xmrig | 790c201fbdc4d6eef392ed25360ca4845b24c5a75c67ee7bddfeb71f7c04738b

Analysis

max time kernel
41s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 15:03

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
Size

1.9MB
MD5

07f17ea70d78f64e3a491ef8a69f049c
SHA1

3ec7dd455446c2077efb6ee84d410da9aa093a8e
SHA256

790c201fbdc4d6eef392ed25360ca4845b24c5a75c67ee7bddfeb71f7c04738b
SHA512

0514e6f6e621d0f332e9c59ba65a9d7a1221ba255ab226f313c8badb7dc34d0822f6fdd8e5bba338a7e6dce2dfe6db24a79b537c3bd8964a6b292cd45c51e944
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+UG:NABp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 13 IoCs

miner

resource	yara_rule
behavioral2/memory/1048-30-0x00007FF632EF0000-0x00007FF6332E2000-memory.dmp	xmrig
behavioral2/memory/4204-59-0x00007FF6F92E0000-0x00007FF6F96D2000-memory.dmp	xmrig
behavioral2/memory/936-43-0x00007FF686C10000-0x00007FF687002000-memory.dmp	xmrig
behavioral2/memory/4464-42-0x00007FF6B8860000-0x00007FF6B8C52000-memory.dmp	xmrig
behavioral2/memory/5064-624-0x00007FF749C00000-0x00007FF749FF2000-memory.dmp	xmrig
behavioral2/memory/4908-856-0x00007FF668760000-0x00007FF668B52000-memory.dmp	xmrig
behavioral2/memory/4384-889-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp	xmrig
behavioral2/memory/556-777-0x00007FF750A60000-0x00007FF750E52000-memory.dmp	xmrig
behavioral2/memory/4916-1622-0x00007FF6652B0000-0x00007FF6656A2000-memory.dmp	xmrig
behavioral2/memory/1332-2042-0x00007FF670130000-0x00007FF670522000-memory.dmp	xmrig
behavioral2/memory/2044-2382-0x00007FF7BFAF0000-0x00007FF7BFEE2000-memory.dmp	xmrig
behavioral2/memory/1596-2638-0x00007FF6DB1A0000-0x00007FF6DB592000-memory.dmp	xmrig
behavioral2/memory/4456-3633-0x00007FF69B750000-0x00007FF69BB42000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4464	dzHuini.exe
3672	oDjsVbx.exe
1048	SndmyxP.exe
936	AHgiESl.exe
4916	KRKADGa.exe
4204	PgYrYLF.exe
2044	PsjKHqh.exe
1332	mYumqcc.exe
3664	YSYandU.exe
1500	QSRHwMD.exe
1596	sxpQpRZ.exe
3344	jNCAPtg.exe
1488	hXzLoSF.exe
4456	uzaVvCB.exe
2444	qksfIDb.exe
6020	lCGNxMC.exe
4324	kXyJsKB.exe
4432	GGlNews.exe
556	ofsrZLV.exe
4908	SxVCPTm.exe
4384	RxxtZgB.exe
396	sciFkMI.exe
3016	njFelEE.exe
1816	RbqHJld.exe
2188	IVjiZlw.exe
3208	NEdNVKs.exe
1184	iDxXKDE.exe
3976	UENIOte.exe
3584	gUDDXwg.exe
2620	tjurTdb.exe
2548	gGHzVtb.exe
5116	cOVksUr.exe
1232	iBkcQxj.exe
3480	ErOaZpd.exe
5076	PDpQfPG.exe
3560	objYyAs.exe
4380	yUdyPpD.exe
3232	swnXLtV.exe
2568	eolrAUH.exe
3512	bsKJdFN.exe
4620	RcfGaTH.exe
3628	AfNcyTq.exe
4548	kLrGeKx.exe
5108	jZskLem.exe
4352	yQCRzlG.exe
4912	NZmHGOU.exe
2724	wDzmGzf.exe
2404	wjjjdlc.exe
3720	RlBPkNt.exe
512	ZojHYqQ.exe
4148	rXoLzbJ.exe
3332	JHRKwTz.exe
1968	ktCUREx.exe
1060	zKBwUec.exe
1012	BlRpJZE.exe
2680	vuRmJkC.exe
3812	ySXueSl.exe
3044	dtSglfg.exe
1688	rmRAMXz.exe
1052	LUqeGdT.exe
228	nvLlfbk.exe
1228	wyunGdO.exe
1676	MtNMGOR.exe
4400	aTrmCGO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5064-0-0x00007FF749C00000-0x00007FF749FF2000-memory.dmp	upx
behavioral2/files/0x000c000000023b40-5.dat	upx
behavioral2/files/0x000a000000023b9d-10.dat	upx
behavioral2/files/0x000a000000023ba0-27.dat	upx
behavioral2/memory/1048-30-0x00007FF632EF0000-0x00007FF6332E2000-memory.dmp	upx
behavioral2/memory/3672-23-0x00007FF72B6D0000-0x00007FF72BAC2000-memory.dmp	upx
behavioral2/files/0x000a000000023b9e-20.dat	upx
behavioral2/files/0x000a000000023b9f-26.dat	upx
behavioral2/files/0x000a000000023ba1-31.dat	upx
behavioral2/files/0x000a000000023ba3-46.dat	upx
behavioral2/files/0x000a000000023ba4-60.dat	upx
behavioral2/files/0x000a000000023ba7-66.dat	upx
behavioral2/files/0x000b000000023ba6-72.dat	upx
behavioral2/memory/3664-74-0x00007FF74DE30000-0x00007FF74E222000-memory.dmp	upx
behavioral2/memory/2444-103-0x00007FF6B5E20000-0x00007FF6B6212000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-100.dat	upx
behavioral2/memory/4456-99-0x00007FF69B750000-0x00007FF69BB42000-memory.dmp	upx
behavioral2/files/0x000b000000023ba5-96.dat	upx
behavioral2/files/0x000c000000023b97-94.dat	upx
behavioral2/memory/1488-93-0x00007FF650040000-0x00007FF650432000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-87.dat	upx
behavioral2/memory/3344-86-0x00007FF74E6C0000-0x00007FF74EAB2000-memory.dmp	upx
behavioral2/memory/1596-84-0x00007FF6DB1A0000-0x00007FF6DB592000-memory.dmp	upx
behavioral2/memory/1500-78-0x00007FF6680D0000-0x00007FF6684C2000-memory.dmp	upx
behavioral2/memory/2044-68-0x00007FF7BFAF0000-0x00007FF7BFEE2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-64.dat	upx
behavioral2/memory/1332-63-0x00007FF670130000-0x00007FF670522000-memory.dmp	upx
behavioral2/memory/4204-59-0x00007FF6F92E0000-0x00007FF6F96D2000-memory.dmp	upx
behavioral2/memory/936-43-0x00007FF686C10000-0x00007FF687002000-memory.dmp	upx
behavioral2/memory/4464-42-0x00007FF6B8860000-0x00007FF6B8C52000-memory.dmp	upx
behavioral2/memory/4916-34-0x00007FF6652B0000-0x00007FF6656A2000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-578.dat	upx
behavioral2/files/0x000a000000023bc5-609.dat	upx
behavioral2/memory/6020-642-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc8-608.dat	upx
behavioral2/files/0x000a000000023bc7-607.dat	upx
behavioral2/files/0x000a000000023bc6-606.dat	upx
behavioral2/files/0x000a000000023bc4-604.dat	upx
behavioral2/files/0x000a000000023bc3-603.dat	upx
behavioral2/files/0x000a000000023bc2-601.dat	upx
behavioral2/files/0x000a000000023bc1-600.dat	upx
behavioral2/files/0x000a000000023bc0-599.dat	upx
behavioral2/files/0x0031000000023bbf-598.dat	upx
behavioral2/files/0x0031000000023bbe-597.dat	upx
behavioral2/files/0x0031000000023bbd-596.dat	upx
behavioral2/files/0x000a000000023bbc-595.dat	upx
behavioral2/files/0x000a000000023bbb-594.dat	upx
behavioral2/files/0x000a000000023bba-593.dat	upx
behavioral2/files/0x000a000000023bb9-592.dat	upx
behavioral2/files/0x000a000000023bb8-591.dat	upx
behavioral2/files/0x000a000000023bb7-590.dat	upx
behavioral2/files/0x000a000000023bb6-589.dat	upx
behavioral2/files/0x000a000000023bb5-588.dat	upx
behavioral2/files/0x000a000000023bae-587.dat	upx
behavioral2/files/0x000a000000023bb3-585.dat	upx
behavioral2/files/0x000a000000023bb4-586.dat	upx
behavioral2/files/0x000a000000023bb2-584.dat	upx
behavioral2/files/0x000a000000023bb1-583.dat	upx
behavioral2/files/0x000a000000023bb0-582.dat	upx
behavioral2/files/0x000a000000023baf-581.dat	upx
behavioral2/files/0x000a000000023bac-577.dat	upx
behavioral2/files/0x000a000000023bab-576.dat	upx
behavioral2/files/0x000a000000023baa-572.dat	upx
behavioral2/memory/5064-624-0x00007FF749C00000-0x00007FF749FF2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mpSOcNV.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\CGZywYB.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\TlzkBhD.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ggwBqUq.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\mFKszfX.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\oykfIKe.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\rANWHuj.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\HwZalrd.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\sPLjomJ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\PXJmDfz.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\JhfOfZn.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\pyXIMaZ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\IdBEQBz.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ZwpITlb.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ZnlYQLw.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\uFRFqQz.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\odZDSJn.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\aLVeeiR.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ICaUDOf.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\dIwwYUl.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NNKdJdG.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ezujslA.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\qjddZGH.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\YOEcWOw.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\ZRmhQOG.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\mBegxvC.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\JfpNCmO.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\jQtWsYL.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\vHVoZyi.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\LjhUmhl.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NQsTwRK.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\enWONPY.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NDWyGRs.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\rmNlATZ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\aBamyvk.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\EbVDPCg.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\EccqquQ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\dThpuzn.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\LDtPCXj.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\fyAnvbE.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\qbUdeam.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\zBRWsuC.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\rnzocGL.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\vsNZwlm.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\WAhWRSs.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NwOxHjS.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\RcfGaTH.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NKwfYxV.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\nePQaks.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\DpojiVJ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\RSsNdMP.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\QsgqXfk.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\tfnHPAo.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\oqJBPSX.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\zLFHwkQ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\BrwPbci.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\LNtJosn.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\kMQtZip.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\NGmhQHM.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\rXoLzbJ.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\hEpIFSL.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\cHnVcxc.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\rqlvkIt.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
File created	C:\Windows\System\jecCQhc.exe	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1168	powershell.exe
1168	powershell.exe
1168	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1168	powershell.exe
Token: SeLockMemoryPrivilege	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	3904	dwm.exe
Token: SeChangeNotifyPrivilege	3904	dwm.exe
Token: 33	3904	dwm.exe
Token: SeIncBasePriorityPrivilege	3904	dwm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
13284	sihost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 1168	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	86
PID 5064 wrote to memory of 1168	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	86
PID 5064 wrote to memory of 4464	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	87
PID 5064 wrote to memory of 4464	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	87
PID 5064 wrote to memory of 3672	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	88
