xmrig | 3aed581c952f55928cacc70d7de32a8c534a9bbb98ae916a2dd6b978c7e3dcfc

Analysis

max time kernel
21s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 02:33

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
Size

1.9MB
MD5

06a1e040a8e665181a1d3465192a9034
SHA1

36a8806d0ac5dd8c4305f04a5f6de1e1c6cbc49c
SHA256

3aed581c952f55928cacc70d7de32a8c534a9bbb98ae916a2dd6b978c7e3dcfc
SHA512

c3196ff1b3cf5e2051f5a8c26519a700d3c220c48a5d30dbb026dc9d4d48492096e012b7cdeb2bd05e6925cd44575435925628ac26d912ff7d27870bf4b1341d
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4p/pOX:NABy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 18 IoCs

miner

resource	yara_rule
behavioral2/memory/632-19-0x00007FF6C7A90000-0x00007FF6C7E82000-memory.dmp	xmrig
behavioral2/memory/2452-58-0x00007FF7BEDB0000-0x00007FF7BF1A2000-memory.dmp	xmrig
behavioral2/memory/2952-324-0x00007FF719420000-0x00007FF719812000-memory.dmp	xmrig
behavioral2/memory/2840-326-0x00007FF62F300000-0x00007FF62F6F2000-memory.dmp	xmrig
behavioral2/memory/4972-327-0x00007FF7D4330000-0x00007FF7D4722000-memory.dmp	xmrig
behavioral2/memory/4380-325-0x00007FF740AD0000-0x00007FF740EC2000-memory.dmp	xmrig
behavioral2/memory/2008-328-0x00007FF7DA4A0000-0x00007FF7DA892000-memory.dmp	xmrig
behavioral2/memory/4584-331-0x00007FF763F70000-0x00007FF764362000-memory.dmp	xmrig
behavioral2/memory/1576-332-0x00007FF7F97E0000-0x00007FF7F9BD2000-memory.dmp	xmrig
behavioral2/memory/4528-333-0x00007FF744050000-0x00007FF744442000-memory.dmp	xmrig
behavioral2/memory/5012-334-0x00007FF7244A0000-0x00007FF724892000-memory.dmp	xmrig
behavioral2/memory/1104-336-0x00007FF7EFBD0000-0x00007FF7EFFC2000-memory.dmp	xmrig
behavioral2/memory/4292-335-0x00007FF6B6500000-0x00007FF6B68F2000-memory.dmp	xmrig
behavioral2/memory/3260-330-0x00007FF713250000-0x00007FF713642000-memory.dmp	xmrig
behavioral2/memory/3720-329-0x00007FF6E0790000-0x00007FF6E0B82000-memory.dmp	xmrig
behavioral2/memory/3712-323-0x00007FF6AD880000-0x00007FF6ADC72000-memory.dmp	xmrig
behavioral2/memory/4232-55-0x00007FF7FBC90000-0x00007FF7FC082000-memory.dmp	xmrig
behavioral2/memory/2316-53-0x00007FF7557F0000-0x00007FF755BE2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1420	powershell.exe
5	1420	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
632	igQvMPI.exe
2316	jsaPNzD.exe
2708	HAdkrDw.exe
4232	wxkKxOH.exe
1220	WoDMscv.exe
3896	CTKpenc.exe
2452	jFqGITU.exe
3712	qjfkQeJ.exe
2952	QfydglY.exe
4380	vruEVuV.exe
2840	KcocUvJ.exe
4972	zvcbsvN.exe
2008	IoJGdji.exe
3720	IkJlMeY.exe
3260	pyjVLOz.exe
4584	XqHgCph.exe
1576	nfOuTRD.exe
4528	ZQXlEdy.exe
5012	SARmVlf.exe
4292	vzwInIV.exe
1104	jkYzBnC.exe
1864	EGqykHm.exe
448	QbpRlCM.exe
2200	mXNcudg.exe
4616	rRcmPQB.exe
680	xmMjNlF.exe
5064	blDxZTs.exe
2628	UgKdLKa.exe
3228	mYZOata.exe
1060	hSYbDRf.exe
2484	nJZDJbY.exe
3480	lMFZLzV.exe
4412	xUxkpVI.exe
3736	KVzTyeU.exe
4092	cFYKtFg.exe
2432	OOvkgyi.exe
4468	FkaJqec.exe
216	gnihpLy.exe
392	usSOmle.exe
3108	MwJlUAx.exe
2880	ZsQnBWZ.exe
4872	WhDgTaW.exe
4424	ovJCMwu.exe
1680	SGdyDqq.exe
4272	xbVqTLj.exe
3476	uhdzBkS.exe
2020	iMuZOoQ.exe
4144	MMxUdjg.exe
2704	eXprgFl.exe
3244	LHieUFX.exe
716	cMcefhM.exe
1972	uNBXLeM.exe
4556	lLkixan.exe
1432	vasaOwv.exe
2088	EZEQKRB.exe
3284	hiSYhsN.exe
3936	hKBJDaK.exe
4940	qLiDAGD.exe
3332	HLyATkg.exe
3620	mvHwInV.exe
740	LmUfzJH.exe
556	fWBEVcw.exe
3472	susnTLr.exe
4684	hNFbteQ.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1472-0-0x00007FF671240000-0x00007FF671632000-memory.dmp	upx
behavioral2/files/0x000800000002343c-5.dat	upx
behavioral2/files/0x0007000000023440-7.dat	upx
behavioral2/files/0x000800000002343f-8.dat	upx
behavioral2/memory/632-19-0x00007FF6C7A90000-0x00007FF6C7E82000-memory.dmp	upx
behavioral2/files/0x0007000000023441-40.dat	upx
behavioral2/files/0x0007000000023444-50.dat	upx
behavioral2/memory/2452-58-0x00007FF7BEDB0000-0x00007FF7BF1A2000-memory.dmp	upx
behavioral2/files/0x0007000000023447-68.dat	upx
behavioral2/files/0x0008000000023445-72.dat	upx
behavioral2/files/0x0007000000023448-78.dat	upx
behavioral2/files/0x000700000002344a-84.dat	upx
behavioral2/files/0x000700000002344c-92.dat	upx
behavioral2/files/0x000700000002344e-110.dat	upx
behavioral2/files/0x0007000000023457-147.dat	upx
behavioral2/files/0x0007000000023459-157.dat	upx
behavioral2/files/0x000700000002345a-170.dat	upx
behavioral2/memory/2952-324-0x00007FF719420000-0x00007FF719812000-memory.dmp	upx
behavioral2/memory/2840-326-0x00007FF62F300000-0x00007FF62F6F2000-memory.dmp	upx
behavioral2/memory/4972-327-0x00007FF7D4330000-0x00007FF7D4722000-memory.dmp	upx
behavioral2/memory/4380-325-0x00007FF740AD0000-0x00007FF740EC2000-memory.dmp	upx
behavioral2/memory/2008-328-0x00007FF7DA4A0000-0x00007FF7DA892000-memory.dmp	upx
behavioral2/memory/4584-331-0x00007FF763F70000-0x00007FF764362000-memory.dmp	upx
behavioral2/memory/1576-332-0x00007FF7F97E0000-0x00007FF7F9BD2000-memory.dmp	upx
behavioral2/memory/4528-333-0x00007FF744050000-0x00007FF744442000-memory.dmp	upx
behavioral2/memory/5012-334-0x00007FF7244A0000-0x00007FF724892000-memory.dmp	upx
behavioral2/memory/1104-336-0x00007FF7EFBD0000-0x00007FF7EFFC2000-memory.dmp	upx
behavioral2/memory/4292-335-0x00007FF6B6500000-0x00007FF6B68F2000-memory.dmp	upx
behavioral2/memory/3260-330-0x00007FF713250000-0x00007FF713642000-memory.dmp	upx
behavioral2/memory/3720-329-0x00007FF6E0790000-0x00007FF6E0B82000-memory.dmp	upx
behavioral2/memory/3712-323-0x00007FF6AD880000-0x00007FF6ADC72000-memory.dmp	upx
behavioral2/files/0x000700000002345e-182.dat	upx
behavioral2/files/0x000700000002345c-180.dat	upx
behavioral2/files/0x000700000002345d-177.dat	upx
behavioral2/files/0x000700000002345b-175.dat	upx
behavioral2/files/0x0007000000023458-160.dat	upx
behavioral2/files/0x0007000000023456-150.dat	upx
behavioral2/files/0x0007000000023455-145.dat	upx
behavioral2/files/0x0007000000023454-140.dat	upx
behavioral2/files/0x0007000000023453-135.dat	upx
behavioral2/files/0x0007000000023452-130.dat	upx
behavioral2/files/0x0007000000023451-125.dat	upx
behavioral2/files/0x0007000000023450-120.dat	upx
behavioral2/files/0x000700000002344f-115.dat	upx
behavioral2/files/0x000700000002344d-105.dat	upx
behavioral2/files/0x000700000002344b-95.dat	upx
behavioral2/files/0x0007000000023449-82.dat	upx
behavioral2/files/0x0008000000023446-66.dat	upx
behavioral2/memory/4232-55-0x00007FF7FBC90000-0x00007FF7FC082000-memory.dmp	upx
behavioral2/memory/2316-53-0x00007FF7557F0000-0x00007FF755BE2000-memory.dmp	upx
behavioral2/memory/3896-52-0x00007FF6F91B0000-0x00007FF6F95A2000-memory.dmp	upx
behavioral2/files/0x0007000000023442-48.dat	upx
behavioral2/files/0x0007000000023443-47.dat	upx
behavioral2/memory/1220-44-0x00007FF72ED50000-0x00007FF72F142000-memory.dmp	upx
behavioral2/memory/2708-38-0x00007FF67A4B0000-0x00007FF67A8A2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xkzvkWg.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\yBwRPjA.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\vXoRyjy.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\yuvFCJQ.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\iNRUJbn.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\vEReAqE.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\ZXdLRXf.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\uUldftt.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\IjeTYIU.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\hLtvAoe.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\yaCnldV.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\ERhkRyp.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\kUhwkxB.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\fJUUPMd.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\nhvhlhq.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\AiqoTFT.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\MkVQhsV.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\iEssAbg.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\DuORCWa.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\iZhsbzN.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\PqcyePp.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\OTXJGgm.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\GHDdmKT.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\QnclJqG.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\JVynzwm.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\LwxuHuN.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\gnihpLy.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\PiAYVMc.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\aXMQjKl.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\qzJjqnJ.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\Klpqhid.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\nWqjZjf.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\xZRdrkp.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\qBcqXkC.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\hlITqiW.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\EilUoFt.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\WNXHHwf.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\zcMeYDf.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\utkHdxp.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\wOTJjDW.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\wHKaAme.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\WCJysWE.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\SGdyDqq.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\jVcLOqM.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\fFonTyw.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\ZjqBaZo.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\XeZySag.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\DJwmhYs.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\ARpvKER.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\jccuekp.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\GzjHVaN.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\JubUTsG.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\IkeKEbg.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\zcPAAtv.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\IVbsjaD.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\ueQjxYi.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\OcZetnI.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\iftTjZN.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\RinSiFD.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\XcuiZGa.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\OyuFcaD.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\FXNsIQe.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\HDGFeab.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
