xmrig | 3383f0d8b3495834e41ffc143c562531194bdfca58e9607598708e23d339f306

Analysis

max time kernel
21s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
Size

1.8MB
MD5

0871c9767b76ecebeacad861a7ac579a
SHA1

b1260ff3ebfd284016a045a41330b78961b8d36b
SHA256

3383f0d8b3495834e41ffc143c562531194bdfca58e9607598708e23d339f306
SHA512

3f5a9f02af6413020d62e3a613fd14fc374c407eaa0d01f871f2038e67ca1d880e4f9e73f2fd81d8fc06fc605504d2839fa4d547b2793c5037b8c8ba7d7fa524
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrlpZ:NAB8

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 17 IoCs

miner

resource	yara_rule
behavioral2/memory/1712-46-0x00007FF77E9A0000-0x00007FF77ED92000-memory.dmp	xmrig
behavioral2/memory/3236-37-0x00007FF789B00000-0x00007FF789EF2000-memory.dmp	xmrig
behavioral2/memory/712-32-0x00007FF639220000-0x00007FF639612000-memory.dmp	xmrig
behavioral2/memory/3888-97-0x00007FF7F2010000-0x00007FF7F2402000-memory.dmp	xmrig
behavioral2/memory/4264-334-0x00007FF7BC170000-0x00007FF7BC562000-memory.dmp	xmrig
behavioral2/memory/3252-337-0x00007FF672520000-0x00007FF672912000-memory.dmp	xmrig
behavioral2/memory/3608-343-0x00007FF6E5BD0000-0x00007FF6E5FC2000-memory.dmp	xmrig
behavioral2/memory/2368-347-0x00007FF741680000-0x00007FF741A72000-memory.dmp	xmrig
behavioral2/memory/4344-351-0x00007FF724240000-0x00007FF724632000-memory.dmp	xmrig
behavioral2/memory/4816-352-0x00007FF701480000-0x00007FF701872000-memory.dmp	xmrig
behavioral2/memory/1572-350-0x00007FF707A40000-0x00007FF707E32000-memory.dmp	xmrig
behavioral2/memory/4428-339-0x00007FF7C4ED0000-0x00007FF7C52C2000-memory.dmp	xmrig
behavioral2/memory/868-336-0x00007FF697FF0000-0x00007FF6983E2000-memory.dmp	xmrig
behavioral2/memory/3544-106-0x00007FF7D92F0000-0x00007FF7D96E2000-memory.dmp	xmrig
behavioral2/memory/880-103-0x00007FF6BFEC0000-0x00007FF6C02B2000-memory.dmp	xmrig
behavioral2/memory/3244-90-0x00007FF65F0D0000-0x00007FF65F4C2000-memory.dmp	xmrig
behavioral2/memory/4468-80-0x00007FF6ABE80000-0x00007FF6AC272000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3188	powershell.exe
7	3188	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1712	CrsHDaz.exe
712	wWBuqjn.exe
3236	eZvwoyE.exe
4468	ClWGRwh.exe
2776	xhuavwN.exe
4716	OtzpnUs.exe
2580	EOFwjOY.exe
3244	eGKcUJG.exe
3588	ucwDzia.exe
3888	fQpnWHW.exe
880	zJkvSeA.exe
2368	VWNuLeO.exe
3544	eTMJzyL.exe
4264	hqOiUyn.exe
1572	WvhhbFT.exe
4344	LEVNtKe.exe
4816	dBMsxYj.exe
868	hwjJKSL.exe
3252	gkXdwkB.exe
4428	pkIzMHc.exe
3608	hNgnlWH.exe
3656	HHMWxww.exe
5116	dgqDNMd.exe
3628	IavvMou.exe
4028	QKEtxOV.exe
852	xxMrRop.exe
2936	nfvNMpK.exe
4600	hyMLLzl.exe
1804	QDeYTyF.exe
3148	jKVBiXR.exe
696	DzZZxfq.exe
4288	nqNbPwg.exe
4952	JWsJwLM.exe
4552	wfMchZW.exe
3368	qyRpnnd.exe
2440	ANpHzam.exe
1512	qrZZVqe.exe
3124	PzkmruT.exe
4452	vCxyEjk.exe
1828	XFOLAWf.exe
3604	VwVqusa.exe
4020	nAyMURA.exe
2888	qVsubNI.exe
4336	SETobWb.exe
400	cMReydY.exe
1164	cVuFNTJ.exe
1340	MHFKPtw.exe
4632	dTtpwhg.exe
3376	ZjUlLnR.exe
1984	vIHkHGY.exe
3040	zAWEiVD.exe
3900	GRhnkIk.exe
2100	TvwCeKe.exe
4048	elRWjrV.exe
2808	munSjZy.exe
5072	yjcUcaP.exe
3996	nTEfjyC.exe
2328	ozCbKul.exe
1932	DUBIGdR.exe
2712	QuufESZ.exe
4744	wbYrSIG.exe
2764	LizJWYW.exe
4928	qThoSMR.exe
2816	lVOfWQg.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4828-0-0x00007FF77E580000-0x00007FF77E972000-memory.dmp	upx
behavioral2/files/0x000700000002341a-7.dat	upx
behavioral2/files/0x000900000002291d-5.dat	upx
behavioral2/files/0x0008000000023419-13.dat	upx
behavioral2/files/0x000700000002341b-40.dat	upx
behavioral2/memory/2776-49-0x00007FF781210000-0x00007FF781602000-memory.dmp	upx
behavioral2/memory/1712-46-0x00007FF77E9A0000-0x00007FF77ED92000-memory.dmp	upx
behavioral2/files/0x000800000002341e-45.dat	upx
behavioral2/files/0x000700000002341f-44.dat	upx
behavioral2/files/0x000700000002341c-41.dat	upx
behavioral2/files/0x0007000000023420-51.dat	upx
behavioral2/memory/3236-37-0x00007FF789B00000-0x00007FF789EF2000-memory.dmp	upx
behavioral2/memory/712-32-0x00007FF639220000-0x00007FF639612000-memory.dmp	upx
behavioral2/memory/4716-57-0x00007FF7C6C30000-0x00007FF7C7022000-memory.dmp	upx
behavioral2/files/0x0007000000023421-56.dat	upx
behavioral2/files/0x0007000000023424-81.dat	upx
behavioral2/files/0x000800000002341d-92.dat	upx
behavioral2/memory/3888-97-0x00007FF7F2010000-0x00007FF7F2402000-memory.dmp	upx
behavioral2/files/0x0007000000023426-105.dat	upx
behavioral2/files/0x0007000000023429-116.dat	upx
behavioral2/files/0x000700000002342e-143.dat	upx
behavioral2/files/0x0007000000023430-153.dat	upx
behavioral2/files/0x0007000000023434-181.dat	upx
behavioral2/memory/4264-334-0x00007FF7BC170000-0x00007FF7BC562000-memory.dmp	upx
behavioral2/memory/3252-337-0x00007FF672520000-0x00007FF672912000-memory.dmp	upx
behavioral2/memory/3608-343-0x00007FF6E5BD0000-0x00007FF6E5FC2000-memory.dmp	upx
behavioral2/memory/2368-347-0x00007FF741680000-0x00007FF741A72000-memory.dmp	upx
behavioral2/memory/4344-351-0x00007FF724240000-0x00007FF724632000-memory.dmp	upx
behavioral2/memory/4816-352-0x00007FF701480000-0x00007FF701872000-memory.dmp	upx
behavioral2/memory/1572-350-0x00007FF707A40000-0x00007FF707E32000-memory.dmp	upx
behavioral2/memory/4428-339-0x00007FF7C4ED0000-0x00007FF7C52C2000-memory.dmp	upx
behavioral2/memory/868-336-0x00007FF697FF0000-0x00007FF6983E2000-memory.dmp	upx
behavioral2/files/0x0007000000023437-188.dat	upx
behavioral2/files/0x0007000000023435-186.dat	upx
behavioral2/files/0x0007000000023436-183.dat	upx
behavioral2/files/0x0007000000023433-176.dat	upx
behavioral2/files/0x0007000000023432-171.dat	upx
behavioral2/files/0x0007000000023431-166.dat	upx
behavioral2/files/0x000700000002342f-156.dat	upx
behavioral2/files/0x000700000002342d-146.dat	upx
behavioral2/files/0x000700000002342c-141.dat	upx
behavioral2/files/0x000700000002342b-133.dat	upx
behavioral2/files/0x000700000002342a-129.dat	upx
behavioral2/files/0x0009000000023415-124.dat	upx
behavioral2/files/0x0007000000023428-114.dat	upx
behavioral2/files/0x0007000000023427-111.dat	upx
behavioral2/memory/3544-106-0x00007FF7D92F0000-0x00007FF7D96E2000-memory.dmp	upx
behavioral2/memory/880-103-0x00007FF6BFEC0000-0x00007FF6C02B2000-memory.dmp	upx
behavioral2/files/0x0007000000023425-96.dat	upx
behavioral2/files/0x0007000000023423-99.dat	upx
behavioral2/memory/3244-90-0x00007FF65F0D0000-0x00007FF65F4C2000-memory.dmp	upx
behavioral2/memory/4468-80-0x00007FF6ABE80000-0x00007FF6AC272000-memory.dmp	upx
behavioral2/memory/3588-78-0x00007FF74E0C0000-0x00007FF74E4B2000-memory.dmp	upx
behavioral2/files/0x0007000000023422-74.dat	upx