PID 5064 wrote to memory of 3672	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	88
PID 5064 wrote to memory of 1048	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	89
PID 5064 wrote to memory of 1048	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	89
PID 5064 wrote to memory of 936	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	90
PID 5064 wrote to memory of 936	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	90
PID 5064 wrote to memory of 4916	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	91
PID 5064 wrote to memory of 4916	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	91
PID 5064 wrote to memory of 4204	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	92
PID 5064 wrote to memory of 4204	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	92
PID 5064 wrote to memory of 2044	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	93
PID 5064 wrote to memory of 2044	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	93
PID 5064 wrote to memory of 1332	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	94
PID 5064 wrote to memory of 1332	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	94
PID 5064 wrote to memory of 3664	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	95
PID 5064 wrote to memory of 3664	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	95
PID 5064 wrote to memory of 1500	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	96
PID 5064 wrote to memory of 1500	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	96
PID 5064 wrote to memory of 1596	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	97
PID 5064 wrote to memory of 1596	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	97
PID 5064 wrote to memory of 3344	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	98
PID 5064 wrote to memory of 3344	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	98
PID 5064 wrote to memory of 1488	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	99
PID 5064 wrote to memory of 1488	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	99
PID 5064 wrote to memory of 4456	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	100
PID 5064 wrote to memory of 4456	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	100
PID 5064 wrote to memory of 2444	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	101
PID 5064 wrote to memory of 2444	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	101
PID 5064 wrote to memory of 4324	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	102
PID 5064 wrote to memory of 4324	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	102
PID 5064 wrote to memory of 4432	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	103
PID 5064 wrote to memory of 4432	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	103
PID 5064 wrote to memory of 556	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	104
PID 5064 wrote to memory of 556	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	104
PID 5064 wrote to memory of 4908	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	105
PID 5064 wrote to memory of 4908	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	105
PID 5064 wrote to memory of 4384	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	106
PID 5064 wrote to memory of 4384	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	106
PID 5064 wrote to memory of 396	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	107
PID 5064 wrote to memory of 396	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	107
PID 5064 wrote to memory of 3016	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	108
PID 5064 wrote to memory of 3016	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	108
PID 5064 wrote to memory of 1816	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	109
PID 5064 wrote to memory of 1816	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	109
PID 5064 wrote to memory of 2188	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	110
PID 5064 wrote to memory of 2188	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	110
PID 5064 wrote to memory of 3208	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	111
PID 5064 wrote to memory of 3208	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	111
PID 5064 wrote to memory of 1184	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	112
PID 5064 wrote to memory of 1184	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	112
PID 5064 wrote to memory of 3976	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	113
PID 5064 wrote to memory of 3976	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	113
PID 5064 wrote to memory of 3584	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	114
PID 5064 wrote to memory of 3584	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	114
PID 5064 wrote to memory of 2620	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	115
PID 5064 wrote to memory of 2620	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	115
PID 5064 wrote to memory of 2548	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	116
PID 5064 wrote to memory of 2548	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	116
PID 5064 wrote to memory of 5116	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	117
PID 5064 wrote to memory of 5116	5064	07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07f17ea70d78f64e3a491ef8a69f049c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1168
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1168" "2520" "2456" "2524" "0" "0" "2528" "0" "0" "0" "0" "0"
    3⤵
    PID:2956
- C:\Windows\System\dzHuini.exe
  C:\Windows\System\dzHuini.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\oDjsVbx.exe
  C:\Windows\System\oDjsVbx.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\SndmyxP.exe
  C:\Windows\System\SndmyxP.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\AHgiESl.exe
  C:\Windows\System\AHgiESl.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\KRKADGa.exe
  C:\Windows\System\KRKADGa.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\PgYrYLF.exe
  C:\Windows\System\PgYrYLF.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\PsjKHqh.exe
  C:\Windows\System\PsjKHqh.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\mYumqcc.exe
  C:\Windows\System\mYumqcc.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\YSYandU.exe
  C:\Windows\System\YSYandU.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\QSRHwMD.exe
  C:\Windows\System\QSRHwMD.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\sxpQpRZ.exe
  C:\Windows\System\sxpQpRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\jNCAPtg.exe
  C:\Windows\System\jNCAPtg.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\hXzLoSF.exe
  C:\Windows\System\hXzLoSF.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\uzaVvCB.exe
  C:\Windows\System\uzaVvCB.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\qksfIDb.exe
  C:\Windows\System\qksfIDb.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\kXyJsKB.exe
  C:\Windows\System\kXyJsKB.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\GGlNews.exe
  C:\Windows\System\GGlNews.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\ofsrZLV.exe
  C:\Windows\System\ofsrZLV.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\SxVCPTm.exe
  C:\Windows\System\SxVCPTm.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\RxxtZgB.exe
  C:\Windows\System\RxxtZgB.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\sciFkMI.exe
  C:\Windows\System\sciFkMI.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\njFelEE.exe
  C:\Windows\System\njFelEE.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\RbqHJld.exe
  C:\Windows\System\RbqHJld.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\IVjiZlw.exe
  C:\Windows\System\IVjiZlw.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\NEdNVKs.exe
  C:\Windows\System\NEdNVKs.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\iDxXKDE.exe
  C:\Windows\System\iDxXKDE.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\UENIOte.exe
  C:\Windows\System\UENIOte.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\gUDDXwg.exe
  C:\Windows\System\gUDDXwg.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\tjurTdb.exe
  C:\Windows\System\tjurTdb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\gGHzVtb.exe
  C:\Windows\System\gGHzVtb.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\cOVksUr.exe
  C:\Windows\System\cOVksUr.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\iBkcQxj.exe
  C:\Windows\System\iBkcQxj.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\ErOaZpd.exe
  C:\Windows\System\ErOaZpd.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\PDpQfPG.exe
  C:\Windows\System\PDpQfPG.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\objYyAs.exe
  C:\Windows\System\objYyAs.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\yUdyPpD.exe
  C:\Windows\System\yUdyPpD.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\swnXLtV.exe
  C:\Windows\System\swnXLtV.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\eolrAUH.exe
  C:\Windows\System\eolrAUH.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\bsKJdFN.exe
  C:\Windows\System\bsKJdFN.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\RcfGaTH.exe
  C:\Windows\System\RcfGaTH.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\AfNcyTq.exe
  C:\Windows\System\AfNcyTq.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\kLrGeKx.exe
  C:\Windows\System\kLrGeKx.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\jZskLem.exe
  C:\Windows\System\jZskLem.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\yQCRzlG.exe
  C:\Windows\System\yQCRzlG.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\NZmHGOU.exe
  C:\Windows\System\NZmHGOU.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\wDzmGzf.exe
  C:\Windows\System\wDzmGzf.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wjjjdlc.exe
  C:\Windows\System\wjjjdlc.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\RlBPkNt.exe
  C:\Windows\System\RlBPkNt.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\ZojHYqQ.exe
  C:\Windows\System\ZojHYqQ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\rXoLzbJ.exe
  C:\Windows\System\rXoLzbJ.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\JHRKwTz.exe
  C:\Windows\System\JHRKwTz.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\ktCUREx.exe
  C:\Windows\System\ktCUREx.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\zKBwUec.exe
  C:\Windows\System\zKBwUec.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\BlRpJZE.exe
  C:\Windows\System\BlRpJZE.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ySXueSl.exe
  C:\Windows\System\ySXueSl.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\vuRmJkC.exe
  C:\Windows\System\vuRmJkC.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\dtSglfg.exe
  C:\Windows\System\dtSglfg.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\rmRAMXz.exe
  C:\Windows\System\rmRAMXz.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\LUqeGdT.exe
  C:\Windows\System\LUqeGdT.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\nvLlfbk.exe
  C:\Windows\System\nvLlfbk.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\wyunGdO.exe
  C:\Windows\System\wyunGdO.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\MtNMGOR.exe
  C:\Windows\System\MtNMGOR.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\aTrmCGO.exe
  C:\Windows\System\aTrmCGO.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\QXFxVoz.exe