File created	C:\Windows\System\CwyUFQP.exe	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1420	powershell.exe
1420	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1420	powershell.exe
Token: SeLockMemoryPrivilege	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1420	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	83
PID 1472 wrote to memory of 1420	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	83
PID 1472 wrote to memory of 632	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	84
PID 1472 wrote to memory of 632	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	84
PID 1472 wrote to memory of 2316	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	85
PID 1472 wrote to memory of 2316	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	85
PID 1472 wrote to memory of 2708	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	86
PID 1472 wrote to memory of 2708	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	86
PID 1472 wrote to memory of 4232	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	87
PID 1472 wrote to memory of 4232	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	87
PID 1472 wrote to memory of 1220	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	88
PID 1472 wrote to memory of 1220	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	88
PID 1472 wrote to memory of 3896	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	89
PID 1472 wrote to memory of 3896	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	89
PID 1472 wrote to memory of 2452	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	90
PID 1472 wrote to memory of 2452	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	90
PID 1472 wrote to memory of 2952	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	91
PID 1472 wrote to memory of 2952	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	91
PID 1472 wrote to memory of 3712	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	92
PID 1472 wrote to memory of 3712	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	92
PID 1472 wrote to memory of 4380	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	93
PID 1472 wrote to memory of 4380	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	93
PID 1472 wrote to memory of 2840	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	94
PID 1472 wrote to memory of 2840	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	94
PID 1472 wrote to memory of 4972	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	95
PID 1472 wrote to memory of 4972	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	95
PID 1472 wrote to memory of 2008	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	96
PID 1472 wrote to memory of 2008	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	96
PID 1472 wrote to memory of 3720	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	97
PID 1472 wrote to memory of 3720	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	97
PID 1472 wrote to memory of 3260	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	98
PID 1472 wrote to memory of 3260	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	98
PID 1472 wrote to memory of 4584	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	99
PID 1472 wrote to memory of 4584	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	99
PID 1472 wrote to memory of 1576	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	100
PID 1472 wrote to memory of 1576	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	100
PID 1472 wrote to memory of 4528	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	101
PID 1472 wrote to memory of 4528	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	101
PID 1472 wrote to memory of 5012	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	102
PID 1472 wrote to memory of 5012	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	102
PID 1472 wrote to memory of 4292	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	103
PID 1472 wrote to memory of 4292	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	103
PID 1472 wrote to memory of 1104	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	104
PID 1472 wrote to memory of 1104	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	104
PID 1472 wrote to memory of 1864	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	105
PID 1472 wrote to memory of 1864	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	105
PID 1472 wrote to memory of 448	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	106
PID 1472 wrote to memory of 448	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	106
PID 1472 wrote to memory of 2200	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	107
PID 1472 wrote to memory of 2200	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	107
PID 1472 wrote to memory of 4616	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	108
PID 1472 wrote to memory of 4616	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	108
PID 1472 wrote to memory of 680	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	109
PID 1472 wrote to memory of 680	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	109
PID 1472 wrote to memory of 5064	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	110
PID 1472 wrote to memory of 5064	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	110
PID 1472 wrote to memory of 2628	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	111
PID 1472 wrote to memory of 2628	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	111
PID 1472 wrote to memory of 3228	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	112
PID 1472 wrote to memory of 3228	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	112
PID 1472 wrote to memory of 1060	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	113
PID 1472 wrote to memory of 1060	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	113
PID 1472 wrote to memory of 2484	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	114
PID 1472 wrote to memory of 2484	1472	06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06a1e040a8e665181a1d3465192a9034_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1420
- C:\Windows\System\igQvMPI.exe
  C:\Windows\System\igQvMPI.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\jsaPNzD.exe
  C:\Windows\System\jsaPNzD.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\HAdkrDw.exe
  C:\Windows\System\HAdkrDw.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\wxkKxOH.exe
  C:\Windows\System\wxkKxOH.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\WoDMscv.exe
  C:\Windows\System\WoDMscv.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\CTKpenc.exe
  C:\Windows\System\CTKpenc.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\jFqGITU.exe
  C:\Windows\System\jFqGITU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\QfydglY.exe
  C:\Windows\System\QfydglY.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\qjfkQeJ.exe
  C:\Windows\System\qjfkQeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\vruEVuV.exe
  C:\Windows\System\vruEVuV.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\KcocUvJ.exe
  C:\Windows\System\KcocUvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\zvcbsvN.exe
  C:\Windows\System\zvcbsvN.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\IoJGdji.exe
  C:\Windows\System\IoJGdji.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\IkJlMeY.exe
  C:\Windows\System\IkJlMeY.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\pyjVLOz.exe
  C:\Windows\System\pyjVLOz.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\XqHgCph.exe
  C:\Windows\System\XqHgCph.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\nfOuTRD.exe
  C:\Windows\System\nfOuTRD.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZQXlEdy.exe
  C:\Windows\System\ZQXlEdy.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\SARmVlf.exe
  C:\Windows\System\SARmVlf.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\vzwInIV.exe
  C:\Windows\System\vzwInIV.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\jkYzBnC.exe
  C:\Windows\System\jkYzBnC.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\EGqykHm.exe
  C:\Windows\System\EGqykHm.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\QbpRlCM.exe
  C:\Windows\System\QbpRlCM.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\mXNcudg.exe
  C:\Windows\System\mXNcudg.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\rRcmPQB.exe
  C:\Windows\System\rRcmPQB.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\xmMjNlF.exe
  C:\Windows\System\xmMjNlF.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\blDxZTs.exe
  C:\Windows\System\blDxZTs.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\UgKdLKa.exe
  C:\Windows\System\UgKdLKa.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\mYZOata.exe
  C:\Windows\System\mYZOata.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\hSYbDRf.exe
  C:\Windows\System\hSYbDRf.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\nJZDJbY.exe
  C:\Windows\System\nJZDJbY.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\lMFZLzV.exe
  C:\Windows\System\lMFZLzV.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\xUxkpVI.exe
  C:\Windows\System\xUxkpVI.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\KVzTyeU.exe
  C:\Windows\System\KVzTyeU.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\cFYKtFg.exe
  C:\Windows\System\cFYKtFg.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\OOvkgyi.exe
  C:\Windows\System\OOvkgyi.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\FkaJqec.exe
  C:\Windows\System\FkaJqec.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\gnihpLy.exe
  C:\Windows\System\gnihpLy.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\usSOmle.exe
  C:\Windows\System\usSOmle.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\MwJlUAx.exe
  C:\Windows\System\MwJlUAx.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\ZsQnBWZ.exe
  C:\Windows\System\ZsQnBWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\WhDgTaW.exe
  C:\Windows\System\WhDgTaW.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\ovJCMwu.exe
  C:\Windows\System\ovJCMwu.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\SGdyDqq.exe
  C:\Windows\System\SGdyDqq.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\xbVqTLj.exe
  C:\Windows\System\xbVqTLj.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\uhdzBkS.exe
  C:\Windows\System\uhdzBkS.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\iMuZOoQ.exe
  C:\Windows\System\iMuZOoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\MMxUdjg.exe
  C:\Windows\System\MMxUdjg.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\eXprgFl.exe
  C:\Windows\System\eXprgFl.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\LHieUFX.exe
