xmrig | a245a1254bcb2fa0a63480d7a36f8fb5de18fc95f8ca8c639faa0e57a1732958

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
Size

1.9MB
MD5

0882516b84fdc5d23fd24b5fc90ff8db
SHA1

161abd59aac3fb3fd0d401848e4edf210f8deb94
SHA256

a245a1254bcb2fa0a63480d7a36f8fb5de18fc95f8ca8c639faa0e57a1732958
SHA512

e99bbd028f7629b1705978f23af453990a3f7ae3a3df8c3d4fa47e97e25bd6625f68175e33a1c8e5428a751f5c926509a6cce2a1ab91fde24670f5059b96f3b0
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrlF+:NABr

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 41 IoCs

miner

resource	yara_rule
behavioral2/memory/1472-44-0x00007FF70CB60000-0x00007FF70CF52000-memory.dmp	xmrig
behavioral2/memory/5096-61-0x00007FF763BF0000-0x00007FF763FE2000-memory.dmp	xmrig
behavioral2/memory/372-68-0x00007FF75FBE0000-0x00007FF75FFD2000-memory.dmp	xmrig
behavioral2/memory/3724-164-0x00007FF73E310000-0x00007FF73E702000-memory.dmp	xmrig
behavioral2/memory/3020-209-0x00007FF65DF80000-0x00007FF65E372000-memory.dmp	xmrig
behavioral2/memory/5996-198-0x00007FF63EA10000-0x00007FF63EE02000-memory.dmp	xmrig
behavioral2/memory/5036-185-0x00007FF66E540000-0x00007FF66E932000-memory.dmp	xmrig
behavioral2/memory/5888-179-0x00007FF6AF310000-0x00007FF6AF702000-memory.dmp	xmrig
behavioral2/memory/4492-151-0x00007FF71D430000-0x00007FF71D822000-memory.dmp	xmrig
behavioral2/memory/4504-142-0x00007FF73ED10000-0x00007FF73F102000-memory.dmp	xmrig
behavioral2/memory/4508-131-0x00007FF712280000-0x00007FF712672000-memory.dmp	xmrig
behavioral2/memory/5728-127-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	xmrig
behavioral2/memory/4712-2117-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp	xmrig
behavioral2/memory/396-2119-0x00007FF682B30000-0x00007FF682F22000-memory.dmp	xmrig
behavioral2/memory/4120-2118-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp	xmrig
behavioral2/memory/4516-77-0x00007FF7B8240000-0x00007FF7B8632000-memory.dmp	xmrig
behavioral2/memory/5008-63-0x00007FF7889D0000-0x00007FF788DC2000-memory.dmp	xmrig
behavioral2/memory/924-51-0x00007FF629550000-0x00007FF629942000-memory.dmp	xmrig
behavioral2/memory/1008-31-0x00007FF7F3230000-0x00007FF7F3622000-memory.dmp	xmrig
behavioral2/memory/2276-2149-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp	xmrig
behavioral2/memory/924-2173-0x00007FF629550000-0x00007FF629942000-memory.dmp	xmrig
behavioral2/memory/1008-2175-0x00007FF7F3230000-0x00007FF7F3622000-memory.dmp	xmrig
behavioral2/memory/1472-2177-0x00007FF70CB60000-0x00007FF70CF52000-memory.dmp	xmrig
behavioral2/memory/5096-2179-0x00007FF763BF0000-0x00007FF763FE2000-memory.dmp	xmrig
behavioral2/memory/5008-2181-0x00007FF7889D0000-0x00007FF788DC2000-memory.dmp	xmrig
behavioral2/memory/4516-2183-0x00007FF7B8240000-0x00007FF7B8632000-memory.dmp	xmrig
behavioral2/memory/372-2185-0x00007FF75FBE0000-0x00007FF75FFD2000-memory.dmp	xmrig
behavioral2/memory/5888-2188-0x00007FF6AF310000-0x00007FF6AF702000-memory.dmp	xmrig
behavioral2/memory/3724-2189-0x00007FF73E310000-0x00007FF73E702000-memory.dmp	xmrig
behavioral2/memory/4712-2191-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp	xmrig
behavioral2/memory/3756-2193-0x00007FF7323A0000-0x00007FF732792000-memory.dmp	xmrig
behavioral2/memory/5996-2195-0x00007FF63EA10000-0x00007FF63EE02000-memory.dmp	xmrig
behavioral2/memory/4508-2208-0x00007FF712280000-0x00007FF712672000-memory.dmp	xmrig
behavioral2/memory/5728-2203-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	xmrig
behavioral2/memory/3020-2209-0x00007FF65DF80000-0x00007FF65E372000-memory.dmp	xmrig
behavioral2/memory/2276-2213-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp	xmrig
behavioral2/memory/5036-2202-0x00007FF66E540000-0x00007FF66E932000-memory.dmp	xmrig
behavioral2/memory/396-2211-0x00007FF682B30000-0x00007FF682F22000-memory.dmp	xmrig
behavioral2/memory/4504-2199-0x00007FF73ED10000-0x00007FF73F102000-memory.dmp	xmrig
behavioral2/memory/4492-2198-0x00007FF71D430000-0x00007FF71D822000-memory.dmp	xmrig
behavioral2/memory/4120-2206-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1920	powershell.exe
5	1920	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
924	toiYTcb.exe
1008	HnZqBKP.exe
1472	sPtRdaE.exe
5096	qdIwGCX.exe
5008	FhltqOx.exe
3724	iDoLdmN.exe
372	HIRbmNI.exe
4516	RduHPUL.exe
5888	pyqnYBC.exe
4712	HGrBnyW.exe
5036	WCZjHop.exe
3756	AOlwANJ.exe
4120	bqEyjxy.exe
5996	TygDLWA.exe
396	aCVkvTJ.exe
5728	JeJbCDJ.exe
3020	eAXtuJb.exe
4508	RibICvU.exe
2276	iMrHSbt.exe
4504	WtgSEVu.exe
4492	igHfwYy.exe
3312	tfRyDyS.exe
5560	dhqLKxS.exe
5588	CxNIEUw.exe
4576	EpTRTnr.exe
5800	Ljvszlp.exe
5152	qOFaXDB.exe
5572	iDRhndw.exe
4776	XYWZYSe.exe
3732	wwWjBaY.exe
4192	rnqivgN.exe
5284	ACTXbzE.exe
2628	SVqqycC.exe
1228	EbivxZU.exe
2040	qejlEOB.exe
3256	FyVIuqn.exe
3492	jQVMSna.exe
1384	TwLOlnB.exe
4624	bmTLIEe.exe
3832	ZHNGGHl.exe
2732	pnchWiX.exe
1012	qqtNOdG.exe
1112	kVtKcYa.exe
2804	sfdBdrS.exe
3800	GYvLeZr.exe
4632	ipFfVsY.exe
5948	eXRLQMC.exe
4848	SOZJtSt.exe
1380	uLkXJiD.exe
5464	jkZHbJk.exe
2128	hqTiLmn.exe
3972	udPmdBI.exe
1956	uuFRLeA.exe
3912	cTwSVJy.exe
1252	UzzTDOO.exe
5876	SkOFswP.exe
4620	EEHLHiy.exe
316	GeuwBEC.exe
2008	ZrwEiTy.exe
4572	FTwHkWk.exe
3524	LckKMVl.exe
1588	iakyAHy.exe
5544	JanFrGw.exe
412	qIqExJK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5072-0-0x00007FF625100000-0x00007FF6254F2000-memory.dmp	upx
behavioral2/files/0x0008000000023426-10.dat	upx
behavioral2/files/0x0007000000023427-14.dat	upx
behavioral2/files/0x0007000000023428-30.dat	upx
behavioral2/memory/1472-44-0x00007FF70CB60000-0x00007FF70CF52000-memory.dmp	upx
behavioral2/files/0x000800000002342b-50.dat	upx
behavioral2/memory/5096-61-0x00007FF763BF0000-0x00007FF763FE2000-memory.dmp	upx
behavioral2/memory/372-68-0x00007FF75FBE0000-0x00007FF75FFD2000-memory.dmp	upx
behavioral2/files/0x0007000000023430-80.dat	upx
behavioral2/files/0x0007000000023432-93.dat	upx
behavioral2/files/0x0007000000023435-104.dat	upx
behavioral2/files/0x0007000000023437-133.dat	upx
behavioral2/files/0x000700000002343c-154.dat	upx
behavioral2/memory/3724-164-0x00007FF73E310000-0x00007FF73E702000-memory.dmp	upx
behavioral2/files/0x0007000000023440-180.dat	upx
behavioral2/files/0x0007000000023441-188.dat	upx
behavioral2/memory/3020-209-0x00007FF65DF80000-0x00007FF65E372000-memory.dmp	upx
behavioral2/memory/5996-198-0x00007FF63EA10000-0x00007FF63EE02000-memory.dmp	upx
behavioral2/files/0x0007000000023445-197.dat	upx
behavioral2/memory/5036-185-0x00007FF66E540000-0x00007FF66E932000-memory.dmp	upx
behavioral2/memory/3756-196-0x00007FF7323A0000-0x00007FF732792000-memory.dmp	upx
behavioral2/files/0x0007000000023444-195.dat	upx
behavioral2/files/0x0007000000023443-191.dat	upx
behavioral2/memory/5888-179-0x00007FF6AF310000-0x00007FF6AF702000-memory.dmp	upx
behavioral2/files/0x0007000000023442-182.dat	upx
behavioral2/files/0x000700000002343d-172.dat	upx
behavioral2/files/0x000700000002343e-169.dat	upx
behavioral2/files/0x0007000000023440-166.dat	upx
behavioral2/files/0x000700000002343f-161.dat	upx
behavioral2/files/0x000700000002343d-160.dat	upx
behavioral2/files/0x0009000000023424-165.dat	upx
behavioral2/files/0x000700000002343b-150.dat	upx
behavioral2/memory/4492-151-0x00007FF71D430000-0x00007FF71D822000-memory.dmp	upx
behavioral2/memory/4504-142-0x00007FF73ED10000-0x00007FF73F102000-memory.dmp	upx
behavioral2/files/0x000700000002343a-141.dat	upx
behavioral2/memory/2276-137-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp	upx
behavioral2/memory/4508-131-0x00007FF712280000-0x00007FF712672000-memory.dmp	upx
behavioral2/memory/5728-127-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	upx
behavioral2/files/0x0007000000023433-126.dat	upx
behavioral2/memory/396-121-0x00007FF682B30000-0x00007FF682F22000-memory.dmp	upx
behavioral2/files/0x0007000000023439-120.dat	upx
behavioral2/files/0x0007000000023438-119.dat	upx
behavioral2/files/0x0007000000023437-117.dat	upx
behavioral2/files/0x000700000002342f-115.dat	upx
behavioral2/files/0x0007000000023436-110.dat	upx
behavioral2/files/0x0007000000023434-111.dat	upx
behavioral2/memory/4120-100-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp	upx
behavioral2/memory/4712-2117-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp	upx
behavioral2/memory/396-2119-0x00007FF682B30000-0x00007FF682F22000-memory.dmp	upx
behavioral2/memory/4120-2118-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp	upx
behavioral2/memory/4712-88-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp	upx
behavioral2/files/0x0007000000023431-87.dat	upx
behavioral2/memory/4516-77-0x00007FF7B8240000-0x00007FF7B8632000-memory.dmp	upx
behavioral2/files/0x0007000000023431-81.dat	upx
behavioral2/files/0x000700000002342e-70.dat	upx
behavioral2/files/0x000700000002342d-67.dat	upx
behavioral2/files/0x000700000002342c-59.dat	upx
behavioral2/memory/5008-63-0x00007FF7889D0000-0x00007FF788DC2000-memory.dmp	upx
behavioral2/files/0x000800000002342a-62.dat	upx
behavioral2/memory/924-51-0x00007FF629550000-0x00007FF629942000-memory.dmp	upx
behavioral2/files/0x0007000000023429-41.dat	upx
behavioral2/memory/1008-31-0x00007FF7F3230000-0x00007FF7F3622000-memory.dmp	upx
behavioral2/files/0x00090000000233e4-6.dat	upx
behavioral2/memory/2276-2149-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tREYlRY.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\GKttCxG.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ewcaKnx.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\onepShl.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ajzRFVq.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\fpuRWpR.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\QgClcZj.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\SGzJNkr.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\lNmMLny.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\UMsswGR.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\MJDRLDN.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\BpXHWig.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\Xaoofrn.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\rWHdRcN.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\HDdNqkK.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\AOlwANJ.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\CxNIEUw.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\Eivbtvk.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\nHznxbt.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\JCbFSBh.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\fxoiTGi.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\vLHzkdX.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\YJHMaPh.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\gTRNOyt.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\EnOgxqr.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\eejGovF.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\LcQQncn.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\jXWTEvQ.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\iHJiVGK.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ysZeoFn.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\oLDImff.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\lgLUpIA.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\WxFYgdI.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\YEOlyjQ.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\rhgMhtP.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\VsDMvaL.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\DljDEaM.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\OzLqzhB.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ISOsotG.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\YKiUeGC.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\RPVhvaA.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\DzJIauL.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ipODbrC.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\nTYbuqv.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\wCETQiw.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\twxuPzb.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\HfKXGFu.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\drWFdNt.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\QYwtywG.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\kDvCtGZ.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\JJvgVVt.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\uafLGWZ.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\TXHvKCg.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\qtxbHVA.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\zlwcuhA.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\QvqSqeM.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\ZJqSGjN.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\pPgnVNP.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\uLkXJiD.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\NmKFaYY.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\SkHyDpa.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\YqkdRGY.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\zlXVeFk.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
File created	C:\Windows\System\XiBqQKb.exe	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1920	powershell.exe
1920	powershell.exe
1920	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
Token: SeDebugPrivilege	1920	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1920	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	83
PID 5072 wrote to memory of 1920	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	83
PID 5072 wrote to memory of 924	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	84
PID 5072 wrote to memory of 924	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	84
PID 5072 wrote to memory of 1008	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	85
PID 5072 wrote to memory of 1008	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	85
PID 5072 wrote to memory of 1472	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	86
PID 5072 wrote to memory of 1472	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	86
PID 5072 wrote to memory of 5096	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	87
PID 5072 wrote to memory of 5096	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	87
PID 5072 wrote to memory of 5008	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	88
PID 5072 wrote to memory of 5008	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	88
PID 5072 wrote to memory of 3724	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	89
PID 5072 wrote to memory of 3724	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	89
PID 5072 wrote to memory of 372	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	90
PID 5072 wrote to memory of 372	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	90
PID 5072 wrote to memory of 4516	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	91
PID 5072 wrote to memory of 4516	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	91
PID 5072 wrote to memory of 5888	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	92
PID 5072 wrote to memory of 5888	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	92
PID 5072 wrote to memory of 4712	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	93
PID 5072 wrote to memory of 4712	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	93
PID 5072 wrote to memory of 5036	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	94
PID 5072 wrote to memory of 5036	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	94
PID 5072 wrote to memory of 3756	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	95
PID 5072 wrote to memory of 3756	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	95
PID 5072 wrote to memory of 4120	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	96
PID 5072 wrote to memory of 4120	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	96
PID 5072 wrote to memory of 5996	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	97
PID 5072 wrote to memory of 5996	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	97
PID 5072 wrote to memory of 396	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	98
PID 5072 wrote to memory of 396	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	98
PID 5072 wrote to memory of 5728	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	99
PID 5072 wrote to memory of 5728	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	99
PID 5072 wrote to memory of 3020	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	100
PID 5072 wrote to memory of 3020	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	100
PID 5072 wrote to memory of 4508	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	101
PID 5072 wrote to memory of 4508	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	101
PID 5072 wrote to memory of 2276	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	102
PID 5072 wrote to memory of 2276	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	102
PID 5072 wrote to memory of 4504	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	103
PID 5072 wrote to memory of 4504	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	103
PID 5072 wrote to memory of 4492	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	104
PID 5072 wrote to memory of 4492	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	104
PID 5072 wrote to memory of 3312	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	105
PID 5072 wrote to memory of 3312	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	105
PID 5072 wrote to memory of 5560	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	106
PID 5072 wrote to memory of 5560	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	106
PID 5072 wrote to memory of 5588	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	107
PID 5072 wrote to memory of 5588	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	107
PID 5072 wrote to memory of 4576	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	108
PID 5072 wrote to memory of 4576	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	108
PID 5072 wrote to memory of 5152	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	109
PID 5072 wrote to memory of 5152	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	109
PID 5072 wrote to memory of 5800	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	110
PID 5072 wrote to memory of 5800	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	110
PID 5072 wrote to memory of 5572	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	111
PID 5072 wrote to memory of 5572	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	111
PID 5072 wrote to memory of 4776	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	112
PID 5072 wrote to memory of 4776	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	112
PID 5072 wrote to memory of 3732	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	113
PID 5072 wrote to memory of 3732	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	113
PID 5072 wrote to memory of 4192	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	114
PID 5072 wrote to memory of 4192	5072	0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\2023711099\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\2023711099\zmstage.exe
1⤵
PID:1864