behavioral2/memory/2580-65-0x00007FF67DF30000-0x00007FF67E322000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MLYueoX.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\eGTJaIU.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\XZVGXqW.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\JlxmHRR.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\SvmUoeT.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\clzsTSL.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\cGDzYrq.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\PpzyLUt.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\irmFDCH.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\FoLlVBV.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\hXtNEUB.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\QGRLPPG.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\Sitxmlw.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\oYIcKzX.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\UXUuHbq.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\APBlGsh.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\LWfdOXQ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\lPlBscD.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\NfvbEMH.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\rAXNOsx.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\WMJJbaq.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\KzRBFIh.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\vVGVbbM.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\HFtptkz.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\nIQsaWb.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\dtzmzyN.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\JnOYDsg.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\WKKpEQu.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\NXUHilW.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\rYyIltB.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\CfZKlmQ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\dTtpwhg.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\gpeciZx.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\jHYMNLp.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\fwEUkQd.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\htQTANl.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\KlbHYgM.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\rtLkohQ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\sdxjStI.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\yObxKcs.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\afifrlg.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\hhMUrRN.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\FJDlZrz.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\LEMCoWj.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\YHVYxob.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\hiLLRLY.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\IbcLPsD.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\fkAnike.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\vFdZVKL.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\RNdltMd.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\tWynZoa.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\qxXgkaV.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\ZRWRLLA.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\FNRRGnZ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\ITFyIbJ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\DcWnFMp.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\cykPTLn.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\ngyVUFJ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\CrqFuSn.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\FJPCVDO.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\snzPDOO.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\MkdNWWp.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\TesNpnZ.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
File created	C:\Windows\System\FZUULEk.exe	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3188	powershell.exe
3188	powershell.exe
3188	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3188	powershell.exe
Token: SeLockMemoryPrivilege	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 3188	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	82
PID 4828 wrote to memory of 3188	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	82
PID 4828 wrote to memory of 1712	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	84
PID 4828 wrote to memory of 1712	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	84
PID 4828 wrote to memory of 3236	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	85
PID 4828 wrote to memory of 3236	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	85
PID 4828 wrote to memory of 712	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	86
PID 4828 wrote to memory of 712	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	86
PID 4828 wrote to memory of 4468	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	87
PID 4828 wrote to memory of 4468	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	87
PID 4828 wrote to memory of 2776	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	88
PID 4828 wrote to memory of 2776	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	88
PID 4828 wrote to memory of 4716	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	89
PID 4828 wrote to memory of 4716	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	89
PID 4828 wrote to memory of 2580	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	90
PID 4828 wrote to memory of 2580	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	90
PID 4828 wrote to memory of 3244	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	91
PID 4828 wrote to memory of 3244	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	91
PID 4828 wrote to memory of 3588	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	92
PID 4828 wrote to memory of 3588	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	92
PID 4828 wrote to memory of 3888	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	93
PID 4828 wrote to memory of 3888	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	93
PID 4828 wrote to memory of 4264	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	94
PID 4828 wrote to memory of 4264	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	94
PID 4828 wrote to memory of 880	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	95
PID 4828 wrote to memory of 880	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	95
PID 4828 wrote to memory of 2368	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	96
PID 4828 wrote to memory of 2368	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	96
PID 4828 wrote to memory of 3544	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	97
PID 4828 wrote to memory of 3544	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	97
PID 4828 wrote to memory of 1572	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	98
PID 4828 wrote to memory of 1572	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	98
PID 4828 wrote to memory of 4344	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	99
PID 4828 wrote to memory of 4344	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	99
PID 4828 wrote to memory of 4816	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	100
PID 4828 wrote to memory of 4816	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	100
