xmrig | db8bfe1ca7f7e3c0a128d34ea58646ee626dd8a68b858d6b78f19e91e7b54baa

Analysis

max time kernel
40s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
Size

1.6MB
MD5

07e71571e7c0ea67720a43b3a9ebc238
SHA1

54cf6365165f3c2c13c5b4276a7b6c5721607fde
SHA256

db8bfe1ca7f7e3c0a128d34ea58646ee626dd8a68b858d6b78f19e91e7b54baa
SHA512

a1ea017edf88c23d53a99b4d8bab153b4167a89bf6e4974f58e01842864d848ef19aa14c520c81e4639ad1e3fa8251a85b6ea1f0226249626ef1702acec395e7
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwpfky:Lz071uv4BPMkibTIA5CJY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 17 IoCs

miner

resource	yara_rule
behavioral2/memory/3284-36-0x00007FF6C8EC0000-0x00007FF6C92B2000-memory.dmp	xmrig
behavioral2/memory/1488-41-0x00007FF73E2C0000-0x00007FF73E6B2000-memory.dmp	xmrig
behavioral2/memory/404-53-0x00007FF6EE6D0000-0x00007FF6EEAC2000-memory.dmp	xmrig
behavioral2/memory/4588-49-0x00007FF6DC850000-0x00007FF6DCC42000-memory.dmp	xmrig
behavioral2/memory/3060-43-0x00007FF7C0870000-0x00007FF7C0C62000-memory.dmp	xmrig
behavioral2/memory/4688-151-0x00007FF710990000-0x00007FF710D82000-memory.dmp	xmrig
behavioral2/memory/744-178-0x00007FF7DEC80000-0x00007FF7DF072000-memory.dmp	xmrig
behavioral2/memory/5084-171-0x00007FF7C9070000-0x00007FF7C9462000-memory.dmp	xmrig
behavioral2/memory/2868-170-0x00007FF6178E0000-0x00007FF617CD2000-memory.dmp	xmrig
behavioral2/memory/3036-164-0x00007FF743B90000-0x00007FF743F82000-memory.dmp	xmrig
behavioral2/memory/3584-163-0x00007FF623180000-0x00007FF623572000-memory.dmp	xmrig
behavioral2/memory/2280-159-0x00007FF694670000-0x00007FF694A62000-memory.dmp	xmrig
behavioral2/memory/1676-155-0x00007FF674EE0000-0x00007FF6752D2000-memory.dmp	xmrig
behavioral2/memory/2508-154-0x00007FF7E22B0000-0x00007FF7E26A2000-memory.dmp	xmrig
behavioral2/memory/1492-1324-0x00007FF701820000-0x00007FF701C12000-memory.dmp	xmrig
behavioral2/memory/1920-1993-0x00007FF7FA390000-0x00007FF7FA782000-memory.dmp	xmrig
behavioral2/memory/3708-2005-0x00007FF66F590000-0x00007FF66F982000-memory.dmp	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	4408	powershell.exe
5	4408	powershell.exe
10	4408	powershell.exe
11	4408	powershell.exe
13	4408	powershell.exe
14	4408	powershell.exe
16	4408	powershell.exe
20	4408	powershell.exe
21	4408	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4588	PhnYSfy.exe
3284	zEzSMAX.exe
1488	HyUwxxR.exe
3060	Gwnqegt.exe
404	ChYVPWS.exe
1492	qvUGgHi.exe
1920	JDlXQkA.exe
1284	XrFlUYb.exe
3708	dBOQinQ.exe
456	iTpeRQP.exe
1996	dSxAPVj.exe
3960	dgyTSlr.exe
1208	IoykRyA.exe
4688	SUApgxL.exe
2508	ZDkToOs.exe
1676	NxNkoSn.exe
2280	AdltKev.exe
3584	RnxBCRQ.exe
3036	aGQOKnr.exe
744	UdAucbO.exe
2868	stKrPPe.exe
1144	QhQrkxU.exe
1668	lGMuIyW.exe
2668	snaRkyh.exe
4448	JjzNPwW.exe
924	EivUIXO.exe
1788	EeWfDUj.exe
2208	OtnEzLF.exe
1160	KTrsNtm.exe
3620	ABwKkcj.exe
3416	lfnsXOq.exe
3272	WwKkjir.exe
1268	CNRnaGJ.exe
2588	NkTgdLG.exe
2976	gvDPJvH.exe
1956	XGWASrS.exe
4560	cQkgWGb.exe
4200	MXdSDpe.exe
4348	dxWLROz.exe
4468	dZYXIzx.exe
2708	Qylogsz.exe
2832	ThdvdqU.exe
4792	XIZclrR.exe
3192	BfHYTgg.exe
1072	VwhVgVa.exe
1640	TbBVEyn.exe
2512	zEPXpLh.exe
1096	BxhIvyd.exe
528	KmwbdwQ.exe
4324	iBSUrWW.exe
5024	rXRDMHK.exe
3896	QXQZHqV.exe
4952	kZcRzgf.exe
1772	XZuKSfW.exe
1964	YeTHQmO.exe
4300	MUFAAKb.exe
2256	ggtEaMA.exe
3820	OMnzfvG.exe
3020	Dciojav.exe
4984	mjQRGai.exe
1552	LyrrZVA.exe
3228	rKXzbXR.exe
3372	gngjTmQ.exe
4904	EVXfpDk.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5084-0-0x00007FF7C9070000-0x00007FF7C9462000-memory.dmp	upx
behavioral2/files/0x0006000000022fa8-5.dat	upx
behavioral2/files/0x0007000000023475-8.dat	upx
behavioral2/files/0x0009000000023467-11.dat	upx
behavioral2/files/0x0008000000023477-35.dat	upx
behavioral2/memory/3284-36-0x00007FF6C8EC0000-0x00007FF6C92B2000-memory.dmp	upx
behavioral2/memory/1488-41-0x00007FF73E2C0000-0x00007FF73E6B2000-memory.dmp	upx
behavioral2/files/0x0008000000023476-46.dat	upx
behavioral2/files/0x0007000000023479-50.dat	upx
behavioral2/files/0x000700000002347a-67.dat	upx
behavioral2/files/0x000700000002347b-70.dat	upx
behavioral2/files/0x000700000002347d-82.dat	upx
behavioral2/files/0x000700000002347e-86.dat	upx
behavioral2/memory/3960-85-0x00007FF754750000-0x00007FF754B42000-memory.dmp	upx
behavioral2/files/0x000700000002347c-80.dat	upx
behavioral2/memory/1996-79-0x00007FF638F70000-0x00007FF639362000-memory.dmp	upx
behavioral2/memory/456-75-0x00007FF77FA70000-0x00007FF77FE62000-memory.dmp	upx
behavioral2/memory/3708-68-0x00007FF66F590000-0x00007FF66F982000-memory.dmp	upx
behavioral2/memory/1284-64-0x00007FF770E30000-0x00007FF771222000-memory.dmp	upx
behavioral2/memory/1920-63-0x00007FF7FA390000-0x00007FF7FA782000-memory.dmp	upx
behavioral2/memory/1492-57-0x00007FF701820000-0x00007FF701C12000-memory.dmp	upx
behavioral2/memory/404-53-0x00007FF6EE6D0000-0x00007FF6EEAC2000-memory.dmp	upx
behavioral2/memory/4588-49-0x00007FF6DC850000-0x00007FF6DCC42000-memory.dmp	upx
behavioral2/memory/3060-43-0x00007FF7C0870000-0x00007FF7C0C62000-memory.dmp	upx
behavioral2/files/0x0007000000023478-37.dat	upx
behavioral2/files/0x000900000002346e-92.dat	upx
behavioral2/files/0x0007000000023483-107.dat	upx
behavioral2/files/0x0007000000023482-112.dat	upx
behavioral2/files/0x0007000000023488-142.dat	upx
behavioral2/files/0x0007000000023487-146.dat	upx
behavioral2/memory/4688-151-0x00007FF710990000-0x00007FF710D82000-memory.dmp	upx
behavioral2/files/0x000700000002348a-165.dat	upx
behavioral2/files/0x000700000002348b-172.dat	upx
behavioral2/files/0x000700000002348c-180.dat	upx
behavioral2/files/0x000700000002348e-189.dat	upx
behavioral2/files/0x0007000000023490-199.dat	upx
behavioral2/files/0x0007000000023492-201.dat	upx
behavioral2/files/0x0007000000023491-196.dat	upx
behavioral2/files/0x000700000002348f-194.dat	upx
behavioral2/files/0x000700000002348d-184.dat	upx
behavioral2/memory/744-178-0x00007FF7DEC80000-0x00007FF7DF072000-memory.dmp	upx
behavioral2/memory/5084-171-0x00007FF7C9070000-0x00007FF7C9462000-memory.dmp	upx
behavioral2/memory/2868-170-0x00007FF6178E0000-0x00007FF617CD2000-memory.dmp	upx
behavioral2/memory/3036-164-0x00007FF743B90000-0x00007FF743F82000-memory.dmp	upx
behavioral2/memory/3584-163-0x00007FF623180000-0x00007FF623572000-memory.dmp	upx
behavioral2/memory/2280-159-0x00007FF694670000-0x00007FF694A62000-memory.dmp	upx
behavioral2/memory/1676-155-0x00007FF674EE0000-0x00007FF6752D2000-memory.dmp	upx
behavioral2/memory/2508-154-0x00007FF7E22B0000-0x00007FF7E26A2000-memory.dmp	upx
behavioral2/files/0x0007000000023489-150.dat	upx
behavioral2/files/0x0007000000023485-144.dat	upx
behavioral2/files/0x0007000000023486-129.dat	upx
behavioral2/files/0x0007000000023481-127.dat	upx
behavioral2/files/0x0007000000023480-126.dat	upx
behavioral2/files/0x0007000000023484-119.dat	upx
behavioral2/files/0x000700000002347f-108.dat	upx
behavioral2/memory/1208-102-0x00007FF673C40000-0x00007FF674032000-memory.dmp	upx
behavioral2/memory/1492-1324-0x00007FF701820000-0x00007FF701C12000-memory.dmp	upx
behavioral2/memory/1920-1993-0x00007FF7FA390000-0x00007FF7FA782000-memory.dmp	upx
behavioral2/memory/3708-2005-0x00007FF66F590000-0x00007FF66F982000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mnmmauV.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\KylriRf.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\yYYDXbk.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\JNTqIZI.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\YMcvhqj.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\oNONiHb.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\bcIJjVj.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\WpIQSJo.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\wNVVWIk.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\nkxCqgc.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\CxVOBIR.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ndtOoCg.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\fdjbhaW.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\yPagUxs.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\zNgQJYI.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\dVfPzhR.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\DJvbckr.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\sgreDFw.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\bmnBBoA.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\jBGnjsA.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\CjnvSlf.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\jMiMNfr.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\uqPhRjU.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\WeVhlfa.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\vcfHufQ.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\tYWmyGF.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\wrVbRpa.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ezSDCQm.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\xoAdPwZ.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\HVcHmKu.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\PeKqUGn.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\tAYiwBP.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\abwiSWS.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\PHDeoyX.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ILDzcrN.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\nYvQttx.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\GEemKTf.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\BOpDFSg.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\OQXlaFC.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\yQvvcyy.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ryzuhyg.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\slKSbon.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\cJZgDSB.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\BCfcJkB.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ztbUOtS.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\OiGHwOI.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\JathOtN.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\OVPtfzr.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\WxdtChe.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\vHNGLsr.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\kdCHFdO.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\RxmEQFW.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\UQWRhck.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\DmWDZOc.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\KcVfGRY.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\AYYkFgP.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\YcNqHMr.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\TWXrvCz.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\raMNuRf.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\CnSBCDT.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\aoOHXoV.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\TfcVIUu.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\NZzmfPC.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
