xmrig | c0131de629d9386489bb9fb2cba5854a4bdaffc8c05a42ef9c1903fd6ef1a8b7

Analysis

max time kernel
31s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
Size

1.8MB
MD5

0754efb6447536f3d5eb18997ca33e2e
SHA1

1794b30050418a0ee3c3dbd0a33d72ef154b3886
SHA256

c0131de629d9386489bb9fb2cba5854a4bdaffc8c05a42ef9c1903fd6ef1a8b7
SHA512

44535fde6ba9281e5dca4d1d398d2bba02c88cc1d2683ae62ea1e567f57d13b8c576d9f8e97d1510c22fa6eb2668e1a56d9d7e8871db3bad1a21dac9e5d69ac7
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrl5SX:NABD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral2/memory/4872-82-0x00007FF688570000-0x00007FF688962000-memory.dmp	xmrig
behavioral2/memory/3796-88-0x00007FF7EBF70000-0x00007FF7EC362000-memory.dmp	xmrig
behavioral2/memory/4468-92-0x00007FF74AC20000-0x00007FF74B012000-memory.dmp	xmrig
behavioral2/memory/3212-104-0x00007FF61E820000-0x00007FF61EC12000-memory.dmp	xmrig
behavioral2/memory/3440-98-0x00007FF63D5D0000-0x00007FF63D9C2000-memory.dmp	xmrig
behavioral2/memory/2084-97-0x00007FF67B100000-0x00007FF67B4F2000-memory.dmp	xmrig
behavioral2/memory/628-78-0x00007FF639310000-0x00007FF639702000-memory.dmp	xmrig
behavioral2/memory/2000-74-0x00007FF7EA840000-0x00007FF7EAC32000-memory.dmp	xmrig
behavioral2/memory/3740-73-0x00007FF614C00000-0x00007FF614FF2000-memory.dmp	xmrig
behavioral2/memory/2480-22-0x00007FF68F690000-0x00007FF68FA82000-memory.dmp	xmrig
behavioral2/memory/3436-1232-0x00007FF652160000-0x00007FF652552000-memory.dmp	xmrig
behavioral2/memory/3528-1864-0x00007FF799290000-0x00007FF799682000-memory.dmp	xmrig
behavioral2/memory/3288-1911-0x00007FF678AF0000-0x00007FF678EE2000-memory.dmp	xmrig
behavioral2/memory/1072-1910-0x00007FF670120000-0x00007FF670512000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2480	QroWQpT.exe
3716	UwymWLo.exe
3436	WgDbZNb.exe
3740	HDtOgAn.exe
2000	PTKrSja.exe
1072	eWyVcYd.exe
628	nIrcYgv.exe
3288	JaYDklY.exe
4872	DIFlcRy.exe
3796	PJZdQtA.exe
4468	ZNAtXfX.exe
2084	mXfchAg.exe
3440	daWjTAZ.exe
3212	hAGNigc.exe
1796	NpcNcDd.exe
3300	GbtZevB.exe
652	NbIYLdn.exe
3788	UVJtWLU.exe
4700	BlSYnEN.exe
4820	mrmeZKt.exe
4264	zdoTzGz.exe
4520	QtQONJa.exe
4588	TVNohqG.exe
4800	BdSHgTo.exe
2256	uJuMiyz.exe
4524	TbUTSzG.exe
3268	vJdKNaN.exe
752	YILBRgH.exe
5108	BxqOcfG.exe
2888	MyajKQj.exe
4396	uawozeB.exe
3660	RYwQSCh.exe
4720	aQLBqdM.exe
1980	yptMCzw.exe
1404	IRJioxO.exe
4984	goctmfv.exe
4100	DasPuNo.exe
2440	pFwhlxb.exe
2156	FanZJYF.exe
4320	YqxRewt.exe
3552	PTpBPrg.exe
4400	OtwWOdz.exe
3184	KJTlOfh.exe
2360	DHsFrxp.exe
1768	PQMwBHF.exe
4968	OatLIZi.exe
2296	TTjpobS.exe
2448	oiEvNrC.exe
1044	YNdEMTy.exe
1104	yYhsnBd.exe
4256	jqisLft.exe
436	FIYbwQj.exe
4284	ewTxjMN.exe
3576	pthfFRB.exe
2644	TYchCnK.exe
2424	zCFAvtW.exe
2356	qajOeDl.exe
2604	UBgQXtv.exe
3964	ivQuCJD.exe
4536	CuNxZEM.exe
5104	DZJnyYG.exe
1644	wNAFLeT.exe
2564	NfRimpk.exe
4584	WWEgyTa.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3528-0-0x00007FF799290000-0x00007FF799682000-memory.dmp	upx
behavioral2/files/0x000d000000023ae7-5.dat	upx
behavioral2/files/0x000a000000023b78-8.dat	upx
behavioral2/files/0x000d000000023b66-19.dat	upx
behavioral2/files/0x000a000000023b7a-36.dat	upx
behavioral2/files/0x000a000000023b79-43.dat	upx
behavioral2/files/0x000b000000023b7d-53.dat	upx
behavioral2/files/0x000a000000023b7e-57.dat	upx
behavioral2/files/0x000a000000023b81-75.dat	upx
behavioral2/memory/4872-82-0x00007FF688570000-0x00007FF688962000-memory.dmp	upx
behavioral2/memory/3796-88-0x00007FF7EBF70000-0x00007FF7EC362000-memory.dmp	upx
behavioral2/memory/4468-92-0x00007FF74AC20000-0x00007FF74B012000-memory.dmp	upx
behavioral2/files/0x000a000000023b83-102.dat	upx
behavioral2/files/0x000a000000023b85-114.dat	upx
behavioral2/memory/652-125-0x00007FF7B2D60000-0x00007FF7B3152000-memory.dmp	upx
behavioral2/files/0x000a000000023b8e-157.dat	upx
behavioral2/files/0x000a000000023b94-187.dat	upx
behavioral2/files/0x000a000000023b96-197.dat	upx
behavioral2/files/0x000a000000023b95-192.dat	upx
behavioral2/files/0x000a000000023b93-190.dat	upx
behavioral2/files/0x000a000000023b92-185.dat	upx
behavioral2/files/0x000a000000023b91-180.dat	upx
behavioral2/files/0x000a000000023b90-175.dat	upx
behavioral2/files/0x000a000000023b8f-170.dat	upx
behavioral2/files/0x000a000000023b8d-160.dat	upx
behavioral2/files/0x000a000000023b8c-155.dat	upx
behavioral2/files/0x000a000000023b8b-150.dat	upx
behavioral2/memory/4264-149-0x00007FF7CA9D0000-0x00007FF7CADC2000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-144.dat	upx
behavioral2/memory/4820-143-0x00007FF7F7AA0000-0x00007FF7F7E92000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-138.dat	upx
behavioral2/files/0x000a000000023b88-133.dat	upx
behavioral2/memory/4700-132-0x00007FF6B5DF0000-0x00007FF6B61E2000-memory.dmp	upx
behavioral2/memory/3788-131-0x00007FF7A16D0000-0x00007FF7A1AC2000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-126.dat	upx
behavioral2/files/0x000a000000023b86-120.dat	upx
behavioral2/memory/3300-119-0x00007FF78AB50000-0x00007FF78AF42000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-109.dat	upx
behavioral2/memory/1796-108-0x00007FF619180000-0x00007FF619572000-memory.dmp	upx
behavioral2/memory/3212-104-0x00007FF61E820000-0x00007FF61EC12000-memory.dmp	upx
behavioral2/memory/3440-98-0x00007FF63D5D0000-0x00007FF63D9C2000-memory.dmp	upx
behavioral2/memory/2084-97-0x00007FF67B100000-0x00007FF67B4F2000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-95.dat	upx
behavioral2/files/0x000b000000023b7c-89.dat	upx
behavioral2/memory/628-78-0x00007FF639310000-0x00007FF639702000-memory.dmp	upx
behavioral2/memory/2000-74-0x00007FF7EA840000-0x00007FF7EAC32000-memory.dmp	upx
behavioral2/memory/3740-73-0x00007FF614C00000-0x00007FF614FF2000-memory.dmp	upx
behavioral2/files/0x000a000000023b80-69.dat	upx
behavioral2/files/0x000a000000023b7f-67.dat	upx
behavioral2/memory/3288-62-0x00007FF678AF0000-0x00007FF678EE2000-memory.dmp	upx
behavioral2/files/0x000a000000023b7b-56.dat	upx
behavioral2/memory/1072-54-0x00007FF670120000-0x00007FF670512000-memory.dmp	upx
behavioral2/memory/3436-45-0x00007FF652160000-0x00007FF652552000-memory.dmp	upx
behavioral2/memory/3716-24-0x00007FF6652E0000-0x00007FF6656D2000-memory.dmp	upx
behavioral2/memory/2480-22-0x00007FF68F690000-0x00007FF68FA82000-memory.dmp	upx
behavioral2/memory/3436-1232-0x00007FF652160000-0x00007FF652552000-memory.dmp	upx
behavioral2/memory/3528-1864-0x00007FF799290000-0x00007FF799682000-memory.dmp	upx
behavioral2/memory/3288-1911-0x00007FF678AF0000-0x00007FF678EE2000-memory.dmp	upx
behavioral2/memory/1072-1910-0x00007FF670120000-0x00007FF670512000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cBGVKua.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\fYlnYCm.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\WjykogJ.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\bVuCybL.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\ROMegBB.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\fVcXacp.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\QIjrHhr.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\vwrjjDD.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\sDuEFwG.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\mYozQNv.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\XtMasEu.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\hAIyhUX.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\doDLEIP.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\HoksmYN.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\WKLpGxE.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\fnQRaTb.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\PTNGlQs.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\SasOfNv.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\lgAcrSn.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\AnnrNwm.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\YTmuLNh.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\TondhAK.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\swLAbUW.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\UVBbaGB.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\OhOZkRd.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\IKkklQg.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\JiXOhiq.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\IruLvBJ.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\zXTTmRi.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\qlQrDRW.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\lKSSwBG.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\ExGONNC.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\XJLbAAu.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\hXyPdQR.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\idXwxMX.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\sphlVEi.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\yCjxdku.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\IkwReHb.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\GjqTuMp.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\rJFJrpB.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\OUTGoTA.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\BLVorkc.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\NqGFQRG.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\isNUaPC.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\OuAlOgV.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\WAtnYWh.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\fIXerlg.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\KDSQReE.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\fMSMnkF.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\TQTfWJZ.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\tczgVOw.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\HILXlMy.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\GypNIvC.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\OatLIZi.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\aDDnRkG.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\GjyDCNv.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\nbgHJvS.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\MlGLvpL.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\dvnmvNR.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\iBhCTAT.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\LSWgkyJ.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\OusLOcF.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\LbCakBf.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
File created	C:\Windows\System\isxpusj.exe	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2592	powershell.exe
2592	powershell.exe
2592	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2592	powershell.exe
Token: SeLockMemoryPrivilege	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 2592	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	86
PID 3528 wrote to memory of 2592	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	86
PID 3528 wrote to memory of 2480	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	87