PID 4828 wrote to memory of 868	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	101
PID 4828 wrote to memory of 868	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	101
PID 4828 wrote to memory of 3252	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	102
PID 4828 wrote to memory of 3252	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	102
PID 4828 wrote to memory of 4428	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	103
PID 4828 wrote to memory of 4428	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	103
PID 4828 wrote to memory of 3608	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	104
PID 4828 wrote to memory of 3608	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	104
PID 4828 wrote to memory of 3656	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	105
PID 4828 wrote to memory of 3656	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	105
PID 4828 wrote to memory of 5116	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	106
PID 4828 wrote to memory of 5116	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	106
PID 4828 wrote to memory of 3628	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	107
PID 4828 wrote to memory of 3628	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	107
PID 4828 wrote to memory of 4028	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	108
PID 4828 wrote to memory of 4028	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	108
PID 4828 wrote to memory of 852	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	109
PID 4828 wrote to memory of 852	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	109
PID 4828 wrote to memory of 2936	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	110
PID 4828 wrote to memory of 2936	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	110
PID 4828 wrote to memory of 4600	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	111
PID 4828 wrote to memory of 4600	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	111
PID 4828 wrote to memory of 1804	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	112
PID 4828 wrote to memory of 1804	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	112
PID 4828 wrote to memory of 3148	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	113
PID 4828 wrote to memory of 3148	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	113
PID 4828 wrote to memory of 696	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	114
PID 4828 wrote to memory of 696	4828	0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0871c9767b76ecebeacad861a7ac579a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3188
- C:\Windows\System\CrsHDaz.exe
  C:\Windows\System\CrsHDaz.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\eZvwoyE.exe
  C:\Windows\System\eZvwoyE.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\wWBuqjn.exe
  C:\Windows\System\wWBuqjn.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\ClWGRwh.exe
  C:\Windows\System\ClWGRwh.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\xhuavwN.exe
  C:\Windows\System\xhuavwN.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\OtzpnUs.exe
  C:\Windows\System\OtzpnUs.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\EOFwjOY.exe
  C:\Windows\System\EOFwjOY.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\eGKcUJG.exe
  C:\Windows\System\eGKcUJG.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\ucwDzia.exe
  C:\Windows\System\ucwDzia.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\fQpnWHW.exe
  C:\Windows\System\fQpnWHW.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\hqOiUyn.exe
  C:\Windows\System\hqOiUyn.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\zJkvSeA.exe
  C:\Windows\System\zJkvSeA.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\VWNuLeO.exe
  C:\Windows\System\VWNuLeO.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\eTMJzyL.exe
  C:\Windows\System\eTMJzyL.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\WvhhbFT.exe
  C:\Windows\System\WvhhbFT.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\LEVNtKe.exe
  C:\Windows\System\LEVNtKe.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\dBMsxYj.exe
  C:\Windows\System\dBMsxYj.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\hwjJKSL.exe
  C:\Windows\System\hwjJKSL.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\gkXdwkB.exe
  C:\Windows\System\gkXdwkB.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\pkIzMHc.exe
  C:\Windows\System\pkIzMHc.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\hNgnlWH.exe
  C:\Windows\System\hNgnlWH.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\HHMWxww.exe
  C:\Windows\System\HHMWxww.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\dgqDNMd.exe
  C:\Windows\System\dgqDNMd.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\IavvMou.exe
  C:\Windows\System\IavvMou.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\QKEtxOV.exe
  C:\Windows\System\QKEtxOV.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\xxMrRop.exe
  C:\Windows\System\xxMrRop.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\nfvNMpK.exe
  C:\Windows\System\nfvNMpK.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hyMLLzl.exe
  C:\Windows\System\hyMLLzl.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\QDeYTyF.exe
  C:\Windows\System\QDeYTyF.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\jKVBiXR.exe
  C:\Windows\System\jKVBiXR.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\DzZZxfq.exe
  C:\Windows\System\DzZZxfq.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\nqNbPwg.exe
  C:\Windows\System\nqNbPwg.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\JWsJwLM.exe
  C:\Windows\System\JWsJwLM.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\wfMchZW.exe
  C:\Windows\System\wfMchZW.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\qyRpnnd.exe
  C:\Windows\System\qyRpnnd.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\ANpHzam.exe
  C:\Windows\System\ANpHzam.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\qrZZVqe.exe
  C:\Windows\System\qrZZVqe.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\PzkmruT.exe
  C:\Windows\System\PzkmruT.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\vCxyEjk.exe
  C:\Windows\System\vCxyEjk.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\XFOLAWf.exe
  C:\Windows\System\XFOLAWf.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\VwVqusa.exe
  C:\Windows\System\VwVqusa.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\nAyMURA.exe
  C:\Windows\System\nAyMURA.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\qVsubNI.exe
  C:\Windows\System\qVsubNI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SETobWb.exe
  C:\Windows\System\SETobWb.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\cMReydY.exe
  C:\Windows\System\cMReydY.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\cVuFNTJ.exe
  C:\Windows\System\cVuFNTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\MHFKPtw.exe