File created	C:\Windows\System\ktTUWJc.exe	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4408	powershell.exe
4408	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4408	powershell.exe
Token: SeLockMemoryPrivilege	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4408	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	83
PID 5084 wrote to memory of 4408	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	83
PID 5084 wrote to memory of 4588	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	84
PID 5084 wrote to memory of 4588	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	84
PID 5084 wrote to memory of 3284	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	85
PID 5084 wrote to memory of 3284	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	85
PID 5084 wrote to memory of 1488	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	86
PID 5084 wrote to memory of 1488	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	86
PID 5084 wrote to memory of 3060	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	87
PID 5084 wrote to memory of 3060	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	87
PID 5084 wrote to memory of 404	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	88
PID 5084 wrote to memory of 404	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	88
PID 5084 wrote to memory of 1492	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	89
PID 5084 wrote to memory of 1492	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	89
PID 5084 wrote to memory of 1920	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	90
PID 5084 wrote to memory of 1920	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	90
PID 5084 wrote to memory of 1284	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	91
PID 5084 wrote to memory of 1284	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	91
PID 5084 wrote to memory of 3708	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	92
PID 5084 wrote to memory of 3708	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	92
PID 5084 wrote to memory of 456	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	93
PID 5084 wrote to memory of 456	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	93
PID 5084 wrote to memory of 1996	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	94
PID 5084 wrote to memory of 1996	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	94
PID 5084 wrote to memory of 3960	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	95
PID 5084 wrote to memory of 3960	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	95
PID 5084 wrote to memory of 1208	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	96
PID 5084 wrote to memory of 1208	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	96
PID 5084 wrote to memory of 4688	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	97
PID 5084 wrote to memory of 4688	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	97
PID 5084 wrote to memory of 2508	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	98
PID 5084 wrote to memory of 2508	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	98
PID 5084 wrote to memory of 1676	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	99
PID 5084 wrote to memory of 1676	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	99
PID 5084 wrote to memory of 3584	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	100
PID 5084 wrote to memory of 3584	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	100
PID 5084 wrote to memory of 2280	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	101
PID 5084 wrote to memory of 2280	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	101
PID 5084 wrote to memory of 3036	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	102
PID 5084 wrote to memory of 3036	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	102
PID 5084 wrote to memory of 2868	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	103
PID 5084 wrote to memory of 2868	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	103
PID 5084 wrote to memory of 744	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	104
PID 5084 wrote to memory of 744	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	104
PID 5084 wrote to memory of 1144	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	105
PID 5084 wrote to memory of 1144	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	105
PID 5084 wrote to memory of 1668	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	106
PID 5084 wrote to memory of 1668	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	106
PID 5084 wrote to memory of 2668	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	107
PID 5084 wrote to memory of 2668	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	107
PID 5084 wrote to memory of 4448	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	108
PID 5084 wrote to memory of 4448	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	108
PID 5084 wrote to memory of 924	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	110
PID 5084 wrote to memory of 924	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	110
PID 5084 wrote to memory of 1788	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	111
PID 5084 wrote to memory of 1788	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	111
PID 5084 wrote to memory of 2208	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	112
PID 5084 wrote to memory of 2208	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	112
PID 5084 wrote to memory of 1160	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	113
PID 5084 wrote to memory of 1160	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	113
PID 5084 wrote to memory of 3620	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	114
PID 5084 wrote to memory of 3620	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	114
PID 5084 wrote to memory of 3416	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	115
PID 5084 wrote to memory of 3416	5084	07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07e71571e7c0ea67720a43b3a9ebc238_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4408
- C:\Windows\System\PhnYSfy.exe
  C:\Windows\System\PhnYSfy.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\zEzSMAX.exe
  C:\Windows\System\zEzSMAX.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\HyUwxxR.exe
  C:\Windows\System\HyUwxxR.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\Gwnqegt.exe
  C:\Windows\System\Gwnqegt.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ChYVPWS.exe
  C:\Windows\System\ChYVPWS.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\qvUGgHi.exe
  C:\Windows\System\qvUGgHi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\JDlXQkA.exe
  C:\Windows\System\JDlXQkA.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XrFlUYb.exe
  C:\Windows\System\XrFlUYb.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\dBOQinQ.exe
  C:\Windows\System\dBOQinQ.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\iTpeRQP.exe
  C:\Windows\System\iTpeRQP.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\dSxAPVj.exe
  C:\Windows\System\dSxAPVj.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\dgyTSlr.exe
  C:\Windows\System\dgyTSlr.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\IoykRyA.exe
  C:\Windows\System\IoykRyA.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\SUApgxL.exe
  C:\Windows\System\SUApgxL.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\ZDkToOs.exe
  C:\Windows\System\ZDkToOs.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\NxNkoSn.exe
  C:\Windows\System\NxNkoSn.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\RnxBCRQ.exe
  C:\Windows\System\RnxBCRQ.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\AdltKev.exe
  C:\Windows\System\AdltKev.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\aGQOKnr.exe
  C:\Windows\System\aGQOKnr.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\stKrPPe.exe
  C:\Windows\System\stKrPPe.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\UdAucbO.exe
  C:\Windows\System\UdAucbO.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\QhQrkxU.exe
  C:\Windows\System\QhQrkxU.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\lGMuIyW.exe
  C:\Windows\System\lGMuIyW.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\snaRkyh.exe
  C:\Windows\System\snaRkyh.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\JjzNPwW.exe
  C:\Windows\System\JjzNPwW.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\EivUIXO.exe
  C:\Windows\System\EivUIXO.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\EeWfDUj.exe
  C:\Windows\System\EeWfDUj.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\OtnEzLF.exe
  C:\Windows\System\OtnEzLF.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\KTrsNtm.exe
  C:\Windows\System\KTrsNtm.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\ABwKkcj.exe
  C:\Windows\System\ABwKkcj.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\lfnsXOq.exe
  C:\Windows\System\lfnsXOq.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\WwKkjir.exe
  C:\Windows\System\WwKkjir.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\CNRnaGJ.exe
  C:\Windows\System\CNRnaGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\NkTgdLG.exe
  C:\Windows\System\NkTgdLG.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\gvDPJvH.exe
  C:\Windows\System\gvDPJvH.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\XGWASrS.exe
  C:\Windows\System\XGWASrS.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\cQkgWGb.exe
  C:\Windows\System\cQkgWGb.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\MXdSDpe.exe
  C:\Windows\System\MXdSDpe.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\dxWLROz.exe
  C:\Windows\System\dxWLROz.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\dZYXIzx.exe
  C:\Windows\System\dZYXIzx.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\Qylogsz.exe
  C:\Windows\System\Qylogsz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ThdvdqU.exe
  C:\Windows\System\ThdvdqU.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\XIZclrR.exe
  C:\Windows\System\XIZclrR.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\BfHYTgg.exe
  C:\Windows\System\BfHYTgg.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\VwhVgVa.exe
  C:\Windows\System\VwhVgVa.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\TbBVEyn.exe
  C:\Windows\System\TbBVEyn.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\zEPXpLh.exe
  C:\Windows\System\zEPXpLh.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\BxhIvyd.exe
  C:\Windows\System\BxhIvyd.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\KmwbdwQ.exe
