xmrig | f55fe5433218134bd67cf65ef044e339a8be062bd9c1075c50c0c9a2b29634aa

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
Size

1.9MB
MD5

0856c944ea8ae7926b0433b8579b4114
SHA1

ac68a2f59fc5403ea966d7c366936bacab7c79f8
SHA256

f55fe5433218134bd67cf65ef044e339a8be062bd9c1075c50c0c9a2b29634aa
SHA512

c78ca2e8d70dc6e15c6c0661b8d453dbbf4e7d7a6d7f6f341d1458e35f3a542065bb0d32cec13caacb3e9812633030a8ff631bf31bf8ae416037a17ca091e644
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+UQ:NABr

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3248-10-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp	xmrig
behavioral2/memory/3020-456-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp	xmrig
behavioral2/memory/2636-458-0x00007FF67B460000-0x00007FF67B852000-memory.dmp	xmrig
behavioral2/memory/4300-477-0x00007FF732C50000-0x00007FF733042000-memory.dmp	xmrig
behavioral2/memory/4236-465-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp	xmrig
behavioral2/memory/1116-38-0x00007FF663560000-0x00007FF663952000-memory.dmp	xmrig
behavioral2/memory/1112-485-0x00007FF6429F0000-0x00007FF642DE2000-memory.dmp	xmrig
behavioral2/memory/456-500-0x00007FF76A610000-0x00007FF76AA02000-memory.dmp	xmrig
behavioral2/memory/4128-519-0x00007FF6B6240000-0x00007FF6B6632000-memory.dmp	xmrig
behavioral2/memory/3332-514-0x00007FF710B40000-0x00007FF710F32000-memory.dmp	xmrig
behavioral2/memory/4928-508-0x00007FF7837E0000-0x00007FF783BD2000-memory.dmp	xmrig
behavioral2/memory/4700-504-0x00007FF63DC50000-0x00007FF63E042000-memory.dmp	xmrig
behavioral2/memory/2952-529-0x00007FF75BE50000-0x00007FF75C242000-memory.dmp	xmrig
behavioral2/memory/3148-534-0x00007FF731640000-0x00007FF731A32000-memory.dmp	xmrig
behavioral2/memory/680-535-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp	xmrig
behavioral2/memory/3212-538-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp	xmrig
behavioral2/memory/636-539-0x00007FF7563B0000-0x00007FF7567A2000-memory.dmp	xmrig
behavioral2/memory/3156-550-0x00007FF638F00000-0x00007FF6392F2000-memory.dmp	xmrig
behavioral2/memory/3288-547-0x00007FF648380000-0x00007FF648772000-memory.dmp	xmrig
behavioral2/memory/552-540-0x00007FF771920000-0x00007FF771D12000-memory.dmp	xmrig
behavioral2/memory/4960-521-0x00007FF6539A0000-0x00007FF653D92000-memory.dmp	xmrig
behavioral2/memory/3248-2591-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp	xmrig
behavioral2/memory/2636-2623-0x00007FF67B460000-0x00007FF67B852000-memory.dmp	xmrig
behavioral2/memory/4236-2631-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp	xmrig
behavioral2/memory/1116-2629-0x00007FF663560000-0x00007FF663952000-memory.dmp	xmrig
behavioral2/memory/3020-2628-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp	xmrig
behavioral2/memory/3288-2626-0x00007FF648380000-0x00007FF648772000-memory.dmp	xmrig
behavioral2/memory/3212-2646-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp	xmrig
behavioral2/memory/680-2650-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp	xmrig
behavioral2/memory/552-2664-0x00007FF771920000-0x00007FF771D12000-memory.dmp	xmrig
behavioral2/memory/1112-2659-0x00007FF6429F0000-0x00007FF642DE2000-memory.dmp	xmrig
behavioral2/memory/456-2657-0x00007FF76A610000-0x00007FF76AA02000-memory.dmp	xmrig
behavioral2/memory/4928-2656-0x00007FF7837E0000-0x00007FF783BD2000-memory.dmp	xmrig
behavioral2/memory/3332-2653-0x00007FF710B40000-0x00007FF710F32000-memory.dmp	xmrig
behavioral2/memory/3148-2651-0x00007FF731640000-0x00007FF731A32000-memory.dmp	xmrig
behavioral2/memory/636-2647-0x00007FF7563B0000-0x00007FF7567A2000-memory.dmp	xmrig
behavioral2/memory/4700-2641-0x00007FF63DC50000-0x00007FF63E042000-memory.dmp	xmrig
behavioral2/memory/4300-2661-0x00007FF732C50000-0x00007FF733042000-memory.dmp	xmrig
behavioral2/memory/2952-2637-0x00007FF75BE50000-0x00007FF75C242000-memory.dmp	xmrig
behavioral2/memory/4128-2640-0x00007FF6B6240000-0x00007FF6B6632000-memory.dmp	xmrig
behavioral2/memory/3156-2633-0x00007FF638F00000-0x00007FF6392F2000-memory.dmp	xmrig
behavioral2/memory/4960-2636-0x00007FF6539A0000-0x00007FF653D92000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
8	3692	powershell.exe
10	3692	powershell.exe
15	3692	powershell.exe
16	3692	powershell.exe
18	3692	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3248	ZmOQNHs.exe
3288	ChpArMh.exe
1116	QQvYvjn.exe
3020	cKJAHrQ.exe
2636	AFaJEie.exe
4236	jDMJBUp.exe
3156	EuTttaj.exe
4300	XErwkIp.exe
1112	CdbUexV.exe
456	YIiokfh.exe
4700	KcepDQG.exe
4928	aKKBJaC.exe
3332	bVYioVv.exe
4128	YQIFAGz.exe
4960	igRDGCz.exe
2952	CrsTVxy.exe
3148	thahwxw.exe
680	BicILrV.exe
3212	yeOYQuv.exe
636	GSovFVe.exe
552	UhQcHNA.exe
3496	AhQhxaW.exe
3688	HuFQQzt.exe
3364	ptJOigF.exe
4420	rRdhqgT.exe
4616	TyHsynf.exe
1512	LGZtGpr.exe
4696	MBYRNbo.exe
2508	LTjTxlv.exe
3520	pOhVYLv.exe
3296	sxnkEgk.exe
3432	zMvVtno.exe
2408	tdCjMAd.exe
1192	FswgRpo.exe
2480	VgguHHT.exe
4556	GGrXImj.exe
1500	mejnzgh.exe
3956	paYWBgb.exe
3600	jmEeSIA.exe
4416	vzWLUbd.exe
4936	wngOkcx.exe
3544	OxEdUCO.exe
3024	pKSCLpE.exe
4504	dGNPQWc.exe
2004	iIPgSdX.exe
4912	YEVxTZy.exe
4828	uqFkjMV.exe
2144	lksKrai.exe
4552	gFIjnPS.exe
4988	NOJpsRZ.exe
2452	JZJUbAI.exe
4500	VUZuUhD.exe
3172	eJmknCj.exe
4012	SkyRerN.exe
1288	HddKWgo.exe
4164	iVWuEAa.exe
5012	TVWZDty.exe
3596	dQVyPQf.exe
3488	RqNnrAx.exe
1992	CHAmsdm.exe
4892	qnvdNuQ.exe
3008	yVQallE.exe
3932	xEhjniG.exe
4376	vfPyFTo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3140-0-0x00007FF65DB40000-0x00007FF65DF32000-memory.dmp	upx
behavioral2/files/0x000c000000023b44-5.dat	upx
behavioral2/files/0x000a000000023ba2-9.dat	upx
behavioral2/files/0x000c000000023b9d-21.dat	upx
behavioral2/files/0x000a000000023ba4-26.dat	upx
behavioral2/files/0x000a000000023ba3-24.dat	upx
behavioral2/memory/3248-10-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-44.dat	upx
behavioral2/files/0x000a000000023ba7-60.dat	upx
behavioral2/files/0x000a000000023ba8-66.dat	upx
behavioral2/files/0x000b000000023bab-81.dat	upx
behavioral2/files/0x0031000000023bb2-108.dat	upx
behavioral2/files/0x000a000000023bb3-121.dat	upx
behavioral2/files/0x000a000000023bb5-131.dat	upx
behavioral2/files/0x000a000000023bbb-153.dat	upx
behavioral2/files/0x000a000000023bbc-166.dat	upx
behavioral2/memory/3020-456-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp	upx
behavioral2/memory/2636-458-0x00007FF67B460000-0x00007FF67B852000-memory.dmp	upx
behavioral2/files/0x000a000000023bc0-178.dat	upx
behavioral2/files/0x000a000000023bbe-176.dat	upx
behavioral2/files/0x000a000000023bbf-173.dat	upx
behavioral2/files/0x000a000000023bbd-171.dat	upx
behavioral2/files/0x000a000000023bba-156.dat	upx
behavioral2/files/0x000a000000023bb9-151.dat	upx
behavioral2/files/0x000a000000023bb8-146.dat	upx
behavioral2/memory/4300-477-0x00007FF732C50000-0x00007FF733042000-memory.dmp	upx
behavioral2/memory/4236-465-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-141.dat	upx
behavioral2/files/0x000a000000023bb6-136.dat	upx
behavioral2/files/0x000a000000023bb4-126.dat	upx
behavioral2/files/0x0031000000023bb1-111.dat	upx
behavioral2/files/0x0031000000023bb0-106.dat	upx
behavioral2/files/0x000b000000023baa-101.dat	upx
behavioral2/files/0x000a000000023baf-96.dat	upx
behavioral2/files/0x000a000000023bae-91.dat	upx
behavioral2/files/0x000a000000023bad-86.dat	upx
behavioral2/files/0x000a000000023bac-76.dat	upx
behavioral2/files/0x000a000000023ba9-71.dat	upx
behavioral2/memory/1116-38-0x00007FF663560000-0x00007FF663952000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-37.dat	upx
behavioral2/memory/1112-485-0x00007FF6429F0000-0x00007FF642DE2000-memory.dmp	upx
behavioral2/memory/456-500-0x00007FF76A610000-0x00007FF76AA02000-memory.dmp	upx
behavioral2/memory/4128-519-0x00007FF6B6240000-0x00007FF6B6632000-memory.dmp	upx
behavioral2/memory/3332-514-0x00007FF710B40000-0x00007FF710F32000-memory.dmp	upx
behavioral2/memory/4928-508-0x00007FF7837E0000-0x00007FF783BD2000-memory.dmp	upx
behavioral2/memory/4700-504-0x00007FF63DC50000-0x00007FF63E042000-memory.dmp	upx
behavioral2/memory/2952-529-0x00007FF75BE50000-0x00007FF75C242000-memory.dmp	upx
behavioral2/memory/3148-534-0x00007FF731640000-0x00007FF731A32000-memory.dmp	upx
behavioral2/memory/680-535-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp	upx
behavioral2/memory/3212-538-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp	upx
behavioral2/memory/636-539-0x00007FF7563B0000-0x00007FF7567A2000-memory.dmp	upx
behavioral2/memory/3156-550-0x00007FF638F00000-0x00007FF6392F2000-memory.dmp	upx
behavioral2/memory/3288-547-0x00007FF648380000-0x00007FF648772000-memory.dmp	upx
behavioral2/memory/552-540-0x00007FF771920000-0x00007FF771D12000-memory.dmp	upx
behavioral2/memory/4960-521-0x00007FF6539A0000-0x00007FF653D92000-memory.dmp	upx
behavioral2/memory/3248-2591-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp	upx
behavioral2/memory/2636-2623-0x00007FF67B460000-0x00007FF67B852000-memory.dmp	upx
behavioral2/memory/4236-2631-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp	upx
behavioral2/memory/1116-2629-0x00007FF663560000-0x00007FF663952000-memory.dmp	upx
behavioral2/memory/3020-2628-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp	upx
behavioral2/memory/3288-2626-0x00007FF648380000-0x00007FF648772000-memory.dmp	upx
behavioral2/memory/3212-2646-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp	upx
behavioral2/memory/680-2650-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp	upx
