xmrig | b503468891729bb742246a9aae64a1649462e17c121d0806122ed00d4ce9b18a

Analysis

max time kernel
67s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
Size

2.3MB
MD5

06e8852c510e915222eb97daa002562c
SHA1

564a0d9d40b1d75953396fec1e18856f7d4d5cd0
SHA256

b503468891729bb742246a9aae64a1649462e17c121d0806122ed00d4ce9b18a
SHA512

892fca6364c67db3995b727e3ff06d0442995331348bd8183349d6cc942cac7dfd1473d7ccc10163de85e4b5a3b080d5c6e9c302b1684d020f308f47b5003b7b
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkc30JqMopBxX6:NABl

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral2/memory/4544-663-0x00007FF773490000-0x00007FF773882000-memory.dmp	xmrig
behavioral2/memory/3256-668-0x00007FF619B00000-0x00007FF619EF2000-memory.dmp	xmrig
behavioral2/memory/1860-676-0x00007FF681E80000-0x00007FF682272000-memory.dmp	xmrig
behavioral2/memory/1864-678-0x00007FF759760000-0x00007FF759B52000-memory.dmp	xmrig
behavioral2/memory/4332-667-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp	xmrig
behavioral2/memory/4808-120-0x00007FF699F90000-0x00007FF69A382000-memory.dmp	xmrig
behavioral2/memory/5092-117-0x00007FF6F6510000-0x00007FF6F6902000-memory.dmp	xmrig
behavioral2/memory/3160-107-0x00007FF652F30000-0x00007FF653322000-memory.dmp	xmrig
behavioral2/memory/3696-101-0x00007FF62A140000-0x00007FF62A532000-memory.dmp	xmrig
behavioral2/memory/4456-97-0x00007FF6BF180000-0x00007FF6BF572000-memory.dmp	xmrig
behavioral2/memory/1660-83-0x00007FF75C460000-0x00007FF75C852000-memory.dmp	xmrig
behavioral2/memory/692-74-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp	xmrig
behavioral2/memory/1752-49-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	xmrig
behavioral2/memory/3144-36-0x00007FF6D69E0000-0x00007FF6D6DD2000-memory.dmp	xmrig
behavioral2/memory/4364-32-0x00007FF790740000-0x00007FF790B32000-memory.dmp	xmrig
behavioral2/memory/4064-13-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp	xmrig
behavioral2/memory/4732-2109-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp	xmrig
behavioral2/memory/2480-2267-0x00007FF65B480000-0x00007FF65B872000-memory.dmp	xmrig
behavioral2/memory/4260-2268-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp	xmrig
behavioral2/memory/692-2270-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp	xmrig
behavioral2/memory/4472-2302-0x00007FF678840000-0x00007FF678C32000-memory.dmp	xmrig
behavioral2/memory/1340-2303-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp	xmrig
behavioral2/memory/532-2304-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp	xmrig
behavioral2/memory/4064-2306-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp	xmrig
behavioral2/memory/4332-2308-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp	xmrig
behavioral2/memory/3144-2310-0x00007FF6D69E0000-0x00007FF6D6DD2000-memory.dmp	xmrig
behavioral2/memory/4364-2312-0x00007FF790740000-0x00007FF790B32000-memory.dmp	xmrig
behavioral2/memory/1752-2317-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	xmrig
behavioral2/memory/2480-2315-0x00007FF65B480000-0x00007FF65B872000-memory.dmp	xmrig
behavioral2/memory/692-2320-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp	xmrig
behavioral2/memory/1660-2322-0x00007FF75C460000-0x00007FF75C852000-memory.dmp	xmrig
behavioral2/memory/4732-2319-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp	xmrig
behavioral2/memory/3160-2325-0x00007FF652F30000-0x00007FF653322000-memory.dmp	xmrig
behavioral2/memory/1340-2338-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp	xmrig
behavioral2/memory/532-2340-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp	xmrig
behavioral2/memory/5092-2337-0x00007FF6F6510000-0x00007FF6F6902000-memory.dmp	xmrig
behavioral2/memory/4808-2334-0x00007FF699F90000-0x00007FF69A382000-memory.dmp	xmrig
behavioral2/memory/4456-2333-0x00007FF6BF180000-0x00007FF6BF572000-memory.dmp	xmrig
behavioral2/memory/3696-2331-0x00007FF62A140000-0x00007FF62A532000-memory.dmp	xmrig
behavioral2/memory/4260-2329-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp	xmrig
behavioral2/memory/4472-2327-0x00007FF678840000-0x00007FF678C32000-memory.dmp	xmrig
behavioral2/memory/3256-2348-0x00007FF619B00000-0x00007FF619EF2000-memory.dmp	xmrig
behavioral2/memory/1864-2346-0x00007FF759760000-0x00007FF759B52000-memory.dmp	xmrig
behavioral2/memory/1860-2350-0x00007FF681E80000-0x00007FF682272000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4064	TqviAgj.exe
4332	lygasBZ.exe
4364	bzhYZJp.exe
3144	tyVwfqe.exe
4732	vYMpWFa.exe
1752	rhpKfaK.exe
2480	thIyMOV.exe
692	KXMqxvp.exe
1660	XvwZzaf.exe
4456	HTusuXI.exe
4260	sUpHWrm.exe
4472	PLbhcFd.exe
3696	yOjsYrm.exe
3160	LXptLjH.exe
1340	NOghLcj.exe
5092	hbTFaSF.exe
4808	UbceRyP.exe
532	hlBIazk.exe
3256	QklpVDo.exe
1860	qOUyvgP.exe
1864	OkZivUM.exe
4736	Dcgxmfp.exe
2352	WKiIKaQ.exe
4672	HRSXpHE.exe
3652	McUjisg.exe
3528	emERHId.exe
4144	loyaIvQ.exe
4348	IYOQdNn.exe
2292	cdUsOot.exe
2440	uBkdkEt.exe
2768	faAUMgw.exe
876	zPCTwIv.exe
2692	xqcfNZZ.exe
2524	phQttkZ.exe
3976	bOXAJqD.exe
2168	PNxeWjW.exe
3728	PURMXov.exe
212	asPaagR.exe
1452	XwhOziA.exe
2660	oSChpEA.exe
2100	LSeoMSA.exe
2096	iFBhOUQ.exe
2456	ZRqpZdz.exe
2540	UnMEkrQ.exe
1984	HuEZmFD.exe
736	lQVEWXK.exe
2428	idVnqxY.exe
2904	dMRvngo.exe
3640	tWpZoLR.exe
3388	DUsbXPV.exe
3680	fIsBBvg.exe
3184	MxFClmU.exe
4148	pvVZmDj.exe
4892	ZullCRj.exe
2024	txBRknm.exe
2364	nAbOIqX.exe
4636	YoWAJvG.exe
3272	vHLNfga.exe
4400	MPYmPdW.exe
4912	ZNUWieT.exe
980	XhxFbLW.exe
3840	aCGKvFP.exe
4416	PBkzJho.exe
4580	KcxJWEc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4544-0-0x00007FF773490000-0x00007FF773882000-memory.dmp	upx
behavioral2/files/0x000b000000023ba5-5.dat	upx
behavioral2/files/0x000a000000023ba9-12.dat	upx
behavioral2/files/0x000a000000023baa-8.dat	upx
behavioral2/files/0x000a000000023bab-24.dat	upx
behavioral2/files/0x000a000000023baf-46.dat	upx
behavioral2/files/0x000a000000023bb1-67.dat	upx
behavioral2/files/0x000a000000023bb0-68.dat	upx
behavioral2/files/0x000a000000023bb7-88.dat	upx
behavioral2/files/0x000a000000023bb2-86.dat	upx
behavioral2/files/0x000a000000023bb3-95.dat	upx
behavioral2/files/0x000b000000023ba6-98.dat	upx
behavioral2/files/0x0032000000023bb5-104.dat	upx
behavioral2/files/0x0032000000023bb6-118.dat	upx
behavioral2/memory/532-123-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp	upx
behavioral2/files/0x000a000000023bba-135.dat	upx
behavioral2/memory/4544-663-0x00007FF773490000-0x00007FF773882000-memory.dmp	upx
behavioral2/memory/3256-668-0x00007FF619B00000-0x00007FF619EF2000-memory.dmp	upx
behavioral2/memory/1860-676-0x00007FF681E80000-0x00007FF682272000-memory.dmp	upx
behavioral2/memory/1864-678-0x00007FF759760000-0x00007FF759B52000-memory.dmp	upx
behavioral2/memory/4332-667-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc6-194.dat	upx
behavioral2/files/0x000a000000023bc5-190.dat	upx
behavioral2/files/0x000a000000023bc4-184.dat	upx
behavioral2/files/0x000a000000023bc3-180.dat	upx
behavioral2/files/0x000a000000023bc2-174.dat	upx
behavioral2/files/0x000a000000023bc1-170.dat	upx
behavioral2/files/0x000a000000023bc0-165.dat	upx
behavioral2/files/0x000a000000023bbf-160.dat	upx
behavioral2/files/0x000a000000023bbe-155.dat	upx
behavioral2/files/0x000a000000023bbd-149.dat	upx
behavioral2/files/0x000a000000023bbc-145.dat	upx
behavioral2/files/0x000a000000023bbb-139.dat	upx
behavioral2/files/0x000a000000023bb9-127.dat	upx
behavioral2/files/0x000a000000023bb8-121.dat	upx
behavioral2/memory/4808-120-0x00007FF699F90000-0x00007FF69A382000-memory.dmp	upx
behavioral2/memory/5092-117-0x00007FF6F6510000-0x00007FF6F6902000-memory.dmp	upx
behavioral2/memory/1340-111-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp	upx
behavioral2/memory/3160-107-0x00007FF652F30000-0x00007FF653322000-memory.dmp	upx
behavioral2/memory/3696-101-0x00007FF62A140000-0x00007FF62A532000-memory.dmp	upx
behavioral2/memory/4456-97-0x00007FF6BF180000-0x00007FF6BF572000-memory.dmp	upx
behavioral2/files/0x0031000000023bb4-91.dat	upx
behavioral2/memory/4472-89-0x00007FF678840000-0x00007FF678C32000-memory.dmp	upx
behavioral2/memory/4260-84-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp	upx
behavioral2/memory/1660-83-0x00007FF75C460000-0x00007FF75C852000-memory.dmp	upx
behavioral2/memory/692-74-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp	upx
behavioral2/memory/2480-57-0x00007FF65B480000-0x00007FF65B872000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-50.dat	upx
behavioral2/memory/1752-49-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	upx
behavioral2/memory/4732-44-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-41.dat	upx
behavioral2/memory/3144-36-0x00007FF6D69E0000-0x00007FF6D6DD2000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-34.dat	upx
behavioral2/memory/4364-32-0x00007FF790740000-0x00007FF790B32000-memory.dmp	upx
behavioral2/memory/4332-17-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp	upx
behavioral2/memory/4064-13-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp	upx
behavioral2/memory/4732-2109-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp	upx
behavioral2/memory/2480-2267-0x00007FF65B480000-0x00007FF65B872000-memory.dmp	upx
behavioral2/memory/4260-2268-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp	upx
behavioral2/memory/692-2270-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp	upx
behavioral2/memory/4472-2302-0x00007FF678840000-0x00007FF678C32000-memory.dmp	upx
behavioral2/memory/1340-2303-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp	upx
behavioral2/memory/532-2304-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp	upx
behavioral2/memory/4064-2306-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wdAYiez.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\lmpSlRb.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\VRVYdFa.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\qcnJvEA.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\gleCyow.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\OkZivUM.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\IRkwINg.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\AVxTyVd.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\hlEfRit.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\oTBlyRm.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\vcJTufL.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\uBkdkEt.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\nFlKRex.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\oBLAszn.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\BMcTEOB.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\OdnLERu.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\HqLkwzL.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\zLIuhCr.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\WoyRqpJ.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\UtZUqOS.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\yrjGigE.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\BngAjpc.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\BqBEPjO.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\CLWiMIK.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\axFLPHh.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\XLYJSYA.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\SHtIDpg.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\kXohofF.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\hlBIazk.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\XJtIuFc.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\SIymUsz.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\eyrZAwm.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\ZlRSEPY.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\htobIuR.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\WkqoZEJ.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\pvXzHcr.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\XQlwNPa.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\RzxFhfo.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\kxARYHf.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\AUwiXxy.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\uDYeuPf.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\JIuJtAH.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\rnuySaK.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\QnGbJGe.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\WlLoOhN.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\phQttkZ.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\JLQJqDH.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\BSMpSyN.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\QOUAQVf.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\lrkhnrC.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\qWfNnFt.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\NdIYivo.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\ozBrfFd.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\kvHWJVY.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\XPNVusx.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\UbceRyP.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\CmIQOcA.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\qkDyBpN.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\hizdZXE.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\FEWUwdL.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\mauneke.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\QeTctcy.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\WHsDNtV.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
File created	C:\Windows\System\QGBRUYw.exe	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3292	powershell.exe
3292	powershell.exe
3292	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
Token: SeDebugPrivilege	3292	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 3292	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	87
PID 4544 wrote to memory of 3292	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	87
PID 4544 wrote to memory of 4064	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	88
PID 4544 wrote to memory of 4064	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	88
PID 4544 wrote to memory of 4332	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	89
PID 4544 wrote to memory of 4332	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	89
PID 4544 wrote to memory of 4364	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	90
PID 4544 wrote to memory of 4364	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	90
PID 4544 wrote to memory of 3144	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	91
PID 4544 wrote to memory of 3144	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	91
PID 4544 wrote to memory of 4732	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	93
PID 4544 wrote to memory of 4732	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	93
PID 4544 wrote to memory of 1752	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	94
PID 4544 wrote to memory of 1752	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	94
PID 4544 wrote to memory of 2480	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	95
PID 4544 wrote to memory of 2480	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	95
PID 4544 wrote to memory of 692	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	96
PID 4544 wrote to memory of 692	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	96
PID 4544 wrote to memory of 1660	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	97
PID 4544 wrote to memory of 1660	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	97
PID 4544 wrote to memory of 4456	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	98
PID 4544 wrote to memory of 4456	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	98
PID 4544 wrote to memory of 4260	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	99
PID 4544 wrote to memory of 4260	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	99
PID 4544 wrote to memory of 4472	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	100
PID 4544 wrote to memory of 4472	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	100
PID 4544 wrote to memory of 3696	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	101
PID 4544 wrote to memory of 3696	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	101
PID 4544 wrote to memory of 3160	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	102
PID 4544 wrote to memory of 3160	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	102
PID 4544 wrote to memory of 1340	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	103
PID 4544 wrote to memory of 1340	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	103
PID 4544 wrote to memory of 5092	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	104
PID 4544 wrote to memory of 5092	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	104
PID 4544 wrote to memory of 4808	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	105
PID 4544 wrote to memory of 4808	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	105
PID 4544 wrote to memory of 532	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	106
PID 4544 wrote to memory of 532	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	106
PID 4544 wrote to memory of 3256	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	107
PID 4544 wrote to memory of 3256	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	107
PID 4544 wrote to memory of 1860	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	108
PID 4544 wrote to memory of 1860	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	108
PID 4544 wrote to memory of 1864	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	109
PID 4544 wrote to memory of 1864	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	109
PID 4544 wrote to memory of 4736	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	110
PID 4544 wrote to memory of 4736	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	110
PID 4544 wrote to memory of 2352	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	111
PID 4544 wrote to memory of 2352	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	111
PID 4544 wrote to memory of 4672	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	112
PID 4544 wrote to memory of 4672	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	112
PID 4544 wrote to memory of 3652	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	113
PID 4544 wrote to memory of 3652	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	113
PID 4544 wrote to memory of 3528	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	114
PID 4544 wrote to memory of 3528	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	114
PID 4544 wrote to memory of 4144	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	115
PID 4544 wrote to memory of 4144	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	115
PID 4544 wrote to memory of 4348	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	116
PID 4544 wrote to memory of 4348	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	116
PID 4544 wrote to memory of 2292	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	117
PID 4544 wrote to memory of 2292	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	117
PID 4544 wrote to memory of 2440	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	118
PID 4544 wrote to memory of 2440	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	118
PID 4544 wrote to memory of 2768	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	119
PID 4544 wrote to memory of 2768	4544	06e8852c510e915222eb97daa002562c_JaffaCakes118.exe	119