  C:\Windows\System\KmwbdwQ.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\iBSUrWW.exe
  C:\Windows\System\iBSUrWW.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\rXRDMHK.exe
  C:\Windows\System\rXRDMHK.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\QXQZHqV.exe
  C:\Windows\System\QXQZHqV.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\kZcRzgf.exe
  C:\Windows\System\kZcRzgf.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\XZuKSfW.exe
  C:\Windows\System\XZuKSfW.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\YeTHQmO.exe
  C:\Windows\System\YeTHQmO.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\MUFAAKb.exe
  C:\Windows\System\MUFAAKb.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\ggtEaMA.exe
  C:\Windows\System\ggtEaMA.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\OMnzfvG.exe
  C:\Windows\System\OMnzfvG.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\Dciojav.exe
  C:\Windows\System\Dciojav.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mjQRGai.exe
  C:\Windows\System\mjQRGai.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\LyrrZVA.exe
  C:\Windows\System\LyrrZVA.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\rKXzbXR.exe
  C:\Windows\System\rKXzbXR.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\gngjTmQ.exe
  C:\Windows\System\gngjTmQ.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\EVXfpDk.exe
  C:\Windows\System\EVXfpDk.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\pMvsABf.exe
  C:\Windows\System\pMvsABf.exe
  2⤵
  PID:3564
- C:\Windows\System\DdSJskD.exe
  C:\Windows\System\DdSJskD.exe
  2⤵
  PID:4412
- C:\Windows\System\HMFlqjL.exe
  C:\Windows\System\HMFlqjL.exe
  2⤵
  PID:1760
- C:\Windows\System\RTiJxRR.exe
  C:\Windows\System\RTiJxRR.exe
  2⤵
  PID:216
- C:\Windows\System\cWuPxqY.exe
  C:\Windows\System\cWuPxqY.exe
  2⤵
  PID:3624
- C:\Windows\System\VjCeULm.exe
  C:\Windows\System\VjCeULm.exe
  2⤵
  PID:984
- C:\Windows\System\BWJFHCn.exe
  C:\Windows\System\BWJFHCn.exe
  2⤵
  PID:5088
- C:\Windows\System\nZzzfFi.exe
  C:\Windows\System\nZzzfFi.exe
  2⤵
  PID:448
- C:\Windows\System\svgcVNq.exe
  C:\Windows\System\svgcVNq.exe
  2⤵
  PID:1696
- C:\Windows\System\nICJEjU.exe
  C:\Windows\System\nICJEjU.exe
  2⤵
  PID:1264
- C:\Windows\System\aGAOroC.exe
  C:\Windows\System\aGAOroC.exe
  2⤵
  PID:1040
- C:\Windows\System\BkwcGLo.exe
  C:\Windows\System\BkwcGLo.exe
  2⤵
  PID:4044
- C:\Windows\System\xZPiVhl.exe
  C:\Windows\System\xZPiVhl.exe
  2⤵
  PID:3436
- C:\Windows\System\srTFHDv.exe
  C:\Windows\System\srTFHDv.exe
  2⤵
  PID:4652
- C:\Windows\System\zLNQCxr.exe
  C:\Windows\System\zLNQCxr.exe
  2⤵
  PID:2424
- C:\Windows\System\EKBInPM.exe
  C:\Windows\System\EKBInPM.exe
  2⤵
  PID:536
- C:\Windows\System\JbdFzdZ.exe
  C:\Windows\System\JbdFzdZ.exe
  2⤵
  PID:2824
- C:\Windows\System\MToFoUq.exe
  C:\Windows\System\MToFoUq.exe
  2⤵
  PID:2240
- C:\Windows\System\IPnGwBB.exe
  C:\Windows\System\IPnGwBB.exe
  2⤵
  PID:2080
- C:\Windows\System\aTcQbHQ.exe
  C:\Windows\System\aTcQbHQ.exe
  2⤵
  PID:5152
- C:\Windows\System\YjEUwbJ.exe
  C:\Windows\System\YjEUwbJ.exe
  2⤵
  PID:5180
- C:\Windows\System\EOvfXOs.exe
  C:\Windows\System\EOvfXOs.exe
  2⤵
  PID:5208
- C:\Windows\System\XvTJMHa.exe
  C:\Windows\System\XvTJMHa.exe
  2⤵
  PID:5260
- C:\Windows\System\fqnLdyO.exe
  C:\Windows\System\fqnLdyO.exe
  2⤵
  PID:5284
- C:\Windows\System\inbSOcF.exe
  C:\Windows\System\inbSOcF.exe
  2⤵
  PID:5328
- C:\Windows\System\SixIGSP.exe
  C:\Windows\System\SixIGSP.exe
  2⤵
  PID:5368
- C:\Windows\System\mnmmauV.exe
  C:\Windows\System\mnmmauV.exe
  2⤵
  PID:5396
- C:\Windows\System\sKKaoDr.exe
  C:\Windows\System\sKKaoDr.exe
  2⤵
  PID:6016
- C:\Windows\System\wZAPXXS.exe
  C:\Windows\System\wZAPXXS.exe
  2⤵
  PID:6040
- C:\Windows\System\FCBrAlZ.exe
  C:\Windows\System\FCBrAlZ.exe
  2⤵
  PID:6072
- C:\Windows\System\gzpphjp.exe
  C:\Windows\System\gzpphjp.exe
  2⤵
  PID:6096
- C:\Windows\System\zaRovbW.exe
  C:\Windows\System\zaRovbW.exe
  2⤵
  PID:6124
- C:\Windows\System\UMBNYZM.exe
  C:\Windows\System\UMBNYZM.exe
  2⤵
  PID:4932
- C:\Windows\System\iGQycFa.exe
  C:\Windows\System\iGQycFa.exe
  2⤵
  PID:2300
- C:\Windows\System\JGafcLI.exe
  C:\Windows\System\JGafcLI.exe
  2⤵
  PID:4668
- C:\Windows\System\DQWViRs.exe
  C:\Windows\System\DQWViRs.exe
  2⤵
  PID:2504
- C:\Windows\System\NYtEBJJ.exe
  C:\Windows\System\NYtEBJJ.exe
  2⤵
  PID:5196
- C:\Windows\System\jrbNbpc.exe
  C:\Windows\System\jrbNbpc.exe
  2⤵
  PID:5224
- C:\Windows\System\DhsVfaW.exe
  C:\Windows\System\DhsVfaW.exe
  2⤵
  PID:5280
- C:\Windows\System\GkawNXO.exe
  C:\Windows\System\GkawNXO.exe
  2⤵
  PID:1836
- C:\Windows\System\JWdNaYJ.exe
  C:\Windows\System\JWdNaYJ.exe
  2⤵
  PID:5312
- C:\Windows\System\fsuzFtz.exe
  C:\Windows\System\fsuzFtz.exe
  2⤵
  PID:5424
- C:\Windows\System\jKIWdSQ.exe
  C:\Windows\System\jKIWdSQ.exe
  2⤵
  PID:5544
- C:\Windows\System\PQfSeNN.exe
  C:\Windows\System\PQfSeNN.exe
  2⤵
  PID:5588
- C:\Windows\System\kaICGXl.exe
  C:\Windows\System\kaICGXl.exe
  2⤵
  PID:1188
- C:\Windows\System\nYbprHD.exe
  C:\Windows\System\nYbprHD.exe
  2⤵
  PID:5648
- C:\Windows\System\VABSwTZ.exe
  C:\Windows\System\VABSwTZ.exe
  2⤵
  PID:5680
- C:\Windows\System\DkhZGbe.exe
  C:\Windows\System\DkhZGbe.exe
  2⤵
  PID:5720
- C:\Windows\System\hipFTgq.exe
  C:\Windows\System\hipFTgq.exe
  2⤵
  PID:5736
- C:\Windows\System\jIPgwVQ.exe
  C:\Windows\System\jIPgwVQ.exe
  2⤵
  PID:5760
- C:\Windows\System\KKambzj.exe
  C:\Windows\System\KKambzj.exe
  2⤵
  PID:5780
- C:\Windows\System\nwbwAfk.exe
  C:\Windows\System\nwbwAfk.exe
  2⤵
  PID:5796
- C:\Windows\System\sxIguJW.exe
  C:\Windows\System\sxIguJW.exe
  2⤵
  PID:5824
- C:\Windows\System\PCaBRdX.exe
  C:\Windows\System\PCaBRdX.exe
  2⤵
  PID:5868
- C:\Windows\System\YlkHPVd.exe
  C:\Windows\System\YlkHPVd.exe
  2⤵
  PID:5892
- C:\Windows\System\cdzejTz.exe
  C:\Windows\System\cdzejTz.exe
  2⤵
  PID:5912
- C:\Windows\System\DdkucIH.exe
  C:\Windows\System\DdkucIH.exe
  2⤵
  PID:5932
- C:\Windows\System\HCgUdMk.exe
  C:\Windows\System\HCgUdMk.exe
  2⤵
  PID:5948
- C:\Windows\System\YsRZaQO.exe
  C:\Windows\System\YsRZaQO.exe
  2⤵
  PID:5968
- C:\Windows\System\eSCMxeb.exe
  C:\Windows\System\eSCMxeb.exe
  2⤵
  PID:6008
- C:\Windows\System\tWKoYJa.exe
  C:\Windows\System\tWKoYJa.exe
  2⤵
  PID:6140
- C:\Windows\System\BlLwyOa.exe
  C:\Windows\System\BlLwyOa.exe
  2⤵
  PID:4680
- C:\Windows\System\nseCykR.exe
  C:\Windows\System\nseCykR.exe
  2⤵
  PID:3636
- C:\Windows\System\EpGMNkD.exe
  C:\Windows\System\EpGMNkD.exe
  2⤵
  PID:5252
- C:\Windows\System\wjPUDxD.exe
  C:\Windows\System\wjPUDxD.exe
  2⤵
  PID:2972
- C:\Windows\System\ZctvJPx.exe
  C:\Windows\System\ZctvJPx.exe
  2⤵
  PID:948
- C:\Windows\System\NcasQlu.exe
  C:\Windows\System\NcasQlu.exe
  2⤵
  PID:5440
- C:\Windows\System\dVrcJER.exe
  C:\Windows\System\dVrcJER.exe
  2⤵
  PID:5432
- C:\Windows\System\shnfwdK.exe
  C:\Windows\System\shnfwdK.exe
  2⤵
  PID:5496
- C:\Windows\System\kDBblsJ.exe
  C:\Windows\System\kDBblsJ.exe
  2⤵
  PID:2140
- C:\Windows\System\hMHjYGu.exe
  C:\Windows\System\hMHjYGu.exe
  2⤵
  PID:3432
- C:\Windows\System\ptbLGrp.exe
  C:\Windows\System\ptbLGrp.exe
  2⤵
  PID:5668
- C:\Windows\System\LNQeipw.exe
  C:\Windows\System\LNQeipw.exe
  2⤵
  PID:2060
- C:\Windows\System\PeKqUGn.exe
  C:\Windows\System\PeKqUGn.exe
  2⤵
  PID:5844
- C:\Windows\System\tiCiuPm.exe
  C:\Windows\System\tiCiuPm.exe
  2⤵
  PID:5924
- C:\Windows\System\kjOCEjs.exe
  C:\Windows\System\kjOCEjs.exe
  2⤵
  PID:4756
- C:\Windows\System\tAYiwBP.exe
  C:\Windows\System\tAYiwBP.exe
  2⤵
  PID:6028
- C:\Windows\System\XBchNbj.exe
  C:\Windows\System\XBchNbj.exe
  2⤵
  PID:1536
- C:\Windows\System\ZTHtDKp.exe
  C:\Windows\System\ZTHtDKp.exe
  2⤵
  PID:3672
- C:\Windows\System\tstPGAa.exe
  C:\Windows\System\tstPGAa.exe
  2⤵
  PID:2036
- C:\Windows\System\IujKaqE.exe
  C:\Windows\System\IujKaqE.exe
  2⤵
  PID:3388
- C:\Windows\System\iUOsHxS.exe
  C:\Windows\System\iUOsHxS.exe
  2⤵
  PID:4592
- C:\Windows\System\wrGYyzR.exe
  C:\Windows\System\wrGYyzR.exe
  2⤵
  PID:4876
- C:\Windows\System\JYguuxx.exe
  C:\Windows\System\JYguuxx.exe
  2⤵
  PID:5708
- C:\Windows\System\TqkwjMJ.exe
  C:\Windows\System\TqkwjMJ.exe
  2⤵
  PID:5804
- C:\Windows\System\wYzAcVz.exe
  C:\Windows\System\wYzAcVz.exe
  2⤵
  PID:5920
- C:\Windows\System\hLipFkx.exe
  C:\Windows\System\hLipFkx.exe
  2⤵
  PID:5992
- C:\Windows\System\sLDAyJg.exe
  C:\Windows\System\sLDAyJg.exe
  2⤵
  PID:1636
- C:\Windows\System\rXEBQqH.exe
  C:\Windows\System\rXEBQqH.exe
  2⤵
  PID:5540
- C:\Windows\System\WqKPdnV.exe
  C:\Windows\System\WqKPdnV.exe
  2⤵
  PID:5692
- C:\Windows\System\mXtUJIs.exe
  C:\Windows\System\mXtUJIs.exe
  2⤵
  PID:5864
- C:\Windows\System\ljDpWxY.exe
  C:\Windows\System\ljDpWxY.exe
  2⤵
  PID:5556
- C:\Windows\System\bptTpte.exe
  C:\Windows\System\bptTpte.exe
  2⤵
  PID:5944
- C:\Windows\System\hKkUWTN.exe
  C:\Windows\System\hKkUWTN.exe
  2⤵
  PID:6168
- C:\Windows\System\DwkCRtT.exe
  C:\Windows\System\DwkCRtT.exe
  2⤵
  PID:6192
- C:\Windows\System\DZkajtF.exe
  C:\Windows\System\DZkajtF.exe
  2⤵
  PID:6208
- C:\Windows\System\XyWnlum.exe
  C:\Windows\System\XyWnlum.exe
  2⤵
  PID:6228
- C:\Windows\System\muogzie.exe
  C:\Windows\System\muogzie.exe
  2⤵
  PID:6288
- C:\Windows\System\srVyovS.exe
  C:\Windows\System\srVyovS.exe
  2⤵
  PID:6316
- C:\Windows\System\HyDnYYg.exe
  C:\Windows\System\HyDnYYg.exe
  2⤵
  PID:6384
- C:\Windows\System\ohteHBU.exe
  C:\Windows\System\ohteHBU.exe
  2⤵
  PID:6444
- C:\Windows\System\abHgxgA.exe
  C:\Windows\System\abHgxgA.exe
  2⤵
  PID:6460
- C:\Windows\System\aagvjoc.exe
  C:\Windows\System\aagvjoc.exe
  2⤵
  PID:6520
- C:\Windows\System\dgcslqI.exe
  C:\Windows\System\dgcslqI.exe
  2⤵
  PID:6544
- C:\Windows\System\OVPqSri.exe
  C:\Windows\System\OVPqSri.exe
  2⤵
  PID:6560
- C:\Windows\System\CRNeJMC.exe
  C:\Windows\System\CRNeJMC.exe
  2⤵
  PID:6588
- C:\Windows\System\pCmgEJs.exe
  C:\Windows\System\pCmgEJs.exe
  2⤵
  PID:6632
- C:\Windows\System\UtMYfwx.exe
  C:\Windows\System\UtMYfwx.exe
  2⤵
  PID:6652
- C:\Windows\System\lODpEwy.exe
  C:\Windows\System\lODpEwy.exe
  2⤵
  PID:6704
- C:\Windows\System\fwCaEFP.exe
  C:\Windows\System\fwCaEFP.exe
  2⤵
  PID:6728
- C:\Windows\System\HLHRqIZ.exe
  C:\Windows\System\HLHRqIZ.exe
  2⤵
  PID:6764
- C:\Windows\System\TmcBVzB.exe
  C:\Windows\System\TmcBVzB.exe
  2⤵
  PID:6784
- C:\Windows\System\BVcMLTY.exe
  C:\Windows\System\BVcMLTY.exe
  2⤵
  PID:6816
- C:\Windows\System\hObulEf.exe
  C:\Windows\System\hObulEf.exe
  2⤵
  PID:6836
- C:\Windows\System\eWDErCW.exe
  C:\Windows\System\eWDErCW.exe
  2⤵
  PID:6856
- C:\Windows\System\ulIYoiv.exe
  C:\Windows\System\ulIYoiv.exe
  2⤵
  PID:6872
- C:\Windows\System\NPzValK.exe
  C:\Windows\System\NPzValK.exe
  2⤵
  PID:6896