PID 3528 wrote to memory of 2480	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	87
PID 3528 wrote to memory of 3716	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	88
PID 3528 wrote to memory of 3716	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	88
PID 3528 wrote to memory of 3436	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	89
PID 3528 wrote to memory of 3436	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	89
PID 3528 wrote to memory of 3740	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	90
PID 3528 wrote to memory of 3740	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	90
PID 3528 wrote to memory of 2000	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	91
PID 3528 wrote to memory of 2000	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	91
PID 3528 wrote to memory of 1072	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	92
PID 3528 wrote to memory of 1072	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	92
PID 3528 wrote to memory of 628	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	93
PID 3528 wrote to memory of 628	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	93
PID 3528 wrote to memory of 3288	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	94
PID 3528 wrote to memory of 3288	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	94
PID 3528 wrote to memory of 4872	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	95
PID 3528 wrote to memory of 4872	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	95
PID 3528 wrote to memory of 3796	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	96
PID 3528 wrote to memory of 3796	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	96
PID 3528 wrote to memory of 4468	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	97
PID 3528 wrote to memory of 4468	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	97
PID 3528 wrote to memory of 2084	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	98
PID 3528 wrote to memory of 2084	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	98
PID 3528 wrote to memory of 3440	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	99
PID 3528 wrote to memory of 3440	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	99
PID 3528 wrote to memory of 3212	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	100
PID 3528 wrote to memory of 3212	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	100
PID 3528 wrote to memory of 1796	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	101
PID 3528 wrote to memory of 1796	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	101
PID 3528 wrote to memory of 3300	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	102
PID 3528 wrote to memory of 3300	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	102
PID 3528 wrote to memory of 652	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	103
PID 3528 wrote to memory of 652	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	103
PID 3528 wrote to memory of 3788	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	104
PID 3528 wrote to memory of 3788	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	104
PID 3528 wrote to memory of 4700	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	105
PID 3528 wrote to memory of 4700	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	105
PID 3528 wrote to memory of 4820	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	106
PID 3528 wrote to memory of 4820	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	106
PID 3528 wrote to memory of 4264	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	107
PID 3528 wrote to memory of 4264	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	107
PID 3528 wrote to memory of 4520	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	108
PID 3528 wrote to memory of 4520	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	108
PID 3528 wrote to memory of 4588	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	109
PID 3528 wrote to memory of 4588	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	109
PID 3528 wrote to memory of 4800	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	110
PID 3528 wrote to memory of 4800	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	110
PID 3528 wrote to memory of 2256	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	111
PID 3528 wrote to memory of 2256	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	111
PID 3528 wrote to memory of 4524	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	112
PID 3528 wrote to memory of 4524	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	112
PID 3528 wrote to memory of 3268	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	113
PID 3528 wrote to memory of 3268	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	113
PID 3528 wrote to memory of 752	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	114
PID 3528 wrote to memory of 752	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	114
PID 3528 wrote to memory of 5108	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	115
PID 3528 wrote to memory of 5108	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	115
PID 3528 wrote to memory of 2888	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	116
PID 3528 wrote to memory of 2888	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	116
PID 3528 wrote to memory of 4396	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	117
PID 3528 wrote to memory of 4396	3528	0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0754efb6447536f3d5eb18997ca33e2e_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2592
- C:\Windows\System\QroWQpT.exe
  C:\Windows\System\QroWQpT.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\UwymWLo.exe
  C:\Windows\System\UwymWLo.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\WgDbZNb.exe
  C:\Windows\System\WgDbZNb.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\HDtOgAn.exe
  C:\Windows\System\HDtOgAn.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\PTKrSja.exe
  C:\Windows\System\PTKrSja.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\eWyVcYd.exe
  C:\Windows\System\eWyVcYd.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\nIrcYgv.exe
  C:\Windows\System\nIrcYgv.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\JaYDklY.exe
  C:\Windows\System\JaYDklY.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\DIFlcRy.exe
  C:\Windows\System\DIFlcRy.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\PJZdQtA.exe
  C:\Windows\System\PJZdQtA.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\ZNAtXfX.exe
  C:\Windows\System\ZNAtXfX.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\mXfchAg.exe
  C:\Windows\System\mXfchAg.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\daWjTAZ.exe
  C:\Windows\System\daWjTAZ.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\hAGNigc.exe
  C:\Windows\System\hAGNigc.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\NpcNcDd.exe
  C:\Windows\System\NpcNcDd.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\GbtZevB.exe
  C:\Windows\System\GbtZevB.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\NbIYLdn.exe
  C:\Windows\System\NbIYLdn.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\UVJtWLU.exe
  C:\Windows\System\UVJtWLU.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\BlSYnEN.exe
  C:\Windows\System\BlSYnEN.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\mrmeZKt.exe
  C:\Windows\System\mrmeZKt.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\zdoTzGz.exe
  C:\Windows\System\zdoTzGz.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\QtQONJa.exe
  C:\Windows\System\QtQONJa.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\TVNohqG.exe
  C:\Windows\System\TVNohqG.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\BdSHgTo.exe
  C:\Windows\System\BdSHgTo.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\uJuMiyz.exe
  C:\Windows\System\uJuMiyz.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\TbUTSzG.exe
  C:\Windows\System\TbUTSzG.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\vJdKNaN.exe
  C:\Windows\System\vJdKNaN.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\YILBRgH.exe
  C:\Windows\System\YILBRgH.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\BxqOcfG.exe
  C:\Windows\System\BxqOcfG.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\MyajKQj.exe
  C:\Windows\System\MyajKQj.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\uawozeB.exe
  C:\Windows\System\uawozeB.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\RYwQSCh.exe
  C:\Windows\System\RYwQSCh.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\aQLBqdM.exe
  C:\Windows\System\aQLBqdM.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\yptMCzw.exe
  C:\Windows\System\yptMCzw.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\IRJioxO.exe
  C:\Windows\System\IRJioxO.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\goctmfv.exe
  C:\Windows\System\goctmfv.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\DasPuNo.exe
  C:\Windows\System\DasPuNo.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\pFwhlxb.exe
  C:\Windows\System\pFwhlxb.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\FanZJYF.exe
  C:\Windows\System\FanZJYF.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\YqxRewt.exe
  C:\Windows\System\YqxRewt.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\PTpBPrg.exe
  C:\Windows\System\PTpBPrg.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\OtwWOdz.exe
  C:\Windows\System\OtwWOdz.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\KJTlOfh.exe
  C:\Windows\System\KJTlOfh.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\DHsFrxp.exe
  C:\Windows\System\DHsFrxp.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\PQMwBHF.exe
  C:\Windows\System\PQMwBHF.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\OatLIZi.exe
  C:\Windows\System\OatLIZi.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\TTjpobS.exe
  C:\Windows\System\TTjpobS.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\oiEvNrC.exe
  C:\Windows\System\oiEvNrC.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YNdEMTy.exe
  C:\Windows\System\YNdEMTy.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\yYhsnBd.exe
  C:\Windows\System\yYhsnBd.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\jqisLft.exe
  C:\Windows\System\jqisLft.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\FIYbwQj.exe
  C:\Windows\System\FIYbwQj.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\ewTxjMN.exe
  C:\Windows\System\ewTxjMN.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\pthfFRB.exe
  C:\Windows\System\pthfFRB.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\TYchCnK.exe
  C:\Windows\System\TYchCnK.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zCFAvtW.exe
  C:\Windows\System\zCFAvtW.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\qajOeDl.exe
  C:\Windows\System\qajOeDl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\UBgQXtv.exe