behavioral2/memory/552-2664-0x00007FF771920000-0x00007FF771D12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YCKBRTC.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\kSOvXZJ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\owGKTyV.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\XfLMizy.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\FViDJlQ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\mAJztVE.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\UYkDxXN.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\HRAVDCa.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\rNscFXI.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\hVZSKdK.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\VaiyWnw.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\BIHIhFs.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\tnmEfIw.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\qbJrbUh.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\vzPXqdM.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\pIQsGJL.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\pOhVYLv.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\cFcZWDQ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\iRJEvAY.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\ilQEyDW.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\SOfALeL.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\XkXFDkR.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\CJHjesF.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\EMWBdbZ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\aMgSKgw.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\BicILrV.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\CHAmsdm.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\uLFgLfH.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\JZJUbAI.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\sSKEBmL.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\ijVLjSZ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\NsFDGhf.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\imiKZfq.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\yZBKWNL.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\NNPxgWF.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\kIYvEJY.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\DcGNVvP.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\bdnfUjK.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\epfEPEO.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\zxHWAZI.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\UsezSxx.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\pKSCLpE.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\GTsuchK.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\CeSCWhs.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\FTByMbV.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\SVCkgWq.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\EJHanLF.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\GGrXImj.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\zbhiBxC.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\htdDQLw.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\vBxvMiW.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\tSTiNEk.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\bvFlIDB.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\jQXiaAP.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\XOwGwdB.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\nPQvKxh.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\pYMLIGq.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\CssYiKQ.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\TgGcbYi.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\OOyOuea.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\pmLsnhd.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\frjWBOW.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\KGgJZGz.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
File created	C:\Windows\System\SIoJugr.exe	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3692	powershell.exe
3692	powershell.exe
3692	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
Token: SeDebugPrivilege	3692	powershell.exe
Token: SeLockMemoryPrivilege	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 3692	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	85
PID 3140 wrote to memory of 3692	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	85
PID 3140 wrote to memory of 3248	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	86
PID 3140 wrote to memory of 3248	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	86
PID 3140 wrote to memory of 3288	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	87
PID 3140 wrote to memory of 3288	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	87
PID 3140 wrote to memory of 1116	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	88
PID 3140 wrote to memory of 1116	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	88
PID 3140 wrote to memory of 3020	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	89
PID 3140 wrote to memory of 3020	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	89
PID 3140 wrote to memory of 2636	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	90
PID 3140 wrote to memory of 2636	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	90
PID 3140 wrote to memory of 4236	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	91
PID 3140 wrote to memory of 4236	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	91
PID 3140 wrote to memory of 3156	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	92
PID 3140 wrote to memory of 3156	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	92
PID 3140 wrote to memory of 4300	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	93
PID 3140 wrote to memory of 4300	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	93
PID 3140 wrote to memory of 1112	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	94
PID 3140 wrote to memory of 1112	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	94
PID 3140 wrote to memory of 456	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	95
PID 3140 wrote to memory of 456	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	95
PID 3140 wrote to memory of 4700	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	96
PID 3140 wrote to memory of 4700	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	96
PID 3140 wrote to memory of 4928	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	97
PID 3140 wrote to memory of 4928	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	97
PID 3140 wrote to memory of 3332	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	98
PID 3140 wrote to memory of 3332	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	98
PID 3140 wrote to memory of 4128	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	99
PID 3140 wrote to memory of 4128	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	99
PID 3140 wrote to memory of 4960	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	100
PID 3140 wrote to memory of 4960	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	100
PID 3140 wrote to memory of 2952	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	101
PID 3140 wrote to memory of 2952	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	101
PID 3140 wrote to memory of 3148	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	102
PID 3140 wrote to memory of 3148	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	102
PID 3140 wrote to memory of 680	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	103
PID 3140 wrote to memory of 680	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	103
PID 3140 wrote to memory of 3212	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	104
PID 3140 wrote to memory of 3212	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	104
PID 3140 wrote to memory of 636	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	105
PID 3140 wrote to memory of 636	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	105
PID 3140 wrote to memory of 552	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	106
PID 3140 wrote to memory of 552	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	106
PID 3140 wrote to memory of 3496	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	107
PID 3140 wrote to memory of 3496	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	107
PID 3140 wrote to memory of 3688	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	108
PID 3140 wrote to memory of 3688	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	108
PID 3140 wrote to memory of 3364	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	109
PID 3140 wrote to memory of 3364	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	109
PID 3140 wrote to memory of 4420	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	110
PID 3140 wrote to memory of 4420	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	110
PID 3140 wrote to memory of 4616	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	111
PID 3140 wrote to memory of 4616	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	111
PID 3140 wrote to memory of 1512	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	112
PID 3140 wrote to memory of 1512	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	112
PID 3140 wrote to memory of 4696	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	113
PID 3140 wrote to memory of 4696	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	113
PID 3140 wrote to memory of 2508	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	114
PID 3140 wrote to memory of 2508	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	114
PID 3140 wrote to memory of 3520	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	115
PID 3140 wrote to memory of 3520	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	115
PID 3140 wrote to memory of 3296	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	116
PID 3140 wrote to memory of 3296	3140	0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0856c944ea8ae7926b0433b8579b4114_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3692
- C:\Windows\System\ZmOQNHs.exe
  C:\Windows\System\ZmOQNHs.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\ChpArMh.exe
  C:\Windows\System\ChpArMh.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\QQvYvjn.exe
  C:\Windows\System\QQvYvjn.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\cKJAHrQ.exe
  C:\Windows\System\cKJAHrQ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\AFaJEie.exe
  C:\Windows\System\AFaJEie.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\jDMJBUp.exe
  C:\Windows\System\jDMJBUp.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\EuTttaj.exe
  C:\Windows\System\EuTttaj.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\XErwkIp.exe
  C:\Windows\System\XErwkIp.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\CdbUexV.exe
  C:\Windows\System\CdbUexV.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\YIiokfh.exe
  C:\Windows\System\YIiokfh.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\KcepDQG.exe
  C:\Windows\System\KcepDQG.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\aKKBJaC.exe
  C:\Windows\System\aKKBJaC.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\bVYioVv.exe
  C:\Windows\System\bVYioVv.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\YQIFAGz.exe
  C:\Windows\System\YQIFAGz.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\igRDGCz.exe
  C:\Windows\System\igRDGCz.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\CrsTVxy.exe
  C:\Windows\System\CrsTVxy.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\thahwxw.exe
  C:\Windows\System\thahwxw.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\BicILrV.exe
  C:\Windows\System\BicILrV.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\yeOYQuv.exe
  C:\Windows\System\yeOYQuv.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\GSovFVe.exe
  C:\Windows\System\GSovFVe.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\UhQcHNA.exe
  C:\Windows\System\UhQcHNA.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\AhQhxaW.exe
  C:\Windows\System\AhQhxaW.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\HuFQQzt.exe
  C:\Windows\System\HuFQQzt.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\ptJOigF.exe
  C:\Windows\System\ptJOigF.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\rRdhqgT.exe
  C:\Windows\System\rRdhqgT.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\TyHsynf.exe