- C:\Windows\System\jLTUbMg.exe
  C:\Windows\System\jLTUbMg.exe
  2⤵
  PID:6912
- C:\Windows\System\kXmLcpw.exe
  C:\Windows\System\kXmLcpw.exe
  2⤵
  PID:6936
- C:\Windows\System\POBSqcT.exe
  C:\Windows\System\POBSqcT.exe
  2⤵
  PID:6952
- C:\Windows\System\yTgpRcp.exe
  C:\Windows\System\yTgpRcp.exe
  2⤵
  PID:6980
- C:\Windows\System\zSthUiP.exe
  C:\Windows\System\zSthUiP.exe
  2⤵
  PID:7004
- C:\Windows\System\TCYQFuF.exe
  C:\Windows\System\TCYQFuF.exe
  2⤵
  PID:7020
- C:\Windows\System\FVhHjLw.exe
  C:\Windows\System\FVhHjLw.exe
  2⤵
  PID:7044
- C:\Windows\System\GCUcYYZ.exe
  C:\Windows\System\GCUcYYZ.exe
  2⤵
  PID:7064
- C:\Windows\System\ULQWgTu.exe
  C:\Windows\System\ULQWgTu.exe
  2⤵
  PID:7140
- C:\Windows\System\rAaWzjo.exe
  C:\Windows\System\rAaWzjo.exe
  2⤵
  PID:5676
- C:\Windows\System\Djkottv.exe
  C:\Windows\System\Djkottv.exe
  2⤵
  PID:6224
- C:\Windows\System\nFxlJPn.exe
  C:\Windows\System\nFxlJPn.exe
  2⤵
  PID:6184
- C:\Windows\System\xRGoKiE.exe
  C:\Windows\System\xRGoKiE.exe
  2⤵
  PID:6276
- C:\Windows\System\muObZqb.exe
  C:\Windows\System\muObZqb.exe
  2⤵
  PID:6356
- C:\Windows\System\hDMcRFz.exe
  C:\Windows\System\hDMcRFz.exe
  2⤵
  PID:6404
- C:\Windows\System\yRqbKIa.exe
  C:\Windows\System\yRqbKIa.exe
  2⤵
  PID:6456
- C:\Windows\System\TLtUEcD.exe
  C:\Windows\System\TLtUEcD.exe
  2⤵
  PID:6480
- C:\Windows\System\ZilWITr.exe
  C:\Windows\System\ZilWITr.exe
  2⤵
  PID:6612
- C:\Windows\System\ZCTuoYu.exe
  C:\Windows\System\ZCTuoYu.exe
  2⤵
  PID:6680
- C:\Windows\System\eCAPJyJ.exe
  C:\Windows\System\eCAPJyJ.exe
  2⤵
  PID:6808
- C:\Windows\System\ZWBSHsz.exe
  C:\Windows\System\ZWBSHsz.exe
  2⤵
  PID:6884
- C:\Windows\System\DRPZyqr.exe
  C:\Windows\System\DRPZyqr.exe
  2⤵
  PID:6932
- C:\Windows\System\sBqEUAk.exe
  C:\Windows\System\sBqEUAk.exe
  2⤵
  PID:6904
- C:\Windows\System\kQgtssa.exe
  C:\Windows\System\kQgtssa.exe
  2⤵
  PID:7016
- C:\Windows\System\xvhHFBW.exe
  C:\Windows\System\xvhHFBW.exe
  2⤵
  PID:7032
- C:\Windows\System\riJTeNC.exe
  C:\Windows\System\riJTeNC.exe
  2⤵
  PID:6968
- C:\Windows\System\QdnQdcp.exe
  C:\Windows\System\QdnQdcp.exe
  2⤵
  PID:7100
- C:\Windows\System\ItnbveT.exe
  C:\Windows\System\ItnbveT.exe
  2⤵
  PID:4160
- C:\Windows\System\hOAeiCT.exe
  C:\Windows\System\hOAeiCT.exe
  2⤵
  PID:5972
- C:\Windows\System\izgZbMK.exe
  C:\Windows\System\izgZbMK.exe
  2⤵
  PID:5000
- C:\Windows\System\kFpkWVt.exe
  C:\Windows\System\kFpkWVt.exe
  2⤵
  PID:6672
- C:\Windows\System\wCiHnPy.exe
  C:\Windows\System\wCiHnPy.exe
  2⤵
  PID:6648
- C:\Windows\System\pAFBvWF.exe
  C:\Windows\System\pAFBvWF.exe
  2⤵
  PID:6844
- C:\Windows\System\PvXhlMv.exe
  C:\Windows\System\PvXhlMv.exe
  2⤵
  PID:5304
- C:\Windows\System\QqSHjEv.exe
  C:\Windows\System\QqSHjEv.exe
  2⤵
  PID:7028
- C:\Windows\System\gqLIzWF.exe
  C:\Windows\System\gqLIzWF.exe
  2⤵
  PID:6988
- C:\Windows\System\MpKlDZN.exe
  C:\Windows\System\MpKlDZN.exe
  2⤵
  PID:6204
- C:\Windows\System\gfbcsyE.exe
  C:\Windows\System\gfbcsyE.exe
  2⤵
  PID:6712
- C:\Windows\System\PQdZHJc.exe
  C:\Windows\System\PQdZHJc.exe
  2⤵
  PID:6928
- C:\Windows\System\lKszyqj.exe
  C:\Windows\System\lKszyqj.exe
  2⤵
  PID:6176
- C:\Windows\System\mqofLnh.exe
  C:\Windows\System\mqofLnh.exe
  2⤵
  PID:6532
- C:\Windows\System\rMAQLZQ.exe
  C:\Windows\System\rMAQLZQ.exe
  2⤵
  PID:7172
- C:\Windows\System\cJZgDSB.exe
  C:\Windows\System\cJZgDSB.exe
  2⤵
  PID:7228
- C:\Windows\System\yMNnDxa.exe
  C:\Windows\System\yMNnDxa.exe
  2⤵
  PID:7248
- C:\Windows\System\XsnsySA.exe
  C:\Windows\System\XsnsySA.exe
  2⤵
  PID:7268
- C:\Windows\System\KdffIaR.exe
  C:\Windows\System\KdffIaR.exe
  2⤵
  PID:7296
- C:\Windows\System\rsKhYJw.exe
  C:\Windows\System\rsKhYJw.exe
  2⤵
  PID:7312
- C:\Windows\System\dwJqePd.exe
  C:\Windows\System\dwJqePd.exe
  2⤵
  PID:7336
- C:\Windows\System\RLMIaAY.exe
  C:\Windows\System\RLMIaAY.exe
  2⤵
  PID:7352
- C:\Windows\System\YdxnCcx.exe
  C:\Windows\System\YdxnCcx.exe
  2⤵
  PID:7380
- C:\Windows\System\uCSeOoM.exe
  C:\Windows\System\uCSeOoM.exe
  2⤵
  PID:7400
- C:\Windows\System\XoaZUzP.exe
  C:\Windows\System\XoaZUzP.exe
  2⤵
  PID:7464
- C:\Windows\System\rgELAaD.exe
  C:\Windows\System\rgELAaD.exe
  2⤵
  PID:7488
- C:\Windows\System\OfCUMLW.exe
  C:\Windows\System\OfCUMLW.exe
  2⤵
  PID:7508
- C:\Windows\System\ONnHCwc.exe
  C:\Windows\System\ONnHCwc.exe
  2⤵
  PID:7540
- C:\Windows\System\IHYQeVb.exe
  C:\Windows\System\IHYQeVb.exe
  2⤵
  PID:7556
- C:\Windows\System\ggyHXOp.exe
  C:\Windows\System\ggyHXOp.exe
  2⤵
  PID:7576
- C:\Windows\System\qOaqunI.exe
  C:\Windows\System\qOaqunI.exe
  2⤵
  PID:7604
- C:\Windows\System\hZmIEjk.exe
  C:\Windows\System\hZmIEjk.exe
  2⤵
  PID:7656
- C:\Windows\System\JgIHFrk.exe
  C:\Windows\System\JgIHFrk.exe
  2⤵
  PID:7676
- C:\Windows\System\ysZXaSv.exe
  C:\Windows\System\ysZXaSv.exe
  2⤵
  PID:7704
- C:\Windows\System\BAegnVx.exe
  C:\Windows\System\BAegnVx.exe
  2⤵
  PID:7720
- C:\Windows\System\BSVdJLI.exe
  C:\Windows\System\BSVdJLI.exe
  2⤵
  PID:7768
- C:\Windows\System\hnFmSQE.exe
  C:\Windows\System\hnFmSQE.exe
  2⤵
  PID:7792
- C:\Windows\System\gEBkriH.exe
  C:\Windows\System\gEBkriH.exe
  2⤵
  PID:7824
- C:\Windows\System\cslLGvS.exe
  C:\Windows\System\cslLGvS.exe
  2⤵
  PID:7844
- C:\Windows\System\kqeFlJR.exe
  C:\Windows\System\kqeFlJR.exe
  2⤵
  PID:7872
- C:\Windows\System\RwFMDPb.exe
  C:\Windows\System\RwFMDPb.exe
  2⤵
  PID:7900
- C:\Windows\System\ELoDjzL.exe
  C:\Windows\System\ELoDjzL.exe
  2⤵
  PID:7928
- C:\Windows\System\EWxycba.exe
  C:\Windows\System\EWxycba.exe
  2⤵
  PID:7960
- C:\Windows\System\FLyzmBs.exe
  C:\Windows\System\FLyzmBs.exe
  2⤵
  PID:8000
- C:\Windows\System\NZZTsHV.exe
  C:\Windows\System\NZZTsHV.exe
  2⤵
  PID:8016
- C:\Windows\System\qUqpraV.exe
  C:\Windows\System\qUqpraV.exe
  2⤵
  PID:8056
- C:\Windows\System\KYSeafO.exe
  C:\Windows\System\KYSeafO.exe
  2⤵
  PID:8072
- C:\Windows\System\DbNuhas.exe
  C:\Windows\System\DbNuhas.exe
  2⤵
  PID:8096
- C:\Windows\System\RDMXUSl.exe
  C:\Windows\System\RDMXUSl.exe
  2⤵
  PID:8112
- C:\Windows\System\nfTATkJ.exe
  C:\Windows\System\nfTATkJ.exe
  2⤵
  PID:8144
- C:\Windows\System\MBqsvTJ.exe
  C:\Windows\System\MBqsvTJ.exe
  2⤵
  PID:8188
- C:\Windows\System\ZtPNerh.exe
  C:\Windows\System\ZtPNerh.exe
  2⤵
  PID:7084
- C:\Windows\System\SvhFRLT.exe
  C:\Windows\System\SvhFRLT.exe
  2⤵
  PID:7212
- C:\Windows\System\HrCeaUE.exe
  C:\Windows\System\HrCeaUE.exe
  2⤵
  PID:7264
- C:\Windows\System\lUdqdNk.exe
  C:\Windows\System\lUdqdNk.exe
  2⤵
  PID:7372
- C:\Windows\System\fdtHfsg.exe
  C:\Windows\System\fdtHfsg.exe
  2⤵
  PID:7428
- C:\Windows\System\JzNOGpV.exe
  C:\Windows\System\JzNOGpV.exe
  2⤵
  PID:7500
- C:\Windows\System\UkbRvmw.exe
  C:\Windows\System\UkbRvmw.exe
  2⤵
  PID:7552
- C:\Windows\System\mRLCXgh.exe
  C:\Windows\System\mRLCXgh.exe
  2⤵
  PID:7664
- C:\Windows\System\XYXUWHz.exe
  C:\Windows\System\XYXUWHz.exe
  2⤵
  PID:7668
- C:\Windows\System\sCbGMzS.exe
  C:\Windows\System\sCbGMzS.exe
  2⤵
  PID:7712
- C:\Windows\System\QxAQvEA.exe
  C:\Windows\System\QxAQvEA.exe
  2⤵
  PID:7788
- C:\Windows\System\WxdtChe.exe
  C:\Windows\System\WxdtChe.exe
  2⤵
  PID:7892
- C:\Windows\System\FDFRgIe.exe
  C:\Windows\System\FDFRgIe.exe
  2⤵
  PID:7896
- C:\Windows\System\AkfRDSO.exe
  C:\Windows\System\AkfRDSO.exe
  2⤵
  PID:8028
- C:\Windows\System\DpwWdSW.exe
  C:\Windows\System\DpwWdSW.exe
  2⤵
  PID:8064
- C:\Windows\System\quBgJtE.exe
  C:\Windows\System\quBgJtE.exe
  2⤵
  PID:6624
- C:\Windows\System\bVIbpHQ.exe
  C:\Windows\System\bVIbpHQ.exe
  2⤵
  PID:7368
- C:\Windows\System\qJotePI.exe
  C:\Windows\System\qJotePI.exe
  2⤵
  PID:7584
- C:\Windows\System\hBLrscy.exe
  C:\Windows\System\hBLrscy.exe
  2⤵
  PID:7420
- C:\Windows\System\GrRuvBB.exe
  C:\Windows\System\GrRuvBB.exe
  2⤵
  PID:7640
- C:\Windows\System\qaxasWz.exe
  C:\Windows\System\qaxasWz.exe
  2⤵
  PID:7760
- C:\Windows\System\lxXHBHC.exe
  C:\Windows\System\lxXHBHC.exe
  2⤵
  PID:7840
- C:\Windows\System\ZVJpeWx.exe
  C:\Windows\System\ZVJpeWx.exe
  2⤵
  PID:7924
- C:\Windows\System\EucvzzK.exe
  C:\Windows\System\EucvzzK.exe
  2⤵
  PID:8036
- C:\Windows\System\tIQFZzo.exe
  C:\Windows\System\tIQFZzo.exe
  2⤵
  PID:7236
- C:\Windows\System\tWjxMGi.exe
  C:\Windows\System\tWjxMGi.exe
  2⤵
  PID:7324
- C:\Windows\System\GisChhA.exe
  C:\Windows\System\GisChhA.exe
  2⤵
  PID:7940
- C:\Windows\System\KIVDgaI.exe
  C:\Windows\System\KIVDgaI.exe
  2⤵
  PID:6296
- C:\Windows\System\sESPLXH.exe
  C:\Windows\System\sESPLXH.exe
  2⤵
  PID:8256
- C:\Windows\System\FKQWYhC.exe
  C:\Windows\System\FKQWYhC.exe
  2⤵
  PID:8276
- C:\Windows\System\GLZjRPL.exe
  C:\Windows\System\GLZjRPL.exe
  2⤵
  PID:8300
- C:\Windows\System\JprwQdN.exe
  C:\Windows\System\JprwQdN.exe
  2⤵
  PID:8324
- C:\Windows\System\bxZIOoI.exe
  C:\Windows\System\bxZIOoI.exe
  2⤵
  PID:8364
- C:\Windows\System\YJbuEmG.exe
  C:\Windows\System\YJbuEmG.exe
  2⤵
  PID:8392
- C:\Windows\System\JuVotZb.exe
  C:\Windows\System\JuVotZb.exe
  2⤵
  PID:8416
- C:\Windows\System\ihkjqyt.exe
  C:\Windows\System\ihkjqyt.exe
  2⤵
  PID:8436
- C:\Windows\System\heuvLrM.exe
  C:\Windows\System\heuvLrM.exe
  2⤵
  PID:8452
- C:\Windows\System\ofqjMAu.exe
  C:\Windows\System\ofqjMAu.exe
  2⤵
  PID:8504
- C:\Windows\System\eRWXsEU.exe
  C:\Windows\System\eRWXsEU.exe
  2⤵
  PID:8536
- C:\Windows\System\sOaDdZA.exe
  C:\Windows\System\sOaDdZA.exe
  2⤵
  PID:8556
- C:\Windows\System\IlqOQRL.exe
  C:\Windows\System\IlqOQRL.exe
  2⤵
  PID:8576
- C:\Windows\System\OppRMOi.exe
  C:\Windows\System\OppRMOi.exe
  2⤵
  PID:8604
- C:\Windows\System\NvrpUIX.exe
  C:\Windows\System\NvrpUIX.exe
  2⤵
  PID:8628
- C:\Windows\System\UZfqQQl.exe
  C:\Windows\System\UZfqQQl.exe
  2⤵
  PID:8672
- C:\Windows\System\dSkKvux.exe
  C:\Windows\System\dSkKvux.exe
  2⤵
  PID:8688
- C:\Windows\System\tWgbpUU.exe
  C:\Windows\System\tWgbpUU.exe
  2⤵
  PID:8736
- C:\Windows\System\hxnSvVc.exe
  C:\Windows\System\hxnSvVc.exe
  2⤵
  PID:8752
- C:\Windows\System\OTdXngt.exe
  C:\Windows\System\OTdXngt.exe
  2⤵
  PID:8772
- C:\Windows\System\MCUGFJh.exe
  C:\Windows\System\MCUGFJh.exe
  2⤵
  PID:8800
- C:\Windows\System\jMiMNfr.exe
  C:\Windows\System\jMiMNfr.exe
  2⤵
  PID:8816
- C:\Windows\System\kIgoyxK.exe
  C:\Windows\System\kIgoyxK.exe
  2⤵
  PID:8840
- C:\Windows\System\ceaJzXv.exe
  C:\Windows\System\ceaJzXv.exe
  2⤵
  PID:8856
- C:\Windows\System\CPOeABD.exe
  C:\Windows\System\CPOeABD.exe
  2⤵
  PID:8880
- C:\Windows\System\UBncwLT.exe
  C:\Windows\System\UBncwLT.exe
  2⤵
  PID:8896
- C:\Windows\System\DyLRasQ.exe
  C:\Windows\System\DyLRasQ.exe
  2⤵
  PID:9036
- C:\Windows\System\bbqGXQY.exe
  C:\Windows\System\bbqGXQY.exe
  2⤵
  PID:9164
- C:\Windows\System\NVckMRT.exe
  C:\Windows\System\NVckMRT.exe
  2⤵
  PID:9200
- C:\Windows\System\BJSFsZy.exe
  C:\Windows\System\BJSFsZy.exe
  2⤵