  C:\Windows\System\UBgQXtv.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ivQuCJD.exe
  C:\Windows\System\ivQuCJD.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\CuNxZEM.exe
  C:\Windows\System\CuNxZEM.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\DZJnyYG.exe
  C:\Windows\System\DZJnyYG.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\wNAFLeT.exe
  C:\Windows\System\wNAFLeT.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\NfRimpk.exe
  C:\Windows\System\NfRimpk.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\WWEgyTa.exe
  C:\Windows\System\WWEgyTa.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\BtjAYuR.exe
  C:\Windows\System\BtjAYuR.exe
  2⤵
  PID:4344
- C:\Windows\System\kgDnFgL.exe
  C:\Windows\System\kgDnFgL.exe
  2⤵
  PID:4368
- C:\Windows\System\OoeeELr.exe
  C:\Windows\System\OoeeELr.exe
  2⤵
  PID:3028
- C:\Windows\System\lTdzkPS.exe
  C:\Windows\System\lTdzkPS.exe
  2⤵
  PID:5144
- C:\Windows\System\SqBEHEM.exe
  C:\Windows\System\SqBEHEM.exe
  2⤵
  PID:5172
- C:\Windows\System\ioAkaMB.exe
  C:\Windows\System\ioAkaMB.exe
  2⤵
  PID:5196
- C:\Windows\System\TondhAK.exe
  C:\Windows\System\TondhAK.exe
  2⤵
  PID:5228
- C:\Windows\System\YZwUlsb.exe
  C:\Windows\System\YZwUlsb.exe
  2⤵
  PID:5260
- C:\Windows\System\wgTuxHj.exe
  C:\Windows\System\wgTuxHj.exe
  2⤵
  PID:5284
- C:\Windows\System\FDQUXfE.exe
  C:\Windows\System\FDQUXfE.exe
  2⤵
  PID:5312
- C:\Windows\System\ddFQBMh.exe
  C:\Windows\System\ddFQBMh.exe
  2⤵
  PID:5340
- C:\Windows\System\ACZuPmc.exe
  C:\Windows\System\ACZuPmc.exe
  2⤵
  PID:5368
- C:\Windows\System\pwtmZfa.exe
  C:\Windows\System\pwtmZfa.exe
  2⤵
  PID:5396
- C:\Windows\System\hXyPdQR.exe
  C:\Windows\System\hXyPdQR.exe
  2⤵
  PID:5424
- C:\Windows\System\fcZbpno.exe
  C:\Windows\System\fcZbpno.exe
  2⤵
  PID:5452
- C:\Windows\System\kTJfIHT.exe
  C:\Windows\System\kTJfIHT.exe
  2⤵
  PID:5476
- C:\Windows\System\jXlPTIL.exe
  C:\Windows\System\jXlPTIL.exe
  2⤵
  PID:5508
- C:\Windows\System\ZjfNkue.exe
  C:\Windows\System\ZjfNkue.exe
  2⤵
  PID:5536
- C:\Windows\System\rOELfOa.exe
  C:\Windows\System\rOELfOa.exe
  2⤵
  PID:5564
- C:\Windows\System\LbCakBf.exe
  C:\Windows\System\LbCakBf.exe
  2⤵
  PID:5592
- C:\Windows\System\uFrlhlH.exe
  C:\Windows\System\uFrlhlH.exe
  2⤵
  PID:5616
- C:\Windows\System\iBhCTAT.exe
  C:\Windows\System\iBhCTAT.exe
  2⤵
  PID:5644
- C:\Windows\System\CgxgUmj.exe
  C:\Windows\System\CgxgUmj.exe
  2⤵
  PID:5676
- C:\Windows\System\IJfdQsO.exe
  C:\Windows\System\IJfdQsO.exe
  2⤵
  PID:5704
- C:\Windows\System\aDDnRkG.exe
  C:\Windows\System\aDDnRkG.exe
  2⤵
  PID:5732
- C:\Windows\System\jYKxFpe.exe
  C:\Windows\System\jYKxFpe.exe
  2⤵
  PID:5760
- C:\Windows\System\BMonXLn.exe
  C:\Windows\System\BMonXLn.exe
  2⤵
  PID:5792
- C:\Windows\System\ShdNNGJ.exe
  C:\Windows\System\ShdNNGJ.exe
  2⤵
  PID:5816
- C:\Windows\System\OpCrpln.exe
  C:\Windows\System\OpCrpln.exe
  2⤵
  PID:5844
- C:\Windows\System\bQSjSgW.exe
  C:\Windows\System\bQSjSgW.exe
  2⤵
  PID:5872
- C:\Windows\System\mAfEFtS.exe
  C:\Windows\System\mAfEFtS.exe
  2⤵
  PID:5900
- C:\Windows\System\ORrPKEF.exe
  C:\Windows\System\ORrPKEF.exe
  2⤵
  PID:5928
- C:\Windows\System\sUYzRYe.exe
  C:\Windows\System\sUYzRYe.exe
  2⤵
  PID:5956
- C:\Windows\System\OMWjNjT.exe
  C:\Windows\System\OMWjNjT.exe
  2⤵
  PID:5984
- C:\Windows\System\zhsnvqf.exe
  C:\Windows\System\zhsnvqf.exe
  2⤵
  PID:6012
- C:\Windows\System\kijeKUh.exe
  C:\Windows\System\kijeKUh.exe
  2⤵
  PID:6040
- C:\Windows\System\IKkklQg.exe
  C:\Windows\System\IKkklQg.exe
  2⤵
  PID:6068
- C:\Windows\System\zctAekq.exe
  C:\Windows\System\zctAekq.exe
  2⤵
  PID:6124
- C:\Windows\System\hqcgnJu.exe
  C:\Windows\System\hqcgnJu.exe
  2⤵
  PID:4660
- C:\Windows\System\lPhzTTh.exe
  C:\Windows\System\lPhzTTh.exe
  2⤵
  PID:4620
- C:\Windows\System\wGkANia.exe
  C:\Windows\System\wGkANia.exe
  2⤵
  PID:3808
- C:\Windows\System\lbpUSlF.exe
  C:\Windows\System\lbpUSlF.exe
  2⤵
  PID:3568
- C:\Windows\System\YRmuKWl.exe
  C:\Windows\System\YRmuKWl.exe
  2⤵
  PID:4008
- C:\Windows\System\hBjNmkK.exe
  C:\Windows\System\hBjNmkK.exe
  2⤵
  PID:4932
- C:\Windows\System\LRvFfmu.exe
  C:\Windows\System\LRvFfmu.exe
  2⤵
  PID:5136
- C:\Windows\System\FlNvgal.exe
  C:\Windows\System\FlNvgal.exe
  2⤵
  PID:5188
- C:\Windows\System\HBakbSJ.exe
  C:\Windows\System\HBakbSJ.exe
  2⤵
  PID:5252
- C:\Windows\System\bXGMdKD.exe
  C:\Windows\System\bXGMdKD.exe
  2⤵
  PID:5304
- C:\Windows\System\VPxDfRZ.exe
  C:\Windows\System\VPxDfRZ.exe
  2⤵
  PID:5376
- C:\Windows\System\idXwxMX.exe
  C:\Windows\System\idXwxMX.exe
  2⤵
  PID:5444
- C:\Windows\System\IhkcXlI.exe
  C:\Windows\System\IhkcXlI.exe
  2⤵
  PID:5496
- C:\Windows\System\ZpDkOmg.exe
  C:\Windows\System\ZpDkOmg.exe
  2⤵
  PID:5572
- C:\Windows\System\vFTqrhH.exe
  C:\Windows\System\vFTqrhH.exe
  2⤵
  PID:5628
- C:\Windows\System\xvgzPCC.exe
  C:\Windows\System\xvgzPCC.exe
  2⤵
  PID:5692
- C:\Windows\System\OyQLWTJ.exe
  C:\Windows\System\OyQLWTJ.exe
  2⤵
  PID:5752
- C:\Windows\System\tKhsbyd.exe
  C:\Windows\System\tKhsbyd.exe
  2⤵
  PID:5804
- C:\Windows\System\SIUUKdt.exe
  C:\Windows\System\SIUUKdt.exe
  2⤵
  PID:5864
- C:\Windows\System\Fjqhklm.exe
  C:\Windows\System\Fjqhklm.exe
  2⤵
  PID:5920
- C:\Windows\System\BLJmWgH.exe
  C:\Windows\System\BLJmWgH.exe
  2⤵
  PID:5976
- C:\Windows\System\zXjvuXL.exe
  C:\Windows\System\zXjvuXL.exe
  2⤵
  PID:6048
- C:\Windows\System\DkFlofj.exe
  C:\Windows\System\DkFlofj.exe
  2⤵
  PID:6088
- C:\Windows\System\qasfgzk.exe
  C:\Windows\System\qasfgzk.exe
  2⤵
  PID:1932
- C:\Windows\System\YibmDyE.exe
  C:\Windows\System\YibmDyE.exe
  2⤵
  PID:876
- C:\Windows\System\BMhWfXN.exe
  C:\Windows\System\BMhWfXN.exe
  2⤵
  PID:4080
- C:\Windows\System\pHLGVMb.exe
  C:\Windows\System\pHLGVMb.exe
  2⤵
  PID:5164
- C:\Windows\System\vxwfUQz.exe
  C:\Windows\System\vxwfUQz.exe
  2⤵
  PID:5292
- C:\Windows\System\TOpArHB.exe
  C:\Windows\System\TOpArHB.exe
  2⤵
  PID:5468
- C:\Windows\System\TqXZbTU.exe
  C:\Windows\System\TqXZbTU.exe
  2⤵
  PID:4440
- C:\Windows\System\kPrcDoK.exe
  C:\Windows\System\kPrcDoK.exe
  2⤵
  PID:5720
- C:\Windows\System\aNnYetE.exe
  C:\Windows\System\aNnYetE.exe
  2⤵
  PID:5832
- C:\Windows\System\WAtnYWh.exe
  C:\Windows\System\WAtnYWh.exe
  2⤵
  PID:5964
- C:\Windows\System\oVMAmGD.exe
  C:\Windows\System\oVMAmGD.exe
  2⤵
  PID:2520
- C:\Windows\System\RfyQZIW.exe
  C:\Windows\System\RfyQZIW.exe
  2⤵
  PID:2548
- C:\Windows\System\SmDmRxq.exe
  C:\Windows\System\SmDmRxq.exe
  2⤵
  PID:2380
- C:\Windows\System\RCKoPsT.exe
  C:\Windows\System\RCKoPsT.exe
  2⤵
  PID:5360
- C:\Windows\System\Ottwcvn.exe
  C:\Windows\System\Ottwcvn.exe
  2⤵
  PID:3232
- C:\Windows\System\cvIEgLR.exe
  C:\Windows\System\cvIEgLR.exe
  2⤵
  PID:6168
- C:\Windows\System\UdzpWPF.exe
  C:\Windows\System\UdzpWPF.exe
  2⤵
  PID:6200
- C:\Windows\System\CcXGUZD.exe
  C:\Windows\System\CcXGUZD.exe
  2⤵
  PID:6228
- C:\Windows\System\ANwbKTa.exe
  C:\Windows\System\ANwbKTa.exe
  2⤵
  PID:6252
- C:\Windows\System\BCTCQtl.exe
  C:\Windows\System\BCTCQtl.exe
  2⤵
  PID:6284
- C:\Windows\System\ViUWWtZ.exe
  C:\Windows\System\ViUWWtZ.exe
  2⤵
  PID:6308
- C:\Windows\System\fMSMnkF.exe
  C:\Windows\System\fMSMnkF.exe
  2⤵
  PID:6336
- C:\Windows\System\aeIreSn.exe
  C:\Windows\System\aeIreSn.exe
  2⤵
  PID:6364
- C:\Windows\System\QIZpMPP.exe
  C:\Windows\System\QIZpMPP.exe
  2⤵
  PID:6392
- C:\Windows\System\Akufsvz.exe
  C:\Windows\System\Akufsvz.exe
  2⤵
  PID:6420
- C:\Windows\System\sXGowvE.exe
  C:\Windows\System\sXGowvE.exe
  2⤵
  PID:6452
- C:\Windows\System\torvUiG.exe
  C:\Windows\System\torvUiG.exe
  2⤵
  PID:6476
- C:\Windows\System\aVyjWvv.exe
  C:\Windows\System\aVyjWvv.exe
  2⤵
  PID:6504
- C:\Windows\System\BCKxfvg.exe
  C:\Windows\System\BCKxfvg.exe
  2⤵
  PID:6536
- C:\Windows\System\uUSbxsK.exe
  C:\Windows\System\uUSbxsK.exe
  2⤵
  PID:6560
- C:\Windows\System\nbkWTOO.exe
  C:\Windows\System\nbkWTOO.exe
  2⤵
  PID:6592
- C:\Windows\System\dGWWGcQ.exe
  C:\Windows\System\dGWWGcQ.exe
  2⤵
  PID:6620
- C:\Windows\System\ilmnBSw.exe
  C:\Windows\System\ilmnBSw.exe
  2⤵
  PID:6648
- C:\Windows\System\upgEcpm.exe
  C:\Windows\System\upgEcpm.exe
  2⤵
  PID:6676
- C:\Windows\System\iUCkiyu.exe
  C:\Windows\System\iUCkiyu.exe
  2⤵
  PID:6704
- C:\Windows\System\DXPmJeM.exe
  C:\Windows\System\DXPmJeM.exe
  2⤵
  PID:6732
- C:\Windows\System\EfaIJOU.exe
  C:\Windows\System\EfaIJOU.exe
  2⤵
  PID:6760
- C:\Windows\System\TpyySPJ.exe
  C:\Windows\System\TpyySPJ.exe
  2⤵
  PID:6788
- C:\Windows\System\EnLEcga.exe
  C:\Windows\System\EnLEcga.exe
  2⤵
  PID:6816
- C:\Windows\System\TEQLrWN.exe
  C:\Windows\System\TEQLrWN.exe
  2⤵
  PID:6884
- C:\Windows\System\FHHEpMB.exe
  C:\Windows\System\FHHEpMB.exe
  2⤵
  PID:6916
- C:\Windows\System\QWCtPjH.exe
  C:\Windows\System\QWCtPjH.exe
  2⤵
  PID:6936
- C:\Windows\System\lCAEEde.exe
  C:\Windows\System\lCAEEde.exe
  2⤵
  PID:6960
- C:\Windows\System\xNTUJTo.exe
  C:\Windows\System\xNTUJTo.exe
  2⤵
  PID:7008
- C:\Windows\System\nDtlzNp.exe
  C:\Windows\System\nDtlzNp.exe
  2⤵
  PID:7024
- C:\Windows\System\oHYKyAK.exe
  C:\Windows\System\oHYKyAK.exe
  2⤵
  PID:7056
- C:\Windows\System\gwfKEtz.exe
  C:\Windows\System\gwfKEtz.exe
  2⤵
  PID:7076
- C:\Windows\System\YPdcqxF.exe
  C:\Windows\System\YPdcqxF.exe
  2⤵
  PID:7120
- C:\Windows\System\hrjjeOK.exe
  C:\Windows\System\hrjjeOK.exe
  2⤵
  PID:7140
- C:\Windows\System\HCfHNXk.exe
  C:\Windows\System\HCfHNXk.exe
  2⤵
  PID:5780
- C:\Windows\System\MBaMdLA.exe
  C:\Windows\System\MBaMdLA.exe
  2⤵
  PID:3292
- C:\Windows\System\dYFXQsv.exe
  C:\Windows\System\dYFXQsv.exe
  2⤵
  PID:2904
- C:\Windows\System\ZHUXvmX.exe
  C:\Windows\System\ZHUXvmX.exe
  2⤵
  PID:5236
- C:\Windows\System\TSiPrSv.exe
  C:\Windows\System\TSiPrSv.exe
  2⤵
  PID:1064
- C:\Windows\System\hekBHSA.exe
  C:\Windows\System\hekBHSA.exe
  2⤵
  PID:6160
- C:\Windows\System\NkHWkFL.exe
  C:\Windows\System\NkHWkFL.exe
  2⤵
  PID:6188
- C:\Windows\System\lMsliIJ.exe
  C:\Windows\System\lMsliIJ.exe
  2⤵
  PID:6248
- C:\Windows\System\JBuFjtM.exe
  C:\Windows\System\JBuFjtM.exe
  2⤵
  PID:6300
- C:\Windows\System\RLJabHp.exe
  C:\Windows\System\RLJabHp.exe
  2⤵
  PID:6332
- C:\Windows\System\GinOAqM.exe
  C:\Windows\System\GinOAqM.exe
  2⤵
  PID:6436
- C:\Windows\System\wqoVEtG.exe
  C:\Windows\System\wqoVEtG.exe
  2⤵
  PID:6468
- C:\Windows\System\nQIdCXM.exe
  C:\Windows\System\nQIdCXM.exe
  2⤵
  PID:400
- C:\Windows\System\JlXGpra.exe
  C:\Windows\System\JlXGpra.exe
  2⤵
  PID:720
- C:\Windows\System\VUhyhhu.exe
  C:\Windows\System\VUhyhhu.exe
  2⤵
  PID:6528
- C:\Windows\System\lrhegyz.exe
  C:\Windows\System\lrhegyz.exe
  2⤵
  PID:6576
- C:\Windows\System\ehGrhdH.exe
  C:\Windows\System\ehGrhdH.exe
  2⤵
  PID:2224
- C:\Windows\System\VoOulbx.exe
  C:\Windows\System\VoOulbx.exe
  2⤵
  PID:6640
- C:\Windows\System\pcUNxII.exe
  C:\Windows\System\pcUNxII.exe
  2⤵
  PID:6692
- C:\Windows\System\svrOjnr.exe
  C:\Windows\System\svrOjnr.exe
  2⤵
  PID:1096
- C:\Windows\System\ruHsDUH.exe
  C:\Windows\System\ruHsDUH.exe