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
PID:6008

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
1⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0882516b84fdc5d23fd24b5fc90ff8db_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1920
- C:\Windows\System\toiYTcb.exe
  C:\Windows\System\toiYTcb.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\HnZqBKP.exe
  C:\Windows\System\HnZqBKP.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\sPtRdaE.exe
  C:\Windows\System\sPtRdaE.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\qdIwGCX.exe
  C:\Windows\System\qdIwGCX.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\FhltqOx.exe
  C:\Windows\System\FhltqOx.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\iDoLdmN.exe
  C:\Windows\System\iDoLdmN.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\HIRbmNI.exe
  C:\Windows\System\HIRbmNI.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\RduHPUL.exe
  C:\Windows\System\RduHPUL.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\pyqnYBC.exe
  C:\Windows\System\pyqnYBC.exe
  2⤵
  - Executes dropped EXE
  PID:5888
- C:\Windows\System\HGrBnyW.exe
  C:\Windows\System\HGrBnyW.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\WCZjHop.exe
  C:\Windows\System\WCZjHop.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\AOlwANJ.exe
  C:\Windows\System\AOlwANJ.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\bqEyjxy.exe
  C:\Windows\System\bqEyjxy.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\TygDLWA.exe
  C:\Windows\System\TygDLWA.exe
  2⤵
  - Executes dropped EXE
  PID:5996
- C:\Windows\System\aCVkvTJ.exe
  C:\Windows\System\aCVkvTJ.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\JeJbCDJ.exe
  C:\Windows\System\JeJbCDJ.exe
  2⤵
  - Executes dropped EXE
  PID:5728
- C:\Windows\System\eAXtuJb.exe
  C:\Windows\System\eAXtuJb.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\RibICvU.exe
  C:\Windows\System\RibICvU.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\iMrHSbt.exe
  C:\Windows\System\iMrHSbt.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\WtgSEVu.exe
  C:\Windows\System\WtgSEVu.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\igHfwYy.exe
  C:\Windows\System\igHfwYy.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\tfRyDyS.exe
  C:\Windows\System\tfRyDyS.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\dhqLKxS.exe
  C:\Windows\System\dhqLKxS.exe
  2⤵
  - Executes dropped EXE
  PID:5560
- C:\Windows\System\CxNIEUw.exe
  C:\Windows\System\CxNIEUw.exe
  2⤵
  - Executes dropped EXE
  PID:5588
- C:\Windows\System\EpTRTnr.exe
  C:\Windows\System\EpTRTnr.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\qOFaXDB.exe
  C:\Windows\System\qOFaXDB.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\Ljvszlp.exe
  C:\Windows\System\Ljvszlp.exe
  2⤵
  - Executes dropped EXE
  PID:5800
- C:\Windows\System\iDRhndw.exe
  C:\Windows\System\iDRhndw.exe
  2⤵
  - Executes dropped EXE
  PID:5572
- C:\Windows\System\XYWZYSe.exe
  C:\Windows\System\XYWZYSe.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\wwWjBaY.exe
  C:\Windows\System\wwWjBaY.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\rnqivgN.exe
  C:\Windows\System\rnqivgN.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\ACTXbzE.exe
  C:\Windows\System\ACTXbzE.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\SVqqycC.exe
  C:\Windows\System\SVqqycC.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\EbivxZU.exe
  C:\Windows\System\EbivxZU.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\qejlEOB.exe
  C:\Windows\System\qejlEOB.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\FyVIuqn.exe
  C:\Windows\System\FyVIuqn.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\jQVMSna.exe
  C:\Windows\System\jQVMSna.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\TwLOlnB.exe
  C:\Windows\System\TwLOlnB.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\qqtNOdG.exe
  C:\Windows\System\qqtNOdG.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\bmTLIEe.exe
  C:\Windows\System\bmTLIEe.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\ZHNGGHl.exe
  C:\Windows\System\ZHNGGHl.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\kVtKcYa.exe
  C:\Windows\System\kVtKcYa.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\pnchWiX.exe
  C:\Windows\System\pnchWiX.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\sfdBdrS.exe
  C:\Windows\System\sfdBdrS.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\GYvLeZr.exe
  C:\Windows\System\GYvLeZr.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\ipFfVsY.exe
  C:\Windows\System\ipFfVsY.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\eXRLQMC.exe
  C:\Windows\System\eXRLQMC.exe
  2⤵
  - Executes dropped EXE
  PID:5948
- C:\Windows\System\SOZJtSt.exe
  C:\Windows\System\SOZJtSt.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\uLkXJiD.exe
  C:\Windows\System\uLkXJiD.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\jkZHbJk.exe
  C:\Windows\System\jkZHbJk.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\hqTiLmn.exe
  C:\Windows\System\hqTiLmn.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\udPmdBI.exe
  C:\Windows\System\udPmdBI.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\cTwSVJy.exe
  C:\Windows\System\cTwSVJy.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\uuFRLeA.exe
  C:\Windows\System\uuFRLeA.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\UzzTDOO.exe
  C:\Windows\System\UzzTDOO.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\EEHLHiy.exe
  C:\Windows\System\EEHLHiy.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\GeuwBEC.exe
  C:\Windows\System\GeuwBEC.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\SkOFswP.exe
  C:\Windows\System\SkOFswP.exe
  2⤵
  - Executes dropped EXE
  PID:5876
- C:\Windows\System\ZrwEiTy.exe
  C:\Windows\System\ZrwEiTy.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\FTwHkWk.exe
  C:\Windows\System\FTwHkWk.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\qIqExJK.exe
  C:\Windows\System\qIqExJK.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\LckKMVl.exe
  C:\Windows\System\LckKMVl.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\iakyAHy.exe
  C:\Windows\System\iakyAHy.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\JanFrGw.exe
  C:\Windows\System\JanFrGw.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\PwSpAon.exe
  C:\Windows\System\PwSpAon.exe
  2⤵
  PID:1928
- C:\Windows\System\EhOmUrx.exe
  C:\Windows\System\EhOmUrx.exe
  2⤵
  PID:1896
- C:\Windows\System\BWXHzBP.exe
  C:\Windows\System\BWXHzBP.exe
  2⤵
  PID:2696
- C:\Windows\System\IshQgIN.exe
  C:\Windows\System\IshQgIN.exe
  2⤵
  PID:436
- C:\Windows\System\OEqgWBf.exe
  C:\Windows\System\OEqgWBf.exe
  2⤵
  PID:5720
- C:\Windows\System\EatRjPQ.exe
  C:\Windows\System\EatRjPQ.exe
  2⤵
  PID:1884
- C:\Windows\System\vhPiyWi.exe
  C:\Windows\System\vhPiyWi.exe
  2⤵
  PID:2740
- C:\Windows\System\ZTVvwvr.exe
  C:\Windows\System\ZTVvwvr.exe
  2⤵
  PID:1396
- C:\Windows\System\doVyQTw.exe
  C:\Windows\System\doVyQTw.exe
  2⤵
  PID:1704
- C:\Windows\System\gSeVaZg.exe
  C:\Windows\System\gSeVaZg.exe
  2⤵
  PID:6028
- C:\Windows\System\KRojAPJ.exe
  C:\Windows\System\KRojAPJ.exe
  2⤵
  PID:2820
- C:\Windows\System\DljDEaM.exe
  C:\Windows\System\DljDEaM.exe
  2⤵
  PID:4480
- C:\Windows\System\uERxBTY.exe
  C:\Windows\System\uERxBTY.exe
  2⤵
  PID:4472
- C:\Windows\System\yOadPNY.exe
  C:\Windows\System\yOadPNY.exe
  2⤵
  PID:4992
- C:\Windows\System\jDgOlMW.exe
  C:\Windows\System\jDgOlMW.exe
  2⤵
  PID:2316
- C:\Windows\System\RVfpVUK.exe
  C:\Windows\System\RVfpVUK.exe
  2⤵
  PID:1000
- C:\Windows\System\EKwIxcL.exe
  C:\Windows\System\EKwIxcL.exe
  2⤵
  PID:2044
- C:\Windows\System\JjIKGwv.exe
  C:\Windows\System\JjIKGwv.exe
  2⤵
  PID:5232
- C:\Windows\System\YEOlyjQ.exe
  C:\Windows\System\YEOlyjQ.exe
  2⤵
  PID:3580
- C:\Windows\System\fVftysS.exe
  C:\Windows\System\fVftysS.exe
  2⤵
  PID:6132
- C:\Windows\System\pIbjUWQ.exe
  C:\Windows\System\pIbjUWQ.exe
  2⤵
  PID:3500
- C:\Windows\System\ApbCnSZ.exe
  C:\Windows\System\ApbCnSZ.exe
  2⤵
  PID:4892
- C:\Windows\System\IBqQyKA.exe
  C:\Windows\System\IBqQyKA.exe
  2⤵
  PID:3208
- C:\Windows\System\VNDiauy.exe
  C:\Windows\System\VNDiauy.exe
  2⤵
  PID:5360
- C:\Windows\System\OzLqzhB.exe
  C:\Windows\System\OzLqzhB.exe
  2⤵
  PID:5592
- C:\Windows\System\redxxLF.exe
  C:\Windows\System\redxxLF.exe
  2⤵
  PID:4060
- C:\Windows\System\fKhXDwo.exe
  C:\Windows\System\fKhXDwo.exe
  2⤵
  PID:2484
- C:\Windows\System\XiBqQKb.exe
  C:\Windows\System\XiBqQKb.exe
  2⤵
  PID:4104
- C:\Windows\System\pIquhQl.exe
  C:\Windows\System\pIquhQl.exe
  2⤵
  PID:3144
- C:\Windows\System\RsChEog.exe
  C:\Windows\System\RsChEog.exe
  2⤵
  PID:4688
- C:\Windows\System\giKmMsp.exe
  C:\Windows\System\giKmMsp.exe
  2⤵
  PID:1984
- C:\Windows\System\nTYbuqv.exe
  C:\Windows\System\nTYbuqv.exe
  2⤵
  PID:220
- C:\Windows\System\zESxLTP.exe
  C:\Windows\System\zESxLTP.exe
  2⤵
  PID:5020
- C:\Windows\System\edJGtff.exe
  C:\Windows\System\edJGtff.exe
  2⤵
  PID:1208
- C:\Windows\System\jZhuqSa.exe
  C:\Windows\System\jZhuqSa.exe
  2⤵
  PID:2360
- C:\Windows\System\OgtwbvO.exe
  C:\Windows\System\OgtwbvO.exe
  2⤵
  PID:4784
- C:\Windows\System\LclMpFk.exe
  C:\Windows\System\LclMpFk.exe
  2⤵
  PID:912
- C:\Windows\System\AqsVahh.exe
  C:\Windows\System\AqsVahh.exe
  2⤵
  PID:1764
- C:\Windows\System\XzFWkse.exe
  C:\Windows\System\XzFWkse.exe
  2⤵
  PID:3132
- C:\Windows\System\jTTRevv.exe
  C:\Windows\System\jTTRevv.exe
  2⤵
  PID:1612
- C:\Windows\System\CaFcwXa.exe
  C:\Windows\System\CaFcwXa.exe
  2⤵
  PID:5184
- C:\Windows\System\TXHvKCg.exe
  C:\Windows\System\TXHvKCg.exe
  2⤵
  PID:4036
- C:\Windows\System\LctdaUG.exe
  C:\Windows\System\LctdaUG.exe
  2⤵
  PID:2312
- C:\Windows\System\dHcjnmM.exe