C:\Users\Admin\AppData\Local\Temp\06e8852c510e915222eb97daa002562c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06e8852c510e915222eb97daa002562c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3292
- C:\Windows\System\TqviAgj.exe
  C:\Windows\System\TqviAgj.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\lygasBZ.exe
  C:\Windows\System\lygasBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\bzhYZJp.exe
  C:\Windows\System\bzhYZJp.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\tyVwfqe.exe
  C:\Windows\System\tyVwfqe.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\vYMpWFa.exe
  C:\Windows\System\vYMpWFa.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\rhpKfaK.exe
  C:\Windows\System\rhpKfaK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\thIyMOV.exe
  C:\Windows\System\thIyMOV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\KXMqxvp.exe
  C:\Windows\System\KXMqxvp.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\XvwZzaf.exe
  C:\Windows\System\XvwZzaf.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\HTusuXI.exe
  C:\Windows\System\HTusuXI.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\sUpHWrm.exe
  C:\Windows\System\sUpHWrm.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\PLbhcFd.exe
  C:\Windows\System\PLbhcFd.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\yOjsYrm.exe
  C:\Windows\System\yOjsYrm.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\LXptLjH.exe
  C:\Windows\System\LXptLjH.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\NOghLcj.exe
  C:\Windows\System\NOghLcj.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\hbTFaSF.exe
  C:\Windows\System\hbTFaSF.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\UbceRyP.exe
  C:\Windows\System\UbceRyP.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\hlBIazk.exe
  C:\Windows\System\hlBIazk.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\QklpVDo.exe
  C:\Windows\System\QklpVDo.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\qOUyvgP.exe
  C:\Windows\System\qOUyvgP.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\OkZivUM.exe
  C:\Windows\System\OkZivUM.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\Dcgxmfp.exe
  C:\Windows\System\Dcgxmfp.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\WKiIKaQ.exe
  C:\Windows\System\WKiIKaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\HRSXpHE.exe
  C:\Windows\System\HRSXpHE.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\McUjisg.exe
  C:\Windows\System\McUjisg.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\emERHId.exe
  C:\Windows\System\emERHId.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\loyaIvQ.exe
  C:\Windows\System\loyaIvQ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\IYOQdNn.exe
  C:\Windows\System\IYOQdNn.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\cdUsOot.exe
  C:\Windows\System\cdUsOot.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\uBkdkEt.exe
  C:\Windows\System\uBkdkEt.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\faAUMgw.exe
  C:\Windows\System\faAUMgw.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\zPCTwIv.exe
  C:\Windows\System\zPCTwIv.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\xqcfNZZ.exe
  C:\Windows\System\xqcfNZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\phQttkZ.exe
  C:\Windows\System\phQttkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\bOXAJqD.exe
  C:\Windows\System\bOXAJqD.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\PNxeWjW.exe
  C:\Windows\System\PNxeWjW.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\PURMXov.exe
  C:\Windows\System\PURMXov.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\asPaagR.exe
  C:\Windows\System\asPaagR.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\XwhOziA.exe
  C:\Windows\System\XwhOziA.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\oSChpEA.exe
  C:\Windows\System\oSChpEA.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\LSeoMSA.exe
  C:\Windows\System\LSeoMSA.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\iFBhOUQ.exe
  C:\Windows\System\iFBhOUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ZRqpZdz.exe
  C:\Windows\System\ZRqpZdz.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\UnMEkrQ.exe
  C:\Windows\System\UnMEkrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\HuEZmFD.exe
  C:\Windows\System\HuEZmFD.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\lQVEWXK.exe
  C:\Windows\System\lQVEWXK.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\idVnqxY.exe
  C:\Windows\System\idVnqxY.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\dMRvngo.exe
  C:\Windows\System\dMRvngo.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\tWpZoLR.exe
  C:\Windows\System\tWpZoLR.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\DUsbXPV.exe
  C:\Windows\System\DUsbXPV.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\fIsBBvg.exe
  C:\Windows\System\fIsBBvg.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\MxFClmU.exe
  C:\Windows\System\MxFClmU.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\pvVZmDj.exe
  C:\Windows\System\pvVZmDj.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\ZullCRj.exe
  C:\Windows\System\ZullCRj.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\txBRknm.exe
  C:\Windows\System\txBRknm.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\nAbOIqX.exe
  C:\Windows\System\nAbOIqX.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\YoWAJvG.exe
  C:\Windows\System\YoWAJvG.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\vHLNfga.exe
  C:\Windows\System\vHLNfga.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\MPYmPdW.exe
  C:\Windows\System\MPYmPdW.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\ZNUWieT.exe
  C:\Windows\System\ZNUWieT.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\XhxFbLW.exe
  C:\Windows\System\XhxFbLW.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\aCGKvFP.exe
  C:\Windows\System\aCGKvFP.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\PBkzJho.exe
  C:\Windows\System\PBkzJho.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\KcxJWEc.exe
  C:\Windows\System\KcxJWEc.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\CVVkvzk.exe
  C:\Windows\System\CVVkvzk.exe
  2⤵
  PID:2136
- C:\Windows\System\NdAKjeb.exe
  C:\Windows\System\NdAKjeb.exe
  2⤵
  PID:4640
- C:\Windows\System\LqKAokv.exe
  C:\Windows\System\LqKAokv.exe
  2⤵
  PID:1092
- C:\Windows\System\oHufZpP.exe
  C:\Windows\System\oHufZpP.exe
  2⤵
  PID:5148
- C:\Windows\System\VgrYctg.exe
  C:\Windows\System\VgrYctg.exe
  2⤵
  PID:5172
- C:\Windows\System\kveJRHI.exe
  C:\Windows\System\kveJRHI.exe
  2⤵
  PID:5204
- C:\Windows\System\TRVfgOw.exe
  C:\Windows\System\TRVfgOw.exe
  2⤵
  PID:5232
- C:\Windows\System\ogifLPu.exe
  C:\Windows\System\ogifLPu.exe
  2⤵
  PID:5260
- C:\Windows\System\EQFNxQD.exe
  C:\Windows\System\EQFNxQD.exe
  2⤵
  PID:5288
- C:\Windows\System\eVFhPsm.exe
  C:\Windows\System\eVFhPsm.exe
  2⤵
  PID:5316
- C:\Windows\System\RVIwIKd.exe
  C:\Windows\System\RVIwIKd.exe
  2⤵
  PID:5344
- C:\Windows\System\oFhBmqP.exe
  C:\Windows\System\oFhBmqP.exe
  2⤵
  PID:5372
- C:\Windows\System\rPqbQKV.exe
  C:\Windows\System\rPqbQKV.exe
  2⤵
  PID:5396
- C:\Windows\System\ntLcLyb.exe
  C:\Windows\System\ntLcLyb.exe
  2⤵
  PID:5428
- C:\Windows\System\dCvJglz.exe
  C:\Windows\System\dCvJglz.exe
  2⤵
  PID:5456
- C:\Windows\System\RERAxkh.exe
  C:\Windows\System\RERAxkh.exe
  2⤵
  PID:5484
- C:\Windows\System\TdLBYrt.exe
  C:\Windows\System\TdLBYrt.exe
  2⤵
  PID:5512
- C:\Windows\System\qWfNnFt.exe
  C:\Windows\System\qWfNnFt.exe
  2⤵
  PID:5540
- C:\Windows\System\bbTlDwG.exe
  C:\Windows\System\bbTlDwG.exe
  2⤵
  PID:5568
- C:\Windows\System\jZlibHk.exe
  C:\Windows\System\jZlibHk.exe
  2⤵
  PID:5596
- C:\Windows\System\vYyftLo.exe
  C:\Windows\System\vYyftLo.exe
  2⤵
  PID:5624
- C:\Windows\System\Qdhfgac.exe
  C:\Windows\System\Qdhfgac.exe
  2⤵
  PID:5652
- C:\Windows\System\svVKftN.exe
  C:\Windows\System\svVKftN.exe
  2⤵
  PID:5684
- C:\Windows\System\SIymUsz.exe
  C:\Windows\System\SIymUsz.exe
  2⤵
  PID:5708
- C:\Windows\System\JpLcmhH.exe
  C:\Windows\System\JpLcmhH.exe
  2⤵
  PID:5736
- C:\Windows\System\OnKVeaj.exe
  C:\Windows\System\OnKVeaj.exe
  2⤵
  PID:5764
- C:\Windows\System\UgMJMnu.exe
  C:\Windows\System\UgMJMnu.exe
  2⤵
  PID:5792
- C:\Windows\System\nWbkRRw.exe
  C:\Windows\System\nWbkRRw.exe
  2⤵
  PID:5820
- C:\Windows\System\egNBbbL.exe
  C:\Windows\System\egNBbbL.exe
  2⤵
  PID:5848
- C:\Windows\System\wglBhWA.exe
  C:\Windows\System\wglBhWA.exe
  2⤵
  PID:5876
- C:\Windows\System\PuJgGbV.exe
  C:\Windows\System\PuJgGbV.exe
  2⤵
  PID:5904
- C:\Windows\System\HFYEsKF.exe
  C:\Windows\System\HFYEsKF.exe
  2⤵
  PID:5932
- C:\Windows\System\HmzbwSU.exe
  C:\Windows\System\HmzbwSU.exe
  2⤵
  PID:5960
- C:\Windows\System\YmWLxYy.exe
  C:\Windows\System\YmWLxYy.exe
  2⤵
  PID:5988
- C:\Windows\System\jDnKUkM.exe
  C:\Windows\System\jDnKUkM.exe
  2⤵
  PID:6012
- C:\Windows\System\ErUDzUB.exe
  C:\Windows\System\ErUDzUB.exe
  2⤵
  PID:6044
- C:\Windows\System\RYggflD.exe
  C:\Windows\System\RYggflD.exe
  2⤵
  PID:6072
- C:\Windows\System\lbdKMcI.exe
  C:\Windows\System\lbdKMcI.exe
  2⤵
  PID:6100
- C:\Windows\System\lcdeAmP.exe
  C:\Windows\System\lcdeAmP.exe
  2⤵
  PID:6128
- C:\Windows\System\tRaZsTL.exe
  C:\Windows\System\tRaZsTL.exe
  2⤵
  PID:2308
- C:\Windows\System\EBOfTAE.exe
  C:\Windows\System\EBOfTAE.exe
  2⤵
  PID:2500
- C:\Windows\System\zLIuhCr.exe
  C:\Windows\System\zLIuhCr.exe
  2⤵
  PID:5020
- C:\Windows\System\HCtmRpj.exe
  C:\Windows\System\HCtmRpj.exe
  2⤵
  PID:4512
- C:\Windows\System\uZCDblS.exe
  C:\Windows\System\uZCDblS.exe
  2⤵
  PID:5140
- C:\Windows\System\nFlKRex.exe
  C:\Windows\System\nFlKRex.exe
  2⤵
  PID:5216
- C:\Windows\System\RNXvsLK.exe
  C:\Windows\System\RNXvsLK.exe
  2⤵