  C:\Windows\System\TyHsynf.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\LGZtGpr.exe
  C:\Windows\System\LGZtGpr.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\MBYRNbo.exe
  C:\Windows\System\MBYRNbo.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\LTjTxlv.exe
  C:\Windows\System\LTjTxlv.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\pOhVYLv.exe
  C:\Windows\System\pOhVYLv.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\sxnkEgk.exe
  C:\Windows\System\sxnkEgk.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\zMvVtno.exe
  C:\Windows\System\zMvVtno.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\tdCjMAd.exe
  C:\Windows\System\tdCjMAd.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\FswgRpo.exe
  C:\Windows\System\FswgRpo.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\VgguHHT.exe
  C:\Windows\System\VgguHHT.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\GGrXImj.exe
  C:\Windows\System\GGrXImj.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\mejnzgh.exe
  C:\Windows\System\mejnzgh.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\paYWBgb.exe
  C:\Windows\System\paYWBgb.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\jmEeSIA.exe
  C:\Windows\System\jmEeSIA.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\vzWLUbd.exe
  C:\Windows\System\vzWLUbd.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\wngOkcx.exe
  C:\Windows\System\wngOkcx.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\OxEdUCO.exe
  C:\Windows\System\OxEdUCO.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\pKSCLpE.exe
  C:\Windows\System\pKSCLpE.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\dGNPQWc.exe
  C:\Windows\System\dGNPQWc.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\iIPgSdX.exe
  C:\Windows\System\iIPgSdX.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\YEVxTZy.exe
  C:\Windows\System\YEVxTZy.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\uqFkjMV.exe
  C:\Windows\System\uqFkjMV.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\lksKrai.exe
  C:\Windows\System\lksKrai.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gFIjnPS.exe
  C:\Windows\System\gFIjnPS.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\NOJpsRZ.exe
  C:\Windows\System\NOJpsRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\JZJUbAI.exe
  C:\Windows\System\JZJUbAI.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VUZuUhD.exe
  C:\Windows\System\VUZuUhD.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\eJmknCj.exe
  C:\Windows\System\eJmknCj.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\SkyRerN.exe
  C:\Windows\System\SkyRerN.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\HddKWgo.exe
  C:\Windows\System\HddKWgo.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\iVWuEAa.exe
  C:\Windows\System\iVWuEAa.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\TVWZDty.exe
  C:\Windows\System\TVWZDty.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\dQVyPQf.exe
  C:\Windows\System\dQVyPQf.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\RqNnrAx.exe
  C:\Windows\System\RqNnrAx.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\CHAmsdm.exe
  C:\Windows\System\CHAmsdm.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\qnvdNuQ.exe
  C:\Windows\System\qnvdNuQ.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\yVQallE.exe
  C:\Windows\System\yVQallE.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\xEhjniG.exe
  C:\Windows\System\xEhjniG.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\vfPyFTo.exe
  C:\Windows\System\vfPyFTo.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\leDVOUx.exe
  C:\Windows\System\leDVOUx.exe
  2⤵
  PID:652
- C:\Windows\System\kXPPKZB.exe
  C:\Windows\System\kXPPKZB.exe
  2⤵
  PID:1012
- C:\Windows\System\RMErUeN.exe
  C:\Windows\System\RMErUeN.exe
  2⤵
  PID:4736
- C:\Windows\System\lJVIkse.exe
  C:\Windows\System\lJVIkse.exe
  2⤵
  PID:1868
- C:\Windows\System\tBHfWkd.exe
  C:\Windows\System\tBHfWkd.exe
  2⤵
  PID:1272
- C:\Windows\System\vkZZdPr.exe
  C:\Windows\System\vkZZdPr.exe
  2⤵
  PID:1432
- C:\Windows\System\XQpQwTL.exe
  C:\Windows\System\XQpQwTL.exe
  2⤵
  PID:1676
- C:\Windows\System\gLyfTTR.exe
  C:\Windows\System\gLyfTTR.exe
  2⤵
  PID:4056
- C:\Windows\System\kdmirDI.exe
  C:\Windows\System\kdmirDI.exe
  2⤵
  PID:548
- C:\Windows\System\pWKxMpC.exe
  C:\Windows\System\pWKxMpC.exe
  2⤵
  PID:5144
- C:\Windows\System\qWgZtVU.exe
  C:\Windows\System\qWgZtVU.exe
  2⤵
  PID:5172
- C:\Windows\System\gYBxaNV.exe
  C:\Windows\System\gYBxaNV.exe
  2⤵
  PID:5200
- C:\Windows\System\rqxvdMl.exe
  C:\Windows\System\rqxvdMl.exe
  2⤵
  PID:5228
- C:\Windows\System\WYgYnUW.exe
  C:\Windows\System\WYgYnUW.exe
  2⤵
  PID:5256
- C:\Windows\System\BwgBSnD.exe
  C:\Windows\System\BwgBSnD.exe
  2⤵
  PID:5284
- C:\Windows\System\EprMssE.exe
  C:\Windows\System\EprMssE.exe
  2⤵
  PID:5312
- C:\Windows\System\SxEJwyp.exe
  C:\Windows\System\SxEJwyp.exe
  2⤵
  PID:5340
- C:\Windows\System\aYbbUBc.exe
  C:\Windows\System\aYbbUBc.exe
  2⤵
  PID:5368
- C:\Windows\System\JMRxmvJ.exe
  C:\Windows\System\JMRxmvJ.exe
  2⤵
  PID:5396
- C:\Windows\System\ePsrADC.exe
  C:\Windows\System\ePsrADC.exe
  2⤵
  PID:5424
- C:\Windows\System\MIdcuDQ.exe
  C:\Windows\System\MIdcuDQ.exe
  2⤵
  PID:5452
- C:\Windows\System\WJQIcJx.exe
  C:\Windows\System\WJQIcJx.exe
  2⤵
  PID:5512
- C:\Windows\System\QEOnExq.exe
  C:\Windows\System\QEOnExq.exe
  2⤵
  PID:5532
- C:\Windows\System\ysdcEDs.exe
  C:\Windows\System\ysdcEDs.exe
  2⤵
  PID:5552
- C:\Windows\System\bWXOffT.exe
  C:\Windows\System\bWXOffT.exe
  2⤵
  PID:5568
- C:\Windows\System\hZdxNvw.exe
  C:\Windows\System\hZdxNvw.exe
  2⤵
  PID:5596
- C:\Windows\System\QBNBjrV.exe
  C:\Windows\System\QBNBjrV.exe
  2⤵
  PID:5624
- C:\Windows\System\tjeGjLF.exe
  C:\Windows\System\tjeGjLF.exe
  2⤵
  PID:5652
- C:\Windows\System\mAJztVE.exe
  C:\Windows\System\mAJztVE.exe
  2⤵
  PID:5680
- C:\Windows\System\SOfALeL.exe
  C:\Windows\System\SOfALeL.exe
  2⤵
  PID:5704
- C:\Windows\System\BpAcIkM.exe
  C:\Windows\System\BpAcIkM.exe
  2⤵
  PID:5736
- C:\Windows\System\UBpcRdY.exe
  C:\Windows\System\UBpcRdY.exe
  2⤵
  PID:5764
- C:\Windows\System\hOIEXHA.exe
  C:\Windows\System\hOIEXHA.exe
  2⤵
  PID:5784
- C:\Windows\System\hgBvflr.exe
  C:\Windows\System\hgBvflr.exe
  2⤵
  PID:5816
- C:\Windows\System\IugPnUk.exe
  C:\Windows\System\IugPnUk.exe
  2⤵
  PID:5848
- C:\Windows\System\sTFaYMI.exe
  C:\Windows\System\sTFaYMI.exe
  2⤵
  PID:5876
- C:\Windows\System\zORgWXt.exe
  C:\Windows\System\zORgWXt.exe
  2⤵
  PID:5908
- C:\Windows\System\SYEFjZz.exe
  C:\Windows\System\SYEFjZz.exe
  2⤵
  PID:5940
- C:\Windows\System\NPiWJRQ.exe
  C:\Windows\System\NPiWJRQ.exe
  2⤵
  PID:5968
- C:\Windows\System\aMUeSYU.exe
  C:\Windows\System\aMUeSYU.exe
  2⤵
  PID:5996
- C:\Windows\System\lSahVCY.exe
  C:\Windows\System\lSahVCY.exe
  2⤵
  PID:6024
- C:\Windows\System\XPFpBFt.exe
  C:\Windows\System\XPFpBFt.exe
  2⤵
  PID:6052
- C:\Windows\System\ZEJQCDY.exe
  C:\Windows\System\ZEJQCDY.exe
  2⤵
  PID:6080
- C:\Windows\System\nPAtZJs.exe
  C:\Windows\System\nPAtZJs.exe
  2⤵
  PID:6112
- C:\Windows\System\jCjBqPp.exe
  C:\Windows\System\jCjBqPp.exe
  2⤵
  PID:6136
- C:\Windows\System\hjQNuwB.exe
  C:\Windows\System\hjQNuwB.exe
  2⤵
  PID:1340
- C:\Windows\System\zjCxCuP.exe
  C:\Windows\System\zjCxCuP.exe
  2⤵
  PID:3240
- C:\Windows\System\sTPNuiy.exe
  C:\Windows\System\sTPNuiy.exe
  2⤵
  PID:4412
- C:\Windows\System\SxPmySa.exe
  C:\Windows\System\SxPmySa.exe
  2⤵
  PID:5128
- C:\Windows\System\YiygMav.exe
  C:\Windows\System\YiygMav.exe
  2⤵
  PID:5188
- C:\Windows\System\uIHWMnW.exe
  C:\Windows\System\uIHWMnW.exe
  2⤵
  PID:5248
- C:\Windows\System\WyzZuZC.exe
  C:\Windows\System\WyzZuZC.exe
  2⤵
  PID:1128
- C:\Windows\System\yffPXwx.exe
  C:\Windows\System\yffPXwx.exe
  2⤵
  PID:5360
- C:\Windows\System\tNEzPIm.exe
  C:\Windows\System\tNEzPIm.exe
  2⤵
  PID:5436
- C:\Windows\System\XPFyyKd.exe
  C:\Windows\System\XPFyyKd.exe
  2⤵
  PID:5484
- C:\Windows\System\taIMdSE.exe
  C:\Windows\System\taIMdSE.exe
  2⤵
  PID:5544
- C:\Windows\System\zdQcNDT.exe
  C:\Windows\System\zdQcNDT.exe
  2⤵
  PID:5588
- C:\Windows\System\PIjOwMR.exe
  C:\Windows\System\PIjOwMR.exe
  2⤵
  PID:5644
- C:\Windows\System\jNRFunI.exe
  C:\Windows\System\jNRFunI.exe
  2⤵
  PID:5696
- C:\Windows\System\afxIyYI.exe
  C:\Windows\System\afxIyYI.exe
  2⤵
  PID:5752
- C:\Windows\System\XOwGwdB.exe
  C:\Windows\System\XOwGwdB.exe
  2⤵
  PID:5808
- C:\Windows\System\JsyuYtw.exe
  C:\Windows\System\JsyuYtw.exe
  2⤵
  PID:5888
- C:\Windows\System\WVPTdAB.exe
  C:\Windows\System\WVPTdAB.exe
  2⤵
  PID:6036
- C:\Windows\System\IxaXiSh.exe
  C:\Windows\System\IxaXiSh.exe
  2⤵
  PID:2652
- C:\Windows\System\yMyNWJj.exe
  C:\Windows\System\yMyNWJj.exe
  2⤵
  PID:6124
- C:\Windows\System\NgauqwP.exe
  C:\Windows\System\NgauqwP.exe
  2⤵
  PID:3908
- C:\Windows\System\ODKIUGF.exe
  C:\Windows\System\ODKIUGF.exe
  2⤵
  PID:4104
- C:\Windows\System\HqleqEl.exe
  C:\Windows\System\HqleqEl.exe
  2⤵
  PID:4976
- C:\Windows\System\OASyCAu.exe
  C:\Windows\System\OASyCAu.exe
  2⤵
  PID:5296
- C:\Windows\System\tiqswOq.exe
  C:\Windows\System\tiqswOq.exe
  2⤵
  PID:5332
- C:\Windows\System\EPLFUNv.exe
  C:\Windows\System\EPLFUNv.exe
  2⤵
  PID:5412
- C:\Windows\System\VdvuNPA.exe
  C:\Windows\System\VdvuNPA.exe
  2⤵
  PID:1880
- C:\Windows\System\UvAuTpo.exe
  C:\Windows\System\UvAuTpo.exe
  2⤵
  PID:3592
- C:\Windows\System\CIrjhRa.exe
  C:\Windows\System\CIrjhRa.exe
  2⤵
  PID:5580
- C:\Windows\System\zwApFjx.exe
  C:\Windows\System\zwApFjx.exe
  2⤵
  PID:5636
- C:\Windows\System\BjbpXHS.exe
  C:\Windows\System\BjbpXHS.exe
  2⤵
  PID:3952
- C:\Windows\System\uKotxlO.exe
  C:\Windows\System\uKotxlO.exe
  2⤵
  PID:5956
- C:\Windows\System\imiKZfq.exe
  C:\Windows\System\imiKZfq.exe
  2⤵
  PID:1944
- C:\Windows\System\PuCBvuA.exe
  C:\Windows\System\PuCBvuA.exe
  2⤵
  PID:1652
- C:\Windows\System\fsbtcVG.exe
  C:\Windows\System\fsbtcVG.exe
  2⤵
  PID:3232
- C:\Windows\System\FGlLlnI.exe
  C:\Windows\System\FGlLlnI.exe
  2⤵
  PID:4136
- C:\Windows\System\LNOtXAt.exe
  C:\Windows\System\LNOtXAt.exe
  2⤵
  PID:1356
- C:\Windows\System\gFmmelW.exe
  C:\Windows\System\gFmmelW.exe
  2⤵
  PID:3960
- C:\Windows\System\cygSclU.exe
  C:\Windows\System\cygSclU.exe
  2⤵
  PID:4036
- C:\Windows\System\AKadLmM.exe
  C:\Windows\System\AKadLmM.exe
  2⤵
  PID:5804
- C:\Windows\System\ayiZQEg.exe
  C:\Windows\System\ayiZQEg.exe
  2⤵
  PID:4604
- C:\Windows\System\UQDQoXM.exe
  C:\Windows\System\UQDQoXM.exe
  2⤵
  PID:1588
- C:\Windows\System\MiGDccF.exe
  C:\Windows\System\MiGDccF.exe
  2⤵
  PID:4256
- C:\Windows\System\CZguMRo.exe
  C:\Windows\System\CZguMRo.exe
  2⤵
  PID:6160
- C:\Windows\System\nULrfsn.exe
  C:\Windows\System\nULrfsn.exe
  2⤵
  PID:6192
- C:\Windows\System\ZYJRzPm.exe
  C:\Windows\System\ZYJRzPm.exe
  2⤵
  PID:6304
- C:\Windows\System\IPfhluD.exe
  C:\Windows\System\IPfhluD.exe
  2⤵
  PID:6348
- C:\Windows\System\dkQESuA.exe