  C:\Windows\System\dHcjnmM.exe
  2⤵
  PID:4156
- C:\Windows\System\ttpcVQJ.exe
  C:\Windows\System\ttpcVQJ.exe
  2⤵
  PID:4988
- C:\Windows\System\GCNpnED.exe
  C:\Windows\System\GCNpnED.exe
  2⤵
  PID:1492
- C:\Windows\System\OasDWdf.exe
  C:\Windows\System\OasDWdf.exe
  2⤵
  PID:4484
- C:\Windows\System\UjxIXNa.exe
  C:\Windows\System\UjxIXNa.exe
  2⤵
  PID:1864
- C:\Windows\System\YJBzRJA.exe
  C:\Windows\System\YJBzRJA.exe
  2⤵
  PID:6008
- C:\Windows\System\TBTEguh.exe
  C:\Windows\System\TBTEguh.exe
  2⤵
  PID:5344
- C:\Windows\System\zemvNwA.exe
  C:\Windows\System\zemvNwA.exe
  2⤵
  PID:2336
- C:\Windows\System\dgqfzTk.exe
  C:\Windows\System\dgqfzTk.exe
  2⤵
  PID:3816
- C:\Windows\System\FpKmMOI.exe
  C:\Windows\System\FpKmMOI.exe
  2⤵
  PID:5084
- C:\Windows\System\jbuuDyL.exe
  C:\Windows\System\jbuuDyL.exe
  2⤵
  PID:4136
- C:\Windows\System\AwxgdAy.exe
  C:\Windows\System\AwxgdAy.exe
  2⤵
  PID:5304
- C:\Windows\System\cAyTCtZ.exe
  C:\Windows\System\cAyTCtZ.exe
  2⤵
  PID:232
- C:\Windows\System\xEgNjzj.exe
  C:\Windows\System\xEgNjzj.exe
  2⤵
  PID:5748
- C:\Windows\System\YqkdRGY.exe
  C:\Windows\System\YqkdRGY.exe
  2⤵
  PID:1448
- C:\Windows\System\zANopZg.exe
  C:\Windows\System\zANopZg.exe
  2⤵
  PID:324
- C:\Windows\System\HfKXGFu.exe
  C:\Windows\System\HfKXGFu.exe
  2⤵
  PID:3008
- C:\Windows\System\UsbEjAD.exe
  C:\Windows\System\UsbEjAD.exe
  2⤵
  PID:4552
- C:\Windows\System\hdGfKdk.exe
  C:\Windows\System\hdGfKdk.exe
  2⤵
  PID:112
- C:\Windows\System\SPTDdDn.exe
  C:\Windows\System\SPTDdDn.exe
  2⤵
  PID:2832
- C:\Windows\System\mNmRFQq.exe
  C:\Windows\System\mNmRFQq.exe
  2⤵
  PID:4532
- C:\Windows\System\PCKBRUF.exe
  C:\Windows\System\PCKBRUF.exe
  2⤵
  PID:4592
- C:\Windows\System\lGFjpRC.exe
  C:\Windows\System\lGFjpRC.exe
  2⤵
  PID:1052
- C:\Windows\System\CihCyhy.exe
  C:\Windows\System\CihCyhy.exe
  2⤵
  PID:1728
- C:\Windows\System\ElNqpFx.exe
  C:\Windows\System\ElNqpFx.exe
  2⤵
  PID:4088
- C:\Windows\System\wCETQiw.exe
  C:\Windows\System\wCETQiw.exe
  2⤵
  PID:2136
- C:\Windows\System\gzeWYox.exe
  C:\Windows\System\gzeWYox.exe
  2⤵
  PID:5160
- C:\Windows\System\qDNrzzM.exe
  C:\Windows\System\qDNrzzM.exe
  2⤵
  PID:5364
- C:\Windows\System\RENPHDq.exe
  C:\Windows\System\RENPHDq.exe
  2⤵
  PID:3348
- C:\Windows\System\vLHzkdX.exe
  C:\Windows\System\vLHzkdX.exe
  2⤵
  PID:4280
- C:\Windows\System\RizGkiN.exe
  C:\Windows\System\RizGkiN.exe
  2⤵
  PID:4140
- C:\Windows\System\ycbMHHk.exe
  C:\Windows\System\ycbMHHk.exe
  2⤵
  PID:376
- C:\Windows\System\RSpQgrl.exe
  C:\Windows\System\RSpQgrl.exe
  2⤵
  PID:5092
- C:\Windows\System\eEftuDI.exe
  C:\Windows\System\eEftuDI.exe
  2⤵
  PID:5480
- C:\Windows\System\XwoamvV.exe
  C:\Windows\System\XwoamvV.exe
  2⤵
  PID:5788
- C:\Windows\System\qtxbHVA.exe
  C:\Windows\System\qtxbHVA.exe
  2⤵
  PID:4388
- C:\Windows\System\mEHxyWr.exe
  C:\Windows\System\mEHxyWr.exe
  2⤵
  PID:6160
- C:\Windows\System\RuIxNaQ.exe
  C:\Windows\System\RuIxNaQ.exe
  2⤵
  PID:6184
- C:\Windows\System\drWFdNt.exe
  C:\Windows\System\drWFdNt.exe
  2⤵
  PID:6204
- C:\Windows\System\rcmgRFb.exe
  C:\Windows\System\rcmgRFb.exe
  2⤵
  PID:6232
- C:\Windows\System\FaibYOb.exe
  C:\Windows\System\FaibYOb.exe
  2⤵
  PID:6260
- C:\Windows\System\xwjgymq.exe
  C:\Windows\System\xwjgymq.exe
  2⤵
  PID:6316
- C:\Windows\System\UMsswGR.exe
  C:\Windows\System\UMsswGR.exe
  2⤵
  PID:6356
- C:\Windows\System\ACukbyf.exe
  C:\Windows\System\ACukbyf.exe
  2⤵
  PID:6380
- C:\Windows\System\IlXAbia.exe
  C:\Windows\System\IlXAbia.exe
  2⤵
  PID:6404
- C:\Windows\System\eejGovF.exe
  C:\Windows\System\eejGovF.exe
  2⤵
  PID:6424
- C:\Windows\System\HOlBxwJ.exe
  C:\Windows\System\HOlBxwJ.exe
  2⤵
  PID:6444
- C:\Windows\System\bxFTdJm.exe
  C:\Windows\System\bxFTdJm.exe
  2⤵
  PID:6488
- C:\Windows\System\rmgWYrk.exe
  C:\Windows\System\rmgWYrk.exe
  2⤵
  PID:6512
- C:\Windows\System\LcQQncn.exe
  C:\Windows\System\LcQQncn.exe
  2⤵
  PID:6536
- C:\Windows\System\rJdFsqp.exe
  C:\Windows\System\rJdFsqp.exe
  2⤵
  PID:6556
- C:\Windows\System\fyYpVgW.exe
  C:\Windows\System\fyYpVgW.exe
  2⤵
  PID:6576
- C:\Windows\System\WMZjcLd.exe
  C:\Windows\System\WMZjcLd.exe
  2⤵
  PID:6604
- C:\Windows\System\ulxqMfB.exe
  C:\Windows\System\ulxqMfB.exe
  2⤵
  PID:6652
- C:\Windows\System\juUxbWJ.exe
  C:\Windows\System\juUxbWJ.exe
  2⤵
  PID:6684
- C:\Windows\System\ckQbuHb.exe
  C:\Windows\System\ckQbuHb.exe
  2⤵
  PID:6700
- C:\Windows\System\twswtYW.exe
  C:\Windows\System\twswtYW.exe
  2⤵
  PID:6724
- C:\Windows\System\ewNjKJx.exe
  C:\Windows\System\ewNjKJx.exe
  2⤵
  PID:6744
- C:\Windows\System\DyPXUJW.exe
  C:\Windows\System\DyPXUJW.exe
  2⤵
  PID:6768
- C:\Windows\System\HnMbzOg.exe
  C:\Windows\System\HnMbzOg.exe
  2⤵
  PID:6788
- C:\Windows\System\LEITjEE.exe
  C:\Windows\System\LEITjEE.exe
  2⤵
  PID:6808
- C:\Windows\System\RPVhvaA.exe
  C:\Windows\System\RPVhvaA.exe
  2⤵
  PID:6832
- C:\Windows\System\JkGovqp.exe
  C:\Windows\System\JkGovqp.exe
  2⤵
  PID:6856
- C:\Windows\System\ZxLuUvZ.exe
  C:\Windows\System\ZxLuUvZ.exe
  2⤵
  PID:6900
- C:\Windows\System\rhgMhtP.exe
  C:\Windows\System\rhgMhtP.exe
  2⤵
  PID:6932
- C:\Windows\System\oOkSTRn.exe
  C:\Windows\System\oOkSTRn.exe
  2⤵
  PID:6956
- C:\Windows\System\EpQGJgq.exe
  C:\Windows\System\EpQGJgq.exe
  2⤵
  PID:6972
- C:\Windows\System\HXRVslK.exe
  C:\Windows\System\HXRVslK.exe
  2⤵
  PID:6992
- C:\Windows\System\jgfsvGT.exe
  C:\Windows\System\jgfsvGT.exe
  2⤵
  PID:7032
- C:\Windows\System\gPNymjN.exe
  C:\Windows\System\gPNymjN.exe
  2⤵
  PID:7052
- C:\Windows\System\DdNhAFZ.exe
  C:\Windows\System\DdNhAFZ.exe
  2⤵
  PID:7068
- C:\Windows\System\uCqpYOU.exe
  C:\Windows\System\uCqpYOU.exe
  2⤵
  PID:7136
- C:\Windows\System\HcMGadp.exe
  C:\Windows\System\HcMGadp.exe
  2⤵
  PID:5896
- C:\Windows\System\LbRTGcG.exe
  C:\Windows\System\LbRTGcG.exe
  2⤵
  PID:6196
- C:\Windows\System\btnpwyz.exe
  C:\Windows\System\btnpwyz.exe
  2⤵
  PID:6220
- C:\Windows\System\RzrjQjU.exe
  C:\Windows\System\RzrjQjU.exe
  2⤵
  PID:6292
- C:\Windows\System\XUubQRk.exe
  C:\Windows\System\XUubQRk.exe
  2⤵
  PID:6340
- C:\Windows\System\ygFYFzV.exe
  C:\Windows\System\ygFYFzV.exe
  2⤵
  PID:6388
- C:\Windows\System\njApVez.exe
  C:\Windows\System\njApVez.exe
  2⤵
  PID:6440
- C:\Windows\System\ZhMEaMl.exe
  C:\Windows\System\ZhMEaMl.exe
  2⤵
  PID:5452
- C:\Windows\System\ngregAV.exe
  C:\Windows\System\ngregAV.exe
  2⤵
  PID:4100
- C:\Windows\System\XXFMysa.exe
  C:\Windows\System\XXFMysa.exe
  2⤵
  PID:6648
- C:\Windows\System\oPvmfFI.exe
  C:\Windows\System\oPvmfFI.exe
  2⤵
  PID:6716
- C:\Windows\System\gzJLaak.exe
  C:\Windows\System\gzJLaak.exe
  2⤵
  PID:6804
- C:\Windows\System\TbKOunL.exe
  C:\Windows\System\TbKOunL.exe
  2⤵
  PID:6892
- C:\Windows\System\xJUUujM.exe
  C:\Windows\System\xJUUujM.exe
  2⤵
  PID:3192
- C:\Windows\System\PzRYdRd.exe
  C:\Windows\System\PzRYdRd.exe
  2⤵
  PID:6944
- C:\Windows\System\XhxezMM.exe
  C:\Windows\System\XhxezMM.exe
  2⤵
  PID:7044
- C:\Windows\System\ykIyDuh.exe
  C:\Windows\System\ykIyDuh.exe
  2⤵
  PID:7092
- C:\Windows\System\WUcYAtV.exe
  C:\Windows\System\WUcYAtV.exe
  2⤵
  PID:7152
- C:\Windows\System\GKttCxG.exe
  C:\Windows\System\GKttCxG.exe
  2⤵
  PID:6288
- C:\Windows\System\jXWTEvQ.exe
  C:\Windows\System\jXWTEvQ.exe
  2⤵
  PID:6324
- C:\Windows\System\RErPlVc.exe
  C:\Windows\System\RErPlVc.exe
  2⤵
  PID:5248
- C:\Windows\System\UYbDErw.exe
  C:\Windows\System\UYbDErw.exe
  2⤵
  PID:6572
- C:\Windows\System\NlEDDxm.exe
  C:\Windows\System\NlEDDxm.exe
  2⤵
  PID:6696
- C:\Windows\System\ajzRFVq.exe
  C:\Windows\System\ajzRFVq.exe
  2⤵
  PID:6868
- C:\Windows\System\lolTgYC.exe
  C:\Windows\System\lolTgYC.exe
  2⤵
  PID:7040
- C:\Windows\System\dBWdBVH.exe
  C:\Windows\System\dBWdBVH.exe
  2⤵
  PID:7144
- C:\Windows\System\mUwOmtv.exe
  C:\Windows\System\mUwOmtv.exe
  2⤵
  PID:6396
- C:\Windows\System\LFeyNOY.exe
  C:\Windows\System\LFeyNOY.exe
  2⤵
  PID:6668
- C:\Windows\System\XCHxSKw.exe
  C:\Windows\System\XCHxSKw.exe
  2⤵
  PID:6964
- C:\Windows\System\QYwtywG.exe
  C:\Windows\System\QYwtywG.exe
  2⤵
  PID:6632
- C:\Windows\System\CnZNJpX.exe
  C:\Windows\System\CnZNJpX.exe
  2⤵
  PID:6968
- C:\Windows\System\REzQioB.exe
  C:\Windows\System\REzQioB.exe
  2⤵
  PID:7184
- C:\Windows\System\iiwrTgF.exe
  C:\Windows\System\iiwrTgF.exe
  2⤵
  PID:7204
- C:\Windows\System\AoJhfPX.exe
  C:\Windows\System\AoJhfPX.exe
  2⤵
  PID:7228
- C:\Windows\System\HhgZsWe.exe
  C:\Windows\System\HhgZsWe.exe
  2⤵
  PID:7256
- C:\Windows\System\yasPkWL.exe
  C:\Windows\System\yasPkWL.exe
  2⤵
  PID:7284
- C:\Windows\System\QFIDqnW.exe
  C:\Windows\System\QFIDqnW.exe
  2⤵
  PID:7308
- C:\Windows\System\AutdQAC.exe
  C:\Windows\System\AutdQAC.exe
  2⤵
  PID:7324
- C:\Windows\System\MJDRLDN.exe
  C:\Windows\System\MJDRLDN.exe
  2⤵
  PID:7352
- C:\Windows\System\CMuXRDn.exe
  C:\Windows\System\CMuXRDn.exe
  2⤵
  PID:7404
- C:\Windows\System\IMGYEve.exe
  C:\Windows\System\IMGYEve.exe
  2⤵
  PID:7424
- C:\Windows\System\WPSnjZd.exe
  C:\Windows\System\WPSnjZd.exe
  2⤵
  PID:7472
- C:\Windows\System\cRzfsgL.exe
  C:\Windows\System\cRzfsgL.exe
  2⤵
  PID:7508
- C:\Windows\System\ZJqSGjN.exe
  C:\Windows\System\ZJqSGjN.exe
  2⤵
  PID:7532
- C:\Windows\System\xEUdYVN.exe
  C:\Windows\System\xEUdYVN.exe
  2⤵
  PID:7552
- C:\Windows\System\kDvCtGZ.exe
  C:\Windows\System\kDvCtGZ.exe
  2⤵
  PID:7572
- C:\Windows\System\JnJFTOy.exe
  C:\Windows\System\JnJFTOy.exe
  2⤵
  PID:7600
- C:\Windows\System\tLERFCS.exe
  C:\Windows\System\tLERFCS.exe
  2⤵
  PID:7620
- C:\Windows\System\qGfemVD.exe
  C:\Windows\System\qGfemVD.exe
  2⤵
  PID:7644
- C:\Windows\System\OkDcNqd.exe
  C:\Windows\System\OkDcNqd.exe
  2⤵
  PID:7700
- C:\Windows\System\lzyjCKd.exe
  C:\Windows\System\lzyjCKd.exe
  2⤵
  PID:7728
- C:\Windows\System\RDrCmEK.exe
  C:\Windows\System\RDrCmEK.exe