  C:\Windows\System\MHFKPtw.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\dTtpwhg.exe
  C:\Windows\System\dTtpwhg.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\ZjUlLnR.exe
  C:\Windows\System\ZjUlLnR.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\vIHkHGY.exe
  C:\Windows\System\vIHkHGY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\zAWEiVD.exe
  C:\Windows\System\zAWEiVD.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\GRhnkIk.exe
  C:\Windows\System\GRhnkIk.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\TvwCeKe.exe
  C:\Windows\System\TvwCeKe.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\elRWjrV.exe
  C:\Windows\System\elRWjrV.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\munSjZy.exe
  C:\Windows\System\munSjZy.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\yjcUcaP.exe
  C:\Windows\System\yjcUcaP.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\nTEfjyC.exe
  C:\Windows\System\nTEfjyC.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\ozCbKul.exe
  C:\Windows\System\ozCbKul.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\DUBIGdR.exe
  C:\Windows\System\DUBIGdR.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\QuufESZ.exe
  C:\Windows\System\QuufESZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\wbYrSIG.exe
  C:\Windows\System\wbYrSIG.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\LizJWYW.exe
  C:\Windows\System\LizJWYW.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qThoSMR.exe
  C:\Windows\System\qThoSMR.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\lVOfWQg.exe
  C:\Windows\System\lVOfWQg.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\vwamvUd.exe
  C:\Windows\System\vwamvUd.exe
  2⤵
  PID:2460
- C:\Windows\System\fmXbXCf.exe
  C:\Windows\System\fmXbXCf.exe
  2⤵
  PID:3348
- C:\Windows\System\yjifcEy.exe
  C:\Windows\System\yjifcEy.exe
  2⤵
  PID:1592
- C:\Windows\System\mBjlQkU.exe
  C:\Windows\System\mBjlQkU.exe
  2⤵
  PID:4920
- C:\Windows\System\dSsKWEx.exe
  C:\Windows\System\dSsKWEx.exe
  2⤵
  PID:4996
- C:\Windows\System\hKfaONj.exe
  C:\Windows\System\hKfaONj.exe
  2⤵
  PID:1368
- C:\Windows\System\FJDlZrz.exe
  C:\Windows\System\FJDlZrz.exe
  2⤵
  PID:1880
- C:\Windows\System\SUEiaHS.exe
  C:\Windows\System\SUEiaHS.exe
  2⤵
  PID:2944
- C:\Windows\System\SLBYFwI.exe
  C:\Windows\System\SLBYFwI.exe
  2⤵
  PID:3788
- C:\Windows\System\eexBJmf.exe
  C:\Windows\System\eexBJmf.exe
  2⤵
  PID:3992
- C:\Windows\System\cdObOys.exe
  C:\Windows\System\cdObOys.exe
  2⤵
  PID:3048
- C:\Windows\System\QQwGSvO.exe
  C:\Windows\System\QQwGSvO.exe
  2⤵
  PID:3464
- C:\Windows\System\pnWdale.exe
  C:\Windows\System\pnWdale.exe
  2⤵
  PID:2308
- C:\Windows\System\uRjvfpx.exe
  C:\Windows\System\uRjvfpx.exe
  2⤵
  PID:4240
- C:\Windows\System\HWUCsgk.exe
  C:\Windows\System\HWUCsgk.exe
  2⤵
  PID:4840
- C:\Windows\System\OVmJuqB.exe
  C:\Windows\System\OVmJuqB.exe
  2⤵
  PID:1372
- C:\Windows\System\YUIiYBe.exe
  C:\Windows\System\YUIiYBe.exe
  2⤵
  PID:5144
- C:\Windows\System\FEcvvha.exe
  C:\Windows\System\FEcvvha.exe
  2⤵
  PID:5176
- C:\Windows\System\LijnqNq.exe
  C:\Windows\System\LijnqNq.exe
  2⤵
  PID:5224
- C:\Windows\System\QYGXVUa.exe
  C:\Windows\System\QYGXVUa.exe
  2⤵
  PID:5284
- C:\Windows\System\YrqWxMi.exe
  C:\Windows\System\YrqWxMi.exe
  2⤵
  PID:5300
- C:\Windows\System\GODiwyY.exe
  C:\Windows\System\GODiwyY.exe
  2⤵
  PID:5320
- C:\Windows\System\sCkwUgO.exe
  C:\Windows\System\sCkwUgO.exe
  2⤵
  PID:5384
- C:\Windows\System\TGHsUly.exe
  C:\Windows\System\TGHsUly.exe
  2⤵
  PID:5400
- C:\Windows\System\BnMCfbq.exe
  C:\Windows\System\BnMCfbq.exe
  2⤵
  PID:5416
- C:\Windows\System\MCDQbOi.exe
  C:\Windows\System\MCDQbOi.exe
  2⤵
  PID:5444
- C:\Windows\System\qYWaFYI.exe
  C:\Windows\System\qYWaFYI.exe
  2⤵
  PID:5472
- C:\Windows\System\sXHKMEa.exe
  C:\Windows\System\sXHKMEa.exe
  2⤵
  PID:5500
- C:\Windows\System\kCJPcfV.exe
  C:\Windows\System\kCJPcfV.exe
  2⤵
  PID:5528
- C:\Windows\System\JSfzmCW.exe
  C:\Windows\System\JSfzmCW.exe
  2⤵
  PID:5552
- C:\Windows\System\RXzBuvI.exe
  C:\Windows\System\RXzBuvI.exe
  2⤵
  PID:5580
- C:\Windows\System\MMGpJFi.exe
  C:\Windows\System\MMGpJFi.exe
  2⤵
  PID:5608
- C:\Windows\System\qIJMAja.exe
  C:\Windows\System\qIJMAja.exe
  2⤵
  PID:5636
- C:\Windows\System\mfZUSJW.exe
  C:\Windows\System\mfZUSJW.exe
  2⤵
  PID:5664
- C:\Windows\System\IlTfSma.exe
  C:\Windows\System\IlTfSma.exe
  2⤵
  PID:5696
- C:\Windows\System\viSBLsa.exe
  C:\Windows\System\viSBLsa.exe
  2⤵
  PID:5724
- C:\Windows\System\RwuRMLK.exe
  C:\Windows\System\RwuRMLK.exe
  2⤵
  PID:5748
- C:\Windows\System\CdowTMD.exe
  C:\Windows\System\CdowTMD.exe
  2⤵
  PID:5776
- C:\Windows\System\dxFQEMh.exe
  C:\Windows\System\dxFQEMh.exe
  2⤵
  PID:5804
- C:\Windows\System\UJxxzkx.exe
  C:\Windows\System\UJxxzkx.exe
  2⤵
  PID:5836
- C:\Windows\System\PqvlGKA.exe
  C:\Windows\System\PqvlGKA.exe
  2⤵
  PID:5896
- C:\Windows\System\UJtscpR.exe
  C:\Windows\System\UJtscpR.exe
  2⤵
  PID:5924
- C:\Windows\System\fQEJhuR.exe
  C:\Windows\System\fQEJhuR.exe
  2⤵
  PID:5972
- C:\Windows\System\oWlAdgp.exe
  C:\Windows\System\oWlAdgp.exe
  2⤵
  PID:6012
- C:\Windows\System\FTbiSnP.exe
  C:\Windows\System\FTbiSnP.exe
  2⤵
  PID:6036
- C:\Windows\System\JGOdHOC.exe
  C:\Windows\System\JGOdHOC.exe
  2⤵
  PID:6052
- C:\Windows\System\gjEvlSq.exe
  C:\Windows\System\gjEvlSq.exe
  2⤵
  PID:6068
- C:\Windows\System\mxscoWj.exe
  C:\Windows\System\mxscoWj.exe
  2⤵
  PID:6084
- C:\Windows\System\DjtaLCF.exe
  C:\Windows\System\DjtaLCF.exe
  2⤵
  PID:6100
- C:\Windows\System\UyRzhUx.exe
  C:\Windows\System\UyRzhUx.exe
  2⤵
  PID:6116
- C:\Windows\System\rDvjFBq.exe
  C:\Windows\System\rDvjFBq.exe
  2⤵
  PID:4648
- C:\Windows\System\bZzalzr.exe
  C:\Windows\System\bZzalzr.exe
  2⤵
  PID:5196
- C:\Windows\System\gpeciZx.exe
  C:\Windows\System\gpeciZx.exe
  2⤵
  PID:2668
- C:\Windows\System\JdAPFsa.exe
  C:\Windows\System\JdAPFsa.exe
  2⤵
  PID:5280
- C:\Windows\System\eEXNcdy.exe
  C:\Windows\System\eEXNcdy.exe
  2⤵
  PID:4472
- C:\Windows\System\OhKupad.exe
  C:\Windows\System\OhKupad.exe
  2⤵
  PID:5680
- C:\Windows\System\CDmhIQy.exe
  C:\Windows\System\CDmhIQy.exe
  2⤵
  PID:4060
- C:\Windows\System\SgHfImm.exe
  C:\Windows\System\SgHfImm.exe
  2⤵
  PID:5624
- C:\Windows\System\UKcAair.exe
  C:\Windows\System\UKcAair.exe
  2⤵
  PID:5572
- C:\Windows\System\pKkTPDx.exe
  C:\Windows\System\pKkTPDx.exe
  2⤵
  PID:5544
- C:\Windows\System\gsUHAdB.exe
  C:\Windows\System\gsUHAdB.exe
  2⤵
  PID:1088
- C:\Windows\System\aikyIrB.exe
  C:\Windows\System\aikyIrB.exe
  2⤵
  PID:5484
- C:\Windows\System\fhjjLHo.exe
  C:\Windows\System\fhjjLHo.exe
  2⤵
  PID:5432
- C:\Windows\System\JjCIbjG.exe
  C:\Windows\System\JjCIbjG.exe
  2⤵
  PID:5396
- C:\Windows\System\UwjgEnQ.exe
  C:\Windows\System\UwjgEnQ.exe
  2⤵
  PID:3008
- C:\Windows\System\GoknNFZ.exe
  C:\Windows\System\GoknNFZ.exe
  2⤵
  PID:5768
- C:\Windows\System\llQNJbC.exe
  C:\Windows\System\llQNJbC.exe
  2⤵
  PID:1324
- C:\Windows\System\UrMzgtI.exe
  C:\Windows\System\UrMzgtI.exe