  C:\Windows\System\QXFxVoz.exe
  2⤵
  PID:5008
- C:\Windows\System\vsZUDhY.exe
  C:\Windows\System\vsZUDhY.exe
  2⤵
  PID:4252
- C:\Windows\System\TJwhmbq.exe
  C:\Windows\System\TJwhmbq.exe
  2⤵
  PID:4372
- C:\Windows\System\LiAsusB.exe
  C:\Windows\System\LiAsusB.exe
  2⤵
  PID:4648
- C:\Windows\System\cyBQbiI.exe
  C:\Windows\System\cyBQbiI.exe
  2⤵
  PID:1812
- C:\Windows\System\pDWDagn.exe
  C:\Windows\System\pDWDagn.exe
  2⤵
  PID:3828
- C:\Windows\System\dVpRBDQ.exe
  C:\Windows\System\dVpRBDQ.exe
  2⤵
  PID:2520
- C:\Windows\System\RIQOXSM.exe
  C:\Windows\System\RIQOXSM.exe
  2⤵
  PID:3868
- C:\Windows\System\KdhUFqM.exe
  C:\Windows\System\KdhUFqM.exe
  2⤵
  PID:3136
- C:\Windows\System\oxjCrsJ.exe
  C:\Windows\System\oxjCrsJ.exe
  2⤵
  PID:2940
- C:\Windows\System\SfaiRBM.exe
  C:\Windows\System\SfaiRBM.exe
  2⤵
  PID:4760
- C:\Windows\System\qEdtqou.exe
  C:\Windows\System\qEdtqou.exe
  2⤵
  PID:3068
- C:\Windows\System\oOlgiGr.exe
  C:\Windows\System\oOlgiGr.exe
  2⤵
  PID:4840
- C:\Windows\System\sxrjWTH.exe
  C:\Windows\System\sxrjWTH.exe
  2⤵
  PID:1868
- C:\Windows\System\ilPwKjW.exe
  C:\Windows\System\ilPwKjW.exe
  2⤵
  PID:4876
- C:\Windows\System\kNomZrn.exe
  C:\Windows\System\kNomZrn.exe
  2⤵
  PID:2032
- C:\Windows\System\fHEvGji.exe
  C:\Windows\System\fHEvGji.exe
  2⤵
  PID:2452
- C:\Windows\System\FUXyJJv.exe
  C:\Windows\System\FUXyJJv.exe
  2⤵
  PID:4800
- C:\Windows\System\IRuWctH.exe
  C:\Windows\System\IRuWctH.exe
  2⤵
  PID:4296
- C:\Windows\System\fCLYjir.exe
  C:\Windows\System\fCLYjir.exe
  2⤵
  PID:5092
- C:\Windows\System\cjMxPlK.exe
  C:\Windows\System\cjMxPlK.exe
  2⤵
  PID:3928
- C:\Windows\System\IBeJzHF.exe
  C:\Windows\System\IBeJzHF.exe
  2⤵
  PID:864
- C:\Windows\System\CWzcgjk.exe
  C:\Windows\System\CWzcgjk.exe
  2⤵
  PID:1664
- C:\Windows\System\oykfIKe.exe
  C:\Windows\System\oykfIKe.exe
  2⤵
  PID:1752
- C:\Windows\System\hBfuKNg.exe
  C:\Windows\System\hBfuKNg.exe
  2⤵
  PID:3860
- C:\Windows\System\oZVJYyH.exe
  C:\Windows\System\oZVJYyH.exe
  2⤵
  PID:1484
- C:\Windows\System\fUfxREc.exe
  C:\Windows\System\fUfxREc.exe
  2⤵
  PID:3840
- C:\Windows\System\YsDHjfB.exe
  C:\Windows\System\YsDHjfB.exe
  2⤵
  PID:3744
- C:\Windows\System\TAXXlRV.exe
  C:\Windows\System\TAXXlRV.exe
  2⤵
  PID:3984
- C:\Windows\System\SZPhMVL.exe
  C:\Windows\System\SZPhMVL.exe
  2⤵
  PID:3516
- C:\Windows\System\TTGXrSi.exe
  C:\Windows\System\TTGXrSi.exe
  2⤵
  PID:3960
- C:\Windows\System\HZQmXbU.exe
  C:\Windows\System\HZQmXbU.exe
  2⤵
  PID:4040
- C:\Windows\System\JsVbbjD.exe
  C:\Windows\System\JsVbbjD.exe
  2⤵
  PID:4512
- C:\Windows\System\BcbtCkr.exe
  C:\Windows\System\BcbtCkr.exe
  2⤵
  PID:3024
- C:\Windows\System\DbmyytK.exe
  C:\Windows\System\DbmyytK.exe
  2⤵
  PID:2436
- C:\Windows\System\CHCssVW.exe
  C:\Windows\System\CHCssVW.exe
  2⤵
  PID:3004
- C:\Windows\System\uIQZzGp.exe
  C:\Windows\System\uIQZzGp.exe
  2⤵
  PID:2996
- C:\Windows\System\ClpWhQM.exe
  C:\Windows\System\ClpWhQM.exe
  2⤵
  PID:4228
- C:\Windows\System\QilLLBF.exe
  C:\Windows\System\QilLLBF.exe
  2⤵
  PID:4068
- C:\Windows\System\ikfkkIq.exe
  C:\Windows\System\ikfkkIq.exe
  2⤵
  PID:4028
- C:\Windows\System\ZmxKrAr.exe
  C:\Windows\System\ZmxKrAr.exe
  2⤵
  PID:700
- C:\Windows\System\GgVPOFg.exe
  C:\Windows\System\GgVPOFg.exe
  2⤵
  PID:3772
- C:\Windows\System\xXdBifx.exe
  C:\Windows\System\xXdBifx.exe
  2⤵
  PID:1056
- C:\Windows\System\fsFtJqd.exe
  C:\Windows\System\fsFtJqd.exe
  2⤵
  PID:3676
- C:\Windows\System\dfBHBVX.exe
  C:\Windows\System\dfBHBVX.exe
  2⤵
  PID:4180
- C:\Windows\System\xRFxjKy.exe
  C:\Windows\System\xRFxjKy.exe
  2⤵
  PID:4392
- C:\Windows\System\WtMdcGG.exe
  C:\Windows\System\WtMdcGG.exe
  2⤵
  PID:944
- C:\Windows\System\yNhXwKo.exe
  C:\Windows\System\yNhXwKo.exe
  2⤵
  PID:2976
- C:\Windows\System\ikECfWn.exe
  C:\Windows\System\ikECfWn.exe
  2⤵
  PID:5044
- C:\Windows\System\XWYOjlC.exe
  C:\Windows\System\XWYOjlC.exe
  2⤵
  PID:4340
- C:\Windows\System\MctTIkr.exe
  C:\Windows\System\MctTIkr.exe
  2⤵
  PID:4420
- C:\Windows\System\qVuGahp.exe
  C:\Windows\System\qVuGahp.exe
  2⤵
  PID:1988
- C:\Windows\System\fYrRvDp.exe
  C:\Windows\System\fYrRvDp.exe
  2⤵
  PID:4752
- C:\Windows\System\uPrILmf.exe
  C:\Windows\System\uPrILmf.exe
  2⤵
  PID:3032
- C:\Windows\System\gIBoxSP.exe
  C:\Windows\System\gIBoxSP.exe
  2⤵
  PID:3580
- C:\Windows\System\rndZHyb.exe
  C:\Windows\System\rndZHyb.exe
  2⤵
  PID:3760
- C:\Windows\System\EYwcoPj.exe
  C:\Windows\System\EYwcoPj.exe
  2⤵
  PID:2524
- C:\Windows\System\pALLvfk.exe
  C:\Windows\System\pALLvfk.exe
  2⤵
  PID:2572
- C:\Windows\System\XjYGftl.exe
  C:\Windows\System\XjYGftl.exe
  2⤵
  PID:2828
- C:\Windows\System\SQNeiEc.exe
  C:\Windows\System\SQNeiEc.exe
  2⤵
  PID:4448
- C:\Windows\System\ElfMAAq.exe
  C:\Windows\System\ElfMAAq.exe
  2⤵
  PID:5068
- C:\Windows\System\ClKvUQu.exe
  C:\Windows\System\ClKvUQu.exe
  2⤵
  PID:1552
- C:\Windows\System\MYobzjp.exe
  C:\Windows\System\MYobzjp.exe
  2⤵
  PID:3048
- C:\Windows\System\hOdZCDO.exe
  C:\Windows\System\hOdZCDO.exe
  2⤵
  PID:3920
- C:\Windows\System\BqgBdie.exe
  C:\Windows\System\BqgBdie.exe
  2⤵
  PID:1844
- C:\Windows\System\EVwEqxd.exe
  C:\Windows\System\EVwEqxd.exe
  2⤵
  PID:2592
- C:\Windows\System\PTvVTlD.exe
  C:\Windows\System\PTvVTlD.exe
  2⤵
  PID:2512
- C:\Windows\System\praejog.exe
  C:\Windows\System\praejog.exe
  2⤵
  PID:4748
- C:\Windows\System\caaRjFN.exe
  C:\Windows\System\caaRjFN.exe
  2⤵
  PID:4264
- C:\Windows\System\jVOqXEM.exe
  C:\Windows\System\jVOqXEM.exe
  2⤵
  PID:3724
- C:\Windows\System\bXYOEpi.exe
  C:\Windows\System\bXYOEpi.exe
  2⤵
  PID:4896
- C:\Windows\System\NSFzhNO.exe
  C:\Windows\System\NSFzhNO.exe
  2⤵
  PID:4212
- C:\Windows\System\XonmktA.exe
  C:\Windows\System\XonmktA.exe
  2⤵
  PID:2008
- C:\Windows\System\VFfXZzM.exe
  C:\Windows\System\VFfXZzM.exe
  2⤵
  PID:456
- C:\Windows\System\WyUhKEX.exe
  C:\Windows\System\WyUhKEX.exe
  2⤵
  PID:2156
- C:\Windows\System\dDgJAAH.exe
  C:\Windows\System\dDgJAAH.exe
  2⤵
  PID:1072
- C:\Windows\System\pUENsil.exe
  C:\Windows\System\pUENsil.exe
  2⤵
  PID:1216
- C:\Windows\System\aPqrMFW.exe
  C:\Windows\System\aPqrMFW.exe
  2⤵
  PID:4032
- C:\Windows\System\CRxVUmG.exe
  C:\Windows\System\CRxVUmG.exe
  2⤵
  PID:2352
- C:\Windows\System\yzvnhte.exe
  C:\Windows\System\yzvnhte.exe
  2⤵
  PID:4524
- C:\Windows\System\LKgugkO.exe
  C:\Windows\System\LKgugkO.exe
  2⤵
  PID:2372
- C:\Windows\System\DqqWJCo.exe
  C:\Windows\System\DqqWJCo.exe
  2⤵
  PID:1440
- C:\Windows\System\yzyYfht.exe
  C:\Windows\System\yzyYfht.exe
  2⤵
  PID:5132
- C:\Windows\System\YFAjoml.exe
  C:\Windows\System\YFAjoml.exe
  2⤵
  PID:5148
- C:\Windows\System\bvPLaqK.exe
  C:\Windows\System\bvPLaqK.exe
  2⤵
  PID:5164
- C:\Windows\System\RVVdarq.exe
  C:\Windows\System\RVVdarq.exe
  2⤵
  PID:5180
- C:\Windows\System\IdBEQBz.exe
  C:\Windows\System\IdBEQBz.exe
  2⤵
  PID:5196
- C:\Windows\System\TeeSAay.exe
  C:\Windows\System\TeeSAay.exe
  2⤵
  PID:5212
- C:\Windows\System\ARdrrfd.exe
  C:\Windows\System\ARdrrfd.exe
  2⤵
  PID:5228
- C:\Windows\System\yTyvMJU.exe
  C:\Windows\System\yTyvMJU.exe
  2⤵
  PID:5244
- C:\Windows\System\issbxWZ.exe
  C:\Windows\System\issbxWZ.exe
  2⤵
  PID:5260
- C:\Windows\System\Sgzazrd.exe
  C:\Windows\System\Sgzazrd.exe
  2⤵
  PID:5276
- C:\Windows\System\JQbRZyE.exe
  C:\Windows\System\JQbRZyE.exe
  2⤵
  PID:5292
- C:\Windows\System\ICaUDOf.exe
  C:\Windows\System\ICaUDOf.exe
  2⤵
  PID:5308
- C:\Windows\System\IhRFjmD.exe
  C:\Windows\System\IhRFjmD.exe
  2⤵
  PID:5324
- C:\Windows\System\WsgLkeb.exe
  C:\Windows\System\WsgLkeb.exe
  2⤵
  PID:5340
- C:\Windows\System\JiBiyuA.exe
  C:\Windows\System\JiBiyuA.exe
  2⤵
  PID:5356
- C:\Windows\System\iaoaeez.exe
  C:\Windows\System\iaoaeez.exe
  2⤵
  PID:5372
- C:\Windows\System\oKBBpBI.exe
  C:\Windows\System\oKBBpBI.exe
  2⤵
  PID:5388
- C:\Windows\System\lCbIuAt.exe
  C:\Windows\System\lCbIuAt.exe
  2⤵
  PID:5404
- C:\Windows\System\KFzTEeF.exe
  C:\Windows\System\KFzTEeF.exe
  2⤵
  PID:5420
- C:\Windows\System\KWFNmkj.exe
  C:\Windows\System\KWFNmkj.exe
  2⤵
  PID:5436
- C:\Windows\System\BRORmFG.exe
  C:\Windows\System\BRORmFG.exe
  2⤵
  PID:5452
- C:\Windows\System\QQophjB.exe
  C:\Windows\System\QQophjB.exe
  2⤵
  PID:5468
- C:\Windows\System\zIKGMtz.exe
  C:\Windows\System\zIKGMtz.exe
  2⤵
  PID:5484
- C:\Windows\System\MaZPmnt.exe
  C:\Windows\System\MaZPmnt.exe
  2⤵
  PID:5500
- C:\Windows\System\MCdYTWy.exe
  C:\Windows\System\MCdYTWy.exe
  2⤵
  PID:5516
- C:\Windows\System\eLtJKbR.exe
  C:\Windows\System\eLtJKbR.exe
  2⤵
  PID:5532
- C:\Windows\System\DUNkRwO.exe
  C:\Windows\System\DUNkRwO.exe
  2⤵
  PID:5548
- C:\Windows\System\bHPTSva.exe
  C:\Windows\System\bHPTSva.exe
  2⤵
  PID:5564
- C:\Windows\System\DjzJFhv.exe
  C:\Windows\System\DjzJFhv.exe
  2⤵
  PID:5580
- C:\Windows\System\gsLRwCy.exe
  C:\Windows\System\gsLRwCy.exe
  2⤵
  PID:5596
- C:\Windows\System\hrKYokj.exe
  C:\Windows\System\hrKYokj.exe
  2⤵
  PID:5612
- C:\Windows\System\ddRawzv.exe
  C:\Windows\System\ddRawzv.exe
  2⤵
  PID:5628
- C:\Windows\System\DzRsAql.exe
  C:\Windows\System\DzRsAql.exe
  2⤵
  PID:5644
- C:\Windows\System\JCimcnf.exe
  C:\Windows\System\JCimcnf.exe
  2⤵
  PID:5660
- C:\Windows\System\RYQYQFo.exe
  C:\Windows\System\RYQYQFo.exe
  2⤵
  PID:5676
- C:\Windows\System\OmDwaPL.exe
  C:\Windows\System\OmDwaPL.exe
  2⤵
  PID:5692
- C:\Windows\System\ClCNiaE.exe
  C:\Windows\System\ClCNiaE.exe
  2⤵
  PID:5708
- C:\Windows\System\AqreyBE.exe
  C:\Windows\System\AqreyBE.exe
  2⤵
  PID:5724
- C:\Windows\System\Ydaurzs.exe
  C:\Windows\System\Ydaurzs.exe
  2⤵
  PID:5740
- C:\Windows\System\toccOFX.exe
  C:\Windows\System\toccOFX.exe
  2⤵
  PID:5756
- C:\Windows\System\czmYuXs.exe
  C:\Windows\System\czmYuXs.exe
  2⤵
  PID:5772
- C:\Windows\System\vTbVKEq.exe
  C:\Windows\System\vTbVKEq.exe
  2⤵
  PID:5788
- C:\Windows\System\YgwJbcT.exe
  C:\Windows\System\YgwJbcT.exe
  2⤵
  PID:5804
- C:\Windows\System\lgtnWzy.exe
  C:\Windows\System\lgtnWzy.exe
  2⤵
  PID:5820
- C:\Windows\System\MhUIGec.exe
  C:\Windows\System\MhUIGec.exe
  2⤵
  PID:5836
- C:\Windows\System\oaPTbPN.exe
  C:\Windows\System\oaPTbPN.exe
  2⤵
  PID:5852
- C:\Windows\System\NLZwDZl.exe
  C:\Windows\System\NLZwDZl.exe
  2⤵
  PID:5868
- C:\Windows\System\FLLeqNE.exe
  C:\Windows\System\FLLeqNE.exe
  2⤵
  PID:5884
- C:\Windows\System\lwKBfTx.exe
  C:\Windows\System\lwKBfTx.exe
  2⤵
  PID:5900
- C:\Windows\System\FAbQDdT.exe
  C:\Windows\System\FAbQDdT.exe
  2⤵
  PID:5916
- C:\Windows\System\zXsHhzx.exe
  C:\Windows\System\zXsHhzx.exe
  2⤵
  PID:5932
- C:\Windows\System\BprFFUm.exe
  C:\Windows\System\BprFFUm.exe
  2⤵
  PID:5948
- C:\Windows\System\ADTxxrW.exe
  C:\Windows\System\ADTxxrW.exe
  2⤵
  PID:5964
- C:\Windows\System\itWDsrn.exe
  C:\Windows\System\itWDsrn.exe
  2⤵
  PID:5980
- C:\Windows\System\uQrxHRk.exe
  C:\Windows\System\uQrxHRk.exe
  2⤵
  PID:5996
- C:\Windows\System\BRzrRov.exe
  C:\Windows\System\BRzrRov.exe
  2⤵
  PID:6012
- C:\Windows\System\QVCAmjW.exe
  C:\Windows\System\QVCAmjW.exe
  2⤵
  PID:6028
- C:\Windows\System\WUNBByi.exe
  C:\Windows\System\WUNBByi.exe
  2⤵
  PID:6044
- C:\Windows\System\ZDMduZR.exe
  C:\Windows\System\ZDMduZR.exe
  2⤵
  PID:6060
- C:\Windows\System\szwYWhK.exe
  C:\Windows\System\szwYWhK.exe
  2⤵
  PID:6076
- C:\Windows\System\qyYBzQk.exe
  C:\Windows\System\qyYBzQk.exe
  2⤵
  PID:6092
- C:\Windows\System\gmgnxLH.exe
  C:\Windows\System\gmgnxLH.exe