  2⤵
  PID:7752
- C:\Windows\System\PcaXFvD.exe
  C:\Windows\System\PcaXFvD.exe
  2⤵
  PID:7776
- C:\Windows\System\LVjEBqX.exe
  C:\Windows\System\LVjEBqX.exe
  2⤵
  PID:7796
- C:\Windows\System\YFmtaTI.exe
  C:\Windows\System\YFmtaTI.exe
  2⤵
  PID:7824
- C:\Windows\System\LSiblof.exe
  C:\Windows\System\LSiblof.exe
  2⤵
  PID:7852
- C:\Windows\System\wYyTAQP.exe
  C:\Windows\System\wYyTAQP.exe
  2⤵
  PID:7896
- C:\Windows\System\AqUBHXE.exe
  C:\Windows\System\AqUBHXE.exe
  2⤵
  PID:7916
- C:\Windows\System\dxOhLkL.exe
  C:\Windows\System\dxOhLkL.exe
  2⤵
  PID:7936
- C:\Windows\System\LyCGWGy.exe
  C:\Windows\System\LyCGWGy.exe
  2⤵
  PID:7968
- C:\Windows\System\DIWkKdq.exe
  C:\Windows\System\DIWkKdq.exe
  2⤵
  PID:7984
- C:\Windows\System\mcoMihA.exe
  C:\Windows\System\mcoMihA.exe
  2⤵
  PID:8028
- C:\Windows\System\kNVDyJU.exe
  C:\Windows\System\kNVDyJU.exe
  2⤵
  PID:8044
- C:\Windows\System\AGAXWrA.exe
  C:\Windows\System\AGAXWrA.exe
  2⤵
  PID:8092
- C:\Windows\System\jqZDIzA.exe
  C:\Windows\System\jqZDIzA.exe
  2⤵
  PID:8116
- C:\Windows\System\ZEhFxkb.exe
  C:\Windows\System\ZEhFxkb.exe
  2⤵
  PID:8140
- C:\Windows\System\JJvgVVt.exe
  C:\Windows\System\JJvgVVt.exe
  2⤵
  PID:8180
- C:\Windows\System\cnXtzRq.exe
  C:\Windows\System\cnXtzRq.exe
  2⤵
  PID:7176
- C:\Windows\System\SXwBAXZ.exe
  C:\Windows\System\SXwBAXZ.exe
  2⤵
  PID:7268
- C:\Windows\System\ZhJmsaY.exe
  C:\Windows\System\ZhJmsaY.exe
  2⤵
  PID:7292
- C:\Windows\System\ysgCugq.exe
  C:\Windows\System\ysgCugq.exe
  2⤵
  PID:7296
- C:\Windows\System\LmHwdCG.exe
  C:\Windows\System\LmHwdCG.exe
  2⤵
  PID:7364
- C:\Windows\System\NqzAfea.exe
  C:\Windows\System\NqzAfea.exe
  2⤵
  PID:7464
- C:\Windows\System\JGsFfCt.exe
  C:\Windows\System\JGsFfCt.exe
  2⤵
  PID:7488
- C:\Windows\System\uzTAdUN.exe
  C:\Windows\System\uzTAdUN.exe
  2⤵
  PID:7612
- C:\Windows\System\JUTdPNT.exe
  C:\Windows\System\JUTdPNT.exe
  2⤵
  PID:7656
- C:\Windows\System\UtbXtAM.exe
  C:\Windows\System\UtbXtAM.exe
  2⤵
  PID:7736
- C:\Windows\System\OSSJbKM.exe
  C:\Windows\System\OSSJbKM.exe
  2⤵
  PID:7772
- C:\Windows\System\MovOeaY.exe
  C:\Windows\System\MovOeaY.exe
  2⤵
  PID:7872
- C:\Windows\System\FrheXjx.exe
  C:\Windows\System\FrheXjx.exe
  2⤵
  PID:7948
- C:\Windows\System\OFaqcej.exe
  C:\Windows\System\OFaqcej.exe
  2⤵
  PID:7960
- C:\Windows\System\zlwcuhA.exe
  C:\Windows\System\zlwcuhA.exe
  2⤵
  PID:8040
- C:\Windows\System\HybPsNJ.exe
  C:\Windows\System\HybPsNJ.exe
  2⤵
  PID:8080
- C:\Windows\System\uwKZVbF.exe
  C:\Windows\System\uwKZVbF.exe
  2⤵
  PID:8188
- C:\Windows\System\SVmtMxJ.exe
  C:\Windows\System\SVmtMxJ.exe
  2⤵
  PID:7252
- C:\Windows\System\ynPmVoh.exe
  C:\Windows\System\ynPmVoh.exe
  2⤵
  PID:7520
- C:\Windows\System\uQSFlFx.exe
  C:\Windows\System\uQSFlFx.exe
  2⤵
  PID:7592
- C:\Windows\System\mxxysNb.exe
  C:\Windows\System\mxxysNb.exe
  2⤵
  PID:7740
- C:\Windows\System\CQtqMAd.exe
  C:\Windows\System\CQtqMAd.exe
  2⤵
  PID:7928
- C:\Windows\System\kZPGKkW.exe
  C:\Windows\System\kZPGKkW.exe
  2⤵
  PID:8068
- C:\Windows\System\YdsBSOa.exe
  C:\Windows\System\YdsBSOa.exe
  2⤵
  PID:8156
- C:\Windows\System\mSzcLCE.exe
  C:\Windows\System\mSzcLCE.exe
  2⤵
  PID:7416
- C:\Windows\System\twxuPzb.exe
  C:\Windows\System\twxuPzb.exe
  2⤵
  PID:7640
- C:\Windows\System\VLKsiKC.exe
  C:\Windows\System\VLKsiKC.exe
  2⤵
  PID:8008
- C:\Windows\System\CjStgeH.exe
  C:\Windows\System\CjStgeH.exe
  2⤵
  PID:4976
- C:\Windows\System\vwJhZym.exe
  C:\Windows\System\vwJhZym.exe
  2⤵
  PID:7636
- C:\Windows\System\ByMqqBg.exe
  C:\Windows\System\ByMqqBg.exe
  2⤵
  PID:8224
- C:\Windows\System\cfgDBFY.exe
  C:\Windows\System\cfgDBFY.exe
  2⤵
  PID:8252
- C:\Windows\System\IAXVhVE.exe
  C:\Windows\System\IAXVhVE.exe
  2⤵
  PID:8276
- C:\Windows\System\PzeYluV.exe
  C:\Windows\System\PzeYluV.exe
  2⤵
  PID:8296
- C:\Windows\System\LEeLvqF.exe
  C:\Windows\System\LEeLvqF.exe
  2⤵
  PID:8328
- C:\Windows\System\oBjqtFP.exe
  C:\Windows\System\oBjqtFP.exe
  2⤵
  PID:8376
- C:\Windows\System\ZoeKsLz.exe
  C:\Windows\System\ZoeKsLz.exe
  2⤵
  PID:8396
- C:\Windows\System\vezATgm.exe
  C:\Windows\System\vezATgm.exe
  2⤵
  PID:8420
- C:\Windows\System\THcVgYR.exe
  C:\Windows\System\THcVgYR.exe
  2⤵
  PID:8452
- C:\Windows\System\Qeimybd.exe
  C:\Windows\System\Qeimybd.exe
  2⤵
  PID:8472
- C:\Windows\System\fZpocZX.exe
  C:\Windows\System\fZpocZX.exe
  2⤵
  PID:8504
- C:\Windows\System\YAruPqM.exe
  C:\Windows\System\YAruPqM.exe
  2⤵
  PID:8536
- C:\Windows\System\lUYOqdR.exe
  C:\Windows\System\lUYOqdR.exe
  2⤵
  PID:8556
- C:\Windows\System\grVIfEC.exe
  C:\Windows\System\grVIfEC.exe
  2⤵
  PID:8584
- C:\Windows\System\WXLVZxf.exe
  C:\Windows\System\WXLVZxf.exe
  2⤵
  PID:8612
- C:\Windows\System\eVtkpLx.exe
  C:\Windows\System\eVtkpLx.exe
  2⤵
  PID:8636
- C:\Windows\System\GhlOodZ.exe
  C:\Windows\System\GhlOodZ.exe
  2⤵
  PID:8656
- C:\Windows\System\ObjFuRg.exe
  C:\Windows\System\ObjFuRg.exe
  2⤵
  PID:8684
- C:\Windows\System\cicvkOI.exe
  C:\Windows\System\cicvkOI.exe
  2⤵
  PID:8708
- C:\Windows\System\BGkMJKO.exe
  C:\Windows\System\BGkMJKO.exe
  2⤵
  PID:8724
- C:\Windows\System\oxNWdvS.exe
  C:\Windows\System\oxNWdvS.exe
  2⤵
  PID:8748
- C:\Windows\System\ysZeoFn.exe
  C:\Windows\System\ysZeoFn.exe
  2⤵
  PID:8788
- C:\Windows\System\ziPnGWz.exe
  C:\Windows\System\ziPnGWz.exe
  2⤵
  PID:8816
- C:\Windows\System\piidjfL.exe
  C:\Windows\System\piidjfL.exe
  2⤵
  PID:8836
- C:\Windows\System\XVHwyKo.exe
  C:\Windows\System\XVHwyKo.exe
  2⤵
  PID:8872
- C:\Windows\System\LOtRVoQ.exe
  C:\Windows\System\LOtRVoQ.exe
  2⤵
  PID:8888
- C:\Windows\System\nHznxbt.exe
  C:\Windows\System\nHznxbt.exe
  2⤵
  PID:8908
- C:\Windows\System\KOhVoOm.exe
  C:\Windows\System\KOhVoOm.exe
  2⤵
  PID:8924
- C:\Windows\System\yHuVmlR.exe
  C:\Windows\System\yHuVmlR.exe
  2⤵
  PID:8948
- C:\Windows\System\eKiESLo.exe
  C:\Windows\System\eKiESLo.exe
  2⤵
  PID:8964
- C:\Windows\System\pVqOpHO.exe
  C:\Windows\System\pVqOpHO.exe
  2⤵
  PID:8996
- C:\Windows\System\ShCuzlm.exe
  C:\Windows\System\ShCuzlm.exe
  2⤵
  PID:9028
- C:\Windows\System\ZqicfUA.exe
  C:\Windows\System\ZqicfUA.exe
  2⤵
  PID:9052
- C:\Windows\System\etuzTei.exe
  C:\Windows\System\etuzTei.exe
  2⤵
  PID:9116
- C:\Windows\System\NmKFaYY.exe
  C:\Windows\System\NmKFaYY.exe
  2⤵
  PID:9152
- C:\Windows\System\ilOxSKC.exe
  C:\Windows\System\ilOxSKC.exe
  2⤵
  PID:9172
- C:\Windows\System\qKGWebF.exe
  C:\Windows\System\qKGWebF.exe
  2⤵
  PID:9192
- C:\Windows\System\uQsLGFw.exe
  C:\Windows\System\uQsLGFw.exe
  2⤵
  PID:8236
- C:\Windows\System\RRxjxfE.exe
  C:\Windows\System\RRxjxfE.exe
  2⤵
  PID:8392
- C:\Windows\System\JCbFSBh.exe
  C:\Windows\System\JCbFSBh.exe
  2⤵
  PID:8440
- C:\Windows\System\mqSABMD.exe
  C:\Windows\System\mqSABMD.exe
  2⤵
  PID:8520
- C:\Windows\System\ABdDLdT.exe
  C:\Windows\System\ABdDLdT.exe
  2⤵
  PID:8552
- C:\Windows\System\CcGEMbn.exe
  C:\Windows\System\CcGEMbn.exe
  2⤵
  PID:8624
- C:\Windows\System\ffvnpwY.exe
  C:\Windows\System\ffvnpwY.exe
  2⤵
  PID:8652
- C:\Windows\System\yrKSCTD.exe
  C:\Windows\System\yrKSCTD.exe
  2⤵
  PID:8704
- C:\Windows\System\JMPdYkR.exe
  C:\Windows\System\JMPdYkR.exe
  2⤵
  PID:8796
- C:\Windows\System\uVxRpKi.exe
  C:\Windows\System\uVxRpKi.exe
  2⤵
  PID:8880
- C:\Windows\System\GFPXldB.exe
  C:\Windows\System\GFPXldB.exe
  2⤵
  PID:8936
- C:\Windows\System\NLHYSPm.exe
  C:\Windows\System\NLHYSPm.exe
  2⤵
  PID:9024
- C:\Windows\System\lqyOunL.exe
  C:\Windows\System\lqyOunL.exe
  2⤵
  PID:8956
- C:\Windows\System\VIJDmJB.exe
  C:\Windows\System\VIJDmJB.exe
  2⤵
  PID:8992
- C:\Windows\System\DrljKqP.exe
  C:\Windows\System\DrljKqP.exe
  2⤵
  PID:9108
- C:\Windows\System\KItfRyp.exe
  C:\Windows\System\KItfRyp.exe
  2⤵
  PID:9144
- C:\Windows\System\nIiriMo.exe
  C:\Windows\System\nIiriMo.exe
  2⤵
  PID:8372
- C:\Windows\System\HTGstOw.exe
  C:\Windows\System\HTGstOw.exe
  2⤵
  PID:8416
- C:\Windows\System\uLEJmeD.exe
  C:\Windows\System\uLEJmeD.exe
  2⤵
  PID:8580
- C:\Windows\System\OiQDtQx.exe
  C:\Windows\System\OiQDtQx.exe
  2⤵
  PID:5056
- C:\Windows\System\ccNslVo.exe
  C:\Windows\System\ccNslVo.exe
  2⤵
  PID:8700
- C:\Windows\System\PEzyazD.exe
  C:\Windows\System\PEzyazD.exe
  2⤵
  PID:8832
- C:\Windows\System\fpuRWpR.exe
  C:\Windows\System\fpuRWpR.exe
  2⤵
  PID:8864
- C:\Windows\System\uafLGWZ.exe
  C:\Windows\System\uafLGWZ.exe
  2⤵
  PID:9088
- C:\Windows\System\gQYWSLu.exe
  C:\Windows\System\gQYWSLu.exe
  2⤵
  PID:8220
- C:\Windows\System\vKXuZAv.exe
  C:\Windows\System\vKXuZAv.exe
  2⤵
  PID:8468
- C:\Windows\System\ibMmHRN.exe
  C:\Windows\System\ibMmHRN.exe
  2⤵
  PID:8676
- C:\Windows\System\mBoEUug.exe
  C:\Windows\System\mBoEUug.exe
  2⤵
  PID:9020
- C:\Windows\System\IucumKD.exe
  C:\Windows\System\IucumKD.exe
  2⤵
  PID:5400
- C:\Windows\System\XsGbCoP.exe
  C:\Windows\System\XsGbCoP.exe
  2⤵
  PID:5620
- C:\Windows\System\OprkSBH.exe
  C:\Windows\System\OprkSBH.exe
  2⤵
  PID:8828
- C:\Windows\System\HjRbSSv.exe
  C:\Windows\System\HjRbSSv.exe
  2⤵
  PID:3064
- C:\Windows\System\GlwylOm.exe
  C:\Windows\System\GlwylOm.exe
  2⤵
  PID:9256
- C:\Windows\System\OvSgCFQ.exe
  C:\Windows\System\OvSgCFQ.exe
  2⤵
  PID:9272
- C:\Windows\System\nIrdHNu.exe
  C:\Windows\System\nIrdHNu.exe
  2⤵
  PID:9296
- C:\Windows\System\tkUJprx.exe
  C:\Windows\System\tkUJprx.exe
  2⤵
  PID:9320
- C:\Windows\System\XIbCPEY.exe
  C:\Windows\System\XIbCPEY.exe
  2⤵
  PID:9344
- C:\Windows\System\kgtkwOY.exe
  C:\Windows\System\kgtkwOY.exe
  2⤵
  PID:9400
- C:\Windows\System\KqPQUoV.exe
  C:\Windows\System\KqPQUoV.exe
  2⤵
  PID:9420
- C:\Windows\System\gTRNOyt.exe
  C:\Windows\System\gTRNOyt.exe
  2⤵
  PID:9464
- C:\Windows\System\xMtNwDn.exe
  C:\Windows\System\xMtNwDn.exe
  2⤵
  PID:9488
- C:\Windows\System\AENOOla.exe
  C:\Windows\System\AENOOla.exe
  2⤵
  PID:9508