  2⤵
  PID:5904
- C:\Windows\System\jHYMNLp.exe
  C:\Windows\System\jHYMNLp.exe
  2⤵
  PID:2248
- C:\Windows\System\aefHKhI.exe
  C:\Windows\System\aefHKhI.exe
  2⤵
  PID:1528
- C:\Windows\System\lPlBscD.exe
  C:\Windows\System\lPlBscD.exe
  2⤵
  PID:5960
- C:\Windows\System\bKpVYke.exe
  C:\Windows\System\bKpVYke.exe
  2⤵
  PID:6020
- C:\Windows\System\FERZrTY.exe
  C:\Windows\System\FERZrTY.exe
  2⤵
  PID:6044
- C:\Windows\System\KfjkkPX.exe
  C:\Windows\System\KfjkkPX.exe
  2⤵
  PID:684
- C:\Windows\System\MwpJocx.exe
  C:\Windows\System\MwpJocx.exe
  2⤵
  PID:5200
- C:\Windows\System\clzsTSL.exe
  C:\Windows\System\clzsTSL.exe
  2⤵
  PID:3032
- C:\Windows\System\XZVGXqW.exe
  C:\Windows\System\XZVGXqW.exe
  2⤵
  PID:1208
- C:\Windows\System\JlxmHRR.exe
  C:\Windows\System\JlxmHRR.exe
  2⤵
  PID:5688
- C:\Windows\System\jToLqzz.exe
  C:\Windows\System\jToLqzz.exe
  2⤵
  PID:5112
- C:\Windows\System\iCJmBZV.exe
  C:\Windows\System\iCJmBZV.exe
  2⤵
  PID:5456
- C:\Windows\System\dRpzhun.exe
  C:\Windows\System\dRpzhun.exe
  2⤵
  PID:2696
- C:\Windows\System\TEEnXqh.exe
  C:\Windows\System\TEEnXqh.exe
  2⤵
  PID:5356
- C:\Windows\System\jkpDbZw.exe
  C:\Windows\System\jkpDbZw.exe
  2⤵
  PID:816
- C:\Windows\System\BJcmKBO.exe
  C:\Windows\System\BJcmKBO.exe
  2⤵
  PID:5888
- C:\Windows\System\cCPaMFR.exe
  C:\Windows\System\cCPaMFR.exe
  2⤵
  PID:4572
- C:\Windows\System\ZvmufJb.exe
  C:\Windows\System\ZvmufJb.exe
  2⤵
  PID:5988
- C:\Windows\System\WfOFbxF.exe
  C:\Windows\System\WfOFbxF.exe
  2⤵
  PID:2648
- C:\Windows\System\HeBiPpC.exe
  C:\Windows\System\HeBiPpC.exe
  2⤵
  PID:5264
- C:\Windows\System\GrFWeVl.exe
  C:\Windows\System\GrFWeVl.exe
  2⤵
  PID:5312
- C:\Windows\System\tCwoZOI.exe
  C:\Windows\System\tCwoZOI.exe
  2⤵
  PID:1224
- C:\Windows\System\WXvBpya.exe
  C:\Windows\System\WXvBpya.exe
  2⤵
  PID:6096
- C:\Windows\System\qjDcZtO.exe
  C:\Windows\System\qjDcZtO.exe
  2⤵
  PID:2652
- C:\Windows\System\QGRLPPG.exe
  C:\Windows\System\QGRLPPG.exe
  2⤵
  PID:6140
- C:\Windows\System\WZxRbUF.exe
  C:\Windows\System\WZxRbUF.exe
  2⤵
  PID:5540
- C:\Windows\System\KzGoLdN.exe
  C:\Windows\System\KzGoLdN.exe
  2⤵
  PID:6156
- C:\Windows\System\naFpFOw.exe
  C:\Windows\System\naFpFOw.exe
  2⤵
  PID:6176
- C:\Windows\System\TFTuKYX.exe
  C:\Windows\System\TFTuKYX.exe
  2⤵
  PID:6196
- C:\Windows\System\pHUBirH.exe
  C:\Windows\System\pHUBirH.exe
  2⤵
  PID:6268
- C:\Windows\System\UKOiBtA.exe
  C:\Windows\System\UKOiBtA.exe
  2⤵
  PID:6292
- C:\Windows\System\pJzLPTf.exe
  C:\Windows\System\pJzLPTf.exe
  2⤵
  PID:6308
- C:\Windows\System\eqhVuPr.exe
  C:\Windows\System\eqhVuPr.exe
  2⤵
  PID:6332
- C:\Windows\System\zjERwEV.exe
  C:\Windows\System\zjERwEV.exe
  2⤵
  PID:6380
- C:\Windows\System\naJDill.exe
  C:\Windows\System\naJDill.exe
  2⤵
  PID:6404
- C:\Windows\System\uebhGsD.exe
  C:\Windows\System\uebhGsD.exe
  2⤵
  PID:6424
- C:\Windows\System\PTqAQJj.exe
  C:\Windows\System\PTqAQJj.exe
  2⤵
  PID:6476
- C:\Windows\System\zsuWGnR.exe
  C:\Windows\System\zsuWGnR.exe
  2⤵
  PID:6492
- C:\Windows\System\qEpfqOu.exe
  C:\Windows\System\qEpfqOu.exe
  2⤵
  PID:6516
- C:\Windows\System\ijfglPJ.exe
  C:\Windows\System\ijfglPJ.exe
  2⤵
  PID:6540
- C:\Windows\System\DjXodct.exe
  C:\Windows\System\DjXodct.exe
  2⤵
  PID:6572
- C:\Windows\System\qSLpyqm.exe
  C:\Windows\System\qSLpyqm.exe
  2⤵
  PID:6596
- C:\Windows\System\cGDzYrq.exe
  C:\Windows\System\cGDzYrq.exe
  2⤵
  PID:6616
- C:\Windows\System\JGiwEOi.exe
  C:\Windows\System\JGiwEOi.exe
  2⤵
  PID:6672
- C:\Windows\System\FixcsxA.exe
  C:\Windows\System\FixcsxA.exe
  2⤵
  PID:6700
- C:\Windows\System\PlZAjpq.exe
  C:\Windows\System\PlZAjpq.exe
  2⤵
  PID:6728
- C:\Windows\System\rMaIUoO.exe
  C:\Windows\System\rMaIUoO.exe
  2⤵
  PID:6744
- C:\Windows\System\YsBhrOA.exe
  C:\Windows\System\YsBhrOA.exe
  2⤵
  PID:6768
- C:\Windows\System\jwmjdPZ.exe
  C:\Windows\System\jwmjdPZ.exe
  2⤵
  PID:6784
- C:\Windows\System\vgwWNxy.exe
  C:\Windows\System\vgwWNxy.exe
  2⤵
  PID:6816
- C:\Windows\System\WcHvCyI.exe
  C:\Windows\System\WcHvCyI.exe
  2⤵
  PID:6836
- C:\Windows\System\LkVNqVT.exe
  C:\Windows\System\LkVNqVT.exe
  2⤵
  PID:6868
- C:\Windows\System\xTpodaT.exe
  C:\Windows\System\xTpodaT.exe
  2⤵
  PID:6896
- C:\Windows\System\xRfxZAU.exe
  C:\Windows\System\xRfxZAU.exe
  2⤵
  PID:6920
- C:\Windows\System\rNEdyZF.exe
  C:\Windows\System\rNEdyZF.exe
  2⤵
  PID:6940
- C:\Windows\System\cSCfPZP.exe
  C:\Windows\System\cSCfPZP.exe
  2⤵
  PID:6980
- C:\Windows\System\paiAFNX.exe
  C:\Windows\System\paiAFNX.exe
  2⤵
  PID:7036
- C:\Windows\System\AMYODSX.exe
  C:\Windows\System\AMYODSX.exe
  2⤵
  PID:7064
- C:\Windows\System\wGmnWji.exe
  C:\Windows\System\wGmnWji.exe
  2⤵
  PID:7080
- C:\Windows\System\uKsvbJk.exe
  C:\Windows\System\uKsvbJk.exe
  2⤵
  PID:7128
- C:\Windows\System\YiEWCLq.exe
  C:\Windows\System\YiEWCLq.exe
  2⤵
  PID:7144
- C:\Windows\System\GLglbmk.exe
  C:\Windows\System\GLglbmk.exe
  2⤵
  PID:3036
- C:\Windows\System\pohNuYx.exe
  C:\Windows\System\pohNuYx.exe
  2⤵
  PID:6208
- C:\Windows\System\WoJRxbT.exe
  C:\Windows\System\WoJRxbT.exe
  2⤵
  PID:6188
- C:\Windows\System\uhWoXYC.exe
  C:\Windows\System\uhWoXYC.exe
  2⤵
  PID:6276
- C:\Windows\System\cYrEjLH.exe
  C:\Windows\System\cYrEjLH.exe
  2⤵
  PID:6368
- C:\Windows\System\kYLtMWi.exe
  C:\Windows\System\kYLtMWi.exe
  2⤵
  PID:6416
- C:\Windows\System\JFguskK.exe
  C:\Windows\System\JFguskK.exe
  2⤵
  PID:6468
- C:\Windows\System\Xsypzaj.exe
  C:\Windows\System\Xsypzaj.exe
  2⤵
  PID:6532
- C:\Windows\System\zCvMyyU.exe
  C:\Windows\System\zCvMyyU.exe
  2⤵
  PID:6580
- C:\Windows\System\hQmNsdi.exe
  C:\Windows\System\hQmNsdi.exe
  2⤵
  PID:6636
- C:\Windows\System\fpzuFYq.exe
  C:\Windows\System\fpzuFYq.exe
  2⤵
  PID:6692
- C:\Windows\System\SvmUoeT.exe
  C:\Windows\System\SvmUoeT.exe
  2⤵
  PID:6740
- C:\Windows\System\XMUcRRs.exe
  C:\Windows\System\XMUcRRs.exe
  2⤵
  PID:6776
- C:\Windows\System\vsvDyTI.exe
  C:\Windows\System\vsvDyTI.exe
  2⤵
  PID:6904
- C:\Windows\System\PNJRcmA.exe
  C:\Windows\System\PNJRcmA.exe
  2⤵
  PID:6960
- C:\Windows\System\qFVInsv.exe
  C:\Windows\System\qFVInsv.exe
  2⤵
  PID:7024
- C:\Windows\System\CYlROnE.exe
  C:\Windows\System\CYlROnE.exe
  2⤵
  PID:7056
- C:\Windows\System\ITWlzzp.exe
  C:\Windows\System\ITWlzzp.exe
  2⤵
  PID:7164
- C:\Windows\System\JGKJlbI.exe
  C:\Windows\System\JGKJlbI.exe
  2⤵
  PID:6172
- C:\Windows\System\BVmULgo.exe
  C:\Windows\System\BVmULgo.exe
  2⤵
  PID:6324
- C:\Windows\System\jvduANb.exe
  C:\Windows\System\jvduANb.exe
  2⤵
  PID:6460
- C:\Windows\System\rOEVXKa.exe
  C:\Windows\System\rOEVXKa.exe
  2⤵
  PID:5252
- C:\Windows\System\hXxTabG.exe
  C:\Windows\System\hXxTabG.exe
  2⤵
  PID:6512
- C:\Windows\System\SmeyioC.exe
  C:\Windows\System\SmeyioC.exe
  2⤵
  PID:5236
- C:\Windows\System\uouxpZm.exe
  C:\Windows\System\uouxpZm.exe
  2⤵
  PID:6916
- C:\Windows\System\XueNMTU.exe
  C:\Windows\System\XueNMTU.exe
  2⤵
  PID:7104
- C:\Windows\System\LCbVjHr.exe