  PID:7516
- C:\Windows\System\ZaewBmg.exe
  C:\Windows\System\ZaewBmg.exe
  2⤵
  PID:8048
- C:\Windows\System\qnkTcuQ.exe
  C:\Windows\System\qnkTcuQ.exe
  2⤵
  PID:8272
- C:\Windows\System\aERThXO.exe
  C:\Windows\System\aERThXO.exe
  2⤵
  PID:8320
- C:\Windows\System\YJAFujv.exe
  C:\Windows\System\YJAFujv.exe
  2⤵
  PID:8400
- C:\Windows\System\MbrigyG.exe
  C:\Windows\System\MbrigyG.exe
  2⤵
  PID:8424
- C:\Windows\System\xpkzVzn.exe
  C:\Windows\System\xpkzVzn.exe
  2⤵
  PID:8584
- C:\Windows\System\xWrvxWV.exe
  C:\Windows\System\xWrvxWV.exe
  2⤵
  PID:8612
- C:\Windows\System\ASjVAxd.exe
  C:\Windows\System\ASjVAxd.exe
  2⤵
  PID:8620
- C:\Windows\System\WmJVSXx.exe
  C:\Windows\System\WmJVSXx.exe
  2⤵
  PID:8680
- C:\Windows\System\uNemAxs.exe
  C:\Windows\System\uNemAxs.exe
  2⤵
  PID:8716
- C:\Windows\System\ndTMeYn.exe
  C:\Windows\System\ndTMeYn.exe
  2⤵
  PID:8836
- C:\Windows\System\gsYtWpQ.exe
  C:\Windows\System\gsYtWpQ.exe
  2⤵
  PID:8928
- C:\Windows\System\vHNGLsr.exe
  C:\Windows\System\vHNGLsr.exe
  2⤵
  PID:8956
- C:\Windows\System\obHajWs.exe
  C:\Windows\System\obHajWs.exe
  2⤵
  PID:8128
- C:\Windows\System\XBhvCvk.exe
  C:\Windows\System\XBhvCvk.exe
  2⤵
  PID:8960
- C:\Windows\System\ihdacpg.exe
  C:\Windows\System\ihdacpg.exe
  2⤵
  PID:9128
- C:\Windows\System\HeTLwxx.exe
  C:\Windows\System\HeTLwxx.exe
  2⤵
  PID:5560
- C:\Windows\System\JvLtByh.exe
  C:\Windows\System\JvLtByh.exe
  2⤵
  PID:9080
- C:\Windows\System\puePcbn.exe
  C:\Windows\System\puePcbn.exe
  2⤵
  PID:5508
- C:\Windows\System\wHcfwFz.exe
  C:\Windows\System\wHcfwFz.exe
  2⤵
  PID:7460
- C:\Windows\System\DTIcACN.exe
  C:\Windows\System\DTIcACN.exe
  2⤵
  PID:8296
- C:\Windows\System\ASJfnBb.exe
  C:\Windows\System\ASJfnBb.exe
  2⤵
  PID:8376
- C:\Windows\System\KNnHKmL.exe
  C:\Windows\System\KNnHKmL.exe
  2⤵
  PID:8472
- C:\Windows\System\fsctGaH.exe
  C:\Windows\System\fsctGaH.exe
  2⤵
  PID:8644
- C:\Windows\System\JlLGvkS.exe
  C:\Windows\System\JlLGvkS.exe
  2⤵
  PID:8808
- C:\Windows\System\ciUPDPB.exe
  C:\Windows\System\ciUPDPB.exe
  2⤵
  PID:9152
- C:\Windows\System\CUmWxAp.exe
  C:\Windows\System\CUmWxAp.exe
  2⤵
  PID:9124
- C:\Windows\System\eAHzBOS.exe
  C:\Windows\System\eAHzBOS.exe
  2⤵
  PID:9196
- C:\Windows\System\rHXQRmK.exe
  C:\Windows\System\rHXQRmK.exe
  2⤵
  PID:9208
- C:\Windows\System\GWUBirA.exe
  C:\Windows\System\GWUBirA.exe
  2⤵
  PID:2388
- C:\Windows\System\abwiSWS.exe
  C:\Windows\System\abwiSWS.exe
  2⤵
  PID:8572
- C:\Windows\System\TPZKiPd.exe
  C:\Windows\System\TPZKiPd.exe
  2⤵
  PID:8660
- C:\Windows\System\jtuFOEe.exe
  C:\Windows\System\jtuFOEe.exe
  2⤵
  PID:6160
- C:\Windows\System\mnLiaGv.exe
  C:\Windows\System\mnLiaGv.exe
  2⤵
  PID:9228
- C:\Windows\System\uMKCgvO.exe
  C:\Windows\System\uMKCgvO.exe
  2⤵
  PID:9264
- C:\Windows\System\gLtLHLB.exe
  C:\Windows\System\gLtLHLB.exe
  2⤵
  PID:9284
- C:\Windows\System\cTfMonn.exe
  C:\Windows\System\cTfMonn.exe
  2⤵
  PID:9308
- C:\Windows\System\HefiQHL.exe
  C:\Windows\System\HefiQHL.exe
  2⤵
  PID:9328
- C:\Windows\System\TqSAOpK.exe
  C:\Windows\System\TqSAOpK.exe
  2⤵
  PID:9348
- C:\Windows\System\aDpMHgA.exe
  C:\Windows\System\aDpMHgA.exe
  2⤵
  PID:9368
- C:\Windows\System\kVQJFkd.exe
  C:\Windows\System\kVQJFkd.exe
  2⤵
  PID:9424
- C:\Windows\System\RQHwwJA.exe
  C:\Windows\System\RQHwwJA.exe
  2⤵
  PID:9440
- C:\Windows\System\iPhqFda.exe
  C:\Windows\System\iPhqFda.exe
  2⤵
  PID:9500
- C:\Windows\System\OqjbHwt.exe
  C:\Windows\System\OqjbHwt.exe
  2⤵
  PID:9532
- C:\Windows\System\DbHpkWH.exe
  C:\Windows\System\DbHpkWH.exe
  2⤵
  PID:9576
- C:\Windows\System\hjlgdCQ.exe
  C:\Windows\System\hjlgdCQ.exe
  2⤵
  PID:9596
- C:\Windows\System\aJGyHFo.exe
  C:\Windows\System\aJGyHFo.exe
  2⤵
  PID:9620
- C:\Windows\System\dWAMqSi.exe
  C:\Windows\System\dWAMqSi.exe
  2⤵
  PID:9640
- C:\Windows\System\FCZoHHD.exe
  C:\Windows\System\FCZoHHD.exe
  2⤵
  PID:9680
- C:\Windows\System\PLIoQja.exe
  C:\Windows\System\PLIoQja.exe
  2⤵
  PID:9704
- C:\Windows\System\bsEGLef.exe
  C:\Windows\System\bsEGLef.exe
  2⤵
  PID:9720
- C:\Windows\System\ZFGczkj.exe
  C:\Windows\System\ZFGczkj.exe
  2⤵
  PID:9740
- C:\Windows\System\GXVkAqu.exe
  C:\Windows\System\GXVkAqu.exe
  2⤵
  PID:9792
- C:\Windows\System\ywiQLOj.exe
  C:\Windows\System\ywiQLOj.exe
  2⤵
  PID:9824
- C:\Windows\System\LyAwHFZ.exe
  C:\Windows\System\LyAwHFZ.exe
  2⤵
  PID:9848
- C:\Windows\System\nmuWhGX.exe
  C:\Windows\System\nmuWhGX.exe
  2⤵
  PID:9880
- C:\Windows\System\NjgVexo.exe
  C:\Windows\System\NjgVexo.exe
  2⤵
  PID:9896
- C:\Windows\System\tDTmGpj.exe
  C:\Windows\System\tDTmGpj.exe
  2⤵
  PID:9916
- C:\Windows\System\PeRqrZD.exe
  C:\Windows\System\PeRqrZD.exe
  2⤵
  PID:9960
- C:\Windows\System\PJnFrVO.exe
  C:\Windows\System\PJnFrVO.exe
  2⤵
  PID:9984
- C:\Windows\System\BTxZVxG.exe
  C:\Windows\System\BTxZVxG.exe
  2⤵
  PID:10016
- C:\Windows\System\ESeRLVH.exe
  C:\Windows\System\ESeRLVH.exe
  2⤵
  PID:10048
- C:\Windows\System\JPKJQjJ.exe
  C:\Windows\System\JPKJQjJ.exe
  2⤵
  PID:10068
- C:\Windows\System\YTlVsrQ.exe
  C:\Windows\System\YTlVsrQ.exe
  2⤵
  PID:10084
- C:\Windows\System\oDWkRkl.exe
  C:\Windows\System\oDWkRkl.exe
  2⤵
  PID:10128
- C:\Windows\System\qzXtvWF.exe
  C:\Windows\System\qzXtvWF.exe
  2⤵
  PID:10164
- C:\Windows\System\HXcbWbR.exe
  C:\Windows\System\HXcbWbR.exe
  2⤵
  PID:10180
- C:\Windows\System\EehUmST.exe
  C:\Windows\System\EehUmST.exe
  2⤵
  PID:10196
- C:\Windows\System\fYqrlMM.exe
  C:\Windows\System\fYqrlMM.exe
  2⤵
  PID:10224
- C:\Windows\System\XsxpHwH.exe
  C:\Windows\System\XsxpHwH.exe
  2⤵
  PID:7880
- C:\Windows\System\RLFBSHJ.exe
  C:\Windows\System\RLFBSHJ.exe
  2⤵
  PID:9256
- C:\Windows\System\prIhveg.exe
  C:\Windows\System\prIhveg.exe
  2⤵
  PID:9300
- C:\Windows\System\ewsgETE.exe
  C:\Windows\System\ewsgETE.exe
  2⤵
  PID:9360
- C:\Windows\System\maHTqXH.exe
  C:\Windows\System\maHTqXH.exe
  2⤵
  PID:9432
- C:\Windows\System\mEgCWMj.exe
  C:\Windows\System\mEgCWMj.exe
  2⤵
  PID:9456
- C:\Windows\System\swHVnnW.exe
  C:\Windows\System\swHVnnW.exe
  2⤵
  PID:9552
- C:\Windows\System\zoFyDBG.exe
  C:\Windows\System\zoFyDBG.exe
  2⤵
  PID:9604
- C:\Windows\System\XyytjTc.exe
  C:\Windows\System\XyytjTc.exe
  2⤵
  PID:9672
- C:\Windows\System\rLIsBml.exe
  C:\Windows\System\rLIsBml.exe
  2⤵
  PID:9804
- C:\Windows\System\XSSRkXq.exe
  C:\Windows\System\XSSRkXq.exe
  2⤵
  PID:9888
- C:\Windows\System\VzIOGzd.exe
  C:\Windows\System\VzIOGzd.exe
  2⤵
  PID:9932
- C:\Windows\System\wdtEeiA.exe
  C:\Windows\System\wdtEeiA.exe
  2⤵
  PID:10008
- C:\Windows\System\unGpzaK.exe
  C:\Windows\System\unGpzaK.exe
  2⤵
  PID:10040
- C:\Windows\System\EtXiEVP.exe
  C:\Windows\System\EtXiEVP.exe
  2⤵
  PID:10104
- C:\Windows\System\yeeasau.exe
  C:\Windows\System\yeeasau.exe
  2⤵
  PID:10156
- C:\Windows\System\IQgLlxH.exe
  C:\Windows\System\IQgLlxH.exe
  2⤵
  PID:10208
- C:\Windows\System\CVbvhug.exe
  C:\Windows\System\CVbvhug.exe
  2⤵
  PID:9220
- C:\Windows\System\aqYEidc.exe
  C:\Windows\System\aqYEidc.exe
  2⤵
  PID:9404
- C:\Windows\System\aYzBRpy.exe
  C:\Windows\System\aYzBRpy.exe
  2⤵
  PID:9592
- C:\Windows\System\vpImNwZ.exe
  C:\Windows\System\vpImNwZ.exe
  2⤵
  PID:9816
- C:\Windows\System\ckXOGSz.exe
  C:\Windows\System\ckXOGSz.exe
  2⤵
  PID:9956
- C:\Windows\System\vilkjjh.exe
  C:\Windows\System\vilkjjh.exe
  2⤵
  PID:10036
- C:\Windows\System\YSkBArx.exe
  C:\Windows\System\YSkBArx.exe
  2⤵
  PID:10236
- C:\Windows\System\ScUWeME.exe
  C:\Windows\System\ScUWeME.exe
  2⤵
  PID:9492
- C:\Windows\System\VPCwRis.exe
  C:\Windows\System\VPCwRis.exe
  2⤵
  PID:9860
- C:\Windows\System\XpilZvy.exe
  C:\Windows\System\XpilZvy.exe
  2⤵
  PID:10028
- C:\Windows\System\QgGFZlL.exe
  C:\Windows\System\QgGFZlL.exe
  2⤵
  PID:9272
- C:\Windows\System\SeLGPyt.exe
  C:\Windows\System\SeLGPyt.exe
  2⤵
  PID:9320
- C:\Windows\System\etAjkrB.exe
  C:\Windows\System\etAjkrB.exe
  2⤵
  PID:10264
- C:\Windows\System\TMeEsWY.exe
  C:\Windows\System\TMeEsWY.exe
  2⤵
  PID:10292
- C:\Windows\System\wODUwqc.exe
  C:\Windows\System\wODUwqc.exe
  2⤵
  PID:10328
- C:\Windows\System\bGeocFF.exe
  C:\Windows\System\bGeocFF.exe
  2⤵
  PID:10344
- C:\Windows\System\XbIsxXr.exe
  C:\Windows\System\XbIsxXr.exe
  2⤵
  PID:10372
- C:\Windows\System\hblkSlc.exe
  C:\Windows\System\hblkSlc.exe
  2⤵
  PID:10404
- C:\Windows\System\cIAqUdq.exe
  C:\Windows\System\cIAqUdq.exe
  2⤵
  PID:10436
- C:\Windows\System\fvfNRJD.exe
  C:\Windows\System\fvfNRJD.exe
  2⤵
  PID:10496
- C:\Windows\System\SmIkeCw.exe
  C:\Windows\System\SmIkeCw.exe
  2⤵
  PID:10524
- C:\Windows\System\ToxLLNn.exe
  C:\Windows\System\ToxLLNn.exe
  2⤵
  PID:10552
- C:\Windows\System\iTDTAnf.exe
  C:\Windows\System\iTDTAnf.exe
  2⤵
  PID:10580
- C:\Windows\System\QtkENYx.exe
  C:\Windows\System\QtkENYx.exe
  2⤵
  PID:10604
- C:\Windows\System\swEngCE.exe
  C:\Windows\System\swEngCE.exe
  2⤵
  PID:10620
- C:\Windows\System\PHDeoyX.exe
  C:\Windows\System\PHDeoyX.exe
  2⤵
  PID:10644
- C:\Windows\System\WdNAwJH.exe
  C:\Windows\System\WdNAwJH.exe
  2⤵
  PID:10676
- C:\Windows\System\eJXGizq.exe
  C:\Windows\System\eJXGizq.exe
  2⤵
  PID:10692
- C:\Windows\System\EAwIOoy.exe
  C:\Windows\System\EAwIOoy.exe
  2⤵
  PID:10736
- C:\Windows\System\ZKhhgAF.exe
  C:\Windows\System\ZKhhgAF.exe
  2⤵
  PID:10760
- C:\Windows\System\KTtFKgl.exe
  C:\Windows\System\KTtFKgl.exe
  2⤵
  PID:10780
- C:\Windows\System\PGrIbEm.exe
  C:\Windows\System\PGrIbEm.exe
  2⤵
  PID:10804
- C:\Windows\System\uqRjzqM.exe
  C:\Windows\System\uqRjzqM.exe
  2⤵
  PID:10836
- C:\Windows\System\FzieBlr.exe
  C:\Windows\System\FzieBlr.exe
  2⤵
  PID:10856
- C:\Windows\System\xnZnIbh.exe
  C:\Windows\System\xnZnIbh.exe
  2⤵
  PID:10876
- C:\Windows\System\RvGxDoC.exe
  C:\Windows\System\RvGxDoC.exe
  2⤵
  PID:10892
- C:\Windows\System\eWDlKwU.exe
  C:\Windows\System\eWDlKwU.exe
  2⤵
  PID:10940
- C:\Windows\System\zxTqoAZ.exe
  C:\Windows\System\zxTqoAZ.exe
  2⤵
  PID:10988
- C:\Windows\System\RNeIMdN.exe
  C:\Windows\System\RNeIMdN.exe
  2⤵
  PID:11028
- C:\Windows\System\PztzStX.exe
  C:\Windows\System\PztzStX.exe
  2⤵
  PID:11044
- C:\Windows\System\dMCXCzS.exe
  C:\Windows\System\dMCXCzS.exe
  2⤵
  PID:11068
- C:\Windows\System\lOYUYNA.exe
  C:\Windows\System\lOYUYNA.exe
  2⤵
  PID:11092
- C:\Windows\System\nHAtnQC.exe
  C:\Windows\System\nHAtnQC.exe
  2⤵
  PID:11128
- C:\Windows\System\uJvXlzB.exe
  C:\Windows\System\uJvXlzB.exe
  2⤵
  PID:11152
- C:\Windows\System\uzWtLuW.exe
  C:\Windows\System\uzWtLuW.exe
  2⤵
  PID:11168
- C:\Windows\System\fyUHgyv.exe
  C:\Windows\System\fyUHgyv.exe
  2⤵
  PID:11196
- C:\Windows\System\DYAOjdE.exe
  C:\Windows\System\DYAOjdE.exe
  2⤵
  PID:11232
- C:\Windows\System\MsyGmHs.exe
  C:\Windows\System\MsyGmHs.exe
  2⤵
  PID:10244
- C:\Windows\System\SXfDieo.exe
  C:\Windows\System\SXfDieo.exe
  2⤵