  2⤵
  PID:6108
- C:\Windows\System\ZwroWbg.exe
  C:\Windows\System\ZwroWbg.exe
  2⤵
  PID:6124
- C:\Windows\System\AumLulg.exe
  C:\Windows\System\AumLulg.exe
  2⤵
  PID:6140
- C:\Windows\System\usdKVaQ.exe
  C:\Windows\System\usdKVaQ.exe
  2⤵
  PID:2316
- C:\Windows\System\QjDBPwn.exe
  C:\Windows\System\QjDBPwn.exe
  2⤵
  PID:4196
- C:\Windows\System\ZzPvUWQ.exe
  C:\Windows\System\ZzPvUWQ.exe
  2⤵
  PID:4900
- C:\Windows\System\sketgJU.exe
  C:\Windows\System\sketgJU.exe
  2⤵
  PID:3648
- C:\Windows\System\yiwHSfz.exe
  C:\Windows\System\yiwHSfz.exe
  2⤵
  PID:4968
- C:\Windows\System\GjdOWgE.exe
  C:\Windows\System\GjdOWgE.exe
  2⤵
  PID:2344
- C:\Windows\System\kcmvjFT.exe
  C:\Windows\System\kcmvjFT.exe
  2⤵
  PID:5144
- C:\Windows\System\EWYTPLg.exe
  C:\Windows\System\EWYTPLg.exe
  2⤵
  PID:5176
- C:\Windows\System\mQnZfkO.exe
  C:\Windows\System\mQnZfkO.exe
  2⤵
  PID:2164
- C:\Windows\System\JiKWPoR.exe
  C:\Windows\System\JiKWPoR.exe
  2⤵
  PID:5220
- C:\Windows\System\fNkdCaW.exe
  C:\Windows\System\fNkdCaW.exe
  2⤵
  PID:5240
- C:\Windows\System\UyAWfjI.exe
  C:\Windows\System\UyAWfjI.exe
  2⤵
  PID:5272
- C:\Windows\System\iwZJQxn.exe
  C:\Windows\System\iwZJQxn.exe
  2⤵
  PID:5304
- C:\Windows\System\xpJRKvK.exe
  C:\Windows\System\xpJRKvK.exe
  2⤵
  PID:5332
- C:\Windows\System\syEWYea.exe
  C:\Windows\System\syEWYea.exe
  2⤵
  PID:5352
- C:\Windows\System\fFixTfl.exe
  C:\Windows\System\fFixTfl.exe
  2⤵
  PID:5384
- C:\Windows\System\fFqzTjS.exe
  C:\Windows\System\fFqzTjS.exe
  2⤵
  PID:5412
- C:\Windows\System\KoTlQjZ.exe
  C:\Windows\System\KoTlQjZ.exe
  2⤵
  PID:5432
- C:\Windows\System\ZnTGaOg.exe
  C:\Windows\System\ZnTGaOg.exe
  2⤵
  PID:4504
- C:\Windows\System\UKUkLMH.exe
  C:\Windows\System\UKUkLMH.exe
  2⤵
  PID:5480
- C:\Windows\System\uxDRAgO.exe
  C:\Windows\System\uxDRAgO.exe
  2⤵
  PID:5508
- C:\Windows\System\XGeTHUX.exe
  C:\Windows\System\XGeTHUX.exe
  2⤵
  PID:5540
- C:\Windows\System\zcuuUIs.exe
  C:\Windows\System\zcuuUIs.exe
  2⤵
  PID:5572
- C:\Windows\System\iCRGhst.exe
  C:\Windows\System\iCRGhst.exe
  2⤵
  PID:5604
- C:\Windows\System\okLbWyb.exe
  C:\Windows\System\okLbWyb.exe
  2⤵
  PID:5636
- C:\Windows\System\BMQeTpu.exe
  C:\Windows\System\BMQeTpu.exe
  2⤵
  PID:4412
- C:\Windows\System\ZahfvXX.exe
  C:\Windows\System\ZahfvXX.exe
  2⤵
  PID:5684
- C:\Windows\System\CNUReBm.exe
  C:\Windows\System\CNUReBm.exe
  2⤵
  PID:5716
- C:\Windows\System\duSUXDy.exe
  C:\Windows\System\duSUXDy.exe
  2⤵
  PID:4684
- C:\Windows\System\mgGhKhf.exe
  C:\Windows\System\mgGhKhf.exe
  2⤵
  PID:5764
- C:\Windows\System\CpWTewS.exe
  C:\Windows\System\CpWTewS.exe
  2⤵
  PID:5784
- C:\Windows\System\mRjtLwG.exe
  C:\Windows\System\mRjtLwG.exe
  2⤵
  PID:692
- C:\Windows\System\bVjwohB.exe
  C:\Windows\System\bVjwohB.exe
  2⤵
  PID:5828
- C:\Windows\System\NyJTGzy.exe
  C:\Windows\System\NyJTGzy.exe
  2⤵
  PID:5860
- C:\Windows\System\QpGVWTW.exe
  C:\Windows\System\QpGVWTW.exe
  2⤵
  PID:5892
- C:\Windows\System\ExWwIlv.exe
  C:\Windows\System\ExWwIlv.exe
  2⤵
  PID:5924
- C:\Windows\System\kuXBZZI.exe
  C:\Windows\System\kuXBZZI.exe
  2⤵
  PID:5956
- C:\Windows\System\UCadvkQ.exe
  C:\Windows\System\UCadvkQ.exe
  2⤵
  PID:5988
- C:\Windows\System\lCGNxMC.exe
  C:\Windows\System\lCGNxMC.exe
  2⤵
  - Executes dropped EXE
  PID:6020
- C:\Windows\System\BiisXjU.exe
  C:\Windows\System\BiisXjU.exe
  2⤵
  PID:6088
- C:\Windows\System\LyKaxqr.exe
  C:\Windows\System\LyKaxqr.exe
  2⤵
  PID:2368
- C:\Windows\System\JBPtSBp.exe
  C:\Windows\System\JBPtSBp.exe
  2⤵
  PID:5028
- C:\Windows\System\IAFknkO.exe
  C:\Windows\System\IAFknkO.exe
  2⤵
  PID:6228
- C:\Windows\System\OWqkDTb.exe
  C:\Windows\System\OWqkDTb.exe
  2⤵
  PID:6244
- C:\Windows\System\DDETGZx.exe
  C:\Windows\System\DDETGZx.exe
  2⤵
  PID:5656
- C:\Windows\System\GwyPCGO.exe
  C:\Windows\System\GwyPCGO.exe
  2⤵
  PID:6200
- C:\Windows\System\OQFECed.exe
  C:\Windows\System\OQFECed.exe
  2⤵
  PID:7188
- C:\Windows\System\ZPQzMQa.exe
  C:\Windows\System\ZPQzMQa.exe
  2⤵
  PID:7776
- C:\Windows\System\ZFjqDvj.exe
  C:\Windows\System\ZFjqDvj.exe
  2⤵
  PID:7800
- C:\Windows\System\DjLOefH.exe
  C:\Windows\System\DjLOefH.exe
  2⤵
  PID:7860
- C:\Windows\System\WSqsQgX.exe
  C:\Windows\System\WSqsQgX.exe
  2⤵
  PID:7880
- C:\Windows\System\WwUoCds.exe
  C:\Windows\System\WwUoCds.exe
  2⤵
  PID:8332
- C:\Windows\System\tEeSfUB.exe
  C:\Windows\System\tEeSfUB.exe
  2⤵
  PID:8796
- C:\Windows\System\iJhttQC.exe
  C:\Windows\System\iJhttQC.exe
  2⤵
  PID:8948
- C:\Windows\System\CiuHVDi.exe
  C:\Windows\System\CiuHVDi.exe
  2⤵
  PID:9044
- C:\Windows\System\YDUBKww.exe
  C:\Windows\System\YDUBKww.exe
  2⤵
  PID:9064
- C:\Windows\System\XDiIpsS.exe
  C:\Windows\System\XDiIpsS.exe
  2⤵
  PID:9096
- C:\Windows\System\oNxaJoB.exe
  C:\Windows\System\oNxaJoB.exe
  2⤵
  PID:9116
- C:\Windows\System\NcBOvvk.exe
  C:\Windows\System\NcBOvvk.exe
  2⤵
  PID:9140
- C:\Windows\System\FysgLye.exe
  C:\Windows\System\FysgLye.exe
  2⤵
  PID:9156
- C:\Windows\System\FwfWkGt.exe
  C:\Windows\System\FwfWkGt.exe
  2⤵
  PID:9200
- C:\Windows\System\prFkkQo.exe
  C:\Windows\System\prFkkQo.exe
  2⤵
  PID:760
- C:\Windows\System\IVZHffC.exe
  C:\Windows\System\IVZHffC.exe
  2⤵
  PID:6320
- C:\Windows\System\KmCnCIK.exe
  C:\Windows\System\KmCnCIK.exe
  2⤵
  PID:6400
- C:\Windows\System\jwjBTsX.exe
  C:\Windows\System\jwjBTsX.exe
  2⤵
  PID:6452
- C:\Windows\System\tNVvTqb.exe
  C:\Windows\System\tNVvTqb.exe
  2⤵
  PID:6532
- C:\Windows\System\fJjpHoB.exe
  C:\Windows\System\fJjpHoB.exe
  2⤵
  PID:6572
- C:\Windows\System\xSqBKfz.exe
  C:\Windows\System\xSqBKfz.exe
  2⤵
  PID:6620
- C:\Windows\System\kUgriAD.exe
  C:\Windows\System\kUgriAD.exe
  2⤵
  PID:6660
- C:\Windows\System\cCwUdKU.exe
  C:\Windows\System\cCwUdKU.exe
  2⤵
  PID:6724
- C:\Windows\System\CiGnbRK.exe
  C:\Windows\System\CiGnbRK.exe
  2⤵
  PID:6800
- C:\Windows\System\BKGNaJz.exe
  C:\Windows\System\BKGNaJz.exe
  2⤵
  PID:6864
- C:\Windows\System\TaVneUQ.exe
  C:\Windows\System\TaVneUQ.exe
  2⤵
  PID:6920
- C:\Windows\System\CUMhHRK.exe
  C:\Windows\System\CUMhHRK.exe
  2⤵
  PID:6956
- C:\Windows\System\BYiDphH.exe
  C:\Windows\System\BYiDphH.exe
  2⤵
  PID:7660
- C:\Windows\System\myJIabV.exe
  C:\Windows\System\myJIabV.exe
  2⤵
  PID:7148
- C:\Windows\System\PtJjbnS.exe
  C:\Windows\System\PtJjbnS.exe
  2⤵
  PID:6196
- C:\Windows\System\vPGuqou.exe
  C:\Windows\System\vPGuqou.exe
  2⤵
  PID:7640
- C:\Windows\System\vHFWjrg.exe
  C:\Windows\System\vHFWjrg.exe
  2⤵
  PID:7476
- C:\Windows\System\HJMyewe.exe
  C:\Windows\System\HJMyewe.exe
  2⤵
  PID:8688
- C:\Windows\System\YPHOpFI.exe
  C:\Windows\System\YPHOpFI.exe
  2⤵
  PID:8256
- C:\Windows\System\oViNxAW.exe
  C:\Windows\System\oViNxAW.exe
  2⤵
  PID:7772
- C:\Windows\System\EpccfUa.exe
  C:\Windows\System\EpccfUa.exe
  2⤵
  PID:8932
- C:\Windows\System\fwmkoWA.exe
  C:\Windows\System\fwmkoWA.exe
  2⤵
  PID:8832
- C:\Windows\System\fyAnvbE.exe
  C:\Windows\System\fyAnvbE.exe
  2⤵
  PID:8772
- C:\Windows\System\ZwpITlb.exe
  C:\Windows\System\ZwpITlb.exe
  2⤵
  PID:8504
- C:\Windows\System\cgYboMu.exe
  C:\Windows\System\cgYboMu.exe
  2⤵
  PID:8232
- C:\Windows\System\HimLlUr.exe
  C:\Windows\System\HimLlUr.exe
  2⤵
  PID:7196
- C:\Windows\System\DBVWGoB.exe
  C:\Windows\System\DBVWGoB.exe
  2⤵
  PID:7024
- C:\Windows\System\jQtWsYL.exe
  C:\Windows\System\jQtWsYL.exe
  2⤵
  PID:4740
- C:\Windows\System\LxiTyxs.exe
  C:\Windows\System\LxiTyxs.exe
  2⤵
  PID:8120
- C:\Windows\System\Durgtwa.exe
  C:\Windows\System\Durgtwa.exe
  2⤵
  PID:8040
- C:\Windows\System\ODdgyod.exe
  C:\Windows\System\ODdgyod.exe
  2⤵
  PID:8008
- C:\Windows\System\PlxbVjm.exe
  C:\Windows\System\PlxbVjm.exe
  2⤵
  PID:7968
- C:\Windows\System\EBVSPsz.exe
  C:\Windows\System\EBVSPsz.exe
  2⤵
  PID:7920
- C:\Windows\System\rCCWDks.exe
  C:\Windows\System\rCCWDks.exe
  2⤵
  PID:7868
- C:\Windows\System\pbkNYKM.exe
  C:\Windows\System\pbkNYKM.exe
  2⤵
  PID:6288
- C:\Windows\System\TZLvfUW.exe
  C:\Windows\System\TZLvfUW.exe
  2⤵
  PID:5428
- C:\Windows\System\ljlBCHG.exe
  C:\Windows\System\ljlBCHG.exe
  2⤵
  PID:5380
- C:\Windows\System\cLflywo.exe
  C:\Windows\System\cLflywo.exe
  2⤵
  PID:5012
- C:\Windows\System\ytNDVrH.exe
  C:\Windows\System\ytNDVrH.exe
  2⤵
  PID:6104
- C:\Windows\System\oHSLhtm.exe
  C:\Windows\System\oHSLhtm.exe
  2⤵
  PID:6136
- C:\Windows\System\UJVDDXN.exe
  C:\Windows\System\UJVDDXN.exe
  2⤵
  PID:9060
- C:\Windows\System\kNINhMY.exe
  C:\Windows\System\kNINhMY.exe
  2⤵
  PID:9104
- C:\Windows\System\nIxhbrA.exe
  C:\Windows\System\nIxhbrA.exe
  2⤵
  PID:9132
- C:\Windows\System\ceOkBsc.exe
  C:\Windows\System\ceOkBsc.exe
  2⤵
  PID:9172
- C:\Windows\System\vBnKsOM.exe
  C:\Windows\System\vBnKsOM.exe
  2⤵
  PID:6436
- C:\Windows\System\ZPKoYlN.exe
  C:\Windows\System\ZPKoYlN.exe
  2⤵
  PID:6604
- C:\Windows\System\GGwcUnZ.exe
  C:\Windows\System\GGwcUnZ.exe
  2⤵
  PID:6848
- C:\Windows\System\ESVlbQK.exe
  C:\Windows\System\ESVlbQK.exe
  2⤵
  PID:6172
- C:\Windows\System\IDMsIgO.exe
  C:\Windows\System\IDMsIgO.exe
  2⤵
  PID:8272
- C:\Windows\System\tzMVoav.exe
  C:\Windows\System\tzMVoav.exe
  2⤵
  PID:7612
- C:\Windows\System\eMmqXMa.exe
  C:\Windows\System\eMmqXMa.exe
  2⤵
  PID:7228
- C:\Windows\System\aadRlaM.exe
  C:\Windows\System\aadRlaM.exe
  2⤵
  PID:8816
- C:\Windows\System\pBhXdsg.exe
  C:\Windows\System\pBhXdsg.exe
  2⤵
  PID:8672
- C:\Windows\System\czrTTUH.exe
  C:\Windows\System\czrTTUH.exe
  2⤵
  PID:8240
- C:\Windows\System\FNWuDge.exe
  C:\Windows\System\FNWuDge.exe
  2⤵
  PID:8168
- C:\Windows\System\qSnlcEj.exe
  C:\Windows\System\qSnlcEj.exe
  2⤵
  PID:8088
- C:\Windows\System\ozYuOhQ.exe
  C:\Windows\System\ozYuOhQ.exe
  2⤵
  PID:8016
- C:\Windows\System\TyRwxQM.exe
  C:\Windows\System\TyRwxQM.exe
  2⤵
  PID:7872
- C:\Windows\System\IYpfYia.exe
  C:\Windows\System\IYpfYia.exe
  2⤵
  PID:5476
- C:\Windows\System\RxkPSQQ.exe
  C:\Windows\System\RxkPSQQ.exe
  2⤵
  PID:5496
- C:\Windows\System\QFWedgy.exe
  C:\Windows\System\QFWedgy.exe
  2⤵
  PID:9056
- C:\Windows\System\PFywgkX.exe
  C:\Windows\System\PFywgkX.exe
  2⤵
  PID:9108
- C:\Windows\System\szLOmix.exe
  C:\Windows\System\szLOmix.exe
  2⤵
  PID:6428
- C:\Windows\System\KlTXowe.exe
  C:\Windows\System\KlTXowe.exe
  2⤵
  PID:6676
- C:\Windows\System\hatasrJ.exe
  C:\Windows\System\hatasrJ.exe
  2⤵
  PID:8960
- C:\Windows\System\LUPZSmI.exe
  C:\Windows\System\LUPZSmI.exe
  2⤵
  PID:8544
- C:\Windows\System\unPwEns.exe
  C:\Windows\System\unPwEns.exe
  2⤵
  PID:7072
- C:\Windows\System\XpKaGai.exe
  C:\Windows\System\XpKaGai.exe
  2⤵
  PID:6284
- C:\Windows\System\dMcpviF.exe
  C:\Windows\System\dMcpviF.exe
  2⤵
  PID:5172
- C:\Windows\System\ILRiTry.exe
  C:\Windows\System\ILRiTry.exe
  2⤵
  PID:7212
- C:\Windows\System\evICPHp.exe
  C:\Windows\System\evICPHp.exe
  2⤵
  PID:7784
- C:\Windows\System\hlIFrPs.exe
  C:\Windows\System\hlIFrPs.exe
  2⤵
  PID:5556
- C:\Windows\System\VXwkXSl.exe
  C:\Windows\System\VXwkXSl.exe
  2⤵
  PID:5316
- C:\Windows\System\yvpCMNE.exe
  C:\Windows\System\yvpCMNE.exe
  2⤵
  PID:9148
- C:\Windows\System\Kolmsly.exe
  C:\Windows\System\Kolmsly.exe
  2⤵
  PID:8840
- C:\Windows\System\QNodWUs.exe
  C:\Windows\System\QNodWUs.exe
  2⤵
  PID:9248
- C:\Windows\System\ekcUhfe.exe
  C:\Windows\System\ekcUhfe.exe
  2⤵
  PID:9292
- C:\Windows\System\uAErdrv.exe
  C:\Windows\System\uAErdrv.exe
  2⤵
  PID:9316
- C:\Windows\System\kKqfMlj.exe
  C:\Windows\System\kKqfMlj.exe