  C:\Windows\System\LHieUFX.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\cMcefhM.exe
  C:\Windows\System\cMcefhM.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\uNBXLeM.exe
  C:\Windows\System\uNBXLeM.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\lLkixan.exe
  C:\Windows\System\lLkixan.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\vasaOwv.exe
  C:\Windows\System\vasaOwv.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\EZEQKRB.exe
  C:\Windows\System\EZEQKRB.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\hiSYhsN.exe
  C:\Windows\System\hiSYhsN.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\hKBJDaK.exe
  C:\Windows\System\hKBJDaK.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\qLiDAGD.exe
  C:\Windows\System\qLiDAGD.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\HLyATkg.exe
  C:\Windows\System\HLyATkg.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\mvHwInV.exe
  C:\Windows\System\mvHwInV.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\LmUfzJH.exe
  C:\Windows\System\LmUfzJH.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\fWBEVcw.exe
  C:\Windows\System\fWBEVcw.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\susnTLr.exe
  C:\Windows\System\susnTLr.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\hNFbteQ.exe
  C:\Windows\System\hNFbteQ.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\eRmCbof.exe
  C:\Windows\System\eRmCbof.exe
  2⤵
  PID:772
- C:\Windows\System\tHdpubm.exe
  C:\Windows\System\tHdpubm.exe
  2⤵
  PID:4088
- C:\Windows\System\aCADVRV.exe
  C:\Windows\System\aCADVRV.exe
  2⤵
  PID:4924
- C:\Windows\System\mDGTviP.exe
  C:\Windows\System\mDGTviP.exe
  2⤵
  PID:1440
- C:\Windows\System\qTSGdAF.exe
  C:\Windows\System\qTSGdAF.exe
  2⤵
  PID:708
- C:\Windows\System\gLOKDGD.exe
  C:\Windows\System\gLOKDGD.exe
  2⤵
  PID:3468
- C:\Windows\System\uziTxKF.exe
  C:\Windows\System\uziTxKF.exe
  2⤵
  PID:3584
- C:\Windows\System\SMnlBSx.exe
  C:\Windows\System\SMnlBSx.exe
  2⤵
  PID:1580
- C:\Windows\System\DFNUQbY.exe
  C:\Windows\System\DFNUQbY.exe
  2⤵
  PID:3792
- C:\Windows\System\dpKLNID.exe
  C:\Windows\System\dpKLNID.exe
  2⤵
  PID:4964
- C:\Windows\System\JKEJJJY.exe
  C:\Windows\System\JKEJJJY.exe
  2⤵
  PID:4404
- C:\Windows\System\FYFxFgt.exe
  C:\Windows\System\FYFxFgt.exe
  2⤵
  PID:696
- C:\Windows\System\SnvtAZJ.exe
  C:\Windows\System\SnvtAZJ.exe
  2⤵
  PID:1232
- C:\Windows\System\KwEFsgn.exe
  C:\Windows\System\KwEFsgn.exe
  2⤵
  PID:3420
- C:\Windows\System\OMOFqAQ.exe
  C:\Windows\System\OMOFqAQ.exe
  2⤵
  PID:1892
- C:\Windows\System\KCizQcV.exe
  C:\Windows\System\KCizQcV.exe
  2⤵
  PID:464
- C:\Windows\System\VFJzLoU.exe
  C:\Windows\System\VFJzLoU.exe
  2⤵
  PID:760
- C:\Windows\System\gIArkjX.exe
  C:\Windows\System\gIArkjX.exe
  2⤵
  PID:1808
- C:\Windows\System\ExOuBIj.exe
  C:\Windows\System\ExOuBIj.exe
  2⤵
  PID:468
- C:\Windows\System\iQoRorC.exe
  C:\Windows\System\iQoRorC.exe
  2⤵
  PID:4912
- C:\Windows\System\zMwrITZ.exe
  C:\Windows\System\zMwrITZ.exe
  2⤵
  PID:4848
- C:\Windows\System\FnnFqnA.exe
  C:\Windows\System\FnnFqnA.exe
  2⤵
  PID:412
- C:\Windows\System\CYzSsdi.exe
  C:\Windows\System\CYzSsdi.exe
  2⤵
  PID:3192
- C:\Windows\System\QihSrIK.exe
  C:\Windows\System\QihSrIK.exe
  2⤵
  PID:432
- C:\Windows\System\QdgpZrc.exe
  C:\Windows\System\QdgpZrc.exe
  2⤵
  PID:452
- C:\Windows\System\xbwNFLJ.exe
  C:\Windows\System\xbwNFLJ.exe
  2⤵
  PID:3040
- C:\Windows\System\vrACfIF.exe
  C:\Windows\System\vrACfIF.exe
  2⤵
  PID:1504
- C:\Windows\System\jDJyKeX.exe
  C:\Windows\System\jDJyKeX.exe
  2⤵
  PID:2076
- C:\Windows\System\BVPkUdH.exe
  C:\Windows\System\BVPkUdH.exe
  2⤵
  PID:2268
- C:\Windows\System\WsZKlyG.exe
  C:\Windows\System\WsZKlyG.exe
  2⤵
  PID:5148
- C:\Windows\System\jQkBhGs.exe
  C:\Windows\System\jQkBhGs.exe
  2⤵
  PID:5176
- C:\Windows\System\IJiWomi.exe
  C:\Windows\System\IJiWomi.exe
  2⤵
  PID:5200
- C:\Windows\System\AJXqUjD.exe
  C:\Windows\System\AJXqUjD.exe
  2⤵
  PID:5216
- C:\Windows\System\cxRpblB.exe
  C:\Windows\System\cxRpblB.exe
  2⤵
  PID:5280
- C:\Windows\System\nATVQee.exe
  C:\Windows\System\nATVQee.exe
  2⤵
  PID:5296
- C:\Windows\System\UtwnaLa.exe
  C:\Windows\System\UtwnaLa.exe
  2⤵
  PID:5324
- C:\Windows\System\CzbdZiZ.exe
  C:\Windows\System\CzbdZiZ.exe
  2⤵
  PID:5348
- C:\Windows\System\MvxERLN.exe
  C:\Windows\System\MvxERLN.exe
  2⤵
  PID:5384
- C:\Windows\System\ttcAYop.exe
  C:\Windows\System\ttcAYop.exe
  2⤵
  PID:5404
- C:\Windows\System\xPBsCzv.exe
  C:\Windows\System\xPBsCzv.exe
  2⤵
  PID:5428
- C:\Windows\System\PwHTKBn.exe
  C:\Windows\System\PwHTKBn.exe
  2⤵
  PID:5492
- C:\Windows\System\avIkOsi.exe
  C:\Windows\System\avIkOsi.exe
  2⤵
  PID:5528
- C:\Windows\System\wZINwis.exe
  C:\Windows\System\wZINwis.exe
  2⤵
  PID:5564
- C:\Windows\System\JhLpOyR.exe
  C:\Windows\System\JhLpOyR.exe
  2⤵
  PID:5588
- C:\Windows\System\LUAdDrT.exe
  C:\Windows\System\LUAdDrT.exe
  2⤵
  PID:5612
- C:\Windows\System\cQFMTVf.exe
  C:\Windows\System\cQFMTVf.exe
  2⤵
  PID:5640
- C:\Windows\System\ieDrJGQ.exe
  C:\Windows\System\ieDrJGQ.exe
  2⤵
  PID:5664
- C:\Windows\System\dPTtyOc.exe
  C:\Windows\System\dPTtyOc.exe
  2⤵
  PID:5680
- C:\Windows\System\EtXjrBT.exe
  C:\Windows\System\EtXjrBT.exe
  2⤵
  PID:5708
- C:\Windows\System\yNTrwJN.exe
  C:\Windows\System\yNTrwJN.exe
  2⤵
  PID:5748
- C:\Windows\System\WSkyDGN.exe
  C:\Windows\System\WSkyDGN.exe
  2⤵
  PID:5768
- C:\Windows\System\cWQXLXB.exe
  C:\Windows\System\cWQXLXB.exe
  2⤵
  PID:5812
- C:\Windows\System\yXHcvbY.exe
  C:\Windows\System\yXHcvbY.exe
  2⤵
  PID:5832
- C:\Windows\System\aXMQjKl.exe
  C:\Windows\System\aXMQjKl.exe
  2⤵
  PID:5884
- C:\Windows\System\ycbBDKl.exe
  C:\Windows\System\ycbBDKl.exe
  2⤵
  PID:5908
- C:\Windows\System\LGuqKqQ.exe
  C:\Windows\System\LGuqKqQ.exe
  2⤵
  PID:5932
- C:\Windows\System\bYOkpgI.exe
  C:\Windows\System\bYOkpgI.exe
  2⤵
  PID:5952
- C:\Windows\System\LMTUPzT.exe
  C:\Windows\System\LMTUPzT.exe
  2⤵
  PID:5996
- C:\Windows\System\IgcvzZs.exe
  C:\Windows\System\IgcvzZs.exe
  2⤵
  PID:6032
- C:\Windows\System\hojqBCY.exe
  C:\Windows\System\hojqBCY.exe
  2⤵
  PID:6048
- C:\Windows\System\ikRFawB.exe
  C:\Windows\System\ikRFawB.exe
  2⤵
  PID:6068
- C:\Windows\System\haDUMjh.exe
  C:\Windows\System\haDUMjh.exe
  2⤵
  PID:6084
- C:\Windows\System\eGXgzrr.exe
  C:\Windows\System\eGXgzrr.exe
  2⤵
  PID:6116
- C:\Windows\System\OJBqUOc.exe
  C:\Windows\System\OJBqUOc.exe
  2⤵
  PID:1512
- C:\Windows\System\AurzxXB.exe
  C:\Windows\System\AurzxXB.exe
  2⤵
  PID:1692
- C:\Windows\System\WNXHHwf.exe
  C:\Windows\System\WNXHHwf.exe
  2⤵
  PID:5128
- C:\Windows\System\kyMaVkE.exe
  C:\Windows\System\kyMaVkE.exe
  2⤵
  PID:2160
- C:\Windows\System\OihVgxf.exe
  C:\Windows\System\OihVgxf.exe
  2⤵
  PID:5196
- C:\Windows\System\xZRdrkp.exe
  C:\Windows\System\xZRdrkp.exe
  2⤵
  PID:5288
- C:\Windows\System\DjMQLAF.exe
  C:\Windows\System\DjMQLAF.exe
  2⤵
  PID:5236
- C:\Windows\System\JHIWhxS.exe
  C:\Windows\System\JHIWhxS.exe
  2⤵
  PID:5340
- C:\Windows\System\uQYAckj.exe
  C:\Windows\System\uQYAckj.exe
  2⤵
  PID:5468
- C:\Windows\System\OAawKKg.exe
  C:\Windows\System\OAawKKg.exe
  2⤵
  PID:5488
- C:\Windows\System\vLyFiDf.exe
  C:\Windows\System\vLyFiDf.exe
  2⤵
  PID:5584
- C:\Windows\System\vkZdkLx.exe
  C:\Windows\System\vkZdkLx.exe
  2⤵
  PID:5600
- C:\Windows\System\WeYZiUW.exe
  C:\Windows\System\WeYZiUW.exe
  2⤵
  PID:5756
- C:\Windows\System\EBCEozq.exe
  C:\Windows\System\EBCEozq.exe
  2⤵
  PID:5828
- C:\Windows\System\tdWqXoW.exe
  C:\Windows\System\tdWqXoW.exe
  2⤵
  PID:5900
- C:\Windows\System\dXXFpwB.exe
  C:\Windows\System\dXXFpwB.exe
  2⤵
  PID:5940
- C:\Windows\System\oJuWwaE.exe
  C:\Windows\System\oJuWwaE.exe
  2⤵
  PID:5988
- C:\Windows\System\VLqnCtN.exe
  C:\Windows\System\VLqnCtN.exe
  2⤵
  PID:6040
- C:\Windows\System\eIeANOZ.exe
  C:\Windows\System\eIeANOZ.exe
  2⤵
  PID:6096
- C:\Windows\System\llfKODy.exe
  C:\Windows\System\llfKODy.exe
  2⤵
  PID:1960
- C:\Windows\System\BGSkohb.exe
  C:\Windows\System\BGSkohb.exe
  2⤵
  PID:5272
- C:\Windows\System\pzJvtFJ.exe
  C:\Windows\System\pzJvtFJ.exe
  2⤵
  PID:5276
- C:\Windows\System\almaabi.exe
  C:\Windows\System\almaabi.exe
  2⤵
  PID:5424
- C:\Windows\System\NRvQCWP.exe
  C:\Windows\System\NRvQCWP.exe
  2⤵
  PID:5580
- C:\Windows\System\FXNsIQe.exe
  C:\Windows\System\FXNsIQe.exe
  2⤵
  PID:5724
- C:\Windows\System\KCfpJhU.exe
  C:\Windows\System\KCfpJhU.exe
  2⤵
  PID:5852
- C:\Windows\System\EvkTiwk.exe
  C:\Windows\System\EvkTiwk.exe
  2⤵
  PID:6028
- C:\Windows\System\PjkWeBN.exe
  C:\Windows\System\PjkWeBN.exe
  2⤵
  PID:1468
- C:\Windows\System\KXexxEQ.exe
  C:\Windows\System\KXexxEQ.exe
  2⤵
  PID:3616
- C:\Windows\System\gdwKQGF.exe
  C:\Windows\System\gdwKQGF.exe
  2⤵
  PID:5688
- C:\Windows\System\QbcPasx.exe
  C:\Windows\System\QbcPasx.exe
  2⤵
  PID:5820
- C:\Windows\System\kEdgskY.exe
  C:\Windows\System\kEdgskY.exe
  2⤵
  PID:6064
- C:\Windows\System\Owozyyx.exe
  C:\Windows\System\Owozyyx.exe
  2⤵
  PID:2004
- C:\Windows\System\dDaNiwF.exe
  C:\Windows\System\dDaNiwF.exe
  2⤵
  PID:6148
- C:\Windows\System\RsInlEf.exe
  C:\Windows\System\RsInlEf.exe
  2⤵
  PID:6168
- C:\Windows\System\pNroEfH.exe
  C:\Windows\System\pNroEfH.exe
  2⤵
  PID:6184
- C:\Windows\System\ywToKjO.exe
  C:\Windows\System\ywToKjO.exe
  2⤵
  PID:6224
- C:\Windows\System\eYbRSCc.exe
  C:\Windows\System\eYbRSCc.exe
  2⤵
  PID:6240
- C:\Windows\System\mkzupOc.exe
  C:\Windows\System\mkzupOc.exe
  2⤵
  PID:6276
- C:\Windows\System\CLQcORN.exe
  C:\Windows\System\CLQcORN.exe
  2⤵
  PID:6336
- C:\Windows\System\djiPCPb.exe
  C:\Windows\System\djiPCPb.exe
  2⤵
  PID:6380
- C:\Windows\System\DJBkGLo.exe
  C:\Windows\System\DJBkGLo.exe
  2⤵
  PID:6412
- C:\Windows\System\FsyIJLd.exe
  C:\Windows\System\FsyIJLd.exe
  2⤵
  PID:6432
- C:\Windows\System\UmnHZRV.exe
  C:\Windows\System\UmnHZRV.exe
  2⤵
  PID:6476
- C:\Windows\System\GtfVBFE.exe
  C:\Windows\System\GtfVBFE.exe
  2⤵
  PID:6516
- C:\Windows\System\YTyIbwx.exe
  C:\Windows\System\YTyIbwx.exe
  2⤵
  PID:6532
- C:\Windows\System\QLjezRg.exe
  C:\Windows\System\QLjezRg.exe
  2⤵
  PID:6580
- C:\Windows\System\fhHDWEZ.exe
  C:\Windows\System\fhHDWEZ.exe
  2⤵
  PID:6604
- C:\Windows\System\lpcdEZO.exe
  C:\Windows\System\lpcdEZO.exe
  2⤵
  PID:6632
- C:\Windows\System\ucTlKfo.exe
  C:\Windows\System\ucTlKfo.exe
  2⤵
  PID:6652
- C:\Windows\System\XVNMyPE.exe
  C:\Windows\System\XVNMyPE.exe
  2⤵
  PID:6684
- C:\Windows\System\iLlmFXl.exe
  C:\Windows\System\iLlmFXl.exe
  2⤵
  PID:6704
- C:\Windows\System\WAiMumW.exe
  C:\Windows\System\WAiMumW.exe
  2⤵
  PID:6736
- C:\Windows\System\GROWSJI.exe
  C:\Windows\System\GROWSJI.exe
  2⤵
  PID:6772
- C:\Windows\System\CJSUYiK.exe
  C:\Windows\System\CJSUYiK.exe