  C:\Windows\System\dkQESuA.exe
  2⤵
  PID:6436
- C:\Windows\System\gUcBXGE.exe
  C:\Windows\System\gUcBXGE.exe
  2⤵
  PID:6464
- C:\Windows\System\MvoHZId.exe
  C:\Windows\System\MvoHZId.exe
  2⤵
  PID:6496
- C:\Windows\System\iLNrThU.exe
  C:\Windows\System\iLNrThU.exe
  2⤵
  PID:6512
- C:\Windows\System\oRJPtmV.exe
  C:\Windows\System\oRJPtmV.exe
  2⤵
  PID:6536
- C:\Windows\System\UPLjnLV.exe
  C:\Windows\System\UPLjnLV.exe
  2⤵
  PID:6608
- C:\Windows\System\bLMTyXA.exe
  C:\Windows\System\bLMTyXA.exe
  2⤵
  PID:6720
- C:\Windows\System\AtKXEmO.exe
  C:\Windows\System\AtKXEmO.exe
  2⤵
  PID:6748
- C:\Windows\System\cFcZWDQ.exe
  C:\Windows\System\cFcZWDQ.exe
  2⤵
  PID:6772
- C:\Windows\System\dDqDNWF.exe
  C:\Windows\System\dDqDNWF.exe
  2⤵
  PID:6836
- C:\Windows\System\NNPxgWF.exe
  C:\Windows\System\NNPxgWF.exe
  2⤵
  PID:6868
- C:\Windows\System\pUHufTX.exe
  C:\Windows\System\pUHufTX.exe
  2⤵
  PID:6916
- C:\Windows\System\YTIORgs.exe
  C:\Windows\System\YTIORgs.exe
  2⤵
  PID:6988
- C:\Windows\System\phKZkOe.exe
  C:\Windows\System\phKZkOe.exe
  2⤵
  PID:7072
- C:\Windows\System\CSdHnSz.exe
  C:\Windows\System\CSdHnSz.exe
  2⤵
  PID:7148
- C:\Windows\System\nZFWaHu.exe
  C:\Windows\System\nZFWaHu.exe
  2⤵
  PID:1960
- C:\Windows\System\UNtbELm.exe
  C:\Windows\System\UNtbELm.exe
  2⤵
  PID:6208
- C:\Windows\System\goOhkSK.exe
  C:\Windows\System\goOhkSK.exe
  2⤵
  PID:6016
- C:\Windows\System\ZaGUREq.exe
  C:\Windows\System\ZaGUREq.exe
  2⤵
  PID:6364
- C:\Windows\System\ahwIwgp.exe
  C:\Windows\System\ahwIwgp.exe
  2⤵
  PID:6388
- C:\Windows\System\jzmAgBr.exe
  C:\Windows\System\jzmAgBr.exe
  2⤵
  PID:6428
- C:\Windows\System\QhgPmcM.exe
  C:\Windows\System\QhgPmcM.exe
  2⤵
  PID:6452
- C:\Windows\System\fXWjbYz.exe
  C:\Windows\System\fXWjbYz.exe
  2⤵
  PID:6572
- C:\Windows\System\JxEXglP.exe
  C:\Windows\System\JxEXglP.exe
  2⤵
  PID:6556
- C:\Windows\System\ehmmhEO.exe
  C:\Windows\System\ehmmhEO.exe
  2⤵
  PID:6620
- C:\Windows\System\SoAvpEH.exe
  C:\Windows\System\SoAvpEH.exe
  2⤵
  PID:6648
- C:\Windows\System\mGZdewQ.exe
  C:\Windows\System\mGZdewQ.exe
  2⤵
  PID:6692
- C:\Windows\System\JicfsRZ.exe
  C:\Windows\System\JicfsRZ.exe
  2⤵
  PID:6696
- C:\Windows\System\gqMBeyJ.exe
  C:\Windows\System\gqMBeyJ.exe
  2⤵
  PID:6796
- C:\Windows\System\OOyOuea.exe
  C:\Windows\System\OOyOuea.exe
  2⤵
  PID:6852
- C:\Windows\System\UDmcOfP.exe
  C:\Windows\System\UDmcOfP.exe
  2⤵
  PID:6876
- C:\Windows\System\YCKBRTC.exe
  C:\Windows\System\YCKBRTC.exe
  2⤵
  PID:6968
- C:\Windows\System\FsZThpk.exe
  C:\Windows\System\FsZThpk.exe
  2⤵
  PID:6896
- C:\Windows\System\ntbpHES.exe
  C:\Windows\System\ntbpHES.exe
  2⤵
  PID:6984
- C:\Windows\System\DDtkgyU.exe
  C:\Windows\System\DDtkgyU.exe
  2⤵
  PID:7040
- C:\Windows\System\ZumoEnO.exe
  C:\Windows\System\ZumoEnO.exe
  2⤵
  PID:7016
- C:\Windows\System\qXtobmi.exe
  C:\Windows\System\qXtobmi.exe
  2⤵
  PID:7092
- C:\Windows\System\GlDGFRZ.exe
  C:\Windows\System\GlDGFRZ.exe
  2⤵
  PID:7156
- C:\Windows\System\zeRNCPZ.exe
  C:\Windows\System\zeRNCPZ.exe
  2⤵
  PID:6152
- C:\Windows\System\oREGAYy.exe
  C:\Windows\System\oREGAYy.exe
  2⤵
  PID:3872
- C:\Windows\System\HfBantT.exe
  C:\Windows\System\HfBantT.exe
  2⤵
  PID:6240
- C:\Windows\System\OaWBcsW.exe
  C:\Windows\System\OaWBcsW.exe
  2⤵
  PID:6224
- C:\Windows\System\zdfufSN.exe
  C:\Windows\System\zdfufSN.exe
  2⤵
  PID:6756
- C:\Windows\System\zbhiBxC.exe
  C:\Windows\System\zbhiBxC.exe
  2⤵
  PID:6700
- C:\Windows\System\izddfqZ.exe
  C:\Windows\System\izddfqZ.exe
  2⤵
  PID:6804
- C:\Windows\System\fKeelnV.exe
  C:\Windows\System\fKeelnV.exe
  2⤵
  PID:7128
- C:\Windows\System\XFEqTvp.exe
  C:\Windows\System\XFEqTvp.exe
  2⤵
  PID:6584
- C:\Windows\System\kIYvEJY.exe
  C:\Windows\System\kIYvEJY.exe
  2⤵
  PID:6792
- C:\Windows\System\pGYQikn.exe
  C:\Windows\System\pGYQikn.exe
  2⤵
  PID:6952
- C:\Windows\System\AFQWLRD.exe
  C:\Windows\System\AFQWLRD.exe
  2⤵
  PID:7084
- C:\Windows\System\OigfIul.exe
  C:\Windows\System\OigfIul.exe
  2⤵
  PID:6524
- C:\Windows\System\JiZzCLG.exe
  C:\Windows\System\JiZzCLG.exe
  2⤵
  PID:6788
- C:\Windows\System\WBOAtHP.exe
  C:\Windows\System\WBOAtHP.exe
  2⤵
  PID:2740
- C:\Windows\System\RSXtFVq.exe
  C:\Windows\System\RSXtFVq.exe
  2⤵
  PID:6096
- C:\Windows\System\javxcNH.exe
  C:\Windows\System\javxcNH.exe
  2⤵
  PID:6864
- C:\Windows\System\JKHjQyz.exe
  C:\Windows\System\JKHjQyz.exe
  2⤵
  PID:7044
- C:\Windows\System\xctbGbS.exe
  C:\Windows\System\xctbGbS.exe
  2⤵
  PID:6156
- C:\Windows\System\EpcZvmM.exe
  C:\Windows\System\EpcZvmM.exe
  2⤵
  PID:7100
- C:\Windows\System\FGyIUhr.exe
  C:\Windows\System\FGyIUhr.exe
  2⤵
  PID:7136
- C:\Windows\System\hIkSCaq.exe
  C:\Windows\System\hIkSCaq.exe
  2⤵
  PID:6380
- C:\Windows\System\vxsQqkv.exe
  C:\Windows\System\vxsQqkv.exe
  2⤵
  PID:7188
- C:\Windows\System\iDXmOvm.exe
  C:\Windows\System\iDXmOvm.exe
  2⤵
  PID:7220
- C:\Windows\System\Xmzqkki.exe
  C:\Windows\System\Xmzqkki.exe
  2⤵
  PID:7244
- C:\Windows\System\yUHXIBC.exe
  C:\Windows\System\yUHXIBC.exe
  2⤵
  PID:7288
- C:\Windows\System\FYwSClU.exe
  C:\Windows\System\FYwSClU.exe
  2⤵
  PID:7320
- C:\Windows\System\NIJBytC.exe
  C:\Windows\System\NIJBytC.exe
  2⤵
  PID:7364
- C:\Windows\System\huXoeXD.exe
  C:\Windows\System\huXoeXD.exe
  2⤵
  PID:7416
- C:\Windows\System\XMFHTTu.exe
  C:\Windows\System\XMFHTTu.exe
  2⤵
  PID:7440
- C:\Windows\System\hJdhMgS.exe
  C:\Windows\System\hJdhMgS.exe
  2⤵
  PID:7460
- C:\Windows\System\sSKEBmL.exe
  C:\Windows\System\sSKEBmL.exe
  2⤵
  PID:7492
- C:\Windows\System\GAGkvjI.exe
  C:\Windows\System\GAGkvjI.exe
  2⤵
  PID:7536
- C:\Windows\System\usDbAoh.exe
  C:\Windows\System\usDbAoh.exe
  2⤵
  PID:7588
- C:\Windows\System\FkUrtFP.exe
  C:\Windows\System\FkUrtFP.exe
  2⤵
  PID:7612
- C:\Windows\System\bLQcuSz.exe
  C:\Windows\System\bLQcuSz.exe
  2⤵
  PID:7660
- C:\Windows\System\YhjfDfc.exe
  C:\Windows\System\YhjfDfc.exe
  2⤵
  PID:7676
- C:\Windows\System\xzMGCwE.exe
  C:\Windows\System\xzMGCwE.exe
  2⤵
  PID:7696
- C:\Windows\System\eyhSGgq.exe
  C:\Windows\System\eyhSGgq.exe
  2⤵
  PID:7732
- C:\Windows\System\qLxSVcz.exe
  C:\Windows\System\qLxSVcz.exe
  2⤵
  PID:7756
- C:\Windows\System\KzCaDfN.exe
  C:\Windows\System\KzCaDfN.exe
  2⤵
  PID:7780
- C:\Windows\System\lYipQlI.exe
  C:\Windows\System\lYipQlI.exe
  2⤵
  PID:7804
- C:\Windows\System\mHDWddS.exe
  C:\Windows\System\mHDWddS.exe
  2⤵
  PID:7828
- C:\Windows\System\RaYmDAX.exe
  C:\Windows\System\RaYmDAX.exe
  2⤵
  PID:7848
- C:\Windows\System\GTsuchK.exe
  C:\Windows\System\GTsuchK.exe
  2⤵
  PID:7888
- C:\Windows\System\dzuUPHf.exe
  C:\Windows\System\dzuUPHf.exe
  2⤵
  PID:7908
- C:\Windows\System\xSwpzvZ.exe
  C:\Windows\System\xSwpzvZ.exe
  2⤵
  PID:7940
- C:\Windows\System\PQTeDgc.exe
  C:\Windows\System\PQTeDgc.exe
  2⤵
  PID:7976
- C:\Windows\System\cWOyNnz.exe
  C:\Windows\System\cWOyNnz.exe
  2⤵
  PID:8024
- C:\Windows\System\DegLSds.exe
  C:\Windows\System\DegLSds.exe
  2⤵
  PID:8040
- C:\Windows\System\DHVnity.exe
  C:\Windows\System\DHVnity.exe
  2⤵
  PID:8060
- C:\Windows\System\RwjqLZW.exe
  C:\Windows\System\RwjqLZW.exe
  2⤵
  PID:8088
- C:\Windows\System\iuwiqCD.exe
  C:\Windows\System\iuwiqCD.exe
  2⤵
  PID:8140
- C:\Windows\System\QJUKmGx.exe
  C:\Windows\System\QJUKmGx.exe
  2⤵
  PID:8156
- C:\Windows\System\sNAgvLP.exe
  C:\Windows\System\sNAgvLP.exe
  2⤵
  PID:8176
- C:\Windows\System\cJGHXGH.exe
  C:\Windows\System\cJGHXGH.exe
  2⤵
  PID:6408
- C:\Windows\System\ZhcrhVo.exe
  C:\Windows\System\ZhcrhVo.exe
  2⤵
  PID:7180
- C:\Windows\System\pmlkvqK.exe
  C:\Windows\System\pmlkvqK.exe
  2⤵
  PID:7236
- C:\Windows\System\yiIBDzr.exe
  C:\Windows\System\yiIBDzr.exe
  2⤵
  PID:7316
- C:\Windows\System\TIbinjF.exe
  C:\Windows\System\TIbinjF.exe
  2⤵
  PID:7336
- C:\Windows\System\xvihDjh.exe
  C:\Windows\System\xvihDjh.exe
  2⤵
  PID:7436
- C:\Windows\System\bfXGxhO.exe
  C:\Windows\System\bfXGxhO.exe
  2⤵
  PID:7504
- C:\Windows\System\AcPJUSa.exe
  C:\Windows\System\AcPJUSa.exe
  2⤵
  PID:7556
- C:\Windows\System\sagzPLq.exe
  C:\Windows\System\sagzPLq.exe
  2⤵
  PID:7604
- C:\Windows\System\QZuuhCw.exe
  C:\Windows\System\QZuuhCw.exe
  2⤵
  PID:7652
- C:\Windows\System\XaSVCHL.exe
  C:\Windows\System\XaSVCHL.exe
  2⤵
  PID:7692
- C:\Windows\System\xyCqHEb.exe
  C:\Windows\System\xyCqHEb.exe
  2⤵
  PID:7724
- C:\Windows\System\lnmdYOA.exe
  C:\Windows\System\lnmdYOA.exe
  2⤵
  PID:7812
- C:\Windows\System\UMzRimQ.exe
  C:\Windows\System\UMzRimQ.exe
  2⤵
  PID:7948
- C:\Windows\System\YxwWbcr.exe
  C:\Windows\System\YxwWbcr.exe
  2⤵
  PID:8004
- C:\Windows\System\rkaGkLD.exe
  C:\Windows\System\rkaGkLD.exe
  2⤵
  PID:8036
- C:\Windows\System\JXZpsqD.exe
  C:\Windows\System\JXZpsqD.exe
  2⤵
  PID:8108
- C:\Windows\System\kSOvXZJ.exe
  C:\Windows\System\kSOvXZJ.exe
  2⤵
  PID:8152
- C:\Windows\System\VegQBWb.exe
  C:\Windows\System\VegQBWb.exe
  2⤵
  PID:7252
- C:\Windows\System\BOynRYa.exe
  C:\Windows\System\BOynRYa.exe
  2⤵
  PID:7284
- C:\Windows\System\sOtFKfx.exe
  C:\Windows\System\sOtFKfx.exe
  2⤵
  PID:7388
- C:\Windows\System\cvoEtdQ.exe
  C:\Windows\System\cvoEtdQ.exe
  2⤵
  PID:7500
- C:\Windows\System\oozZPnG.exe
  C:\Windows\System\oozZPnG.exe
  2⤵
  PID:7572
- C:\Windows\System\GRFoGjE.exe
  C:\Windows\System\GRFoGjE.exe
  2⤵
  PID:7844
- C:\Windows\System\vWlNIMy.exe
  C:\Windows\System\vWlNIMy.exe
  2⤵
  PID:7968
- C:\Windows\System\qrurZrH.exe
  C:\Windows\System\qrurZrH.exe
  2⤵
  PID:8136
- C:\Windows\System\LEJLUYK.exe
  C:\Windows\System\LEJLUYK.exe
  2⤵
  PID:5868
- C:\Windows\System\tGxJEhk.exe
  C:\Windows\System\tGxJEhk.exe
  2⤵
  PID:7340
- C:\Windows\System\MGVYrIe.exe
  C:\Windows\System\MGVYrIe.exe
  2⤵
  PID:7900
- C:\Windows\System\htdDQLw.exe
  C:\Windows\System\htdDQLw.exe
  2⤵
  PID:7624
- C:\Windows\System\ShcBPmK.exe
  C:\Windows\System\ShcBPmK.exe
  2⤵
  PID:7932
- C:\Windows\System\xjXdjBO.exe
  C:\Windows\System\xjXdjBO.exe
  2⤵
  PID:8200
- C:\Windows\System\UZfBQfQ.exe
  C:\Windows\System\UZfBQfQ.exe
  2⤵
  PID:8244
- C:\Windows\System\oYCPsTG.exe
  C:\Windows\System\oYCPsTG.exe
  2⤵
  PID:8260
- C:\Windows\System\dfKfSre.exe
  C:\Windows\System\dfKfSre.exe
  2⤵
  PID:8284
- C:\Windows\System\dgGsUSW.exe
  C:\Windows\System\dgGsUSW.exe
  2⤵
  PID:8336
- C:\Windows\System\khQsacG.exe
  C:\Windows\System\khQsacG.exe
  2⤵
  PID:8356
- C:\Windows\System\FrVcvOW.exe
  C:\Windows\System\FrVcvOW.exe
  2⤵
  PID:8388
- C:\Windows\System\ZQnnJaX.exe
  C:\Windows\System\ZQnnJaX.exe
  2⤵
  PID:8408
- C:\Windows\System\MaFWjmJ.exe
  C:\Windows\System\MaFWjmJ.exe
  2⤵
  PID:8432
- C:\Windows\System\DcGNVvP.exe
  C:\Windows\System\DcGNVvP.exe
  2⤵
  PID:8456
- C:\Windows\System\hVZSKdK.exe
  C:\Windows\System\hVZSKdK.exe
  2⤵
  PID:8476
- C:\Windows\System\miXVIVR.exe
  C:\Windows\System\miXVIVR.exe
  2⤵
  PID:8492
- C:\Windows\System\CeSCWhs.exe
  C:\Windows\System\CeSCWhs.exe
  2⤵
  PID:8528
- C:\Windows\System\jNAjQiH.exe
  C:\Windows\System\jNAjQiH.exe