  PID:5276
- C:\Windows\System\FmwJHkC.exe
  C:\Windows\System\FmwJHkC.exe
  2⤵
  PID:5336
- C:\Windows\System\LKOjRHh.exe
  C:\Windows\System\LKOjRHh.exe
  2⤵
  PID:5412
- C:\Windows\System\vtNFPGp.exe
  C:\Windows\System\vtNFPGp.exe
  2⤵
  PID:5472
- C:\Windows\System\HHgnYQM.exe
  C:\Windows\System\HHgnYQM.exe
  2⤵
  PID:5532
- C:\Windows\System\NpwkMLI.exe
  C:\Windows\System\NpwkMLI.exe
  2⤵
  PID:5608
- C:\Windows\System\oBLAszn.exe
  C:\Windows\System\oBLAszn.exe
  2⤵
  PID:5668
- C:\Windows\System\fUgiqEE.exe
  C:\Windows\System\fUgiqEE.exe
  2⤵
  PID:5724
- C:\Windows\System\osIFQiU.exe
  C:\Windows\System\osIFQiU.exe
  2⤵
  PID:5784
- C:\Windows\System\ABrOLSH.exe
  C:\Windows\System\ABrOLSH.exe
  2⤵
  PID:5860
- C:\Windows\System\tNZEoqh.exe
  C:\Windows\System\tNZEoqh.exe
  2⤵
  PID:5920
- C:\Windows\System\NYVxCAR.exe
  C:\Windows\System\NYVxCAR.exe
  2⤵
  PID:5980
- C:\Windows\System\pkaFkvU.exe
  C:\Windows\System\pkaFkvU.exe
  2⤵
  PID:6036
- C:\Windows\System\sjVSGWZ.exe
  C:\Windows\System\sjVSGWZ.exe
  2⤵
  PID:6112
- C:\Windows\System\NfbaEHH.exe
  C:\Windows\System\NfbaEHH.exe
  2⤵
  PID:2648
- C:\Windows\System\QOUAQVf.exe
  C:\Windows\System\QOUAQVf.exe
  2⤵
  PID:4884
- C:\Windows\System\wTmtmzO.exe
  C:\Windows\System\wTmtmzO.exe
  2⤵
  PID:5188
- C:\Windows\System\KZpECGE.exe
  C:\Windows\System\KZpECGE.exe
  2⤵
  PID:5308
- C:\Windows\System\nnHbIOu.exe
  C:\Windows\System\nnHbIOu.exe
  2⤵
  PID:5448
- C:\Windows\System\yClyoTA.exe
  C:\Windows\System\yClyoTA.exe
  2⤵
  PID:5584
- C:\Windows\System\UhAeHZW.exe
  C:\Windows\System\UhAeHZW.exe
  2⤵
  PID:5752
- C:\Windows\System\rtwxYlC.exe
  C:\Windows\System\rtwxYlC.exe
  2⤵
  PID:5888
- C:\Windows\System\oieBtwj.exe
  C:\Windows\System\oieBtwj.exe
  2⤵
  PID:6008
- C:\Windows\System\xcWMeHh.exe
  C:\Windows\System\xcWMeHh.exe
  2⤵
  PID:6140
- C:\Windows\System\JOYruhp.exe
  C:\Windows\System\JOYruhp.exe
  2⤵
  PID:2444
- C:\Windows\System\hAQjnal.exe
  C:\Windows\System\hAQjnal.exe
  2⤵
  PID:3540
- C:\Windows\System\hJQhKZA.exe
  C:\Windows\System\hJQhKZA.exe
  2⤵
  PID:6152
- C:\Windows\System\wilJWOf.exe
  C:\Windows\System\wilJWOf.exe
  2⤵
  PID:6176
- C:\Windows\System\QDRWwIy.exe
  C:\Windows\System\QDRWwIy.exe
  2⤵
  PID:6208
- C:\Windows\System\MPORuGO.exe
  C:\Windows\System\MPORuGO.exe
  2⤵
  PID:6236
- C:\Windows\System\faawfjl.exe
  C:\Windows\System\faawfjl.exe
  2⤵
  PID:6264
- C:\Windows\System\LYVWwqO.exe
  C:\Windows\System\LYVWwqO.exe
  2⤵
  PID:6292
- C:\Windows\System\spkytdj.exe
  C:\Windows\System\spkytdj.exe
  2⤵
  PID:6320
- C:\Windows\System\CYblcWT.exe
  C:\Windows\System\CYblcWT.exe
  2⤵
  PID:6348
- C:\Windows\System\dtKcJED.exe
  C:\Windows\System\dtKcJED.exe
  2⤵
  PID:6376
- C:\Windows\System\vOluDsk.exe
  C:\Windows\System\vOluDsk.exe
  2⤵
  PID:6404
- C:\Windows\System\pXUwgBT.exe
  C:\Windows\System\pXUwgBT.exe
  2⤵
  PID:6432
- C:\Windows\System\ZjMmyci.exe
  C:\Windows\System\ZjMmyci.exe
  2⤵
  PID:6460
- C:\Windows\System\WicKuyI.exe
  C:\Windows\System\WicKuyI.exe
  2⤵
  PID:6488
- C:\Windows\System\rdJcshC.exe
  C:\Windows\System\rdJcshC.exe
  2⤵
  PID:6516
- C:\Windows\System\xwJsyiD.exe
  C:\Windows\System\xwJsyiD.exe
  2⤵
  PID:6544
- C:\Windows\System\zWuCoEm.exe
  C:\Windows\System\zWuCoEm.exe
  2⤵
  PID:6568
- C:\Windows\System\IPibgDI.exe
  C:\Windows\System\IPibgDI.exe
  2⤵
  PID:6600
- C:\Windows\System\XQlwNPa.exe
  C:\Windows\System\XQlwNPa.exe
  2⤵
  PID:6628
- C:\Windows\System\uodhZXS.exe
  C:\Windows\System\uodhZXS.exe
  2⤵
  PID:6652
- C:\Windows\System\dsNORZS.exe
  C:\Windows\System\dsNORZS.exe
  2⤵
  PID:6684
- C:\Windows\System\WHVgLGx.exe
  C:\Windows\System\WHVgLGx.exe
  2⤵
  PID:6712
- C:\Windows\System\LzKzwwe.exe
  C:\Windows\System\LzKzwwe.exe
  2⤵
  PID:6740
- C:\Windows\System\qtMgKcT.exe
  C:\Windows\System\qtMgKcT.exe
  2⤵
  PID:6768
- C:\Windows\System\UbWjmub.exe
  C:\Windows\System\UbWjmub.exe
  2⤵
  PID:6796
- C:\Windows\System\SImGYxw.exe
  C:\Windows\System\SImGYxw.exe
  2⤵
  PID:6824
- C:\Windows\System\JgbLZsa.exe
  C:\Windows\System\JgbLZsa.exe
  2⤵
  PID:6852
- C:\Windows\System\CAzqVSo.exe
  C:\Windows\System\CAzqVSo.exe
  2⤵
  PID:6880
- C:\Windows\System\aUSFQli.exe
  C:\Windows\System\aUSFQli.exe
  2⤵
  PID:6908
- C:\Windows\System\rgkOyZD.exe
  C:\Windows\System\rgkOyZD.exe
  2⤵
  PID:6936
- C:\Windows\System\rYThMEU.exe
  C:\Windows\System\rYThMEU.exe
  2⤵
  PID:6964
- C:\Windows\System\QYfxAzr.exe
  C:\Windows\System\QYfxAzr.exe
  2⤵
  PID:6992
- C:\Windows\System\DRaetWg.exe
  C:\Windows\System\DRaetWg.exe
  2⤵
  PID:7020
- C:\Windows\System\hkFBzdI.exe
  C:\Windows\System\hkFBzdI.exe
  2⤵
  PID:7048
- C:\Windows\System\NTAiJeQ.exe
  C:\Windows\System\NTAiJeQ.exe
  2⤵
  PID:7076
- C:\Windows\System\itfYxaz.exe
  C:\Windows\System\itfYxaz.exe
  2⤵
  PID:7104
- C:\Windows\System\QAfQyKh.exe
  C:\Windows\System\QAfQyKh.exe
  2⤵
  PID:7132
- C:\Windows\System\dUBGJSg.exe
  C:\Windows\System\dUBGJSg.exe
  2⤵
  PID:7160
- C:\Windows\System\vUqMWSR.exe
  C:\Windows\System\vUqMWSR.exe
  2⤵
  PID:2104
- C:\Windows\System\jVmVgSy.exe
  C:\Windows\System\jVmVgSy.exe
  2⤵
  PID:6084
- C:\Windows\System\EypyKnr.exe
  C:\Windows\System\EypyKnr.exe
  2⤵
  PID:4848
- C:\Windows\System\HHLYHcP.exe
  C:\Windows\System\HHLYHcP.exe
  2⤵
  PID:1904
- C:\Windows\System\FLPolKN.exe
  C:\Windows\System\FLPolKN.exe
  2⤵
  PID:6256
- C:\Windows\System\RvPdKnZ.exe
  C:\Windows\System\RvPdKnZ.exe
  2⤵
  PID:6424
- C:\Windows\System\KjrbDKL.exe
  C:\Windows\System\KjrbDKL.exe
  2⤵
  PID:6500
- C:\Windows\System\xDblKsR.exe
  C:\Windows\System\xDblKsR.exe
  2⤵
  PID:6528
- C:\Windows\System\wdAYiez.exe
  C:\Windows\System\wdAYiez.exe
  2⤵
  PID:6556
- C:\Windows\System\XFogNcZ.exe
  C:\Windows\System\XFogNcZ.exe
  2⤵
  PID:6588
- C:\Windows\System\jrniltv.exe
  C:\Windows\System\jrniltv.exe
  2⤵
  PID:6620
- C:\Windows\System\qaLLhAU.exe
  C:\Windows\System\qaLLhAU.exe
  2⤵
  PID:6668
- C:\Windows\System\HShwWtA.exe
  C:\Windows\System\HShwWtA.exe
  2⤵
  PID:392
- C:\Windows\System\GdYGSho.exe
  C:\Windows\System\GdYGSho.exe
  2⤵
  PID:4152
- C:\Windows\System\TMDDxtW.exe
  C:\Windows\System\TMDDxtW.exe
  2⤵
  PID:6812
- C:\Windows\System\gXZxzHk.exe
  C:\Windows\System\gXZxzHk.exe
  2⤵
  PID:6948
- C:\Windows\System\PzjQKlt.exe
  C:\Windows\System\PzjQKlt.exe
  2⤵
  PID:6976
- C:\Windows\System\uDMAQNw.exe
  C:\Windows\System\uDMAQNw.exe
  2⤵
  PID:1724
- C:\Windows\System\FEIFmfn.exe
  C:\Windows\System\FEIFmfn.exe
  2⤵
  PID:2628
- C:\Windows\System\sdRhWDm.exe
  C:\Windows\System\sdRhWDm.exe
  2⤵
  PID:4044
- C:\Windows\System\nReqFOk.exe
  C:\Windows\System\nReqFOk.exe
  2⤵
  PID:5100
- C:\Windows\System\ZIfsofs.exe
  C:\Windows\System\ZIfsofs.exe
  2⤵
  PID:3560
- C:\Windows\System\gVcPkQD.exe
  C:\Windows\System\gVcPkQD.exe
  2⤵
  PID:3228
- C:\Windows\System\hsaicXT.exe
  C:\Windows\System\hsaicXT.exe
  2⤵
  PID:5580
- C:\Windows\System\MEYtxjf.exe
  C:\Windows\System\MEYtxjf.exe
  2⤵
  PID:2860
- C:\Windows\System\nMPLleG.exe
  C:\Windows\System\nMPLleG.exe
  2⤵
  PID:6280
- C:\Windows\System\vQYypiD.exe
  C:\Windows\System\vQYypiD.exe
  2⤵
  PID:6840
- C:\Windows\System\EOBleCE.exe
  C:\Windows\System\EOBleCE.exe
  2⤵
  PID:6616
- C:\Windows\System\qbJvtor.exe
  C:\Windows\System\qbJvtor.exe
  2⤵
  PID:3304
- C:\Windows\System\kNwkOFP.exe
  C:\Windows\System\kNwkOFP.exe
  2⤵
  PID:4496
- C:\Windows\System\LokXmlk.exe
  C:\Windows\System\LokXmlk.exe
  2⤵
  PID:6760
- C:\Windows\System\qsPSide.exe
  C:\Windows\System\qsPSide.exe
  2⤵
  PID:6984
- C:\Windows\System\mucjUZl.exe
  C:\Windows\System\mucjUZl.exe
  2⤵
  PID:7068
- C:\Windows\System\SEeDrYu.exe
  C:\Windows\System\SEeDrYu.exe
  2⤵
  PID:5832
- C:\Windows\System\HgtMizC.exe
  C:\Windows\System\HgtMizC.exe
  2⤵
  PID:3188
- C:\Windows\System\rnuySaK.exe
  C:\Windows\System\rnuySaK.exe
  2⤵
  PID:3240
- C:\Windows\System\MEXOUOt.exe
  C:\Windows\System\MEXOUOt.exe
  2⤵
  PID:6732
- C:\Windows\System\DdBIinP.exe
  C:\Windows\System\DdBIinP.exe
  2⤵
  PID:6248
- C:\Windows\System\RiYgiqX.exe
  C:\Windows\System\RiYgiqX.exe
  2⤵
  PID:6696
- C:\Windows\System\IRkwINg.exe
  C:\Windows\System\IRkwINg.exe
  2⤵
  PID:1216
- C:\Windows\System\SutDeJm.exe
  C:\Windows\System\SutDeJm.exe
  2⤵
  PID:3384
- C:\Windows\System\beOJypi.exe
  C:\Windows\System\beOJypi.exe
  2⤵
  PID:4960
- C:\Windows\System\vTFKLAv.exe
  C:\Windows\System\vTFKLAv.exe
  2⤵
  PID:6900
- C:\Windows\System\IStkVYi.exe
  C:\Windows\System\IStkVYi.exe
  2⤵
  PID:7092
- C:\Windows\System\GtUTuwF.exe
  C:\Windows\System\GtUTuwF.exe
  2⤵
  PID:1412
- C:\Windows\System\YVnzNay.exe
  C:\Windows\System\YVnzNay.exe
  2⤵
  PID:7172
- C:\Windows\System\FxyHmNs.exe
  C:\Windows\System\FxyHmNs.exe
  2⤵
  PID:7204
- C:\Windows\System\vnyvQad.exe
  C:\Windows\System\vnyvQad.exe
  2⤵
  PID:7220
- C:\Windows\System\uSCiyXk.exe
  C:\Windows\System\uSCiyXk.exe
  2⤵
  PID:7240
- C:\Windows\System\FsYORmt.exe
  C:\Windows\System\FsYORmt.exe
  2⤵
  PID:7260
- C:\Windows\System\erOiWBo.exe
  C:\Windows\System\erOiWBo.exe
  2⤵
  PID:7296
- C:\Windows\System\gCzpgLs.exe
  C:\Windows\System\gCzpgLs.exe
  2⤵
  PID:7312
- C:\Windows\System\AIxpQxr.exe
  C:\Windows\System\AIxpQxr.exe
  2⤵
  PID:7344
- C:\Windows\System\HhgWqbE.exe
  C:\Windows\System\HhgWqbE.exe
  2⤵
  PID:7420
- C:\Windows\System\jmYaxLN.exe
  C:\Windows\System\jmYaxLN.exe
  2⤵
  PID:7440
- C:\Windows\System\OGpgsqx.exe
  C:\Windows\System\OGpgsqx.exe
  2⤵
  PID:7492
- C:\Windows\System\nQxGBxr.exe
  C:\Windows\System\nQxGBxr.exe
  2⤵
  PID:7508
- C:\Windows\System\QPkwWLB.exe
  C:\Windows\System\QPkwWLB.exe
  2⤵
  PID:7524
- C:\Windows\System\ipiATza.exe
  C:\Windows\System\ipiATza.exe
  2⤵
  PID:7564
- C:\Windows\System\gglfPMr.exe
  C:\Windows\System\gglfPMr.exe
  2⤵
  PID:7580
- C:\Windows\System\CmIQOcA.exe
  C:\Windows\System\CmIQOcA.exe
  2⤵
  PID:7600
- C:\Windows\System\bHGrBpR.exe