- C:\Windows\System\EzkHktS.exe
  C:\Windows\System\EzkHktS.exe
  2⤵
  PID:9536
- C:\Windows\System\TuVWiZd.exe
  C:\Windows\System\TuVWiZd.exe
  2⤵
  PID:9560
- C:\Windows\System\eWLDRay.exe
  C:\Windows\System\eWLDRay.exe
  2⤵
  PID:9584
- C:\Windows\System\SvCxqWh.exe
  C:\Windows\System\SvCxqWh.exe
  2⤵
  PID:9612
- C:\Windows\System\ftlZcre.exe
  C:\Windows\System\ftlZcre.exe
  2⤵
  PID:9656
- C:\Windows\System\okCboRf.exe
  C:\Windows\System\okCboRf.exe
  2⤵
  PID:9684
- C:\Windows\System\YaBWafI.exe
  C:\Windows\System\YaBWafI.exe
  2⤵
  PID:9712
- C:\Windows\System\iHJiVGK.exe
  C:\Windows\System\iHJiVGK.exe
  2⤵
  PID:9740
- C:\Windows\System\oFngAXb.exe
  C:\Windows\System\oFngAXb.exe
  2⤵
  PID:9760
- C:\Windows\System\gvTlJLb.exe
  C:\Windows\System\gvTlJLb.exe
  2⤵
  PID:9776
- C:\Windows\System\zlXVeFk.exe
  C:\Windows\System\zlXVeFk.exe
  2⤵
  PID:9796
- C:\Windows\System\srLLjCk.exe
  C:\Windows\System\srLLjCk.exe
  2⤵
  PID:9828
- C:\Windows\System\yoAHbxp.exe
  C:\Windows\System\yoAHbxp.exe
  2⤵
  PID:9848
- C:\Windows\System\FvkbkjH.exe
  C:\Windows\System\FvkbkjH.exe
  2⤵
  PID:9868
- C:\Windows\System\cqXGOwV.exe
  C:\Windows\System\cqXGOwV.exe
  2⤵
  PID:9888
- C:\Windows\System\tQIhoSL.exe
  C:\Windows\System\tQIhoSL.exe
  2⤵
  PID:9932
- C:\Windows\System\dMqxVZo.exe
  C:\Windows\System\dMqxVZo.exe
  2⤵
  PID:9960
- C:\Windows\System\RvZLKNs.exe
  C:\Windows\System\RvZLKNs.exe
  2⤵
  PID:9984
- C:\Windows\System\sSxizJZ.exe
  C:\Windows\System\sSxizJZ.exe
  2⤵
  PID:10004
- C:\Windows\System\Xaoofrn.exe
  C:\Windows\System\Xaoofrn.exe
  2⤵
  PID:10036
- C:\Windows\System\uQxwBDH.exe
  C:\Windows\System\uQxwBDH.exe
  2⤵
  PID:10108
- C:\Windows\System\tJKliQd.exe
  C:\Windows\System\tJKliQd.exe
  2⤵
  PID:10132
- C:\Windows\System\RBrqJru.exe
  C:\Windows\System\RBrqJru.exe
  2⤵
  PID:10160
- C:\Windows\System\kBMhbcY.exe
  C:\Windows\System\kBMhbcY.exe
  2⤵
  PID:10180
- C:\Windows\System\TNhjlVo.exe
  C:\Windows\System\TNhjlVo.exe
  2⤵
  PID:10200
- C:\Windows\System\AwgzsKS.exe
  C:\Windows\System\AwgzsKS.exe
  2⤵
  PID:10224
- C:\Windows\System\yDCdFSc.exe
  C:\Windows\System\yDCdFSc.exe
  2⤵
  PID:5112
- C:\Windows\System\kLMnWOC.exe
  C:\Windows\System\kLMnWOC.exe
  2⤵
  PID:9280
- C:\Windows\System\UzzOuHd.exe
  C:\Windows\System\UzzOuHd.exe
  2⤵
  PID:9352
- C:\Windows\System\nAVEdPS.exe
  C:\Windows\System\nAVEdPS.exe
  2⤵
  PID:9408
- C:\Windows\System\BpXHWig.exe
  C:\Windows\System\BpXHWig.exe
  2⤵
  PID:9456
- C:\Windows\System\AFsILmz.exe
  C:\Windows\System\AFsILmz.exe
  2⤵
  PID:9528
- C:\Windows\System\sXadYgw.exe
  C:\Windows\System\sXadYgw.exe
  2⤵
  PID:9548
- C:\Windows\System\RPfsYqq.exe
  C:\Windows\System\RPfsYqq.exe
  2⤵
  PID:9644
- C:\Windows\System\bmNMMzM.exe
  C:\Windows\System\bmNMMzM.exe
  2⤵
  PID:9692
- C:\Windows\System\yISSoAe.exe
  C:\Windows\System\yISSoAe.exe
  2⤵
  PID:9772
- C:\Windows\System\SkHyDpa.exe
  C:\Windows\System\SkHyDpa.exe
  2⤵
  PID:9792
- C:\Windows\System\nQORhEV.exe
  C:\Windows\System\nQORhEV.exe
  2⤵
  PID:9876
- C:\Windows\System\mytHmxz.exe
  C:\Windows\System\mytHmxz.exe
  2⤵
  PID:9880
- C:\Windows\System\MZPPLFJ.exe
  C:\Windows\System\MZPPLFJ.exe
  2⤵
  PID:9924
- C:\Windows\System\qdMnixD.exe
  C:\Windows\System\qdMnixD.exe
  2⤵
  PID:10028
- C:\Windows\System\FVGeyES.exe
  C:\Windows\System\FVGeyES.exe
  2⤵
  PID:10168
- C:\Windows\System\oQHvLId.exe
  C:\Windows\System\oQHvLId.exe
  2⤵
  PID:10232
- C:\Windows\System\ZNhGDIA.exe
  C:\Windows\System\ZNhGDIA.exe
  2⤵
  PID:5576
- C:\Windows\System\WCkwExA.exe
  C:\Windows\System\WCkwExA.exe
  2⤵
  PID:9316
- C:\Windows\System\PHXpIvX.exe
  C:\Windows\System\PHXpIvX.exe
  2⤵
  PID:1460
- C:\Windows\System\mrdWbAE.exe
  C:\Windows\System\mrdWbAE.exe
  2⤵
  PID:9504
- C:\Windows\System\kVeTAsC.exe
  C:\Windows\System\kVeTAsC.exe
  2⤵
  PID:9664
- C:\Windows\System\MqMXmhJ.exe
  C:\Windows\System\MqMXmhJ.exe
  2⤵
  PID:9860
- C:\Windows\System\FFwwzPB.exe
  C:\Windows\System\FFwwzPB.exe
  2⤵
  PID:10016
- C:\Windows\System\MIxBZAS.exe
  C:\Windows\System\MIxBZAS.exe
  2⤵
  PID:10076
- C:\Windows\System\UuzALKs.exe
  C:\Windows\System\UuzALKs.exe
  2⤵
  PID:9308
- C:\Windows\System\udTSfIe.exe
  C:\Windows\System\udTSfIe.exe
  2⤵
  PID:9676
- C:\Windows\System\WlRsbVg.exe
  C:\Windows\System\WlRsbVg.exe
  2⤵
  PID:10268
- C:\Windows\System\HOIhGWK.exe
  C:\Windows\System\HOIhGWK.exe
  2⤵
  PID:10332
- C:\Windows\System\XBHmrZt.exe
  C:\Windows\System\XBHmrZt.exe
  2⤵
  PID:10348
- C:\Windows\System\DtHzdds.exe
  C:\Windows\System\DtHzdds.exe
  2⤵
  PID:10364
- C:\Windows\System\wrcrujO.exe
  C:\Windows\System\wrcrujO.exe
  2⤵
  PID:10380
- C:\Windows\System\miJrmyX.exe
  C:\Windows\System\miJrmyX.exe
  2⤵
  PID:10396
- C:\Windows\System\DfpqUrl.exe
  C:\Windows\System\DfpqUrl.exe
  2⤵
  PID:10412
- C:\Windows\System\idepWDL.exe
  C:\Windows\System\idepWDL.exe
  2⤵
  PID:10428
- C:\Windows\System\fWrwsVb.exe
  C:\Windows\System\fWrwsVb.exe
  2⤵
  PID:10452
- C:\Windows\System\hLJRKMe.exe
  C:\Windows\System\hLJRKMe.exe
  2⤵
  PID:10472
- C:\Windows\System\uPZMUCN.exe
  C:\Windows\System\uPZMUCN.exe
  2⤵
  PID:10492
- C:\Windows\System\CtTDhlX.exe
  C:\Windows\System\CtTDhlX.exe
  2⤵
  PID:10512
- C:\Windows\System\HNBrchq.exe
  C:\Windows\System\HNBrchq.exe
  2⤵
  PID:10528
- C:\Windows\System\KcYJbNb.exe
  C:\Windows\System\KcYJbNb.exe
  2⤵
  PID:10544
- C:\Windows\System\pCudUNu.exe
  C:\Windows\System\pCudUNu.exe
  2⤵
  PID:10560
- C:\Windows\System\kLZUPws.exe
  C:\Windows\System\kLZUPws.exe
  2⤵
  PID:10576
- C:\Windows\System\lgLUpIA.exe
  C:\Windows\System\lgLUpIA.exe
  2⤵
  PID:10596
- C:\Windows\System\sEVyldW.exe
  C:\Windows\System\sEVyldW.exe
  2⤵
  PID:10696
- C:\Windows\System\BTYSHsD.exe
  C:\Windows\System\BTYSHsD.exe
  2⤵
  PID:10712
- C:\Windows\System\yBRfTpm.exe
  C:\Windows\System\yBRfTpm.exe
  2⤵
  PID:10800
- C:\Windows\System\XTfIYZW.exe
  C:\Windows\System\XTfIYZW.exe
  2⤵
  PID:10824
- C:\Windows\System\rAqyIRS.exe
  C:\Windows\System\rAqyIRS.exe
  2⤵
  PID:10916
- C:\Windows\System\yQfOFAU.exe
  C:\Windows\System\yQfOFAU.exe
  2⤵
  PID:10956
- C:\Windows\System\krmMBMk.exe
  C:\Windows\System\krmMBMk.exe
  2⤵
  PID:10984
- C:\Windows\System\RmORdiM.exe
  C:\Windows\System\RmORdiM.exe
  2⤵
  PID:11000
- C:\Windows\System\EPoITdz.exe
  C:\Windows\System\EPoITdz.exe
  2⤵
  PID:11024
- C:\Windows\System\Oyjhwrw.exe
  C:\Windows\System\Oyjhwrw.exe
  2⤵
  PID:11056
- C:\Windows\System\TXjZJGI.exe
  C:\Windows\System\TXjZJGI.exe
  2⤵
  PID:11088
- C:\Windows\System\TegEpxy.exe
  C:\Windows\System\TegEpxy.exe
  2⤵
  PID:11108
- C:\Windows\System\HilqEWH.exe
  C:\Windows\System\HilqEWH.exe
  2⤵
  PID:11128
- C:\Windows\System\ruNyQJA.exe
  C:\Windows\System\ruNyQJA.exe
  2⤵
  PID:11168
- C:\Windows\System\bBaeUAZ.exe
  C:\Windows\System\bBaeUAZ.exe
  2⤵
  PID:11200
- C:\Windows\System\xPDcMnM.exe
  C:\Windows\System\xPDcMnM.exe
  2⤵
  PID:11228
- C:\Windows\System\ubggwBE.exe
  C:\Windows\System\ubggwBE.exe
  2⤵
  PID:11244
- C:\Windows\System\DxXITbN.exe
  C:\Windows\System\DxXITbN.exe
  2⤵
  PID:9436
- C:\Windows\System\OswNTEq.exe
  C:\Windows\System\OswNTEq.exe
  2⤵
  PID:1940
- C:\Windows\System\JbJBvny.exe
  C:\Windows\System\JbJBvny.exe
  2⤵
  PID:10252
- C:\Windows\System\tREYlRY.exe
  C:\Windows\System\tREYlRY.exe
  2⤵
  PID:10292
- C:\Windows\System\VgNlEVi.exe
  C:\Windows\System\VgNlEVi.exe
  2⤵
  PID:10484
- C:\Windows\System\vxtpURH.exe
  C:\Windows\System\vxtpURH.exe
  2⤵
  PID:10372
- C:\Windows\System\plaMqlQ.exe
  C:\Windows\System\plaMqlQ.exe
  2⤵
  PID:10420
- C:\Windows\System\YOmIXoz.exe
  C:\Windows\System\YOmIXoz.exe
  2⤵
  PID:10540
- C:\Windows\System\yYVITZj.exe
  C:\Windows\System\yYVITZj.exe
  2⤵
  PID:10500
- C:\Windows\System\RVuPuxT.exe
  C:\Windows\System\RVuPuxT.exe
  2⤵
  PID:10572
- C:\Windows\System\YMvnqeX.exe
  C:\Windows\System\YMvnqeX.exe
  2⤵
  PID:10656
- C:\Windows\System\JDRztUd.exe
  C:\Windows\System\JDRztUd.exe
  2⤵
  PID:10672
- C:\Windows\System\QhWUuDU.exe
  C:\Windows\System\QhWUuDU.exe
  2⤵
  PID:10748
- C:\Windows\System\AiNNIQv.exe
  C:\Windows\System\AiNNIQv.exe
  2⤵
  PID:10796
- C:\Windows\System\kfAJHVn.exe
  C:\Windows\System\kfAJHVn.exe
  2⤵
  PID:10924
- C:\Windows\System\bmyyTII.exe
  C:\Windows\System\bmyyTII.exe
  2⤵
  PID:10996
- C:\Windows\System\BXhPnWq.exe
  C:\Windows\System\BXhPnWq.exe
  2⤵
  PID:11068
- C:\Windows\System\biBHcOp.exe
  C:\Windows\System\biBHcOp.exe
  2⤵
  PID:11120
- C:\Windows\System\xKjhOng.exe
  C:\Windows\System\xKjhOng.exe
  2⤵
  PID:11156
- C:\Windows\System\oXLSqAc.exe
  C:\Windows\System\oXLSqAc.exe
  2⤵
  PID:1812
- C:\Windows\System\hbSETQj.exe
  C:\Windows\System\hbSETQj.exe
  2⤵
  PID:11256
- C:\Windows\System\MwyWaEY.exe
  C:\Windows\System\MwyWaEY.exe
  2⤵
  PID:5916
- C:\Windows\System\JkEIchv.exe
  C:\Windows\System\JkEIchv.exe
  2⤵
  PID:10288
- C:\Windows\System\ljhsbNP.exe
  C:\Windows\System\ljhsbNP.exe
  2⤵
  PID:10488
- C:\Windows\System\ZYOFmSM.exe
  C:\Windows\System\ZYOFmSM.exe
  2⤵
  PID:10568
- C:\Windows\System\joBiLXj.exe
  C:\Windows\System\joBiLXj.exe
  2⤵
  PID:10524
- C:\Windows\System\ajaDKcU.exe
  C:\Windows\System\ajaDKcU.exe
  2⤵
  PID:10692
- C:\Windows\System\MzDFePb.exe
  C:\Windows\System\MzDFePb.exe
  2⤵
  PID:11036
- C:\Windows\System\MSEfckp.exe
  C:\Windows\System\MSEfckp.exe
  2⤵
  PID:11076
- C:\Windows\System\NPefsrj.exe
  C:\Windows\System\NPefsrj.exe
  2⤵
  PID:11160
- C:\Windows\System\SHCByow.exe
  C:\Windows\System\SHCByow.exe
  2⤵
  PID:11260
- C:\Windows\System\BFDSnVb.exe
  C:\Windows\System\BFDSnVb.exe
  2⤵
  PID:10304
- C:\Windows\System\QTFVSmI.exe
  C:\Windows\System\QTFVSmI.exe
  2⤵
  PID:10644
- C:\Windows\System\guEquqV.exe
  C:\Windows\System\guEquqV.exe
  2⤵
  PID:10440
- C:\Windows\System\GjTwXGJ.exe
  C:\Windows\System\GjTwXGJ.exe
  2⤵
  PID:11192
- C:\Windows\System\pgowjhB.exe