  2⤵
  PID:3236
- C:\Windows\System\dFVLFGg.exe
  C:\Windows\System\dFVLFGg.exe
  2⤵
  PID:6776
- C:\Windows\System\oRoeEhq.exe
  C:\Windows\System\oRoeEhq.exe
  2⤵
  PID:6828
- C:\Windows\System\ymgBIge.exe
  C:\Windows\System\ymgBIge.exe
  2⤵
  PID:4492
- C:\Windows\System\qvnJVhv.exe
  C:\Windows\System\qvnJVhv.exe
  2⤵
  PID:4000
- C:\Windows\System\vnqibcx.exe
  C:\Windows\System\vnqibcx.exe
  2⤵
  PID:4816
- C:\Windows\System\yWCyuth.exe
  C:\Windows\System\yWCyuth.exe
  2⤵
  PID:6868
- C:\Windows\System\pSsWUzg.exe
  C:\Windows\System\pSsWUzg.exe
  2⤵
  PID:6908
- C:\Windows\System\SJKUZpL.exe
  C:\Windows\System\SJKUZpL.exe
  2⤵
  PID:6976
- C:\Windows\System\FPWfCke.exe
  C:\Windows\System\FPWfCke.exe
  2⤵
  PID:7000
- C:\Windows\System\oACdGSk.exe
  C:\Windows\System\oACdGSk.exe
  2⤵
  PID:7048
- C:\Windows\System\gzpzerh.exe
  C:\Windows\System\gzpzerh.exe
  2⤵
  PID:7132
- C:\Windows\System\YzredIu.exe
  C:\Windows\System\YzredIu.exe
  2⤵
  PID:5892
- C:\Windows\System\acGDcbO.exe
  C:\Windows\System\acGDcbO.exe
  2⤵
  PID:6020
- C:\Windows\System\AdHmxfX.exe
  C:\Windows\System\AdHmxfX.exe
  2⤵
  PID:812
- C:\Windows\System\ObxPJPp.exe
  C:\Windows\System\ObxPJPp.exe
  2⤵
  PID:6296
- C:\Windows\System\NQvkrFd.exe
  C:\Windows\System\NQvkrFd.exe
  2⤵
  PID:6324
- C:\Windows\System\wlXQdxH.exe
  C:\Windows\System\wlXQdxH.exe
  2⤵
  PID:6444
- C:\Windows\System\rbKdTel.exe
  C:\Windows\System\rbKdTel.exe
  2⤵
  PID:2496
- C:\Windows\System\SbxxmJu.exe
  C:\Windows\System\SbxxmJu.exe
  2⤵
  PID:6608
- C:\Windows\System\vRIEHGg.exe
  C:\Windows\System\vRIEHGg.exe
  2⤵
  PID:6668
- C:\Windows\System\oECKJfb.exe
  C:\Windows\System\oECKJfb.exe
  2⤵
  PID:1924
- C:\Windows\System\KjBchRg.exe
  C:\Windows\System\KjBchRg.exe
  2⤵
  PID:2080
- C:\Windows\System\WKGQuNC.exe
  C:\Windows\System\WKGQuNC.exe
  2⤵
  PID:6852
- C:\Windows\System\QnUBPQa.exe
  C:\Windows\System\QnUBPQa.exe
  2⤵
  PID:4352
- C:\Windows\System\QQMjjzS.exe
  C:\Windows\System\QQMjjzS.exe
  2⤵
  PID:5544
- C:\Windows\System\uqNlgOr.exe
  C:\Windows\System\uqNlgOr.exe
  2⤵
  PID:6408
- C:\Windows\System\BlswpWt.exe
  C:\Windows\System\BlswpWt.exe
  2⤵
  PID:6752
- C:\Windows\System\HGyhqXE.exe
  C:\Windows\System\HGyhqXE.exe
  2⤵
  PID:2008
- C:\Windows\System\HoksmYN.exe
  C:\Windows\System\HoksmYN.exe
  2⤵
  PID:2172
- C:\Windows\System\dmWtUcs.exe
  C:\Windows\System\dmWtUcs.exe
  2⤵
  PID:6984
- C:\Windows\System\sRhwMeZ.exe
  C:\Windows\System\sRhwMeZ.exe
  2⤵
  PID:6688
- C:\Windows\System\urcoRjs.exe
  C:\Windows\System\urcoRjs.exe
  2⤵
  PID:7204
- C:\Windows\System\AkcWIhD.exe
  C:\Windows\System\AkcWIhD.exe
  2⤵
  PID:7248
- C:\Windows\System\crDxGEj.exe
  C:\Windows\System\crDxGEj.exe
  2⤵
  PID:7272
- C:\Windows\System\oCOlnun.exe
  C:\Windows\System\oCOlnun.exe
  2⤵
  PID:7292
- C:\Windows\System\sphlVEi.exe
  C:\Windows\System\sphlVEi.exe
  2⤵
  PID:7312
- C:\Windows\System\qnizKbw.exe
  C:\Windows\System\qnizKbw.exe
  2⤵
  PID:7336
- C:\Windows\System\OQYBQOY.exe
  C:\Windows\System\OQYBQOY.exe
  2⤵
  PID:7356
- C:\Windows\System\TowlsgC.exe
  C:\Windows\System\TowlsgC.exe
  2⤵
  PID:7384
- C:\Windows\System\yTGdqiZ.exe
  C:\Windows\System\yTGdqiZ.exe
  2⤵
  PID:7400
- C:\Windows\System\CuNDbQP.exe
  C:\Windows\System\CuNDbQP.exe
  2⤵
  PID:7424
- C:\Windows\System\AOnmIot.exe
  C:\Windows\System\AOnmIot.exe
  2⤵
  PID:7460
- C:\Windows\System\hoeFGeL.exe
  C:\Windows\System\hoeFGeL.exe
  2⤵
  PID:7516
- C:\Windows\System\ULiTlpB.exe
  C:\Windows\System\ULiTlpB.exe
  2⤵
  PID:7536
- C:\Windows\System\kxiTtxb.exe
  C:\Windows\System\kxiTtxb.exe
  2⤵
  PID:7560
- C:\Windows\System\ixnMfOA.exe
  C:\Windows\System\ixnMfOA.exe
  2⤵
  PID:7584
- C:\Windows\System\ZvcheIs.exe
  C:\Windows\System\ZvcheIs.exe
  2⤵
  PID:7616
- C:\Windows\System\VJyQkok.exe
  C:\Windows\System\VJyQkok.exe
  2⤵
  PID:7636
- C:\Windows\System\dbtuJfj.exe
  C:\Windows\System\dbtuJfj.exe
  2⤵
  PID:7656
- C:\Windows\System\ylalhVr.exe
  C:\Windows\System\ylalhVr.exe
  2⤵
  PID:7732
- C:\Windows\System\tZRnUJc.exe
  C:\Windows\System\tZRnUJc.exe
  2⤵
  PID:7756
- C:\Windows\System\vrsYDBh.exe
  C:\Windows\System\vrsYDBh.exe
  2⤵
  PID:7784
- C:\Windows\System\vGQzMUe.exe
  C:\Windows\System\vGQzMUe.exe
  2⤵
  PID:7804
- C:\Windows\System\HsXlAwa.exe
  C:\Windows\System\HsXlAwa.exe
  2⤵
  PID:7836
- C:\Windows\System\GbFDNNn.exe
  C:\Windows\System\GbFDNNn.exe
  2⤵
  PID:7860
- C:\Windows\System\eQreWFP.exe
  C:\Windows\System\eQreWFP.exe
  2⤵
  PID:7880
- C:\Windows\System\WKLpGxE.exe
  C:\Windows\System\WKLpGxE.exe
  2⤵
  PID:7900
- C:\Windows\System\tqrOjqN.exe
  C:\Windows\System\tqrOjqN.exe
  2⤵
  PID:7944
- C:\Windows\System\AUXJGGO.exe
  C:\Windows\System\AUXJGGO.exe
  2⤵
  PID:7968
- C:\Windows\System\ZoHAKmu.exe
  C:\Windows\System\ZoHAKmu.exe
  2⤵
  PID:7988
- C:\Windows\System\ARZmvee.exe
  C:\Windows\System\ARZmvee.exe
  2⤵
  PID:8008
- C:\Windows\System\ahyZOSA.exe
  C:\Windows\System\ahyZOSA.exe
  2⤵
  PID:8036
- C:\Windows\System\zguLjKV.exe
  C:\Windows\System\zguLjKV.exe
  2⤵
  PID:8056
- C:\Windows\System\BrBjekr.exe
  C:\Windows\System\BrBjekr.exe
  2⤵
  PID:8128
- C:\Windows\System\QIdOQmc.exe
  C:\Windows\System\QIdOQmc.exe
  2⤵
  PID:8148
- C:\Windows\System\eRpgxRa.exe
  C:\Windows\System\eRpgxRa.exe
  2⤵
  PID:8172
- C:\Windows\System\GjFOJBb.exe
  C:\Windows\System\GjFOJBb.exe
  2⤵
  PID:7180
- C:\Windows\System\auntQOA.exe
  C:\Windows\System\auntQOA.exe
  2⤵
  PID:7188
- C:\Windows\System\IOUDcWD.exe
  C:\Windows\System\IOUDcWD.exe
  2⤵
  PID:7268
- C:\Windows\System\kQHFudL.exe
  C:\Windows\System\kQHFudL.exe
  2⤵
  PID:7284
- C:\Windows\System\isxpusj.exe
  C:\Windows\System\isxpusj.exe
  2⤵
  PID:7364
- C:\Windows\System\lmcCABc.exe
  C:\Windows\System\lmcCABc.exe
  2⤵
  PID:7416
- C:\Windows\System\nFcyHvb.exe
  C:\Windows\System\nFcyHvb.exe
  2⤵
  PID:7524
- C:\Windows\System\jSDgNJZ.exe
  C:\Windows\System\jSDgNJZ.exe
  2⤵
  PID:7628
- C:\Windows\System\YsxvzMn.exe
  C:\Windows\System\YsxvzMn.exe
  2⤵
  PID:7676
- C:\Windows\System\bJYbgtH.exe
  C:\Windows\System\bJYbgtH.exe
  2⤵
  PID:7748
- C:\Windows\System\ONDAmag.exe
  C:\Windows\System\ONDAmag.exe
  2⤵
  PID:7744
- C:\Windows\System\vwrjjDD.exe
  C:\Windows\System\vwrjjDD.exe
  2⤵
  PID:7828
- C:\Windows\System\SasOfNv.exe
  C:\Windows\System\SasOfNv.exe
  2⤵
  PID:7892
- C:\Windows\System\mOnvUaC.exe
  C:\Windows\System\mOnvUaC.exe
  2⤵
  PID:7936
- C:\Windows\System\ysfyflC.exe
  C:\Windows\System\ysfyflC.exe
  2⤵
  PID:8000
- C:\Windows\System\xVmWybc.exe
  C:\Windows\System\xVmWybc.exe
  2⤵
  PID:8024
- C:\Windows\System\YGwXLAM.exe
  C:\Windows\System\YGwXLAM.exe
  2⤵
  PID:8156
- C:\Windows\System\mHfarvn.exe
  C:\Windows\System\mHfarvn.exe
  2⤵
  PID:7088
- C:\Windows\System\BuhVZbQ.exe
  C:\Windows\System\BuhVZbQ.exe
  2⤵
  PID:7236
- C:\Windows\System\PcJJOjE.exe
  C:\Windows\System\PcJJOjE.exe
  2⤵
  PID:7408
- C:\Windows\System\lQABtOW.exe
  C:\Windows\System\lQABtOW.exe
  2⤵
  PID:7512
- C:\Windows\System\RPkShQP.exe
  C:\Windows\System\RPkShQP.exe
  2⤵
  PID:7724
- C:\Windows\System\uNxRdBW.exe
  C:\Windows\System\uNxRdBW.exe
  2⤵
  PID:7888
- C:\Windows\System\FyDCBnT.exe
  C:\Windows\System\FyDCBnT.exe
  2⤵
  PID:8004
- C:\Windows\System\kOGqMXG.exe
  C:\Windows\System\kOGqMXG.exe
  2⤵
  PID:7496
- C:\Windows\System\DuNjVma.exe
  C:\Windows\System\DuNjVma.exe
  2⤵
  PID:8164
- C:\Windows\System\jqlzyxF.exe
  C:\Windows\System\jqlzyxF.exe
  2⤵
  PID:7812
- C:\Windows\System\gknhkxH.exe
  C:\Windows\System\gknhkxH.exe
  2⤵
  PID:7348
- C:\Windows\System\KkvLwVw.exe
  C:\Windows\System\KkvLwVw.exe
  2⤵
  PID:8228
- C:\Windows\System\LjpIdrt.exe
  C:\Windows\System\LjpIdrt.exe
  2⤵
  PID:8248
- C:\Windows\System\YAWtjMq.exe
  C:\Windows\System\YAWtjMq.exe
  2⤵
  PID:8276
- C:\Windows\System\zAVyNij.exe
  C:\Windows\System\zAVyNij.exe
  2⤵
  PID:8324
- C:\Windows\System\GNyumyE.exe
  C:\Windows\System\GNyumyE.exe
  2⤵
  PID:8348
- C:\Windows\System\YoBrBax.exe
  C:\Windows\System\YoBrBax.exe
  2⤵
  PID:8368
- C:\Windows\System\WlnBXAz.exe
  C:\Windows\System\WlnBXAz.exe
  2⤵
  PID:8396
- C:\Windows\System\galepCU.exe
  C:\Windows\System\galepCU.exe
  2⤵
  PID:8424
- C:\Windows\System\eLzDELs.exe
  C:\Windows\System\eLzDELs.exe
  2⤵
  PID:8444
- C:\Windows\System\SlmuOIo.exe
  C:\Windows\System\SlmuOIo.exe
  2⤵
  PID:8468
- C:\Windows\System\pTLJRUq.exe
  C:\Windows\System\pTLJRUq.exe
  2⤵
  PID:8488
- C:\Windows\System\ucPDnbW.exe
  C:\Windows\System\ucPDnbW.exe
  2⤵
  PID:8536
- C:\Windows\System\lGOeAxQ.exe
  C:\Windows\System\lGOeAxQ.exe
  2⤵
  PID:8560
- C:\Windows\System\xHRcoVS.exe
  C:\Windows\System\xHRcoVS.exe
  2⤵
  PID:8576
- C:\Windows\System\ZLlYFaj.exe
  C:\Windows\System\ZLlYFaj.exe
  2⤵
  PID:8596
- C:\Windows\System\mxnRYUs.exe
  C:\Windows\System\mxnRYUs.exe
  2⤵
  PID:8620
- C:\Windows\System\oQDdcua.exe
  C:\Windows\System\oQDdcua.exe
  2⤵
  PID:8652
- C:\Windows\System\YOKsgdB.exe
  C:\Windows\System\YOKsgdB.exe
  2⤵
  PID:8672
- C:\Windows\System\KPzQCqu.exe
  C:\Windows\System\KPzQCqu.exe
  2⤵
  PID:8696
- C:\Windows\System\YXLaiho.exe
  C:\Windows\System\YXLaiho.exe
  2⤵
  PID:8740
- C:\Windows\System\yNrloDS.exe
  C:\Windows\System\yNrloDS.exe
  2⤵
  PID:8796
- C:\Windows\System\SQAUcLJ.exe
  C:\Windows\System\SQAUcLJ.exe
  2⤵
  PID:8840
- C:\Windows\System\rDljYsR.exe
  C:\Windows\System\rDljYsR.exe
  2⤵
  PID:8860
- C:\Windows\System\zVYwqQE.exe
  C:\Windows\System\zVYwqQE.exe
  2⤵
  PID:8880
- C:\Windows\System\exiwqcm.exe
  C:\Windows\System\exiwqcm.exe
  2⤵
  PID:8912
- C:\Windows\System\EoGSDqG.exe
  C:\Windows\System\EoGSDqG.exe
  2⤵
  PID:8944
- C:\Windows\System\IadJNAd.exe
  C:\Windows\System\IadJNAd.exe
  2⤵
  PID:8968
- C:\Windows\System\bKcMQQN.exe
  C:\Windows\System\bKcMQQN.exe
  2⤵
  PID:8984
- C:\Windows\System\PYyptEc.exe
  C:\Windows\System\PYyptEc.exe
  2⤵
  PID:9000
- C:\Windows\System\vyYeUQX.exe
  C:\Windows\System\vyYeUQX.exe
  2⤵
  PID:9020
- C:\Windows\System\lUYHhxF.exe
  C:\Windows\System\lUYHhxF.exe
  2⤵
  PID:9048
- C:\Windows\System\fpGtmBb.exe
  C:\Windows\System\fpGtmBb.exe
  2⤵
  PID:9080
- C:\Windows\System\olkPSpx.exe
  C:\Windows\System\olkPSpx.exe
  2⤵
  PID:9128
- C:\Windows\System\FlRVacM.exe
  C:\Windows\System\FlRVacM.exe
  2⤵
  PID:9152
- C:\Windows\System\uehtBjn.exe
  C:\Windows\System\uehtBjn.exe
  2⤵
  PID:9172
- C:\Windows\System\zfcvyQU.exe
  C:\Windows\System\zfcvyQU.exe
  2⤵
  PID:9192
- C:\Windows\System\DDMLvIE.exe
  C:\Windows\System\DDMLvIE.exe
  2⤵
  PID:7652
- C:\Windows\System\OlEANFd.exe
  C:\Windows\System\OlEANFd.exe
  2⤵
  PID:8256
- C:\Windows\System\iTxeOrH.exe
  C:\Windows\System\iTxeOrH.exe
  2⤵
  PID:8240
- C:\Windows\System\tCyZMax.exe
  C:\Windows\System\tCyZMax.exe
  2⤵
  PID:8456
- C:\Windows\System\JwxTtBU.exe
  C:\Windows\System\JwxTtBU.exe
  2⤵
  PID:8528
- C:\Windows\System\SQybqkp.exe
  C:\Windows\System\SQybqkp.exe
  2⤵
  PID:8592
- C:\Windows\System\qWDnKcg.exe
  C:\Windows\System\qWDnKcg.exe
  2⤵
  PID:8664
- C:\Windows\System\weHmUPG.exe
  C:\Windows\System\weHmUPG.exe
  2⤵