  C:\Windows\System\bHGrBpR.exe
  2⤵
  PID:7628
- C:\Windows\System\oNNPcys.exe
  C:\Windows\System\oNNPcys.exe
  2⤵
  PID:7656
- C:\Windows\System\cyBUSrd.exe
  C:\Windows\System\cyBUSrd.exe
  2⤵
  PID:7680
- C:\Windows\System\wsWTfTG.exe
  C:\Windows\System\wsWTfTG.exe
  2⤵
  PID:7700
- C:\Windows\System\JiryLdV.exe
  C:\Windows\System\JiryLdV.exe
  2⤵
  PID:7728
- C:\Windows\System\QbACYSw.exe
  C:\Windows\System\QbACYSw.exe
  2⤵
  PID:7748
- C:\Windows\System\edPOiHo.exe
  C:\Windows\System\edPOiHo.exe
  2⤵
  PID:7776
- C:\Windows\System\kmmqVNh.exe
  C:\Windows\System\kmmqVNh.exe
  2⤵
  PID:7804
- C:\Windows\System\LiGbwww.exe
  C:\Windows\System\LiGbwww.exe
  2⤵
  PID:7824
- C:\Windows\System\aMBEnvD.exe
  C:\Windows\System\aMBEnvD.exe
  2⤵
  PID:7848
- C:\Windows\System\arEZrpr.exe
  C:\Windows\System\arEZrpr.exe
  2⤵
  PID:7868
- C:\Windows\System\oyXDkrL.exe
  C:\Windows\System\oyXDkrL.exe
  2⤵
  PID:7916
- C:\Windows\System\YbuaEBN.exe
  C:\Windows\System\YbuaEBN.exe
  2⤵
  PID:7964
- C:\Windows\System\fDpyFlY.exe
  C:\Windows\System\fDpyFlY.exe
  2⤵
  PID:7984
- C:\Windows\System\ZcQfKsl.exe
  C:\Windows\System\ZcQfKsl.exe
  2⤵
  PID:8008
- C:\Windows\System\OSPvgvS.exe
  C:\Windows\System\OSPvgvS.exe
  2⤵
  PID:8024
- C:\Windows\System\pahwAdp.exe
  C:\Windows\System\pahwAdp.exe
  2⤵
  PID:8076
- C:\Windows\System\oMrylyA.exe
  C:\Windows\System\oMrylyA.exe
  2⤵
  PID:8096
- C:\Windows\System\NdIYivo.exe
  C:\Windows\System\NdIYivo.exe
  2⤵
  PID:8152
- C:\Windows\System\SYpqArJ.exe
  C:\Windows\System\SYpqArJ.exe
  2⤵
  PID:8172
- C:\Windows\System\eyrZAwm.exe
  C:\Windows\System\eyrZAwm.exe
  2⤵
  PID:6340
- C:\Windows\System\FdkhJAC.exe
  C:\Windows\System\FdkhJAC.exe
  2⤵
  PID:6864
- C:\Windows\System\GsmJdtL.exe
  C:\Windows\System\GsmJdtL.exe
  2⤵
  PID:7236
- C:\Windows\System\ISRSICk.exe
  C:\Windows\System\ISRSICk.exe
  2⤵
  PID:7248
- C:\Windows\System\hgmaxCf.exe
  C:\Windows\System\hgmaxCf.exe
  2⤵
  PID:7308
- C:\Windows\System\xoRWqRl.exe
  C:\Windows\System\xoRWqRl.exe
  2⤵
  PID:7392
- C:\Windows\System\OgZqtur.exe
  C:\Windows\System\OgZqtur.exe
  2⤵
  PID:7520
- C:\Windows\System\FEWUwdL.exe
  C:\Windows\System\FEWUwdL.exe
  2⤵
  PID:7560
- C:\Windows\System\pxdLLAy.exe
  C:\Windows\System\pxdLLAy.exe
  2⤵
  PID:7592
- C:\Windows\System\qjCMhjY.exe
  C:\Windows\System\qjCMhjY.exe
  2⤵
  PID:7652
- C:\Windows\System\WoyRqpJ.exe
  C:\Windows\System\WoyRqpJ.exe
  2⤵
  PID:7820
- C:\Windows\System\LdARvbu.exe
  C:\Windows\System\LdARvbu.exe
  2⤵
  PID:7876
- C:\Windows\System\fLmgZJe.exe
  C:\Windows\System\fLmgZJe.exe
  2⤵
  PID:7860
- C:\Windows\System\cGKflCI.exe
  C:\Windows\System\cGKflCI.exe
  2⤵
  PID:7928
- C:\Windows\System\FxjfouM.exe
  C:\Windows\System\FxjfouM.exe
  2⤵
  PID:8052
- C:\Windows\System\vXWFByl.exe
  C:\Windows\System\vXWFByl.exe
  2⤵
  PID:8060
- C:\Windows\System\AcOcfwJ.exe
  C:\Windows\System\AcOcfwJ.exe
  2⤵
  PID:8160
- C:\Windows\System\FitJvwF.exe
  C:\Windows\System\FitJvwF.exe
  2⤵
  PID:7288
- C:\Windows\System\nFrVjqD.exe
  C:\Windows\System\nFrVjqD.exe
  2⤵
  PID:7212
- C:\Windows\System\llrOLMj.exe
  C:\Windows\System\llrOLMj.exe
  2⤵
  PID:7540
- C:\Windows\System\geCZATg.exe
  C:\Windows\System\geCZATg.exe
  2⤵
  PID:7676
- C:\Windows\System\UtZUqOS.exe
  C:\Windows\System\UtZUqOS.exe
  2⤵
  PID:7756
- C:\Windows\System\UyyyoQE.exe
  C:\Windows\System\UyyyoQE.exe
  2⤵
  PID:7912
- C:\Windows\System\PMbmOKr.exe
  C:\Windows\System\PMbmOKr.exe
  2⤵
  PID:7976
- C:\Windows\System\qxQtgZY.exe
  C:\Windows\System\qxQtgZY.exe
  2⤵
  PID:7200
- C:\Windows\System\fnmFxjT.exe
  C:\Windows\System\fnmFxjT.exe
  2⤵
  PID:7500
- C:\Windows\System\CiEHvne.exe
  C:\Windows\System\CiEHvne.exe
  2⤵
  PID:8092
- C:\Windows\System\lRRxxpL.exe
  C:\Windows\System\lRRxxpL.exe
  2⤵
  PID:8148
- C:\Windows\System\FXkWWbt.exe
  C:\Windows\System\FXkWWbt.exe
  2⤵
  PID:8204
- C:\Windows\System\AavWIwf.exe
  C:\Windows\System\AavWIwf.exe
  2⤵
  PID:8244
- C:\Windows\System\jskhsjN.exe
  C:\Windows\System\jskhsjN.exe
  2⤵
  PID:8272
- C:\Windows\System\HyiSQti.exe
  C:\Windows\System\HyiSQti.exe
  2⤵
  PID:8296
- C:\Windows\System\clCnrlX.exe
  C:\Windows\System\clCnrlX.exe
  2⤵
  PID:8336
- C:\Windows\System\YVjErQV.exe
  C:\Windows\System\YVjErQV.exe
  2⤵
  PID:8356
- C:\Windows\System\sNNtWGb.exe
  C:\Windows\System\sNNtWGb.exe
  2⤵
  PID:8408
- C:\Windows\System\jPNWzfp.exe
  C:\Windows\System\jPNWzfp.exe
  2⤵
  PID:8428
- C:\Windows\System\eLVMMxy.exe
  C:\Windows\System\eLVMMxy.exe
  2⤵
  PID:8444
- C:\Windows\System\ybyEGLb.exe
  C:\Windows\System\ybyEGLb.exe
  2⤵
  PID:8472
- C:\Windows\System\hHBCxbf.exe
  C:\Windows\System\hHBCxbf.exe
  2⤵
  PID:8508
- C:\Windows\System\ugTFKoM.exe
  C:\Windows\System\ugTFKoM.exe
  2⤵
  PID:8528
- C:\Windows\System\ZUuBkyo.exe
  C:\Windows\System\ZUuBkyo.exe
  2⤵
  PID:8560
- C:\Windows\System\NvfOBHb.exe
  C:\Windows\System\NvfOBHb.exe
  2⤵
  PID:8608
- C:\Windows\System\NDnWTKb.exe
  C:\Windows\System\NDnWTKb.exe
  2⤵
  PID:8632
- C:\Windows\System\pwhdVXr.exe
  C:\Windows\System\pwhdVXr.exe
  2⤵
  PID:8652
- C:\Windows\System\AVxTyVd.exe
  C:\Windows\System\AVxTyVd.exe
  2⤵
  PID:8672
- C:\Windows\System\inrjuUE.exe
  C:\Windows\System\inrjuUE.exe
  2⤵
  PID:8704
- C:\Windows\System\oBgsBRm.exe
  C:\Windows\System\oBgsBRm.exe
  2⤵
  PID:8728
- C:\Windows\System\BTXbALF.exe
  C:\Windows\System\BTXbALF.exe
  2⤵
  PID:8752
- C:\Windows\System\LKxGUxg.exe
  C:\Windows\System\LKxGUxg.exe
  2⤵
  PID:8772
- C:\Windows\System\cOANAhV.exe
  C:\Windows\System\cOANAhV.exe
  2⤵
  PID:8800
- C:\Windows\System\IDzeJZB.exe
  C:\Windows\System\IDzeJZB.exe
  2⤵
  PID:8820
- C:\Windows\System\TEzTMpw.exe
  C:\Windows\System\TEzTMpw.exe
  2⤵
  PID:8872
- C:\Windows\System\rapjDvg.exe
  C:\Windows\System\rapjDvg.exe
  2⤵
  PID:8912
- C:\Windows\System\MVjGHCE.exe
  C:\Windows\System\MVjGHCE.exe
  2⤵
  PID:8932
- C:\Windows\System\vKTQOes.exe
  C:\Windows\System\vKTQOes.exe
  2⤵
  PID:8972
- C:\Windows\System\qXmcqCx.exe
  C:\Windows\System\qXmcqCx.exe
  2⤵
  PID:8996
- C:\Windows\System\xAZgefB.exe
  C:\Windows\System\xAZgefB.exe
  2⤵
  PID:9016
- C:\Windows\System\wSgwMoA.exe
  C:\Windows\System\wSgwMoA.exe
  2⤵
  PID:9052
- C:\Windows\System\jhVQIGw.exe
  C:\Windows\System\jhVQIGw.exe
  2⤵
  PID:9080
- C:\Windows\System\OxCFxsM.exe
  C:\Windows\System\OxCFxsM.exe
  2⤵
  PID:9100
- C:\Windows\System\LPHMjvM.exe
  C:\Windows\System\LPHMjvM.exe
  2⤵
  PID:9124
- C:\Windows\System\gpsZJWp.exe
  C:\Windows\System\gpsZJWp.exe
  2⤵
  PID:9152
- C:\Windows\System\CulVnkU.exe
  C:\Windows\System\CulVnkU.exe
  2⤵
  PID:9192
- C:\Windows\System\fqfkfYX.exe
  C:\Windows\System\fqfkfYX.exe
  2⤵
  PID:9208
- C:\Windows\System\tGgeriM.exe
  C:\Windows\System\tGgeriM.exe
  2⤵
  PID:8200
- C:\Windows\System\uMiISJh.exe
  C:\Windows\System\uMiISJh.exe
  2⤵
  PID:8284
- C:\Windows\System\MrvZdSX.exe
  C:\Windows\System\MrvZdSX.exe
  2⤵
  PID:8324
- C:\Windows\System\dOhhlKr.exe
  C:\Windows\System\dOhhlKr.exe
  2⤵
  PID:8388
- C:\Windows\System\DnxanIz.exe
  C:\Windows\System\DnxanIz.exe
  2⤵
  PID:8420
- C:\Windows\System\ozBrfFd.exe
  C:\Windows\System\ozBrfFd.exe
  2⤵
  PID:8484
- C:\Windows\System\wNZRlRn.exe
  C:\Windows\System\wNZRlRn.exe
  2⤵
  PID:8536
- C:\Windows\System\BMcTEOB.exe
  C:\Windows\System\BMcTEOB.exe
  2⤵
  PID:8680
- C:\Windows\System\YfLaUWK.exe
  C:\Windows\System\YfLaUWK.exe
  2⤵
  PID:8716
- C:\Windows\System\GkaBXjJ.exe
  C:\Windows\System\GkaBXjJ.exe
  2⤵
  PID:8844
- C:\Windows\System\niXfTNk.exe
  C:\Windows\System\niXfTNk.exe
  2⤵
  PID:8892
- C:\Windows\System\umUFgVh.exe
  C:\Windows\System\umUFgVh.exe
  2⤵
  PID:8904
- C:\Windows\System\ViBNImW.exe
  C:\Windows\System\ViBNImW.exe
  2⤵
  PID:9028
- C:\Windows\System\DsHPaht.exe
  C:\Windows\System\DsHPaht.exe
  2⤵
  PID:9064
- C:\Windows\System\ZEwbxck.exe
  C:\Windows\System\ZEwbxck.exe
  2⤵
  PID:9112
- C:\Windows\System\yoEPrAP.exe
  C:\Windows\System\yoEPrAP.exe
  2⤵
  PID:9204
- C:\Windows\System\brXDasM.exe
  C:\Windows\System\brXDasM.exe
  2⤵
  PID:8396
- C:\Windows\System\wXuSzSQ.exe
  C:\Windows\System\wXuSzSQ.exe
  2⤵
  PID:8452
- C:\Windows\System\yXaFpAG.exe
  C:\Windows\System\yXaFpAG.exe
  2⤵
  PID:8504
- C:\Windows\System\TIxxSxQ.exe
  C:\Windows\System\TIxxSxQ.exe
  2⤵
  PID:8924
- C:\Windows\System\fEvjEhz.exe
  C:\Windows\System\fEvjEhz.exe
  2⤵
  PID:8952
- C:\Windows\System\qRdcbYW.exe
  C:\Windows\System\qRdcbYW.exe
  2⤵
  PID:9060
- C:\Windows\System\AaqTTjv.exe
  C:\Windows\System\AaqTTjv.exe
  2⤵
  PID:9200
- C:\Windows\System\ftSzmqi.exe
  C:\Windows\System\ftSzmqi.exe
  2⤵
  PID:8500
- C:\Windows\System\BfxPtNy.exe
  C:\Windows\System\BfxPtNy.exe
  2⤵
  PID:9092
- C:\Windows\System\kMYrJvP.exe
  C:\Windows\System\kMYrJvP.exe
  2⤵
  PID:8568
- C:\Windows\System\LiavRRg.exe
  C:\Windows\System\LiavRRg.exe
  2⤵
  PID:8968
- C:\Windows\System\oGbuMvB.exe
  C:\Windows\System\oGbuMvB.exe
  2⤵
  PID:9252
- C:\Windows\System\cMliMiV.exe
  C:\Windows\System\cMliMiV.exe
  2⤵
  PID:9272
- C:\Windows\System\ZmrWfco.exe
  C:\Windows\System\ZmrWfco.exe
  2⤵
  PID:9292
- C:\Windows\System\xHTiiDt.exe
  C:\Windows\System\xHTiiDt.exe
  2⤵
  PID:9328
- C:\Windows\System\oBSzTob.exe
  C:\Windows\System\oBSzTob.exe
  2⤵
  PID:9436
- C:\Windows\System\dQKfDTB.exe
  C:\Windows\System\dQKfDTB.exe
  2⤵
  PID:9452
- C:\Windows\System\HFpgYjy.exe
  C:\Windows\System\HFpgYjy.exe
  2⤵
  PID:9468
- C:\Windows\System\jMdCfQz.exe
  C:\Windows\System\jMdCfQz.exe
  2⤵
  PID:9484
- C:\Windows\System\fbizoZq.exe
  C:\Windows\System\fbizoZq.exe
  2⤵
  PID:9500
- C:\Windows\System\ctZmuee.exe
  C:\Windows\System\ctZmuee.exe
  2⤵
  PID:9520
- C:\Windows\System\htobIuR.exe
  C:\Windows\System\htobIuR.exe
  2⤵
  PID:9536
- C:\Windows\System\RuuvRsY.exe
  C:\Windows\System\RuuvRsY.exe
  2⤵
  PID:9564
- C:\Windows\System\rAxpFSO.exe
  C:\Windows\System\rAxpFSO.exe
  2⤵
  PID:9624