  2⤵
  PID:6792
- C:\Windows\System\ikAsufc.exe
  C:\Windows\System\ikAsufc.exe
  2⤵
  PID:6828
- C:\Windows\System\sVeApUN.exe
  C:\Windows\System\sVeApUN.exe
  2⤵
  PID:6852
- C:\Windows\System\dXRVXpJ.exe
  C:\Windows\System\dXRVXpJ.exe
  2⤵
  PID:6896
- C:\Windows\System\AnRkHFo.exe
  C:\Windows\System\AnRkHFo.exe
  2⤵
  PID:6920
- C:\Windows\System\WPLdsrb.exe
  C:\Windows\System\WPLdsrb.exe
  2⤵
  PID:6948
- C:\Windows\System\pqhatAf.exe
  C:\Windows\System\pqhatAf.exe
  2⤵
  PID:6968
- C:\Windows\System\QhLTmLl.exe
  C:\Windows\System\QhLTmLl.exe
  2⤵
  PID:7000
- C:\Windows\System\zsnemtG.exe
  C:\Windows\System\zsnemtG.exe
  2⤵
  PID:7028
- C:\Windows\System\GSXCdKz.exe
  C:\Windows\System\GSXCdKz.exe
  2⤵
  PID:7044
- C:\Windows\System\FjsRFvG.exe
  C:\Windows\System\FjsRFvG.exe
  2⤵
  PID:7072
- C:\Windows\System\vMmBzdH.exe
  C:\Windows\System\vMmBzdH.exe
  2⤵
  PID:7092
- C:\Windows\System\XRiNCln.exe
  C:\Windows\System\XRiNCln.exe
  2⤵
  PID:7148
- C:\Windows\System\ZdIAqIp.exe
  C:\Windows\System\ZdIAqIp.exe
  2⤵
  PID:5976
- C:\Windows\System\TJvdoyr.exe
  C:\Windows\System\TJvdoyr.exe
  2⤵
  PID:5256
- C:\Windows\System\HKvGClL.exe
  C:\Windows\System\HKvGClL.exe
  2⤵
  PID:6236
- C:\Windows\System\LAFECsY.exe
  C:\Windows\System\LAFECsY.exe
  2⤵
  PID:6216
- C:\Windows\System\WCpixOM.exe
  C:\Windows\System\WCpixOM.exe
  2⤵
  PID:6348
- C:\Windows\System\GKlSkyo.exe
  C:\Windows\System\GKlSkyo.exe
  2⤵
  PID:6372
- C:\Windows\System\iPJSYTc.exe
  C:\Windows\System\iPJSYTc.exe
  2⤵
  PID:6428
- C:\Windows\System\zbqjQCV.exe
  C:\Windows\System\zbqjQCV.exe
  2⤵
  PID:6508
- C:\Windows\System\EgyCMSc.exe
  C:\Windows\System\EgyCMSc.exe
  2⤵
  PID:6576
- C:\Windows\System\LIpKGCT.exe
  C:\Windows\System\LIpKGCT.exe
  2⤵
  PID:6612
- C:\Windows\System\UKVixiR.exe
  C:\Windows\System\UKVixiR.exe
  2⤵
  PID:6692
- C:\Windows\System\duxVxDZ.exe
  C:\Windows\System\duxVxDZ.exe
  2⤵
  PID:6788
- C:\Windows\System\lCpAWql.exe
  C:\Windows\System\lCpAWql.exe
  2⤵
  PID:6784
- C:\Windows\System\muSokid.exe
  C:\Windows\System\muSokid.exe
  2⤵
  PID:4068
- C:\Windows\System\jWeDoxX.exe
  C:\Windows\System\jWeDoxX.exe
  2⤵
  PID:6912
- C:\Windows\System\jmwUjWu.exe
  C:\Windows\System\jmwUjWu.exe
  2⤵
  PID:6960
- C:\Windows\System\JoIVsDv.exe
  C:\Windows\System\JoIVsDv.exe
  2⤵
  PID:1844
- C:\Windows\System\LYnIPGB.exe
  C:\Windows\System\LYnIPGB.exe
  2⤵
  PID:7084
- C:\Windows\System\foOPSXo.exe
  C:\Windows\System\foOPSXo.exe
  2⤵
  PID:7140
- C:\Windows\System\QjzxyUj.exe
  C:\Windows\System\QjzxyUj.exe
  2⤵
  PID:6176
- C:\Windows\System\JvNEXJR.exe
  C:\Windows\System\JvNEXJR.exe
  2⤵
  PID:6304
- C:\Windows\System\qrNakUp.exe
  C:\Windows\System\qrNakUp.exe
  2⤵
  PID:6404
- C:\Windows\System\RIDeAdY.exe
  C:\Windows\System\RIDeAdY.exe
  2⤵
  PID:6528
- C:\Windows\System\PGMtRTI.exe
  C:\Windows\System\PGMtRTI.exe
  2⤵
  PID:2228
- C:\Windows\System\JRhfGQT.exe
  C:\Windows\System\JRhfGQT.exe
  2⤵
  PID:6696
- C:\Windows\System\KfJmqlJ.exe
  C:\Windows\System\KfJmqlJ.exe
  2⤵
  PID:6780
- C:\Windows\System\VXaDkPi.exe
  C:\Windows\System\VXaDkPi.exe
  2⤵
  PID:6936
- C:\Windows\System\PfdpOaA.exe
  C:\Windows\System\PfdpOaA.exe
  2⤵
  PID:7088
- C:\Windows\System\aMMdGkP.exe
  C:\Windows\System\aMMdGkP.exe
  2⤵
  PID:4112
- C:\Windows\System\nWqjZjf.exe
  C:\Windows\System\nWqjZjf.exe
  2⤵
  PID:6488
- C:\Windows\System\WNsibfn.exe
  C:\Windows\System\WNsibfn.exe
  2⤵
  PID:6824
- C:\Windows\System\ZKyYBwr.exe
  C:\Windows\System\ZKyYBwr.exe
  2⤵
  PID:6456
- C:\Windows\System\FJjKqKV.exe
  C:\Windows\System\FJjKqKV.exe
  2⤵
  PID:7080
- C:\Windows\System\JTkHKFu.exe
  C:\Windows\System\JTkHKFu.exe
  2⤵
  PID:7196
- C:\Windows\System\eoMhcHp.exe
  C:\Windows\System\eoMhcHp.exe
  2⤵
  PID:7240
- C:\Windows\System\pdqtLPv.exe
  C:\Windows\System\pdqtLPv.exe
  2⤵
  PID:7264
- C:\Windows\System\nRllySM.exe
  C:\Windows\System\nRllySM.exe
  2⤵
  PID:7292
- C:\Windows\System\BrLpush.exe
  C:\Windows\System\BrLpush.exe
  2⤵
  PID:7312
- C:\Windows\System\fXNTqMS.exe
  C:\Windows\System\fXNTqMS.exe
  2⤵
  PID:7332
- C:\Windows\System\Lncwqzu.exe
  C:\Windows\System\Lncwqzu.exe
  2⤵
  PID:7376
- C:\Windows\System\mFxVTsT.exe
  C:\Windows\System\mFxVTsT.exe
  2⤵
  PID:7396
- C:\Windows\System\charKKT.exe
  C:\Windows\System\charKKT.exe
  2⤵
  PID:7416
- C:\Windows\System\Edtidxq.exe
  C:\Windows\System\Edtidxq.exe
  2⤵
  PID:7456
- C:\Windows\System\ZWAefzx.exe
  C:\Windows\System\ZWAefzx.exe
  2⤵
  PID:7476
- C:\Windows\System\uNVoPrS.exe
  C:\Windows\System\uNVoPrS.exe
  2⤵
  PID:7500
- C:\Windows\System\QhyFwlC.exe
  C:\Windows\System\QhyFwlC.exe
  2⤵
  PID:7528
- C:\Windows\System\GLmdsUK.exe
  C:\Windows\System\GLmdsUK.exe
  2⤵
  PID:7548
- C:\Windows\System\QQyUYQe.exe
  C:\Windows\System\QQyUYQe.exe
  2⤵
  PID:7572
- C:\Windows\System\SDqxfFD.exe
  C:\Windows\System\SDqxfFD.exe
  2⤵
  PID:7620
- C:\Windows\System\uDRPNlb.exe
  C:\Windows\System\uDRPNlb.exe
  2⤵
  PID:7644
- C:\Windows\System\JBpHGvW.exe
  C:\Windows\System\JBpHGvW.exe
  2⤵
  PID:7668
- C:\Windows\System\bnydrZc.exe
  C:\Windows\System\bnydrZc.exe
  2⤵
  PID:7696
- C:\Windows\System\WIzZBWE.exe
  C:\Windows\System\WIzZBWE.exe
  2⤵
  PID:7724
- C:\Windows\System\kWWZcqZ.exe
  C:\Windows\System\kWWZcqZ.exe
  2⤵
  PID:7740
- C:\Windows\System\lDnogAn.exe
  C:\Windows\System\lDnogAn.exe
  2⤵
  PID:7760
- C:\Windows\System\AlTDYUf.exe
  C:\Windows\System\AlTDYUf.exe
  2⤵
  PID:7808
- C:\Windows\System\uZWzjyE.exe
  C:\Windows\System\uZWzjyE.exe
  2⤵
  PID:7828
- C:\Windows\System\SpNAgwO.exe
  C:\Windows\System\SpNAgwO.exe
  2⤵
  PID:7852
- C:\Windows\System\UkxAjSS.exe
  C:\Windows\System\UkxAjSS.exe
  2⤵
  PID:7876
- C:\Windows\System\DpBhoyH.exe
  C:\Windows\System\DpBhoyH.exe
  2⤵
  PID:7896
- C:\Windows\System\endFjLm.exe
  C:\Windows\System\endFjLm.exe
  2⤵
  PID:7920
- C:\Windows\System\MEEjyoD.exe
  C:\Windows\System\MEEjyoD.exe
  2⤵
  PID:7944
- C:\Windows\System\jXmRXqC.exe
  C:\Windows\System\jXmRXqC.exe
  2⤵
  PID:8048
- C:\Windows\System\aINSOPc.exe
  C:\Windows\System\aINSOPc.exe
  2⤵
  PID:8068
- C:\Windows\System\BukKIct.exe
  C:\Windows\System\BukKIct.exe
  2⤵
  PID:8088
- C:\Windows\System\lVvCPtD.exe
  C:\Windows\System\lVvCPtD.exe
  2⤵
  PID:8116
- C:\Windows\System\opCwHaP.exe
  C:\Windows\System\opCwHaP.exe
  2⤵
  PID:8140
- C:\Windows\System\oivqcnX.exe
  C:\Windows\System\oivqcnX.exe
  2⤵
  PID:8156
- C:\Windows\System\EzwoLpm.exe
  C:\Windows\System\EzwoLpm.exe
  2⤵
  PID:8176
- C:\Windows\System\VLaANRH.exe
  C:\Windows\System\VLaANRH.exe
  2⤵
  PID:6956
- C:\Windows\System\HnhCEnL.exe
  C:\Windows\System\HnhCEnL.exe
  2⤵
  PID:7300
- C:\Windows\System\ftGcvyJ.exe
  C:\Windows\System\ftGcvyJ.exe
  2⤵
  PID:7368
- C:\Windows\System\oeaOFCp.exe
  C:\Windows\System\oeaOFCp.exe
  2⤵
  PID:7432
- C:\Windows\System\xqZVNvc.exe
  C:\Windows\System\xqZVNvc.exe
  2⤵
  PID:7468
- C:\Windows\System\IVbsjaD.exe
  C:\Windows\System\IVbsjaD.exe
  2⤵
  PID:7520
- C:\Windows\System\iIzWKcc.exe
  C:\Windows\System\iIzWKcc.exe
  2⤵
  PID:7568
- C:\Windows\System\eOSgarS.exe
  C:\Windows\System\eOSgarS.exe
  2⤵
  PID:7692
- C:\Windows\System\SyeeGGo.exe
  C:\Windows\System\SyeeGGo.exe
  2⤵
  PID:7756
- C:\Windows\System\VSPOiDQ.exe
  C:\Windows\System\VSPOiDQ.exe
  2⤵
  PID:7848
- C:\Windows\System\vSpcGCt.exe
  C:\Windows\System\vSpcGCt.exe
  2⤵
  PID:7792
- C:\Windows\System\UxpErfO.exe
  C:\Windows\System\UxpErfO.exe
  2⤵
  PID:7884
- C:\Windows\System\hfpCVmm.exe
  C:\Windows\System\hfpCVmm.exe
  2⤵
  PID:8000
- C:\Windows\System\wozupxl.exe
  C:\Windows\System\wozupxl.exe
  2⤵
  PID:8056
- C:\Windows\System\AGqBRRl.exe
  C:\Windows\System\AGqBRRl.exe
  2⤵
  PID:8132
- C:\Windows\System\SWmpLEO.exe
  C:\Windows\System\SWmpLEO.exe
  2⤵
  PID:8164
- C:\Windows\System\aJRDMBp.exe
  C:\Windows\System\aJRDMBp.exe
  2⤵
  PID:1120
- C:\Windows\System\BKdGDQE.exe
  C:\Windows\System\BKdGDQE.exe
  2⤵
  PID:7328
- C:\Windows\System\AXEucSW.exe
  C:\Windows\System\AXEucSW.exe
  2⤵
  PID:7632
- C:\Windows\System\bueKXOr.exe
  C:\Windows\System\bueKXOr.exe
  2⤵
  PID:7780
- C:\Windows\System\MUGQnUm.exe
  C:\Windows\System\MUGQnUm.exe
  2⤵
  PID:7824
- C:\Windows\System\qQwUidR.exe
  C:\Windows\System\qQwUidR.exe
  2⤵
  PID:8152
- C:\Windows\System\IvkdZGn.exe
  C:\Windows\System\IvkdZGn.exe
  2⤵
  PID:7216
- C:\Windows\System\VBNbDzn.exe
  C:\Windows\System\VBNbDzn.exe
  2⤵
  PID:7664
- C:\Windows\System\UyIjJEm.exe
  C:\Windows\System\UyIjJEm.exe
  2⤵
  PID:7932
- C:\Windows\System\tAIVLZe.exe
  C:\Windows\System\tAIVLZe.exe
  2⤵
  PID:8196
- C:\Windows\System\IippBwG.exe
  C:\Windows\System\IippBwG.exe
  2⤵
  PID:8216
- C:\Windows\System\lgEghIl.exe
  C:\Windows\System\lgEghIl.exe
  2⤵
  PID:8288
- C:\Windows\System\ezHXhCL.exe
  C:\Windows\System\ezHXhCL.exe
  2⤵
  PID:8304
- C:\Windows\System\huiozJJ.exe
  C:\Windows\System\huiozJJ.exe
  2⤵
  PID:8324
- C:\Windows\System\VTUNtze.exe
  C:\Windows\System\VTUNtze.exe
  2⤵
  PID:8356
- C:\Windows\System\OYxoWxw.exe
  C:\Windows\System\OYxoWxw.exe
  2⤵
  PID:8396
- C:\Windows\System\zFInHZN.exe
  C:\Windows\System\zFInHZN.exe
  2⤵
  PID:8420
- C:\Windows\System\otTMkYc.exe
  C:\Windows\System\otTMkYc.exe
  2⤵
  PID:8444
- C:\Windows\System\wxObEDV.exe
  C:\Windows\System\wxObEDV.exe
  2⤵
  PID:8484
- C:\Windows\System\kTwHHoT.exe
  C:\Windows\System\kTwHHoT.exe
  2⤵
  PID:8504
- C:\Windows\System\ryXHOXW.exe
  C:\Windows\System\ryXHOXW.exe
  2⤵
  PID:8528
- C:\Windows\System\cCMosHI.exe
  C:\Windows\System\cCMosHI.exe
  2⤵
  PID:8544
- C:\Windows\System\qjqouAK.exe
  C:\Windows\System\qjqouAK.exe
  2⤵
  PID:8576
- C:\Windows\System\tRtvvuP.exe
  C:\Windows\System\tRtvvuP.exe
  2⤵
  PID:8604
- C:\Windows\System\SpEdURI.exe
  C:\Windows\System\SpEdURI.exe
  2⤵
  PID:8648
- C:\Windows\System\rbCKpUX.exe
  C:\Windows\System\rbCKpUX.exe
  2⤵
  PID:8668
- C:\Windows\System\wucQMTX.exe
  C:\Windows\System\wucQMTX.exe
  2⤵
  PID:8684
- C:\Windows\System\oqEwHMb.exe
  C:\Windows\System\oqEwHMb.exe
  2⤵
  PID:8732
- C:\Windows\System\DWvYntd.exe
  C:\Windows\System\DWvYntd.exe
  2⤵
  PID:8756
- C:\Windows\System\wokQzum.exe
  C:\Windows\System\wokQzum.exe
  2⤵
  PID:8772
- C:\Windows\System\tKEMSLm.exe
  C:\Windows\System\tKEMSLm.exe
  2⤵
  PID:8792
- C:\Windows\System\EpovCPc.exe
  C:\Windows\System\EpovCPc.exe
  2⤵
  PID:8820
- C:\Windows\System\PJOalWW.exe
  C:\Windows\System\PJOalWW.exe
  2⤵
  PID:8844
- C:\Windows\System\BbSQMPV.exe
  C:\Windows\System\BbSQMPV.exe
  2⤵
  PID:8872
- C:\Windows\System\HtZSeLF.exe
  C:\Windows\System\HtZSeLF.exe
  2⤵
  PID:8936
- C:\Windows\System\VxFFLxz.exe
  C:\Windows\System\VxFFLxz.exe
  2⤵
  PID:8956
- C:\Windows\System\oozvint.exe
  C:\Windows\System\oozvint.exe
  2⤵
  PID:8972