  C:\Windows\System\pgowjhB.exe
  2⤵
  PID:11276
- C:\Windows\System\tVovdHs.exe
  C:\Windows\System\tVovdHs.exe
  2⤵
  PID:11320
- C:\Windows\System\wecVfFe.exe
  C:\Windows\System\wecVfFe.exe
  2⤵
  PID:11344
- C:\Windows\System\PVeowqM.exe
  C:\Windows\System\PVeowqM.exe
  2⤵
  PID:11368
- C:\Windows\System\zfQrXqe.exe
  C:\Windows\System\zfQrXqe.exe
  2⤵
  PID:11400
- C:\Windows\System\cLWatiD.exe
  C:\Windows\System\cLWatiD.exe
  2⤵
  PID:11428
- C:\Windows\System\neccEzn.exe
  C:\Windows\System\neccEzn.exe
  2⤵
  PID:11448
- C:\Windows\System\RBYsyYv.exe
  C:\Windows\System\RBYsyYv.exe
  2⤵
  PID:11488
- C:\Windows\System\yiPEaxH.exe
  C:\Windows\System\yiPEaxH.exe
  2⤵
  PID:11512
- C:\Windows\System\HStQigp.exe
  C:\Windows\System\HStQigp.exe
  2⤵
  PID:11540
- C:\Windows\System\WqwZqxf.exe
  C:\Windows\System\WqwZqxf.exe
  2⤵
  PID:11560
- C:\Windows\System\OvGpzeE.exe
  C:\Windows\System\OvGpzeE.exe
  2⤵
  PID:11576
- C:\Windows\System\SFkUQfK.exe
  C:\Windows\System\SFkUQfK.exe
  2⤵
  PID:11604
- C:\Windows\System\oapmigH.exe
  C:\Windows\System\oapmigH.exe
  2⤵
  PID:11632
- C:\Windows\System\cYdzUkg.exe
  C:\Windows\System\cYdzUkg.exe
  2⤵
  PID:11660
- C:\Windows\System\BBmhGWH.exe
  C:\Windows\System\BBmhGWH.exe
  2⤵
  PID:11688
- C:\Windows\System\zbGnFmM.exe
  C:\Windows\System\zbGnFmM.exe
  2⤵
  PID:11720
- C:\Windows\System\LDRcQLZ.exe
  C:\Windows\System\LDRcQLZ.exe
  2⤵
  PID:11764
- C:\Windows\System\FVfDUDQ.exe
  C:\Windows\System\FVfDUDQ.exe
  2⤵
  PID:11784
- C:\Windows\System\YdCsQTA.exe
  C:\Windows\System\YdCsQTA.exe
  2⤵
  PID:11808
- C:\Windows\System\POjsYVK.exe
  C:\Windows\System\POjsYVK.exe
  2⤵
  PID:11828
- C:\Windows\System\XtcZOSn.exe
  C:\Windows\System\XtcZOSn.exe
  2⤵
  PID:11848
- C:\Windows\System\uldSUlA.exe
  C:\Windows\System\uldSUlA.exe
  2⤵
  PID:11888
- C:\Windows\System\vTqQYmV.exe
  C:\Windows\System\vTqQYmV.exe
  2⤵
  PID:11932
- C:\Windows\System\pediQUl.exe
  C:\Windows\System\pediQUl.exe
  2⤵
  PID:11960
- C:\Windows\System\CNdLFLO.exe
  C:\Windows\System\CNdLFLO.exe
  2⤵
  PID:11980
- C:\Windows\System\nsTWrhM.exe
  C:\Windows\System\nsTWrhM.exe
  2⤵
  PID:12020
- C:\Windows\System\FJFIoEF.exe
  C:\Windows\System\FJFIoEF.exe
  2⤵
  PID:12044
- C:\Windows\System\ezhQfbQ.exe
  C:\Windows\System\ezhQfbQ.exe
  2⤵
  PID:12072
- C:\Windows\System\mtgzsLc.exe
  C:\Windows\System\mtgzsLc.exe
  2⤵
  PID:12100
- C:\Windows\System\oLDImff.exe
  C:\Windows\System\oLDImff.exe
  2⤵
  PID:12120
- C:\Windows\System\oUexGoj.exe
  C:\Windows\System\oUexGoj.exe
  2⤵
  PID:12140
- C:\Windows\System\oDMzLCk.exe
  C:\Windows\System\oDMzLCk.exe
  2⤵
  PID:12168
- C:\Windows\System\TiBVjrQ.exe
  C:\Windows\System\TiBVjrQ.exe
  2⤵
  PID:12212
- C:\Windows\System\UMbaFqH.exe
  C:\Windows\System\UMbaFqH.exe
  2⤵
  PID:12240
- C:\Windows\System\eCcUZsV.exe
  C:\Windows\System\eCcUZsV.exe
  2⤵
  PID:12268
- C:\Windows\System\BepzxFc.exe
  C:\Windows\System\BepzxFc.exe
  2⤵
  PID:10276
- C:\Windows\System\QgClcZj.exe
  C:\Windows\System\QgClcZj.exe
  2⤵
  PID:11300
- C:\Windows\System\zyrmmHc.exe
  C:\Windows\System\zyrmmHc.exe
  2⤵
  PID:11388
- C:\Windows\System\hDVlEZS.exe
  C:\Windows\System\hDVlEZS.exe
  2⤵
  PID:11440
- C:\Windows\System\XeKeTrN.exe
  C:\Windows\System\XeKeTrN.exe
  2⤵
  PID:11520
- C:\Windows\System\VsVJoCI.exe
  C:\Windows\System\VsVJoCI.exe
  2⤵
  PID:11556
- C:\Windows\System\vGxWtuk.exe
  C:\Windows\System\vGxWtuk.exe
  2⤵
  PID:11600
- C:\Windows\System\deotGPd.exe
  C:\Windows\System\deotGPd.exe
  2⤵
  PID:11652
- C:\Windows\System\yburYUy.exe
  C:\Windows\System\yburYUy.exe
  2⤵
  PID:11780
- C:\Windows\System\LdQjOtq.exe
  C:\Windows\System\LdQjOtq.exe
  2⤵
  PID:11824
- C:\Windows\System\Xzfrwwj.exe
  C:\Windows\System\Xzfrwwj.exe
  2⤵
  PID:11868
- C:\Windows\System\TcfFzaH.exe
  C:\Windows\System\TcfFzaH.exe
  2⤵
  PID:11968
- C:\Windows\System\wNApkqI.exe
  C:\Windows\System\wNApkqI.exe
  2⤵
  PID:12012
- C:\Windows\System\WvCtMQG.exe
  C:\Windows\System\WvCtMQG.exe
  2⤵
  PID:12060
- C:\Windows\System\LYazVyM.exe
  C:\Windows\System\LYazVyM.exe
  2⤵
  PID:12116
- C:\Windows\System\rASfWhb.exe
  C:\Windows\System\rASfWhb.exe
  2⤵
  PID:12200
- C:\Windows\System\vtURAte.exe
  C:\Windows\System\vtURAte.exe
  2⤵
  PID:12260
- C:\Windows\System\OGmsZyl.exe
  C:\Windows\System\OGmsZyl.exe
  2⤵
  PID:10552
- C:\Windows\System\WSQlrbE.exe
  C:\Windows\System\WSQlrbE.exe
  2⤵
  PID:11380
- C:\Windows\System\GOvcOAP.exe
  C:\Windows\System\GOvcOAP.exe
  2⤵
  PID:11484
- C:\Windows\System\wIDFBRM.exe
  C:\Windows\System\wIDFBRM.exe
  2⤵
  PID:11648
- C:\Windows\System\pnEJqac.exe
  C:\Windows\System\pnEJqac.exe
  2⤵
  PID:11860
- C:\Windows\System\OWsjulR.exe
  C:\Windows\System\OWsjulR.exe
  2⤵
  PID:11976
- C:\Windows\System\qtNzXGH.exe
  C:\Windows\System\qtNzXGH.exe
  2⤵
  PID:12000
- C:\Windows\System\WyBikxN.exe
  C:\Windows\System\WyBikxN.exe
  2⤵
  PID:12220
- C:\Windows\System\SEYpDtP.exe
  C:\Windows\System\SEYpDtP.exe
  2⤵
  PID:10316
- C:\Windows\System\IrClYMu.exe
  C:\Windows\System\IrClYMu.exe
  2⤵
  PID:11624
- C:\Windows\System\WxFYgdI.exe
  C:\Windows\System\WxFYgdI.exe
  2⤵
  PID:2508
- C:\Windows\System\seUySeu.exe
  C:\Windows\System\seUySeu.exe
  2⤵
  PID:4124
- C:\Windows\System\ogGPtfw.exe
  C:\Windows\System\ogGPtfw.exe
  2⤵
  PID:11972
- C:\Windows\System\okCjVue.exe
  C:\Windows\System\okCjVue.exe
  2⤵
  PID:12304
- C:\Windows\System\XPzASsl.exe
  C:\Windows\System\XPzASsl.exe
  2⤵
  PID:12328
- C:\Windows\System\nqxUBfT.exe
  C:\Windows\System\nqxUBfT.exe
  2⤵
  PID:12372
- C:\Windows\System\eSBRQHD.exe
  C:\Windows\System\eSBRQHD.exe
  2⤵
  PID:12396
- C:\Windows\System\dvippCK.exe
  C:\Windows\System\dvippCK.exe
  2⤵
  PID:12424
- C:\Windows\System\tKCvwLe.exe
  C:\Windows\System\tKCvwLe.exe
  2⤵
  PID:12452
- C:\Windows\System\OAmQgmH.exe
  C:\Windows\System\OAmQgmH.exe
  2⤵
  PID:12472
- C:\Windows\System\zPMiUiR.exe
  C:\Windows\System\zPMiUiR.exe
  2⤵
  PID:12504
- C:\Windows\System\LLGqihz.exe
  C:\Windows\System\LLGqihz.exe
  2⤵
  PID:12540
- C:\Windows\System\zNODgIj.exe
  C:\Windows\System\zNODgIj.exe
  2⤵
  PID:12564
- C:\Windows\System\yDionES.exe
  C:\Windows\System\yDionES.exe
  2⤵
  PID:12584
- C:\Windows\System\MWavbhT.exe
  C:\Windows\System\MWavbhT.exe
  2⤵
  PID:12604
- C:\Windows\System\HmWLbuS.exe
  C:\Windows\System\HmWLbuS.exe
  2⤵
  PID:12644
- C:\Windows\System\AQrdleN.exe
  C:\Windows\System\AQrdleN.exe
  2⤵
  PID:12676
- C:\Windows\System\ztwFnwQ.exe
  C:\Windows\System\ztwFnwQ.exe
  2⤵
  PID:12704
- C:\Windows\System\SEPomEf.exe
  C:\Windows\System\SEPomEf.exe
  2⤵
  PID:12724
- C:\Windows\System\LTjNSJB.exe
  C:\Windows\System\LTjNSJB.exe
  2⤵
  PID:12748
- C:\Windows\System\EnOgxqr.exe
  C:\Windows\System\EnOgxqr.exe
  2⤵
  PID:12768
- C:\Windows\System\IPqmRtP.exe
  C:\Windows\System\IPqmRtP.exe
  2⤵
  PID:12796
- C:\Windows\System\JLlaiei.exe
  C:\Windows\System\JLlaiei.exe
  2⤵
  PID:12836
- C:\Windows\System\pPgnVNP.exe
  C:\Windows\System\pPgnVNP.exe
  2⤵
  PID:12864
- C:\Windows\System\yZDrTdy.exe
  C:\Windows\System\yZDrTdy.exe
  2⤵
  PID:12892
- C:\Windows\System\rRHrbQt.exe
  C:\Windows\System\rRHrbQt.exe
  2⤵
  PID:12912
- C:\Windows\System\KloSKYG.exe
  C:\Windows\System\KloSKYG.exe
  2⤵
  PID:12940
- C:\Windows\System\iobFjVU.exe
  C:\Windows\System\iobFjVU.exe
  2⤵
  PID:12968
- C:\Windows\System\NuoIXyq.exe
  C:\Windows\System\NuoIXyq.exe
  2⤵
  PID:12988
- C:\Windows\System\IFdfSUt.exe
  C:\Windows\System\IFdfSUt.exe
  2⤵
  PID:13016
- C:\Windows\System\iYinsUS.exe
  C:\Windows\System\iYinsUS.exe
  2⤵
  PID:13060
- C:\Windows\System\HaYAwtv.exe
  C:\Windows\System\HaYAwtv.exe
  2⤵
  PID:13084
- C:\Windows\System\VrJwBIF.exe
  C:\Windows\System\VrJwBIF.exe
  2⤵
  PID:13104
- C:\Windows\System\HUFvfIq.exe
  C:\Windows\System\HUFvfIq.exe
  2⤵
  PID:13124
- C:\Windows\System\EqlMBAW.exe
  C:\Windows\System\EqlMBAW.exe
  2⤵
  PID:13156
- C:\Windows\System\zxItHoM.exe
  C:\Windows\System\zxItHoM.exe
  2⤵
  PID:13172
- C:\Windows\System\kSTlzOd.exe
  C:\Windows\System\kSTlzOd.exe
  2⤵
  PID:13192
- C:\Windows\System\Aniabyd.exe
  C:\Windows\System\Aniabyd.exe
  2⤵
  PID:13260
- C:\Windows\System\uiZmkfx.exe
  C:\Windows\System\uiZmkfx.exe
  2⤵
  PID:13288
- C:\Windows\System\RLWpxHF.exe
  C:\Windows\System\RLWpxHF.exe
  2⤵
  PID:2828
- C:\Windows\System\YXTWmkl.exe
  C:\Windows\System\YXTWmkl.exe
  2⤵
  PID:12336
- C:\Windows\System\yiMakHQ.exe
  C:\Windows\System\yiMakHQ.exe
  2⤵
  PID:12388
- C:\Windows\System\ksnYGMQ.exe
  C:\Windows\System\ksnYGMQ.exe
  2⤵
  PID:12460
- C:\Windows\System\NgpJHEH.exe
  C:\Windows\System\NgpJHEH.exe
  2⤵
  PID:12532
- C:\Windows\System\ivUXrQI.exe
  C:\Windows\System\ivUXrQI.exe
  2⤵
  PID:13056
- C:\Windows\System\RAbUFAf.exe
  C:\Windows\System\RAbUFAf.exe
  2⤵
  PID:13212
- C:\Windows\System\HBHPSVP.exe
  C:\Windows\System\HBHPSVP.exe
  2⤵
  PID:13244
- C:\Windows\System\OFDqOws.exe
  C:\Windows\System\OFDqOws.exe
  2⤵
  PID:12300
- C:\Windows\System\ryTSVDp.exe
  C:\Windows\System\ryTSVDp.exe
  2⤵
  PID:12440
- C:\Windows\System\sHoaply.exe
  C:\Windows\System\sHoaply.exe
  2⤵
  PID:12488
- C:\Windows\System\sYraURI.exe
  C:\Windows\System\sYraURI.exe
  2⤵
  PID:12656
- C:\Windows\System\vBQBnJs.exe
  C:\Windows\System\vBQBnJs.exe
  2⤵
  PID:12712
- C:\Windows\System\ISOsotG.exe
  C:\Windows\System\ISOsotG.exe
  2⤵
  PID:12756
- C:\Windows\System\KgxXXjG.exe
  C:\Windows\System\KgxXXjG.exe
  2⤵
  PID:12860
- C:\Windows\System\wwDjqek.exe
  C:\Windows\System\wwDjqek.exe
  2⤵
  PID:12904
- C:\Windows\System\ydlswkC.exe
  C:\Windows\System\ydlswkC.exe
  2⤵
  PID:12932
- C:\Windows\System\bRCExzE.exe
  C:\Windows\System\bRCExzE.exe
  2⤵
  PID:13028
- C:\Windows\System\yJMXOAT.exe
  C:\Windows\System\yJMXOAT.exe
  2⤵
  PID:13076
- C:\Windows\System\SaWtJVS.exe
  C:\Windows\System\SaWtJVS.exe
  2⤵
  PID:13164

