000-0x00007FF6DFBC2000-memory.dmp

Filesize
3.9MB

Download
memory/3172-73-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp

Filesize
3.9MB

Download
memory/3172-2154-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp

Filesize
3.9MB

Download
memory/3172-2099-0x00007FF7D1660000-0x00007FF7D1A52000-memory.dmp

Filesize
3.9MB

Download
memory/3184-47-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp

Filesize
3.9MB

Download
memory/3184-2136-0x00007FF6213C0000-0x00007FF6217B2000-memory.dmp

Filesize
3.9MB

Download
memory/3292-2137-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3292-130-0x00007FF6688E0000-0x00007FF668CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3504-52-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp

Filesize
3.9MB

Download
memory/3504-2098-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp

Filesize
3.9MB

Download
memory/3504-2150-0x00007FF7D5130000-0x00007FF7D5522000-memory.dmp

Filesize
3.9MB

Download
memory/3752-2101-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp

Filesize
3.9MB

Download
memory/3752-109-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp

Filesize
3.9MB

Download
memory/3752-2169-0x00007FF7D2A20000-0x00007FF7D2E12000-memory.dmp

Filesize
3.9MB

Download
memory/3840-2167-0x00007FF63CFE0000-0x00007FF63D3D2000-memory.dmp

Filesize
3.9MB

Download
memory/3840-135-0x00007FF63CFE0000-0x00007FF63D3D2000-memory.dmp

Filesize
3.9MB

Download
memory/3856-82-0x00007FF6B3200000-0x00007FF6B35F2000-memory.dmp

Filesize
3.9MB

Download
memory/3856-2156-0x00007FF6B3200000-0x00007FF6B35F2000-memory.dmp

Filesize
3.9MB

Download
memory/3936-167-0x00007FF771650000-0x00007FF771A42000-memory.dmp

Filesize
3.9MB

Download
memory/3936-2178-0x00007FF771650000-0x00007FF771A42000-memory.dmp

Filesize
3.9MB

Download
memory/4220-2171-0x00007FF693790000-0x00007FF693B82000-memory.dmp

Filesize
3.9MB

Download
memory/4220-117-0x00007FF693790000-0x00007FF693B82000-memory.dmp

Filesize
3.9MB

Download
memory/4232-37-0x000001A92C670000-0x000001A92C692000-memory.dmp

Filesize
136KB

Download
memory/4232-19-0x000001A92C700000-0x000001A92C710000-memory.dmp

Filesize
64KB

Download
memory/4232-18-0x000001A92C700000-0x000001A92C710000-memory.dmp

Filesize
64KB

Download
memory/4232-16-0x00007FFC22A70000-0x00007FFC23531000-memory.dmp

Filesize
10.8MB

Download
memory/4604-149-0x00007FF7DBBF0000-0x00007FF7DBFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2173-0x00007FF7DBBF0000-0x00007FF7DBFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4868-160-0x00007FF66A260000-0x00007FF66A652000-memory.dmp

Filesize
3.9MB

Download
memory/4868-2162-0x00007FF66A260000-0x00007FF66A652000-memory.dmp

Filesize
3.9MB

Download
memory/4908-173-0x00007FF7013A0000-0x00007FF701792000-memory.dmp

Filesize
3.9MB

Download
memory/4908-2185-0x00007FF7013A0000-0x00007FF701792000-memory.dmp

Filesize
3.9MB

Download