  PID:10284
- C:\Windows\System\byMGOIA.exe
  C:\Windows\System\byMGOIA.exe
  2⤵
  PID:10420
- C:\Windows\System\qbxkHIH.exe
  C:\Windows\System\qbxkHIH.exe
  2⤵
  PID:10504
- C:\Windows\System\XqyZKvV.exe
  C:\Windows\System\XqyZKvV.exe
  2⤵
  PID:10560
- C:\Windows\System\iAoghTt.exe
  C:\Windows\System\iAoghTt.exe
  2⤵
  PID:10576
- C:\Windows\System\XgERfrI.exe
  C:\Windows\System\XgERfrI.exe
  2⤵
  PID:10616
- C:\Windows\System\NvdMDmH.exe
  C:\Windows\System\NvdMDmH.exe
  2⤵
  PID:10656
- C:\Windows\System\tTfGgcS.exe
  C:\Windows\System\tTfGgcS.exe
  2⤵
  PID:10732
- C:\Windows\System\MAINRat.exe
  C:\Windows\System\MAINRat.exe
  2⤵
  PID:10748
- C:\Windows\System\ZtXfBdW.exe
  C:\Windows\System\ZtXfBdW.exe
  2⤵
  PID:10844
- C:\Windows\System\cYetKPZ.exe
  C:\Windows\System\cYetKPZ.exe
  2⤵
  PID:11004
- C:\Windows\System\SHwdCHa.exe
  C:\Windows\System\SHwdCHa.exe
  2⤵
  PID:10996
- C:\Windows\System\SqVlDdx.exe
  C:\Windows\System\SqVlDdx.exe
  2⤵
  PID:11084
- C:\Windows\System\EmyORiH.exe
  C:\Windows\System\EmyORiH.exe
  2⤵
  PID:11160
- C:\Windows\System\yqEWztI.exe
  C:\Windows\System\yqEWztI.exe
  2⤵
  PID:11212
- C:\Windows\System\qnzjcJc.exe
  C:\Windows\System\qnzjcJc.exe
  2⤵
  PID:11228
- C:\Windows\System\NYFUCdJ.exe
  C:\Windows\System\NYFUCdJ.exe
  2⤵
  PID:10260
- C:\Windows\System\DJDBaLF.exe
  C:\Windows\System\DJDBaLF.exe
  2⤵
  PID:10324
- C:\Windows\System\fLJxUgY.exe
  C:\Windows\System\fLJxUgY.exe
  2⤵
  PID:10572
- C:\Windows\System\lnRgZOE.exe
  C:\Windows\System\lnRgZOE.exe
  2⤵
  PID:10744
- C:\Windows\System\kNrQcPL.exe
  C:\Windows\System\kNrQcPL.exe
  2⤵
  PID:10984
- C:\Windows\System\BcEmrNz.exe
  C:\Windows\System\BcEmrNz.exe
  2⤵
  PID:11192
- C:\Windows\System\zbBdnDh.exe
  C:\Windows\System\zbBdnDh.exe
  2⤵
  PID:9892
- C:\Windows\System\cvCZVQB.exe
  C:\Windows\System\cvCZVQB.exe
  2⤵
  PID:10636
- C:\Windows\System\XqwaiMJ.exe
  C:\Windows\System\XqwaiMJ.exe
  2⤵
  PID:11176
- C:\Windows\System\RBKbfKw.exe
  C:\Windows\System\RBKbfKw.exe
  2⤵
  PID:11112
- C:\Windows\System\xSuGezD.exe
  C:\Windows\System\xSuGezD.exe
  2⤵
  PID:11272
- C:\Windows\System\aNAjtFb.exe
  C:\Windows\System\aNAjtFb.exe
  2⤵
  PID:11296
- C:\Windows\System\ckmehey.exe
  C:\Windows\System\ckmehey.exe
  2⤵
  PID:11312
- C:\Windows\System\jdVKbXt.exe
  C:\Windows\System\jdVKbXt.exe
  2⤵
  PID:11364
- C:\Windows\System\aWXrLBC.exe
  C:\Windows\System\aWXrLBC.exe
  2⤵
  PID:11388
- C:\Windows\System\VOssAvF.exe
  C:\Windows\System\VOssAvF.exe
  2⤵
  PID:11408
- C:\Windows\System\ovOJKCI.exe
  C:\Windows\System\ovOJKCI.exe
  2⤵
  PID:11424
- C:\Windows\System\fBtjByh.exe
  C:\Windows\System\fBtjByh.exe
  2⤵
  PID:11460
- C:\Windows\System\sqREdsH.exe
  C:\Windows\System\sqREdsH.exe
  2⤵
  PID:11484
- C:\Windows\System\qBBDAIY.exe
  C:\Windows\System\qBBDAIY.exe
  2⤵
  PID:11504
- C:\Windows\System\EfthDcU.exe
  C:\Windows\System\EfthDcU.exe
  2⤵
  PID:11572
- C:\Windows\System\hSEPenw.exe
  C:\Windows\System\hSEPenw.exe
  2⤵
  PID:11604
- C:\Windows\System\DoySEEI.exe
  C:\Windows\System\DoySEEI.exe
  2⤵
  PID:11624
- C:\Windows\System\kQpPWQD.exe
  C:\Windows\System\kQpPWQD.exe
  2⤵
  PID:11644
- C:\Windows\System\uTLowtc.exe
  C:\Windows\System\uTLowtc.exe
  2⤵
  PID:11668
- C:\Windows\System\SnxrmBB.exe
  C:\Windows\System\SnxrmBB.exe
  2⤵
  PID:11704
- C:\Windows\System\XLBQwfW.exe
  C:\Windows\System\XLBQwfW.exe
  2⤵
  PID:11748
- C:\Windows\System\FvzFSpG.exe
  C:\Windows\System\FvzFSpG.exe
  2⤵
  PID:11764
- C:\Windows\System\PqXyODP.exe
  C:\Windows\System\PqXyODP.exe
  2⤵
  PID:11788
- C:\Windows\System\OEWfDXa.exe
  C:\Windows\System\OEWfDXa.exe
  2⤵
  PID:11820
- C:\Windows\System\fYkgPFS.exe
  C:\Windows\System\fYkgPFS.exe
  2⤵
  PID:11864
- C:\Windows\System\yDbnjBy.exe
  C:\Windows\System\yDbnjBy.exe
  2⤵
  PID:11884
- C:\Windows\System\qpjKxpD.exe
  C:\Windows\System\qpjKxpD.exe
  2⤵
  PID:11904
- C:\Windows\System\FdsdpLe.exe
  C:\Windows\System\FdsdpLe.exe
  2⤵
  PID:11932
- C:\Windows\System\mGfFtTd.exe
  C:\Windows\System\mGfFtTd.exe
  2⤵
  PID:11948
- C:\Windows\System\SgaknZB.exe
  C:\Windows\System\SgaknZB.exe
  2⤵
  PID:11972
- C:\Windows\System\cwdKOjC.exe
  C:\Windows\System\cwdKOjC.exe
  2⤵
  PID:11988
- C:\Windows\System\yxhsTtf.exe
  C:\Windows\System\yxhsTtf.exe
  2⤵
  PID:12008
- C:\Windows\System\bdyxHwd.exe
  C:\Windows\System\bdyxHwd.exe
  2⤵
  PID:12080
- C:\Windows\System\RNPfKMA.exe
  C:\Windows\System\RNPfKMA.exe
  2⤵
  PID:12112
- C:\Windows\System\dJfZWUr.exe
  C:\Windows\System\dJfZWUr.exe
  2⤵
  PID:12132
- C:\Windows\System\FDtZxys.exe
  C:\Windows\System\FDtZxys.exe
  2⤵
  PID:12148
- C:\Windows\System\msDGLtu.exe
  C:\Windows\System\msDGLtu.exe
  2⤵
  PID:12172
- C:\Windows\System\GQguNaw.exe
  C:\Windows\System\GQguNaw.exe
  2⤵
  PID:12192
- C:\Windows\System\LtYSDSL.exe
  C:\Windows\System\LtYSDSL.exe
  2⤵
  PID:12212
- C:\Windows\System\yPXAYEG.exe
  C:\Windows\System\yPXAYEG.exe
  2⤵
  PID:12236
- C:\Windows\System\CcZYsmt.exe
  C:\Windows\System\CcZYsmt.exe
  2⤵
  PID:12268
- C:\Windows\System\jFiZEDi.exe
  C:\Windows\System\jFiZEDi.exe
  2⤵
  PID:11064
- C:\Windows\System\OTODQvu.exe
  C:\Windows\System\OTODQvu.exe
  2⤵
  PID:11356
- C:\Windows\System\oqArRpO.exe
  C:\Windows\System\oqArRpO.exe
  2⤵
  PID:11416
- C:\Windows\System\RRiEiTJ.exe
  C:\Windows\System\RRiEiTJ.exe
  2⤵
  PID:11496
- C:\Windows\System\cWCvnAO.exe
  C:\Windows\System\cWCvnAO.exe
  2⤵
  PID:11476
- C:\Windows\System\JNfgpfT.exe
  C:\Windows\System\JNfgpfT.exe
  2⤵
  PID:11616
- C:\Windows\System\vIieYks.exe
  C:\Windows\System\vIieYks.exe
  2⤵
  PID:11716
- C:\Windows\System\ZvAtsjw.exe
  C:\Windows\System\ZvAtsjw.exe
  2⤵
  PID:11784
- C:\Windows\System\hREyMNw.exe
  C:\Windows\System\hREyMNw.exe
  2⤵
  PID:11804
- C:\Windows\System\IhNCQTc.exe
  C:\Windows\System\IhNCQTc.exe
  2⤵
  PID:11872
- C:\Windows\System\iJyTxCy.exe
  C:\Windows\System\iJyTxCy.exe
  2⤵
  PID:11956
- C:\Windows\System\rsZSFpn.exe
  C:\Windows\System\rsZSFpn.exe
  2⤵
  PID:11924
- C:\Windows\System\FINuDZi.exe
  C:\Windows\System\FINuDZi.exe
  2⤵
  PID:11980
- C:\Windows\System\rawbjXm.exe
  C:\Windows\System\rawbjXm.exe
  2⤵
  PID:12180
- C:\Windows\System\xLzKhWp.exe
  C:\Windows\System\xLzKhWp.exe
  2⤵
  PID:12140
- C:\Windows\System\AwRtTMr.exe
  C:\Windows\System\AwRtTMr.exe
  2⤵
  PID:12232
- C:\Windows\System\rAURexH.exe
  C:\Windows\System\rAURexH.exe
  2⤵
  PID:11288
- C:\Windows\System\kPUtdIh.exe
  C:\Windows\System\kPUtdIh.exe
  2⤵
  PID:11436
- C:\Windows\System\CmRNytQ.exe
  C:\Windows\System\CmRNytQ.exe
  2⤵
  PID:12052
- C:\Windows\System\YuIuyhu.exe
  C:\Windows\System\YuIuyhu.exe
  2⤵
  PID:12124
- C:\Windows\System\opwcQdi.exe
  C:\Windows\System\opwcQdi.exe
  2⤵
  PID:11524
- C:\Windows\System\uEOgBAj.exe
  C:\Windows\System\uEOgBAj.exe
  2⤵
  PID:11660
- C:\Windows\System\zNgQJYI.exe
  C:\Windows\System\zNgQJYI.exe
  2⤵
  PID:11268
- C:\Windows\System\Qescvai.exe
  C:\Windows\System\Qescvai.exe
  2⤵
  PID:1128
- C:\Windows\System\pkIehfO.exe
  C:\Windows\System\pkIehfO.exe
  2⤵
  PID:11400
- C:\Windows\System\ZcohyMV.exe
  C:\Windows\System\ZcohyMV.exe
  2⤵
  PID:11568
- C:\Windows\System\xfJcpdr.exe
  C:\Windows\System\xfJcpdr.exe
  2⤵
  PID:4856
- C:\Windows\System\ewbQNjm.exe
  C:\Windows\System\ewbQNjm.exe
  2⤵
  PID:12164
- C:\Windows\System\mrFQOJv.exe
  C:\Windows\System\mrFQOJv.exe
  2⤵
  PID:12300
- C:\Windows\System\ktTUWJc.exe
  C:\Windows\System\ktTUWJc.exe
  2⤵
  PID:12364
- C:\Windows\System\KdlIgiF.exe
  C:\Windows\System\KdlIgiF.exe
  2⤵
  PID:12408
- C:\Windows\System\WzaUnYx.exe
  C:\Windows\System\WzaUnYx.exe
  2⤵
  PID:12432
- C:\Windows\System\JFmjdEd.exe
  C:\Windows\System\JFmjdEd.exe
  2⤵
  PID:12496
- C:\Windows\System\wzaXYYX.exe
  C:\Windows\System\wzaXYYX.exe
  2⤵
  PID:12516
- C:\Windows\System\voshIvr.exe
  C:\Windows\System\voshIvr.exe
  2⤵
  PID:12552
- C:\Windows\System\HnzPsIG.exe
  C:\Windows\System\HnzPsIG.exe
  2⤵
  PID:12584
- C:\Windows\System\trnJRYt.exe
  C:\Windows\System\trnJRYt.exe
  2⤵
  PID:12612
- C:\Windows\System\DRCYNAR.exe
  C:\Windows\System\DRCYNAR.exe
  2⤵
  PID:12640
- C:\Windows\System\ijFwvvY.exe
  C:\Windows\System\ijFwvvY.exe
  2⤵
  PID:12656
- C:\Windows\System\PvZlJgK.exe
  C:\Windows\System\PvZlJgK.exe
  2⤵
  PID:12692
- C:\Windows\System\QypwbJK.exe
  C:\Windows\System\QypwbJK.exe
  2⤵
  PID:12724
- C:\Windows\System\IVXCWJH.exe
  C:\Windows\System\IVXCWJH.exe
  2⤵
  PID:12744
- C:\Windows\System\sQGiBYJ.exe
  C:\Windows\System\sQGiBYJ.exe
  2⤵
  PID:12780
- C:\Windows\System\ZNfgqMI.exe
  C:\Windows\System\ZNfgqMI.exe
  2⤵
  PID:12804
- C:\Windows\System\cooswog.exe
  C:\Windows\System\cooswog.exe
  2⤵
  PID:12824
- C:\Windows\System\TJhRKds.exe
  C:\Windows\System\TJhRKds.exe
  2⤵
  PID:12856
- C:\Windows\System\yxfigLW.exe
  C:\Windows\System\yxfigLW.exe
  2⤵
  PID:12880
- C:\Windows\System\CPHmZxX.exe
  C:\Windows\System\CPHmZxX.exe
  2⤵
  PID:12896
- C:\Windows\System\ssmckbz.exe
  C:\Windows\System\ssmckbz.exe
  2⤵
  PID:12936
- C:\Windows\System\VUGqNKI.exe
  C:\Windows\System\VUGqNKI.exe
  2⤵
  PID:12992
- C:\Windows\System\jECquNF.exe
  C:\Windows\System\jECquNF.exe
  2⤵
  PID:13016
- C:\Windows\System\DtLAMBw.exe
  C:\Windows\System\DtLAMBw.exe
  2⤵
  PID:13032
- C:\Windows\System\bzvAQPm.exe
  C:\Windows\System\bzvAQPm.exe
  2⤵
  PID:13052
- C:\Windows\System\PIxWtuq.exe
  C:\Windows\System\PIxWtuq.exe
  2⤵
  PID:13092
- C:\Windows\System\KIjCZDM.exe
  C:\Windows\System\KIjCZDM.exe
  2⤵
  PID:13120
- C:\Windows\System\DqBRucX.exe
  C:\Windows\System\DqBRucX.exe
  2⤵
  PID:13136
- C:\Windows\System\YEMGCgj.exe
  C:\Windows\System\YEMGCgj.exe
  2⤵
  PID:13160
- C:\Windows\System\WVFYMmy.exe
  C:\Windows\System\WVFYMmy.exe
  2⤵
  PID:13180
- C:\Windows\System\WlaNBjG.exe
  C:\Windows\System\WlaNBjG.exe
  2⤵
  PID:13196
- C:\Windows\System\VvboRsA.exe
  C:\Windows\System\VvboRsA.exe
  2⤵
  PID:13216
- C:\Windows\System\yOzNaPy.exe
  C:\Windows\System\yOzNaPy.exe
  2⤵
  PID:13272
- C:\Windows\System\DNdOwxi.exe
  C:\Windows\System\DNdOwxi.exe
  2⤵
  PID:13296
- C:\Windows\System\CjwkroY.exe
  C:\Windows\System\CjwkroY.exe
  2⤵
  PID:12292
- C:\Windows\System\zPtRCbD.exe
  C:\Windows\System\zPtRCbD.exe
  2⤵
  PID:11636
- C:\Windows\System\YtIfmSu.exe
  C:\Windows\System\YtIfmSu.exe
  2⤵
  PID:12344
- C:\Windows\System\THTKzpT.exe
  C:\Windows\System\THTKzpT.exe
  2⤵
  PID:12360
- C:\Windows\System\LgGKQyc.exe
  C:\Windows\System\LgGKQyc.exe
  2⤵
  PID:12428
- C:\Windows\System\BWZhicm.exe
  C:\Windows\System\BWZhicm.exe
  2⤵
  PID:12512
- C:\Windows\System\xeAWjXi.exe
  C:\Windows\System\xeAWjXi.exe
  2⤵
  PID:12576
- C:\Windows\System\OUpiMdb.exe
  C:\Windows\System\OUpiMdb.exe
  2⤵
  PID:12628
- C:\Windows\System\bjhDsPQ.exe
  C:\Windows\System\bjhDsPQ.exe
  2⤵
  PID:12684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\site-d059d883a114[1].css