  C:\Windows\System\LCbVjHr.exe
  2⤵
  PID:6300
- C:\Windows\System\WuUpqei.exe
  C:\Windows\System\WuUpqei.exe
  2⤵
  PID:6124
- C:\Windows\System\unQrdoK.exe
  C:\Windows\System\unQrdoK.exe
  2⤵
  PID:3512
- C:\Windows\System\ChwTmvf.exe
  C:\Windows\System\ChwTmvf.exe
  2⤵
  PID:6992
- C:\Windows\System\mivWIxj.exe
  C:\Windows\System\mivWIxj.exe
  2⤵
  PID:7076
- C:\Windows\System\eRUMZuy.exe
  C:\Windows\System\eRUMZuy.exe
  2⤵
  PID:6488
- C:\Windows\System\lkBENgc.exe
  C:\Windows\System\lkBENgc.exe
  2⤵
  PID:7224
- C:\Windows\System\UnMnPiO.exe
  C:\Windows\System\UnMnPiO.exe
  2⤵
  PID:7244
- C:\Windows\System\OjFtZfb.exe
  C:\Windows\System\OjFtZfb.exe
  2⤵
  PID:7284
- C:\Windows\System\PkvMXuv.exe
  C:\Windows\System\PkvMXuv.exe
  2⤵
  PID:7308
- C:\Windows\System\cCotGjN.exe
  C:\Windows\System\cCotGjN.exe
  2⤵
  PID:7328
- C:\Windows\System\wOtpYEK.exe
  C:\Windows\System\wOtpYEK.exe
  2⤵
  PID:7348
- C:\Windows\System\ULDPhDS.exe
  C:\Windows\System\ULDPhDS.exe
  2⤵
  PID:7384
- C:\Windows\System\PGNKGlM.exe
  C:\Windows\System\PGNKGlM.exe
  2⤵
  PID:7408
- C:\Windows\System\CiSRwce.exe
  C:\Windows\System\CiSRwce.exe
  2⤵
  PID:7424
- C:\Windows\System\dgZKipX.exe
  C:\Windows\System\dgZKipX.exe
  2⤵
  PID:7444
- C:\Windows\System\vCZUeOG.exe
  C:\Windows\System\vCZUeOG.exe
  2⤵
  PID:7496
- C:\Windows\System\qAmPoLg.exe
  C:\Windows\System\qAmPoLg.exe
  2⤵
  PID:7544
- C:\Windows\System\eIrZjLf.exe
  C:\Windows\System\eIrZjLf.exe
  2⤵
  PID:7560
- C:\Windows\System\fsPDwBl.exe
  C:\Windows\System\fsPDwBl.exe
  2⤵
  PID:7588
- C:\Windows\System\ENequpi.exe
  C:\Windows\System\ENequpi.exe
  2⤵
  PID:7616
- C:\Windows\System\VvmsmNM.exe
  C:\Windows\System\VvmsmNM.exe
  2⤵
  PID:7656
- C:\Windows\System\GoMOkwH.exe
  C:\Windows\System\GoMOkwH.exe
  2⤵
  PID:7680
- C:\Windows\System\FtIWVSq.exe
  C:\Windows\System\FtIWVSq.exe
  2⤵
  PID:7696
- C:\Windows\System\curEGyL.exe
  C:\Windows\System\curEGyL.exe
  2⤵
  PID:7720
- C:\Windows\System\GgwQXnc.exe
  C:\Windows\System\GgwQXnc.exe
  2⤵
  PID:7744
- C:\Windows\System\whPqPbv.exe
  C:\Windows\System\whPqPbv.exe
  2⤵
  PID:7760
- C:\Windows\System\wzwhtHR.exe
  C:\Windows\System\wzwhtHR.exe
  2⤵
  PID:7808
- C:\Windows\System\hbSDuDV.exe
  C:\Windows\System\hbSDuDV.exe
  2⤵
  PID:7824
- C:\Windows\System\KsUCoRb.exe
  C:\Windows\System\KsUCoRb.exe
  2⤵
  PID:7868
- C:\Windows\System\IHlRlUu.exe
  C:\Windows\System\IHlRlUu.exe
  2⤵
  PID:7888
- C:\Windows\System\KBqwJYv.exe
  C:\Windows\System\KBqwJYv.exe
  2⤵
  PID:7920
- C:\Windows\System\rHUzkfk.exe
  C:\Windows\System\rHUzkfk.exe
  2⤵
  PID:7952
- C:\Windows\System\EFhvdCm.exe
  C:\Windows\System\EFhvdCm.exe
  2⤵
  PID:7972
- C:\Windows\System\qFtpEWI.exe
  C:\Windows\System\qFtpEWI.exe
  2⤵
  PID:7996
- C:\Windows\System\klgOtnZ.exe
  C:\Windows\System\klgOtnZ.exe
  2⤵
  PID:8040
- C:\Windows\System\wmNDOZb.exe
  C:\Windows\System\wmNDOZb.exe
  2⤵
  PID:8064
- C:\Windows\System\AvSQKDa.exe
  C:\Windows\System\AvSQKDa.exe
  2⤵
  PID:8088
- C:\Windows\System\qKedDLn.exe
  C:\Windows\System\qKedDLn.exe
  2⤵
  PID:8132
- C:\Windows\System\eDwnllB.exe
  C:\Windows\System\eDwnllB.exe
  2⤵
  PID:8156
- C:\Windows\System\aTujsls.exe
  C:\Windows\System\aTujsls.exe
  2⤵
  PID:8180
- C:\Windows\System\WsfVHcS.exe
  C:\Windows\System\WsfVHcS.exe
  2⤵
  PID:6564
- C:\Windows\System\gZTUyhY.exe
  C:\Windows\System\gZTUyhY.exe
  2⤵
  PID:7192
- C:\Windows\System\yoFFuta.exe
  C:\Windows\System\yoFFuta.exe
  2⤵
  PID:7260
- C:\Windows\System\AUBJcmm.exe
  C:\Windows\System\AUBJcmm.exe
  2⤵
  PID:7344
- C:\Windows\System\MaPRYSD.exe
  C:\Windows\System\MaPRYSD.exe
  2⤵
  PID:7392
- C:\Windows\System\BxCavEZ.exe
  C:\Windows\System\BxCavEZ.exe
  2⤵
  PID:7440
- C:\Windows\System\fFhXUlL.exe
  C:\Windows\System\fFhXUlL.exe
  2⤵
  PID:7524
- C:\Windows\System\NfvbEMH.exe
  C:\Windows\System\NfvbEMH.exe
  2⤵
  PID:7604
- C:\Windows\System\VmaJopn.exe
  C:\Windows\System\VmaJopn.exe
  2⤵
  PID:7672
- C:\Windows\System\RqqxAGx.exe
  C:\Windows\System\RqqxAGx.exe
  2⤵
  PID:7712
- C:\Windows\System\ZzqTjjI.exe
  C:\Windows\System\ZzqTjjI.exe
  2⤵
  PID:7852
- C:\Windows\System\tngiKCk.exe
  C:\Windows\System\tngiKCk.exe
  2⤵
  PID:7844
- C:\Windows\System\qMeRFqY.exe
  C:\Windows\System\qMeRFqY.exe
  2⤵
  PID:7944
- C:\Windows\System\WOdskNP.exe
  C:\Windows\System\WOdskNP.exe
  2⤵
  PID:7984
- C:\Windows\System\TioQqMf.exe
  C:\Windows\System\TioQqMf.exe
  2⤵
  PID:8080
- C:\Windows\System\hhRPAxd.exe
  C:\Windows\System\hhRPAxd.exe
  2⤵
  PID:8120
- C:\Windows\System\rtLkohQ.exe
  C:\Windows\System\rtLkohQ.exe
  2⤵
  PID:8148
- C:\Windows\System\oKVNWFa.exe
  C:\Windows\System\oKVNWFa.exe
  2⤵
  PID:6952
- C:\Windows\System\XRmcNPl.exe
  C:\Windows\System\XRmcNPl.exe
  2⤵
  PID:7240
- C:\Windows\System\nxsVPlv.exe
  C:\Windows\System\nxsVPlv.exe
  2⤵
  PID:7360
- C:\Windows\System\BTbGffp.exe
  C:\Windows\System\BTbGffp.exe
  2⤵
  PID:7472
- C:\Windows\System\YObnpfg.exe
  C:\Windows\System\YObnpfg.exe
  2⤵
  PID:7756
- C:\Windows\System\diQPfvW.exe
  C:\Windows\System\diQPfvW.exe
  2⤵
  PID:7900
- C:\Windows\System\XTTDTyG.exe
  C:\Windows\System\XTTDTyG.exe
  2⤵
  PID:8128
- C:\Windows\System\BLZVPDn.exe
  C:\Windows\System\BLZVPDn.exe
  2⤵
  PID:7580
- C:\Windows\System\hDnxAUZ.exe
  C:\Windows\System\hDnxAUZ.exe
  2⤵
  PID:7832
- C:\Windows\System\JNvyqVI.exe
  C:\Windows\System\JNvyqVI.exe
  2⤵
  PID:8208
- C:\Windows\System\uauNvLh.exe
  C:\Windows\System\uauNvLh.exe
  2⤵
  PID:8224
- C:\Windows\System\VbiJVdn.exe
  C:\Windows\System\VbiJVdn.exe
  2⤵
  PID:8240
- C:\Windows\System\aNoNrDd.exe
  C:\Windows\System\aNoNrDd.exe
  2⤵
  PID:8256
- C:\Windows\System\agQmwZk.exe
  C:\Windows\System\agQmwZk.exe
  2⤵
  PID:8276
- C:\Windows\System\aEyTogx.exe
  C:\Windows\System\aEyTogx.exe
  2⤵
  PID:8296
- C:\Windows\System\RTSkITn.exe
  C:\Windows\System\RTSkITn.exe
  2⤵
  PID:8316
- C:\Windows\System\HFtptkz.exe
  C:\Windows\System\HFtptkz.exe
  2⤵
  PID:8388
- C:\Windows\System\olOWsqK.exe
  C:\Windows\System\olOWsqK.exe
  2⤵
  PID:8472
- C:\Windows\System\sdxjStI.exe
  C:\Windows\System\sdxjStI.exe
  2⤵
  PID:8492
- C:\Windows\System\GkQDFlQ.exe
  C:\Windows\System\GkQDFlQ.exe
  2⤵
  PID:8524
- C:\Windows\System\DarOoQX.exe
  C:\Windows\System\DarOoQX.exe
  2⤵
  PID:8584
- C:\Windows\System\uFviZOc.exe
  C:\Windows\System\uFviZOc.exe
  2⤵
  PID:8616
- C:\Windows\System\HwnzwuC.exe
  C:\Windows\System\HwnzwuC.exe
  2⤵
  PID:8636
- C:\Windows\System\jlCodJK.exe
  C:\Windows\System\jlCodJK.exe
  2⤵
  PID:8700
- C:\Windows\System\UBkQQEP.exe
  C:\Windows\System\UBkQQEP.exe
  2⤵
  PID:8720
- C:\Windows\System\JouvFUx.exe
  C:\Windows\System\JouvFUx.exe
  2⤵
  PID:8736
- C:\Windows\System\pMYJneV.exe
  C:\Windows\System\pMYJneV.exe
  2⤵
  PID:8764
- C:\Windows\System\lDCxBar.exe
  C:\Windows\System\lDCxBar.exe
  2⤵
  PID:8792
- C:\Windows\System\brguTmE.exe
  C:\Windows\System\brguTmE.exe
  2⤵
  PID:8812
- C:\Windows\System\giTaSGy.exe
  C:\Windows\System\giTaSGy.exe
  2⤵
  PID:8832
- C:\Windows\System\TKGzjHx.exe