  2⤵
  PID:8548
- C:\Windows\System\sPPXHjX.exe
  C:\Windows\System\sPPXHjX.exe
  2⤵
  PID:8620
- C:\Windows\System\EvpTXyJ.exe
  C:\Windows\System\EvpTXyJ.exe
  2⤵
  PID:8644
- C:\Windows\System\NqJpmtR.exe
  C:\Windows\System\NqJpmtR.exe
  2⤵
  PID:8668
- C:\Windows\System\ToNPYAW.exe
  C:\Windows\System\ToNPYAW.exe
  2⤵
  PID:8712
- C:\Windows\System\fMEdwxG.exe
  C:\Windows\System\fMEdwxG.exe
  2⤵
  PID:8728
- C:\Windows\System\luGHdyE.exe
  C:\Windows\System\luGHdyE.exe
  2⤵
  PID:8756
- C:\Windows\System\XkXFDkR.exe
  C:\Windows\System\XkXFDkR.exe
  2⤵
  PID:8796
- C:\Windows\System\oVQmBWi.exe
  C:\Windows\System\oVQmBWi.exe
  2⤵
  PID:8816
- C:\Windows\System\xtySDyk.exe
  C:\Windows\System\xtySDyk.exe
  2⤵
  PID:8844
- C:\Windows\System\joxZFrE.exe
  C:\Windows\System\joxZFrE.exe
  2⤵
  PID:8880
- C:\Windows\System\hIRkCtQ.exe
  C:\Windows\System\hIRkCtQ.exe
  2⤵
  PID:8896
- C:\Windows\System\fKszqxX.exe
  C:\Windows\System\fKszqxX.exe
  2⤵
  PID:8916
- C:\Windows\System\pFHBcIy.exe
  C:\Windows\System\pFHBcIy.exe
  2⤵
  PID:8936
- C:\Windows\System\aZIOwEW.exe
  C:\Windows\System\aZIOwEW.exe
  2⤵
  PID:8964
- C:\Windows\System\HcWrgBV.exe
  C:\Windows\System\HcWrgBV.exe
  2⤵
  PID:9012
- C:\Windows\System\upGoFkT.exe
  C:\Windows\System\upGoFkT.exe
  2⤵
  PID:9032
- C:\Windows\System\tknGnXM.exe
  C:\Windows\System\tknGnXM.exe
  2⤵
  PID:9064
- C:\Windows\System\ncCSyVJ.exe
  C:\Windows\System\ncCSyVJ.exe
  2⤵
  PID:9088
- C:\Windows\System\OKvzZFL.exe
  C:\Windows\System\OKvzZFL.exe
  2⤵
  PID:9112
- C:\Windows\System\ibTRqbq.exe
  C:\Windows\System\ibTRqbq.exe
  2⤵
  PID:9136
- C:\Windows\System\nPQvKxh.exe
  C:\Windows\System\nPQvKxh.exe
  2⤵
  PID:9172
- C:\Windows\System\bfAlhIn.exe
  C:\Windows\System\bfAlhIn.exe
  2⤵
  PID:9208
- C:\Windows\System\YHUrgaF.exe
  C:\Windows\System\YHUrgaF.exe
  2⤵
  PID:8076
- C:\Windows\System\owGKTyV.exe
  C:\Windows\System\owGKTyV.exe
  2⤵
  PID:8280
- C:\Windows\System\RpdkzID.exe
  C:\Windows\System\RpdkzID.exe
  2⤵
  PID:8328
- C:\Windows\System\tLJBpWR.exe
  C:\Windows\System\tLJBpWR.exe
  2⤵
  PID:8380
- C:\Windows\System\wvXZpCM.exe
  C:\Windows\System\wvXZpCM.exe
  2⤵
  PID:8500
- C:\Windows\System\minhSvS.exe
  C:\Windows\System\minhSvS.exe
  2⤵
  PID:8536
- C:\Windows\System\uLjYzDC.exe
  C:\Windows\System\uLjYzDC.exe
  2⤵
  PID:8564
- C:\Windows\System\pYMLIGq.exe
  C:\Windows\System\pYMLIGq.exe
  2⤵
  PID:8700
- C:\Windows\System\WckDtsq.exe
  C:\Windows\System\WckDtsq.exe
  2⤵
  PID:8752
- C:\Windows\System\SqUTAYG.exe
  C:\Windows\System\SqUTAYG.exe
  2⤵
  PID:8808
- C:\Windows\System\vAqLuKg.exe
  C:\Windows\System\vAqLuKg.exe
  2⤵
  PID:8892
- C:\Windows\System\tqYrXtP.exe
  C:\Windows\System\tqYrXtP.exe
  2⤵
  PID:8128
- C:\Windows\System\FbtaBXP.exe
  C:\Windows\System\FbtaBXP.exe
  2⤵
  PID:8988
- C:\Windows\System\uoKZUvQ.exe
  C:\Windows\System\uoKZUvQ.exe
  2⤵
  PID:9052
- C:\Windows\System\wXdlWIc.exe
  C:\Windows\System\wXdlWIc.exe
  2⤵
  PID:9108
- C:\Windows\System\kKPPTbb.exe
  C:\Windows\System\kKPPTbb.exe
  2⤵
  PID:9192
- C:\Windows\System\ZioWPiB.exe
  C:\Windows\System\ZioWPiB.exe
  2⤵
  PID:8224
- C:\Windows\System\GExDBAs.exe
  C:\Windows\System\GExDBAs.exe
  2⤵
  PID:8544
- C:\Windows\System\siYkKQQ.exe
  C:\Windows\System\siYkKQQ.exe
  2⤵
  PID:8656
- C:\Windows\System\zpPcRMl.exe
  C:\Windows\System\zpPcRMl.exe
  2⤵
  PID:8740
- C:\Windows\System\jzYbnrZ.exe
  C:\Windows\System\jzYbnrZ.exe
  2⤵
  PID:8876
- C:\Windows\System\IjQhOoZ.exe
  C:\Windows\System\IjQhOoZ.exe
  2⤵
  PID:8972
- C:\Windows\System\ijVLjSZ.exe
  C:\Windows\System\ijVLjSZ.exe
  2⤵
  PID:7272
- C:\Windows\System\kvaFxVY.exe
  C:\Windows\System\kvaFxVY.exe
  2⤵
  PID:8276
- C:\Windows\System\RnGcvxt.exe
  C:\Windows\System\RnGcvxt.exe
  2⤵
  PID:8472
- C:\Windows\System\XNBZbut.exe
  C:\Windows\System\XNBZbut.exe
  2⤵
  PID:8872
- C:\Windows\System\bqqsJQh.exe
  C:\Windows\System\bqqsJQh.exe
  2⤵
  PID:8236
- C:\Windows\System\ImgWyXl.exe
  C:\Windows\System\ImgWyXl.exe
  2⤵
  PID:9224
- C:\Windows\System\OeKVBHv.exe
  C:\Windows\System\OeKVBHv.exe
  2⤵
  PID:9248
- C:\Windows\System\zfphYhJ.exe
  C:\Windows\System\zfphYhJ.exe
  2⤵
  PID:9272
- C:\Windows\System\yZGGeck.exe
  C:\Windows\System\yZGGeck.exe
  2⤵
  PID:9292
- C:\Windows\System\LnoWxdw.exe
  C:\Windows\System\LnoWxdw.exe
  2⤵
  PID:9308
- C:\Windows\System\svULscP.exe
  C:\Windows\System\svULscP.exe
  2⤵
  PID:9368
- C:\Windows\System\QMXtyKm.exe
  C:\Windows\System\QMXtyKm.exe
  2⤵
  PID:9404
- C:\Windows\System\aJreZxG.exe
  C:\Windows\System\aJreZxG.exe
  2⤵
  PID:9428
- C:\Windows\System\XkuQBDA.exe
  C:\Windows\System\XkuQBDA.exe
  2⤵
  PID:9452
- C:\Windows\System\ZuntOAR.exe
  C:\Windows\System\ZuntOAR.exe
  2⤵
  PID:9528
- C:\Windows\System\XKPDgeH.exe
  C:\Windows\System\XKPDgeH.exe
  2⤵
  PID:9560
- C:\Windows\System\RJdNfJo.exe
  C:\Windows\System\RJdNfJo.exe
  2⤵
  PID:9584
- C:\Windows\System\kwxOUGy.exe
  C:\Windows\System\kwxOUGy.exe
  2⤵
  PID:9604
- C:\Windows\System\MQAlZuB.exe
  C:\Windows\System\MQAlZuB.exe
  2⤵
  PID:9624
- C:\Windows\System\BZsdeNQ.exe
  C:\Windows\System\BZsdeNQ.exe
  2⤵
  PID:9644
- C:\Windows\System\yCtSqjg.exe
  C:\Windows\System\yCtSqjg.exe
  2⤵
  PID:9660
- C:\Windows\System\weMwHqF.exe
  C:\Windows\System\weMwHqF.exe
  2⤵
  PID:9676
- C:\Windows\System\DscajRF.exe
  C:\Windows\System\DscajRF.exe
  2⤵
  PID:9692
- C:\Windows\System\hNeVaSd.exe
  C:\Windows\System\hNeVaSd.exe
  2⤵
  PID:9708
- C:\Windows\System\oEsKcSq.exe
  C:\Windows\System\oEsKcSq.exe
  2⤵
  PID:9724
- C:\Windows\System\DUFomDI.exe
  C:\Windows\System\DUFomDI.exe
  2⤵
  PID:9740
- C:\Windows\System\tOERAYH.exe
  C:\Windows\System\tOERAYH.exe
  2⤵
  PID:9756
- C:\Windows\System\aLnBojW.exe
  C:\Windows\System\aLnBojW.exe
  2⤵
  PID:9772
- C:\Windows\System\VoYZrny.exe
  C:\Windows\System\VoYZrny.exe
  2⤵
  PID:9788
- C:\Windows\System\ONpSxyN.exe
  C:\Windows\System\ONpSxyN.exe
  2⤵
  PID:9804
- C:\Windows\System\cqVGdeA.exe
  C:\Windows\System\cqVGdeA.exe
  2⤵
  PID:9868
- C:\Windows\System\TMdEOca.exe
  C:\Windows\System\TMdEOca.exe
  2⤵
  PID:9988
- C:\Windows\System\bDBJJyd.exe
  C:\Windows\System\bDBJJyd.exe
  2⤵
  PID:10004
- C:\Windows\System\oFaIyeq.exe
  C:\Windows\System\oFaIyeq.exe
  2⤵
  PID:10036
- C:\Windows\System\IhfZlRX.exe
  C:\Windows\System\IhfZlRX.exe
  2⤵
  PID:10140
- C:\Windows\System\CxIRDYg.exe
  C:\Windows\System\CxIRDYg.exe
  2⤵
  PID:10204
- C:\Windows\System\ywwhroK.exe
  C:\Windows\System\ywwhroK.exe
  2⤵
  PID:9156
- C:\Windows\System\rbBDzhD.exe
  C:\Windows\System\rbBDzhD.exe
  2⤵
  PID:9348
- C:\Windows\System\GgkkzuA.exe
  C:\Windows\System\GgkkzuA.exe
  2⤵
  PID:9388
- C:\Windows\System\RpSbGOR.exe
  C:\Windows\System\RpSbGOR.exe
  2⤵
  PID:9444
- C:\Windows\System\FMBzZvp.exe
  C:\Windows\System\FMBzZvp.exe
  2⤵
  PID:9476
- C:\Windows\System\cfmWUuB.exe
  C:\Windows\System\cfmWUuB.exe
  2⤵
  PID:9512
- C:\Windows\System\KUVysUq.exe
  C:\Windows\System\KUVysUq.exe
  2⤵
  PID:9536
- C:\Windows\System\IOwtewy.exe
  C:\Windows\System\IOwtewy.exe
  2⤵
  PID:9632
- C:\Windows\System\HEkKONp.exe
  C:\Windows\System\HEkKONp.exe
  2⤵
  PID:9840
- C:\Windows\System\GDNVqvw.exe
  C:\Windows\System\GDNVqvw.exe
  2⤵
  PID:9920
- C:\Windows\System\CfvbOJe.exe
  C:\Windows\System\CfvbOJe.exe
  2⤵
  PID:9984
- C:\Windows\System\ESLDfoG.exe
  C:\Windows\System\ESLDfoG.exe
  2⤵
  PID:9596
- C:\Windows\System\fRmnHyP.exe
  C:\Windows\System\fRmnHyP.exe
  2⤵
  PID:10068
- C:\Windows\System\QgUnjQq.exe
  C:\Windows\System\QgUnjQq.exe
  2⤵
  PID:9748
- C:\Windows\System\oGrwZmY.exe
  C:\Windows\System\oGrwZmY.exe
  2⤵
  PID:9812
- C:\Windows\System\ADdckhC.exe
  C:\Windows\System\ADdckhC.exe
  2⤵
  PID:9864
- C:\Windows\System\tusfFim.exe
  C:\Windows\System\tusfFim.exe
  2⤵
  PID:9968
- C:\Windows\System\vfBRJgy.exe
  C:\Windows\System\vfBRJgy.exe
  2⤵
  PID:10172
- C:\Windows\System\iIoolLn.exe
  C:\Windows\System\iIoolLn.exe
  2⤵
  PID:10220
- C:\Windows\System\MpjhKBV.exe
  C:\Windows\System\MpjhKBV.exe
  2⤵
  PID:9300
- C:\Windows\System\lfpIqtJ.exe
  C:\Windows\System\lfpIqtJ.exe
  2⤵
  PID:9464
- C:\Windows\System\CYOZEQE.exe
  C:\Windows\System\CYOZEQE.exe
  2⤵
  PID:9620
- C:\Windows\System\ZtTzyKD.exe
  C:\Windows\System\ZtTzyKD.exe
  2⤵
  PID:9552
- C:\Windows\System\bNoDbdQ.exe
  C:\Windows\System\bNoDbdQ.exe
  2⤵
  PID:9860
- C:\Windows\System\KzCusbm.exe
  C:\Windows\System\KzCusbm.exe
  2⤵
  PID:9960
- C:\Windows\System\FCTHyvD.exe
  C:\Windows\System\FCTHyvD.exe
  2⤵
  PID:9244
- C:\Windows\System\vyucImM.exe
  C:\Windows\System\vyucImM.exe
  2⤵
  PID:8832
- C:\Windows\System\iOkKSmD.exe
  C:\Windows\System\iOkKSmD.exe
  2⤵
  PID:9704
- C:\Windows\System\xrWbDbr.exe
  C:\Windows\System\xrWbDbr.exe
  2⤵
  PID:9800
- C:\Windows\System\LkeaBBi.exe
  C:\Windows\System\LkeaBBi.exe
  2⤵
  PID:9480
- C:\Windows\System\ePdspeV.exe
  C:\Windows\System\ePdspeV.exe
  2⤵
  PID:9448
- C:\Windows\System\jZxBLPo.exe
  C:\Windows\System\jZxBLPo.exe
  2⤵
  PID:10248
- C:\Windows\System\jRTIGYM.exe
  C:\Windows\System\jRTIGYM.exe
  2⤵
  PID:10280
- C:\Windows\System\RjmuOKf.exe
  C:\Windows\System\RjmuOKf.exe
  2⤵
  PID:10316
- C:\Windows\System\efTfbPA.exe
  C:\Windows\System\efTfbPA.exe
  2⤵
  PID:10340
- C:\Windows\System\FcQyiNN.exe
  C:\Windows\System\FcQyiNN.exe
  2⤵
  PID:10368
- C:\Windows\System\UeLoaCO.exe
  C:\Windows\System\UeLoaCO.exe
  2⤵
  PID:10392
- C:\Windows\System\LNtorDW.exe
  C:\Windows\System\LNtorDW.exe
  2⤵
  PID:10436
- C:\Windows\System\EesOuMQ.exe
  C:\Windows\System\EesOuMQ.exe
  2⤵
  PID:10456
- C:\Windows\System\LsBppos.exe
  C:\Windows\System\LsBppos.exe
  2⤵
  PID:10476
- C:\Windows\System\ZdzjqHY.exe
  C:\Windows\System\ZdzjqHY.exe
  2⤵
  PID:10508
- C:\Windows\System\kMeKXCU.exe
  C:\Windows\System\kMeKXCU.exe
  2⤵
  PID:10532
- C:\Windows\System\EftDBNy.exe
  C:\Windows\System\EftDBNy.exe
  2⤵
  PID:10564
- C:\Windows\System\bEFhEqW.exe
  C:\Windows\System\bEFhEqW.exe
  2⤵
  PID:10592
- C:\Windows\System\YZiYiak.exe
  C:\Windows\System\YZiYiak.exe
  2⤵
  PID:10640
- C:\Windows\System\kxLOguJ.exe
  C:\Windows\System\kxLOguJ.exe
  2⤵
  PID:10656
- C:\Windows\System\dukJmlM.exe
  C:\Windows\System\dukJmlM.exe
  2⤵
  PID:10692
- C:\Windows\System\pDbBsMm.exe
  C:\Windows\System\pDbBsMm.exe
  2⤵
  PID:10712
- C:\Windows\System\XfLMizy.exe
  C:\Windows\System\XfLMizy.exe
  2⤵
  PID:10740
- C:\Windows\System\XYcqcDk.exe
  C:\Windows\System\XYcqcDk.exe
  2⤵
  PID:10768
- C:\Windows\System\WbiKYVi.exe
  C:\Windows\System\WbiKYVi.exe
  2⤵
  PID:10840
- C:\Windows\System\TxhwtRv.exe
  C:\Windows\System\TxhwtRv.exe
  2⤵
  PID:10856
- C:\Windows\System\UYkDxXN.exe
  C:\Windows\System\UYkDxXN.exe
  2⤵
  PID:10884
- C:\Windows\System\bdnfUjK.exe
  C:\Windows\System\bdnfUjK.exe
  2⤵
  PID:10904
- C:\Windows\System\nWqWOng.exe
  C:\Windows\System\nWqWOng.exe
  2⤵
  PID:10928
- C:\Windows\System\FmCnHkb.exe
  C:\Windows\System\FmCnHkb.exe
  2⤵
  PID:10956
- C:\Windows\System\UWoDOvK.exe
  C:\Windows\System\UWoDOvK.exe