- C:\Windows\System\jAFaEWd.exe
  C:\Windows\System\jAFaEWd.exe
  2⤵
  PID:9656
- C:\Windows\System\FDJntgb.exe
  C:\Windows\System\FDJntgb.exe
  2⤵
  PID:9676
- C:\Windows\System\tfmaxet.exe
  C:\Windows\System\tfmaxet.exe
  2⤵
  PID:9700
- C:\Windows\System\UsQxrWR.exe
  C:\Windows\System\UsQxrWR.exe
  2⤵
  PID:9724
- C:\Windows\System\fsbBIAu.exe
  C:\Windows\System\fsbBIAu.exe
  2⤵
  PID:9740
- C:\Windows\System\rhwslUL.exe
  C:\Windows\System\rhwslUL.exe
  2⤵
  PID:9784
- C:\Windows\System\hnTUjnS.exe
  C:\Windows\System\hnTUjnS.exe
  2⤵
  PID:9816
- C:\Windows\System\sXaBKdq.exe
  C:\Windows\System\sXaBKdq.exe
  2⤵
  PID:9848
- C:\Windows\System\rUitIgK.exe
  C:\Windows\System\rUitIgK.exe
  2⤵
  PID:9876
- C:\Windows\System\ZwaYzZl.exe
  C:\Windows\System\ZwaYzZl.exe
  2⤵
  PID:9896
- C:\Windows\System\VxLupkt.exe
  C:\Windows\System\VxLupkt.exe
  2⤵
  PID:9928
- C:\Windows\System\QUqHRRz.exe
  C:\Windows\System\QUqHRRz.exe
  2⤵
  PID:9964
- C:\Windows\System\xBTbGou.exe
  C:\Windows\System\xBTbGou.exe
  2⤵
  PID:10012
- C:\Windows\System\RzxFhfo.exe
  C:\Windows\System\RzxFhfo.exe
  2⤵
  PID:10032
- C:\Windows\System\WmrTscd.exe
  C:\Windows\System\WmrTscd.exe
  2⤵
  PID:10072
- C:\Windows\System\cVMdQfp.exe
  C:\Windows\System\cVMdQfp.exe
  2⤵
  PID:10096
- C:\Windows\System\qvmMrVF.exe
  C:\Windows\System\qvmMrVF.exe
  2⤵
  PID:10128
- C:\Windows\System\JqxqWUv.exe
  C:\Windows\System\JqxqWUv.exe
  2⤵
  PID:10156
- C:\Windows\System\MrtjmHw.exe
  C:\Windows\System\MrtjmHw.exe
  2⤵
  PID:10176
- C:\Windows\System\KBzmZGR.exe
  C:\Windows\System\KBzmZGR.exe
  2⤵
  PID:10200
- C:\Windows\System\spQdzwh.exe
  C:\Windows\System\spQdzwh.exe
  2⤵
  PID:10228
- C:\Windows\System\fOURynS.exe
  C:\Windows\System\fOURynS.exe
  2⤵
  PID:9300
- C:\Windows\System\MkjCypv.exe
  C:\Windows\System\MkjCypv.exe
  2⤵
  PID:9336
- C:\Windows\System\uMAgWGS.exe
  C:\Windows\System\uMAgWGS.exe
  2⤵
  PID:9408
- C:\Windows\System\qkDyBpN.exe
  C:\Windows\System\qkDyBpN.exe
  2⤵
  PID:9404
- C:\Windows\System\TxNnJzf.exe
  C:\Windows\System\TxNnJzf.exe
  2⤵
  PID:9480
- C:\Windows\System\YKknZhf.exe
  C:\Windows\System\YKknZhf.exe
  2⤵
  PID:9644
- C:\Windows\System\kzffRta.exe
  C:\Windows\System\kzffRta.exe
  2⤵
  PID:9668
- C:\Windows\System\ljrPOsd.exe
  C:\Windows\System\ljrPOsd.exe
  2⤵
  PID:9708
- C:\Windows\System\FDtgymD.exe
  C:\Windows\System\FDtgymD.exe
  2⤵
  PID:9780
- C:\Windows\System\OdnLERu.exe
  C:\Windows\System\OdnLERu.exe
  2⤵
  PID:9864
- C:\Windows\System\QwRcpkQ.exe
  C:\Windows\System\QwRcpkQ.exe
  2⤵
  PID:9960
- C:\Windows\System\srAcfYS.exe
  C:\Windows\System\srAcfYS.exe
  2⤵
  PID:9988
- C:\Windows\System\zDkutMO.exe
  C:\Windows\System\zDkutMO.exe
  2⤵
  PID:10060
- C:\Windows\System\Ofbdgcp.exe
  C:\Windows\System\Ofbdgcp.exe
  2⤵
  PID:10112
- C:\Windows\System\hlFhbAk.exe
  C:\Windows\System\hlFhbAk.exe
  2⤵
  PID:10172
- C:\Windows\System\JkHTQSw.exe
  C:\Windows\System\JkHTQSw.exe
  2⤵
  PID:9352
- C:\Windows\System\OhsxzSR.exe
  C:\Windows\System\OhsxzSR.exe
  2⤵
  PID:9240
- C:\Windows\System\OBzrwho.exe
  C:\Windows\System\OBzrwho.exe
  2⤵
  PID:9560
- C:\Windows\System\VaRHupS.exe
  C:\Windows\System\VaRHupS.exe
  2⤵
  PID:9692
- C:\Windows\System\iMCGvDm.exe
  C:\Windows\System\iMCGvDm.exe
  2⤵
  PID:9996
- C:\Windows\System\jtlqZjO.exe
  C:\Windows\System\jtlqZjO.exe
  2⤵
  PID:10088
- C:\Windows\System\cRqCrpG.exe
  C:\Windows\System\cRqCrpG.exe
  2⤵
  PID:10152
- C:\Windows\System\axFLPHh.exe
  C:\Windows\System\axFLPHh.exe
  2⤵
  PID:8696
- C:\Windows\System\tSzvbNE.exe
  C:\Windows\System\tSzvbNE.exe
  2⤵
  PID:9376
- C:\Windows\System\GQYKYcE.exe
  C:\Windows\System\GQYKYcE.exe
  2⤵
  PID:10024
- C:\Windows\System\VTnLYrC.exe
  C:\Windows\System\VTnLYrC.exe
  2⤵
  PID:9652
- C:\Windows\System\BeMVfEG.exe
  C:\Windows\System\BeMVfEG.exe
  2⤵
  PID:9448
- C:\Windows\System\hnLddlP.exe
  C:\Windows\System\hnLddlP.exe
  2⤵
  PID:10268
- C:\Windows\System\KQsYwba.exe
  C:\Windows\System\KQsYwba.exe
  2⤵
  PID:10300
- C:\Windows\System\HZdcvkf.exe
  C:\Windows\System\HZdcvkf.exe
  2⤵
  PID:10324
- C:\Windows\System\hhrHZJe.exe
  C:\Windows\System\hhrHZJe.exe
  2⤵
  PID:10348
- C:\Windows\System\mauneke.exe
  C:\Windows\System\mauneke.exe
  2⤵
  PID:10364
- C:\Windows\System\VvPLWvH.exe
  C:\Windows\System\VvPLWvH.exe
  2⤵
  PID:10384
- C:\Windows\System\HdIKnUY.exe
  C:\Windows\System\HdIKnUY.exe
  2⤵
  PID:10436
- C:\Windows\System\LpuVXiA.exe
  C:\Windows\System\LpuVXiA.exe
  2⤵
  PID:10456
- C:\Windows\System\NmTrqSK.exe
  C:\Windows\System\NmTrqSK.exe
  2⤵
  PID:10508
- C:\Windows\System\CPZwLXS.exe
  C:\Windows\System\CPZwLXS.exe
  2⤵
  PID:10536
- C:\Windows\System\wXmUuwQ.exe
  C:\Windows\System\wXmUuwQ.exe
  2⤵
  PID:10556
- C:\Windows\System\gCxOrTC.exe
  C:\Windows\System\gCxOrTC.exe
  2⤵
  PID:10592
- C:\Windows\System\lmpSlRb.exe
  C:\Windows\System\lmpSlRb.exe
  2⤵
  PID:10608
- C:\Windows\System\OOmPXHe.exe
  C:\Windows\System\OOmPXHe.exe
  2⤵
  PID:10632
- C:\Windows\System\KjYiLyN.exe
  C:\Windows\System\KjYiLyN.exe
  2⤵
  PID:10656
- C:\Windows\System\fFGTUVe.exe
  C:\Windows\System\fFGTUVe.exe
  2⤵
  PID:10680
- C:\Windows\System\BVHdGyH.exe
  C:\Windows\System\BVHdGyH.exe
  2⤵
  PID:10728
- C:\Windows\System\qdlPbpk.exe
  C:\Windows\System\qdlPbpk.exe
  2⤵
  PID:10748
- C:\Windows\System\sDsoKAx.exe
  C:\Windows\System\sDsoKAx.exe
  2⤵
  PID:10776
- C:\Windows\System\TqsAEks.exe
  C:\Windows\System\TqsAEks.exe
  2⤵
  PID:10800
- C:\Windows\System\UWMDaJB.exe
  C:\Windows\System\UWMDaJB.exe
  2⤵
  PID:10844
- C:\Windows\System\Xmkncmr.exe
  C:\Windows\System\Xmkncmr.exe
  2⤵
  PID:10872
- C:\Windows\System\abZrwEu.exe
  C:\Windows\System\abZrwEu.exe
  2⤵
  PID:10920
- C:\Windows\System\pjyDFpw.exe
  C:\Windows\System\pjyDFpw.exe
  2⤵
  PID:10944
- C:\Windows\System\CgrrOgo.exe
  C:\Windows\System\CgrrOgo.exe
  2⤵
  PID:10968
- C:\Windows\System\PvaxRwp.exe
  C:\Windows\System\PvaxRwp.exe
  2⤵
  PID:11016
- C:\Windows\System\sjKsWKC.exe
  C:\Windows\System\sjKsWKC.exe
  2⤵
  PID:11036
- C:\Windows\System\xyCPRJV.exe
  C:\Windows\System\xyCPRJV.exe
  2⤵
  PID:11060
- C:\Windows\System\bFdByMh.exe
  C:\Windows\System\bFdByMh.exe
  2⤵
  PID:11080
- C:\Windows\System\lpjWGmB.exe
  C:\Windows\System\lpjWGmB.exe
  2⤵
  PID:11108
- C:\Windows\System\VRVYdFa.exe
  C:\Windows\System\VRVYdFa.exe
  2⤵
  PID:11136
- C:\Windows\System\TKqLvOq.exe
  C:\Windows\System\TKqLvOq.exe
  2⤵
  PID:11156
- C:\Windows\System\oABzOjQ.exe
  C:\Windows\System\oABzOjQ.exe
  2⤵
  PID:11180
- C:\Windows\System\TtIyKLy.exe
  C:\Windows\System\TtIyKLy.exe
  2⤵
  PID:11196
- C:\Windows\System\bVNCdJi.exe
  C:\Windows\System\bVNCdJi.exe
  2⤵
  PID:11236
- C:\Windows\System\WQOmHHf.exe
  C:\Windows\System\WQOmHHf.exe
  2⤵
  PID:9776
- C:\Windows\System\fjgSgeg.exe
  C:\Windows\System\fjgSgeg.exe
  2⤵
  PID:10308
- C:\Windows\System\EDDnzPy.exe
  C:\Windows\System\EDDnzPy.exe
  2⤵
  PID:10356
- C:\Windows\System\SNHmoOO.exe
  C:\Windows\System\SNHmoOO.exe
  2⤵
  PID:10420
- C:\Windows\System\BpqpyDf.exe
  C:\Windows\System\BpqpyDf.exe
  2⤵
  PID:10528
- C:\Windows\System\zlvhVga.exe
  C:\Windows\System\zlvhVga.exe
  2⤵
  PID:10600
- C:\Windows\System\FgywUQJ.exe
  C:\Windows\System\FgywUQJ.exe
  2⤵
  PID:10624
- C:\Windows\System\TBcKGmG.exe
  C:\Windows\System\TBcKGmG.exe
  2⤵
  PID:10712
- C:\Windows\System\bbTAcJY.exe
  C:\Windows\System\bbTAcJY.exe
  2⤵
  PID:10772
- C:\Windows\System\RnpVVSh.exe
  C:\Windows\System\RnpVVSh.exe
  2⤵
  PID:10796
- C:\Windows\System\ivALUae.exe
  C:\Windows\System\ivALUae.exe
  2⤵
  PID:4368
- C:\Windows\System\ZDKZdYl.exe
  C:\Windows\System\ZDKZdYl.exe
  2⤵
  PID:10980
- C:\Windows\System\RdaaSJc.exe
  C:\Windows\System\RdaaSJc.exe
  2⤵
  PID:11032
- C:\Windows\System\wymxVWx.exe
  C:\Windows\System\wymxVWx.exe
  2⤵
  PID:11072
- C:\Windows\System\IYfFcVq.exe
  C:\Windows\System\IYfFcVq.exe
  2⤵
  PID:11124
- C:\Windows\System\kJHlTRY.exe
  C:\Windows\System\kJHlTRY.exe
  2⤵
  PID:11172
- C:\Windows\System\NGYgJDa.exe
  C:\Windows\System\NGYgJDa.exe
  2⤵
  PID:11220
- C:\Windows\System\YrAiFkc.exe
  C:\Windows\System\YrAiFkc.exe
  2⤵
  PID:10340
- C:\Windows\System\irVsZpV.exe
  C:\Windows\System\irVsZpV.exe
  2⤵
  PID:10464
- C:\Windows\System\UgvZSXE.exe
  C:\Windows\System\UgvZSXE.exe
  2⤵
  PID:1508
- C:\Windows\System\tMzxppc.exe
  C:\Windows\System\tMzxppc.exe
  2⤵
  PID:10720
- C:\Windows\System\rPWAHPU.exe
  C:\Windows\System\rPWAHPU.exe
  2⤵
  PID:10852
- C:\Windows\System\LGFNapo.exe
  C:\Windows\System\LGFNapo.exe
  2⤵
  PID:11068
- C:\Windows\System\ljRASrQ.exe
  C:\Windows\System\ljRASrQ.exe
  2⤵
  PID:11104
- C:\Windows\System\lwGsmlZ.exe
  C:\Windows\System\lwGsmlZ.exe
  2⤵
  PID:2228
- C:\Windows\System\OIGbgva.exe
  C:\Windows\System\OIGbgva.exe
  2⤵
  PID:11252
- C:\Windows\System\RgMhnGM.exe
  C:\Windows\System\RgMhnGM.exe
  2⤵
  PID:10648
- C:\Windows\System\OLtOYHp.exe
  C:\Windows\System\OLtOYHp.exe
  2⤵
  PID:10868
- C:\Windows\System\WkqoZEJ.exe
  C:\Windows\System\WkqoZEJ.exe
  2⤵
  PID:11164
- C:\Windows\System\tduqQlI.exe
  C:\Windows\System\tduqQlI.exe
  2⤵
  PID:10676
- C:\Windows\System\kVVtFCR.exe
  C:\Windows\System\kVVtFCR.exe
  2⤵
  PID:11272
- C:\Windows\System\yJCqjqr.exe
  C:\Windows\System\yJCqjqr.exe
  2⤵
  PID:11316
- C:\Windows\System\uLRnMWb.exe
  C:\Windows\System\uLRnMWb.exe
  2⤵
  PID:11336
- C:\Windows\System\PLuCkjR.exe
  C:\Windows\System\PLuCkjR.exe
  2⤵
  PID:11364
- C:\Windows\System\IIeBacj.exe
  C:\Windows\System\IIeBacj.exe
  2⤵
  PID:11392
- C:\Windows\System\BQvJnNb.exe
  C:\Windows\System\BQvJnNb.exe
  2⤵
  PID:11420
- C:\Windows\System\ABREbhU.exe
  C:\Windows\System\ABREbhU.exe
  2⤵
  PID:11456
- C:\Windows\System\DNKWXRn.exe
  C:\Windows\System\DNKWXRn.exe
  2⤵
  PID:11488
- C:\Windows\System\GnfHcHx.exe
  C:\Windows\System\GnfHcHx.exe
  2⤵
  PID:11516
- C:\Windows\System\AueIhyk.exe