- C:\Windows\System\pffEFSe.exe
  C:\Windows\System\pffEFSe.exe
  2⤵
  PID:8996
- C:\Windows\System\kApWxmk.exe
  C:\Windows\System\kApWxmk.exe
  2⤵
  PID:9016
- C:\Windows\System\IUtOgDO.exe
  C:\Windows\System\IUtOgDO.exe
  2⤵
  PID:9032
- C:\Windows\System\iUIwhJq.exe
  C:\Windows\System\iUIwhJq.exe
  2⤵
  PID:9064
- C:\Windows\System\AuVHTJU.exe
  C:\Windows\System\AuVHTJU.exe
  2⤵
  PID:9088
- C:\Windows\System\ZtQDfKQ.exe
  C:\Windows\System\ZtQDfKQ.exe
  2⤵
  PID:9144
- C:\Windows\System\ZDNMDtC.exe
  C:\Windows\System\ZDNMDtC.exe
  2⤵
  PID:9164
- C:\Windows\System\IdFtmQE.exe
  C:\Windows\System\IdFtmQE.exe
  2⤵
  PID:9184
- C:\Windows\System\szipIgG.exe
  C:\Windows\System\szipIgG.exe
  2⤵
  PID:7544
- C:\Windows\System\KkIGiBm.exe
  C:\Windows\System\KkIGiBm.exe
  2⤵
  PID:7352
- C:\Windows\System\nIRsEvT.exe
  C:\Windows\System\nIRsEvT.exe
  2⤵
  PID:8272
- C:\Windows\System\faPSXok.exe
  C:\Windows\System\faPSXok.exe
  2⤵
  PID:8320
- C:\Windows\System\ZEIQMuP.exe
  C:\Windows\System\ZEIQMuP.exe
  2⤵
  PID:8392
- C:\Windows\System\eeepoyv.exe
  C:\Windows\System\eeepoyv.exe
  2⤵
  PID:8440
- C:\Windows\System\nvvFLGx.exe
  C:\Windows\System\nvvFLGx.exe
  2⤵
  PID:8520
- C:\Windows\System\oGLxjGd.exe
  C:\Windows\System\oGLxjGd.exe
  2⤵
  PID:8560
- C:\Windows\System\PTianeG.exe
  C:\Windows\System\PTianeG.exe
  2⤵
  PID:8596
- C:\Windows\System\JjDMLET.exe
  C:\Windows\System\JjDMLET.exe
  2⤵
  PID:8644
- C:\Windows\System\kOZZyPY.exe
  C:\Windows\System\kOZZyPY.exe
  2⤵
  PID:8708
- C:\Windows\System\ulqHVvR.exe
  C:\Windows\System\ulqHVvR.exe
  2⤵
  PID:8788
- C:\Windows\System\kKfuWIa.exe
  C:\Windows\System\kKfuWIa.exe
  2⤵
  PID:8856
- C:\Windows\System\TJfYevq.exe
  C:\Windows\System\TJfYevq.exe
  2⤵
  PID:8904
- C:\Windows\System\KFWrAsX.exe
  C:\Windows\System\KFWrAsX.exe
  2⤵
  PID:8944
- C:\Windows\System\QLWlaMk.exe
  C:\Windows\System\QLWlaMk.exe
  2⤵
  PID:8980
- C:\Windows\System\wuUdloQ.exe
  C:\Windows\System\wuUdloQ.exe
  2⤵
  PID:9096
- C:\Windows\System\hdDubIb.exe
  C:\Windows\System\hdDubIb.exe
  2⤵
  PID:7308
- C:\Windows\System\QhoAOZM.exe
  C:\Windows\System\QhoAOZM.exe
  2⤵
  PID:8208
- C:\Windows\System\kWtXVTI.exe
  C:\Windows\System\kWtXVTI.exe
  2⤵
  PID:8348
- C:\Windows\System\qouzZRI.exe
  C:\Windows\System\qouzZRI.exe
  2⤵
  PID:8436
- C:\Windows\System\Fjkzhtj.exe
  C:\Windows\System\Fjkzhtj.exe
  2⤵
  PID:8640
- C:\Windows\System\gOnmSyB.exe
  C:\Windows\System\gOnmSyB.exe
  2⤵
  PID:8784
- C:\Windows\System\LNBcrDD.exe
  C:\Windows\System\LNBcrDD.exe
  2⤵
  PID:8800
- C:\Windows\System\dYOdgPS.exe
  C:\Windows\System\dYOdgPS.exe
  2⤵
  PID:9080
- C:\Windows\System\xUBffdm.exe
  C:\Windows\System\xUBffdm.exe
  2⤵
  PID:9196
- C:\Windows\System\lDVTEtY.exe
  C:\Windows\System\lDVTEtY.exe
  2⤵
  PID:8480
- C:\Windows\System\LGCyWqk.exe
  C:\Windows\System\LGCyWqk.exe
  2⤵
  PID:8536
- C:\Windows\System\ksqmjGV.exe
  C:\Windows\System\ksqmjGV.exe
  2⤵
  PID:8816
- C:\Windows\System\CREizRv.exe
  C:\Windows\System\CREizRv.exe
  2⤵
  PID:9224
- C:\Windows\System\QOgawUQ.exe
  C:\Windows\System\QOgawUQ.exe
  2⤵
  PID:9248
- C:\Windows\System\jIcdbCP.exe
  C:\Windows\System\jIcdbCP.exe
  2⤵
  PID:9300
- C:\Windows\System\GLnbbPm.exe
  C:\Windows\System\GLnbbPm.exe
  2⤵
  PID:9316
- C:\Windows\System\CuAnmqt.exe
  C:\Windows\System\CuAnmqt.exe
  2⤵
  PID:9340
- C:\Windows\System\tobwxKM.exe
  C:\Windows\System\tobwxKM.exe
  2⤵
  PID:9376
- C:\Windows\System\hGatCeL.exe
  C:\Windows\System\hGatCeL.exe
  2⤵
  PID:9428
- C:\Windows\System\nMbqRKa.exe
  C:\Windows\System\nMbqRKa.exe
  2⤵
  PID:9452
- C:\Windows\System\INIWXMa.exe
  C:\Windows\System\INIWXMa.exe
  2⤵
  PID:9476
- C:\Windows\System\ozfkkBC.exe
  C:\Windows\System\ozfkkBC.exe
  2⤵
  PID:9500
- C:\Windows\System\DQJoedG.exe
  C:\Windows\System\DQJoedG.exe
  2⤵
  PID:9544
- C:\Windows\System\CpXKceV.exe
  C:\Windows\System\CpXKceV.exe
  2⤵
  PID:9580
- C:\Windows\System\VcXDAfk.exe
  C:\Windows\System\VcXDAfk.exe
  2⤵
  PID:9596
- C:\Windows\System\CWPveHg.exe
  C:\Windows\System\CWPveHg.exe
  2⤵
  PID:9620
- C:\Windows\System\fmuJRbU.exe
  C:\Windows\System\fmuJRbU.exe
  2⤵
  PID:9648
- C:\Windows\System\FsZBBuh.exe
  C:\Windows\System\FsZBBuh.exe
  2⤵
  PID:9664
- C:\Windows\System\DjeItCR.exe
  C:\Windows\System\DjeItCR.exe
  2⤵
  PID:9684
- C:\Windows\System\qvRWEQh.exe
  C:\Windows\System\qvRWEQh.exe
  2⤵
  PID:9700
- C:\Windows\System\xiLGLFW.exe
  C:\Windows\System\xiLGLFW.exe
  2⤵
  PID:9740
- C:\Windows\System\RarlZBc.exe
  C:\Windows\System\RarlZBc.exe
  2⤵
  PID:9796
- C:\Windows\System\IOcojIt.exe
  C:\Windows\System\IOcojIt.exe
  2⤵
  PID:9828
- C:\Windows\System\TjgbnIk.exe
  C:\Windows\System\TjgbnIk.exe
  2⤵
  PID:9844
- C:\Windows\System\iESzXuu.exe
  C:\Windows\System\iESzXuu.exe
  2⤵
  PID:9880
- C:\Windows\System\zcMeYDf.exe
  C:\Windows\System\zcMeYDf.exe
  2⤵
  PID:9912
- C:\Windows\System\JcAZJLZ.exe
  C:\Windows\System\JcAZJLZ.exe
  2⤵
  PID:9932
- C:\Windows\System\whwCoBA.exe
  C:\Windows\System\whwCoBA.exe
  2⤵
  PID:9960
- C:\Windows\System\Dgvsosk.exe
  C:\Windows\System\Dgvsosk.exe
  2⤵
  PID:9988
- C:\Windows\System\cbFRcPU.exe
  C:\Windows\System\cbFRcPU.exe
  2⤵
  PID:10008
- C:\Windows\System\TbMpIcK.exe
  C:\Windows\System\TbMpIcK.exe
  2⤵
  PID:10040
- C:\Windows\System\nyAJTar.exe
  C:\Windows\System\nyAJTar.exe
  2⤵
  PID:10072
- C:\Windows\System\XrwphDK.exe
  C:\Windows\System\XrwphDK.exe
  2⤵
  PID:10092
- C:\Windows\System\OWaKeHr.exe
  C:\Windows\System\OWaKeHr.exe
  2⤵
  PID:10112
- C:\Windows\System\nZTPJhu.exe
  C:\Windows\System\nZTPJhu.exe
  2⤵
  PID:10152
- C:\Windows\System\XZhWkbW.exe
  C:\Windows\System\XZhWkbW.exe
  2⤵
  PID:10180
- C:\Windows\System\EDmurRp.exe
  C:\Windows\System\EDmurRp.exe
  2⤵
  PID:10204
- C:\Windows\System\HrRNnzO.exe
  C:\Windows\System\HrRNnzO.exe
  2⤵
  PID:10224
- C:\Windows\System\GHrPGdF.exe
  C:\Windows\System\GHrPGdF.exe
  2⤵
  PID:9220
- C:\Windows\System\ziYFtMN.exe
  C:\Windows\System\ziYFtMN.exe
  2⤵
  PID:9372
- C:\Windows\System\oYwceEE.exe
  C:\Windows\System\oYwceEE.exe
  2⤵
  PID:9392
- C:\Windows\System\YppXnoP.exe
  C:\Windows\System\YppXnoP.exe
  2⤵
  PID:9420
- C:\Windows\System\ISKGJvT.exe
  C:\Windows\System\ISKGJvT.exe
  2⤵
  PID:9488
- C:\Windows\System\dLFoanO.exe
  C:\Windows\System\dLFoanO.exe
  2⤵
  PID:9572
- C:\Windows\System\tlSMUgz.exe
  C:\Windows\System\tlSMUgz.exe
  2⤵
  PID:9592
- C:\Windows\System\ZkZXzjs.exe
  C:\Windows\System\ZkZXzjs.exe
  2⤵
  PID:9672
- C:\Windows\System\cSwoefb.exe
  C:\Windows\System\cSwoefb.exe
  2⤵
  PID:9636
- C:\Windows\System\rPOZZKV.exe
  C:\Windows\System\rPOZZKV.exe
  2⤵
  PID:9780
- C:\Windows\System\ZiyFBMk.exe
  C:\Windows\System\ZiyFBMk.exe
  2⤵
  PID:9804
- C:\Windows\System\RLAHKDU.exe
  C:\Windows\System\RLAHKDU.exe
  2⤵
  PID:9840
- C:\Windows\System\hLtvAoe.exe
  C:\Windows\System\hLtvAoe.exe
  2⤵
  PID:9908
- C:\Windows\System\QnclJqG.exe
  C:\Windows\System\QnclJqG.exe
  2⤵
  PID:9952
- C:\Windows\System\MfJWKUx.exe
  C:\Windows\System\MfJWKUx.exe
  2⤵
  PID:10052
- C:\Windows\System\zXyQpEt.exe
  C:\Windows\System\zXyQpEt.exe
  2⤵
  PID:10032
- C:\Windows\System\GBHCZqy.exe
  C:\Windows\System\GBHCZqy.exe
  2⤵
  PID:10176
- C:\Windows\System\cptNkIS.exe
  C:\Windows\System\cptNkIS.exe
  2⤵
  PID:10192
- C:\Windows\System\KeeUnhl.exe
  C:\Windows\System\KeeUnhl.exe
  2⤵
  PID:10216
- C:\Windows\System\dcEtBVc.exe
  C:\Windows\System\dcEtBVc.exe
  2⤵
  PID:8624
- C:\Windows\System\oNcQrpa.exe
  C:\Windows\System\oNcQrpa.exe
  2⤵
  PID:9508
- C:\Windows\System\YNsdpSV.exe
  C:\Windows\System\YNsdpSV.exe
  2⤵
  PID:9628
- C:\Windows\System\aHmSqLt.exe
  C:\Windows\System\aHmSqLt.exe
  2⤵
  PID:9776
- C:\Windows\System\EWQxUep.exe
  C:\Windows\System\EWQxUep.exe
  2⤵
  PID:9856
- C:\Windows\System\MtgWtCS.exe
  C:\Windows\System\MtgWtCS.exe
  2⤵
  PID:9996
- C:\Windows\System\adrJjlc.exe
  C:\Windows\System\adrJjlc.exe
  2⤵
  PID:9968
- C:\Windows\System\CncREtQ.exe
  C:\Windows\System\CncREtQ.exe
  2⤵
  PID:9728
- C:\Windows\System\tESwZBg.exe
  C:\Windows\System\tESwZBg.exe
  2⤵
  PID:9536
- C:\Windows\System\DOfmpKZ.exe
  C:\Windows\System\DOfmpKZ.exe
  2⤵
  PID:9732
- C:\Windows\System\SyMnZLF.exe
  C:\Windows\System\SyMnZLF.exe
  2⤵
  PID:10260
- C:\Windows\System\udzAsUc.exe
  C:\Windows\System\udzAsUc.exe
  2⤵
  PID:10300
- C:\Windows\System\bjwhMay.exe
  C:\Windows\System\bjwhMay.exe
  2⤵
  PID:10332
- C:\Windows\System\gRKfyII.exe
  C:\Windows\System\gRKfyII.exe
  2⤵
  PID:10352
- C:\Windows\System\mQTOPaw.exe
  C:\Windows\System\mQTOPaw.exe
  2⤵
  PID:10376
- C:\Windows\System\RtLGGFv.exe
  C:\Windows\System\RtLGGFv.exe
  2⤵
  PID:10412
- C:\Windows\System\nHpmCXg.exe
  C:\Windows\System\nHpmCXg.exe
  2⤵
  PID:10448
- C:\Windows\System\osLRXdm.exe
  C:\Windows\System\osLRXdm.exe
  2⤵
  PID:10476
- C:\Windows\System\IqLtZSn.exe
  C:\Windows\System\IqLtZSn.exe
  2⤵
  PID:10516
- C:\Windows\System\YmqXljZ.exe
  C:\Windows\System\YmqXljZ.exe
  2⤵
  PID:10536
- C:\Windows\System\ojmLtVX.exe
  C:\Windows\System\ojmLtVX.exe
  2⤵
  PID:10556
- C:\Windows\System\xNeAtxZ.exe
  C:\Windows\System\xNeAtxZ.exe
  2⤵
  PID:10588
- C:\Windows\System\rzfNhvZ.exe
  C:\Windows\System\rzfNhvZ.exe
  2⤵
  PID:10608
- C:\Windows\System\XDcvkMS.exe
  C:\Windows\System\XDcvkMS.exe
  2⤵
  PID:10632
- C:\Windows\System\cBxhEjf.exe
  C:\Windows\System\cBxhEjf.exe
  2⤵
  PID:10656
- C:\Windows\System\ZeAXDGF.exe
  C:\Windows\System\ZeAXDGF.exe
  2⤵
  PID:10680
- C:\Windows\System\TOeIDAN.exe
  C:\Windows\System\TOeIDAN.exe
  2⤵
  PID:10744
- C:\Windows\System\USoCjSU.exe
  C:\Windows\System\USoCjSU.exe
  2⤵
  PID:10760
- C:\Windows\System\mKndNxs.exe
  C:\Windows\System\mKndNxs.exe
  2⤵
  PID:10788
- C:\Windows\System\oqHXQbb.exe
  C:\Windows\System\oqHXQbb.exe
  2⤵
  PID:10816
- C:\Windows\System\zJOJbGc.exe
  C:\Windows\System\zJOJbGc.exe
  2⤵
  PID:10840
- C:\Windows\System\rJTvieg.exe
  C:\Windows\System\rJTvieg.exe
  2⤵
  PID:10864
- C:\Windows\System\aOLtuXd.exe
  C:\Windows\System\aOLtuXd.exe
  2⤵
  PID:10912
- C:\Windows\System\rSizaQn.exe
  C:\Windows\System\rSizaQn.exe
  2⤵
  PID:10932
- C:\Windows\System\BWPfKxb.exe
  C:\Windows\System\BWPfKxb.exe
  2⤵
  PID:10968
- C:\Windows\System\UIKSkok.exe
  C:\Windows\System\UIKSkok.exe
  2⤵
  PID:10984
- C:\Windows\System\arDNQFx.exe
  C:\Windows\System\arDNQFx.exe
  2⤵
  PID:11008
- C:\Windows\System\SrkFTsb.exe
  C:\Windows\System\SrkFTsb.exe
  2⤵
  PID:11060
- C:\Windows\System\XNpGDUX.exe
  C:\Windows\System\XNpGDUX.exe
  2⤵
  PID:11076
- C:\Windows\System\HIkqdSV.exe
  C:\Windows\System\HIkqdSV.exe
  2⤵
  PID:11116
- C:\Windows\System\dSGjwgC.exe
  C:\Windows\System\dSGjwgC.exe
  2⤵
  PID:11132
- C:\Windows\System\oIWbkdS.exe
  C:\Windows\System\oIWbkdS.exe
  2⤵