  2⤵
  PID:9336
- C:\Windows\System\daAtkQi.exe
  C:\Windows\System\daAtkQi.exe
  2⤵
  PID:9360
- C:\Windows\System\BKNOAJr.exe
  C:\Windows\System\BKNOAJr.exe
  2⤵
  PID:9376
- C:\Windows\System\jGLOWbe.exe
  C:\Windows\System\jGLOWbe.exe
  2⤵
  PID:9416
- C:\Windows\System\CkOsasc.exe
  C:\Windows\System\CkOsasc.exe
  2⤵
  PID:9460
- C:\Windows\System\sGXmmiT.exe
  C:\Windows\System\sGXmmiT.exe
  2⤵
  PID:9480
- C:\Windows\System\SiBsBCq.exe
  C:\Windows\System\SiBsBCq.exe
  2⤵
  PID:9496
- C:\Windows\System\kaeblZV.exe
  C:\Windows\System\kaeblZV.exe
  2⤵
  PID:9536
- C:\Windows\System\AtjrTAZ.exe
  C:\Windows\System\AtjrTAZ.exe
  2⤵
  PID:9572
- C:\Windows\System\SwoTYBq.exe
  C:\Windows\System\SwoTYBq.exe
  2⤵
  PID:9596
- C:\Windows\System\XPNkIFo.exe
  C:\Windows\System\XPNkIFo.exe
  2⤵
  PID:9620
- C:\Windows\System\QsgqXfk.exe
  C:\Windows\System\QsgqXfk.exe
  2⤵
  PID:9640
- C:\Windows\System\eSRSBek.exe
  C:\Windows\System\eSRSBek.exe
  2⤵
  PID:9660
- C:\Windows\System\GElHUwt.exe
  C:\Windows\System\GElHUwt.exe
  2⤵
  PID:9680
- C:\Windows\System\IFciHOn.exe
  C:\Windows\System\IFciHOn.exe
  2⤵
  PID:9700
- C:\Windows\System\mKZyEhb.exe
  C:\Windows\System\mKZyEhb.exe
  2⤵
  PID:9720
- C:\Windows\System\eJpXLES.exe
  C:\Windows\System\eJpXLES.exe
  2⤵
  PID:9744
- C:\Windows\System\kTNECtc.exe
  C:\Windows\System\kTNECtc.exe
  2⤵
  PID:9804
- C:\Windows\System\Qxydrlg.exe
  C:\Windows\System\Qxydrlg.exe
  2⤵
  PID:9856
- C:\Windows\System\MVlspAx.exe
  C:\Windows\System\MVlspAx.exe
  2⤵
  PID:9884
- C:\Windows\System\xvotjAx.exe
  C:\Windows\System\xvotjAx.exe
  2⤵
  PID:9904
- C:\Windows\System\uHqYfGS.exe
  C:\Windows\System\uHqYfGS.exe
  2⤵
  PID:9932
- C:\Windows\System\fDQKHOB.exe
  C:\Windows\System\fDQKHOB.exe
  2⤵
  PID:9964
- C:\Windows\System\ZfLxXwF.exe
  C:\Windows\System\ZfLxXwF.exe
  2⤵
  PID:9984
- C:\Windows\System\DoUeQAF.exe
  C:\Windows\System\DoUeQAF.exe
  2⤵
  PID:10000
- C:\Windows\System\gNOqBaG.exe
  C:\Windows\System\gNOqBaG.exe
  2⤵
  PID:10020
- C:\Windows\System\ocLSUuU.exe
  C:\Windows\System\ocLSUuU.exe
  2⤵
  PID:10088
- C:\Windows\System\nszkxsH.exe
  C:\Windows\System\nszkxsH.exe
  2⤵
  PID:10108
- C:\Windows\System\xqnLJcg.exe
  C:\Windows\System\xqnLJcg.exe
  2⤵
  PID:10132
- C:\Windows\System\KPHIUvs.exe
  C:\Windows\System\KPHIUvs.exe
  2⤵
  PID:10160
- C:\Windows\System\uvOxkMN.exe
  C:\Windows\System\uvOxkMN.exe
  2⤵
  PID:10176
- C:\Windows\System\VrlVxgo.exe
  C:\Windows\System\VrlVxgo.exe
  2⤵
  PID:10228
- C:\Windows\System\gqiscEw.exe
  C:\Windows\System\gqiscEw.exe
  2⤵
  PID:7132
- C:\Windows\System\CFWJByx.exe
  C:\Windows\System\CFWJByx.exe
  2⤵
  PID:9228
- C:\Windows\System\tqRwNWv.exe
  C:\Windows\System\tqRwNWv.exe
  2⤵
  PID:9308
- C:\Windows\System\ctmpZfa.exe
  C:\Windows\System\ctmpZfa.exe
  2⤵
  PID:3800
- C:\Windows\System\daBrSya.exe
  C:\Windows\System\daBrSya.exe
  2⤵
  PID:9408
- C:\Windows\System\DQdnsPR.exe
  C:\Windows\System\DQdnsPR.exe
  2⤵
  PID:9476
- C:\Windows\System\vuQsgrg.exe
  C:\Windows\System\vuQsgrg.exe
  2⤵
  PID:9608
- C:\Windows\System\rgRXnTr.exe
  C:\Windows\System\rgRXnTr.exe
  2⤵
  PID:9592
- C:\Windows\System\OczPYrL.exe
  C:\Windows\System\OczPYrL.exe
  2⤵
  PID:9652
- C:\Windows\System\pZrvQjo.exe
  C:\Windows\System\pZrvQjo.exe
  2⤵
  PID:9780
- C:\Windows\System\cbAJUhK.exe
  C:\Windows\System\cbAJUhK.exe
  2⤵
  PID:9844
- C:\Windows\System\KGHWCPS.exe
  C:\Windows\System\KGHWCPS.exe
  2⤵
  PID:9876
- C:\Windows\System\WUqjfsD.exe
  C:\Windows\System\WUqjfsD.exe
  2⤵
  PID:9916
- C:\Windows\System\ychwSpA.exe
  C:\Windows\System\ychwSpA.exe
  2⤵
  PID:10012
- C:\Windows\System\PUgUNhe.exe
  C:\Windows\System\PUgUNhe.exe
  2⤵
  PID:10140
- C:\Windows\System\SbgJYTI.exe
  C:\Windows\System\SbgJYTI.exe
  2⤵
  PID:6952
- C:\Windows\System\uUosaWP.exe
  C:\Windows\System\uUosaWP.exe
  2⤵
  PID:10236
- C:\Windows\System\bXhxWzo.exe
  C:\Windows\System\bXhxWzo.exe
  2⤵
  PID:9352
- C:\Windows\System\gFkxJOQ.exe
  C:\Windows\System\gFkxJOQ.exe
  2⤵
  PID:9356
- C:\Windows\System\LjwhRCI.exe
  C:\Windows\System\LjwhRCI.exe
  2⤵
  PID:9524
- C:\Windows\System\ypWuhEA.exe
  C:\Windows\System\ypWuhEA.exe
  2⤵
  PID:9812
- C:\Windows\System\AlNEoKP.exe
  C:\Windows\System\AlNEoKP.exe
  2⤵
  PID:9872
- C:\Windows\System\OUGEVPf.exe
  C:\Windows\System\OUGEVPf.exe
  2⤵
  PID:10100
- C:\Windows\System\AfWKpAe.exe
  C:\Windows\System\AfWKpAe.exe
  2⤵
  PID:10196
- C:\Windows\System\rsBrKmK.exe
  C:\Windows\System\rsBrKmK.exe
  2⤵
  PID:2348
- C:\Windows\System\jyNHtQl.exe
  C:\Windows\System\jyNHtQl.exe
  2⤵
  PID:10080
- C:\Windows\System\vDxtikk.exe
  C:\Windows\System\vDxtikk.exe
  2⤵
  PID:10224
- C:\Windows\System\nFwUHdA.exe
  C:\Windows\System\nFwUHdA.exe
  2⤵
  PID:10248
- C:\Windows\System\XFYEivJ.exe
  C:\Windows\System\XFYEivJ.exe
  2⤵
  PID:10272
- C:\Windows\System\xsTVVYy.exe
  C:\Windows\System\xsTVVYy.exe
  2⤵
  PID:10292
- C:\Windows\System\HUjWnoM.exe
  C:\Windows\System\HUjWnoM.exe
  2⤵
  PID:10312
- C:\Windows\System\PiuSLQq.exe
  C:\Windows\System\PiuSLQq.exe
  2⤵
  PID:10340
- C:\Windows\System\sRkCChD.exe
  C:\Windows\System\sRkCChD.exe
  2⤵
  PID:10360
- C:\Windows\System\HuySjaA.exe
  C:\Windows\System\HuySjaA.exe
  2⤵
  PID:10392
- C:\Windows\System\sQjymkO.exe
  C:\Windows\System\sQjymkO.exe
  2⤵
  PID:10420
- C:\Windows\System\GQPHsGJ.exe
  C:\Windows\System\GQPHsGJ.exe
  2⤵
  PID:10444
- C:\Windows\System\GAnDPBk.exe
  C:\Windows\System\GAnDPBk.exe
  2⤵
  PID:10500
- C:\Windows\System\WdTiaNI.exe
  C:\Windows\System\WdTiaNI.exe
  2⤵
  PID:10520
- C:\Windows\System\ErjakHp.exe
  C:\Windows\System\ErjakHp.exe
  2⤵
  PID:10544
- C:\Windows\System\GspyhNL.exe
  C:\Windows\System\GspyhNL.exe
  2⤵
  PID:10588
- C:\Windows\System\gIqlSZk.exe
  C:\Windows\System\gIqlSZk.exe
  2⤵
  PID:10612
- C:\Windows\System\TVAwYIY.exe
  C:\Windows\System\TVAwYIY.exe
  2⤵
  PID:10632
- C:\Windows\System\LxZMHcD.exe
  C:\Windows\System\LxZMHcD.exe
  2⤵
  PID:10652
- C:\Windows\System\ReLDuSQ.exe
  C:\Windows\System\ReLDuSQ.exe
  2⤵
  PID:10692
- C:\Windows\System\DJDNUtf.exe
  C:\Windows\System\DJDNUtf.exe
  2⤵
  PID:10712
- C:\Windows\System\WabQbGj.exe
  C:\Windows\System\WabQbGj.exe
  2⤵
  PID:10732
- C:\Windows\System\RiyjtOw.exe
  C:\Windows\System\RiyjtOw.exe
  2⤵
  PID:10748
- C:\Windows\System\TyOtaKl.exe
  C:\Windows\System\TyOtaKl.exe
  2⤵
  PID:10780
- C:\Windows\System\nUGYGIx.exe
  C:\Windows\System\nUGYGIx.exe
  2⤵
  PID:10796
- C:\Windows\System\wSiShip.exe
  C:\Windows\System\wSiShip.exe
  2⤵
  PID:10820
- C:\Windows\System\VtSYQIK.exe
  C:\Windows\System\VtSYQIK.exe
  2⤵
  PID:10860
- C:\Windows\System\cUtysiA.exe
  C:\Windows\System\cUtysiA.exe
  2⤵
  PID:10904
- C:\Windows\System\iTSKOri.exe
  C:\Windows\System\iTSKOri.exe
  2⤵
  PID:10944
- C:\Windows\System\XIxUseq.exe
  C:\Windows\System\XIxUseq.exe
  2⤵
  PID:10972
- C:\Windows\System\ErYKGhX.exe
  C:\Windows\System\ErYKGhX.exe
  2⤵
  PID:10996
- C:\Windows\System\grmBISP.exe
  C:\Windows\System\grmBISP.exe
  2⤵
  PID:11012
- C:\Windows\System\ElbUHhR.exe
  C:\Windows\System\ElbUHhR.exe
  2⤵
  PID:11032
- C:\Windows\System\TQngPVl.exe
  C:\Windows\System\TQngPVl.exe
  2⤵
  PID:11076
- C:\Windows\System\iFvdRiU.exe
  C:\Windows\System\iFvdRiU.exe
  2⤵
  PID:11096
- C:\Windows\System\ehbCzfw.exe
  C:\Windows\System\ehbCzfw.exe
  2⤵
  PID:11124
- C:\Windows\System\hKLyLDe.exe
  C:\Windows\System\hKLyLDe.exe
  2⤵
  PID:11140
- C:\Windows\System\JKzEbYB.exe
  C:\Windows\System\JKzEbYB.exe
  2⤵
  PID:11160
- C:\Windows\System\pLJvkEQ.exe
  C:\Windows\System\pLJvkEQ.exe
  2⤵
  PID:11184
- C:\Windows\System\fmWalIK.exe
  C:\Windows\System\fmWalIK.exe
  2⤵
  PID:11224
- C:\Windows\System\qnQFJgV.exe
  C:\Windows\System\qnQFJgV.exe
  2⤵
  PID:11244
- C:\Windows\System\nOqfROK.exe
  C:\Windows\System\nOqfROK.exe
  2⤵
  PID:10156
- C:\Windows\System\nMhMieN.exe
  C:\Windows\System\nMhMieN.exe
  2⤵
  PID:10288
- C:\Windows\System\EIEIkbk.exe
  C:\Windows\System\EIEIkbk.exe
  2⤵
  PID:10460
- C:\Windows\System\OoekJZe.exe
  C:\Windows\System\OoekJZe.exe
  2⤵
  PID:10512
- C:\Windows\System\FhFSGYz.exe
  C:\Windows\System\FhFSGYz.exe
  2⤵
  PID:10564
- C:\Windows\System\hIsnMVu.exe
  C:\Windows\System\hIsnMVu.exe
  2⤵
  PID:10624
- C:\Windows\System\xlVSvAb.exe
  C:\Windows\System\xlVSvAb.exe
  2⤵
  PID:10704
- C:\Windows\System\tQEWbpt.exe
  C:\Windows\System\tQEWbpt.exe
  2⤵
  PID:4632
- C:\Windows\System\kcvbmOy.exe
  C:\Windows\System\kcvbmOy.exe
  2⤵
  PID:10844
- C:\Windows\System\pzrbFaF.exe
  C:\Windows\System\pzrbFaF.exe
  2⤵
  PID:10804
- C:\Windows\System\YnGywNH.exe
  C:\Windows\System\YnGywNH.exe
  2⤵
  PID:10876
- C:\Windows\System\uHyiqYI.exe
  C:\Windows\System\uHyiqYI.exe
  2⤵
  PID:10956
- C:\Windows\System\myhJlbB.exe
  C:\Windows\System\myhJlbB.exe
  2⤵
  PID:10992
- C:\Windows\System\CzSUuoR.exe
  C:\Windows\System\CzSUuoR.exe
  2⤵
  PID:11116
- C:\Windows\System\zwXiUfC.exe
  C:\Windows\System\zwXiUfC.exe
  2⤵
  PID:11180
- C:\Windows\System\khhsDtE.exe
  C:\Windows\System\khhsDtE.exe
  2⤵
  PID:11256
- C:\Windows\System\HXghORA.exe
  C:\Windows\System\HXghORA.exe
  2⤵
  PID:10304
- C:\Windows\System\UwdABps.exe
  C:\Windows\System\UwdABps.exe
  2⤵
  PID:10496
- C:\Windows\System\ffmDpuu.exe
  C:\Windows\System\ffmDpuu.exe
  2⤵
  PID:10648
- C:\Windows\System\QKElKRS.exe
  C:\Windows\System\QKElKRS.exe
  2⤵
  PID:9960
- C:\Windows\System\BoPHCEg.exe
  C:\Windows\System\BoPHCEg.exe
  2⤵
  PID:10764
- C:\Windows\System\TNwktIM.exe
  C:\Windows\System\TNwktIM.exe
  2⤵
  PID:10988
- C:\Windows\System\xDOzJSy.exe
  C:\Windows\System\xDOzJSy.exe
  2⤵
  PID:4532
- C:\Windows\System\cFOazQu.exe
  C:\Windows\System\cFOazQu.exe
  2⤵
  PID:10320
- C:\Windows\System\IfikGna.exe
  C:\Windows\System\IfikGna.exe
  2⤵
  PID:10532
- C:\Windows\System\ZrkORHR.exe
  C:\Windows\System\ZrkORHR.exe
  2⤵
  PID:10980
- C:\Windows\System\zlkRHjH.exe
  C:\Windows\System\zlkRHjH.exe
  2⤵
  PID:11192
- C:\Windows\System\mVFjjPB.exe
  C:\Windows\System\mVFjjPB.exe
  2⤵
  PID:11268
- C:\Windows\System\GXVJjSF.exe
  C:\Windows\System\GXVJjSF.exe
  2⤵
  PID:11300
- C:\Windows\System\MuPXjNV.exe
  C:\Windows\System\MuPXjNV.exe
  2⤵
  PID:11336
- C:\Windows\System\NuHxlmF.exe
  C:\Windows\System\NuHxlmF.exe
  2⤵
  PID:11368
- C:\Windows\System\EgCOmtC.exe
  C:\Windows\System\EgCOmtC.exe
  2⤵
  PID:11396
- C:\Windows\System\cjGOoIE.exe
  C:\Windows\System\cjGOoIE.exe
  2⤵
  PID:11428
- C:\Windows\System\pOgyLhL.exe
  C:\Windows\System\pOgyLhL.exe
  2⤵
  PID:11448
- C:\Windows\System\pQfrjcW.exe
  C:\Windows\System\pQfrjcW.exe
  2⤵
  PID:11464
- C:\Windows\System\DDniAvM.exe
  C:\Windows\System\DDniAvM.exe
  2⤵
  PID:11484
- C:\Windows\System\dIannxa.exe
  C:\Windows\System\dIannxa.exe
  2⤵
  PID:11508
- C:\Windows\System\mdpeNPP.exe
  C:\Windows\System\mdpeNPP.exe
  2⤵
  PID:11560
- C:\Windows\System\iQnChzq.exe
  C:\Windows\System\iQnChzq.exe
  2⤵
  PID:11584
- C:\Windows\System\zFaOWpK.exe
  C:\Windows\System\zFaOWpK.exe
  2⤵
  PID:11664
- C:\Windows\System\AfAjImU.exe
  C:\Windows\System\AfAjImU.exe
  2⤵
  PID:11712
- C:\Windows\System\BuDVdbC.exe
  C:\Windows\System\BuDVdbC.exe
  2⤵
  PID:11728
- C:\Windows\System\NKuCPja.exe
  C:\Windows\System\NKuCPja.exe
  2⤵
  PID:11744
- C:\Windows\System\ugBFCSb.exe
  C:\Windows\System\ugBFCSb.exe
  2⤵
  PID:11760
- C:\Windows\System\xAZxLIC.exe
  C:\Windows\System\xAZxLIC.exe
  2⤵
  PID:11776
- C:\Windows\System\VkpeOZh.exe
  C:\Windows\System\VkpeOZh.exe
  2⤵