  C:\Windows\System\AueIhyk.exe
  2⤵
  PID:11544
- C:\Windows\System\BaGJNpv.exe
  C:\Windows\System\BaGJNpv.exe
  2⤵
  PID:11580
- C:\Windows\System\EYRChmh.exe
  C:\Windows\System\EYRChmh.exe
  2⤵
  PID:11600
- C:\Windows\System\pQXkqBI.exe
  C:\Windows\System\pQXkqBI.exe
  2⤵
  PID:11616
- C:\Windows\System\kCMdHoB.exe
  C:\Windows\System\kCMdHoB.exe
  2⤵
  PID:11632
- C:\Windows\System\GtHlXHv.exe
  C:\Windows\System\GtHlXHv.exe
  2⤵
  PID:11652
- C:\Windows\System\TJuMPbs.exe
  C:\Windows\System\TJuMPbs.exe
  2⤵
  PID:11684
- C:\Windows\System\wlvaoVA.exe
  C:\Windows\System\wlvaoVA.exe
  2⤵
  PID:11720
- C:\Windows\System\xrSCxgG.exe
  C:\Windows\System\xrSCxgG.exe
  2⤵
  PID:11744
- C:\Windows\System\HuKrXHa.exe
  C:\Windows\System\HuKrXHa.exe
  2⤵
  PID:11784
- C:\Windows\System\ZFGTFIe.exe
  C:\Windows\System\ZFGTFIe.exe
  2⤵
  PID:11804
- C:\Windows\System\ZlRSEPY.exe
  C:\Windows\System\ZlRSEPY.exe
  2⤵
  PID:11832
- C:\Windows\System\MhIljqS.exe
  C:\Windows\System\MhIljqS.exe
  2⤵
  PID:11888
- C:\Windows\System\RicLlzw.exe
  C:\Windows\System\RicLlzw.exe
  2⤵
  PID:11908
- C:\Windows\System\vmvpIsO.exe
  C:\Windows\System\vmvpIsO.exe
  2⤵
  PID:11928
- C:\Windows\System\ZVratgx.exe
  C:\Windows\System\ZVratgx.exe
  2⤵
  PID:11956
- C:\Windows\System\GFRbLpM.exe
  C:\Windows\System\GFRbLpM.exe
  2⤵
  PID:11980
- C:\Windows\System\KSUJAlb.exe
  C:\Windows\System\KSUJAlb.exe
  2⤵
  PID:12000
- C:\Windows\System\WFrYbNC.exe
  C:\Windows\System\WFrYbNC.exe
  2⤵
  PID:12040
- C:\Windows\System\zbAzBEr.exe
  C:\Windows\System\zbAzBEr.exe
  2⤵
  PID:12068
- C:\Windows\System\kxARYHf.exe
  C:\Windows\System\kxARYHf.exe
  2⤵
  PID:12092
- C:\Windows\System\lUYvjzN.exe
  C:\Windows\System\lUYvjzN.exe
  2⤵
  PID:12116
- C:\Windows\System\XPRqzBb.exe
  C:\Windows\System\XPRqzBb.exe
  2⤵
  PID:12140
- C:\Windows\System\edgOBLF.exe
  C:\Windows\System\edgOBLF.exe
  2⤵
  PID:12180
- C:\Windows\System\BbdHZWy.exe
  C:\Windows\System\BbdHZWy.exe
  2⤵
  PID:12212
- C:\Windows\System\jsnloBY.exe
  C:\Windows\System\jsnloBY.exe
  2⤵
  PID:12228
- C:\Windows\System\xEQhdvU.exe
  C:\Windows\System\xEQhdvU.exe
  2⤵
  PID:12252
- C:\Windows\System\QgDCehn.exe
  C:\Windows\System\QgDCehn.exe
  2⤵
  PID:12276
- C:\Windows\System\dDMdxyp.exe
  C:\Windows\System\dDMdxyp.exe
  2⤵
  PID:11268
- C:\Windows\System\dHDTmZh.exe
  C:\Windows\System\dHDTmZh.exe
  2⤵
  PID:11356
- C:\Windows\System\EDhEwrb.exe
  C:\Windows\System\EDhEwrb.exe
  2⤵
  PID:440
- C:\Windows\System\rllVNaO.exe
  C:\Windows\System\rllVNaO.exe
  2⤵
  PID:11468
- C:\Windows\System\AUwiXxy.exe
  C:\Windows\System\AUwiXxy.exe
  2⤵
  PID:11532
- C:\Windows\System\aYFZSyu.exe
  C:\Windows\System\aYFZSyu.exe
  2⤵
  PID:11572
- C:\Windows\System\bPOxxSP.exe
  C:\Windows\System\bPOxxSP.exe
  2⤵
  PID:11628
- C:\Windows\System\FHTaogP.exe
  C:\Windows\System\FHTaogP.exe
  2⤵
  PID:11624
- C:\Windows\System\JsbhxID.exe
  C:\Windows\System\JsbhxID.exe
  2⤵
  PID:11780
- C:\Windows\System\RSTYoAr.exe
  C:\Windows\System\RSTYoAr.exe
  2⤵
  PID:11768
- C:\Windows\System\hKOqBsU.exe
  C:\Windows\System\hKOqBsU.exe
  2⤵
  PID:11896
- C:\Windows\System\icLIHil.exe
  C:\Windows\System\icLIHil.exe
  2⤵
  PID:11964
- C:\Windows\System\kvHWJVY.exe
  C:\Windows\System\kvHWJVY.exe
  2⤵
  PID:12056
- C:\Windows\System\ZaByuyn.exe
  C:\Windows\System\ZaByuyn.exe
  2⤵
  PID:12132
- C:\Windows\System\CqRiCUS.exe
  C:\Windows\System\CqRiCUS.exe
  2⤵
  PID:12168
- C:\Windows\System\OSxsfPA.exe
  C:\Windows\System\OSxsfPA.exe
  2⤵
  PID:12240
- C:\Windows\System\mJtnnVk.exe
  C:\Windows\System\mJtnnVk.exe
  2⤵
  PID:928
- C:\Windows\System\hOfDVOa.exe
  C:\Windows\System\hOfDVOa.exe
  2⤵
  PID:2044
- C:\Windows\System\PMcxFHu.exe
  C:\Windows\System\PMcxFHu.exe
  2⤵
  PID:11676
- C:\Windows\System\QRzUaeF.exe
  C:\Windows\System\QRzUaeF.exe
  2⤵
  PID:11736
- C:\Windows\System\gdsrxcD.exe
  C:\Windows\System\gdsrxcD.exe
  2⤵
  PID:11920
- C:\Windows\System\wJNQkUh.exe
  C:\Windows\System\wJNQkUh.exe
  2⤵
  PID:12048
- C:\Windows\System\ZWegloS.exe
  C:\Windows\System\ZWegloS.exe
  2⤵
  PID:12012
- C:\Windows\System\HIeNNqy.exe
  C:\Windows\System\HIeNNqy.exe
  2⤵
  PID:12088
- C:\Windows\System\YQqBSWj.exe
  C:\Windows\System\YQqBSWj.exe
  2⤵
  PID:1048
- C:\Windows\System\uaYkvfg.exe
  C:\Windows\System\uaYkvfg.exe
  2⤵
  PID:11092
- C:\Windows\System\eBXuhpV.exe
  C:\Windows\System\eBXuhpV.exe
  2⤵
  PID:12300
- C:\Windows\System\XxUAWyQ.exe
  C:\Windows\System\XxUAWyQ.exe
  2⤵
  PID:12316
- C:\Windows\System\DlIxXuG.exe
  C:\Windows\System\DlIxXuG.exe
  2⤵
  PID:12332
- C:\Windows\System\XLYJSYA.exe
  C:\Windows\System\XLYJSYA.exe
  2⤵
  PID:12348
- C:\Windows\System\qtiBUli.exe
  C:\Windows\System\qtiBUli.exe
  2⤵
  PID:12364
- C:\Windows\System\hhFluHt.exe
  C:\Windows\System\hhFluHt.exe
  2⤵
  PID:12384
- C:\Windows\System\BmbsVut.exe
  C:\Windows\System\BmbsVut.exe
  2⤵
  PID:12404
- C:\Windows\System\MhLtsLB.exe
  C:\Windows\System\MhLtsLB.exe
  2⤵
  PID:12432
- C:\Windows\System\pvXzHcr.exe
  C:\Windows\System\pvXzHcr.exe
  2⤵
  PID:12452
- C:\Windows\System\TarhNqd.exe
  C:\Windows\System\TarhNqd.exe
  2⤵
  PID:12488
- C:\Windows\System\TmhohPw.exe
  C:\Windows\System\TmhohPw.exe
  2⤵
  PID:12512
- C:\Windows\System\fpkLODW.exe
  C:\Windows\System\fpkLODW.exe
  2⤵
  PID:12564
- C:\Windows\System\KOksNhd.exe
  C:\Windows\System\KOksNhd.exe
  2⤵
  PID:12588
- C:\Windows\System\rWYGqqY.exe
  C:\Windows\System\rWYGqqY.exe
  2⤵
  PID:12628
- C:\Windows\System\OjuoWFx.exe
  C:\Windows\System\OjuoWFx.exe
  2⤵
  PID:12712
- C:\Windows\System\HqLkwzL.exe
  C:\Windows\System\HqLkwzL.exe
  2⤵
  PID:12736
- C:\Windows\System\niiirLw.exe
  C:\Windows\System\niiirLw.exe
  2⤵
  PID:12756
- C:\Windows\System\OofkgaP.exe
  C:\Windows\System\OofkgaP.exe
  2⤵
  PID:12820
- C:\Windows\System\RXvxAOV.exe
  C:\Windows\System\RXvxAOV.exe
  2⤵
  PID:12932
- C:\Windows\System\swaoFqj.exe
  C:\Windows\System\swaoFqj.exe
  2⤵
  PID:12952
- C:\Windows\System\EYDbsRU.exe
  C:\Windows\System\EYDbsRU.exe
  2⤵
  PID:12976
- C:\Windows\System\SHhTltf.exe
  C:\Windows\System\SHhTltf.exe
  2⤵
  PID:12996
- C:\Windows\System\WCRepop.exe
  C:\Windows\System\WCRepop.exe
  2⤵
  PID:13036
- C:\Windows\System\QeTctcy.exe
  C:\Windows\System\QeTctcy.exe
  2⤵
  PID:13056
- C:\Windows\System\AeghTMk.exe
  C:\Windows\System\AeghTMk.exe
  2⤵
  PID:13076
- C:\Windows\System\MpCKUMo.exe
  C:\Windows\System\MpCKUMo.exe
  2⤵
  PID:13104
- C:\Windows\System\CbgKlnt.exe
  C:\Windows\System\CbgKlnt.exe
  2⤵
  PID:13124
- C:\Windows\System\AJgjexJ.exe
  C:\Windows\System\AJgjexJ.exe
  2⤵
  PID:13148
- C:\Windows\System\BhkEAZt.exe
  C:\Windows\System\BhkEAZt.exe
  2⤵
  PID:13172
- C:\Windows\System\oYIGErP.exe
  C:\Windows\System\oYIGErP.exe
  2⤵
  PID:13196
- C:\Windows\System\pIqZiVH.exe
  C:\Windows\System\pIqZiVH.exe
  2⤵
  PID:13244
- C:\Windows\System\ithMviq.exe
  C:\Windows\System\ithMviq.exe
  2⤵
  PID:13284
- C:\Windows\System\TQLEsoe.exe
  C:\Windows\System\TQLEsoe.exe
  2⤵
  PID:13308
- C:\Windows\System\pEeJrrM.exe
  C:\Windows\System\pEeJrrM.exe
  2⤵
  PID:11304
- C:\Windows\System\tlMJBtT.exe
  C:\Windows\System\tlMJBtT.exe
  2⤵
  PID:11480
- C:\Windows\System\FDhfLDg.exe
  C:\Windows\System\FDhfLDg.exe
  2⤵
  PID:11556
- C:\Windows\System\RispqZd.exe
  C:\Windows\System\RispqZd.exe
  2⤵
  PID:11444
- C:\Windows\System\ixpSAlx.exe
  C:\Windows\System\ixpSAlx.exe
  2⤵
  PID:11596
- C:\Windows\System\QEbfVsr.exe
  C:\Windows\System\QEbfVsr.exe
  2⤵
  PID:12312
- C:\Windows\System\xZnOcqx.exe
  C:\Windows\System\xZnOcqx.exe
  2⤵
  PID:12356
- C:\Windows\System\XcAtOCb.exe
  C:\Windows\System\XcAtOCb.exe
  2⤵
  PID:12396
- C:\Windows\System\ixxYYMs.exe
  C:\Windows\System\ixxYYMs.exe
  2⤵
  PID:12428
- C:\Windows\System\cLDDtqX.exe
  C:\Windows\System\cLDDtqX.exe
  2⤵
  PID:12624
- C:\Windows\System\XccoCGI.exe
  C:\Windows\System\XccoCGI.exe
  2⤵
  PID:12484
- C:\Windows\System\MHLZZka.exe
  C:\Windows\System\MHLZZka.exe
  2⤵
  PID:12720
- C:\Windows\System\yXGjYYO.exe
  C:\Windows\System\yXGjYYO.exe
  2⤵
  PID:12780
- C:\Windows\System\qyeVXcB.exe
  C:\Windows\System\qyeVXcB.exe
  2⤵
  PID:12896
- C:\Windows\System\QaToWYT.exe
  C:\Windows\System\QaToWYT.exe
  2⤵
  PID:12928
- C:\Windows\System\jRrRsjm.exe
  C:\Windows\System\jRrRsjm.exe
  2⤵
  PID:4628
- C:\Windows\System\wNFisrZ.exe
  C:\Windows\System\wNFisrZ.exe
  2⤵
  PID:13028
- C:\Windows\System\DtKcZql.exe
  C:\Windows\System\DtKcZql.exe
  2⤵
  PID:13052
- C:\Windows\System\WHsDNtV.exe
  C:\Windows\System\WHsDNtV.exe
  2⤵
  PID:13168
- C:\Windows\System\ysGHYmZ.exe
  C:\Windows\System\ysGHYmZ.exe
  2⤵
  PID:13216
- C:\Windows\System\gwVRiCI.exe
  C:\Windows\System\gwVRiCI.exe
  2⤵
  PID:13280
- C:\Windows\System\fLaeseQ.exe
  C:\Windows\System\fLaeseQ.exe
  2⤵
  PID:12380
- C:\Windows\System\tSmHrki.exe
  C:\Windows\System\tSmHrki.exe
  2⤵
  PID:12660
- C:\Windows\System\FLEpYfl.exe
  C:\Windows\System\FLEpYfl.exe
  2⤵
  PID:13032
- C:\Windows\System\lrZTuiZ.exe
  C:\Windows\System\lrZTuiZ.exe
  2⤵
  PID:13252
- C:\Windows\System\IXLXrQI.exe
  C:\Windows\System\IXLXrQI.exe
  2⤵
  PID:13292
- C:\Windows\System\gcGnxZn.exe
  C:\Windows\System\gcGnxZn.exe
  2⤵
  PID:12036
- C:\Windows\System\mZJKIiJ.exe
  C:\Windows\System\mZJKIiJ.exe
  2⤵
  PID:11704
- C:\Windows\System\ZsuQkLZ.exe
  C:\Windows\System\ZsuQkLZ.exe
  2⤵
  PID:12328
- C:\Windows\System\nCVUqtU.exe
  C:\Windows\System\nCVUqtU.exe
  2⤵
  PID:12540
- C:\Windows\System\FiyUATk.exe
  C:\Windows\System\FiyUATk.exe
  2⤵
  PID:12496
- C:\Windows\System\bYyYCcE.exe
  C:\Windows\System\bYyYCcE.exe
  2⤵
  PID:1408
- C:\Windows\System\snTjVtU.exe
  C:\Windows\System\snTjVtU.exe
  2⤵
  PID:6416
- C:\Windows\System\cepCYmE.exe
  C:\Windows\System\cepCYmE.exe
  2⤵
  PID:13212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fnz3sdhn.vrn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\Dcgxmfp.exe