  2⤵
  PID:10984
- C:\Windows\System\tWmguSY.exe
  C:\Windows\System\tWmguSY.exe
  2⤵
  PID:11000
- C:\Windows\System\FTByMbV.exe
  C:\Windows\System\FTByMbV.exe
  2⤵
  PID:11024
- C:\Windows\System\rywBtRv.exe
  C:\Windows\System\rywBtRv.exe
  2⤵
  PID:11068
- C:\Windows\System\dsttpVS.exe
  C:\Windows\System\dsttpVS.exe
  2⤵
  PID:11088
- C:\Windows\System\QjEEthT.exe
  C:\Windows\System\QjEEthT.exe
  2⤵
  PID:11120
- C:\Windows\System\MSeqgIR.exe
  C:\Windows\System\MSeqgIR.exe
  2⤵
  PID:11136
- C:\Windows\System\fVUUdHm.exe
  C:\Windows\System\fVUUdHm.exe
  2⤵
  PID:11180
- C:\Windows\System\JhMuowV.exe
  C:\Windows\System\JhMuowV.exe
  2⤵
  PID:11196
- C:\Windows\System\rSZUPfR.exe
  C:\Windows\System\rSZUPfR.exe
  2⤵
  PID:11216
- C:\Windows\System\lodrBXr.exe
  C:\Windows\System\lodrBXr.exe
  2⤵
  PID:11240
- C:\Windows\System\sSJCNvD.exe
  C:\Windows\System\sSJCNvD.exe
  2⤵
  PID:11260
- C:\Windows\System\fhiVKes.exe
  C:\Windows\System\fhiVKes.exe
  2⤵
  PID:8836
- C:\Windows\System\PkmxvzI.exe
  C:\Windows\System\PkmxvzI.exe
  2⤵
  PID:10348
- C:\Windows\System\cZUGxeK.exe
  C:\Windows\System\cZUGxeK.exe
  2⤵
  PID:10484
- C:\Windows\System\SVuuemg.exe
  C:\Windows\System\SVuuemg.exe
  2⤵
  PID:10556
- C:\Windows\System\cRuSFhp.exe
  C:\Windows\System\cRuSFhp.exe
  2⤵
  PID:10648
- C:\Windows\System\YTBNVXd.exe
  C:\Windows\System\YTBNVXd.exe
  2⤵
  PID:10684
- C:\Windows\System\epfEPEO.exe
  C:\Windows\System\epfEPEO.exe
  2⤵
  PID:10732
- C:\Windows\System\GFkpbrg.exe
  C:\Windows\System\GFkpbrg.exe
  2⤵
  PID:10804
- C:\Windows\System\dPFjpOD.exe
  C:\Windows\System\dPFjpOD.exe
  2⤵
  PID:10848
- C:\Windows\System\ZtDuhab.exe
  C:\Windows\System\ZtDuhab.exe
  2⤵
  PID:10896
- C:\Windows\System\NDfKUmx.exe
  C:\Windows\System\NDfKUmx.exe
  2⤵
  PID:10992
- C:\Windows\System\SVCkgWq.exe
  C:\Windows\System\SVCkgWq.exe
  2⤵
  PID:11052
- C:\Windows\System\gOhGdVo.exe
  C:\Windows\System\gOhGdVo.exe
  2⤵
  PID:11108
- C:\Windows\System\dLAQOYB.exe
  C:\Windows\System\dLAQOYB.exe
  2⤵
  PID:11164
- C:\Windows\System\VaiyWnw.exe
  C:\Windows\System\VaiyWnw.exe
  2⤵
  PID:11252
- C:\Windows\System\pBaOfdo.exe
  C:\Windows\System\pBaOfdo.exe
  2⤵
  PID:10336
- C:\Windows\System\CPCzhMK.exe
  C:\Windows\System\CPCzhMK.exe
  2⤵
  PID:10464
- C:\Windows\System\xLbyGAv.exe
  C:\Windows\System\xLbyGAv.exe
  2⤵
  PID:10616
- C:\Windows\System\YjIUcPg.exe
  C:\Windows\System\YjIUcPg.exe
  2⤵
  PID:10708
- C:\Windows\System\BGuSGGq.exe
  C:\Windows\System\BGuSGGq.exe
  2⤵
  PID:1084
- C:\Windows\System\GlMPdVs.exe
  C:\Windows\System\GlMPdVs.exe
  2⤵
  PID:10900
- C:\Windows\System\gmRUFgY.exe
  C:\Windows\System\gmRUFgY.exe
  2⤵
  PID:11096
- C:\Windows\System\BIHIhFs.exe
  C:\Windows\System\BIHIhFs.exe
  2⤵
  PID:11236
- C:\Windows\System\UGtMQdY.exe
  C:\Windows\System\UGtMQdY.exe
  2⤵
  PID:10308
- C:\Windows\System\FfgDeFA.exe
  C:\Windows\System\FfgDeFA.exe
  2⤵
  PID:10756
- C:\Windows\System\YblKZZt.exe
  C:\Windows\System\YblKZZt.exe
  2⤵
  PID:10788
- C:\Windows\System\zwgsVBo.exe
  C:\Windows\System\zwgsVBo.exe
  2⤵
  PID:11208
- C:\Windows\System\SrjzAoJ.exe
  C:\Windows\System\SrjzAoJ.exe
  2⤵
  PID:11280
- C:\Windows\System\dRrTiNn.exe
  C:\Windows\System\dRrTiNn.exe
  2⤵
  PID:11300
- C:\Windows\System\vjcUpzB.exe
  C:\Windows\System\vjcUpzB.exe
  2⤵
  PID:11352
- C:\Windows\System\fOQUBwX.exe
  C:\Windows\System\fOQUBwX.exe
  2⤵
  PID:11372
- C:\Windows\System\cyAXOPJ.exe
  C:\Windows\System\cyAXOPJ.exe
  2⤵
  PID:11412
- C:\Windows\System\WHuskyC.exe
  C:\Windows\System\WHuskyC.exe
  2⤵
  PID:11448
- C:\Windows\System\ptKcSQu.exe
  C:\Windows\System\ptKcSQu.exe
  2⤵
  PID:11468
- C:\Windows\System\QttWbyg.exe
  C:\Windows\System\QttWbyg.exe
  2⤵
  PID:11496
- C:\Windows\System\lvObdZb.exe
  C:\Windows\System\lvObdZb.exe
  2⤵
  PID:11524
- C:\Windows\System\vPjTcVS.exe
  C:\Windows\System\vPjTcVS.exe
  2⤵
  PID:11548
- C:\Windows\System\aoLIUej.exe
  C:\Windows\System\aoLIUej.exe
  2⤵
  PID:11592
- C:\Windows\System\pplrseE.exe
  C:\Windows\System\pplrseE.exe
  2⤵
  PID:11620
- C:\Windows\System\fBJUvsk.exe
  C:\Windows\System\fBJUvsk.exe
  2⤵
  PID:11648
- C:\Windows\System\UwYgDZU.exe
  C:\Windows\System\UwYgDZU.exe
  2⤵
  PID:11684
- C:\Windows\System\XHcYViM.exe
  C:\Windows\System\XHcYViM.exe
  2⤵
  PID:11724
- C:\Windows\System\XnIFWGT.exe
  C:\Windows\System\XnIFWGT.exe
  2⤵
  PID:11740
- C:\Windows\System\nOVlyTN.exe
  C:\Windows\System\nOVlyTN.exe
  2⤵
  PID:11760
- C:\Windows\System\VSroeOt.exe
  C:\Windows\System\VSroeOt.exe
  2⤵
  PID:11788
- C:\Windows\System\LqhNHru.exe
  C:\Windows\System\LqhNHru.exe
  2⤵
  PID:11812
- C:\Windows\System\ocHkVRM.exe
  C:\Windows\System\ocHkVRM.exe
  2⤵
  PID:11840
- C:\Windows\System\QpIXriA.exe
  C:\Windows\System\QpIXriA.exe
  2⤵
  PID:11864
- C:\Windows\System\hEWkFvY.exe
  C:\Windows\System\hEWkFvY.exe
  2⤵
  PID:11900
- C:\Windows\System\Gbctqgd.exe
  C:\Windows\System\Gbctqgd.exe
  2⤵
  PID:11940
- C:\Windows\System\FfVvXXp.exe
  C:\Windows\System\FfVvXXp.exe
  2⤵
  PID:11964
- C:\Windows\System\nKIjuUZ.exe
  C:\Windows\System\nKIjuUZ.exe
  2⤵
  PID:11992
- C:\Windows\System\yNrHizH.exe
  C:\Windows\System\yNrHizH.exe
  2⤵
  PID:12016
- C:\Windows\System\cPQyerv.exe
  C:\Windows\System\cPQyerv.exe
  2⤵
  PID:12048
- C:\Windows\System\wJfVsAw.exe
  C:\Windows\System\wJfVsAw.exe
  2⤵
  PID:12064
- C:\Windows\System\nzUziHY.exe
  C:\Windows\System\nzUziHY.exe
  2⤵
  PID:12092
- C:\Windows\System\ayVWvjn.exe
  C:\Windows\System\ayVWvjn.exe
  2⤵
  PID:12128
- C:\Windows\System\mHNLnOk.exe
  C:\Windows\System\mHNLnOk.exe
  2⤵
  PID:12184
- C:\Windows\System\lSmNIMu.exe
  C:\Windows\System\lSmNIMu.exe
  2⤵
  PID:12208
- C:\Windows\System\LQoCzyK.exe
  C:\Windows\System\LQoCzyK.exe
  2⤵
  PID:12232
- C:\Windows\System\uwgyxFu.exe
  C:\Windows\System\uwgyxFu.exe
  2⤵
  PID:12248
- C:\Windows\System\msiqBbW.exe
  C:\Windows\System\msiqBbW.exe
  2⤵
  PID:12272
- C:\Windows\System\NFpxfzO.exe
  C:\Windows\System\NFpxfzO.exe
  2⤵
  PID:10524
- C:\Windows\System\zLGdzlL.exe
  C:\Windows\System\zLGdzlL.exe
  2⤵
  PID:3816
- C:\Windows\System\NNJuZbj.exe
  C:\Windows\System\NNJuZbj.exe
  2⤵
  PID:11336
- C:\Windows\System\QGCSVlI.exe
  C:\Windows\System\QGCSVlI.exe
  2⤵
  PID:11396
- C:\Windows\System\yGLLsDF.exe
  C:\Windows\System\yGLLsDF.exe
  2⤵
  PID:11424
- C:\Windows\System\WGCmeLs.exe
  C:\Windows\System\WGCmeLs.exe
  2⤵
  PID:11544
- C:\Windows\System\DDkhdBr.exe
  C:\Windows\System\DDkhdBr.exe
  2⤵
  PID:11600
- C:\Windows\System\KCbNrYd.exe
  C:\Windows\System\KCbNrYd.exe
  2⤵
  PID:11640
- C:\Windows\System\dAlwMme.exe
  C:\Windows\System\dAlwMme.exe
  2⤵
  PID:11768
- C:\Windows\System\wxCtIQx.exe
  C:\Windows\System\wxCtIQx.exe
  2⤵
  PID:11756
- C:\Windows\System\XsGriIf.exe
  C:\Windows\System\XsGriIf.exe
  2⤵
  PID:11808
- C:\Windows\System\NUqQUUN.exe
  C:\Windows\System\NUqQUUN.exe
  2⤵
  PID:11928
- C:\Windows\System\DpMJoIS.exe
  C:\Windows\System\DpMJoIS.exe
  2⤵
  PID:11960
- C:\Windows\System\xFmnUnY.exe
  C:\Windows\System\xFmnUnY.exe
  2⤵
  PID:2364
- C:\Windows\System\ybWjdUc.exe
  C:\Windows\System\ybWjdUc.exe
  2⤵
  PID:12056
- C:\Windows\System\Dnrbomy.exe
  C:\Windows\System\Dnrbomy.exe
  2⤵
  PID:12040
- C:\Windows\System\RKPBPiH.exe
  C:\Windows\System\RKPBPiH.exe
  2⤵
  PID:12152
- C:\Windows\System\zFOMRTX.exe
  C:\Windows\System\zFOMRTX.exe
  2⤵
  PID:12240
- C:\Windows\System\vmwjRAa.exe
  C:\Windows\System\vmwjRAa.exe
  2⤵
  PID:12256
- C:\Windows\System\WscFIcG.exe
  C:\Windows\System\WscFIcG.exe
  2⤵
  PID:10492
- C:\Windows\System\haNlQyg.exe
  C:\Windows\System\haNlQyg.exe
  2⤵
  PID:11296
- C:\Windows\System\GOzjViZ.exe
  C:\Windows\System\GOzjViZ.exe
  2⤵
  PID:11612
- C:\Windows\System\kFtDjCP.exe
  C:\Windows\System\kFtDjCP.exe
  2⤵
  PID:11704
- C:\Windows\System\cHAUKjg.exe
  C:\Windows\System\cHAUKjg.exe
  2⤵
  PID:11976
- C:\Windows\System\hWfmzct.exe
  C:\Windows\System\hWfmzct.exe
  2⤵
  PID:11988
- C:\Windows\System\rNDDASs.exe
  C:\Windows\System\rNDDASs.exe
  2⤵
  PID:4884
- C:\Windows\System\pmLsnhd.exe
  C:\Windows\System\pmLsnhd.exe
  2⤵
  PID:12160
- C:\Windows\System\vzbUGht.exe
  C:\Windows\System\vzbUGht.exe
  2⤵
  PID:12200
- C:\Windows\System\QUtlfKS.exe
  C:\Windows\System\QUtlfKS.exe
  2⤵
  PID:11628
- C:\Windows\System\vOMUAcb.exe
  C:\Windows\System\vOMUAcb.exe
  2⤵
  PID:11008
- C:\Windows\System\tnmEfIw.exe
  C:\Windows\System\tnmEfIw.exe
  2⤵
  PID:12008
- C:\Windows\System\BnsKeNt.exe
  C:\Windows\System\BnsKeNt.exe
  2⤵
  PID:12300
- C:\Windows\System\uGrXnoP.exe
  C:\Windows\System\uGrXnoP.exe
  2⤵
  PID:12336
- C:\Windows\System\naqBAaf.exe
  C:\Windows\System\naqBAaf.exe
  2⤵
  PID:12372
- C:\Windows\System\oglIdIa.exe
  C:\Windows\System\oglIdIa.exe
  2⤵
  PID:12400
- C:\Windows\System\hmVjVFj.exe
  C:\Windows\System\hmVjVFj.exe
  2⤵
  PID:12420
- C:\Windows\System\snvPtdb.exe
  C:\Windows\System\snvPtdb.exe
  2⤵
  PID:12440
- C:\Windows\System\gqeYJrH.exe
  C:\Windows\System\gqeYJrH.exe
  2⤵
  PID:12468
- C:\Windows\System\zqFlxfK.exe
  C:\Windows\System\zqFlxfK.exe
  2⤵
  PID:12504
- C:\Windows\System\FvdrKgV.exe
  C:\Windows\System\FvdrKgV.exe
  2⤵
  PID:12532
- C:\Windows\System\BmJSnuk.exe
  C:\Windows\System\BmJSnuk.exe
  2⤵
  PID:12552
- C:\Windows\System\raiQzPN.exe
  C:\Windows\System\raiQzPN.exe
  2⤵
  PID:12592
- C:\Windows\System\ADMQiyX.exe
  C:\Windows\System\ADMQiyX.exe
  2⤵
  PID:12620
- C:\Windows\System\jbNxBJZ.exe
  C:\Windows\System\jbNxBJZ.exe
  2⤵
  PID:12640
- C:\Windows\System\FcyGXsB.exe
  C:\Windows\System\FcyGXsB.exe
  2⤵
  PID:12660
- C:\Windows\System\frjWBOW.exe
  C:\Windows\System\frjWBOW.exe
  2⤵
  PID:12696
- C:\Windows\System\WqffWxt.exe
  C:\Windows\System\WqffWxt.exe
  2⤵
  PID:12720
- C:\Windows\System\nsLsFfL.exe
  C:\Windows\System\nsLsFfL.exe
  2⤵
  PID:12812
- C:\Windows\System\hFpjyCB.exe
  C:\Windows\System\hFpjyCB.exe
  2⤵
  PID:12936
- C:\Windows\System\BZKOWtM.exe
  C:\Windows\System\BZKOWtM.exe
  2⤵
  PID:12952
- C:\Windows\System\KDtZwuG.exe
  C:\Windows\System\KDtZwuG.exe
  2⤵
  PID:12972
- C:\Windows\System\MZYAAzt.exe
  C:\Windows\System\MZYAAzt.exe
  2⤵
  PID:12988
- C:\Windows\System\CssYiKQ.exe
  C:\Windows\System\CssYiKQ.exe
  2⤵
  PID:13008
- C:\Windows\System\RNDUfXR.exe
  C:\Windows\System\RNDUfXR.exe
  2⤵
  PID:13024
- C:\Windows\System\SvlAdLH.exe
  C:\Windows\System\SvlAdLH.exe
  2⤵
  PID:13176
- C:\Windows\System\SKZYFfo.exe
  C:\Windows\System\SKZYFfo.exe
  2⤵
  PID:13228
- C:\Windows\System\EvgexKj.exe
  C:\Windows\System\EvgexKj.exe
  2⤵
  PID:13264
- C:\Windows\System\wEHYppj.exe
  C:\Windows\System\wEHYppj.exe
  2⤵
  PID:13284
- C:\Windows\System\Jxzuaax.exe
  C:\Windows\System\Jxzuaax.exe
  2⤵
  PID:13308
- C:\Windows\System\tVLEOms.exe
  C:\Windows\System\tVLEOms.exe
  2⤵
  PID:12692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VI0RJTXZ\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vrydrp3z.432.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AFaJEie.exe