  C:\Windows\System\TKGzjHx.exe
  2⤵
  PID:8848
- C:\Windows\System\LEMCoWj.exe
  C:\Windows\System\LEMCoWj.exe
  2⤵
  PID:8868
- C:\Windows\System\VVedhmD.exe
  C:\Windows\System\VVedhmD.exe
  2⤵
  PID:8916
- C:\Windows\System\isUShSf.exe
  C:\Windows\System\isUShSf.exe
  2⤵
  PID:8964
- C:\Windows\System\kXSxhAj.exe
  C:\Windows\System\kXSxhAj.exe
  2⤵
  PID:8984
- C:\Windows\System\HZDXPtl.exe
  C:\Windows\System\HZDXPtl.exe
  2⤵
  PID:9032
- C:\Windows\System\BlNfhXQ.exe
  C:\Windows\System\BlNfhXQ.exe
  2⤵
  PID:9052
- C:\Windows\System\fpbZDgl.exe
  C:\Windows\System\fpbZDgl.exe
  2⤵
  PID:9072
- C:\Windows\System\AYWuOmS.exe
  C:\Windows\System\AYWuOmS.exe
  2⤵
  PID:9108
- C:\Windows\System\ztXfobd.exe
  C:\Windows\System\ztXfobd.exe
  2⤵
  PID:9132
- C:\Windows\System\GdpNWKa.exe
  C:\Windows\System\GdpNWKa.exe
  2⤵
  PID:9164
- C:\Windows\System\HLfNGEn.exe
  C:\Windows\System\HLfNGEn.exe
  2⤵
  PID:9192
- C:\Windows\System\zefJQEG.exe
  C:\Windows\System\zefJQEG.exe
  2⤵
  PID:7820
- C:\Windows\System\aXQhaMY.exe
  C:\Windows\System\aXQhaMY.exe
  2⤵
  PID:8200
- C:\Windows\System\seGKHxr.exe
  C:\Windows\System\seGKHxr.exe
  2⤵
  PID:8292
- C:\Windows\System\ITFyIbJ.exe
  C:\Windows\System\ITFyIbJ.exe
  2⤵
  PID:8272
- C:\Windows\System\uZQIrYb.exe
  C:\Windows\System\uZQIrYb.exe
  2⤵
  PID:8380
- C:\Windows\System\XXpMnLj.exe
  C:\Windows\System\XXpMnLj.exe
  2⤵
  PID:8468
- C:\Windows\System\HhUsxED.exe
  C:\Windows\System\HhUsxED.exe
  2⤵
  PID:8520
- C:\Windows\System\omzwssZ.exe
  C:\Windows\System\omzwssZ.exe
  2⤵
  PID:8592
- C:\Windows\System\hMkVzPH.exe
  C:\Windows\System\hMkVzPH.exe
  2⤵
  PID:8668
- C:\Windows\System\RsotmLW.exe
  C:\Windows\System\RsotmLW.exe
  2⤵
  PID:8712
- C:\Windows\System\owuifpu.exe
  C:\Windows\System\owuifpu.exe
  2⤵
  PID:8824
- C:\Windows\System\yyauicA.exe
  C:\Windows\System\yyauicA.exe
  2⤵
  PID:8960
- C:\Windows\System\XsbAJAC.exe
  C:\Windows\System\XsbAJAC.exe
  2⤵
  PID:8992
- C:\Windows\System\CunKbeI.exe
  C:\Windows\System\CunKbeI.exe
  2⤵
  PID:9040
- C:\Windows\System\VqZWgIr.exe
  C:\Windows\System\VqZWgIr.exe
  2⤵
  PID:9064
- C:\Windows\System\DcWnFMp.exe
  C:\Windows\System\DcWnFMp.exe
  2⤵
  PID:9188
- C:\Windows\System\IXhIDdX.exe
  C:\Windows\System\IXhIDdX.exe
  2⤵
  PID:7552
- C:\Windows\System\hdXdBZI.exe
  C:\Windows\System\hdXdBZI.exe
  2⤵
  PID:8356
- C:\Windows\System\nAigxnS.exe
  C:\Windows\System\nAigxnS.exe
  2⤵
  PID:8444
- C:\Windows\System\uidUBbV.exe
  C:\Windows\System\uidUBbV.exe
  2⤵
  PID:8628
- C:\Windows\System\XnTSlUP.exe
  C:\Windows\System\XnTSlUP.exe
  2⤵
  PID:8980
- C:\Windows\System\ydqllWD.exe
  C:\Windows\System\ydqllWD.exe
  2⤵
  PID:9048
- C:\Windows\System\QPYQxGr.exe
  C:\Windows\System\QPYQxGr.exe
  2⤵
  PID:9204
- C:\Windows\System\eddDQyb.exe
  C:\Windows\System\eddDQyb.exe
  2⤵
  PID:8264
- C:\Windows\System\TDxkEQL.exe
  C:\Windows\System\TDxkEQL.exe
  2⤵
  PID:8892
- C:\Windows\System\QbkulLe.exe
  C:\Windows\System\QbkulLe.exe
  2⤵
  PID:9060
- C:\Windows\System\gJrjsQK.exe
  C:\Windows\System\gJrjsQK.exe
  2⤵
  PID:9220
- C:\Windows\System\dinPkZc.exe
  C:\Windows\System\dinPkZc.exe
  2⤵
  PID:9272
- C:\Windows\System\eHzUMlc.exe
  C:\Windows\System\eHzUMlc.exe
  2⤵
  PID:9288
- C:\Windows\System\uhYSgnU.exe
  C:\Windows\System\uhYSgnU.exe
  2⤵
  PID:9336
- C:\Windows\System\DOleZJW.exe
  C:\Windows\System\DOleZJW.exe
  2⤵
  PID:9352
- C:\Windows\System\EZJlzAT.exe
  C:\Windows\System\EZJlzAT.exe
  2⤵
  PID:9372
- C:\Windows\System\cagypTg.exe
  C:\Windows\System\cagypTg.exe
  2⤵
  PID:9392
- C:\Windows\System\fkAnike.exe
  C:\Windows\System\fkAnike.exe
  2⤵
  PID:9412
- C:\Windows\System\VzpjAtP.exe
  C:\Windows\System\VzpjAtP.exe
  2⤵
  PID:9436
- C:\Windows\System\VWWKMDW.exe
  C:\Windows\System\VWWKMDW.exe
  2⤵
  PID:9460
- C:\Windows\System\GPbYElB.exe
  C:\Windows\System\GPbYElB.exe
  2⤵
  PID:9480
- C:\Windows\System\RHcCfDk.exe
  C:\Windows\System\RHcCfDk.exe
  2⤵
  PID:9504
- C:\Windows\System\WyxtlFM.exe
  C:\Windows\System\WyxtlFM.exe
  2⤵
  PID:9524
- C:\Windows\System\beyHFWY.exe
  C:\Windows\System\beyHFWY.exe
  2⤵
  PID:9560
- C:\Windows\System\lzxkiRW.exe
  C:\Windows\System\lzxkiRW.exe
  2⤵
  PID:9624
- C:\Windows\System\gdrpquF.exe
  C:\Windows\System\gdrpquF.exe
  2⤵
  PID:9640
- C:\Windows\System\RJXRwCE.exe
  C:\Windows\System\RJXRwCE.exe
  2⤵
  PID:9664
- C:\Windows\System\HqzMrym.exe
  C:\Windows\System\HqzMrym.exe
  2⤵
  PID:9688
- C:\Windows\System\GYtSLeV.exe
  C:\Windows\System\GYtSLeV.exe
  2⤵
  PID:9728
- C:\Windows\System\kfdTiZB.exe
  C:\Windows\System\kfdTiZB.exe
  2⤵
  PID:9772
- C:\Windows\System\uldrXiN.exe
  C:\Windows\System\uldrXiN.exe
  2⤵
  PID:9796
- C:\Windows\System\azmGAYL.exe
  C:\Windows\System\azmGAYL.exe
  2⤵
  PID:9836
- C:\Windows\System\TIISwal.exe
  C:\Windows\System\TIISwal.exe
  2⤵
  PID:9856
- C:\Windows\System\rabplTj.exe
  C:\Windows\System\rabplTj.exe
  2⤵
  PID:9892
- C:\Windows\System\ogDLGjp.exe
  C:\Windows\System\ogDLGjp.exe
  2⤵
  PID:9920
- C:\Windows\System\wJlPmRm.exe
  C:\Windows\System\wJlPmRm.exe
  2⤵
  PID:9936
- C:\Windows\System\xtoRMIt.exe
  C:\Windows\System\xtoRMIt.exe
  2⤵
  PID:9964
- C:\Windows\System\NlmbcMr.exe
  C:\Windows\System\NlmbcMr.exe
  2⤵
  PID:9992
- C:\Windows\System\xEqIcZR.exe
  C:\Windows\System\xEqIcZR.exe
  2⤵
  PID:10012
- C:\Windows\System\DUFLikU.exe
  C:\Windows\System\DUFLikU.exe
  2⤵
  PID:10040
- C:\Windows\System\wYEqnre.exe
  C:\Windows\System\wYEqnre.exe
  2⤵
  PID:10076
- C:\Windows\System\ngyVUFJ.exe
  C:\Windows\System\ngyVUFJ.exe
  2⤵
  PID:10100
- C:\Windows\System\whHKLlK.exe
  C:\Windows\System\whHKLlK.exe
  2⤵
  PID:10120
- C:\Windows\System\hldAwov.exe
  C:\Windows\System\hldAwov.exe
  2⤵
  PID:10172
- C:\Windows\System\JDogZSP.exe
  C:\Windows\System\JDogZSP.exe
  2⤵
  PID:10192
- C:\Windows\System\cJIZLOg.exe
  C:\Windows\System\cJIZLOg.exe
  2⤵
  PID:10220
- C:\Windows\System\SrOkpfm.exe
  C:\Windows\System\SrOkpfm.exe
  2⤵
  PID:8660
- C:\Windows\System\pTOzzWf.exe
  C:\Windows\System\pTOzzWf.exe
  2⤵
  PID:9228
- C:\Windows\System\HHIURGY.exe
  C:\Windows\System\HHIURGY.exe
  2⤵
  PID:9332
- C:\Windows\System\zJyKUxs.exe
  C:\Windows\System\zJyKUxs.exe
  2⤵
  PID:9360
- C:\Windows\System\DiMZtXu.exe
  C:\Windows\System\DiMZtXu.exe
  2⤵
  PID:9384
- C:\Windows\System\AnkDtNR.exe
  C:\Windows\System\AnkDtNR.exe
  2⤵
  PID:9472
- C:\Windows\System\xOhZIfE.exe
  C:\Windows\System\xOhZIfE.exe
  2⤵
  PID:9604
- C:\Windows\System\BvWgqoT.exe
  C:\Windows\System\BvWgqoT.exe
  2⤵
  PID:9660
- C:\Windows\System\xrlUSnF.exe
  C:\Windows\System\xrlUSnF.exe
  2⤵
  PID:9632
- C:\Windows\System\MGSDAIG.exe
  C:\Windows\System\MGSDAIG.exe
  2⤵
  PID:9724
- C:\Windows\System\eBxnlvn.exe
  C:\Windows\System\eBxnlvn.exe
  2⤵
  PID:9768
- C:\Windows\System\UXxwFse.exe
  C:\Windows\System\UXxwFse.exe
  2⤵
  PID:9844
- C:\Windows\System\FpxLvpf.exe
  C:\Windows\System\FpxLvpf.exe
  2⤵
  PID:9904
- C:\Windows\System\azRzQVl.exe
  C:\Windows\System\azRzQVl.exe
  2⤵
  PID:9960