Filesize
66KB

MD5
06ad9bc6321c6fed15c64dd375c36d90

SHA1
2abef97ab0621a1d832c6ca784721adad5bc8315

SHA256
74439e916848a6d30f2933b4e7c5a88b41d8ca3a1593f68a82596379806d4ae6

SHA512
d059d883a114193dd05c54c9d3db4f1552bba29320d529b3abed354152a17bcd773dfdec46afc8c2f2d7fd7f13ff85042fa697d761cb7a3447a8488349c81e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aol33xix.a0r.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ABwKkcj.exe

Filesize
1.6MB

MD5
4c477d5766191af239f88f9a42e825bc

SHA1
412d0271e2745527ea739ec4bf434a08eb1fe57a

SHA256
b1a69a4fcacf94acddb45b7004dccf85aeaca35985085624e98ead753541e0cb

SHA512
974ebddc46fde183d826c98521bca0839bb8bd810c9d39528bd281de1e6c229fb308768ff9d91e9849671d0aa591bcc9905f8c9d205e354b3ca4fe286401809f

Download Submit
C:\Windows\System\AdltKev.exe

Filesize
1.6MB

MD5
8b0654942761e64a0a991205082cd090

SHA1
032f72922588eef847bd8f627c637a78a068b115

SHA256
909721ac9a75a781cefd4861beb14403b5047fb31e8dd5bee4d1890392e80efd

SHA512
9d2290b536e308b3680d2c50584dd9279ee752d12af4437aa324e583f463e1b8ac8657398d1ef373533ee6a625deeab16cb8b6f38ebf0a9ab82351cdcba194db

Download Submit
C:\Windows\System\CNRnaGJ.exe

Filesize
1.6MB

MD5
12e149132fe7a3ee8f33dafdbbd7bd59

SHA1
8725e35a18af15682a0ad87a2c0cc06040712564

SHA256
7b3f8bad8ed9ce75b7b75d26e3991d1117e0bdc9dd6f617fca93b9a9ed828306

SHA512
991c4fcca4508ee4f09d85ba39531e97da91bdb4951cb88a507b323ff9a774dcad3f7457eed3aea7971fdbe2f69e4ee6abbe591649163f03ac445507d86ebdbc

Download Submit
C:\Windows\System\ChYVPWS.exe

Filesize
1.6MB

MD5
bdbf9d7ebc822839896da9d20fb45aa8

SHA1
c2fa1b88c5503cf2a6a87e23abaeb40483975315

SHA256
4db2dcfb21712573ed22dcf49392fd56d35f2d36e4b314099ecd254b948f827f

SHA512
1c2a046866d189c68480ed76c8fd4832b6917259779dc638af34007095d0b648acb75de08733f8499c0aa5480f063ce557e68914245ba9d91ba19c8ef22cc1cb

Download Submit
C:\Windows\System\EeWfDUj.exe

Filesize
1.6MB

MD5
554cef904bd5c20ea8c971ae2dcb86fe

SHA1
f906d66eef8e92ead714f44a01e92ef396053e2a

SHA256
b6d83909ad7d1a130f66c5a81991d28cecc711b161bf1123640de3b6996c2785

SHA512
8d2eb329acfc0b04510a254541046c8a5af40e20a49196182ea733c1f079e7cf98e34ee76627f99b9a07fdc89e261363e08d8eb76677e95340fbe77ba733cb29

Download Submit
C:\Windows\System\EivUIXO.exe

Filesize
1.6MB

MD5
27eeeb745834113aa2fb81a0f4628ee7

SHA1
aa42c305883d13d797d1f2e00ebfff6155307791

SHA256
2fc6bf2fd77370f12cb542933f1e3f6f3d956f138fe62b0428aa9eed7d79eabc

SHA512
7bd753a114e011b0c5780671f0183a8b200dd7dd68bb8eff3a7a2d1ec6ee12da7a2ae6905526d9b7c857b5709be423aadc8c1234e578da2a5cb6b20561d1c881

Download Submit
C:\Windows\System\Gwnqegt.exe

Filesize
1.6MB

MD5
35ca13f653abcdc54bb1ae56fdde0306

SHA1
5c9be6909fde2166204c8720f8a9a61af49776e1

SHA256
a02622f7e027a2667d0f0e782d573a92157bfa26625e7b87044b88a0724a2382

SHA512
a756ce696de94c8c5e79d9a25de3b6af3893488f44ea012f4b4c23b34044c0fd4c3332e5bff384f5ab07fe93b0ca68dbe23a116b4ef00fce6748686cd85954ac

Download Submit
C:\Windows\System\HyUwxxR.exe

Filesize
1.6MB

MD5
56c2e722c217ee6fc2127e204750bba1

SHA1
0b2025afca710f3f28f2a113d3e631484b0346d7

SHA256
dff758916b2e3e3a67d2353d8c628c196ff268642c3c9747d11a55321360332d

SHA512
bd7b03c33664d0191a391f2035e6ecf6ffa13ed5c1ba3da897a051aad57124351c9baf2b4fd8e1602bf873436ee05d3945bae911e7970a1c637776f5981f8790

Download Submit
C:\Windows\System\IoykRyA.exe

Filesize
1.6MB

MD5
ab423f17f812cdbc4907b781017e6e3d

SHA1
f467d5c287264cde8cdd13f15944d17ca8205026

SHA256
014ec9e1c1a1baac8780e90ea0b1d033064cec1daac98c477032f5a7091d620d

SHA512
89d4ae76f76a688ee39d7ef741d0e6ae59dbb249ebf2bd4ced527ca08d5562115b936b09ef8e5ae00d5cec065e7d0f8ca18824fd66d59b884cef61b5dddeb54c

Download Submit
C:\Windows\System\JDlXQkA.exe

Filesize
1.6MB

MD5
8883e2428eb0ff8b0fc3829f5a28099d

SHA1
115fd182beb9894ac65a88a6e4d51a1068077e8b

SHA256
b983e41af9d4a0430c35b0b29231920b8cf8d700f19aebf504bf30f1376e37c1

SHA512
f4aea058b77388015960ede4ec99a966605af18c9a64b775ee0a5ec88e7100e1223b3c99b13256172b5c94b534bb5814c2017f51a1a1d76446a8b4b13bee2954

Download Submit
C:\Windows\System\JjzNPwW.exe

Filesize
1.6MB

MD5
23b46da96ce2b52fa5ac7501c3af08c5

SHA1
b3cf1342702575fff408f27d067c2f39b04f9b8d

SHA256
26c2c983ccbc7da921f7bcad3191bb90da1b7a2eabec79128b9717915743af42

SHA512
b594545bc206a46fb78a82320f42848067f4c14b965ec0006001a91dbd2daea7c9956f04dec886f82c17a35601bb02d4c6ff81d6caf3d74e7d07b4820f70a23b

Download Submit
C:\Windows\System\KTrsNtm.exe

Filesize
1.6MB

MD5
144b0fe2d321a84464b4a2d8af873edd

SHA1
7a15139b161e73dcff0e294057641179dcfc4842

SHA256
e4b7d615cbef4fff9f49c21b2fe50721b9ad2cae9d23f4c3b5914f7a3c7a2191

SHA512
2bf2bbf6efe8dbf659fcea38ae13ec87b7fe7a35f413ba0e85f1a7bcbfa7c6918c026fe7722ddb2a5bbd1565fa066d9796c608f290e08cbf700782bc0502f070

Download Submit
C:\Windows\System\NxNkoSn.exe

Filesize
1.6MB

MD5
c481ee7131c712f931fd3e20baf35eb6

SHA1
dfa541c4e7aa36d600c97e5a0649cfe9039e94ad

SHA256
5a1f1981f0b13d1c4e998a293079049dab7cbaec669e7bf891183ac0ba9f740c

SHA512
aca34d297a6cc4c59a29ae5b7bdf3600585521ede721d120259ae68689a048d16c36e983680c7478022be6696849c1efcc1fba763f4ed76dac3b4b6898800ec2

Download Submit
C:\Windows\System\OtnEzLF.exe

Filesize
1.6MB

MD5
2308877e23eb13a0f10096ec83d29d41

SHA1
ae7b5bc49d6c711126f2f502c4f05128f970cef1

SHA256
dbe41531dc1da23445f14acf2d10c8ed6f09546327cbf2798daaf5c05ad10651

SHA512
c101ebad2f884518242450c2a2808fa5de8bf10cc89231e67e2b3ae05a03b62ea21d5adf531368c4803d234b0de1d29a3e279f24b559b154beaf29e3ef72ea3a

Download Submit
C:\Windows\System\PhnYSfy.exe

Filesize
1.6MB

MD5
4165aec0bf99838465021300d7d54ac0

SHA1
f62349cf187ab0a1989a3dd1c60751477a9bca46

SHA256
4534ba812302a3a4d8e9d54f021ea01c71db4479f678097726e346e8190d5891

SHA512
09ff6d94afce31c2c2baf18d979dd5ae83f5ef5b72cc6ea1fe8b371fa044036a80a440c4d4c84e2d98926261ca83a1822f2021a4fafd87581fece7adf4b9a4d5

Download Submit
C:\Windows\System\QOxHOQD.exe

Filesize
8B

MD5
8a9416a5ba3f4513ce86ee25fcd9ed2c

SHA1
a36f3dd1333c8cfee404b646d4c6809d7e653313

SHA256
fb7dd3a16f87fe8b7e98987069f2b605508df1550402bd2a9bfdec4856b1a59a

SHA512
c747d417c3e282ae9ec82b691c8fea9cb7d0729d1dda54d2144fa9c71dd39f2ab11cee5a6768a89cb91fd4a7ae6e579302cb4e4de8d6384014994320074580a4