  PID:11796
- C:\Windows\System\lIpowhM.exe
  C:\Windows\System\lIpowhM.exe
  2⤵
  PID:11840
- C:\Windows\System\yocXmCT.exe
  C:\Windows\System\yocXmCT.exe
  2⤵
  PID:11876
- C:\Windows\System\MaLLBhg.exe
  C:\Windows\System\MaLLBhg.exe
  2⤵
  PID:11936
- C:\Windows\System\ArBDUUA.exe
  C:\Windows\System\ArBDUUA.exe
  2⤵
  PID:12004
- C:\Windows\System\otdxRky.exe
  C:\Windows\System\otdxRky.exe
  2⤵
  PID:12032
- C:\Windows\System\lWTLtGg.exe
  C:\Windows\System\lWTLtGg.exe
  2⤵
  PID:12056
- C:\Windows\System\qASlgyE.exe
  C:\Windows\System\qASlgyE.exe
  2⤵
  PID:12096
- C:\Windows\System\whtfnDH.exe
  C:\Windows\System\whtfnDH.exe
  2⤵
  PID:12156
- C:\Windows\System\kqTSVAe.exe
  C:\Windows\System\kqTSVAe.exe
  2⤵
  PID:12176
- C:\Windows\System\xXXgRYw.exe
  C:\Windows\System\xXXgRYw.exe
  2⤵
  PID:12196
- C:\Windows\System\hEtjGIz.exe
  C:\Windows\System\hEtjGIz.exe
  2⤵
  PID:12216
- C:\Windows\System\hOGUKwx.exe
  C:\Windows\System\hOGUKwx.exe
  2⤵
  PID:12260
- C:\Windows\System\ggfSHFM.exe
  C:\Windows\System\ggfSHFM.exe
  2⤵
  PID:12276
- C:\Windows\System\uRGRAvs.exe
  C:\Windows\System\uRGRAvs.exe
  2⤵
  PID:4152
- C:\Windows\System\ZhiQFyi.exe
  C:\Windows\System\ZhiQFyi.exe
  2⤵
  PID:1808
- C:\Windows\System\LHpujoa.exe
  C:\Windows\System\LHpujoa.exe
  2⤵
  PID:11344
- C:\Windows\System\eoazBgW.exe
  C:\Windows\System\eoazBgW.exe
  2⤵
  PID:11440
- C:\Windows\System\glHdnTd.exe
  C:\Windows\System\glHdnTd.exe
  2⤵
  PID:11480
- C:\Windows\System\YownTNe.exe
  C:\Windows\System\YownTNe.exe
  2⤵
  PID:11548
- C:\Windows\System\yZTAznH.exe
  C:\Windows\System\yZTAznH.exe
  2⤵
  PID:11596
- C:\Windows\System\TEWFUfo.exe
  C:\Windows\System\TEWFUfo.exe
  2⤵
  PID:4856
- C:\Windows\System\owBFLtb.exe
  C:\Windows\System\owBFLtb.exe
  2⤵
  PID:11640
- C:\Windows\System\NNilgrC.exe
  C:\Windows\System\NNilgrC.exe
  2⤵
  PID:11660
- C:\Windows\System\vvdomHL.exe
  C:\Windows\System\vvdomHL.exe
  2⤵
  PID:11752
- C:\Windows\System\XRsSyqw.exe
  C:\Windows\System\XRsSyqw.exe
  2⤵
  PID:11704
- C:\Windows\System\ZOqAgPT.exe
  C:\Windows\System\ZOqAgPT.exe
  2⤵
  PID:11912
- C:\Windows\System\LNkRyYg.exe
  C:\Windows\System\LNkRyYg.exe
  2⤵
  PID:11836
- C:\Windows\System\oWQSpHZ.exe
  C:\Windows\System\oWQSpHZ.exe
  2⤵
  PID:11904
- C:\Windows\System\zGCFIWe.exe
  C:\Windows\System\zGCFIWe.exe
  2⤵
  PID:12024
- C:\Windows\System\odISYmi.exe
  C:\Windows\System\odISYmi.exe
  2⤵
  PID:12076
- C:\Windows\System\DEbSQSS.exe
  C:\Windows\System\DEbSQSS.exe
  2⤵
  PID:12092
- C:\Windows\System\YEBKZPv.exe
  C:\Windows\System\YEBKZPv.exe
  2⤵
  PID:12128
- C:\Windows\System\CQuzQgF.exe
  C:\Windows\System\CQuzQgF.exe
  2⤵
  PID:12208
- C:\Windows\System\GYXKSDL.exe
  C:\Windows\System\GYXKSDL.exe
  2⤵
  PID:10828
- C:\Windows\System\fUDSDqO.exe
  C:\Windows\System\fUDSDqO.exe
  2⤵
  PID:11324
- C:\Windows\System\OOyXJFV.exe
  C:\Windows\System\OOyXJFV.exe
  2⤵
  PID:11364
- C:\Windows\System\zdRzrCT.exe
  C:\Windows\System\zdRzrCT.exe
  2⤵
  PID:3768
- C:\Windows\System\wbYYyfE.exe
  C:\Windows\System\wbYYyfE.exe
  2⤵
  PID:11692
- C:\Windows\System\JyHCkru.exe
  C:\Windows\System\JyHCkru.exe
  2⤵
  PID:11720
- C:\Windows\System\TXPbWPI.exe
  C:\Windows\System\TXPbWPI.exe
  2⤵
  PID:12136
- C:\Windows\System\ZuxHyJz.exe
  C:\Windows\System\ZuxHyJz.exe
  2⤵
  PID:12048
- C:\Windows\System\YvMvVBU.exe
  C:\Windows\System\YvMvVBU.exe
  2⤵
  PID:12168
- C:\Windows\System\QywXopR.exe
  C:\Windows\System\QywXopR.exe
  2⤵
  PID:11388
- C:\Windows\System\KVDvHDO.exe
  C:\Windows\System\KVDvHDO.exe
  2⤵
  PID:11572
- C:\Windows\System\HpIUCdQ.exe
  C:\Windows\System\HpIUCdQ.exe
  2⤵
  PID:11864
- C:\Windows\System\yIeGkTV.exe
  C:\Windows\System\yIeGkTV.exe
  2⤵
  PID:11828
- C:\Windows\System\SGFtZQo.exe
  C:\Windows\System\SGFtZQo.exe
  2⤵
  PID:5020
- C:\Windows\System\AaHlgEI.exe
  C:\Windows\System\AaHlgEI.exe
  2⤵
  PID:11868
- C:\Windows\System\JqSLPiJ.exe
  C:\Windows\System\JqSLPiJ.exe
  2⤵
  PID:12308
- C:\Windows\System\LNtJosn.exe
  C:\Windows\System\LNtJosn.exe
  2⤵
  PID:12332
- C:\Windows\System\sFNnbRk.exe
  C:\Windows\System\sFNnbRk.exe
  2⤵
  PID:12356
- C:\Windows\System\HucyPeL.exe
  C:\Windows\System\HucyPeL.exe
  2⤵
  PID:12376
- C:\Windows\System\MkwhZRO.exe
  C:\Windows\System\MkwhZRO.exe
  2⤵
  PID:12396
- C:\Windows\System\SRalcRx.exe
  C:\Windows\System\SRalcRx.exe
  2⤵
  PID:12420
- C:\Windows\System\qCPIGOp.exe
  C:\Windows\System\qCPIGOp.exe
  2⤵
  PID:12456
- C:\Windows\System\rxAMEOH.exe
  C:\Windows\System\rxAMEOH.exe
  2⤵
  PID:12504
- C:\Windows\System\cTnCMJh.exe
  C:\Windows\System\cTnCMJh.exe
  2⤵
  PID:12520
- C:\Windows\System\SjalTDL.exe
  C:\Windows\System\SjalTDL.exe
  2⤵
  PID:12560
- C:\Windows\System\VWpBXDv.exe
  C:\Windows\System\VWpBXDv.exe
  2⤵
  PID:12584
- C:\Windows\System\tSIusju.exe
  C:\Windows\System\tSIusju.exe
  2⤵
  PID:12604
- C:\Windows\System\tjGfisf.exe
  C:\Windows\System\tjGfisf.exe
  2⤵
  PID:12636
- C:\Windows\System\nqxpEwj.exe
  C:\Windows\System\nqxpEwj.exe
  2⤵
  PID:12680
- C:\Windows\System\kRwGqYS.exe
  C:\Windows\System\kRwGqYS.exe
  2⤵
  PID:12712
- C:\Windows\System\RfQYTXD.exe
  C:\Windows\System\RfQYTXD.exe
  2⤵
  PID:12728
- C:\Windows\System\kWvHVdf.exe
  C:\Windows\System\kWvHVdf.exe
  2⤵
  PID:12744
- C:\Windows\System\uxigIkg.exe
  C:\Windows\System\uxigIkg.exe
  2⤵
  PID:12776
- C:\Windows\System\AkNCDMa.exe
  C:\Windows\System\AkNCDMa.exe
  2⤵
  PID:12796
- C:\Windows\System\dsPSDlX.exe
  C:\Windows\System\dsPSDlX.exe
  2⤵
  PID:12828
- C:\Windows\System\gLuWHQK.exe
  C:\Windows\System\gLuWHQK.exe
  2⤵
  PID:12856
- C:\Windows\System\pIeozQC.exe
  C:\Windows\System\pIeozQC.exe
  2⤵
  PID:12896
- C:\Windows\System\WUSmAfC.exe
  C:\Windows\System\WUSmAfC.exe
  2⤵
  PID:12920
- C:\Windows\System\pDyrBMS.exe
  C:\Windows\System\pDyrBMS.exe
  2⤵
  PID:12948
- C:\Windows\System\SVTrZMW.exe
  C:\Windows\System\SVTrZMW.exe
  2⤵
  PID:12968
- C:\Windows\System\ViTrjDB.exe
  C:\Windows\System\ViTrjDB.exe
  2⤵
  PID:13028
- C:\Windows\System\QyHJXKI.exe
  C:\Windows\System\QyHJXKI.exe
  2⤵
  PID:13048
- C:\Windows\System\WmrzGXW.exe
  C:\Windows\System\WmrzGXW.exe
  2⤵
  PID:13076
- C:\Windows\System\CvMrgOC.exe
  C:\Windows\System\CvMrgOC.exe
  2⤵
  PID:13096
- C:\Windows\System\xAwnBoO.exe
  C:\Windows\System\xAwnBoO.exe
  2⤵
  PID:13120
- C:\Windows\System\oqwgnVM.exe
  C:\Windows\System\oqwgnVM.exe
  2⤵
  PID:13140
- C:\Windows\System\hNOkzTm.exe
  C:\Windows\System\hNOkzTm.exe
  2⤵
  PID:13204
- C:\Windows\System\rJwgMzS.exe
  C:\Windows\System\rJwgMzS.exe
  2⤵
  PID:13220
- C:\Windows\System\OpubweT.exe
  C:\Windows\System\OpubweT.exe
  2⤵
  PID:13236
- C:\Windows\System\pPOJWER.exe
  C:\Windows\System\pPOJWER.exe
  2⤵
  PID:13260
- C:\Windows\System\rxsIQty.exe
  C:\Windows\System\rxsIQty.exe
  2⤵
  PID:13276
- C:\Windows\System\tllPSlD.exe
  C:\Windows\System\tllPSlD.exe
  2⤵
  PID:13308
- C:\Windows\System\wgzatvw.exe
  C:\Windows\System\wgzatvw.exe
  2⤵
  PID:11416
- C:\Windows\System\nRrcKbl.exe
  C:\Windows\System\nRrcKbl.exe
  2⤵
  PID:12304
- C:\Windows\System\sTTfSsz.exe
  C:\Windows\System\sTTfSsz.exe
  2⤵
  PID:2596
- C:\Windows\System\MYNidxV.exe
  C:\Windows\System\MYNidxV.exe
  2⤵
  PID:2616
- C:\Windows\System\YctgezT.exe
  C:\Windows\System\YctgezT.exe
  2⤵
  PID:12484
- C:\Windows\System\VbhibIM.exe
  C:\Windows\System\VbhibIM.exe
  2⤵
  PID:12572
- C:\Windows\System\tTluhvt.exe
  C:\Windows\System\tTluhvt.exe
  2⤵
  PID:12628
- C:\Windows\System\QpOFZKY.exe
  C:\Windows\System\QpOFZKY.exe
  2⤵
  PID:12676
- C:\Windows\System\bXSyScN.exe
  C:\Windows\System\bXSyScN.exe
  2⤵
  PID:12792
- C:\Windows\System\hUsbDig.exe
  C:\Windows\System\hUsbDig.exe
  2⤵
  PID:12852
- C:\Windows\System\iqBSllb.exe
  C:\Windows\System\iqBSllb.exe
  2⤵
  PID:12932
- C:\Windows\System\jDTIYus.exe
  C:\Windows\System\jDTIYus.exe
  2⤵
  PID:12964
- C:\Windows\System\HHFSPUu.exe
  C:\Windows\System\HHFSPUu.exe
  2⤵
  PID:13036
- C:\Windows\System\PekCNfz.exe
  C:\Windows\System\PekCNfz.exe
  2⤵
  PID:13112
- C:\Windows\System\Bzcbcqe.exe
  C:\Windows\System\Bzcbcqe.exe
  2⤵
  PID:13196
- C:\Windows\System\mACcBNE.exe
  C:\Windows\System\mACcBNE.exe
  2⤵
  PID:3296
- C:\Windows\System\MxUtJCd.exe
  C:\Windows\System\MxUtJCd.exe
  2⤵
  PID:12984
- C:\Windows\System\gzmaeDZ.exe
  C:\Windows\System\gzmaeDZ.exe
  2⤵
  PID:3316
- C:\Windows\System\EKxTnrq.exe
  C:\Windows\System\EKxTnrq.exe
  2⤵
  PID:13212
- C:\Windows\System\bdMXkSP.exe
  C:\Windows\System\bdMXkSP.exe
  2⤵
  PID:13232
- C:\Windows\System\FxOvVyu.exe
  C:\Windows\System\FxOvVyu.exe
  2⤵
  PID:3468
- C:\Windows\System\xDvVcha.exe
  C:\Windows\System\xDvVcha.exe
  2⤵
  PID:4140
- C:\Windows\System\BQWZhEM.exe
  C:\Windows\System\BQWZhEM.exe
  2⤵
  PID:1268
- C:\Windows\System\CeDjFxP.exe
  C:\Windows\System\CeDjFxP.exe
  2⤵
  PID:4080
- C:\Windows\System\PiWicvR.exe
  C:\Windows\System\PiWicvR.exe
  2⤵
  PID:12512
- C:\Windows\System\bVRltsB.exe
  C:\Windows\System\bVRltsB.exe
  2⤵
  PID:3408
- C:\Windows\System\mTnDGKL.exe
  C:\Windows\System\mTnDGKL.exe
  2⤵
  PID:4176
- C:\Windows\System\NfvBGOq.exe
  C:\Windows\System\NfvBGOq.exe
  2⤵
  PID:8
- C:\Windows\System\kjBdclD.exe
  C:\Windows\System\kjBdclD.exe
  2⤵
  PID:2880
- C:\Windows\System\aCJRqev.exe
  C:\Windows\System\aCJRqev.exe
  2⤵
  PID:2956
- C:\Windows\System\iVJGiAX.exe
  C:\Windows\System\iVJGiAX.exe
  2⤵
  PID:4044
- C:\Windows\System\UgZCUxP.exe
  C:\Windows\System\UgZCUxP.exe
  2⤵
  PID:4016
- C:\Windows\System\OtcXTgg.exe
  C:\Windows\System\OtcXTgg.exe
  2⤵
  PID:688
- C:\Windows\System\SiNYACI.exe
  C:\Windows\System\SiNYACI.exe
  2⤵
  PID:3660
- C:\Windows\System\JLCCXBA.exe
  C:\Windows\System\JLCCXBA.exe
  2⤵
  PID:9016
- C:\Windows\System\DPsalae.exe
  C:\Windows\System\DPsalae.exe
  2⤵
  PID:3712
- C:\Windows\System\eKnsGYt.exe
  C:\Windows\System\eKnsGYt.exe
  2⤵
  PID:3996
- C:\Windows\System\vwQjjXs.exe
  C:\Windows\System\vwQjjXs.exe
  2⤵
  PID:9024
- C:\Windows\System\VnQvuIw.exe
  C:\Windows\System\VnQvuIw.exe
  2⤵
  PID:8784
- C:\Windows\System\RKXGMVm.exe
  C:\Windows\System\RKXGMVm.exe
  2⤵
  PID:4092
- C:\Windows\System\SsOVGfE.exe
  C:\Windows\System\SsOVGfE.exe
  2⤵
  PID:4124
- C:\Windows\System\NqIqBke.exe
  C:\Windows\System\NqIqBke.exe
  2⤵
  PID:4136
- C:\Windows\System\jGzRhcT.exe
  C:\Windows\System\jGzRhcT.exe
  2⤵
  PID:2248
- C:\Windows\System\oPDJWbl.exe
  C:\Windows\System\oPDJWbl.exe
  2⤵
  PID:2656
- C:\Windows\System\HJBgVjm.exe
  C:\Windows\System\HJBgVjm.exe
  2⤵
  PID:3680
- C:\Windows\System\LZmjBUF.exe
  C:\Windows\System\LZmjBUF.exe
  2⤵
  PID:12736
- C:\Windows\System\MKtYtJG.exe
  C:\Windows\System\MKtYtJG.exe
  2⤵
  PID:4872
- C:\Windows\System\hBsXZAf.exe
  C:\Windows\System\hBsXZAf.exe
  2⤵
  PID:4408
- C:\Windows\System\SQAtOnG.exe
  C:\Windows\System\SQAtOnG.exe
  2⤵
  PID:3876
- C:\Windows\System\MiNdnpN.exe
  C:\Windows\System\MiNdnpN.exe
  2⤵
  PID:12072
- C:\Windows\System\uBJSgee.exe
  C:\Windows\System\uBJSgee.exe
  2⤵
  PID:4596
- C:\Windows\System\eJjxpQg.exe
  C:\Windows\System\eJjxpQg.exe
  2⤵
  PID:2872
- C:\Windows\System\kGnpYfG.exe
  C:\Windows\System\kGnpYfG.exe
  2⤵
  PID:3788
- C:\Windows\System\WCXDKYx.exe
  C:\Windows\System\WCXDKYx.exe
  2⤵
  PID:4804
- C:\Windows\System\yAQimoQ.exe
  C:\Windows\System\yAQimoQ.exe
  2⤵
  PID:3780
- C:\Windows\System\zjmmlTK.exe
  C:\Windows\System\zjmmlTK.exe
  2⤵
  PID:4104
- C:\Windows\System\oEEWJRr.exe
  C:\Windows\System\oEEWJRr.exe
  2⤵
  PID:3752