  PID:8728
- C:\Windows\System\EBFXukt.exe
  C:\Windows\System\EBFXukt.exe
  2⤵
  PID:8792
- C:\Windows\System\tMhQFcL.exe
  C:\Windows\System\tMhQFcL.exe
  2⤵
  PID:8832
- C:\Windows\System\obfNQBu.exe
  C:\Windows\System\obfNQBu.exe
  2⤵
  PID:8896
- C:\Windows\System\xGRoDxP.exe
  C:\Windows\System\xGRoDxP.exe
  2⤵
  PID:7720
- C:\Windows\System\AWPLeXF.exe
  C:\Windows\System\AWPLeXF.exe
  2⤵
  PID:8952
- C:\Windows\System\cZysEbV.exe
  C:\Windows\System\cZysEbV.exe
  2⤵
  PID:9028
- C:\Windows\System\sqsZrLD.exe
  C:\Windows\System\sqsZrLD.exe
  2⤵
  PID:9168
- C:\Windows\System\VkdPRRc.exe
  C:\Windows\System\VkdPRRc.exe
  2⤵
  PID:8224
- C:\Windows\System\HwhWyxh.exe
  C:\Windows\System\HwhWyxh.exe
  2⤵
  PID:8440
- C:\Windows\System\tsfTytl.exe
  C:\Windows\System\tsfTytl.exe
  2⤵
  PID:8548
- C:\Windows\System\FleaRnX.exe
  C:\Windows\System\FleaRnX.exe
  2⤵
  PID:8636
- C:\Windows\System\nNDDlIL.exe
  C:\Windows\System\nNDDlIL.exe
  2⤵
  PID:8756
- C:\Windows\System\hHiuIDb.exe
  C:\Windows\System\hHiuIDb.exe
  2⤵
  PID:9072
- C:\Windows\System\MoQtXfV.exe
  C:\Windows\System\MoQtXfV.exe
  2⤵
  PID:9144
- C:\Windows\System\wpIruOw.exe
  C:\Windows\System\wpIruOw.exe
  2⤵
  PID:8668
- C:\Windows\System\CVIpzso.exe
  C:\Windows\System\CVIpzso.exe
  2⤵
  PID:8900
- C:\Windows\System\rWKwdBN.exe
  C:\Windows\System\rWKwdBN.exe
  2⤵
  PID:8076
- C:\Windows\System\wbxtfnM.exe
  C:\Windows\System\wbxtfnM.exe
  2⤵
  PID:8632
- C:\Windows\System\hOhIeia.exe
  C:\Windows\System\hOhIeia.exe
  2⤵
  PID:9232
- C:\Windows\System\DatNzjy.exe
  C:\Windows\System\DatNzjy.exe
  2⤵
  PID:9256
- C:\Windows\System\mFgwfLk.exe
  C:\Windows\System\mFgwfLk.exe
  2⤵
  PID:9280
- C:\Windows\System\KJJPcDy.exe
  C:\Windows\System\KJJPcDy.exe
  2⤵
  PID:9300
- C:\Windows\System\VhqhPcJ.exe
  C:\Windows\System\VhqhPcJ.exe
  2⤵
  PID:9340
- C:\Windows\System\lKeVgTf.exe
  C:\Windows\System\lKeVgTf.exe
  2⤵
  PID:9384
- C:\Windows\System\UvbYvns.exe
  C:\Windows\System\UvbYvns.exe
  2⤵
  PID:9440
- C:\Windows\System\ESrdktP.exe
  C:\Windows\System\ESrdktP.exe
  2⤵
  PID:9508
- C:\Windows\System\gMwKspr.exe
  C:\Windows\System\gMwKspr.exe
  2⤵
  PID:9524
- C:\Windows\System\NIocUoO.exe
  C:\Windows\System\NIocUoO.exe
  2⤵
  PID:9540
- C:\Windows\System\GcUgZSX.exe
  C:\Windows\System\GcUgZSX.exe
  2⤵
  PID:9616
- C:\Windows\System\Foyrbho.exe
  C:\Windows\System\Foyrbho.exe
  2⤵
  PID:9632
- C:\Windows\System\YNrPtBF.exe
  C:\Windows\System\YNrPtBF.exe
  2⤵
  PID:9648
- C:\Windows\System\lePmqpx.exe
  C:\Windows\System\lePmqpx.exe
  2⤵
  PID:9664
- C:\Windows\System\GejNFBn.exe
  C:\Windows\System\GejNFBn.exe
  2⤵
  PID:9680
- C:\Windows\System\FPNVEyy.exe
  C:\Windows\System\FPNVEyy.exe
  2⤵
  PID:9696
- C:\Windows\System\UOXodbh.exe
  C:\Windows\System\UOXodbh.exe
  2⤵
  PID:9712
- C:\Windows\System\jVnarZg.exe
  C:\Windows\System\jVnarZg.exe
  2⤵
  PID:9728
- C:\Windows\System\tvpIDER.exe
  C:\Windows\System\tvpIDER.exe
  2⤵
  PID:9748
- C:\Windows\System\ObUzdhE.exe
  C:\Windows\System\ObUzdhE.exe
  2⤵
  PID:9768
- C:\Windows\System\KrPXNjz.exe
  C:\Windows\System\KrPXNjz.exe
  2⤵
  PID:9788
- C:\Windows\System\VzkargH.exe
  C:\Windows\System\VzkargH.exe
  2⤵
  PID:9808
- C:\Windows\System\StrIuOP.exe
  C:\Windows\System\StrIuOP.exe
  2⤵
  PID:9932
- C:\Windows\System\letQIKF.exe
  C:\Windows\System\letQIKF.exe
  2⤵
  PID:9956
- C:\Windows\System\KZfRFsg.exe
  C:\Windows\System\KZfRFsg.exe
  2⤵
  PID:9976
- C:\Windows\System\kGCQXBA.exe
  C:\Windows\System\kGCQXBA.exe
  2⤵
  PID:10008
- C:\Windows\System\YJhXzDh.exe
  C:\Windows\System\YJhXzDh.exe
  2⤵
  PID:10048
- C:\Windows\System\YrPhbof.exe
  C:\Windows\System\YrPhbof.exe
  2⤵
  PID:10068
- C:\Windows\System\BGAWrpp.exe
  C:\Windows\System\BGAWrpp.exe
  2⤵
  PID:10100
- C:\Windows\System\zbddSFH.exe
  C:\Windows\System\zbddSFH.exe
  2⤵
  PID:10124
- C:\Windows\System\fvKWfHV.exe
  C:\Windows\System\fvKWfHV.exe
  2⤵
  PID:10140
- C:\Windows\System\SYngtAg.exe
  C:\Windows\System\SYngtAg.exe
  2⤵
  PID:10188
- C:\Windows\System\gtNoUUI.exe
  C:\Windows\System\gtNoUUI.exe
  2⤵
  PID:10212
- C:\Windows\System\Upyqkap.exe
  C:\Windows\System\Upyqkap.exe
  2⤵
  PID:9288
- C:\Windows\System\gBVamXZ.exe
  C:\Windows\System\gBVamXZ.exe
  2⤵
  PID:9400
- C:\Windows\System\vqkFVUW.exe
  C:\Windows\System\vqkFVUW.exe
  2⤵
  PID:9496
- C:\Windows\System\twfJJqO.exe
  C:\Windows\System\twfJJqO.exe
  2⤵
  PID:9364
- C:\Windows\System\xWrSnDX.exe
  C:\Windows\System\xWrSnDX.exe
  2⤵
  PID:9536
- C:\Windows\System\fffiDLQ.exe
  C:\Windows\System\fffiDLQ.exe
  2⤵
  PID:9460
- C:\Windows\System\WPyJtGQ.exe
  C:\Windows\System\WPyJtGQ.exe
  2⤵
  PID:9548
- C:\Windows\System\flkUrkg.exe
  C:\Windows\System\flkUrkg.exe
  2⤵
  PID:9572
- C:\Windows\System\LEBxANV.exe
  C:\Windows\System\LEBxANV.exe
  2⤵
  PID:9592
- C:\Windows\System\LSIHUaZ.exe
  C:\Windows\System\LSIHUaZ.exe
  2⤵
  PID:9692
- C:\Windows\System\OUTGoTA.exe
  C:\Windows\System\OUTGoTA.exe
  2⤵
  PID:9820
- C:\Windows\System\NzDnLzU.exe
  C:\Windows\System\NzDnLzU.exe
  2⤵
  PID:9832
- C:\Windows\System\TQTfWJZ.exe
  C:\Windows\System\TQTfWJZ.exe
  2⤵
  PID:9948
- C:\Windows\System\BqPQMtO.exe
  C:\Windows\System\BqPQMtO.exe
  2⤵
  PID:9916
- C:\Windows\System\oFsNEwr.exe
  C:\Windows\System\oFsNEwr.exe
  2⤵
  PID:10148
- C:\Windows\System\Zjvcigu.exe
  C:\Windows\System\Zjvcigu.exe
  2⤵
  PID:10080
- C:\Windows\System\YkIPdsq.exe
  C:\Windows\System\YkIPdsq.exe
  2⤵
  PID:10180
- C:\Windows\System\fUZssoN.exe
  C:\Windows\System\fUZssoN.exe
  2⤵
  PID:9332
- C:\Windows\System\deIcNzs.exe
  C:\Windows\System\deIcNzs.exe
  2⤵
  PID:9420
- C:\Windows\System\fYOYRzU.exe
  C:\Windows\System\fYOYRzU.exe
  2⤵
  PID:9504
- C:\Windows\System\LBYSwCl.exe
  C:\Windows\System\LBYSwCl.exe
  2⤵
  PID:9560
- C:\Windows\System\BOzhnnm.exe
  C:\Windows\System\BOzhnnm.exe
  2⤵
  PID:9760
- C:\Windows\System\ERpirNm.exe
  C:\Windows\System\ERpirNm.exe
  2⤵
  PID:10016
- C:\Windows\System\qGbtWDw.exe
  C:\Windows\System\qGbtWDw.exe
  2⤵
  PID:9892
- C:\Windows\System\AOyZrWV.exe
  C:\Windows\System\AOyZrWV.exe
  2⤵
  PID:10060
- C:\Windows\System\AovtHXR.exe
  C:\Windows\System\AovtHXR.exe
  2⤵
  PID:8848
- C:\Windows\System\xwrbanM.exe
  C:\Windows\System\xwrbanM.exe
  2⤵
  PID:9580
- C:\Windows\System\hxHWkwu.exe
  C:\Windows\System\hxHWkwu.exe
  2⤵
  PID:9740
- C:\Windows\System\etgPxJy.exe
  C:\Windows\System\etgPxJy.exe
  2⤵
  PID:10004
- C:\Windows\System\OVPDMio.exe
  C:\Windows\System\OVPDMio.exe
  2⤵
  PID:10248
- C:\Windows\System\FuWcjyU.exe
  C:\Windows\System\FuWcjyU.exe
  2⤵
  PID:10288
- C:\Windows\System\hUMTOeo.exe
  C:\Windows\System\hUMTOeo.exe
  2⤵
  PID:10312
- C:\Windows\System\pMgXkms.exe
  C:\Windows\System\pMgXkms.exe
  2⤵
  PID:10336
- C:\Windows\System\tTZkrdY.exe
  C:\Windows\System\tTZkrdY.exe
  2⤵
  PID:10356
- C:\Windows\System\XwAAguR.exe
  C:\Windows\System\XwAAguR.exe
  2⤵
  PID:10384
- C:\Windows\System\pQOBueC.exe
  C:\Windows\System\pQOBueC.exe
  2⤵
  PID:10400
- C:\Windows\System\MnmbfMM.exe
  C:\Windows\System\MnmbfMM.exe
  2⤵
  PID:10416
- C:\Windows\System\LddXbGn.exe
  C:\Windows\System\LddXbGn.exe
  2⤵
  PID:10488
- C:\Windows\System\kUKEwKo.exe
  C:\Windows\System\kUKEwKo.exe
  2⤵
  PID:10520
- C:\Windows\System\gybduWh.exe
  C:\Windows\System\gybduWh.exe
  2⤵
  PID:10536
- C:\Windows\System\nWojNwo.exe
  C:\Windows\System\nWojNwo.exe
  2⤵
  PID:10552
- C:\Windows\System\oixLiFz.exe
  C:\Windows\System\oixLiFz.exe
  2⤵
  PID:10572
- C:\Windows\System\OoQhrua.exe
  C:\Windows\System\OoQhrua.exe
  2⤵
  PID:10600
- C:\Windows\System\muUbDNy.exe
  C:\Windows\System\muUbDNy.exe
  2⤵
  PID:10624
- C:\Windows\System\PfmoVbY.exe
  C:\Windows\System\PfmoVbY.exe
  2⤵
  PID:10640
- C:\Windows\System\KPBknzl.exe
  C:\Windows\System\KPBknzl.exe
  2⤵
  PID:10668
- C:\Windows\System\CXLbOZp.exe
  C:\Windows\System\CXLbOZp.exe
  2⤵
  PID:10684
- C:\Windows\System\mfsmuDP.exe
  C:\Windows\System\mfsmuDP.exe
  2⤵
  PID:10752
- C:\Windows\System\wZYZdjK.exe
  C:\Windows\System\wZYZdjK.exe
  2⤵
  PID:10784
- C:\Windows\System\YsqKqxN.exe
  C:\Windows\System\YsqKqxN.exe
  2⤵
  PID:10804
- C:\Windows\System\pzmYmJA.exe
  C:\Windows\System\pzmYmJA.exe
  2⤵
  PID:10828
- C:\Windows\System\vPAnyFM.exe
  C:\Windows\System\vPAnyFM.exe
  2⤵
  PID:10848
- C:\Windows\System\EVMYkvT.exe
  C:\Windows\System\EVMYkvT.exe
  2⤵
  PID:10888
- C:\Windows\System\bhbUSjL.exe
  C:\Windows\System\bhbUSjL.exe
  2⤵
  PID:10940
- C:\Windows\System\BDrBimE.exe
  C:\Windows\System\BDrBimE.exe
  2⤵
  PID:10972
- C:\Windows\System\CRPqpgd.exe
  C:\Windows\System\CRPqpgd.exe
  2⤵
  PID:10992
- C:\Windows\System\kGdVJUc.exe
  C:\Windows\System\kGdVJUc.exe
  2⤵
  PID:11032
- C:\Windows\System\XfjhIJC.exe
  C:\Windows\System\XfjhIJC.exe
  2⤵
  PID:11052
- C:\Windows\System\nnDioAh.exe
  C:\Windows\System\nnDioAh.exe
  2⤵
  PID:11076
- C:\Windows\System\rWYbCQM.exe
  C:\Windows\System\rWYbCQM.exe
  2⤵
  PID:11092
- C:\Windows\System\CiUZMpC.exe
  C:\Windows\System\CiUZMpC.exe
  2⤵
  PID:11116
- C:\Windows\System\GfYzkwp.exe
  C:\Windows\System\GfYzkwp.exe
  2⤵
  PID:11148
- C:\Windows\System\ZCbIgiQ.exe
  C:\Windows\System\ZCbIgiQ.exe
  2⤵
  PID:11164
- C:\Windows\System\pHKPeql.exe
  C:\Windows\System\pHKPeql.exe
  2⤵
  PID:11216
- C:\Windows\System\URUnAoq.exe
  C:\Windows\System\URUnAoq.exe
  2⤵
  PID:11240
- C:\Windows\System\tmVTuJi.exe
  C:\Windows\System\tmVTuJi.exe
  2⤵
  PID:11256
- C:\Windows\System\bwjkJLa.exe
  C:\Windows\System\bwjkJLa.exe
  2⤵
  PID:9836
- C:\Windows\System\bVuCybL.exe
  C:\Windows\System\bVuCybL.exe
  2⤵
  PID:10280
- C:\Windows\System\KnRPgin.exe
  C:\Windows\System\KnRPgin.exe
  2⤵
  PID:10392
- C:\Windows\System\IzsFWJy.exe
  C:\Windows\System\IzsFWJy.exe
  2⤵
  PID:10412
- C:\Windows\System\yVNGqEK.exe
  C:\Windows\System\yVNGqEK.exe
  2⤵
  PID:10528
- C:\Windows\System\yCjxdku.exe
  C:\Windows\System\yCjxdku.exe
  2⤵
  PID:10588
- C:\Windows\System\hheKiRU.exe
  C:\Windows\System\hheKiRU.exe
  2⤵
  PID:10632
- C:\Windows\System\uhzhbuI.exe
  C:\Windows\System\uhzhbuI.exe
  2⤵
  PID:10656
- C:\Windows\System\QFkgrSN.exe
  C:\Windows\System\QFkgrSN.exe
  2⤵
  PID:10736
- C:\Windows\System\IkwReHb.exe
  C:\Windows\System\IkwReHb.exe
  2⤵
  PID:10780
- C:\Windows\System\UnRORSt.exe
  C:\Windows\System\UnRORSt.exe
  2⤵
  PID:10836
- C:\Windows\System\duyNzne.exe
  C:\Windows\System\duyNzne.exe
  2⤵
  PID:10960
- C:\Windows\System\jfAgKiF.exe
  C:\Windows\System\jfAgKiF.exe
  2⤵
  PID:11072
- C:\Windows\System\jpJCBmz.exe
  C:\Windows\System\jpJCBmz.exe
  2⤵
  PID:11108
- C:\Windows\System\bVklWNs.exe
  C:\Windows\System\bVklWNs.exe
  2⤵
  PID:11204
- C:\Windows\System\hEBGvhV.exe
  C:\Windows\System\hEBGvhV.exe
  2⤵
  PID:11224
- C:\Windows\System\DwprKDJ.exe
  C:\Windows\System\DwprKDJ.exe
  2⤵
  PID:11248
- C:\Windows\System\WtFcZQA.exe
  C:\Windows\System\WtFcZQA.exe
  2⤵
  PID:10332
- C:\Windows\System\rLNMLXU.exe
  C:\Windows\System\rLNMLXU.exe
  2⤵
  PID:10484
- C:\Windows\System\kPKFKTt.exe
  C:\Windows\System\kPKFKTt.exe
  2⤵
  PID:10636