  PID:11148
- C:\Windows\System\tzKXVBU.exe
  C:\Windows\System\tzKXVBU.exe
  2⤵
  PID:11164
- C:\Windows\System\tkUIcsZ.exe
  C:\Windows\System\tkUIcsZ.exe
  2⤵
  PID:11212
- C:\Windows\System\qGcqzSd.exe
  C:\Windows\System\qGcqzSd.exe
  2⤵
  PID:11232
- C:\Windows\System\XvIhSLB.exe
  C:\Windows\System\XvIhSLB.exe
  2⤵
  PID:11252
- C:\Windows\System\tcBYZkj.exe
  C:\Windows\System\tcBYZkj.exe
  2⤵
  PID:10308
- C:\Windows\System\ZdWVCBt.exe
  C:\Windows\System\ZdWVCBt.exe
  2⤵
  PID:10364
- C:\Windows\System\sLxspQA.exe
  C:\Windows\System\sLxspQA.exe
  2⤵
  PID:10408
- C:\Windows\System\NQOmUZK.exe
  C:\Windows\System\NQOmUZK.exe
  2⤵
  PID:10508
- C:\Windows\System\miOXqxy.exe
  C:\Windows\System\miOXqxy.exe
  2⤵
  PID:10576
- C:\Windows\System\TaQjApw.exe
  C:\Windows\System\TaQjApw.exe
  2⤵
  PID:10640
- C:\Windows\System\SzpYBhM.exe
  C:\Windows\System\SzpYBhM.exe
  2⤵
  PID:10672
- C:\Windows\System\dCMWpQK.exe
  C:\Windows\System\dCMWpQK.exe
  2⤵
  PID:10736
- C:\Windows\System\PBlimjq.exe
  C:\Windows\System\PBlimjq.exe
  2⤵
  PID:10824
- C:\Windows\System\DuORCWa.exe
  C:\Windows\System\DuORCWa.exe
  2⤵
  PID:10888
- C:\Windows\System\udYbUSG.exe
  C:\Windows\System\udYbUSG.exe
  2⤵
  PID:10908
- C:\Windows\System\DonuyOn.exe
  C:\Windows\System\DonuyOn.exe
  2⤵
  PID:10964
- C:\Windows\System\YgpLohX.exe
  C:\Windows\System\YgpLohX.exe
  2⤵
  PID:11092
- C:\Windows\System\GEiRefT.exe
  C:\Windows\System\GEiRefT.exe
  2⤵
  PID:11124
- C:\Windows\System\yXHOIFk.exe
  C:\Windows\System\yXHOIFk.exe
  2⤵
  PID:11160
- C:\Windows\System\RuYntiw.exe
  C:\Windows\System\RuYntiw.exe
  2⤵
  PID:10104
- C:\Windows\System\huLTKSY.exe
  C:\Windows\System\huLTKSY.exe
  2⤵
  PID:9060
- C:\Windows\System\TQqcfwA.exe
  C:\Windows\System\TQqcfwA.exe
  2⤵
  PID:10548
- C:\Windows\System\orZJlgA.exe
  C:\Windows\System\orZJlgA.exe
  2⤵
  PID:10604
- C:\Windows\System\TSlwCqr.exe
  C:\Windows\System\TSlwCqr.exe
  2⤵
  PID:10768
- C:\Windows\System\rmWjKPX.exe
  C:\Windows\System\rmWjKPX.exe
  2⤵
  PID:10944
- C:\Windows\System\DGeJYfW.exe
  C:\Windows\System\DGeJYfW.exe
  2⤵
  PID:11028
- C:\Windows\System\ifitpmf.exe
  C:\Windows\System\ifitpmf.exe
  2⤵
  PID:11140
- C:\Windows\System\czSXRWm.exe
  C:\Windows\System\czSXRWm.exe
  2⤵
  PID:11220
- C:\Windows\System\JkCgubU.exe
  C:\Windows\System\JkCgubU.exe
  2⤵
  PID:10784
- C:\Windows\System\fUmsMgm.exe
  C:\Windows\System\fUmsMgm.exe
  2⤵
  PID:11112
- C:\Windows\System\vkljXLD.exe
  C:\Windows\System\vkljXLD.exe
  2⤵
  PID:10544
- C:\Windows\System\UXeaFhi.exe
  C:\Windows\System\UXeaFhi.exe
  2⤵
  PID:11284
- C:\Windows\System\AEZMXEv.exe
  C:\Windows\System\AEZMXEv.exe
  2⤵
  PID:11308
- C:\Windows\System\mTBOYVl.exe
  C:\Windows\System\mTBOYVl.exe
  2⤵
  PID:11352
- C:\Windows\System\TNmzSmo.exe
  C:\Windows\System\TNmzSmo.exe
  2⤵
  PID:11380
- C:\Windows\System\TJClBgr.exe
  C:\Windows\System\TJClBgr.exe
  2⤵
  PID:11400
- C:\Windows\System\YEGelxI.exe
  C:\Windows\System\YEGelxI.exe
  2⤵
  PID:11428
- C:\Windows\System\VnBPzIC.exe
  C:\Windows\System\VnBPzIC.exe
  2⤵
  PID:11452
- C:\Windows\System\nPBAaye.exe
  C:\Windows\System\nPBAaye.exe
  2⤵
  PID:11472
- C:\Windows\System\GWJLYTL.exe
  C:\Windows\System\GWJLYTL.exe
  2⤵
  PID:11500
- C:\Windows\System\zYOuEst.exe
  C:\Windows\System\zYOuEst.exe
  2⤵
  PID:11524
- C:\Windows\System\iZhsbzN.exe
  C:\Windows\System\iZhsbzN.exe
  2⤵
  PID:11548
- C:\Windows\System\oXJXrhM.exe
  C:\Windows\System\oXJXrhM.exe
  2⤵
  PID:11584
- C:\Windows\System\OPHKGGr.exe
  C:\Windows\System\OPHKGGr.exe
  2⤵
  PID:11644
- C:\Windows\System\KVZNWpH.exe
  C:\Windows\System\KVZNWpH.exe
  2⤵
  PID:11692
- C:\Windows\System\baDikfL.exe
  C:\Windows\System\baDikfL.exe
  2⤵
  PID:11796
- C:\Windows\System\onoLrrp.exe
  C:\Windows\System\onoLrrp.exe
  2⤵
  PID:11816
- C:\Windows\System\WUnauuM.exe
  C:\Windows\System\WUnauuM.exe
  2⤵
  PID:11856
- C:\Windows\System\LNQCKhc.exe
  C:\Windows\System\LNQCKhc.exe
  2⤵
  PID:11880
- C:\Windows\System\UIQUyPm.exe
  C:\Windows\System\UIQUyPm.exe
  2⤵
  PID:11920
- C:\Windows\System\qViFRqi.exe
  C:\Windows\System\qViFRqi.exe
  2⤵
  PID:11948
- C:\Windows\System\WHzPAQV.exe
  C:\Windows\System\WHzPAQV.exe
  2⤵
  PID:11964
- C:\Windows\System\gMJMKII.exe
  C:\Windows\System\gMJMKII.exe
  2⤵
  PID:11984
- C:\Windows\System\sZTPKrE.exe
  C:\Windows\System\sZTPKrE.exe
  2⤵
  PID:12008
- C:\Windows\System\CspCrZf.exe
  C:\Windows\System\CspCrZf.exe
  2⤵
  PID:12024
- C:\Windows\System\POsZrxn.exe
  C:\Windows\System\POsZrxn.exe
  2⤵
  PID:12044
- C:\Windows\System\GzjHVaN.exe
  C:\Windows\System\GzjHVaN.exe
  2⤵
  PID:12064
- C:\Windows\System\VdmqEbz.exe
  C:\Windows\System\VdmqEbz.exe
  2⤵
  PID:12096
- C:\Windows\System\gJFZqnD.exe
  C:\Windows\System\gJFZqnD.exe
  2⤵
  PID:12148
- C:\Windows\System\ujzDVDt.exe
  C:\Windows\System\ujzDVDt.exe
  2⤵
  PID:12180
- C:\Windows\System\YoXcdQz.exe
  C:\Windows\System\YoXcdQz.exe
  2⤵
  PID:12200
- C:\Windows\System\iMRXbuG.exe
  C:\Windows\System\iMRXbuG.exe
  2⤵
  PID:12228
- C:\Windows\System\OPTxprJ.exe
  C:\Windows\System\OPTxprJ.exe
  2⤵
  PID:12252
- C:\Windows\System\kmpbUBY.exe
  C:\Windows\System\kmpbUBY.exe
  2⤵
  PID:12272
- C:\Windows\System\GzKXQEw.exe
  C:\Windows\System\GzKXQEw.exe
  2⤵
  PID:10284
- C:\Windows\System\frJsovG.exe
  C:\Windows\System\frJsovG.exe
  2⤵
  PID:11272
- C:\Windows\System\QMEBzWe.exe
  C:\Windows\System\QMEBzWe.exe
  2⤵
  PID:11408
- C:\Windows\System\krfJQpI.exe
  C:\Windows\System\krfJQpI.exe
  2⤵
  PID:11496
- C:\Windows\System\bQwtPmK.exe
  C:\Windows\System\bQwtPmK.exe
  2⤵
  PID:11568
- C:\Windows\System\gEXBbWV.exe
  C:\Windows\System\gEXBbWV.exe
  2⤵
  PID:11704
- C:\Windows\System\xpCGnzo.exe
  C:\Windows\System\xpCGnzo.exe
  2⤵
  PID:11676
- C:\Windows\System\tJfCXDe.exe
  C:\Windows\System\tJfCXDe.exe
  2⤵
  PID:11756
- C:\Windows\System\vLPtsLo.exe
  C:\Windows\System\vLPtsLo.exe
  2⤵
  PID:11640
- C:\Windows\System\pDIRcAq.exe
  C:\Windows\System\pDIRcAq.exe
  2⤵
  PID:2596
- C:\Windows\System\OgwBkrF.exe
  C:\Windows\System\OgwBkrF.exe
  2⤵
  PID:11804
- C:\Windows\System\yiSpLIu.exe
  C:\Windows\System\yiSpLIu.exe
  2⤵
  PID:3112
- C:\Windows\System\QUbMDOc.exe
  C:\Windows\System\QUbMDOc.exe
  2⤵
  PID:11864
- C:\Windows\System\gkiGgZt.exe
  C:\Windows\System\gkiGgZt.exe
  2⤵
  PID:11940
- C:\Windows\System\JDCbieE.exe
  C:\Windows\System\JDCbieE.exe
  2⤵
  PID:12016
- C:\Windows\System\kTmBSlj.exe
  C:\Windows\System\kTmBSlj.exe
  2⤵
  PID:12104
- C:\Windows\System\kEXVcIf.exe
  C:\Windows\System\kEXVcIf.exe
  2⤵
  PID:12172
- C:\Windows\System\pdVVUtd.exe
  C:\Windows\System\pdVVUtd.exe
  2⤵
  PID:11068
- C:\Windows\System\vxdUXWa.exe
  C:\Windows\System\vxdUXWa.exe
  2⤵
  PID:12240
- C:\Windows\System\NzMuNJT.exe
  C:\Windows\System\NzMuNJT.exe
  2⤵
  PID:11376
- C:\Windows\System\izoPPjL.exe
  C:\Windows\System\izoPPjL.exe
  2⤵
  PID:11424
- C:\Windows\System\kVrTQUV.exe
  C:\Windows\System\kVrTQUV.exe
  2⤵
  PID:11632
- C:\Windows\System\tUYTARw.exe
  C:\Windows\System\tUYTARw.exe
  2⤵
  PID:11760
- C:\Windows\System\JeVkGYu.exe
  C:\Windows\System\JeVkGYu.exe
  2⤵
  PID:11708
- C:\Windows\System\ZBLaHYg.exe
  C:\Windows\System\ZBLaHYg.exe
  2⤵
  PID:11832
- C:\Windows\System\ZdDtdhY.exe
  C:\Windows\System\ZdDtdhY.exe
  2⤵
  PID:12052
- C:\Windows\System\TOognOq.exe
  C:\Windows\System\TOognOq.exe
  2⤵
  PID:12020
- C:\Windows\System\RyCSBJJ.exe
  C:\Windows\System\RyCSBJJ.exe
  2⤵
  PID:11268
- C:\Windows\System\xcsprdp.exe
  C:\Windows\System\xcsprdp.exe
  2⤵
  PID:11664
- C:\Windows\System\cbdCUka.exe
  C:\Windows\System\cbdCUka.exe
  2⤵
  PID:11936
- C:\Windows\System\eydVzza.exe
  C:\Windows\System\eydVzza.exe
  2⤵
  PID:10692
- C:\Windows\System\HlOaWbx.exe
  C:\Windows\System\HlOaWbx.exe
  2⤵
  PID:12156
- C:\Windows\System\ESuBaho.exe
  C:\Windows\System\ESuBaho.exe
  2⤵
  PID:12300
- C:\Windows\System\HuMgDJC.exe
  C:\Windows\System\HuMgDJC.exe
  2⤵
  PID:12320
- C:\Windows\System\TijNaeQ.exe
  C:\Windows\System\TijNaeQ.exe
  2⤵
  PID:12348
- C:\Windows\System\rhcQzGD.exe
  C:\Windows\System\rhcQzGD.exe
  2⤵
  PID:12376
- C:\Windows\System\PWGDduA.exe
  C:\Windows\System\PWGDduA.exe
  2⤵
  PID:12416
- C:\Windows\System\EUusIPq.exe
  C:\Windows\System\EUusIPq.exe
  2⤵
  PID:12440
- C:\Windows\System\tMYHMsR.exe
  C:\Windows\System\tMYHMsR.exe
  2⤵
  PID:12460
- C:\Windows\System\AiAZieP.exe
  C:\Windows\System\AiAZieP.exe
  2⤵
  PID:12484
- C:\Windows\System\hpZSkHW.exe
  C:\Windows\System\hpZSkHW.exe
  2⤵
  PID:12504
- C:\Windows\System\dwuOXRA.exe
  C:\Windows\System\dwuOXRA.exe
  2⤵
  PID:12524
- C:\Windows\System\oetsiCr.exe
  C:\Windows\System\oetsiCr.exe
  2⤵
  PID:12568
- C:\Windows\System\UuWuNFl.exe
  C:\Windows\System\UuWuNFl.exe
  2⤵
  PID:12612
- C:\Windows\System\KsKKKqI.exe
  C:\Windows\System\KsKKKqI.exe
  2⤵
  PID:12636
- C:\Windows\System\BwNANSV.exe
  C:\Windows\System\BwNANSV.exe
  2⤵
  PID:12656
- C:\Windows\System\VaVXgtv.exe
  C:\Windows\System\VaVXgtv.exe
  2⤵
  PID:12692
- C:\Windows\System\HApUGrw.exe
  C:\Windows\System\HApUGrw.exe
  2⤵
  PID:12716
- C:\Windows\System\CVOQumE.exe
  C:\Windows\System\CVOQumE.exe
  2⤵
  PID:12736
- C:\Windows\System\RxvLoGU.exe
  C:\Windows\System\RxvLoGU.exe
  2⤵
  PID:12780
- C:\Windows\System\tDWhLzP.exe
  C:\Windows\System\tDWhLzP.exe
  2⤵
  PID:12808
- C:\Windows\System\UxGUbRw.exe
  C:\Windows\System\UxGUbRw.exe
  2⤵
  PID:12840
- C:\Windows\System\XLnpoog.exe
  C:\Windows\System\XLnpoog.exe
  2⤵
  PID:12860
- C:\Windows\System\XjoWrZW.exe
  C:\Windows\System\XjoWrZW.exe
  2⤵
  PID:12900
- C:\Windows\System\wbphICa.exe
  C:\Windows\System\wbphICa.exe
  2⤵
  PID:12920
- C:\Windows\System\KpzDunF.exe
  C:\Windows\System\KpzDunF.exe
  2⤵
  PID:12944
- C:\Windows\System\ueKPtYI.exe
  C:\Windows\System\ueKPtYI.exe
  2⤵
  PID:12964
- C:\Windows\System\IvVTjcb.exe
  C:\Windows\System\IvVTjcb.exe
  2⤵
  PID:12992
- C:\Windows\System\MyjIQZf.exe
  C:\Windows\System\MyjIQZf.exe
  2⤵
  PID:13008
- C:\Windows\System\MMTuzBv.exe
  C:\Windows\System\MMTuzBv.exe
  2⤵
  PID:13032
- C:\Windows\System\yAYgWiI.exe
  C:\Windows\System\yAYgWiI.exe
  2⤵
  PID:13080
- C:\Windows\System\NWhHzSB.exe
  C:\Windows\System\NWhHzSB.exe
  2⤵
  PID:13100
- C:\Windows\System\IJapBJg.exe
  C:\Windows\System\IJapBJg.exe
  2⤵
  PID:13124
- C:\Windows\System\DCMGOqw.exe
  C:\Windows\System\DCMGOqw.exe
  2⤵
  PID:13144
- C:\Windows\System\uxnATgu.exe
  C:\Windows\System\uxnATgu.exe
  2⤵
  PID:13164
- C:\Windows\System\jKLyzPb.exe
  C:\Windows\System\jKLyzPb.exe
  2⤵
  PID:13208
- C:\Windows\System\YsEBdOZ.exe
  C:\Windows\System\YsEBdOZ.exe
  2⤵
  PID:13252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_54tz02wz.bdo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CTKpenc.exe