Filesize
1.9MB

MD5
cd0d43eea4af23fe3928e8eb6d6f434f

SHA1
2edff7ef426937a5cbc44df12ca0f0471ee7ace8

SHA256
09c1568fb51ee87062bf03a7cbee24cce4c0c70a5a929d903a9ec2f938a71263

SHA512
c97009d1c56f84cbf67b560d20e49c50a3ed2a15377ad8c8a80ba8d51b22a9ec5c3200e9d61a818044e190eb908e3e56e17541bddd3feaf6208193dbf802949b

Download Submit
C:\Windows\System\AhQhxaW.exe

Filesize
1.9MB

MD5
9191bee2bdf4676921e3541d3e9a0d17

SHA1
15114665d9cb506794e5e12a7a3bb707902be8e4

SHA256
bfd8bea77bfa2d28ca74fd8bfbe0f0c3f45d365d3bab297fe9ea8a34f927752d

SHA512
529c6b2bf9bfbfe475e12d014e40cecc433b8191386519deb7e60302fb249e2ef077764d2b340e12eff4c59aa7bcfbf4367a2462e355f1bc490c44af51b1054b

Download Submit
C:\Windows\System\BicILrV.exe

Filesize
1.9MB

MD5
5f1677126133449251780add1433e1b2

SHA1
930b6f6b9983b8dc116cf9c41700fb8e5ed378b2

SHA256
6cabff4cf6e38cfce886944ff779a122742814b122197dd2432b7c30880ea443

SHA512
05db094c6db9ee226ad24b11e0daa780c6aa390242af91abd694a9aa25ab39265bb81527b7da33e5fb02a92fd1f07e494249e7434e1e01896a44e4c9324c83ba

Download Submit
C:\Windows\System\CdbUexV.exe

Filesize
1.9MB

MD5
76cfc92f723bdcc29df226929f44be98

SHA1
cab0f9f6c5394ba210f0665a9e170f4dadcc2d4f

SHA256
fb99ae28ac743f3e5e1bc1574d3c246a66168ac14b00c463cfd5ce5c650974ec

SHA512
9fc1621691fa28e008d4f3a5e91f997fc77fc8dc7cc64f7d76533c795032353d5aeb3530917c9c0db49c20a01b732689d849b15b2ad55699e8bf95968aff2c9c

Download Submit
C:\Windows\System\ChpArMh.exe

Filesize
1.9MB

MD5
34842a640cdb3556b2a11f0ae6d09be7

SHA1
7235e61c5234697d2a13692906c71671028644f9

SHA256
bb24851e18ba33d4b1685528a425b4b6d554125540562e48394c2bf25a88d83b

SHA512
b0e49e18ce0d7284dba9d29e88fe2dba1a755a16263faa2fe5c93ac58744d166622401b505407a97984f8ef4a7ab41407dc21c0a37709711eac0774a66ed03b0

Download Submit
C:\Windows\System\CrsTVxy.exe

Filesize
1.9MB

MD5
e8dd331c668c134379aa295ff929932e

SHA1
0aa186a422f80b57ead2de81110a16e613370fbd

SHA256
4f22738312aae58e566e048ac890aa6fbafaba879b6f57a9877737b854e4cdd2

SHA512
ea568e79724a567ac43519262ff7cebbeaec78739527a82b467db6d59880b0299ddcaf267873865be1e3ba538b51cff1c1b31c3bb88121a69daa0bbac2ec8423

Download Submit
C:\Windows\System\EuTttaj.exe

Filesize
1.9MB

MD5
b2e34ac9b7c73a69ca1c1f760bdb0607

SHA1
2b7ac2fcbb09546f78ec296f9890edf02ef46968

SHA256
10785d689b198e3ba7ab44588e813ab776fb054f864445716b3db5f40b3c2ce0

SHA512
d0b173db04006da1997d1d3b9b14504f3c41a0614e61b7cfc37ad04bbabe138f0e177fd1bd2cc806fb5af799f8026cfbb2d465c683707b160f8ab89ecbc7aedf

Download Submit
C:\Windows\System\GSovFVe.exe

Filesize
1.9MB

MD5
1e878a786d0ee677eaa849331fe37ad8

SHA1
2672f62a9c485cf261919b4ee02b977876503904

SHA256
ff895a604879533e37ad40179791173977aaea1375af6ab50dcd68b5c2e6e549

SHA512
6f5b2b880edc0ab3786303a98969a46b0117c2f86be7e22cf2eaa61fabb7f142b844966847b1a642661b52a23a25429e1010f7567cb1a0c6583b5ec5b1c9fc85

Download Submit
C:\Windows\System\HuFQQzt.exe

Filesize
1.9MB

MD5
2387e649d670048befafb070ba50c1d2

SHA1
045d95c736cfbe911e55cfcb0201a209fc43188d

SHA256
9158c8cebf09e640a4053d584731b8cdba69d407f35c54cac057f765a43ce5a1

SHA512
444e7b17a651fad822625ec6dae50570350565f8f640cc220e20d01e4b4441d5f899cb725f0443ceee861187f9d88b30f312c79abf21f0a0d736731c346a3ca4

Download Submit
C:\Windows\System\KcepDQG.exe

Filesize
1.9MB

MD5
2920b391036508d27cbda31b2a355a3e

SHA1
4042f4f32003a30985148c17ad1ba48c7d6ff3f3

SHA256
acf8d945b7c208a97c2ea463f68a9b22e12c25856d501a95ba6c0f0444313e1f

SHA512
521e32603442a2642415cec254bed7796c56ab40374c8ac3a170f782571ad812d9df7e146eae9f9f815d58ca9a39476d8ba249be82d53ff30fedbae960d5a669

Download Submit
C:\Windows\System\LGZtGpr.exe

Filesize
1.9MB

MD5
e859ae7253f08a2de69b89d131e86505

SHA1
fad1ddf820d86e69277573cd5be41379821ec676

SHA256
3c505df937229579793f4d9e51a455986611f7e72b0d7980c8f9b06071bf5cb5

SHA512
aba8ffcff53e742a0dfb62290362064cf6661de32551d945680cbcd45f30c423551990adc051b3ccfee8f9e34590c2d4015cd22889ecb534e4040c8a92e56b5b

Download Submit
C:\Windows\System\LTjTxlv.exe

Filesize
1.9MB

MD5
741461202b8ee26a3e293552ed49a62c

SHA1
d91d92e646503188b56082f3c4881d0e0deb3b45

SHA256
7246efdb9dc37fd92f310f68fe85a4a11de64c6ccc3c1f0efa8ed49758af8293

SHA512
2981acab1b35c922dc0059fb228c8e8ba6c6aafc0b09322d1754a7dfceefac1c46d94a83857cb42096a74babfd930df09a682410a630e20f998bad52aea19b6e

Download Submit
C:\Windows\System\MBYRNbo.exe

Filesize
1.9MB

MD5
d91e31292733474b6f5090d550cbd2b0

SHA1
0447823805df3523539d0fd49b030ddaf0433da6

SHA256
096d6b6ee254a37e8d663de45bd92f9a168b4cc7ecf56e5711be5c5b03fc122c

SHA512
9d0bdee68db0350d9505e6bfd7dddf60137558d05176dbd7017a8ecc986d1428744cd0a4e6924f397d418237c7b2702e7575607be733a9ba8fbdc2d900c4bcbc

Download Submit
C:\Windows\System\QQvYvjn.exe

Filesize
1.9MB

MD5
fd5ee975657e4bc4af7710bc57b4b4aa

SHA1
0ec8ed7e1a0fa95724787d4bb6d909853cfeaac5

SHA256
4800e46fe4a347c92cc30931f2740465603d8432e75fb321da7aaa0bfc03127d

SHA512
727c9e2059179351e0b94fa705ab61fe0db7f775475d4c02ee945b90e8ae63d65749f023ec3c50addd41e78eb74a1c97b08317d53845aa467a40bbf8eef818f1

Download Submit
C:\Windows\System\TGNVmJZ.exe

Filesize
8B

MD5
a8f2921c80c15a3d426e5fdff8a56196

SHA1
4dc21bf95e22427a9dafcd4930e81b62e77d5fda

SHA256
7e9bbeeba45dae16f8c444596ee4180d7313e899e46fa6263fde6904f32d92a1

SHA512
996666f646b1878ee129a778184f9520541ee458797b8bfaefed6e1f152a5436e0ff19d28744463b706ffe3e24e429f5af102aa1e7733dbeeb6210754c828802

Download Submit
C:\Windows\System\TyHsynf.exe

Filesize
1.9MB

MD5
f0117e5c06f7e76416808b56a701c16e

SHA1
35972e5c6ea5c8a1b644f637932b828fb0b5d921

SHA256
11bf9f07e6516f4bf2e975278c91eb52603c12743e26b8372b2344ebb27d1459

SHA512
00d3090186086e617cee5ae185ec9d133e9dc1a2185f498aafb4b8cc1d7291e8933f3a69b544380012c87e54909c19688a5aef2fb1356632258fbfa29d851c07

Download Submit
C:\Windows\System\UhQcHNA.exe

Filesize
1.9MB

MD5
66ba54b97dc49abb2b2df54075547ab7

SHA1
a74edf9c9dec29fa96f820dc0d62fe628381e2b6

SHA256
f436aed3be8e1da677717c3637131655037544d53404d5db053bf1c1ed8d77ab

SHA512
827247e469e17772b35f1604aa13021d71b18e2974538a2d9da9bcefe640e4cfb2bb05e07384ac604941db198bb7d94cc8a20931fb61a378f16a4def66c3b08e

Download Submit
C:\Windows\System\XErwkIp.exe

Filesize
1.9MB

MD5
c31c7ae760989df8ab0801e05e683788

SHA1
a4121d76281c6b90fb953623002043cd4fa3996c

SHA256
a2ca5338e18ef5be1eecf31dff4baedc049dc64d29785f9a365e18de3f906e14

SHA512
3f97345456ed4a5ffc40e40bb6893bdd71fd081c500d96c60df4d237deb0242544741675381c0789324a86a5096ff72300dd3af7437cd2bfec1766afb4534d0c

Download Submit
C:\Windows\System\YIiokfh.exe

Filesize
1.9MB

MD5
b2925e6e4166c31c3ee22feb9ac3de90

SHA1
d6501db26e34f97ea92678024f46f52d467ed461

SHA256
e442853f3412d7ffbc3af27ccbaf6f48104749bd537742f5b283ac8f3d55b731

SHA512
c2eafe5c73f4cbe67fde7d07c955ebfa3282621e6846762f52fd7c45bc15f16b8b455cfe8783f77db2039f5933d0c3527b528a6ec4631827769f5173dd48563a