- C:\Windows\System\TWvVWaq.exe
  C:\Windows\System\TWvVWaq.exe
  2⤵
  PID:10876
- C:\Windows\System\SVWQXjB.exe
  C:\Windows\System\SVWQXjB.exe
  2⤵
  PID:10936
- C:\Windows\System\BWSkiem.exe
  C:\Windows\System\BWSkiem.exe
  2⤵
  PID:11084
- C:\Windows\System\JizGqLU.exe
  C:\Windows\System\JizGqLU.exe
  2⤵
  PID:10396
- C:\Windows\System\UAtMsJN.exe
  C:\Windows\System\UAtMsJN.exe
  2⤵
  PID:9500
- C:\Windows\System\LxMSdfP.exe
  C:\Windows\System\LxMSdfP.exe
  2⤵
  PID:10680
- C:\Windows\System\DffcTSR.exe
  C:\Windows\System\DffcTSR.exe
  2⤵
  PID:11012
- C:\Windows\System\ykFONYB.exe
  C:\Windows\System\ykFONYB.exe
  2⤵
  PID:11156
- C:\Windows\System\miNLRyj.exe
  C:\Windows\System\miNLRyj.exe
  2⤵
  PID:11268
- C:\Windows\System\njvSHLH.exe
  C:\Windows\System\njvSHLH.exe
  2⤵
  PID:11292
- C:\Windows\System\tqBobjB.exe
  C:\Windows\System\tqBobjB.exe
  2⤵
  PID:11344
- C:\Windows\System\VflXPfi.exe
  C:\Windows\System\VflXPfi.exe
  2⤵
  PID:11372
- C:\Windows\System\mZiJcJR.exe
  C:\Windows\System\mZiJcJR.exe
  2⤵
  PID:11392
- C:\Windows\System\OgPKqpz.exe
  C:\Windows\System\OgPKqpz.exe
  2⤵
  PID:11416
- C:\Windows\System\OkybeNr.exe
  C:\Windows\System\OkybeNr.exe
  2⤵
  PID:11436
- C:\Windows\System\uusmJCW.exe
  C:\Windows\System\uusmJCW.exe
  2⤵
  PID:11480
- C:\Windows\System\ldJfvpo.exe
  C:\Windows\System\ldJfvpo.exe
  2⤵
  PID:11532
- C:\Windows\System\KNSDcWr.exe
  C:\Windows\System\KNSDcWr.exe
  2⤵
  PID:11556
- C:\Windows\System\NTZusJh.exe
  C:\Windows\System\NTZusJh.exe
  2⤵
  PID:11572
- C:\Windows\System\NmpVPnZ.exe
  C:\Windows\System\NmpVPnZ.exe
  2⤵
  PID:11624
- C:\Windows\System\ECKGIXt.exe
  C:\Windows\System\ECKGIXt.exe
  2⤵
  PID:11656
- C:\Windows\System\xuCSHmr.exe
  C:\Windows\System\xuCSHmr.exe
  2⤵
  PID:11688
- C:\Windows\System\EtMIIMl.exe
  C:\Windows\System\EtMIIMl.exe
  2⤵
  PID:11708
- C:\Windows\System\Ozsrwar.exe
  C:\Windows\System\Ozsrwar.exe
  2⤵
  PID:11748
- C:\Windows\System\jeNybKT.exe
  C:\Windows\System\jeNybKT.exe
  2⤵
  PID:11776
- C:\Windows\System\qdUTCbi.exe
  C:\Windows\System\qdUTCbi.exe
  2⤵
  PID:11804
- C:\Windows\System\tczgVOw.exe
  C:\Windows\System\tczgVOw.exe
  2⤵
  PID:11824
- C:\Windows\System\JiXOhiq.exe
  C:\Windows\System\JiXOhiq.exe
  2⤵
  PID:11848
- C:\Windows\System\jUDEzFt.exe
  C:\Windows\System\jUDEzFt.exe
  2⤵
  PID:11888
- C:\Windows\System\AKBzlVb.exe
  C:\Windows\System\AKBzlVb.exe
  2⤵
  PID:11904
- C:\Windows\System\SUDthFU.exe
  C:\Windows\System\SUDthFU.exe
  2⤵
  PID:11924
- C:\Windows\System\YkhFQGm.exe
  C:\Windows\System\YkhFQGm.exe
  2⤵
  PID:11948
- C:\Windows\System\UrKKigp.exe
  C:\Windows\System\UrKKigp.exe
  2⤵
  PID:11984
- C:\Windows\System\RqGqGLH.exe
  C:\Windows\System\RqGqGLH.exe
  2⤵
  PID:12008
- C:\Windows\System\dyeqeEf.exe
  C:\Windows\System\dyeqeEf.exe
  2⤵
  PID:12032
- C:\Windows\System\KOhiZTP.exe
  C:\Windows\System\KOhiZTP.exe
  2⤵
  PID:12048
- C:\Windows\System\bQbKANU.exe
  C:\Windows\System\bQbKANU.exe
  2⤵
  PID:12104
- C:\Windows\System\VSRFMhW.exe
  C:\Windows\System\VSRFMhW.exe
  2⤵
  PID:12128
- C:\Windows\System\HLbfGSJ.exe
  C:\Windows\System\HLbfGSJ.exe
  2⤵
  PID:12168
- C:\Windows\System\qaSJWfE.exe
  C:\Windows\System\qaSJWfE.exe
  2⤵
  PID:12196
- C:\Windows\System\MXYvRhv.exe
  C:\Windows\System\MXYvRhv.exe
  2⤵
  PID:12216
- C:\Windows\System\sDuEFwG.exe
  C:\Windows\System\sDuEFwG.exe
  2⤵
  PID:12240
- C:\Windows\System\iwTmewL.exe
  C:\Windows\System\iwTmewL.exe
  2⤵
  PID:12264
- C:\Windows\System\dhgnefB.exe
  C:\Windows\System\dhgnefB.exe
  2⤵
  PID:11136
- C:\Windows\System\dPQiJhO.exe
  C:\Windows\System\dPQiJhO.exe
  2⤵
  PID:1840
- C:\Windows\System\GjyDCNv.exe
  C:\Windows\System\GjyDCNv.exe
  2⤵
  PID:11320
- C:\Windows\System\UiZLmZA.exe
  C:\Windows\System\UiZLmZA.exe
  2⤵
  PID:11428
- C:\Windows\System\hCCQnoo.exe
  C:\Windows\System\hCCQnoo.exe
  2⤵
  PID:11384
- C:\Windows\System\ziGTijE.exe
  C:\Windows\System\ziGTijE.exe
  2⤵
  PID:11508
- C:\Windows\System\ovpIXcV.exe
  C:\Windows\System\ovpIXcV.exe
  2⤵
  PID:11544
- C:\Windows\System\rizjWDT.exe
  C:\Windows\System\rizjWDT.exe
  2⤵
  PID:11616
- C:\Windows\System\kxAXimE.exe
  C:\Windows\System\kxAXimE.exe
  2⤵
  PID:11680
- C:\Windows\System\EEfJuVW.exe
  C:\Windows\System\EEfJuVW.exe
  2⤵
  PID:11724
- C:\Windows\System\TcfLzRF.exe
  C:\Windows\System\TcfLzRF.exe
  2⤵
  PID:11764
- C:\Windows\System\joHwBLa.exe
  C:\Windows\System\joHwBLa.exe
  2⤵
  PID:10964
- C:\Windows\System\KGCjVDl.exe
  C:\Windows\System\KGCjVDl.exe
  2⤵
  PID:11920
- C:\Windows\System\ekabOKb.exe
  C:\Windows\System\ekabOKb.exe
  2⤵
  PID:11972
- C:\Windows\System\sMfOnkR.exe
  C:\Windows\System\sMfOnkR.exe
  2⤵
  PID:12016
- C:\Windows\System\yWRExbp.exe
  C:\Windows\System\yWRExbp.exe
  2⤵
  PID:12044
- C:\Windows\System\NFVgyab.exe
  C:\Windows\System\NFVgyab.exe
  2⤵
  PID:6900
- C:\Windows\System\kUyMzPK.exe
  C:\Windows\System\kUyMzPK.exe
  2⤵
  PID:12256
- C:\Windows\System\JCVoTaE.exe
  C:\Windows\System\JCVoTaE.exe
  2⤵
  PID:10468
- C:\Windows\System\FjegKLT.exe
  C:\Windows\System\FjegKLT.exe
  2⤵
  PID:11280
- C:\Windows\System\fIXerlg.exe
  C:\Windows\System\fIXerlg.exe
  2⤵
  PID:11388
- C:\Windows\System\HaLNjVq.exe
  C:\Windows\System\HaLNjVq.exe
  2⤵
  PID:4376
- C:\Windows\System\Uthxnyf.exe
  C:\Windows\System\Uthxnyf.exe
  2⤵
  PID:11736
- C:\Windows\System\eySvUny.exe
  C:\Windows\System\eySvUny.exe
  2⤵
  PID:11796
- C:\Windows\System\UmiaJLo.exe
  C:\Windows\System\UmiaJLo.exe
  2⤵
  PID:12088
- C:\Windows\System\OnyDTQe.exe
  C:\Windows\System\OnyDTQe.exe
  2⤵
  PID:12116
- C:\Windows\System\JUVeUgz.exe
  C:\Windows\System\JUVeUgz.exe
  2⤵
  PID:11408
- C:\Windows\System\vWBgdea.exe
  C:\Windows\System\vWBgdea.exe
  2⤵
  PID:11568
- C:\Windows\System\RLQuBfe.exe
  C:\Windows\System\RLQuBfe.exe
  2⤵
  PID:11900
- C:\Windows\System\jdEMxcK.exe
  C:\Windows\System\jdEMxcK.exe
  2⤵
  PID:12000
- C:\Windows\System\frwrLyX.exe
  C:\Windows\System\frwrLyX.exe
  2⤵
  PID:9484
- C:\Windows\System\cDuPpeB.exe
  C:\Windows\System\cDuPpeB.exe
  2⤵
  PID:12236
- C:\Windows\System\UgXgXlV.exe
  C:\Windows\System\UgXgXlV.exe
  2⤵
  PID:12308
- C:\Windows\System\IPnYEQd.exe
  C:\Windows\System\IPnYEQd.exe
  2⤵
  PID:12336
- C:\Windows\System\bnSwpyf.exe
  C:\Windows\System\bnSwpyf.exe
  2⤵
  PID:12352
- C:\Windows\System\ZgEmiBj.exe
  C:\Windows\System\ZgEmiBj.exe
  2⤵
  PID:12396
- C:\Windows\System\wnFiJMH.exe
  C:\Windows\System\wnFiJMH.exe
  2⤵
  PID:12432
- C:\Windows\System\BPKHvqH.exe
  C:\Windows\System\BPKHvqH.exe
  2⤵
  PID:12456
- C:\Windows\System\PhXbqyf.exe
  C:\Windows\System\PhXbqyf.exe
  2⤵
  PID:12480
- C:\Windows\System\yggutwB.exe
  C:\Windows\System\yggutwB.exe
  2⤵
  PID:12524
- C:\Windows\System\vTYWpwP.exe
  C:\Windows\System\vTYWpwP.exe
  2⤵
  PID:12540
- C:\Windows\System\NqDGUDI.exe
  C:\Windows\System\NqDGUDI.exe
  2⤵
  PID:12572
- C:\Windows\System\ZyprmMm.exe
  C:\Windows\System\ZyprmMm.exe
  2⤵
  PID:12592
- C:\Windows\System\aRZAzhe.exe
  C:\Windows\System\aRZAzhe.exe
  2⤵
  PID:12616
- C:\Windows\System\vPZbfHX.exe
  C:\Windows\System\vPZbfHX.exe
  2⤵
  PID:12640
- C:\Windows\System\xtphSpF.exe
  C:\Windows\System\xtphSpF.exe
  2⤵
  PID:12660
- C:\Windows\System\ndnvLfL.exe
  C:\Windows\System\ndnvLfL.exe
  2⤵
  PID:12676
- C:\Windows\System\GjqTuMp.exe
  C:\Windows\System\GjqTuMp.exe
  2⤵
  PID:12728
- C:\Windows\System\QCiJIyc.exe
  C:\Windows\System\QCiJIyc.exe
  2⤵
  PID:12744
- C:\Windows\System\THXeQxX.exe
  C:\Windows\System\THXeQxX.exe
  2⤵
  PID:12784
- C:\Windows\System\oxYkTHy.exe
  C:\Windows\System\oxYkTHy.exe
  2⤵
  PID:12804
- C:\Windows\System\RoaFXsK.exe
  C:\Windows\System\RoaFXsK.exe
  2⤵
  PID:12844
- C:\Windows\System\dDAyIPY.exe
  C:\Windows\System\dDAyIPY.exe
  2⤵
  PID:12860
- C:\Windows\System\nDOxAYC.exe
  C:\Windows\System\nDOxAYC.exe
  2⤵
  PID:12884
- C:\Windows\System\yhIMfSW.exe
  C:\Windows\System\yhIMfSW.exe
  2⤵
  PID:12912
- C:\Windows\System\WmzkpvF.exe
  C:\Windows\System\WmzkpvF.exe
  2⤵
  PID:12936
- C:\Windows\System\WfKKGkC.exe
  C:\Windows\System\WfKKGkC.exe
  2⤵
  PID:12972
- C:\Windows\System\NcxBNds.exe
  C:\Windows\System\NcxBNds.exe
  2⤵
  PID:12996
- C:\Windows\System\MZcEQrM.exe
  C:\Windows\System\MZcEQrM.exe
  2⤵
  PID:13012
- C:\Windows\System\dFZnYNe.exe
  C:\Windows\System\dFZnYNe.exe
  2⤵
  PID:13060
- C:\Windows\System\hAOvqzz.exe
  C:\Windows\System\hAOvqzz.exe
  2⤵
  PID:13080
- C:\Windows\System\UQmghaF.exe
  C:\Windows\System\UQmghaF.exe
  2⤵
  PID:13100
- C:\Windows\System\BsGLuTA.exe
  C:\Windows\System\BsGLuTA.exe
  2⤵
  PID:13292
- C:\Windows\System\mlUfnUy.exe
  C:\Windows\System\mlUfnUy.exe
  2⤵
  PID:13308
- C:\Windows\System\WOTxCWY.exe
  C:\Windows\System\WOTxCWY.exe
  2⤵
  PID:6864
- C:\Windows\System\oXzQowj.exe
  C:\Windows\System\oXzQowj.exe
  2⤵
  PID:12300
- C:\Windows\System\bhBIYqK.exe
  C:\Windows\System\bhBIYqK.exe
  2⤵
  PID:12316
- C:\Windows\System\GIwBcDh.exe
  C:\Windows\System\GIwBcDh.exe
  2⤵
  PID:12384
- C:\Windows\System\VXSRmNh.exe
  C:\Windows\System\VXSRmNh.exe
  2⤵
  PID:12492
- C:\Windows\System\EPkHdLi.exe
  C:\Windows\System\EPkHdLi.exe
  2⤵
  PID:12560
- C:\Windows\System\pTnWsVz.exe
  C:\Windows\System\pTnWsVz.exe
  2⤵
  PID:12624
- C:\Windows\System\NWcHyMG.exe
  C:\Windows\System\NWcHyMG.exe
  2⤵
  PID:12632
- C:\Windows\System\BLVorkc.exe
  C:\Windows\System\BLVorkc.exe
  2⤵
  PID:12816
- C:\Windows\System\iSdWgGp.exe
  C:\Windows\System\iSdWgGp.exe
  2⤵
  PID:12852
- C:\Windows\System\bboScXo.exe
  C:\Windows\System\bboScXo.exe
  2⤵
  PID:12980
- C:\Windows\System\MEtkvme.exe
  C:\Windows\System\MEtkvme.exe
  2⤵
  PID:13124
- C:\Windows\System\FYPCDgW.exe
  C:\Windows\System\FYPCDgW.exe
  2⤵
  PID:12668
- C:\Windows\System\HnNDqBY.exe
  C:\Windows\System\HnNDqBY.exe
  2⤵
  PID:12968
- C:\Windows\System\gEJRWna.exe
  C:\Windows\System\gEJRWna.exe
  2⤵
  PID:13072
- C:\Windows\System\ZxrpkBD.exe
  C:\Windows\System\ZxrpkBD.exe
  2⤵
  PID:13148
- C:\Windows\System\WqVycse.exe
  C:\Windows\System\WqVycse.exe
  2⤵
  PID:13252
- C:\Windows\System\CKgStfv.exe
  C:\Windows\System\CKgStfv.exe
  2⤵
  PID:13248
- C:\Windows\System\gYYFmrk.exe
  C:\Windows\System\gYYFmrk.exe
  2⤵
  PID:13300
- C:\Windows\System\ZbKSsGc.exe
  C:\Windows\System\ZbKSsGc.exe
  2⤵
  PID:13200
- C:\Windows\System\HJZxNHB.exe
  C:\Windows\System\HJZxNHB.exe
  2⤵
  PID:13216
- C:\Windows\System\yBogcIA.exe
  C:\Windows\System\yBogcIA.exe
  2⤵
  PID:12600
- C:\Windows\System\ZCLjulq.exe
  C:\Windows\System\ZCLjulq.exe
  2⤵
  PID:12656
- C:\Windows\System\FbWSblH.exe
  C:\Windows\System\FbWSblH.exe
  2⤵
  PID:12796
- C:\Windows\System\dKhlVll.exe
  C:\Windows\System\dKhlVll.exe
  2⤵
  PID:556
- C:\Windows\System\YdkeuSL.exe
  C:\Windows\System\YdkeuSL.exe
  2⤵
  PID:3980
- C:\Windows\System\QeRGYop.exe
  C:\Windows\System\QeRGYop.exe
  2⤵
  PID:2432
- C:\Windows\System\luqJSKW.exe
  C:\Windows\System\luqJSKW.exe
  2⤵
  PID:13136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yrbrz0ft.cyp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BdSHgTo.exe