Filesize
2.3MB

MD5
e297204fab8cef78061eb74748d0d3aa

SHA1
541d6085523a58cb205fde4b260a0925e0fd6426

SHA256
153b9b69303d37df7b2e5476ad8d1c29f1e662c8c3c75da0683b0dac209a38e7

SHA512
5df159f96731bf36266b3576c767e93f27644b5badb8afc654182ad2ca87b6f3553b833200274490d40c81cdb4a786bb12580e1c77dcf60677de49a232235414

Download Submit
C:\Windows\System\HRSXpHE.exe

Filesize
2.3MB

MD5
697382a3fbfde28c5f9be6e36ed81578

SHA1
d4aa92bce4d8295175275e07e73810b7d5e74da3

SHA256
b539be2fe4c729a3cef09310dc743bb97c056c540d5371313c9d0ea271f95fea

SHA512
04567822bad3c6d34e9eee92e3b9060b1fd87882d5b25ae90bf9113c234efc18601a05468f159e991200e851384f070bc4140cf5cfdf2ee8babbef566ccdb792

Download Submit
C:\Windows\System\HTusuXI.exe

Filesize
2.3MB

MD5
711d8e13ea1432dc5f65c24d32da24f4

SHA1
152f80280707256fadce4918bfdfdb00062f570a

SHA256
b84f045620114588223e160172386712417f739caff47633022088fd3335dcef

SHA512
f8e9ef149a50d18e5c378a905e11ecc6404a9338a00cae22b9e23de5159f0eecdd4b38c3c258fcf38dde170c5705ea2f09712d9156c108c27b598c8f89fa87ae

Download Submit
C:\Windows\System\IYOQdNn.exe

Filesize
2.3MB

MD5
1779dca8f9fcd0651c5c01a3654d1954

SHA1
12e5109bd184970ee12afd19b2e388a2b6f10e23

SHA256
8c20e2b251775b512a95ffd453d13a3425e57730daebf580b311194092bb80c1

SHA512
a47d3bb802a4a0fc5d33716ea6b0f7b4114196e17905979d52924b3134a7b698a27746b768ba9bffad3d8fe02cdd6b24a03f0adc353bdc056c139e06451bc926

Download Submit
C:\Windows\System\KXMqxvp.exe

Filesize
2.3MB

MD5
297fb89279c11773f24957949da5fd92

SHA1
2aab70cbf3e6d183fc28cce07046fb51494650f0

SHA256
816a20e2d55bb838d98c2584a0e2b7f9bf45ad5338c387512a53cd3444c3ebe2

SHA512
b3436597579cda2f696d3beaabac1e0485398170661c9be8ee8318ffebeafdcd4956e45aee3a7adb50cf097982f52d9026fc13bd01bf4720094f88782810e716

Download Submit
C:\Windows\System\LXptLjH.exe

Filesize
2.3MB

MD5
14388a951e1c75d6079dc74835484bef

SHA1
a668ec9989c0e95188f6c4bec1d148b9815dbadc

SHA256
e616d08af3189a86b369727c8e41f1420915356363e897d15770681046b60acf

SHA512
afcff0489d06568a47bcf055fd82ae4e65afdce1a1cfa9defdbd970f873a6fcb3ef17577a4bf419660fd9c55d6d38873b749a91431649371be0984143e649019

Download Submit
C:\Windows\System\McUjisg.exe

Filesize
2.3MB

MD5
9c4954b76b686d99582b4494dc27009a

SHA1
d027b139de2d62aba993e3dcd57422e7df00ce82

SHA256
00ac9ca42d8d876299b1e5723cef12ed5090a27909c49156849c1230f2fad741

SHA512
1141a8f9e4482087fdbe87cae3663954afde6c307b3ab105d2773e9dc6631b5423c0789e04d1e0c62c64b0d467c06353a52a31a7e8ed71d706df268fa2c97da3

Download Submit
C:\Windows\System\NOghLcj.exe

Filesize
2.3MB

MD5
fc75ebbc40252b627a94f28e5b320a6d

SHA1
58ac60d1515514d5a009d62487141a2b218a4849

SHA256
c0639ad2006fc17235c34d6cec09e4935426f792b8ad1ffd9379f8594ef85f87

SHA512
345b0ba9de83cb1af2d2b08c2736a42eed0369ee9409baec525992c50f9294176a65a5d25f199a773304cea6d41a2e6a7f0b8011c2d161b124b12e472a151d1b

Download Submit
C:\Windows\System\OkZivUM.exe

Filesize
2.3MB

MD5
6ec955e94202b9d2cdd88ed7cff919b5

SHA1
4a6e9dd880096475210510fde6488e3fc6be30a9

SHA256
9b57cff1bd627c0f2a187190035b83ccc8a141b38d6672d7d2f6fe087efc1c29

SHA512
d26e5ea8bf7092e0f629cbe63445a8b27b75ba6f8a7990cb21cab84e3bd502f073f9a4d3fcdccae9f3b4f34c0cf97cacef3672548948e5e7a92cea9593f5da63

Download Submit
C:\Windows\System\PLbhcFd.exe

Filesize
2.3MB

MD5
534065cf1912eac76a93a15ac628ae90

SHA1
db54c4ce28db9bab7df9be88351105edb4b05521

SHA256
1f168aaabd1a28800e3d960471089a7191b20fa16611731a6f6d915a3963bf29

SHA512
9cca3a096dbe73c2a028b59bff4d8239ca7481a1d0f778dc5cfb57991d1c327b29ce84376ef663b049fa691a53d05a5170b2f9dce7548d034f9cfc6848c2365e

Download Submit
C:\Windows\System\QklpVDo.exe

Filesize
2.3MB

MD5
631c20355b240f3338aa34e6c580b313

SHA1
6cfeafd77e88e18c904386ffe6e8b614ad62b4c7

SHA256
53bbbe53ef03d134a5d70a7c47a05f72249cda00fa371f19af1216a1d4c282b0

SHA512
6404e015b7ddae2511acfc749db23e1b67530e31335f855d423b85c2d10a0cfea1797adec3f86bb012713a95003338627688c57944ee50723ab5e2bea16961f4

Download Submit
C:\Windows\System\TqviAgj.exe

Filesize
2.3MB

MD5
0281082a7e51478c5d8bb219410c16cb

SHA1
343571e7f819f991d910e5297cd0bbd46994823d

SHA256
37fbeebff1d00c96c7405fcfc4e64b891643060b7df8c42d20c05c05199030d9

SHA512
f3ddb841e21c6057135699b8c765083919e5a0eb4120e65a7a92ef34a55d3622bd489fa60f6b22198653c6a4400ccb5af3e721c022cb0b9cbc3dd6e5fd3a0a42

Download Submit
C:\Windows\System\UbceRyP.exe

Filesize
2.3MB

MD5
0e2d712bc94d40fa673be4df44225337

SHA1
9965f7f0da79279cb95e6fe4bc96564a95003efe

SHA256
9ddd6bac0d2de3cd36aaef11a372ea8384592de80eebf92b12fbd32ee59d2037

SHA512
afe740407224cc25f65a95bc5995dfca00b1efbeb4b56733f160bd1fadf294b7f9758d4001b0572df609ecae6e482b9eff5f247d28ca5eeaf307e3b62e027e54

Download Submit
C:\Windows\System\WKiIKaQ.exe

Filesize
2.3MB

MD5
bf710d9dbc905e9dde4fc10ce7d9c3ba

SHA1
0ff687346f64c89fd8ab69faab14aaf6e0c2076d

SHA256
0bcc311f98f72da9d57dff13403ac8e0fe595a87a14a9cd97b43fd84d14c089c

SHA512
4641a2bf33cbae4276f9eedaaa7e3701a458a3ee373feed96bc1705992d42f709f836903854cbc2deb2c96d47f4eaa5b70d2fe2681485cfac3daa922e3c3d833

Download Submit
C:\Windows\System\XvwZzaf.exe

Filesize
2.3MB

MD5
7df505efdc490ea371f404b4a47b6d7f

SHA1
bf3d19f760abbf4a4629e07487d49525da839adf

SHA256
d6dfe0c0b0863e13f1a61d32e4ad01a152aa2f6e49055a5688906fc0613766e2

SHA512
664e9b2be9678d22c117b49e8188a71a6d35eefb4cff84ac1096569b24d7fbabe2480f09945575c008c63e4b18006f30353efed7802e4eff990a786216764ac1

Download Submit
C:\Windows\System\bzhYZJp.exe

Filesize
2.3MB

MD5
97b0867afd3623f845c97fc845cbe8c8

SHA1
c0bcc5e3068685daa47fd25a5c45da2d61f2b082

SHA256
0458c86942a747e9f0e751733fb778ec7ef167f0b41392681d9048f40d214827

SHA512
94b5839bbf8639c81cfa997495ab49532f0ad146ca5adec7a84e2215590f63b5b15a2597c49cdc559b4a4546f50632c2be5f18828cead498ec894abe84659979

Download Submit
C:\Windows\System\cdUsOot.exe

Filesize
2.3MB

MD5
784ffc66f54ab0567adfc370254b5d6b

SHA1
b10131546437cf509c5431ab25dabc57522aed47

SHA256
e05f429e9e7773d0d33d79b3f335013c4115aa70268c56c1b47e95cca8746899

SHA512
2c90ff718294625d9fea76867ad747d4ef066b3bec08a4187b7049d0d9204f9be7445e2413820e056ed5b882a8ee46d3256922ec0545ae3bad41c2eda151cb0c