Filesize
1.9MB

MD5
7a7c16eb5720c2665ee8110fc6813a8a

SHA1
5ef39a08bc530339a7b64f6dfeb3a7f41d1650ed

SHA256
4d6946a32f7c37696cdd171eb567431f8ecdc7bcac80bf7aaea1be6911d963d1

SHA512
65448abed287675791b71ed14c8cd768a2ce3521dc1ff297af4d9ca9293d35ed248656bb9088798dacd82a43ceed0b1730757dddfd694011d3ec0a884caae4fd

Download Submit
C:\Windows\System\EGqykHm.exe

Filesize
1.9MB

MD5
b33e33f55b48aecdf5489c72aad6d102

SHA1
2bb9af8046aeeb0733c14b5a4f47a423fe004d79

SHA256
a2d02ef361d8ea710d944c4929b5287c032eaededd99214cd1f61f821a7d827b

SHA512
41f40558548a233c4dfe0e18643da26b0c5ae976d26431f6ff41545d29b057dd2e1e4a62135325a0f7578a1cc0639b92d5586f8360f90f450539499368838774

Download Submit
C:\Windows\System\HAdkrDw.exe

Filesize
1.9MB

MD5
6b39d789e158725d969cff16cd709e89

SHA1
cab84341fe68314a419dc9a9793a72721a37aec7

SHA256
c9993a64f67ae300765f60635e410cfbaade656d282cad36cf76f8e21054f8ce

SHA512
9d076c479792a5f132d8e88771a7d036ad8b4eb4e96959bf03a25cbb1885b11a6bce31bd7be798e65f0344d2106c42132648090adbee635a34da40866e854429

Download Submit
C:\Windows\System\IkJlMeY.exe

Filesize
1.9MB

MD5
17f665558a59f3b123257ae8dad9955f

SHA1
71bba6e4462b74069e421f99ac1e43e9dd4f7d41

SHA256
7bf3610846e1a1bd6841393c176342ecd5c82889424a2f974af5673d0d06bb14

SHA512
1001f314a49ba9711d03798ff06065a61b9df2ccb2568cc08670ecd20befdc40998aba3f7543cbdbc3f5140a22e4d1209516ec1e55158a06b02899bbcffa8d8b

Download Submit
C:\Windows\System\IoJGdji.exe

Filesize
1.9MB

MD5
a423875e7b5e07bcba9ede94bdf4ef62

SHA1
fa50ac1f9025092fa15c80615cb478238c7d6ca4

SHA256
df9c8bb0a5e6a467806fafa1161a143fd276b0bb7ca71d7823ac50fd9fc87099

SHA512
26e0bc1564539294a59a645d2d8c9112bff95c314dfd947ff357758b31131b2c4d66ec87ff1c4fd8db8e2e846e05b41335ac512ee0c3f6835cc4e5c51469d6bc

Download Submit
C:\Windows\System\KcocUvJ.exe

Filesize
1.9MB

MD5
9833d10ce4953a7b56e4c62d7ffc3efd

SHA1
86957b003f58519118dc08990369cd4379b8f32d

SHA256
198b9fc489b87e8ade578279deea983f0098af3456e0f8dc7620a25e4833bd6e

SHA512
fd1197857669207668862ea189955ec8fd9147661810400c24e1ab3ed35ce59110dac563baa5baf95bbf2bd31a3b3055784cf548b9acc4fe8869db610abaf0cb

Download Submit
C:\Windows\System\QbpRlCM.exe

Filesize
1.9MB

MD5
9f89c8363e03089351396b11dbfd851b

SHA1
fe965d760ad2866a1c088125a36930214996cbe1

SHA256
1d9763c5957b432b988b8b7c07945dbc3dec00c30d77c013b7325fea364b36ff

SHA512
0d2ecd4f653294b6123215c2776b05990ed68bea3a3039c60462dedb8eb99a76430162f7e129503f8b69e05e8e7825b0507a9b24e8269129e99714492da00825

Download Submit
C:\Windows\System\QfydglY.exe

Filesize
1.9MB

MD5
3125b5d914498b5eb015df42339ee574

SHA1
3093476a53b1e249bd46fc10932948f18ce96769

SHA256
4a6ca218818ce1121c46b3ad1db925288efb347e5d0bc3f8bf760279ad05fdfd

SHA512
7336fae243045fc492ffbf98a53b666ef503656d92aafc708805f44d5fa0fd66835d0d34d86c29e5d4e24a4b4692bf383a8a692d57f254b47d2761b64ef5aea6

Download Submit
C:\Windows\System\SARmVlf.exe

Filesize
1.9MB

MD5
fb2b52bb24663b19d7c66e30d2858e64

SHA1
0dc8f6994fef70e5b3eff547bc41cb90fb9d118b

SHA256
8b22faeb8a0fdd71a192b9eddc984eea3738554eb8907a202407f7a0048639f1

SHA512
f3218839d6840fd0fb5014138493b9be2efa13630bbbb23f6854f8fe1cadc588e0b2a9ac60a5b0cb692e095eec608c532c2dec015f6037ea0554a0d709ec2cb8

Download Submit
C:\Windows\System\UgKdLKa.exe

Filesize
1.9MB

MD5
5a8d727d5c74365aed070f6616f496d8

SHA1
44e40cd2124003800cf703d5294393ac8f8f6740

SHA256
56c11c8bdaf930df590abc944656e902c6c98b8af2d1ab6e9e3dda17802fffef

SHA512
ac1ba4dee047cc374032028a4302b3aa15c13f6bb32eabc47286b1a09a70f780670fc2f5c81479d6cb1d2d3fc9228dfea865e13e6a1167283c0b2054770abbcf

Download Submit
C:\Windows\System\WoDMscv.exe

Filesize
1.9MB

MD5
4ad2dd63d2dabfdd5bf1fc06b42612a9

SHA1
c246cc1c62a03f6ad629d9a839395ec52c25bce8

SHA256
a70298bc11912d7b013b5808a8133caefae7b8ad1bf1bb32db6db40571e726c8

SHA512
4ecd54c62f83dd001c8e9a5a17feabf24907809fa6a922ffbfba20652fa9a86672b89a4e7afadce4b4080340fa6acdcda12e4c16ac7b17436f0a79c800620c92

Download Submit
C:\Windows\System\XqHgCph.exe

Filesize
1.9MB

MD5
29fb12bb74e8a2506332750006494646

SHA1
be5a52b513b35d948349fa7a1d5a07d451daab50

SHA256
775046a20386f60132ddea4534961f997bdb516ea47d49fea912794bee154c31

SHA512
e791c0b89a440af784a1b76c37e6b6739f7b1de0c436294e4e380806f2841deb9dab26cea8e8032735310511d64bb9b8120a2ca788703cd65a1b038f072984a7

Download Submit
C:\Windows\System\ZQXlEdy.exe

Filesize
1.9MB

MD5
de9aac598d1be8878278b84e5fef03bd

SHA1
fa364a1dd0f04521edd31d36116ee19cae1062f8

SHA256
36e6b16e2c4ae2f16d11873099b04477ab5755df2d4db2ccfc774b9c18f7cc65

SHA512
cc724e0b83228bee3c228e7659142ab5bd100b7d93f5a8f22554a6b628f55c3d42c164f1483df2d25aa08f974cbce804062fa167484ed28695d430ea2d22681c

Download Submit
C:\Windows\System\blDxZTs.exe

Filesize
1.9MB

MD5
f7271bcc120c600fcf9734ad98933f90

SHA1
800a7a0abbe47e04db9ed4ff555a769a1fe8c54a

SHA256
f3b7c0726c2290e130da49ce4ed872387843d689080bcc818b355a845e27b22a

SHA512
d3d81603f34997e527b64374267d11a107df613d12826575ece2bd08ec3c8b2ed4493fe3a5d5d7539a2a31043a459f10caca32494b8a59f9604e290bb8b1901b

Download Submit
C:\Windows\System\dpFUhzj.exe

Filesize
8B

MD5
7e1e9fcc71af27d4f3a70b3e20ac77b9

SHA1
09ec64762a6dbe9e03ecdb61ea5de2d274d170f0

SHA256
2f18658787aeca4d305f9fde7c9bc7343e5969bd51ec0e2c8583a2e506b9b404

SHA512
3beada4b1cd8ead153972e6e1293d504f7cea2d7323223a87897681d13a0872baba6942b9d88c8943892c0ad02e1f51ed3730edd702cc7d53ab31d006770ca91

Download Submit
C:\Windows\System\hSYbDRf.exe

Filesize
1.9MB

MD5
4d07317923e8e661e35af3c27ee8fac4

SHA1
d44171d1f65e26d6531481676e62114d5682bf0b

SHA256
0320e432ea8c99021b63f6fe60953696a9489f8d669c1307c2c1beb034c19ea0

SHA512
0d834a152c8dd859c9f355daeea0116b70646b9679852654f87e19a83ec6889f37c1cd3f321b6d9ba5b3d50f52229f64b2d0392d3425ac1f92c0b208feecb551