Download Submit
C:\Windows\System\YQIFAGz.exe

Filesize
1.9MB

MD5
d1997b58c2f08dea26462879c0bf6485

SHA1
d8309230f2e4b7930eea935304af7d9e9257e2fa

SHA256
c32bb8519df8509de6f199623e690b17de0d311d9449679804da5ca60ab581ed

SHA512
2ca2c8f4450b6901b13e5760baed5ce500fb05079ca8104173bbbb934198bfabbdf2b01ba83dea3728bcf13368f3bb4a7d4d10344b082b450f84687204e0a9dc

Download Submit
C:\Windows\System\ZmOQNHs.exe

Filesize
1.9MB

MD5
06badd2aeb4ba89d004f3bbb9bd0f967

SHA1
9860df299bf20a24e3913f475ef971e4c9eb212a

SHA256
7b46d77eee09ff6e75a82579092d65ce38f9126a45cfab51aff1529837e29b27

SHA512
93d9990173aa850bc815e47fb2fb9605d0611fac84ff891822159fe8020d0fae6d2915a78a0f6a869c48be43cfe9b86a1ca4804492412e111ec4a98129e2442e

Download Submit
C:\Windows\System\aKKBJaC.exe

Filesize
1.9MB

MD5
8a0b7972abd6fc6bd236d335ff2ad9e2

SHA1
cdd22a5e53633e3ec8fbd08f9e4cbf6e6d58cd99

SHA256
62d6de61be6b134ec2290ef3249ea13242a8b99b7dd748a5b66a51dc89329fa2

SHA512
9cfd745f0675a526e5a1c5010a10fe14e0d33009ce0a82dc31907fcc468656a9ce66d4991a88277d23f513fa5e7b224e3a95f619b42cc8f0f0bad561cea717b5

Download Submit
C:\Windows\System\bVYioVv.exe

Filesize
1.9MB

MD5
fd502856ab7513704063b46fa39f5d38

SHA1
762d0f6332bc27c1466fe0e15ed9137bbd4386e7

SHA256
2478fc48a25ceb2c48e4a7b302464af6bd28f87578eb97cea1cc403a8594c4ca

SHA512
2610314332c9ac709652d045dc879ebb26aa3570c9592bc6acb6294db6b7f05d0d1a398b0dee500e0bc3da4039937f32cd92f17bf8f75bc9797d788d8395861f

Download Submit
C:\Windows\System\cKJAHrQ.exe

Filesize
1.9MB

MD5
ada0bdf76f826d4df45847f05a5f93d3

SHA1
ecf17bcd4aea5c5807af8872b9c94d27f53c9ed0

SHA256
3de01e38473afd3e3ea0527142d9ffe2781c615947bd457a2764625bb6c0cbcd

SHA512
46ca6e8d101d2752faac1502349d71ce2c9444b8a4378c4eb11b82266e0c5fd406132d4fc1409932b365551e2d52f89d06da0eb4e7f32e26428199ba84b56b7a

Download Submit
C:\Windows\System\igRDGCz.exe

Filesize
1.9MB

MD5
132dae52e7e350e0b9762c32aa2aff26

SHA1
9e20ea9a8fb9954b90eb6b0aaadb158253a26b62

SHA256
2a7a9e392d3d5212c52c938cf549a05f365005796d039cb0ae1ad636b5f6f4c7

SHA512
20f6e181e2a328eece0c02c9850d8d1f2ffd8de0c5e3723d33ae9f3a879c83b267e77b11ce208c63564651ecf1899e4474cbb8d7f53127a222d114c93a604acb

Download Submit
C:\Windows\System\jDMJBUp.exe

Filesize
1.9MB

MD5
d4b99c3e7fb26e4de1f3250c97b82a23

SHA1
b9031672109ad4abaaf1d0d9eb18e650584dcc7d

SHA256
2345e57dbb953ff13408f0dcbc6fbe0539ca3c4b2cc18bbdb60ef436f3912cbe

SHA512
3a47a4b28e0abb0bf74ae0a31a17fd32aa88f200158f55ceb63aaca24842c3c3d2b8266925ace8f28057b9765f8234423446c2d6e8d62326354ae6827e4852d9

Download Submit
C:\Windows\System\pOhVYLv.exe

Filesize
1.9MB

MD5
213a1ca64d55ac8b43592a53c18e935a

SHA1
5215c817a380be56e6f07c1c0f67b4917dd3f74b

SHA256
1d8330edb497269581d7de4baad3ee2dfb02472f70c4dbcf025c027634c22442

SHA512
46a3169cdffa4c5be7dbec976c0db8e5ee31fccb075cbef1a6d42ee89b36d3289680eb9ff1ad3bcb034b0656395e13efcf8ed7bf947614b4e33a77862889b0c4

Download Submit
C:\Windows\System\ptJOigF.exe

Filesize
1.9MB

MD5
6d678d0a617defa9d686ef518ca87182

SHA1
2ae8339f1d1447d7faee0af753bd4f1c40f476e5

SHA256
9f59622d569fb5bab67dff10f6626005d2b0b743c3a3e381abad5c0f1bbc250f

SHA512
a7c826d614092fc6c3e96e8d04298e913bde7f005baeab9bc694cfc927cb31be89dee0296318f2b52328f3b1dc810d52c6658ee59a5e10318f7298a0bff2efe5

Download Submit
C:\Windows\System\rRdhqgT.exe

Filesize
1.9MB

MD5
0106d16dbc8e83e1b7995b496a6cb2aa

SHA1
e7004313d22ac8e740e90b9a27ff652bb08df2a8

SHA256
3d476baca3694cc18e121d62be0bc93172663ad1bb8076c44a0f2e96d87ad4ee

SHA512
a9d699b061479a0b5ece2d6211c4f945e8e9b2a3805c1203b9644b597fdb357959e14f6069b8aa1a3a6b34ca8022d70f45cb7d3a591d6645bd48128e0b150113

Download Submit
C:\Windows\System\sxnkEgk.exe

Filesize
1.9MB

MD5
a9c8f0a08f58bde7e4e8707609e2a530

SHA1
d07f1fc6d71874e19bb7297e54f0ef6eab47f5a9

SHA256
e9ac13b49cd1c996c4a897fc4ed8fb6818854b1885866c18b8392dcf16794bfc

SHA512
9f2c46393a122f0b66dd667cf5a08525583b041589f96709938518f1c41148a26d4db62baae07d1de968a5968e8397075c02e5a12f35eae2c5bd371b72eedb3d

Download Submit
C:\Windows\System\tdCjMAd.exe

Filesize
1.9MB

MD5
594e678566e542d4fd32e1b4f3e7ca93

SHA1
6d98d38e3f57f72a5c1ddfd053031b95ddc8696b

SHA256
110b4e614c70616d6f84c1e94b05b0eb2a252de27dc3ff35095865dac1b7c28d

SHA512
6c36a93531c20cdfcb4c916d429ceb227640f926662fc36726fca0a90a684e34420f9610944d1711ce092910372b50677bf9763296454208630e6071fc2b6547

Download Submit
C:\Windows\System\thahwxw.exe

Filesize
1.9MB

MD5
ebf9588c54a5d282fb421bbaa886e75e

SHA1
62b79a491757d0677e04415af655d5858f4aa05b

SHA256
be4e683b58de5c3e0d65f13b71f440a815ad2b3a1fcf0fb29283d2cf796a87e3

SHA512
08ba43ac3f771d9e6908b75aa35ec1a6a16568a833db2ba8867b04a78ded66dca270c05294bb041c58239c2a03c4cbf62f75271f927133964603ac104a535057

Download Submit
C:\Windows\System\yeOYQuv.exe

Filesize
1.9MB

MD5
20e3ddc40ada9f2e9231f3e87337a7ed

SHA1
2cb62fc07c78f98d248e4ab8bd7906c4c58a6767

SHA256
a59f3b2b9c382fdc3dfbd5dfee746666892999cfc57a8942fbf32ea7a48debf2

SHA512
db86bf0ee8dea42398b043ee69427dad45d908d6875e9b0026d25ddeff6da77e59e20027c579d45358e44d1140285c1b6025d7047000535ccff98d0a1c37a713

Download Submit
C:\Windows\System\zMvVtno.exe

Filesize
1.9MB

MD5
b5eea086f4be3146f51499e25fdf0e9e

SHA1
fa07bd351ad44c5a9a94b55e9963c785433d06ac

SHA256
17a1acee492eb4bc373b2622c7ae8b34b251d28cc2ff8fda8e331a7c022501a7

SHA512
2427657bcf5ab070477705777e87babefe7945c69b4aad31feac2dc05a6118ff60173770a3af108631916cc22f242e4cb56fee811cf48031abc2b70f09601d74

Download Submit
memory/456-2657-0x00007FF76A610000-0x00007FF76AA02000-memory.dmp

Filesize
3.9MB

Download
memory/456-500-0x00007FF76A610000-0x00007FF76AA02000-memory.dmp

Filesize
3.9MB

Download
memory/552-2664-0x00007FF771920000-0x00007FF771D12000-memory.dmp

Filesize
3.9MB

Download
memory/552-540-0x00007FF771920000-0x00007FF771D12000-memory.dmp

Filesize
3.9MB

Download
memory/636-539-0x00007FF7563B0000-0x00007FF7567A2000-memory.dmp

Filesize
3.9MB

Download
memory/636-2647-0x00007FF7563B0000-0x00007FF7567A2000-memory.dmp

Filesize
3.9MB

Download
memory/680-535-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp

Filesize
3.9MB

Download
memory/680-2650-0x00007FF7071F0000-0x00007FF7075E2000-memory.dmp

Filesize
3.9MB

Download
memory/1112-2659-0x00007FF6429F0000-0x00007FF642DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1112-485-0x00007FF6429F0000-0x00007FF642DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1116-38-0x00007FF663560000-0x00007FF663952000-memory.dmp

Filesize
3.9MB

Download
memory/1116-2629-0x00007FF663560000-0x00007FF663952000-memory.dmp

Filesize
3.9MB

Download
memory/2636-2623-0x00007FF67B460000-0x00007FF67B852000-memory.dmp

Filesize
3.9MB

Download
memory/2636-458-0x00007FF67B460000-0x00007FF67B852000-memory.dmp

Filesize
3.9MB

Download
memory/2952-2637-0x00007FF75BE50000-0x00007FF75C242000-memory.dmp

Filesize
3.9MB

Download
memory/2952-529-0x00007FF75BE50000-0x00007FF75C242000-memory.dmp

Filesize
3.9MB

Download
memory/3020-2628-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp

Filesize
3.9MB

Download
memory/3020-456-0x00007FF6DF130000-0x00007FF6DF522000-memory.dmp

Filesize
3.9MB

Download
memory/3140-0-0x00007FF65DB40000-0x00007FF65DF32000-memory.dmp

Filesize
3.9MB

Download
memory/3140-1-0x000002549F1A0000-0x000002549F1B0000-memory.dmp

Filesize
64KB

Download
memory/3148-534-0x00007FF731640000-0x00007FF731A32000-memory.dmp

Filesize
3.9MB

Download
memory/3148-2651-0x00007FF731640000-0x00007FF731A32000-memory.dmp

Filesize
3.9MB

Download
memory/3156-2633-0x00007FF638F00000-0x00007FF6392F2000-memory.dmp

Filesize
3.9MB

Download
memory/3156-550-0x00007FF638F00000-0x00007FF6392F2000-memory.dmp

Filesize
3.9MB

Download
memory/3212-538-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp

Filesize
3.9MB

Download
memory/3212-2646-0x00007FF7AF2F0000-0x00007FF7AF6E2000-memory.dmp

Filesize
3.9MB

Download
memory/3248-10-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp

Filesize
3.9MB

Download
memory/3248-2591-0x00007FF7F30D0000-0x00007FF7F34C2000-memory.dmp

Filesize
3.9MB

Download
memory/3288-547-0x00007FF648380000-0x00007FF648772000-memory.dmp

Filesize
3.9MB

Download
memory/3288-2626-0x00007FF648380000-0x00007FF648772000-memory.dmp

Filesize
3.9MB

Download
memory/3332-2653-0x00007FF710B40000-0x00007FF710F32000-memory.dmp

Filesize
3.9MB

Download
memory/3332-514-0x00007FF710B40000-0x00007FF710F32000-memory.dmp

Filesize
3.9MB

Download
memory/3692-13-0x0000026ED1840000-0x0000026ED1850000-memory.dmp

Filesize
64KB

Download
memory/3692-36-0x00007FFC3A130000-0x00007FFC3ABF1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-370-0x0000026ED28D0000-0x0000026ED3076000-memory.dmp

Filesize
7.6MB

Download
memory/3692-65-0x0000026ED17B0000-0x0000026ED17D2000-memory.dmp

Filesize
136KB

Download
memory/3692-12-0x0000026ED1840000-0x0000026ED1850000-memory.dmp

Filesize
64KB

Download
memory/3692-2589-0x00007FFC3A130000-0x00007FFC3ABF1000-memory.dmp

Filesize
10.8MB

Download
memory/4128-519-0x00007FF6B6240000-0x00007FF6B6632000-memory.dmp

Filesize
3.9MB

Download
memory/4128-2640-0x00007FF6B6240000-0x00007FF6B6632000-memory.dmp

Filesize
3.9MB

Download
memory/4236-465-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp

Filesize
3.9MB

Download
memory/4236-2631-0x00007FF7E0B90000-0x00007FF7E0F82000-memory.dmp

Filesize
3.9MB

Download
memory/4300-477-0x00007FF732C50000-0x00007FF733042000-memory.dmp

Filesize
3.9MB

Download
memory/4300-2661-0x00007FF732C50000-0x00007FF733042000-memory.dmp

Filesize
3.9MB

Download
memory/4700-504-0x00007FF63DC50000-0x00007FF63E042000-memory.dmp

Filesize
3.9MB

Download
memory/4700-2641-0x00007FF63DC50000-0x00007FF63E042000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2656-0x00007FF7837E0000-0x00007FF783BD2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-508-0x00007FF7837E0000-0x00007FF783BD2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-521-0x00007FF6539A0000-0x00007FF653D92000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2636-0x00007FF6539A0000-0x00007FF653D92000-memory.dmp

Filesize
3.9MB

Download