Filesize
1.9MB

MD5
482b16f61450521e612d458d59c85148

SHA1
123221a50788a96c1b8858e2dc61dde5657f9cb9

SHA256
c595fdbe194d2b0f49a54b2de33253e7921c10b37439109d4bb82c6bcccee7dd

SHA512
5152653bb3dbd0a3fcc2ca8cd84f990a09ff7c18808c929e70c07a846ee455da7a89610ec82ec95453bbeae276ac1bd8597fa0f47fec8ca71364b982e01c566a

Download Submit
C:\Windows\System\BlSYnEN.exe

Filesize
1.9MB

MD5
06bf64fa7c2da4c7978bbffc3bf3d490

SHA1
6345067bc151fa98b3e1a894b38f5067c3cda6d3

SHA256
c83ad4709d934bf301b083c1bbbf79bce51bde2c928d15f2afcb9d5ba222b10d

SHA512
a86e30455e6cd3da11766d1fe382f8f20bd5d666eed0e943792c6a8714fe083c4cea68eb5719ddf2938b11030d13d23bd7e2d22fd5d2f01417398e8a9b612efc

Download Submit
C:\Windows\System\BxqOcfG.exe

Filesize
1.9MB

MD5
f8a2b2b70fe0835f1ea1bafaf2d4cd15

SHA1
8c7d62b37873dbf09b92c987766af59b0db8aa09

SHA256
bb1bfdd6b93524d9bf128e78a032f85794b38405a001840e9f1e006f9bab9d10

SHA512
7823014efdaa499771fd957b35c45bafbd8f1896d6e9fc3b9adb71042752699a6331a60fccd361705fc4f65219afefeffae8eab62bcb2875dad2f55788558a6f

Download Submit
C:\Windows\System\DIFlcRy.exe

Filesize
1.9MB

MD5
e8c56b1ce6c0a5bc29213c8e17473d45

SHA1
832ef87087bde5839f9c34c517999e972124e023

SHA256
22f988e9f989c6e6f8d7f0413e1b72a1f32f12d0f8e992dbd0557171abcb9ba3

SHA512
cdf44c76b4c0d822f9ac38d8e3700a907c3082934472c1cacc1f9f28acecfaef66dcc269b4944ca7ae71342ab8c389f03b1466e5aae6be028d7b219e2f93038d

Download Submit
C:\Windows\System\GbtZevB.exe

Filesize
1.9MB

MD5
8c7a8d9d7a8d487cd51bf2ea556fb2b0

SHA1
4e3b183a2f99b15be0671d6b7dab54716c6e24c9

SHA256
fe3a7fb4a9c258eab131d84ccffd5c18488f380540497b77c3e042acfbbbc63a

SHA512
22594ddc5555d27f97560898ce05bb969c7ba95cf310374a0c5088dafdddb8158f8f748090ca291b5cf7716072a276fcf27a6e6b94832e2a7dc025d4e9fd1ede

Download Submit
C:\Windows\System\HDtOgAn.exe

Filesize
1.8MB

MD5
c5a80ecacbf2ea3bc9c72a85933bf1f9

SHA1
c09cad2aadb044cd2976313841901b45f990d6a3

SHA256
795070a61f69fc57e5a2b017dbbdebf150ef70e909d6df6cb9d704418632f417

SHA512
0d5be501d9ff40988b980b7b461c0f18e9c9336827894b83c4732c94b99fed4e072267cc4b2e6080f56a29bfc2b89af7e4879fdb90c4fd1dd73efd490fc786c7

Download Submit
C:\Windows\System\JaYDklY.exe

Filesize
1.9MB

MD5
56f0ccfc890ae2a71b4f96db45e57af1

SHA1
007f1813399687530910b1ec4a4dddeead20483d

SHA256
f564cabbed4eac1afc7922e41e7d317fb6a5130c5d5de6a67635aa2a35e6acc7

SHA512
254976d3b557ad5aa3c381e289f3ecf9c3d4be96181d808c29b8c6013b3c77f37cdecd7f0c360bb67b4b3c7544db183bf61c4c02a174c6a40dd1a69c5a97b3c7

Download Submit
C:\Windows\System\MyajKQj.exe

Filesize
1.9MB

MD5
e42bb38b9f189c6196a7df8b30943639

SHA1
76bf8c36190aef54f9d014b6b2235185c6dfabd0

SHA256
103decf3129b3443a7070a08c49b1cc3fd95a813978dd81c058eedff62a2293a

SHA512
6faf3d57c06d24717b443691de01b90476a4a3f2d64e1fbb7a570c6afb8065fa5719270c101bef41d2a71188b2c4c4e8f1165fe1f83851400ae51f5fc917d170

Download Submit
C:\Windows\System\NbIYLdn.exe

Filesize
1.9MB

MD5
214a696694f853f4d7aa0233246baab7

SHA1
96c61a88ee3d330714a3d48d0ad1ae009b7e0aac

SHA256
b6481f0c98baa31f959aff8cd7513071109f5613820f755fdff7dcea1968b57c

SHA512
7a57b29c5abde9778aa9105e29320225ba755c8b6ed5a3a8e497763c635ebb3d8f736318c90fc0748e6b47115592a11bd96a3b77e3535cf647cb732a92b61dc0

Download Submit
C:\Windows\System\NpcNcDd.exe

Filesize
1.9MB

MD5
7fb7c0dac012a2dc1a35f2345d9fc1e6

SHA1
8feee6527c92f5f73c18c8f576af08a79f43eae5

SHA256
d1ecc6888d28c95b239da4b30507429c82ef1a6fda39d7b26ad0988a07399eb2

SHA512
73023723c787c13828c969f89e5f373ac0cf2f773a2e4784f30e13a68e0d55861765764eb48e0563eefe16dd534d00f2dea5fbd07d02ad7e7ab25f3ced91fdfc

Download Submit
C:\Windows\System\PJZdQtA.exe

Filesize
1.9MB

MD5
0d34451110424f01286e8756973b23ec

SHA1
cd96e06309d9eaed7b76ab1295e3ace61b60ae67

SHA256
119a0bbf842b2f68ecb746d077f5271c0a46e83d67c1d2b4f1081f5f0b618d9b

SHA512
d45fc2a99f944952b74d80a8114014cec546a7522b914ea18cbd1c76b17f0b19a747b52a4346fea26759ef227806ee46d5d28e979bcb0e06e694dba1c2295d16

Download Submit
C:\Windows\System\PTKrSja.exe

Filesize
1.8MB

MD5
e0e3cdd9788d2c8d0a910ab28f2a876c

SHA1
0e5a78edb6b862b442fbfa02fc60903f31aa32d7

SHA256
eb26826836080fe2391f50a6ac267dea1624126c056780a99abe256899c18d7d

SHA512
fa01e71f6b5c46d89e48f691a63d548e5b125fe39b7b4cbe889ac3cae6caa88aeb787df32962102c4a6ccda2a78b5716b8414f7828dd5f940dfb83f3d9f4f29b

Download Submit
C:\Windows\System\QroWQpT.exe

Filesize
1.8MB

MD5
c67fde3bcfa692065e3c0b9219856c9e

SHA1
2c238df386556fee61f01532ecfa1a381db18be7

SHA256
29b43408a429273c5610d3c49458adf481c53fcb1099ddce4636bdcc2b51944a

SHA512
31e0dc4660d78fa8e0daf8a9d87d6abd1e8b77ab07aff41cb975cd7f60c8afd4a8f06a0afcf64b8e8983574b447a95698c14affef8e14045b03890032122fccd

Download Submit
C:\Windows\System\QtQONJa.exe

Filesize
1.9MB

MD5
87fe039e2d8ddf9e2e41f6b784f26f47

SHA1
bae43acc59e9a7e59fdd066d9c593faf19c361f3

SHA256
01c2ede8463fa4666ca7a9c1f3ca80ff2964b85e81137dc0edb091f039b10269

SHA512
762bef504b0bdcc379edbf0632d3a5aa13e41f148692db8e3293896fb2fbbe67cd9e4b4b69b41969c0a3d494ac31d8c1a769f8e9d01d87d66d63b765535b34e7

Download Submit
C:\Windows\System\RYwQSCh.exe

Filesize
1.9MB

MD5
0b03a131416ac2ec4eb28afbf9579297

SHA1
6fcc69e34cad9178efa3a4dabc4a0af011cee99f

SHA256
c182a3e428480fd39c031de2cd160571f283b3be46342ea2d8afdc6c43711b96

SHA512
09707b0edca97e4ba2b5080036a669b097cf34887c1d7590837cb07c50b81434b65b4d2f8cc49c40d0d86b63c495cf4ea3eec8290475dcd8528e77f4a75c0031