Download Submit
C:\Windows\System\igQvMPI.exe

Filesize
1.9MB

MD5
d87ab73643a676bdb012697f0c2f09d5

SHA1
9e9e81d89d79aa5f17dcf43c49be6bb18d9de254

SHA256
143718246f8c552fe43bed847211e20b1148ad3afe143dbcd9a32afbae41448e

SHA512
9120a68b8959133d40d38cbf238bddd187b4f567550459e0e34c3f893d32908959b390ae0024446bb5281ff9bc918be7557f022eabe7a3f47e98f9ea5f035204

Download Submit
C:\Windows\System\jFqGITU.exe

Filesize
1.9MB

MD5
91cdea343f330b1c4ccf27a9bc149057

SHA1
de51653c0dfdd37e0f823915b592f734a701a610

SHA256
dd3df5f444a216fc9c9e652985d5c56a682db35a42dee0a960830657b5f4ee09

SHA512
2904298def33617ca9f225ecece6530f3458fe8290cd6b8a8135171fe92a37a57163b032863d4a6a2f58c0df1ba2ddaf0e6fcbb8ecd9ec78dae8bb8f2fc50d75

Download Submit
C:\Windows\System\jkYzBnC.exe

Filesize
1.9MB

MD5
5e7d0ceafaaf82c51d3fab1ba9481afa

SHA1
8f59b71e194ea57777d6c13bf59b630a443ac39f

SHA256
577221d7c131879f037dbee6d7a4ff06ac124886339c2c928351cf064c1f8542

SHA512
25bad2cdf931735eafe0ba11616d4a2ada4c3355357556241aa1bc64ef4fde16601f5e2cd430512178dfea32b2ee3ef07a1700de5e90e915aaf99e7b36903282

Download Submit
C:\Windows\System\jsaPNzD.exe

Filesize
1.9MB

MD5
79b112bd901bd3429b08c20b8a12a336

SHA1
ca8c21346e48476ccebca19e7918846c2ed959f5

SHA256
025f928111dcb7b20a12c43594400603361d65cfd9b703cc4093e055ada3b226

SHA512
118d95234207a3465c8f5c10ddd77a100102ee8d398c3a335bde6211a5587609a3c59e736e7b328c91d51aadc2a14fc573776670c8444d81f4be960764b029aa

Download Submit
C:\Windows\System\lMFZLzV.exe

Filesize
1.9MB

MD5
9e0853df299bc8626318be133c3aac2a

SHA1
d2cd9ad0978f1549d2455f313fe1c924aa89801b

SHA256
bbd5686663b21a7a9c730c8beae952deb0e204ff004c400a1bc2d5fd7bab7908

SHA512
8c0257c7815bb37f9e99d1d07cd28beda6cc28a2c0e5b48e41c62a9946b37b04dd39dd0cd60105d87ec6c80265a597004350c8d6560051ec741acfdfc3076201

Download Submit
C:\Windows\System\mXNcudg.exe

Filesize
1.9MB

MD5
6b14f303d14d51050e0ec7b6b8252f82

SHA1
18abea9695a38a8320534909f7413c1e16f76c41

SHA256
1d9d53e3ecb488dacabc2d9642a8440c44825b92a65ddcc2196f6241943876b3

SHA512
1b0edca9719f68a2e4137f2a8f2617f1d4ae5a2da24b6268ef2cfb72c7ab0ada1722ebba5d7040f17ab30cf3a361e0756e2fcf0c683ca4f93f6ac11afbccf077

Download Submit
C:\Windows\System\mYZOata.exe

Filesize
1.9MB

MD5
605895aaf836b00f8031a8da1bdf69fb

SHA1
06d268376d69642922a66e64e814afbc4d2fa37f

SHA256
e766009a5aaf98a443109f21df4e1ade2c6ead3ed0b63e6995570ce03519e823

SHA512
2dfce0d82e1b2650008dcb3f8fa6c916c462df1a8ad420833f67d3c4497bc1710ae4dcc1eb1d118f3af7a48629e4efe0770f9add394dae33897e4fcf30c6d502

Download Submit
C:\Windows\System\nJZDJbY.exe

Filesize
1.9MB

MD5
22550e7aace3f2d2ad6f7d1020c223d6

SHA1
8fd0267abb09d16a9b3c4b5636f024c3b6aa7148

SHA256
ccd4f6716c6c8fbacf373c923b452631b63816a9371922df5b13382fd4a70776

SHA512
164dc151c7e6a904e7adb172feb827aae450fdc81344edde0c69ac4baa18a973ce0de220eb8dc0ac84772c67034fc9663563185c7968b0bdd33279b0cd19e726

Download Submit
C:\Windows\System\nfOuTRD.exe

Filesize
1.9MB

MD5
13bdecdad0844a88d31d5969c7b70dbe

SHA1
444b168a2aabd1ede0e0fc34ae18ae47c5ebe958

SHA256
bcff74702550bb83e100115f6dd265b0918f1db8d5887a903cd19c2a433b4a50

SHA512
f3c2af1b3e1dd155fad4a79cfcd3ff9d6e9e4f7d2cd30178f4a8d548277dd391e211125bffa2d6159cc2246eed566c705677253190fdb70f5914494d2d27b6c4

Download Submit
C:\Windows\System\pyjVLOz.exe

Filesize
1.9MB

MD5
806a80c0576d8b40d3fab615f457c1e0

SHA1
d91def32babaf6ecbe42778e6bd0352be996d56c

SHA256
34e66df68a288357172788da5d766d7d9d6687d59ce5d9c67568406195982a37

SHA512
2cd4149a9346ce635304bcaf63b35b7dd1cf9787b334a427955f9533e9d111015cbe3963c333399d71aaaa87f9f8cca6a422b343003db487d387ff5108015fb3

Download Submit
C:\Windows\System\qjfkQeJ.exe

Filesize
1.9MB

MD5
f7f01faa65501715fb0909e494b2ac83

SHA1
e7d15a365ab87b6c392181f9f2531aa5be5f5ec2

SHA256
2d26779a081a903f23dd0f2ed3a9c5b6f5bc7236ad8c87cfee1d8b9ba87b243a

SHA512
043edcc0e5f6fd8cd372d163a85824efe4900a00022d040d3081168f4284c01a378f6ef4c4cc5853d5c9d97bcf1a92c99b7222fc0d867d8b0eb865962d1c3c41

Download Submit
C:\Windows\System\rRcmPQB.exe

Filesize
1.9MB

MD5
c3ad5639b1cb8eeba77b507e158069d6

SHA1
a681493fe1cd4fcd5ecaa5e377c67efc84f7c457

SHA256
ad5e1440e210ac1b4dc1f2f5ea5f2d4347e3168a11a96a31ae4a023acf1e34b6

SHA512
a55d7276463a9da27bafac3a19677a162b21b0465795e7ca21d44cbe2d8f03025208aeea0bb8e0fdc96b1309cfbb317a63ec05fbec08a5f79fd1f64ed5d9c837

Download Submit
C:\Windows\System\vruEVuV.exe

Filesize
1.9MB

MD5
89469faf216b6aff577058553069f0b7

SHA1
435ba8fcfef38f116c7eb1b6774de10be0f83e4d

SHA256
77d731ccbfdcb18a87f66629fffe540ec75abf315f88d7c1a001828022f045c5

SHA512
be8486f0a708631691d87959152ce3739a09dcf32e2f76a11603d6d8f4b0533b3d3cfc54bd6e79af4eaed0e6f34a97d5e7ed002499af00a96d6d83f2d13e1cd4

Download Submit
C:\Windows\System\vzwInIV.exe

Filesize
1.9MB

MD5
9ba970497cc14468f0bd1747050d556b

SHA1
cf10f50cf31ebfeeeda4bf1dd755936faa95a498

SHA256
4e17cf0ea2b9b2c2d3eadc2b701b7518a5d97b15979260b40a6a59858192b2f7

SHA512
6e02546ef2dd7cce1b8a85e90e4f573a7ba41d8922cc894f83ea6fa7ffd98f41df6fd656f99f63617217ae16517470906801f72726d818ea2791fab760578bd9

Download Submit
C:\Windows\System\wxkKxOH.exe

Filesize
1.9MB

MD5
11a258e3bf1f90e64617049fda9a2b71

SHA1
9491c852f39ae3dd2b6e7dfb54e2c471582de8b0

SHA256
3dfe48c863c1a97bd35a6d0c07e8b57d44b2222758d39b96007165dc121e872d

SHA512
1872c795314ca05dece2e6b01b82628a31a19d00b743563f19515e93c7c5fae67f566d07073f054971e5298de47fbdebd3163de945e0b9d6708f4bae4c99d8fb

Download Submit
C:\Windows\System\xUxkpVI.exe

Filesize
1.9MB

MD5
8cba0c13f24432f34a96da1504097faf

SHA1
15582dade4a4e5b1ac1d96bb32e7411e71ea1dfc

SHA256
e28851bf27c29a860dc1dcb736cfe7d4ad8e4964262e79fa78db1b86e598cb7c

SHA512
6fffa24a2db5f8ecd05f04c7e07d40891d063cbe5e584ab42a05a3c8a429e508171fa74ce76c46c4103d32bf9d7d2c24b6ab68e3f4bef4fa48c23a2da4db8863

Download Submit
C:\Windows\System\xmMjNlF.exe

Filesize
1.9MB

MD5
cca1a9070033cedba5339df30e03f3d0

SHA1
7ce0b9f30fbbad1cab48eefdd9aa59285330236c

SHA256
96d07d05f599afdada5c48f29fdc7388d9eaec0f090b2614eef393cb04d0c380

SHA512
21b6aae88b280035a066d7645ff74cce7eb9a9c32828258fea7536a76ab2931f276b69d40c4ffdbce167f09943653a3c030d7288fb16822169d60a88e9e3f787

Download Submit
C:\Windows\System\zvcbsvN.exe

Filesize
1.9MB

MD5
d3d9a3d3bb6af5ce55cd90cf29738bb3

SHA1
a896e481fb05a922296a8f6611c51138b8b31cfe

SHA256
d5b7529ec37bfc748e653e6e8c7bfa3cea199c7ffc730e41c8737a785f31826a

SHA512
f1e4dafa4a85b2462df500ab220e9f65adf1ca08000f4fe4db4f170516baaac881a34e9432a489fb53288337769369c765687a13cf987a0467cde32fa44e3a0f

Download Submit
memory/632-19-0x00007FF6C7A90000-0x00007FF6C7E82000-memory.dmp

Filesize
3.9MB

Download
memory/1104-336-0x00007FF7EFBD0000-0x00007FF7EFFC2000-memory.dmp

Filesize
3.9MB

Download
memory/1220-44-0x00007FF72ED50000-0x00007FF72F142000-memory.dmp

Filesize
3.9MB

Download
memory/1420-41-0x0000015F395E0000-0x0000015F39602000-memory.dmp

Filesize
136KB

Download
memory/1420-20-0x0000015F370F0000-0x0000015F37100000-memory.dmp

Filesize
64KB

Download
memory/1420-15-0x00007FFD7B500000-0x00007FFD7BFC1000-memory.dmp

Filesize
10.8MB

Download
memory/1420-571-0x0000015F3A240000-0x0000015F3A9E6000-memory.dmp

Filesize
7.6MB

Download
memory/1472-0-0x00007FF671240000-0x00007FF671632000-memory.dmp

Filesize
3.9MB

Download
memory/1472-1-0x0000026F5EA50000-0x0000026F5EA60000-memory.dmp

Filesize
64KB

Download
memory/1576-332-0x00007FF7F97E0000-0x00007FF7F9BD2000-memory.dmp

Filesize
3.9MB

Download
memory/2008-328-0x00007FF7DA4A0000-0x00007FF7DA892000-memory.dmp

Filesize
3.9MB

Download
memory/2316-53-0x00007FF7557F0000-0x00007FF755BE2000-memory.dmp

Filesize
3.9MB

Download
memory/2452-58-0x00007FF7BEDB0000-0x00007FF7BF1A2000-memory.dmp

Filesize
3.9MB

Download
memory/2708-38-0x00007FF67A4B0000-0x00007FF67A8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-326-0x00007FF62F300000-0x00007FF62F6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-324-0x00007FF719420000-0x00007FF719812000-memory.dmp

Filesize
3.9MB

Download
memory/3260-330-0x00007FF713250000-0x00007FF713642000-memory.dmp

Filesize
3.9MB

Download
memory/3712-323-0x00007FF6AD880000-0x00007FF6ADC72000-memory.dmp

Filesize
3.9MB

Download
memory/3720-329-0x00007FF6E0790000-0x00007FF6E0B82000-memory.dmp

Filesize
3.9MB

Download
memory/3896-52-0x00007FF6F91B0000-0x00007FF6F95A2000-memory.dmp

Filesize
3.9MB

Download
memory/4232-55-0x00007FF7FBC90000-0x00007FF7FC082000-memory.dmp

Filesize
3.9MB

Download
memory/4292-335-0x00007FF6B6500000-0x00007FF6B68F2000-memory.dmp

Filesize
3.9MB

Download
memory/4380-325-0x00007FF740AD0000-0x00007FF740EC2000-memory.dmp

Filesize
3.9MB

Download
memory/4528-333-0x00007FF744050000-0x00007FF744442000-memory.dmp

Filesize
3.9MB

Download
memory/4584-331-0x00007FF763F70000-0x00007FF764362000-memory.dmp

Filesize
3.9MB

Download
memory/4972-327-0x00007FF7D4330000-0x00007FF7D4722000-memory.dmp

Filesize
3.9MB

Download
memory/5012-334-0x00007FF7244A0000-0x00007FF724892000-memory.dmp

Filesize
3.9MB

Download