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3288

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:13284

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:8780

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:12736

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4004

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ewwbmlnz.de1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AHgiESl.exe

Filesize
1.9MB

MD5
92f095ecbc2f16c4de1b9eb53e1b4193

SHA1
108be170c3b60600c083dbe5a26b178753dbbb8e

SHA256
99ca14689ff0361045bcaa4ff5f0f0ba6ada8f2cbe8317bb805feae075f89849

SHA512
b86353b46c7226dc6989b154e4a164ce3bd5793e33f08068ddda42e7b83777c7c762077761e5c94773b0538caba5d7748dc140148e19d6152d5503f4cbc4b6f5

Download Submit
C:\Windows\System\AfNcyTq.exe

Filesize
1.9MB

MD5
9bd203420fcb10a602eb770195e3c6cc

SHA1
a3441ca662e15abf3ca2dd23c80bf68a3688dae7

SHA256
08c3a00e1f5bc578c27241d8201d9267f731dffd8157e0a9e3801d940fde0bb4

SHA512
a21c613d5499d63aaf3152cbfbfa78dbbce040720373693441858545ee8734737e98347cd85891aa5e44c78111fd3100351863be3c1f024274a41e8a00297cd6

Download Submit
C:\Windows\System\ErOaZpd.exe

Filesize
1.9MB

MD5
219041152e76e73068fe8b91c7abd65c

SHA1
c259bde7fcddb94b73f40248998816bf175c32b0

SHA256
2bf34c04eb050f88a8854b9dcfe559bc53b8feadd59b06090a34d20328c1b852

SHA512
1df46fc505a2452077956c8cdb6386945eeebe92f0479a22571c8d4cbff1921e6f939ab47d68a393e9d6829fbaf2cf973c6d3c4bd34786774848b7d06f6e4357

Download Submit
C:\Windows\System\GGlNews.exe

Filesize
1.9MB

MD5
ab1a1eb9b118e60c426717b0c208c030

SHA1
360bfdf714430edc8f2ecf4770539253d7a768a8

SHA256
681f0764038b74e00c378675cc05c25577c355c1a11473ea81fa5d5768cc2d2b

SHA512
679f67ce05387dfd9f0e0af0869c0845900c871fb8711b4f7cde3f5493546db8f0a97f9d9ec839aef24417a4a8f521faa54ecc9fdfdd7b552f9acb873d4798c6

Download Submit
C:\Windows\System\IVjiZlw.exe

Filesize
1.9MB

MD5
5834480fe5b45cd05c2b9651d62c52ef

SHA1
9b79916d0572c5902f1ae2dcadc681f9b7166544

SHA256
6139070b6b0ce9876c8c9f775b6c5847a92eddf71a384cb0fe354c56d6be75c6

SHA512
7ef3e727b4eaee07f3e2c840cee27107e9a2da6782e60e4283aab393f88c343aa8680eaf8eee569facc433c64d4bd4b9f18c99c4909a8e615493148138a896c8

Download Submit
C:\Windows\System\KRKADGa.exe

Filesize
1.9MB

MD5
f51699456afc7adeac9ece9d322b1c06

SHA1
5e0adb923ba169958e383db3d8a27b8cb7632391

SHA256
634e61ecaba9f9173afe34d9e731f5cfad504ba1570805afcd9a7cce57683e3f

SHA512
352a0eaff72e27a97d84bad2cb75bf7694723bb14dade6288cbed478b890498d1b464d2c328c5b28701d75afc7c38a2c01938777636e51e8e360b510eb18c8c7

Download Submit
C:\Windows\System\NEdNVKs.exe

Filesize
1.9MB

MD5
fd95f1db9155965a52641670fad54638

SHA1
9aa0ec8171106d0ab932c46ad203a35545b7d39a

SHA256
158a4acca0ce31dec36629298de81c920796d1c748d65f9f4a96989a856ba60e

SHA512
b50c3b48842a9fd6a5c1c908df33ddff6094d2b105a511a1f175a0dfae3b6e2305e06c26872a2c6fffd4a504625ddc9c603fa3d30741741b5ee931d64b238814

Download Submit
C:\Windows\System\NZmHGOU.exe

Filesize
1.9MB

MD5
257c9a2b95bed1714a35cda0521d7a7c

SHA1
024ff73956f124bbb52459c7c35f55e792bfc8e2

SHA256
990c66f0e0e7f34f05561f4cad370ccbb5d4c5a90afd31aa3c0bf96e19cfc971

SHA512
3446302db97d702d4aaa2629e8d48d5a62e39c4d6c7d930ff062a55393a0e8401b59021e3b3af1d2cca4a061e8fc561f93b3c10f2d226ea758d9a4e48f2e9ef8

Download Submit
C:\Windows\System\NwLTMXl.exe

Filesize
8B

MD5
a8f2921c80c15a3d426e5fdff8a56196

SHA1
4dc21bf95e22427a9dafcd4930e81b62e77d5fda

SHA256
7e9bbeeba45dae16f8c444596ee4180d7313e899e46fa6263fde6904f32d92a1

SHA512
996666f646b1878ee129a778184f9520541ee458797b8bfaefed6e1f152a5436e0ff19d28744463b706ffe3e24e429f5af102aa1e7733dbeeb6210754c828802

Download Submit
C:\Windows\System\PDpQfPG.exe

Filesize
1.9MB

MD5
37b45cbb2402263eaecb2d2847dfaf6a

SHA1
7384793c3097b2f51f6b0d9bda71bd800b26be82

SHA256
c9c619def554e2a026ebe476022a3cec4779de50bb143745a0dc80728b86ae2b

SHA512
5a0d66699e5d6408206ab4b979ca35953810f269c67efcac1abed02147459b681714486e2daaeb1bf47bdf5ee2ee90083214a6ef96c1443dbd7ee57be2a07bd3

Download Submit
C:\Windows\System\PgYrYLF.exe

Filesize
1.9MB

MD5
f23dafa528d99a0d65bdb7b62d80e4ed

SHA1
a661f7c5444bc30f9408ca1a6e35041dda664e97

SHA256
ed3b4cec22bef7d1dc3ae1256c70271a9e59b28edd4a75b085dcf5d2e442b91a

SHA512
6718ba6c48bb652be7aaaf5e55f040543e1298099d7a9acbfadb0030317eaf8cc9594ba2b33f3a6279c1eff3fd0dbc5c70cb6a018cd538fd279b25b9ecd6fc46

Download Submit
C:\Windows\System\PsjKHqh.exe

Filesize
1.9MB

MD5
d70804d6bb5d2808bed5dae2ecda7343

SHA1
53a83f05d65219ec4706ad1257d957d6effe0a9b

SHA256
b5bf895b08f60be35fcca76921dce3805e483e32b53c1422c6cda316c1619898

SHA512
a354fa3172076f460f206ee72d91089b14442e6fea5fb62383253e3cb267d5717b45f1ce64093222299d83bb69d577a289efd50e7585916fea3fa4e4f46a469f

Download Submit
C:\Windows\System\QSRHwMD.exe

Filesize
1.9MB

MD5
a8217bba261fea16f680e415d6e34ccc

SHA1
fc96987d335c635ac7e716edd8ac04d797093799

SHA256
129952869486ed5120a3b60006791dd694f0b3e892146dadd6419e1c30f21d60

SHA512
9f1f915bf88606b566e39503b5e5668415b59936aa9ddb282e1c4184bc68e08305f834c9d0ae045509c401fa2ca2eb2d7087ae2a53c386ae27e181d989d24c00

Download Submit
C:\Windows\System\RbqHJld.exe

Filesize
1.9MB

MD5
97168cd6dfe96ef4d9729e41027243ad

SHA1
5af45c18c36e6e329dbf47867f651c32ea9c4367

SHA256
099d844d5ab0f9abfa5a3e3750f492df5cd3365b190a9fe8a3efe38f5a6a977a

SHA512
4ab3f9cf284076079e3ccf97e255cc51de377af98f4ea8fe8449130c6425d8179bae69a0820e98390d533fbd34a3274a6cd1a215a63711292dc7afc011b8de0c

Download Submit
C:\Windows\System\RcfGaTH.exe

Filesize
1.9MB

MD5
ec3777364fb8f28ae9c26c53197ada59

SHA1
d3df92c88af24c264b2db98589dc1742c10290cc

SHA256
0467c242c94cb07f46536fcec9ce1966385bcef17262e64c282f9e3c238c41cf

SHA512
6246a13bf61a6b1dd4b4067ca3d290ea74f22cada52c61e60bbe3a20d09b3c8b9d56b13421b4db89522fe7e5de097fe93e30067543ebd3ac346160ef1aa60039

Download Submit
C:\Windows\System\RxxtZgB.exe

Filesize
1.9MB

MD5
49bbc148538a720d2e2949ddaf5e96c8

SHA1
35acb93695ffb9b75810a1c761c97b1afa7ca7f0

SHA256
828d1efc507242376b38a28886d2ca1fa503654e7e5fd2065c10d978005fd579

SHA512
a74c78eedddfd5057274c3054fd244cc852f93f9590713d946bdad6af088b7118c2424257efa1a46479aac9a7689a823185cf2c41306d5a5fe607aa685d44ac5

Download Submit
C:\Windows\System\SndmyxP.exe

Filesize
1.9MB

MD5
29d7ad2868b3fd531ab9023430ef18df

SHA1
1b70ca02314241771afb1ea8764b66f8354b4408

SHA256
de5731152f4bb5ac209bdab78dedb8417d9f35cdb20512c1cf34b15215e003e1

SHA512
c79ecd78afcf9bb5781b6568e944fac2846aabc29b5300803aa6d342d968725482cf17900cb859686243e2ce136a661eb6175471e9c2d8888c498feb4f2aea5c

Download Submit
C:\Windows\System\SxVCPTm.exe

Filesize
1.9MB

MD5
fd04f746d5580c70c17b5ef1971bdc9f

SHA1
091c996dbfe8033c8dbcc3a6f5a629097cafb6d4

SHA256
2d78ff56dd2af040fd01c14db7f05bb3fab52392f088a5dd25cb3d30c5ccc290

SHA512
95f004257d3862f569e266173575b3e439522d5e4544fbd3c44b977e5187e619168ffad5bc7616fca13ab8f3936b10be7e7e0f5fa0841b37ec97ece0d9fe493d

Download Submit
C:\Windows\System\UENIOte.exe

Filesize
1.9MB

MD5
f4e18b124ffc7a56cb60fdd3431b10f7

SHA1
979f96ff90a08cc611fa39eb95236a6103b10404

SHA256
cb9d2fb4dee3d7229c2953ed66aa85b8d08e9d94d5a354e3a2b0edbf816291b6

SHA512
c7d56781cd56fc4095ee65e5a715eb224946ca359a6f67925f5306989ec447d9bc8e8c7be87027cddbd8f46560913ab09c0b042bcb21d0af2b89d5ec578e3243

Download Submit
C:\Windows\System\YSYandU.exe

Filesize
1.9MB

MD5
a2e0527fe185224b267903fb48aed7db

SHA1
0d3308504879e9599472762c573e516908fb0cbe

SHA256
03350a00dcffc5a3e0371f31756dbd215a6475f4c0a7dee6e918ce2210376242

SHA512
5daf150507fc1b56dd34fcd0b09cc54c0e5272c58b168598af60edfef7f95e6f3324ab1779c4c5cd07bd686526edb576b16a61d5a85bb3e487dc50c5f4489d28

Download Submit
C:\Windows\System\bsKJdFN.exe

Filesize
1.9MB

MD5
77619f1c317d7a212b58c8cfbbbe77f3

SHA1
7a24bcba640eb979852cf51bb7a64f0fe576c754

SHA256
2ba54c49651326051e568db05d78ab1a79136643f583b5229f056c0f9b9ca9f3

SHA512
c539d3fba02288e894a60a75f3802223787033d399cdce83b18b5830402fe9fa41e7be31746f6c9160eaaef094c667c694c73488a1ab9a919443bb9408885cab

Download Submit
C:\Windows\System\cOVksUr.exe

Filesize
1.9MB

MD5
5151699bfbf0ece6f1171bfba859a9fa

SHA1
92212e035203c4474522227ece2389ed9b266958

SHA256
46e22c805bd06a8b62aa9209a04b90d46ab22fc70ce349912506562354a7415a

SHA512
febb7bd60b38dc3791a7a512fcc7634b551abe51cf85af90d5d3dae86925b9e3356544701fbe21e557331d8b46674743cad27422c27d31d2f7e22721350badbe

Download Submit
C:\Windows\System\dzHuini.exe

Filesize
1.9MB

MD5
5d95665ce02720d592dbc045422e29d8

SHA1
74dd29fba2e0eb87bd631a9114f950a85d7e037a

SHA256
b49b2f2c21510f133e377d86cb05de9ffc9ec4b26aaa33f0a73d9b3aaad58b00

SHA512
ceae36c1f148ad3d70a047280caf34c81334741e885fa46804aac5d64279797ccbf2bf47554cc26e757c816e2d45422b4feb880276b42e69cf37aa235f759a10

Download Submit
C:\Windows\System\eolrAUH.exe

Filesize
1.9MB

MD5
c2351601517c90771c06b7ad8d23e8e4

SHA1
7d3a9bbe635eb11c0fc52d753f85bf395f04bb04

SHA256
851aeed8da4551eaa9798dde47b88c02a071a5cbcc70467e01ebfc917e6c73d3

SHA512
f16239aec5824fce5c0c3991f1a4f6faddb4acacf230b5dd33d2369f1ed5f719715c8c9b7fb95071273f3de8f9e1402b709c0693f79dbc017c05fd706c84c078

Download Submit
C:\Windows\System\gGHzVtb.exe

Filesize
1.9MB

MD5
416dae879857acd38e81517797033d66

SHA1
2e3568b0ed5c59ca64c38bf194aaae83dc674d4b

SHA256
2f32ea0bb3b12f4fb3d727d25b55ea268af98dd21c8e46f7777fe73c8037afff

SHA512
1cb8b2d7ee19a579d6af2cb29130419306d26856bd96da7bfd328d25afdc9af85b139f8b6b97b40daae0830313bd6d363a734a5c231eaf827dfb02de10547918

Download Submit
C:\Windows\System\gUDDXwg.exe

Filesize
1.9MB

MD5
f1f6fc2adb72d67b753fb01a17fa346a

SHA1
21f7c54b36bf3dc32c9f47338c78b8f5db1f328a

SHA256
54f1564dca9d3ce40374792921c44ad6ba2a3f5aad5369a67b10de85c04aacd0

SHA512
49fcc40e9b3abe1a23da9920217a78147ea4aeb7e8000dc037e2b6d442d08518c81f2e4b7364ccf2695eda4a936327b77c1e3c5da8ddf533f3f0080047fe7fae

Download Submit
C:\Windows\System\hXzLoSF.exe

Filesize
1.9MB

MD5
6d97fc5affeee511d3a7b5616d514a74

SHA1
0fa7c555ae2e2585f61f8d0b955b0db6c07bcc3b

SHA256
75f24af0e397cd7d90d3d39eb9cc36aadd7aded46c1f5e4af077b38d3147c3ee

SHA512
3eb1632b4b6ded46260fcb64ce4e7d48dcb7baac819ab686747558a037b9c65fdb1eb7af87c3eb22609bddbbf023a6e6076ee9ab4d881576dc1b52ce43593caa