Download Submit
C:\Windows\System\emERHId.exe

Filesize
2.3MB

MD5
dc8147684dda360a569867587abd3353

SHA1
c4a0dc01dc96a3566ef2e21db24b2a26cbeb2c6a

SHA256
12583a31c91153858205edf797c9cc9a4abd709a26ce113dc28946431984200b

SHA512
36d50bc16927679f55579c57ad43d2e80f04e94df5678aebe58638711f41d4d483ee4d02192137c4a6361af525ae7dad70ebb36d5b646a686b72d432c52a818e

Download Submit
C:\Windows\System\faAUMgw.exe

Filesize
2.3MB

MD5
25319e9be1a3d9c4f4fe653d5ff48c82

SHA1
59bb781f699150eb3f06d2873e11d7e5f0677e6c

SHA256
a27ac437f667921a161078443f5b90e4a6c43204afe7d22686d88c45641f1308

SHA512
f2caac29d0798a2c00d8a8e8613e4eceaf736ab5fc9a83dc955153ecf2b6b23d124188a8e7a693ac1dcbc5627300b4a2f85877c4897711eb41537b52932dbc7d

Download Submit
C:\Windows\System\hbTFaSF.exe

Filesize
2.3MB

MD5
062c52c8e2ed04f536fa418d2bfe764e

SHA1
ed1624653ea537219e7d93043c11cf936122bd33

SHA256
48b686863d8ffc908e845d924abc1c2dc07fa06fbebedfc17d5ae7138b8e7309

SHA512
04053eada5d94719da782278bacebee3c898da23608d6a71220871a60cbfd0624e68acf6ecda60fd8b791654e772d8f8ed500ade4a841fde8b23db823ec0b0ab

Download Submit
C:\Windows\System\hlBIazk.exe

Filesize
2.3MB

MD5
894a7544483ca550ea754726e7717a70

SHA1
b6e3d13ca95bbe9e1562de30e6e6ca170c7a60cb

SHA256
e4e03aed73c2f5cfcf6d42c6ed31364b897ba1ac281d53f925e3613bdb1cd728

SHA512
310fc12699b10c91be4da0f02992c47c89a18e8879dde5e5a8de2c8bd29b649d94ceb3566a98a21f0d11565f42f5cc7b772bc4b7bfa7b33853513f29e80d6c0a

Download Submit
C:\Windows\System\loyaIvQ.exe

Filesize
2.3MB

MD5
783dc8609bc277e222f4547a935b0ff1

SHA1
fcadd3ebe8f497d55b3b7f53371f5a5d8df7f28c

SHA256
1dfd22d30cfc850fd1fb03c8e642c953208c4e088525beceda6759baf24bf95a

SHA512
79faaba451932cff865022183e6943c24428fa58863e5f9474f558831b0374a9f05ebc1c52e9c94e080489f89bfb90b752c6fd672ff9a9c3997572ba40bc8166

Download Submit
C:\Windows\System\lygasBZ.exe

Filesize
2.3MB

MD5
32e26956977b7645964104815d0fb721

SHA1
c162a0c0d427f9e80e46831bcae60817c10620fd

SHA256
116be6469200025a5b5b79c71db71421632079f9594381dcd2c252bf4befdd4f

SHA512
aea317a6d66487f79435f6d67c010b46aa09bd5bffb102300a908584812a45c7d160ade38f0a1546416a5ff5890e154c42422404441c735e49af7e165bdda612

Download Submit
C:\Windows\System\qOUyvgP.exe

Filesize
2.3MB

MD5
e338549121c1463b987008fce53abd86

SHA1
9056d3d3caae622659be32147233a1d1cd4263be

SHA256
513a6c104715218f3a8e58e28f4c75e5e6c33e5d4e109cc6b17587bf118b7dcc

SHA512
2ddd3f343a899a3b9866d19ec637bfa80c32c068dbc5aab909a158a1ee6e871bbd0ced4e32b91109712a54f6e73d8b518b3457048368a1243a396d1bfe7dc754

Download Submit
C:\Windows\System\rhpKfaK.exe

Filesize
2.3MB

MD5
8b11d6189e6dc0e8dd79f6eddceaaadc

SHA1
a5def7293eedc1e1a6c8c510fd2720bb64b529d4

SHA256
ee4b8bba7b8c99a0e2ced5354b1078e71c30be49a4de2e298c8c52a79c4cfa38

SHA512
2ae3ae94c36788ecb5b8a1b95599a1a3e8ed526fae9c8303d5e10b67e0292788e0beb2c96583960feac94290c6c51c81f09ccbf2ace844a59a9bf2ea551257fd

Download Submit
C:\Windows\System\sUpHWrm.exe

Filesize
2.3MB

MD5
dcaa43e00e6a4b10dd318ec4a3dbc32e

SHA1
a48a8af89acd1253f3bef9160b5a97ceaa95e8ab

SHA256
8b82ec45d0dce25706aa1f2364b65cedb5284ad9a2a9de8c323cb4421102115f

SHA512
c19378efa6b5203bd701f6b3c0c8718f9e68660d056931d950a315d6f65d7b37f420c4c5a454a8ba98a64726cc1bdc9dd24e21ee469d7df40ac85fc7a9c419a7

Download Submit
C:\Windows\System\thIyMOV.exe

Filesize
2.3MB

MD5
a88597535fe9b0fcbf0785fa91a44305

SHA1
0ff63decaac16e074ae7021a8b0e16f430411b9e

SHA256
1192c3e44bfdd468619ed552498baf450c856c4671847adad101e436dcf2d066

SHA512
1fa6c061965ac8594d17e388e63132a1a7c9f8c372c5efe62bcd62105893f97393ad81a9f323491ff584920d0f1e2ed2ffe15cdba4d4618df84d857f0dba51bf

Download Submit
C:\Windows\System\tyVwfqe.exe

Filesize
2.3MB

MD5
c5417e3101b7f1231bfcbb0c53fbbfdd

SHA1
a3f9429775502a6ea5244846712caa6164400191

SHA256
6f65e53f632e743f066941eaa4bf80eae7c49bcc66947265abe86bd173395c0f

SHA512
312e3b1c501102f074f56675108f420d7df81f73a1f98bd1770d6c869a7f2e003e255c02ae2c87e158827d2878e0b838f034aca788e848254e115b8d4b990945

Download Submit
C:\Windows\System\uBkdkEt.exe

Filesize
2.3MB

MD5
61fc679eab7b5cd07e77e55ae4d28f0e

SHA1
773824fc2c6b3941115046fbba4958859bb1ae27

SHA256
08bb653ec4a1952f808a4673539c2f8b1d38babcfe37fead9c035851c4788b00

SHA512
b9588913a0cb1da467046c52608593a5d357d03eef6bbac2c1171fc3070c210d2493fb619a968174987509814d13dfa2bda6bf1d7ec44e8121f860cc83252fd9

Download Submit
C:\Windows\System\vYMpWFa.exe

Filesize
2.3MB

MD5
e8f647d25e76324d6f717b39e407f390

SHA1
9968a2ab2659fc3e1cf4bf0b056f5c9f4b65f7b0

SHA256
784ffe33760236620a40e6b05a2b34d7c3376ba93b5acfd029004f3156f3eabb

SHA512
82b8d3401200442a06a2c6129568c167881f3375a1ee2048520768ea129f16bea83cade2c4f4da1508fd0d6605a873cd970101201adca2cd3350e038e8445197

Download Submit
C:\Windows\System\yOjsYrm.exe

Filesize
2.3MB

MD5
4f76af0184fe9c397ebf14770fe684de

SHA1
53812d8af88f512759e848c100cf4369b2e4cbff

SHA256
7b4ed0a16bd38521a5c531dcd9a88ad94196bd0202f0504557ff0bb0d4db2b61

SHA512
b26ad639cd061fe3e946661de1f720d10865ebcd6d64895d5d4b5dce6687fd1f3810f5b0794cbb2e09c3097a8fe500c42c36b2bea031b4d9fd14053004beb010

Download Submit
C:\Windows\System\zPCTwIv.exe

Filesize
2.3MB

MD5
fcb89a24f0496b5757f44e6b274586e6

SHA1
19ce3003c48be145055daef076a826499894786d

SHA256
1ad08f725c8fe2f43d1afe078945a810e66be866ae2bcdca590c7e94695b4369

SHA512
cb30afddd1510139836690b2b65eeb5c186a0338e67d6e7de7f39e7b85915e816a78bb312ffe3cc87227b642c7203c05a53a5a8d987272375f4a918dd9ed6e25

Download Submit
memory/532-123-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp

Filesize
3.9MB

Download
memory/532-2304-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp

Filesize
3.9MB

Download
memory/532-2340-0x00007FF70FFA0000-0x00007FF710392000-memory.dmp

Filesize
3.9MB

Download
memory/692-2320-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp

Filesize
3.9MB

Download
memory/692-2270-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp

Filesize
3.9MB

Download
memory/692-74-0x00007FF71A7D0000-0x00007FF71ABC2000-memory.dmp

Filesize
3.9MB

Download
memory/1340-2303-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp

Filesize
3.9MB

Download
memory/1340-111-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp

Filesize
3.9MB

Download
memory/1340-2338-0x00007FF6F6A30000-0x00007FF6F6E22000-memory.dmp

Filesize
3.9MB

Download
memory/1660-2322-0x00007FF75C460000-0x00007FF75C852000-memory.dmp

Filesize
3.9MB

Download
memory/1660-83-0x00007FF75C460000-0x00007FF75C852000-memory.dmp

Filesize
3.9MB

Download
memory/1752-2317-0x00007FF708A50000-0x00007FF708E42000-memory.dmp

Filesize
3.9MB

Download
memory/1752-49-0x00007FF708A50000-0x00007FF708E42000-memory.dmp

Filesize
3.9MB

Download
memory/1860-2350-0x00007FF681E80000-0x00007FF682272000-memory.dmp

Filesize
3.9MB

Download
memory/1860-676-0x00007FF681E80000-0x00007FF682272000-memory.dmp

Filesize
3.9MB

Download
memory/1864-2346-0x00007FF759760000-0x00007FF759B52000-memory.dmp

Filesize
3.9MB

Download
memory/1864-678-0x00007FF759760000-0x00007FF759B52000-memory.dmp

Filesize
3.9MB

Download
memory/2480-2315-0x00007FF65B480000-0x00007FF65B872000-memory.dmp

Filesize
3.9MB

Download
memory/2480-57-0x00007FF65B480000-0x00007FF65B872000-memory.dmp

Filesize
3.9MB

Download
memory/2480-2267-0x00007FF65B480000-0x00007FF65B872000-memory.dmp

Filesize
3.9MB

Download
memory/3144-2310-0x00007FF6D69E0000-0x00007FF6D6DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3144-36-0x00007FF6D69E0000-0x00007FF6D6DD2000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2325-0x00007FF652F30000-0x00007FF653322000-memory.dmp

Filesize
3.9MB

Download
memory/3160-107-0x00007FF652F30000-0x00007FF653322000-memory.dmp

Filesize
3.9MB

Download
memory/3256-668-0x00007FF619B00000-0x00007FF619EF2000-memory.dmp

Filesize
3.9MB

Download
memory/3256-2348-0x00007FF619B00000-0x00007FF619EF2000-memory.dmp

Filesize
3.9MB

Download
memory/3292-14-0x0000020335230000-0x0000020335240000-memory.dmp

Filesize
64KB

Download
memory/3292-79-0x0000020335870000-0x0000020335892000-memory.dmp

Filesize
136KB

Download
memory/3292-29-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

Filesize
10.8MB

Download
memory/3292-1188-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

Filesize
10.8MB

Download
memory/3292-1752-0x0000020335230000-0x0000020335240000-memory.dmp

Filesize
64KB

Download
memory/3292-15-0x0000020335230000-0x0000020335240000-memory.dmp

Filesize
64KB

Download
memory/3696-2331-0x00007FF62A140000-0x00007FF62A532000-memory.dmp

Filesize
3.9MB

Download
memory/3696-101-0x00007FF62A140000-0x00007FF62A532000-memory.dmp

Filesize
3.9MB

Download
memory/4064-13-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp

Filesize
3.9MB

Download
memory/4064-2306-0x00007FF7E87A0000-0x00007FF7E8B92000-memory.dmp

Filesize
3.9MB

Download
memory/4260-2268-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp

Filesize
3.9MB

Download
memory/4260-2329-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp

Filesize
3.9MB

Download
memory/4260-84-0x00007FF71AC60000-0x00007FF71B052000-memory.dmp

Filesize
3.9MB

Download
memory/4332-17-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp

Filesize
3.9MB

Download
memory/4332-667-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp

Filesize
3.9MB

Download
memory/4332-2308-0x00007FF7668E0000-0x00007FF766CD2000-memory.dmp

Filesize
3.9MB

Download
memory/4364-2312-0x00007FF790740000-0x00007FF790B32000-memory.dmp

Filesize
3.9MB

Download
memory/4364-32-0x00007FF790740000-0x00007FF790B32000-memory.dmp

Filesize
3.9MB

Download
memory/4456-97-0x00007FF6BF180000-0x00007FF6BF572000-memory.dmp

Filesize
3.9MB

Download
memory/4456-2333-0x00007FF6BF180000-0x00007FF6BF572000-memory.dmp

Filesize
3.9MB

Download
memory/4472-2327-0x00007FF678840000-0x00007FF678C32000-memory.dmp

Filesize
3.9MB

Download
memory/4472-89-0x00007FF678840000-0x00007FF678C32000-memory.dmp

Filesize
3.9MB

Download
memory/4472-2302-0x00007FF678840000-0x00007FF678C32000-memory.dmp

Filesize
3.9MB

Download
memory/4544-663-0x00007FF773490000-0x00007FF773882000-memory.dmp

Filesize
3.9MB

Download
memory/4544-1-0x0000015DC1D20000-0x0000015DC1D30000-memory.dmp

Filesize
64KB

Download
memory/4544-0-0x00007FF773490000-0x00007FF773882000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2319-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2109-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp

Filesize
3.9MB

Download
memory/4732-44-0x00007FF61ED40000-0x00007FF61F132000-memory.dmp

Filesize
3.9MB

Download
memory/4808-120-0x00007FF699F90000-0x00007FF69A382000-memory.dmp

Filesize
3.9MB

Download
memory/4808-2334-0x00007FF699F90000-0x00007FF69A382000-memory.dmp

Filesize
3.9MB

Download
memory/5092-2337-0x00007FF6F6510000-0x00007FF6F6902000-memory.dmp

Filesize
3.9MB

Download
memory/5092-117-0x00007FF6F6510000-0x00007FF6F6902000-memory.dmp

Filesize
3.9MB

Download