Download Submit
C:\Windows\System\QhQrkxU.exe

Filesize
1.6MB

MD5
68da7f7c56c24957789325386d7e483d

SHA1
1639fc80995a0c7358f545205ea01785cf033b49

SHA256
b71da27911b3e0b6922d14d1bfe7d0b981162733b27618a5a1b16feefe01a8c2

SHA512
bce2e5c79360ae4337fb00b87db50844b1892a1788263f6049192e2901c890e53a35e15072b505e47d59b1cd7fa4d429d823b0cb34cfbafed3c3a36f040976f1

Download Submit
C:\Windows\System\RnxBCRQ.exe

Filesize
1.6MB

MD5
dd251ffd89e35ca8213ae768aaeb6a66

SHA1
f3e8f6462173fc299eb9c3c131132931a928e370

SHA256
dc61c0f17bdf9cf310f168301b7462bde0dad6236d2765dc66b416995b720a19

SHA512
a904845d09b6b8875653c2be7137952d6f2c18e55fee7cc7981a6f3f2e86be44b9987dc98aa47491a23753d7fd04db85d4d4c93e68ac668246e5b78372479acc

Download Submit
C:\Windows\System\SUApgxL.exe

Filesize
1.6MB

MD5
62800fffea12132833ba2a2cff63f025

SHA1
cd773c2d60d862c3b9ea613682df0ef984a918b9

SHA256
0ea4196ab43097acb0002aed36ea9dac3d95d88ce403035e4d2a7916506af3b0

SHA512
785cfd6a26b6c94480366b40bdf1c19acc0a5df8b0e4241a3807b27f097065521204574cd0b3a7bb0fc9dfa5fd80c726738a27c6b4f157eb088f2f240e64919a

Download Submit
C:\Windows\System\UdAucbO.exe

Filesize
1.6MB

MD5
085ae4a213ac1eed1922a32c38565133

SHA1
b722f69beb3a5496a4f764b0f62885b84c21c0b5

SHA256
99a8b7f9aa3c0694af04f470b8183f1cbb51a52303b18d828b1606df42812776

SHA512
d3a7d0839e8c1252086c8e43965ea60d3cccd5ca1930aa35b81cad5dbe455b284070751d63cd8bb832e2ac56da811567051538c6bdfe0713208e27fa91051dd6

Download Submit
C:\Windows\System\WwKkjir.exe

Filesize
1.6MB

MD5
2575abf1fb2f16bfea67c8c7ca321613

SHA1
383a73b6217c01000fda1b0d585bb5962b9fe9d2

SHA256
736d44768b6073741834576afad159d7a4211d71487af45ad13031ee8b0525b3

SHA512
6a4b73738d443ff0965ac24c3c201d0d611b7f494d3f01b2a390368ebd507383f9b60a2fccda471ae09ceeefc5c334e257d82c867f363fee6c20d32dbc01ba60

Download Submit
C:\Windows\System\XrFlUYb.exe

Filesize
1.6MB

MD5
98cb612e373aebbba37f3591156f94fc

SHA1
c4b5647e66e35fed0f7698c360d2ff4866106a03

SHA256
5660e34ae19e66cafd3b60736dc79bc5e724025b7e2e733acf08d9f03e122c9c

SHA512
494ea942d44cc37cb4a2c8261a10fa06a0f741eae09b87b72f8926760e16ee763ea955ffccc908598b8f863e64d9af6c65db2471a0914c42e038a1975137fc52

Download Submit
C:\Windows\System\ZDkToOs.exe

Filesize
1.6MB

MD5
0712262f28c7c4fb087a17a3d8ac8216

SHA1
617f4d8f3eb33e9bfb62280db1aaad1416a526d1

SHA256
6d3a5fe45fe18a5969f9acf7f07c30d7d2bcf7fe1a9ad7c5d550afc763f52f8d

SHA512
4a6961cf268648b3b0a00d7ad53cb537ec03789bd04a459d87e215019bab3930b525eec09894149f258b3ad1a29e1b232f90d61ab1542bee47390c99e41ce058

Download Submit
C:\Windows\System\aGQOKnr.exe

Filesize
1.6MB

MD5
1f9ee25018f17acb462e67c6a59cc834

SHA1
1eec0248b553f0d7a4ef917a07e96e1b400a6902

SHA256
fe6b3d1a5f1b7828509c17fa754692a65db8807ffcc32880e73c05d46f5e11a9

SHA512
813b3965c1ad51d6ceb4abedac8dcf4ebd271bae6dbea68304e9fc807df5e0b2cad6fa42ef03c867abdb54f332cfc12a943b8b627905238ac74a66b1c8f0afd3

Download Submit
C:\Windows\System\dBOQinQ.exe

Filesize
1.6MB

MD5
06aa0c9fa1fcc8ed57a7c4a745d69bb0

SHA1
f3cd96d2729db8820f8932b7d650f62d44a6377c

SHA256
4eb46208fa48a49ffa82b47c4c7ae0bceb4eb05994b2e901c19fe793abf89416

SHA512
8fec68a72368c5df2390a31e5bd47e89b1e774ba2841879b19c833c04840754697c7c37371e41d042c56dc986a18f0d5d2d5a6064916b4b6b7b6fe1a0e8e2bb3

Download Submit
C:\Windows\System\dSxAPVj.exe

Filesize
1.6MB

MD5
e62a6cdf10fd17729f5ff3b6e7224e94

SHA1
87caaa97309ab2e64358a483301bc95215698c02

SHA256
d7d9c46903e1a4ac7d2a4364b14d361dcaaf855ab6f14fdb79a98da4a5ae683b

SHA512
079b3ad99c67520149f58e98dd99d9f3b1dd928c6324f6c5533f8b5c5a1b75f9cc9ec119991c49d000730a01fc4d75afdd2ef6ba5cc4787361c18a93714c6d63

Download Submit
C:\Windows\System\dgyTSlr.exe

Filesize
1.6MB

MD5
447dd514fc6fce1314aac908eebd4929

SHA1
5450081f29ffc12180b3b8b4cef923d64158acec

SHA256
6c810448f68cf65ab564df673b20b1cf2ea3c3a520a79847c5a0ebbd5805b424

SHA512
6fbe592b9099b02f75c7366239b533a7601369294f4f1d2364e51300012515d2fe28e7b5cf86e7dec4c8d9b9d8c9a1bb54f1f17bdec6c139853974539c4e6c56

Download Submit
C:\Windows\System\iTpeRQP.exe

Filesize
1.6MB

MD5
5cef37d05812e39d3d2c9b8e31f72d48

SHA1
c606cdc3dbdf3ae6783efa125c605d8054c738bb

SHA256
1058e1e7b3e935b2ad4c4c6e699bbee23b2f685d2a474378ad5002ca1be5ab5d

SHA512
383850416956bbaae696548dd0387eb91e69cef28e21a204c7816db9497adeb64e8748627b08e88e0aa3a3804a2119df8d8fe1bf7f32376366a44e682afaec26

Download Submit
C:\Windows\System\lGMuIyW.exe

Filesize
1.6MB

MD5
d6f69735d3f365ee01e4d4fb45f069de

SHA1
5ae8b71ef86c904745052db333e2756d3412f792

SHA256
13c9e59c0955eb8a19c02effd8f88f4b53b5aea7b8652e1135a081d26bcb62ab

SHA512
4464179749a30cc3eb4bad85fe5893a99091432fafc8ee5c8b2e5028f3bf98903d8535ebdf468ea1260eba1c7decc99a295964d14413e88abdbc18275b50e2dd

Download Submit
C:\Windows\System\lfnsXOq.exe

Filesize
1.6MB

MD5
808eb5fef479125a5bee14bfde627628

SHA1
ff116fd251a111e128f0f498e4da278cbcf5c7ee

SHA256
018d2d00bed1a1bcea5826c0c4f6b299b3fd94252896299dc5dd5c716c27514a

SHA512
053ceb4e02cef681e547aa16796e26cce5ca1e4901cf1386dd0a25785885de387224aa307961afd6ef9d46169a213fcd691544fb1efa8168aebc517871dfdd22

Download Submit
C:\Windows\System\qvUGgHi.exe

Filesize
1.6MB

MD5
a657061cad070a1f5f6c68564adfcfab

SHA1
56a6658f0b02609f90798a4ee8c3bc31fadcf9dc

SHA256
b23e2ae2786dbe9254190ec500988e80995ac5c3ca742df9b95fb9e6f057f8d7

SHA512
189c39775f2635dd964114775889a9bc960d5fd22fe929c021c61e0c49cf6bd507b3f4d8e88f6877df6d9ea34637c7527366a40870e814a4a463ab55ea49fa27

Download Submit
C:\Windows\System\snaRkyh.exe

Filesize
1.6MB

MD5
dda598a2cfc92585c56f263c557c48d6

SHA1
0b77196d4b353043bf5807fc34798291af6d8d40

SHA256
8cd42abf9ba23243a0ae502370edf09d1ca8fa1ac29b4a209efcb30c2248ac54

SHA512
53c1e0d6af1a714d0873605b70b5f6e7c11db011f835f7bd55a27c152d0fde310fec1419930123b85c67fcd99a41515325ef4b7708b5e3d618c50d816140a3ae

Download Submit
C:\Windows\System\stKrPPe.exe

Filesize
1.6MB

MD5
6a4e50bd07a1ea6f6d13c464fe9caa51

SHA1
c5b4b50e2c70239d7d9609a148b79d034026d06c

SHA256
26564c4572d2acdc6240d90591cf6ef852b5b7fc15a8678c4ae0d24fd2db33fb

SHA512
b7cba03f845c400a45f3b9e9f3104b7de49b6ee853049e7d51dd163222db3f9c2d2fcc9fc256f5e62a0d47bc31ff4b046182f7024b48b328eaec0495452344c5

Download Submit
C:\Windows\System\zEzSMAX.exe

Filesize
1.6MB

MD5
9bf7f0907e314077d1a7d71455b4c76b

SHA1
0b1a2e3febaeeadd41638f8f1b03024aab93abee

SHA256
0821feb5dae9c740417e0762ecbcc60a4de3e654c7a31ed8f2c7517d3399350e

SHA512
47762fbc4fe30bf62d5cd074042e9b7057f8efc731bf4d29bbf5598e6470fb4b787a376032cd1634b8d137fd75cff7ac18a28a7d782dc1baf28435a398c9f710

Download Submit
memory/404-53-0x00007FF6EE6D0000-0x00007FF6EEAC2000-memory.dmp

Filesize
3.9MB

Download
memory/456-75-0x00007FF77FA70000-0x00007FF77FE62000-memory.dmp

Filesize
3.9MB

Download
memory/744-178-0x00007FF7DEC80000-0x00007FF7DF072000-memory.dmp

Filesize
3.9MB

Download
memory/1208-102-0x00007FF673C40000-0x00007FF674032000-memory.dmp

Filesize
3.9MB

Download
memory/1284-64-0x00007FF770E30000-0x00007FF771222000-memory.dmp

Filesize
3.9MB

Download
memory/1488-41-0x00007FF73E2C0000-0x00007FF73E6B2000-memory.dmp

Filesize
3.9MB

Download
memory/1492-1324-0x00007FF701820000-0x00007FF701C12000-memory.dmp

Filesize
3.9MB

Download
memory/1492-57-0x00007FF701820000-0x00007FF701C12000-memory.dmp

Filesize
3.9MB

Download
memory/1676-155-0x00007FF674EE0000-0x00007FF6752D2000-memory.dmp

Filesize
3.9MB

Download
memory/1920-1993-0x00007FF7FA390000-0x00007FF7FA782000-memory.dmp

Filesize
3.9MB

Download
memory/1920-63-0x00007FF7FA390000-0x00007FF7FA782000-memory.dmp

Filesize
3.9MB

Download
memory/1996-79-0x00007FF638F70000-0x00007FF639362000-memory.dmp

Filesize
3.9MB

Download
memory/2280-159-0x00007FF694670000-0x00007FF694A62000-memory.dmp

Filesize
3.9MB

Download
memory/2508-154-0x00007FF7E22B0000-0x00007FF7E26A2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-170-0x00007FF6178E0000-0x00007FF617CD2000-memory.dmp

Filesize
3.9MB

Download
memory/3036-164-0x00007FF743B90000-0x00007FF743F82000-memory.dmp

Filesize
3.9MB

Download
memory/3060-43-0x00007FF7C0870000-0x00007FF7C0C62000-memory.dmp

Filesize
3.9MB

Download
memory/3284-36-0x00007FF6C8EC0000-0x00007FF6C92B2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-163-0x00007FF623180000-0x00007FF623572000-memory.dmp

Filesize
3.9MB

Download
memory/3708-2005-0x00007FF66F590000-0x00007FF66F982000-memory.dmp

Filesize
3.9MB

Download
memory/3708-68-0x00007FF66F590000-0x00007FF66F982000-memory.dmp

Filesize
3.9MB

Download
memory/3960-85-0x00007FF754750000-0x00007FF754B42000-memory.dmp

Filesize
3.9MB

Download
memory/4408-88-0x00000251DFD60000-0x00000251E0506000-memory.dmp

Filesize
7.6MB

Download
memory/4408-136-0x00007FFF27990000-0x00007FFF28451000-memory.dmp

Filesize
10.8MB

Download
memory/4408-45-0x00000251DCEB0000-0x00000251DCED2000-memory.dmp

Filesize
136KB

Download
memory/4408-33-0x00000251DCF40000-0x00000251DCF50000-memory.dmp

Filesize
64KB

Download
memory/4408-32-0x00000251DCF40000-0x00000251DCF50000-memory.dmp

Filesize
64KB

Download
memory/4408-27-0x00007FFF27990000-0x00007FFF28451000-memory.dmp

Filesize
10.8MB

Download
memory/4588-49-0x00007FF6DC850000-0x00007FF6DCC42000-memory.dmp

Filesize
3.9MB

Download
memory/4688-151-0x00007FF710990000-0x00007FF710D82000-memory.dmp

Filesize
3.9MB

Download
memory/5084-0-0x00007FF7C9070000-0x00007FF7C9462000-memory.dmp

Filesize
3.9MB

Download
memory/5084-171-0x00007FF7C9070000-0x00007FF7C9462000-memory.dmp

Filesize
3.9MB

Download
memory/5084-1-0x000001E405830000-0x000001E405840000-memory.dmp

Filesize
64KB

Download