Download Submit
C:\Windows\System\iBkcQxj.exe

Filesize
1.9MB

MD5
35380021a866de22e059054e56829dd9

SHA1
f2445a3e6495365ab579946abcd44d19e49d0879

SHA256
9203e4a5db58413f5497b6e03e57a6bfa05b07d17a6b4d79c0ab8701881a8d3c

SHA512
9803dbfddf589d78cb30e498827f81f95f8e1db5240242d928ac45726e43c060317abf40a127d7c114107cdabb3e27ba11255d269e47784a62855056be01dce1

Download Submit
C:\Windows\System\iDxXKDE.exe

Filesize
1.9MB

MD5
3031f148e6114922503b19f96deaeaaf

SHA1
a97a46428f4ab37685df3352d960e6b9f987da3f

SHA256
265ae0d57a0f355037adb78a49a4742d7671370d8cf33a7e5f9d192e56a63ab9

SHA512
c75e27404ede47658b8355ec3aa791028e9632b21fef2b565d74741b68743c72e649b7e66d1a1261a14e0278d1237dfb9915851d974b89dc8d9a98c59c98e61d

Download Submit
C:\Windows\System\jNCAPtg.exe

Filesize
1.9MB

MD5
a245a0880d771b547ff51a5b7fa99074

SHA1
d189cd6f0a5ac35bdae34f497cd9e3337689c7a3

SHA256
1a67413d8fc0f7832c3068cd0755526e7cfc0873f7dd3a2f1fd38637ad135ad1

SHA512
ca5b47e4f56d4baa5565d364a7fde47129089b3f31548dbf8798dcd13f714369cd5c27ed7023ba2d28b28f6d6fbadf575a0084b2ca8ef5ec61da1c0ec565bf45

Download Submit
C:\Windows\System\jZskLem.exe

Filesize
1.9MB

MD5
fcc53a8d78810ba8142aff3d166d89f2

SHA1
850aa82ef252d3275d734518644cb98b24f05265

SHA256
63f7a2333123b515f47e96aa33d7b2f6fd224011fec9bedea244bc4c71872647

SHA512
748b2bc12c9075a7ff5d62a3e27c248baa238fdf53c4a0c24bf8712e4bde5eca07a8977a3d6deccb1f2965c74f1a396fc302e435d039a64dd9caee8559ecfa36

Download Submit
C:\Windows\System\kLrGeKx.exe

Filesize
1.9MB

MD5
39d80e96f78f757f1f103679a2904a38

SHA1
59fd997a33bcfc56ce1b5210333664994f616e07

SHA256
9b1bff3917f23f9dfb99213679f8aaf04f445dce413c7c92b0902859bd7f6bd0

SHA512
08331a78cf50c5a7b159891b835f68c5bb73a8569926eefda1ad8ec6fc3f1374a2285f2cf9aa591404c21f0606583253cf510d9fee8ac86499c9ad7ce614c86a

Download Submit
C:\Windows\System\kXyJsKB.exe

Filesize
1.9MB

MD5
3dceacff9b409b2416b99a589f09aeb2

SHA1
c19a7cb2e87c48ab5f929710f19079218be90902

SHA256
1ca7e087ec834dd757f51b30bdf83eaeb97852f40cc8cc4f9b5b8a10e17d8d86

SHA512
82a24f69261273f721979290cc4325f280064e52b963502c6dab3223379d06c4109948235c91121a92123277f4506461784875aed32890fc99abd9766d4d74f7

Download Submit
C:\Windows\System\lCGNxMC.exe

Filesize
2.0MB

MD5
95e65b164628d9548ce44d2fd6ded817

SHA1
f6e0ad49b0c748de8e319fa60be924d3253cc798

SHA256
3d55eac59da6ee1df0653d2645669c6b04a16d88b03b9855f61c310cb06ec6ae

SHA512
3cfddb8fbd1d3d217efef8662ec8973f74d846c78c7432918eab4d6588b4b28d3a40f8a8207175d2a89827dc03bc2bd00d9bcfc30e7f7d89d1a39445f9b0cf19

Download Submit
C:\Windows\System\mYumqcc.exe

Filesize
1.9MB

MD5
50c05427f838d9c3a7df3b3099b15f85

SHA1
1c9d3f2b7475c064c8f9319804790b93968501bd

SHA256
9c0f5a2cbe104f32f5d02ac3ad4ce5217f7db79a1d30bc310eb680263ab917a7

SHA512
4bfc4d773bfca8a4d4eb94a033e2b6dde2291d7cc8e04c8a2ccba32c87a796c94d130490071e90679cc42aa83e67da9e6de07c3bcdc9d87340aa6e744dbe4bb4

Download Submit
C:\Windows\System\njFelEE.exe

Filesize
1.9MB

MD5
488f687359ff153c8867dacfee3dd460

SHA1
474f8fded52f87a22a491e56b3d2c4e6a960ae97

SHA256
00749d495cb70378b9005e58f89466b5e82c97b24bfe17b62bbe6b2bccf3b8af

SHA512
9f06f37f45447b6c34821288c197bf0d12c2d8dc850ea494fee95d84bcdec6d875fe307d7fe4cc7159c0646a4b8ba360da8fb8bb8de5a0b9c5ae40094f68d36a

Download Submit
C:\Windows\System\oDjsVbx.exe

Filesize
1.9MB

MD5
e12593fc0365969c67b7660b3bd8e275

SHA1
fb114a542a27359cbc2c2959114754cd79cafc98

SHA256
c20655e98e7d847bbc9817b239ee781ac610381c54256bf1b22d6f064a29f0f1

SHA512
186624cc97f532706c8578a81f82ebfe118dbdebdfd036d9425daee4ae19b412f9d8a9a78dd63f101fbf88fb3aee0b8ef91744acf3a861eb720db6abeb24ae5b

Download Submit
C:\Windows\System\objYyAs.exe

Filesize
1.9MB

MD5
e9ca9ea995a18f87c561187e20171c60

SHA1
238483d8551435b33f0e9bed7a5c0e69cef0e09a

SHA256
03612976b1786577d4cacba6c170e299a2a02af853b6f151c75a437a1a4093fa

SHA512
a7de65641a217912fa07a2c656ed76a8e6921760c85caf5a8a431a087003911e80e132ed762435c274def4f94c62d101f09fce918bb6a2acff081290276dd570

Download Submit
C:\Windows\System\ofsrZLV.exe

Filesize
1.9MB

MD5
47d55917af5a823e5014ef896cb800dd

SHA1
1753776fc402ece9204b131558ec88c5b5a9ad96

SHA256
f10563e82b7361b9f73245a663157e6e3de9ed8639b381243edac5ef5022cf3c

SHA512
e186adefed717241b7eddef0b5a25ad22158f0f17d445cfedea09137ccd18a7a9c933afd0e2672e00c01541e1456299c78394f2fdd4e65ede7bf2b04280a87ec

Download Submit
C:\Windows\System\qksfIDb.exe

Filesize
1.9MB

MD5
5a43418c5eed40bb503abc528839d4d9

SHA1
7cd0adb3ead377f5fcc07ecf585293cb3895b037

SHA256
71219c639d056ee1eee51a776e5eef0e833b6e87aec43933d0454afc6b66ff2f

SHA512
ee5b33ea93b7f9d0c21b460ac641f83cd47786cdc2e603c0fcd7f75d8264f5bb187d915e9f90f4c6e4c176dc7cea3148c2b8e112bfa9e1a17c07c44208d5b3be

Download Submit
C:\Windows\System\sciFkMI.exe

Filesize
1.9MB

MD5
6de3e60bd63a9581dbdb0834e5a6a582

SHA1
d658f80a8042a6037829e62d0dfbee6985b0a00d

SHA256
44f78421b2552bf3bc057c455d7a7b5efc4ab103de22ad334b25477585c2739c

SHA512
696b31a72e0fa4edccf65083bc34f8b09bcd9c5e379a0251ec348c89daf292128851ed52b7b0f7372f5d0ecacbf9566cd70cbde0807886fbe33485f94bbe768b

Download Submit
C:\Windows\System\swnXLtV.exe

Filesize
1.9MB

MD5
19ab9e662f6134210fb0bfc2ccc60bd6

SHA1
6fe796095cbea9e499ec1c4f7a58adcbc63c0e64

SHA256
2db0aaf088f283415f81b8df203630a5b73f6b4b8319e8d02566fdbcc5faadfc

SHA512
75989a5da371b8699bb2eb2e6948a6feb4242a31fae70f0f761b2ee3fcdfd48c555fa9a8796b5e79f282117221b133e72b3748dba92ef9ca8f3505ced62893e7

Download Submit
C:\Windows\System\sxpQpRZ.exe

Filesize
1.9MB

MD5
78bc71a3d57e43315953cde4c8bc94be

SHA1
35cbd10d9440937d41c1e2ecef2cd6a42d21f309

SHA256
40f3aa9c376847fb7a5b5e878e56bc77fb989160f6785ad39b12c9ed7b98f27a

SHA512
46aae048d90a43d6918f99715433d03756034e1f4fb1fa39533920aa3eac99ca6b5573584adee50e00c1d15c534a45e8b08c5c49826d4129d8f4405b2aede2b4

Download Submit
C:\Windows\System\tjurTdb.exe

Filesize
1.9MB

MD5
3d519047de0326f34290bd0c5d860732

SHA1
32917bf428f27e64d0237e9a90110cf9db3bb8ad

SHA256
970fd53106f506e98e40bf532327482337481688aa43914c758e1601a5e7a796

SHA512
c129daeda3d405cb091e061b90c7f32158c4e6aa6ccd65d3f7c8cd43f9342652dc8076c68e35dcccb5100f418591f42c11cc991adb7ebea5a3cae2a2d65b15dd

Download Submit
C:\Windows\System\uzaVvCB.exe

Filesize
1.9MB

MD5
878a591d69bde743ece968a1eb9d9292

SHA1
f0a5484624e3c8153b3e0519b4e0bfa0ccf2680d

SHA256
094c2c6eeef2dc1df9956dd2a8f764113ce1cf38b3bca6765fb14ac9eb4601bd

SHA512
8b6c9361a61f8ac1d102f17753194f7aa3465a7705808247fd157aff9cd5d40a4bcbb7ddf5bb790c2eaf47df3322077f99bd08ae1928da480a9775d86bf08b5d

Download Submit
C:\Windows\System\wDzmGzf.exe

Filesize
1.9MB

MD5
a06c101ae90081a4bdd0ff5687610b80

SHA1
9900048ddea11988ea3da3f171e00c12496ac3b3

SHA256
08b2513d154ebf8b1833963b65699a13066acfaf65e5fee89eaef9f92aa6113f

SHA512
1cd5939e1862530e46592e0fbecc7a0865b85d0222435f1013fd62da4595bc3f74555057cf1792e1f82d2bb21bc769eb606dd2048896dc320195dce4718e7df8

Download Submit
C:\Windows\System\yQCRzlG.exe

Filesize
1.9MB

MD5
d68686d742ffe3cafd027528c609a3f4

SHA1
b9438fccc9282602eb9499bf86fc578061a09aef

SHA256
d048c2e4df83a72a2cf067334413152686f8cdd2704c02dd8a7a1e6a0fdf6cd4

SHA512
50d0f3598d3b482f1392b0ea18adf057ad73490e407e5d166a5b1081e605c253e9c05992a93d950eae6da71ebe5c60a865fa83f680dc7ac78953dfd9f8b22f99

Download Submit
C:\Windows\System\yUdyPpD.exe

Filesize
1.9MB

MD5
27912ad66375ed6d9e3bf0cc236d2707

SHA1
7081079b872785fcb48873b87d375c613889cf8e

SHA256
9007d1b812b1e53a11348fbeaf7b206243f510953e58ef251fa8202b23711ff4

SHA512
41051b260259eeea35ba50920e5b94de66f465429a7d7999955b419c468d750fbfa145b6f0fdf1704bfcc855e6e244ba378529047c3c0c04df943112bb601cca

Download Submit
memory/556-777-0x00007FF750A60000-0x00007FF750E52000-memory.dmp

Filesize
3.9MB

Download
memory/936-43-0x00007FF686C10000-0x00007FF687002000-memory.dmp

Filesize
3.9MB

Download
memory/1048-30-0x00007FF632EF0000-0x00007FF6332E2000-memory.dmp

Filesize
3.9MB

Download
memory/1168-15-0x000001B6C5210000-0x000001B6C5220000-memory.dmp

Filesize
64KB

Download
memory/1168-1615-0x00007FFF89460000-0x00007FFF89F21000-memory.dmp

Filesize
10.8MB

Download
memory/1168-2177-0x00007FFF89460000-0x00007FFF89F21000-memory.dmp

Filesize
10.8MB

Download
memory/1168-14-0x00007FFF89460000-0x00007FFF89F21000-memory.dmp

Filesize
10.8MB

Download
memory/1168-56-0x000001B6DF360000-0x000001B6DF382000-memory.dmp

Filesize
136KB

Download
memory/1168-16-0x000001B6C5210000-0x000001B6C5220000-memory.dmp

Filesize
64KB

Download
memory/1332-63-0x00007FF670130000-0x00007FF670522000-memory.dmp

Filesize
3.9MB

Download
memory/1332-2042-0x00007FF670130000-0x00007FF670522000-memory.dmp

Filesize
3.9MB

Download
memory/1488-93-0x00007FF650040000-0x00007FF650432000-memory.dmp

Filesize
3.9MB

Download
memory/1500-78-0x00007FF6680D0000-0x00007FF6684C2000-memory.dmp

Filesize
3.9MB

Download
memory/1596-84-0x00007FF6DB1A0000-0x00007FF6DB592000-memory.dmp

Filesize
3.9MB

Download
memory/1596-2638-0x00007FF6DB1A0000-0x00007FF6DB592000-memory.dmp

Filesize
3.9MB

Download
memory/2044-68-0x00007FF7BFAF0000-0x00007FF7BFEE2000-memory.dmp

Filesize
3.9MB

Download
memory/2044-2382-0x00007FF7BFAF0000-0x00007FF7BFEE2000-memory.dmp

Filesize
3.9MB

Download
memory/2444-103-0x00007FF6B5E20000-0x00007FF6B6212000-memory.dmp

Filesize
3.9MB

Download
memory/3344-86-0x00007FF74E6C0000-0x00007FF74EAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3664-74-0x00007FF74DE30000-0x00007FF74E222000-memory.dmp

Filesize
3.9MB

Download
memory/3672-23-0x00007FF72B6D0000-0x00007FF72BAC2000-memory.dmp

Filesize
3.9MB

Download
memory/4204-59-0x00007FF6F92E0000-0x00007FF6F96D2000-memory.dmp

Filesize
3.9MB

Download
memory/4324-643-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp

Filesize
3.9MB

Download
memory/4384-889-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp

Filesize
3.9MB

Download
memory/4432-759-0x00007FF7317D0000-0x00007FF731BC2000-memory.dmp

Filesize
3.9MB

Download
memory/4456-99-0x00007FF69B750000-0x00007FF69BB42000-memory.dmp

Filesize
3.9MB

Download
memory/4456-3633-0x00007FF69B750000-0x00007FF69BB42000-memory.dmp

Filesize
3.9MB

Download
memory/4464-42-0x00007FF6B8860000-0x00007FF6B8C52000-memory.dmp

Filesize
3.9MB

Download
memory/4908-856-0x00007FF668760000-0x00007FF668B52000-memory.dmp

Filesize
3.9MB

Download
memory/4916-1622-0x00007FF6652B0000-0x00007FF6656A2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-34-0x00007FF6652B0000-0x00007FF6656A2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-624-0x00007FF749C00000-0x00007FF749FF2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-1-0x00000223E79E0000-0x00000223E79F0000-memory.dmp

Filesize
64KB

Download
memory/5064-0-0x00007FF749C00000-0x00007FF749FF2000-memory.dmp

Filesize
3.9MB

Download
memory/6020-642-0x00007FF7F28D0000-0x00007FF7F2CC2000-memory.dmp

Filesize
3.9MB

Download