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv unj1YgqVBkiAA6su3FMMrQ.0.1
1⤵
PID:13164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3pxpgqyy.h4n.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ACTXbzE.exe

Filesize
1.9MB

MD5
cfdc539b62faf26842b1cb32e849ef5c

SHA1
c72708e36e89ff4f76849f1a641f3aaf23a861ee

SHA256
40b11a38a073a03763538deed02c783579f8ca11c598f2bf7c2965a444fe8662

SHA512
73a64d84d7a5c6eb5bcf02413d5becfcda061224776dfba8fbeecc0cadb020ef766cefe2f785fdb37a7772c42600c9573dcc6180f794332a45ab2a0fdc894580

Download Submit
C:\Windows\System\AOlwANJ.exe

Filesize
1.1MB

MD5
a978c66280810bbe4171fd9248b29e22

SHA1
4af77bf15d85231e85da7adf8e27706a4f58548c

SHA256
ac6c85ac628af7426e6bd9501236d83a2eadea5db4484e86cf28455b6782228e

SHA512
528c2ea75da4e53440719ac4b504365f37103af2407f8ceacc03e90fb3dda9387ca23f9e734471fa0e1e8ab7966df8da444371708898287c00a441ff97e5e33a

Download Submit
C:\Windows\System\CxNIEUw.exe

Filesize
1.9MB

MD5
6b44400073a88c38d8fb91ebd2edd925

SHA1
9afa54464bd9b7ac15576c1fe418218f2e994aa2

SHA256
6c342baf6e77cdd410fd44cd7f06f1da30a5956b8ecf0cf3ffd5bb85700316c0

SHA512
8cddd85f2d65e9910ce0954a1117846a3dc576290b715bc27fd01f437fa7324e553f4f32f8f1e35eed7c8474c8e2ba192ec2256706a40f0f7445c04bb3923a44

Download Submit
C:\Windows\System\EbivxZU.exe

Filesize
1.9MB

MD5
d87f143a9794763ff932b655b5d6b831

SHA1
35a81fc6d470853ea9eac165c707c70bb6a709b1

SHA256
4dcacddec9ba33868e66a19c304643b5ee7158715b00665f9d817287667f4446

SHA512
cb45246f27c059d66dc8d6cb53549e6ad682264bebeb8ecbfa291ede4e96e7342be3e6de161b3041b4472cf42c20786f416f6b12874ec576a9b8b53bc2c96c6d

Download Submit
C:\Windows\System\EpTRTnr.exe

Filesize
1.9MB

MD5
df447c88cac44f3bdcce06a858837b4a

SHA1
f7a0dc3883d3980d5703040a99a71143440da464

SHA256
87a9e51f0cdd5171ce15a15a61f74db2624226f389f24858f628935573b034a1

SHA512
013b4cd3f677722c7672c027c5608090a34dd2846afdcf02ce178d8426759320d04fcc42f7b09fb6b61ec2dcd5102671eabccc1a60364f4dd0118ce36f3aa595

Download Submit
C:\Windows\System\FhltqOx.exe

Filesize
1.9MB

MD5
f97e05a852189c7ee8869b9b63d9b7a8

SHA1
a51a29febcabe08149ffd5b4344877cd18a201b2

SHA256
2224db947ec9e28118597a8fddd135775884abff4dd094ef88a7c7f87d46f9a8

SHA512
6a89b504bd56878d208cec84d77be65392b0a494df7ce172b5d7924df2b83f276190ba0a7093f35b58410d4e2f89e42f04475193a1aa88876371e021731af541

Download Submit
C:\Windows\System\HGrBnyW.exe

Filesize
1.9MB

MD5
113926275f9447854925069d0a7ae9b3

SHA1
591eb9fc37c90f5c7c5d6e6c8ad34ad1c732603c

SHA256
f93714fef146a2f6f301513ff52f727bcf266b4520469ce54f4d0c9d063f7af2

SHA512
ecf639139092187d3f65040ce031c323c01a3e5be24ac6f8f79655e619e3cc00c87499d24328f0cec8d5ab16a386b494360d37e71755b473602f3b53f1d55d87

Download Submit
C:\Windows\System\HIRbmNI.exe

Filesize
1.9MB

MD5
28b237d4afd3ea86d59581a93413df47

SHA1
86d2a92dd4535d38acc21adc25c500ca34a6c861

SHA256
a795f28ff336333eb4c14e4a8eeff19f6c869da54c03de2d3c7133402d40573b

SHA512
4c1a560338ddcf4c6ec4ecd1b68816637e4b43d0eedf45f38269b15dbec7522706e8340b7b863ba1f6c5dbc9f7ebde2d8b4b1f1f2ea2246f06934547d16b34c4

Download Submit
C:\Windows\System\HnZqBKP.exe

Filesize
1.2MB

MD5
6723b6af0b254116e08ead0637661cc7

SHA1
4b1d5c1d78ce0ddc08b594ab74199d18af98d628

SHA256
1a476694b9530d9307319b4d2dbb346bd30e6131d5d08d1f298a70dc578703b6

SHA512
c077cbaf30f43e386263db0584c8d7bfada04fb90f15bacb92313ac9e39b4c1ee4f5df786c19c8162f97984ef8a8ddd12ab2536258c7b23e13f700cdca079827

Download Submit
C:\Windows\System\JeJbCDJ.exe

Filesize
1.9MB

MD5
46e282fc41226cd4da1a504739cf9718

SHA1
01d3e5a0fabd2305782e75f630bda3c4e51165ee

SHA256
458448196de6b8dee48c6b95e9f876f7618bb49625c3d771bb26e204c2aa97cf

SHA512
ac0c054214fcae780c85c56726fb116267d219349ba9daca14f38c72b5d63d39292408af7832fe60d0d6226fabae8806deba6809171f5ca12e209bbd630acb0d

Download Submit
C:\Windows\System\Ljvszlp.exe

Filesize
1.9MB

MD5
6885b1b7a6efc58a597c04ccb3d550e8

SHA1
9c340af5f4e58948dbfedd335bad9431fd8660da

SHA256
f1413c0207b20d1bdff4f3ea1adebd4bdd4d021e04b988a4ced82bf5867a48e8

SHA512
712ac6b2a92fcf89ce975ecee0bc37bc3d9447829c234b1e91ebfc748c94bea61ff2c707b18b14cbaa2dfde383f982ee6770384b953b1a8b20b5d81bd1686b6f

Download Submit
C:\Windows\System\RduHPUL.exe

Filesize
1.9MB

MD5
6eca2a086b1f24b2f05cd8b10806a4c3

SHA1
bcf363ce59903622c1fd64a26c1b1721fd31780c

SHA256
0d3ab26c9273bb8c1eb15cb04718e1fbd7b0fa7e7a3ad7a1d3dcf9f18c33b526

SHA512
c28076cd2e137ff476a8c304aa193326b321b3ae0886a65e5ac428105ed8cb032acae198288178da98fe3a47f55fd74cee00f9cbde34bf017d5007869d9d9d90

Download Submit
C:\Windows\System\RibICvU.exe

Filesize
1.9MB

MD5
fccae8eae7e8876214a793ed0f93ea60

SHA1
95c802b22dc90d677c4fc3e998e35edf3605eb08

SHA256
7f98a8ab8ad5c9d81f6405d46f359e1845beea3306285d70e90ec1daf5989c22

SHA512
3297252620a32ee5eb79ff35ee4689b468792ee56aa130cb8ae8eb308bfa39ace48b88658a6ff7b17535efbcece3236b5c455f16a9d777d92d798958ae3b99d8

Download Submit
C:\Windows\System\SVqqycC.exe

Filesize
1.9MB

MD5
68ebb8aa9f89df85859e55e47a04f5eb

SHA1
a7bee24bf239cc6f4b42a59d78133f7c5659afae

SHA256
c3b71499bbf5ac1dd97385c91deb49945f8306f19ec3ef05335db42e611e3b00

SHA512
82606cb53f225715b491fa5121526f8179cdb3ace75a144bb2e8856a8ef1beed5debbe6dd14ef799ea90b83739d22bf9ce99385d5b5c9550f1f102abe844ec27

Download Submit
C:\Windows\System\TygDLWA.exe

Filesize
1.9MB

MD5
54754eca7617c7ef072ef4176b04df8d

SHA1
db9ebe0b3e39d3cb648a223907c571ae726aa7e4

SHA256
2eb1085982af8df0c8d8e95142e4a99e66e83f11fa979613bedceacb29ec88d5

SHA512
c508bc70761ac743cc2973819186428bece4e06d8e7480e9e3e3f7a2d430faa73b864a84ab997a819b5fde92f8230af0439d2094f358d5124a536d0cdca0269b

Download Submit
C:\Windows\System\WCZjHop.exe

Filesize
1.9MB

MD5
3ab90511e02d89fdf4852581b1b224dd

SHA1
4c3d13e720581045c2e3278136dafde263605616

SHA256
d80537fa999145df0551182532911ae0821e2f6fa65af63eb0886c26fddb3a06

SHA512
c00c38f177a9ea389d6e53fa6fb425006765df3f973e489813461d776a51ce2e125bf77ef86d57d21d03b45e4e2aa99b637acab1a0919de416ecb891326de494

Download Submit
C:\Windows\System\WtgSEVu.exe

Filesize
1.9MB

MD5
491ae8f773c03795dcf14b99bf39e99c

SHA1
166f3a7a749880266b39ef8a503d0d4c5d137ce2

SHA256
f919b56c3d7f018c4a5359a6ed7a18d99c087f69912bd050f82950adeba3399e

SHA512
a2433268fd80a6b7287096be22e42da9ea0c06d2c4a9959a85be256ac4cccd3c9a7b95335ae0f94a2dd92c0411dc0b32affb1d6b22f9e1b37987f96b322003d4

Download Submit
C:\Windows\System\XYWZYSe.exe

Filesize
448KB

MD5
2264ad6cf2c3feda241e32c18cc63613

SHA1
6cf1d5079287ae747430510102276a5d8553f195

SHA256
aab1acd918f567ff34b418fd2971ffb7ad7f9284ea4d62c517c015f2e4f1d70f

SHA512
51d3f07b3e2d80ac627998a5fc071e41f8cd34e52e9d27ee547393019213fb2b53ce77d281d07d4df20e449416034194d3a784391c6fc788a552c1cba010098f

Download Submit
C:\Windows\System\XYWZYSe.exe

Filesize
1.9MB

MD5
d209bf2dce5f125db321076007c8981d

SHA1
1abc7378444eb59c9cfd2a470b0fa30a709e7b0b

SHA256
2ee3d9d9f632cb03bffe694747852d55c246bd64d3bb1692d84151888356469e

SHA512
b2f65c822bbf9aacbc22e7d553063200ee2a56ed0f60f55353f757ac4973ba61c726a7304c15cae888ca5943f986a5134e37a4a423c7bd2d652f660d1d29825f

Download Submit
C:\Windows\System\aCVkvTJ.exe

Filesize
1.9MB

MD5
bfeed129121203e1e4017281cac2f248

SHA1
5237d5b68ba269433855c33b6d043cd25d5dce36

SHA256
a0c7005277a3cf56edd6e2db868effcf86edf5c53fd972d09fd518b9eac7ce37

SHA512
978aa3087d10ea64b178758ba1de0243243a2dab7b5a9f7de28c433ec6ba876937c4f12614b1553d586397bcf1ac8814e495d52629236255c2f17fdee6bb7cf8

Download Submit
C:\Windows\System\bqEyjxy.exe

Filesize
1.9MB

MD5
c4cb4231fab0d03a2e6ceee08369be68

SHA1
777c2b722aeab750c6806d1956a32320cb374b31

SHA256
169582034d8af5fb7c5fda75fd4b5d167b19d19a55f7aa7b1b5fbd233097058f

SHA512
1e73ad2fbaa7e6ff937d0d984951fdbc6494ad62a9609be3b7b3da940401eb259a4792b142a24fc1a7b092bbad25f06e60e56c997243915120f9999d8655e2e9

Download Submit
C:\Windows\System\bqEyjxy.exe

Filesize
1.1MB

MD5
d8da40f27ae4d81866316e9b078d4eb7

SHA1
be334525d900ff63c86dce95c86f3ae21fb82ee5

SHA256
c621317af75737dc842d5fee99c0441c4efb47ffa5321ac820e23508d2156030

SHA512
bb502234ebbe948ce77bd99e7582835a05158443cfd498fc7ba6806252a70ab79145fb6c67f8824885d7195c3926550cb60ba324240c8316500a63999426df0c

Download Submit
C:\Windows\System\dhqLKxS.exe

Filesize
1.9MB

MD5
4d1c0f742013a3a1da04bd311d6eec08

SHA1
9bc2adb6465eef9d3b16b93ec34a4a7c63c9acb8

SHA256
ad56d8124fe32109460ab768569ab54d0675cceedcb733a894c5b977c59a9608

SHA512
85b477d4439fd5ae91671d8d21eb780ba26193844d206f9e7c109685b713f7b9d2857da66a4e60ba461fc84488b40eb58eb0882288ae55508263762f072634ca