Download Submit
C:\Windows\System\TVNohqG.exe

Filesize
1.9MB

MD5
e19e2ba99bbe6586f61aee8cf0a89c92

SHA1
4998c86784b652f6d23612d41f6691ffb343161c

SHA256
cc40eb5f21b2d7bb1e1b19aa4e45779562c5f1e65fb4578d0dc7ec96b383845b

SHA512
6c0de3ad13fb114c7fc2296cab9b54d4f576bb1f8876a510c28dc25216e65cb7c39106a10ca0b2205c5c2a6dcd4de57110de3dfe0dd9d44f4a2a50be70dcf34d

Download Submit
C:\Windows\System\TbUTSzG.exe

Filesize
1.9MB

MD5
5109b5969ba6da71d73f1937fd946fa1

SHA1
4778fc348b0c3429d69488e2e4a27a2b880c7eb8

SHA256
1f4ece38d4599f0eb9c42d98e24a58c31982d3065802cdfb3844244f4186266f

SHA512
61b0e8ef3d9aa4f94fb4cfd5a2b874f63a4a9856b8eb664b6a9e7dc5502d470ef855353652d74ecab6ec4ee8ca336be2ecbc61bfe274f372e94eedbfca330a81

Download Submit
C:\Windows\System\UVJtWLU.exe

Filesize
1.9MB

MD5
b67eb094ce3a2247c5ea85458e87fa36

SHA1
f90a44a3314c23b773102e0a75dd9c964228c60f

SHA256
ec74cc97fe13e2234f78bbd740178515c3764ce6f6e9d48ef1523548a4e0398a

SHA512
007b306cc5bff5a665a9ecb7c78d93c00992a3bdf73895282ceebecbd7fc2e007fd8c77a8cd027c426346046410742d7b5f51a6ffb9119a0137d248e91860cff

Download Submit
C:\Windows\System\UwymWLo.exe

Filesize
1.8MB

MD5
c519ef8b779a306333673da79daf3878

SHA1
162bcccda89cb7c47187ee67f022718126683eb0

SHA256
9278aa097db546b17255964f7e7b8ea36ba8e20861024ccb654bbae29115d73b

SHA512
5ecedbd8d1b92d4c15b37feaec9cbb5b58381b876e6af0fa4176801b7a1d127a4c53257080bb3cf4619bbafeb4ceb32cd10a93ab9a8b6379db26ea40a6553c73

Download Submit
C:\Windows\System\WgDbZNb.exe

Filesize
1.8MB

MD5
ed46be581d2d95e522db0802beb8ea7e

SHA1
8a0d0210085f289af8031e9fdfe4424ddc1c6d9b

SHA256
2c1aa05ec69b48c321fd924b44c30a0d51d58fd4ff6c7ecc7a093aa8a48692ea

SHA512
95d2afe55e928ddbcfff4fca0ec1f6e09529ae458418d0a71d7f382e3aa0f46a25c8f353c742ebfeee8c8ac263e3e0a3c77602896cb339674ee4385cd8ddc879

Download Submit
C:\Windows\System\YILBRgH.exe

Filesize
1.9MB

MD5
72e9f61ba80899d3baeb5f4b30b66ba5

SHA1
96f538f50fa6b1a442772e0eded4b7143b9aa31c

SHA256
3f39e1fcbecb0af27c38204d586429875693c5c8a84931cff00c21fea3bc7307

SHA512
2b18ad519c7460374ea71079fde477a51ab315e9ddf43fdf1e54c672c904135703a2b270d2d9b0d65eeb30ecb15802f9d0be8b2226662e47d5a257832f605775

Download Submit
C:\Windows\System\ZNAtXfX.exe

Filesize
1.9MB

MD5
3d358e622673ac39102ce713b1d5d209

SHA1
d1137f313bb822461b8eeccfe6f6b6d9bf581bc5

SHA256
2ca42dbad0bb76d1eaac8c735a37cab03040d666d80e2eea265dcb725586056f

SHA512
8d603681bf1ca36a848b3bd66425dbce764d0039aa2820ec789463d40c7dc7644f9a2febf60ae2593283e6c250bbbee5d8127286a7370f89f0b6bfabdc07417b

Download Submit
C:\Windows\System\aQLBqdM.exe

Filesize
1.9MB

MD5
011b54824f83394001685bb088adecd1

SHA1
e903bde7522037d2b9710882e9f84e71eaef8f50

SHA256
2393b40b2203aff29c0a52a9e9e75eec48702a46e448dc6b7fd2195c730ffc49

SHA512
cd8c94982f0e1272b53250b73a90f351cdb68e93fedf6d6f15918cf8d33f070063143e96ab1fff76414b76ecabb2eb7e98cefffa4fbaff2d2a329f4a5e76dc22

Download Submit
C:\Windows\System\daWjTAZ.exe

Filesize
1.9MB

MD5
362f3db4fc9bd8970722b3e1511fc620

SHA1
b3d3297a2b89076b458d1c11bfbabc47901ddec3

SHA256
6df41fe0963ed84d369e95f7f0dd79280a30a375afd48955d23b251eb1d688a5

SHA512
3a7c6696204f5a20b6e43af63ce25dd7bfde6bbde2a754cf9db526f4b2f56d1a5e7f1fc523fe665cee9064fb0b47ef642b850ea357de1e993ceda9d075ad337b

Download Submit
C:\Windows\System\eWyVcYd.exe

Filesize
1.8MB

MD5
3863b3756b2aa38c467eb3ee7acd0aef

SHA1
d3227dd9ecdf7abb0c8af7d12679d0f68bf384c2

SHA256
22992392c4645656b6771520dbf60f8ba2380108af938b3c53c3111d073d1082

SHA512
e57e050bb421be154ee783d50bfc0592a48ff9ae304e34a3f44cc0038cd4dc5b0fb97c47447636ac388b780a76180dfc09146903d74b28dcfd71e0c6c1de53a4

Download Submit
C:\Windows\System\hAGNigc.exe

Filesize
1.9MB

MD5
fdc87b166716f779015d46d629a1fcb0

SHA1
a21692f68709ff44c15cba39eb18b3b4439b4208

SHA256
5f8f9e1895a6609e9c4283c4fca9a25a908641bccc1de57e6c0059155bbd2fb5

SHA512
c4533a1ed23a2aa29d6eed1fdbf3d89c4bbb28913bd7f858f082519217c71c3f2ca2a7135e0a67e19745024f08266d13ecc4bf9c23c44c8b1b243ce56720c21a

Download Submit
C:\Windows\System\mXfchAg.exe

Filesize
1.9MB

MD5
6eb9625e9713e3576318bed06633b6c1

SHA1
aefd9f0055345c2f6944af52be280f35c433f4b9

SHA256
d86a76ed46a0e830f02123988023ba00f6d313d0b7ed1160f0c89c564317d718

SHA512
d74996bd2dee9be121f6d2642736a36229cae3ac21a6e335270bebdff5efdae557852343b20373559adaeeceef751138593d6e05ccc8e61ae8abc5054b046401

Download Submit
C:\Windows\System\mrmeZKt.exe

Filesize
1.9MB

MD5
1409b19a41ee75a378393a5a0c89b1f4

SHA1
cd67d93ab084b732902bafe6eacbd14eb05936a1

SHA256
70d20264eaa6024cf6b6b7b1f803452320dcac3d22cac3168fc1b1d3b060c329

SHA512
0813b6b4f6aa28ab38c7bf5be629a1c7c349a6a04e382a9f407bef352d6e697494e65e7541478b63a9d0224162c9e18c41d22fe1075c20c93b4080d89d9be0c1

Download Submit
C:\Windows\System\nIrcYgv.exe

Filesize
1.8MB

MD5
bc1944cc8b5feb24f43baaf783c913a7

SHA1
2b3462e62a543c99cb550a3a6b0ed7e2eda28697

SHA256
683165e6d267a2bf43b18c86f456e386d621e70d96250ee619dc84e6426f3ed4

SHA512
e9d2221e1eb5657179a6868b2b277ca683905c3514e8adbe6ab64397cf9f0823f92445450dc1793a84f6fc2474da4dcc0ddd064c3877cb9f0fb9b2c885538521

Download Submit
C:\Windows\System\uJuMiyz.exe

Filesize
1.9MB

MD5
5abffc9c88b68b33add9ef573168846b

SHA1
ec7ae37f3811649c3b21edc2a17e4771a0bbef99

SHA256
17561c53d94aad7c94996ee1cb4d3befc8273119d290ed69c43ac323123b6220

SHA512
a5cc2c857d8c90c50498f4ee2939dc645f9b4d8069ac7e03705b48fbca5184df40740dbfda70fe92e0313bdc98abc8ffa4c09d6424b293b992b0ec8432cae89e

Download Submit
C:\Windows\System\uawozeB.exe

Filesize
1.9MB

MD5
3943474ae977d197596e057ebff2754a

SHA1
625ab8db4f17c4cd937f81b90107084202be8b87

SHA256
b960f3b863e142d1ef85a5bcc05fc87b7a1065391a4e94bdcf5fc19208540697

SHA512
227a20aa88c82a82208c266b566dc4bb03465e67f5a1c6cc6c833607d2a64b1dba7fd4be900e31079699731ef33e34331a7b04edcdd9a94d043440ddfdfe55ad

Download Submit
C:\Windows\System\vJdKNaN.exe

Filesize
1.9MB

MD5
bb33e41710225839bc26cd1dcced3d1b

SHA1
a60e5982c2349a2b9a6626f751c9de2c2780c01b

SHA256
9a7c33e0a56578ea77ea89837772b031064eac957839aa095ae4b9b2e161563a

SHA512
062091db5e3f2f5c66fda4d5b7fcb5e991b4266f6693485fb870fb2e877aefb691495e6e20807f49578300ee45f375f380b649e83503a7d8f4d3b3f44ea083dc

Download Submit
C:\Windows\System\zdoTzGz.exe

Filesize
1.9MB

MD5
4aba30285a3ddd2bc213615fe7e4e893

SHA1
b9da697d95f771da7973e6eae3240ccb5f5e8523

SHA256
e85dff7e4fd3ab672dda2d7e6d0bd60036f2dee03f5b6afee3d2055b2b1d1f92

SHA512
1be95ec30b592230b13ae1c59839b1e1a74e7d2a1cffc53a977f016ce0ab36186d03bf4c1e8bf1adcd4c23ee5aaed4f7cdce061a31ba26d374412122d581e7cf

Download Submit
memory/628-78-0x00007FF639310000-0x00007FF639702000-memory.dmp

Filesize
3.9MB

Download
memory/652-125-0x00007FF7B2D60000-0x00007FF7B3152000-memory.dmp

Filesize
3.9MB

Download
memory/1072-1910-0x00007FF670120000-0x00007FF670512000-memory.dmp

Filesize
3.9MB

Download
memory/1072-54-0x00007FF670120000-0x00007FF670512000-memory.dmp

Filesize
3.9MB

Download
memory/1796-108-0x00007FF619180000-0x00007FF619572000-memory.dmp

Filesize
3.9MB

Download
memory/2000-74-0x00007FF7EA840000-0x00007FF7EAC32000-memory.dmp

Filesize
3.9MB

Download
memory/2084-97-0x00007FF67B100000-0x00007FF67B4F2000-memory.dmp

Filesize
3.9MB

Download
memory/2480-22-0x00007FF68F690000-0x00007FF68FA82000-memory.dmp

Filesize
3.9MB

Download
memory/2592-17-0x0000021872F60000-0x0000021872F70000-memory.dmp

Filesize
64KB

Download
memory/2592-16-0x00007FF91F0A0000-0x00007FF91FB61000-memory.dmp

Filesize
10.8MB

Download
memory/2592-35-0x0000021873210000-0x0000021873232000-memory.dmp

Filesize
136KB

Download
memory/2592-63-0x0000021872F60000-0x0000021872F70000-memory.dmp

Filesize
64KB

Download
memory/2592-1229-0x00007FF91F0A0000-0x00007FF91FB61000-memory.dmp

Filesize
10.8MB

Download
memory/3212-104-0x00007FF61E820000-0x00007FF61EC12000-memory.dmp

Filesize
3.9MB

Download
memory/3288-62-0x00007FF678AF0000-0x00007FF678EE2000-memory.dmp

Filesize
3.9MB

Download
memory/3288-1911-0x00007FF678AF0000-0x00007FF678EE2000-memory.dmp

Filesize
3.9MB

Download
memory/3300-119-0x00007FF78AB50000-0x00007FF78AF42000-memory.dmp

Filesize
3.9MB

Download
memory/3436-45-0x00007FF652160000-0x00007FF652552000-memory.dmp

Filesize
3.9MB

Download
memory/3436-1232-0x00007FF652160000-0x00007FF652552000-memory.dmp

Filesize
3.9MB

Download
memory/3440-98-0x00007FF63D5D0000-0x00007FF63D9C2000-memory.dmp

Filesize
3.9MB

Download
memory/3528-1-0x0000023C6BA30000-0x0000023C6BA40000-memory.dmp

Filesize
64KB

Download
memory/3528-1864-0x00007FF799290000-0x00007FF799682000-memory.dmp

Filesize
3.9MB

Download
memory/3528-0-0x00007FF799290000-0x00007FF799682000-memory.dmp

Filesize
3.9MB

Download
memory/3716-24-0x00007FF6652E0000-0x00007FF6656D2000-memory.dmp

Filesize
3.9MB

Download
memory/3740-73-0x00007FF614C00000-0x00007FF614FF2000-memory.dmp

Filesize
3.9MB

Download
memory/3788-131-0x00007FF7A16D0000-0x00007FF7A1AC2000-memory.dmp

Filesize
3.9MB

Download
memory/3796-88-0x00007FF7EBF70000-0x00007FF7EC362000-memory.dmp

Filesize
3.9MB

Download
memory/4264-149-0x00007FF7CA9D0000-0x00007FF7CADC2000-memory.dmp

Filesize
3.9MB

Download
memory/4468-92-0x00007FF74AC20000-0x00007FF74B012000-memory.dmp

Filesize
3.9MB

Download
memory/4700-132-0x00007FF6B5DF0000-0x00007FF6B61E2000-memory.dmp

Filesize
3.9MB

Download
memory/4820-143-0x00007FF7F7AA0000-0x00007FF7F7E92000-memory.dmp

Filesize
3.9MB

Download
memory/4872-82-0x00007FF688570000-0x00007FF688962000-memory.dmp

Filesize
3.9MB

Download