Download Submit
C:\Windows\System\eAXtuJb.exe

Filesize
1.9MB

MD5
e4e3f35e298a88fc589671b59f5a90ba

SHA1
7bcdb44acc005ae5e2e447ce1f2d11e19ecb68bf

SHA256
a48880ee1b03eea0a38011185b3a27e3db5ebcd81c92a869f2c0f9c74c62d226

SHA512
8c1ce97bec4dac38c396af0841a6554025cef9da24a81b70ee96e87023f013b2884dccc6cff0cbe550c10cfe671cee9c8a977e2194c3dcd1077021496a9790df

Download Submit
C:\Windows\System\iDRhndw.exe

Filesize
1.9MB

MD5
4ed34c8b55715b644bd395bd572041d2

SHA1
9d5bb13934c57a6274a278057aadb61d38834f52

SHA256
0234335e6a99b424a15033c7f027292dd77805bbcca31540f85b5e7ebd53165f

SHA512
238f188f5fe6a5c5f7059b9775b2e77e8b4386a4e211f25a27c4bcf5f4d41c008a6b1346b329f2c722bb1595f553be1623cfc20d9a388155bf907d0349e093c4

Download Submit
C:\Windows\System\iDoLdmN.exe

Filesize
1.9MB

MD5
7799e6033f8d9471c322f44c1bf4daf8

SHA1
b2341779e5fd63d333347abf74a4b81169c6a9d3

SHA256
2aab41c3cd222989b73417ee31673ad078480a55dcf77ed0d5a2e25a87ef8ce0

SHA512
8674dcaf1fd12235a0dc42b41481fe67f1819b5206d3bbb47b7f15f4182a5b7131d5ac6b9b5f5b632add320186ab9bbc9aa0f3cced905c47781e9a06ff9d3123

Download Submit
C:\Windows\System\iMrHSbt.exe

Filesize
1.9MB

MD5
f995c7cbcf5dd1e89a1a9bfa80f5b13f

SHA1
b0f86d27f704a39f2e9d9163ae78bcc874912c45

SHA256
86bcb89ea9133b737d7a20839e2c9eabc481ad93e17782e211d8292dce76ac96

SHA512
40eb9d7710f8f56430177d18738a39d854971cf7f38aa69ad33e4fd277aae664bbcc083e42fae0d0fa782ba6c35b7d4487e6c29f892f88a4a1d7443795ce88f0

Download Submit
C:\Windows\System\iMrHSbt.exe

Filesize
1.8MB

MD5
17c8dd490d815154eef881540ec37c9f

SHA1
aff7d3822e2c6a329097e3fdf094b063fda50460

SHA256
2a251b0cf3c7f031b63f2a2119d8d0ff801c87f2b226337999e353d5c97707d4

SHA512
32f3651894bd6710a1442bbd88f9b54525ef35e14111e2d2312ed4ebe904b5dae6cc5e0129fe86ec447640c0a6f26bb1fd681b03b8ca12e231ad34dadefb6a45

Download Submit
C:\Windows\System\igHfwYy.exe

Filesize
1.9MB

MD5
f0c9836e4e95bed2b65beb22ae42487f

SHA1
02ef1e2c814d54ded32ed3cd8c3ad4742fd29890

SHA256
af82d0bcd229dd3a0ad49c2a46acce8cdfcb5aa831e608b66547fa665a363d1e

SHA512
4ef137b016a57899d1aa4a2301032215246120092229b902f8406758b079446f23ad4c4fd8e6915d8f6080853d913221b10f812938c8ad2ffe82b6c4208b6460

Download Submit
C:\Windows\System\ojLecAD.exe

Filesize
8B

MD5
3277aa72bb7d7f1eb1043502fbd1c406

SHA1
8712dca2f3fbc82bf0cbbeecdc5d6a26c87f443c

SHA256
e94b62f30c9ce8b0b5cea14d4367a52fe08005d1bd56ca932a1fd7fc15c61bc9

SHA512
9fb0369549dba8937fb796cbc4ade6bacf540f10f98e02675f1b04c615cbb49e396cdbd25cd29de56c7bfb889c8464199939a84fa31434a75c020caeb4f9f503

Download Submit
C:\Windows\System\pyqnYBC.exe

Filesize
1.9MB

MD5
cddfcbb1121cd2a2d8a13ffb92ae4f3a

SHA1
219b6587637fb4b0b78cefaf5d8d894ec8ca49a3

SHA256
ce7716295a7631d5e111b20369654e0769900daae2a25ad7e8a2c299440c7c0b

SHA512
a8cb6fca30067d359c8e26f385b67de73c6a6cf3d93f05463fae7f46ac0f3818e8c0f1a36669b3f0abd24534950be7d8363826604016ebcc5c410f9b1268470c

Download Submit
C:\Windows\System\qOFaXDB.exe

Filesize
1.9MB

MD5
43c62b23fbc4860a57e42165b7de0523

SHA1
f2e779e60eb4c8015c79779b71ea935251f4ffb4

SHA256
4ea40149c4e5a8072332d8814b5376a213e4ac14e4500acd0dd7a9c863a18334

SHA512
dfeb51b3b5df551d67ec1ee0e15753550211b86c9e5353d13d7189d6c356c354585879340349ff3cfebff80b6cb319807b513f3dedf7fae695c55c5f6ba9851f

Download Submit
C:\Windows\System\qOFaXDB.exe

Filesize
1.9MB

MD5
5a175fa99815d3f333e36497a4e942fc

SHA1
457c77b18fec6f4ec0f0246d55ff27cf1871ae1f

SHA256
ea7f036deab8fa6e65baf263db422fc0cb03e7247e5e1ae9d913ea63cf968e7f

SHA512
d93a89648406cd6ed3c69f99477af1794b872870e9b96f61793c5636a19bc902ba9e04f1dbeaf30a88d99e8a22842e8790fa5e2b9f4922dfd44ae76c6815503f

Download Submit
C:\Windows\System\qdIwGCX.exe

Filesize
1.9MB

MD5
6c77e79503f655ae5163a060dad327f1

SHA1
c8b6cab910cbb9ed99dd0c2b057181d2fb26141a

SHA256
fb16f85eec2eadf8343931ca9397a34e97f86ab35fbe09dc46b15d874a6dcd5b

SHA512
24fa9809d9458b4b2f4b1fdaee87f74e4953cb791ac88a65199bcca799f89e68b24ca42808cfca2086925d4056f91b0b827a05e754cdec5b5a1bc8f772c0bda9

Download Submit
C:\Windows\System\rnqivgN.exe

Filesize
1.9MB

MD5
90e0388a1fccbe4e9d6ae9946821ec9b

SHA1
6aeac48574c593d189a78f1d42e84417516e1447

SHA256
81fc4d961cf2fc530497b603a3eddbafe167235e98f9ae75efdf544ab2327823

SHA512
053bcd03224b043b495258837b3974fd714558efae135c81fe8e8de1ba50e4379b339291fad342abc12fbfd66fac65c3cee15c0fe0439ff08aef459cef1bffa5

Download Submit
C:\Windows\System\sPtRdaE.exe

Filesize
1.9MB

MD5
b8023a191dabc2d51283ace44d3a30fc

SHA1
71db0ff20744570d83f5a819b4a42ff995527782

SHA256
43f7025e483ce1a7960cbe2d467f76be65804fcdad309af036cf3735daa43048

SHA512
1b11cf796e8f76aaca86d2bfde256d518ce3677e9348fc9576b02367d3073ef1e8488ebfb21d726c8e481978e4c0e1eedbae49df39e56c2421af296f86cf7304

Download Submit
C:\Windows\System\tfRyDyS.exe

Filesize
1.9MB

MD5
cac98ddda784cfea96e0c4e44e9b1b2c

SHA1
e048520fc536435a9c37ded361ceac6b2ff2c0fa

SHA256
8e1022d87f13adb6d97ac0041527faa89e36ebeb5a025d2804c9eb661e0f529f

SHA512
942902ef51115fe5bec0930ce18304fc0f103754e6b8b6efff924affe14f56c9e261f924c913ebb4b21104b670303076c0761f08491e32d34bab5753137eb62a

Download Submit
C:\Windows\System\toiYTcb.exe

Filesize
1.9MB

MD5
389980affa16c739670c0a389538c23b

SHA1
d95c791e767819e6b020f8dec8e720cd9cc7620f

SHA256
20830f8dcae1f60cfd1b042f2e2fc72a424a38ad4e2fbbf327043ce9c4ecfba9

SHA512
86c7df54eea2ec6b9e600fdf46ca460e8a6a75ef99a1922897ee6778a35fdad7c13a0259c9a70ee3181cd5645cfd1bbcaf1790676441e6e7bd202db258dbfad1

Download Submit
C:\Windows\System\wwWjBaY.exe

Filesize
1.9MB

MD5
dc196476518a122368c22cb761687456

SHA1
f251b20dea5de7dfefccd6dc67d002146de16392

SHA256
153f69ca371cacd925ad107e9ae42f730a5bd0f20175c5232ed35b1938e7d54e

SHA512
f6aee5f4200e862fb69dec1d32cfdc124200a24f30a0acc20b284e1e7a7d064e8e09dab9412bdc1b543f27b97f88ccc77e18ccdda85faab3ba08099d90ab42f1

Download Submit
memory/372-68-0x00007FF75FBE0000-0x00007FF75FFD2000-memory.dmp

Filesize
3.9MB

Download
memory/372-2185-0x00007FF75FBE0000-0x00007FF75FFD2000-memory.dmp

Filesize
3.9MB

Download
memory/396-121-0x00007FF682B30000-0x00007FF682F22000-memory.dmp

Filesize
3.9MB

Download
memory/396-2211-0x00007FF682B30000-0x00007FF682F22000-memory.dmp

Filesize
3.9MB

Download
memory/396-2119-0x00007FF682B30000-0x00007FF682F22000-memory.dmp

Filesize
3.9MB

Download
memory/924-51-0x00007FF629550000-0x00007FF629942000-memory.dmp

Filesize
3.9MB

Download
memory/924-2173-0x00007FF629550000-0x00007FF629942000-memory.dmp

Filesize
3.9MB

Download
memory/1008-2175-0x00007FF7F3230000-0x00007FF7F3622000-memory.dmp

Filesize
3.9MB

Download
memory/1008-31-0x00007FF7F3230000-0x00007FF7F3622000-memory.dmp

Filesize
3.9MB

Download
memory/1472-44-0x00007FF70CB60000-0x00007FF70CF52000-memory.dmp

Filesize
3.9MB

Download
memory/1472-2177-0x00007FF70CB60000-0x00007FF70CF52000-memory.dmp

Filesize
3.9MB

Download
memory/1920-361-0x000001ABA4B00000-0x000001ABA52A6000-memory.dmp

Filesize
7.6MB

Download
memory/1920-40-0x000001ABA3AB0000-0x000001ABA3AD2000-memory.dmp

Filesize
136KB

Download
memory/1920-23-0x00007FFBE3890000-0x00007FFBE4351000-memory.dmp

Filesize
10.8MB

Download
memory/1920-28-0x000001ABA3B90000-0x000001ABA3BA0000-memory.dmp

Filesize
64KB

Download
memory/2276-2149-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp

Filesize
3.9MB

Download
memory/2276-2213-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp

Filesize
3.9MB

Download
memory/2276-137-0x00007FF6355C0000-0x00007FF6359B2000-memory.dmp

Filesize
3.9MB

Download
memory/3020-209-0x00007FF65DF80000-0x00007FF65E372000-memory.dmp

Filesize
3.9MB

Download
memory/3020-2209-0x00007FF65DF80000-0x00007FF65E372000-memory.dmp

Filesize
3.9MB

Download
memory/3724-164-0x00007FF73E310000-0x00007FF73E702000-memory.dmp

Filesize
3.9MB

Download
memory/3724-2189-0x00007FF73E310000-0x00007FF73E702000-memory.dmp

Filesize
3.9MB

Download
memory/3756-196-0x00007FF7323A0000-0x00007FF732792000-memory.dmp

Filesize
3.9MB

Download
memory/3756-2193-0x00007FF7323A0000-0x00007FF732792000-memory.dmp

Filesize
3.9MB

Download
memory/4120-2118-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp

Filesize
3.9MB

Download
memory/4120-100-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp

Filesize
3.9MB

Download
memory/4120-2206-0x00007FF6A64A0000-0x00007FF6A6892000-memory.dmp

Filesize
3.9MB

Download
memory/4492-151-0x00007FF71D430000-0x00007FF71D822000-memory.dmp

Filesize
3.9MB

Download
memory/4492-2198-0x00007FF71D430000-0x00007FF71D822000-memory.dmp

Filesize
3.9MB

Download
memory/4504-2199-0x00007FF73ED10000-0x00007FF73F102000-memory.dmp

Filesize
3.9MB

Download
memory/4504-142-0x00007FF73ED10000-0x00007FF73F102000-memory.dmp

Filesize
3.9MB

Download
memory/4508-2208-0x00007FF712280000-0x00007FF712672000-memory.dmp

Filesize
3.9MB

Download
memory/4508-131-0x00007FF712280000-0x00007FF712672000-memory.dmp

Filesize
3.9MB

Download
memory/4516-77-0x00007FF7B8240000-0x00007FF7B8632000-memory.dmp

Filesize
3.9MB

Download
memory/4516-2183-0x00007FF7B8240000-0x00007FF7B8632000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2191-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp

Filesize
3.9MB

Download
memory/4712-88-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2117-0x00007FF7376D0000-0x00007FF737AC2000-memory.dmp

Filesize
3.9MB

Download
memory/5008-2181-0x00007FF7889D0000-0x00007FF788DC2000-memory.dmp

Filesize
3.9MB

Download
memory/5008-63-0x00007FF7889D0000-0x00007FF788DC2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-185-0x00007FF66E540000-0x00007FF66E932000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2202-0x00007FF66E540000-0x00007FF66E932000-memory.dmp

Filesize
3.9MB

Download
memory/5072-0-0x00007FF625100000-0x00007FF6254F2000-memory.dmp

Filesize
3.9MB

Download
memory/5072-1-0x00000203DAA60000-0x00000203DAA70000-memory.dmp

Filesize
64KB

Download
memory/5096-2179-0x00007FF763BF0000-0x00007FF763FE2000-memory.dmp

Filesize
3.9MB

Download
memory/5096-61-0x00007FF763BF0000-0x00007FF763FE2000-memory.dmp

Filesize
3.9MB

Download
memory/5728-2203-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp

Filesize
3.9MB

Download
memory/5728-127-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp

Filesize
3.9MB

Download
memory/5888-179-0x00007FF6AF310000-0x00007FF6AF702000-memory.dmp

Filesize
3.9MB

Download
memory/5888-2188-0x00007FF6AF310000-0x00007FF6AF702000-memory.dmp

Filesize
3.9MB

Download
memory/5996-2195-0x00007FF63EA10000-0x00007FF63EE02000-memory.dmp

Filesize
3.9MB

Download
memory/5996-198-0x00007FF63EA10000-0x00007FF63EE02000-memory.dmp

Filesize
3.9MB

Download