- C:\Windows\System\nscNWhP.exe
  C:\Windows\System\nscNWhP.exe
  2⤵
  PID:10004
- C:\Windows\System\AiPmZih.exe
  C:\Windows\System\AiPmZih.exe
  2⤵
  PID:10048
- C:\Windows\System\xtsPxWY.exe
  C:\Windows\System\xtsPxWY.exe
  2⤵
  PID:10128
- C:\Windows\System\ElKqTiY.exe
  C:\Windows\System\ElKqTiY.exe
  2⤵
  PID:10212
- C:\Windows\System\djxYXqr.exe
  C:\Windows\System\djxYXqr.exe
  2⤵
  PID:9172
- C:\Windows\System\fdMpSlF.exe
  C:\Windows\System\fdMpSlF.exe
  2⤵
  PID:9520
- C:\Windows\System\GumXyDZ.exe
  C:\Windows\System\GumXyDZ.exe
  2⤵
  PID:9720
- C:\Windows\System\vDYziSH.exe
  C:\Windows\System\vDYziSH.exe
  2⤵
  PID:9952
- C:\Windows\System\JnOYDsg.exe
  C:\Windows\System\JnOYDsg.exe
  2⤵
  PID:10060
- C:\Windows\System\LSncpdD.exe
  C:\Windows\System\LSncpdD.exe
  2⤵
  PID:10116
- C:\Windows\System\PbMTRvy.exe
  C:\Windows\System\PbMTRvy.exe
  2⤵
  PID:9348
- C:\Windows\System\dpvKYhS.exe
  C:\Windows\System\dpvKYhS.exe
  2⤵
  PID:9684
- C:\Windows\System\ciHiInY.exe
  C:\Windows\System\ciHiInY.exe
  2⤵
  PID:10148
- C:\Windows\System\hBhJhbF.exe
  C:\Windows\System\hBhJhbF.exe
  2⤵
  PID:9568
- C:\Windows\System\VoEpurI.exe
  C:\Windows\System\VoEpurI.exe
  2⤵
  PID:10252
- C:\Windows\System\tXVQhJP.exe
  C:\Windows\System\tXVQhJP.exe
  2⤵
  PID:10280
- C:\Windows\System\tFEkaVc.exe
  C:\Windows\System\tFEkaVc.exe
  2⤵
  PID:10308
- C:\Windows\System\zgZpcRM.exe
  C:\Windows\System\zgZpcRM.exe
  2⤵
  PID:10336
- C:\Windows\System\szUmmSm.exe
  C:\Windows\System\szUmmSm.exe
  2⤵
  PID:10356
- C:\Windows\System\ZrAfGIE.exe
  C:\Windows\System\ZrAfGIE.exe
  2⤵
  PID:10408
- C:\Windows\System\nIQsaWb.exe
  C:\Windows\System\nIQsaWb.exe
  2⤵
  PID:10432
- C:\Windows\System\QPCnosH.exe
  C:\Windows\System\QPCnosH.exe
  2⤵
  PID:10448
- C:\Windows\System\IeEmEeM.exe
  C:\Windows\System\IeEmEeM.exe
  2⤵
  PID:10464
- C:\Windows\System\JNHTfQg.exe
  C:\Windows\System\JNHTfQg.exe
  2⤵
  PID:10488
- C:\Windows\System\MdhpyvI.exe
  C:\Windows\System\MdhpyvI.exe
  2⤵
  PID:10524
- C:\Windows\System\qTshKOd.exe
  C:\Windows\System\qTshKOd.exe
  2⤵
  PID:10564
- C:\Windows\System\IBylSby.exe
  C:\Windows\System\IBylSby.exe
  2⤵
  PID:10588
- C:\Windows\System\ZSzkPOs.exe
  C:\Windows\System\ZSzkPOs.exe
  2⤵
  PID:10608
- C:\Windows\System\nuseOgV.exe
  C:\Windows\System\nuseOgV.exe
  2⤵
  PID:10648
- C:\Windows\System\ZEuufEF.exe
  C:\Windows\System\ZEuufEF.exe
  2⤵
  PID:10676
- C:\Windows\System\MylJPWp.exe
  C:\Windows\System\MylJPWp.exe
  2⤵
  PID:10716
- C:\Windows\System\qFGQZcj.exe
  C:\Windows\System\qFGQZcj.exe
  2⤵
  PID:10736
- C:\Windows\System\YjnUnPF.exe
  C:\Windows\System\YjnUnPF.exe
  2⤵
  PID:10760
- C:\Windows\System\naOjqJA.exe
  C:\Windows\System\naOjqJA.exe
  2⤵
  PID:10788
- C:\Windows\System\gLeGCwB.exe
  C:\Windows\System\gLeGCwB.exe
  2⤵
  PID:10824
- C:\Windows\System\nFKRTUY.exe
  C:\Windows\System\nFKRTUY.exe
  2⤵
  PID:10840
- C:\Windows\System\isbFfZR.exe
  C:\Windows\System\isbFfZR.exe
  2⤵
  PID:10856
- C:\Windows\System\BXkwzli.exe
  C:\Windows\System\BXkwzli.exe
  2⤵
  PID:10880
- C:\Windows\System\XQcvMSn.exe
  C:\Windows\System\XQcvMSn.exe
  2⤵
  PID:10900
- C:\Windows\System\xYZThSe.exe
  C:\Windows\System\xYZThSe.exe
  2⤵
  PID:10920
- C:\Windows\System\mfbCfCO.exe
  C:\Windows\System\mfbCfCO.exe
  2⤵
  PID:10940
- C:\Windows\System\oaaoLYD.exe
  C:\Windows\System\oaaoLYD.exe
  2⤵
  PID:10980
- C:\Windows\System\XdCuVpB.exe
  C:\Windows\System\XdCuVpB.exe
  2⤵
  PID:11004
- C:\Windows\System\XDdkIPe.exe
  C:\Windows\System\XDdkIPe.exe
  2⤵
  PID:11032
- C:\Windows\System\aFbUBso.exe
  C:\Windows\System\aFbUBso.exe
  2⤵
  PID:11068
- C:\Windows\System\Sitxmlw.exe
  C:\Windows\System\Sitxmlw.exe
  2⤵
  PID:11136
- C:\Windows\System\vcMqRec.exe
  C:\Windows\System\vcMqRec.exe
  2⤵
  PID:11156
- C:\Windows\System\QOKkYyu.exe
  C:\Windows\System\QOKkYyu.exe
  2⤵
  PID:11184
- C:\Windows\System\dliDZqW.exe
  C:\Windows\System\dliDZqW.exe
  2⤵
  PID:11208
- C:\Windows\System\WKKpEQu.exe
  C:\Windows\System\WKKpEQu.exe
  2⤵
  PID:11224
- C:\Windows\System\ZMrqRZJ.exe
  C:\Windows\System\ZMrqRZJ.exe
  2⤵
  PID:11256
- C:\Windows\System\qThJSIV.exe
  C:\Windows\System\qThJSIV.exe
  2⤵
  PID:10292
- C:\Windows\System\EZXBOGH.exe
  C:\Windows\System\EZXBOGH.exe
  2⤵
  PID:10380
- C:\Windows\System\cykPTLn.exe
  C:\Windows\System\cykPTLn.exe
  2⤵
  PID:10344
- C:\Windows\System\HHdKPXl.exe
  C:\Windows\System\HHdKPXl.exe
  2⤵
  PID:10420
- C:\Windows\System\gsOyeBt.exe
  C:\Windows\System\gsOyeBt.exe
  2⤵
  PID:10552
- C:\Windows\System\vRbOCnQ.exe
  C:\Windows\System\vRbOCnQ.exe
  2⤵
  PID:10628
- C:\Windows\System\IsBPNwM.exe
  C:\Windows\System\IsBPNwM.exe
  2⤵
  PID:10692
- C:\Windows\System\LgNfIzc.exe
  C:\Windows\System\LgNfIzc.exe
  2⤵
  PID:10752
- C:\Windows\System\UKUmQgB.exe
  C:\Windows\System\UKUmQgB.exe
  2⤵
  PID:10832
- C:\Windows\System\ZKIiKZc.exe
  C:\Windows\System\ZKIiKZc.exe
  2⤵
  PID:10816
- C:\Windows\System\HmGutSR.exe
  C:\Windows\System\HmGutSR.exe
  2⤵
  PID:10932
- C:\Windows\System\KiiSBvM.exe
  C:\Windows\System\KiiSBvM.exe
  2⤵
  PID:10976
- C:\Windows\System\bWuulkT.exe
  C:\Windows\System\bWuulkT.exe
  2⤵
  PID:11060
- C:\Windows\System\bucdVGW.exe
  C:\Windows\System\bucdVGW.exe
  2⤵
  PID:11120
- C:\Windows\System\kvJnXpe.exe
  C:\Windows\System\kvJnXpe.exe
  2⤵
  PID:11196
- C:\Windows\System\XSnALVH.exe
  C:\Windows\System\XSnALVH.exe
  2⤵
  PID:10260
- C:\Windows\System\oEGtggG.exe
  C:\Windows\System\oEGtggG.exe
  2⤵
  PID:10476
- C:\Windows\System\jUCRWWb.exe
  C:\Windows\System\jUCRWWb.exe
  2⤵
  PID:10596
- C:\Windows\System\JjhsMhV.exe
  C:\Windows\System\JjhsMhV.exe
  2⤵
  PID:10700
- C:\Windows\System\ZawftVd.exe
  C:\Windows\System\ZawftVd.exe
  2⤵
  PID:10892
- C:\Windows\System\MwoXTih.exe
  C:\Windows\System\MwoXTih.exe
  2⤵
  PID:11000
- C:\Windows\System\mGYhSAL.exe
  C:\Windows\System\mGYhSAL.exe
  2⤵
  PID:11216
- C:\Windows\System\NAqcIKf.exe
  C:\Windows\System\NAqcIKf.exe
  2⤵
  PID:9264
- C:\Windows\System\lWsVemD.exe
  C:\Windows\System\lWsVemD.exe
  2⤵
  PID:10480
- C:\Windows\System\yruZlsY.exe
  C:\Windows\System\yruZlsY.exe
  2⤵
  PID:11108
- C:\Windows\System\aqEpOEI.exe
  C:\Windows\System\aqEpOEI.exe
  2⤵
  PID:11252
- C:\Windows\System\tWynZoa.exe
  C:\Windows\System\tWynZoa.exe
  2⤵
  PID:11284
- C:\Windows\System\OsDpEdq.exe
  C:\Windows\System\OsDpEdq.exe
  2⤵
  PID:11328
- C:\Windows\System\vEtDdhZ.exe
  C:\Windows\System\vEtDdhZ.exe
  2⤵
  PID:11352
- C:\Windows\System\KCkcdBa.exe
  C:\Windows\System\KCkcdBa.exe
  2⤵
  PID:11372
- C:\Windows\System\iXFZDPC.exe
  C:\Windows\System\iXFZDPC.exe
  2⤵
  PID:11400
- C:\Windows\System\JEbnsUX.exe
  C:\Windows\System\JEbnsUX.exe
  2⤵
  PID:11428
- C:\Windows\System\avHZpZD.exe
  C:\Windows\System\avHZpZD.exe
  2⤵
  PID:11456
- C:\Windows\System\zyCcuPi.exe
  C:\Windows\System\zyCcuPi.exe
  2⤵
  PID:11488
- C:\Windows\System\QxokIsf.exe
  C:\Windows\System\QxokIsf.exe
  2⤵
  PID:11508
- C:\Windows\System\pKNofdy.exe
  C:\Windows\System\pKNofdy.exe
  2⤵
  PID:11540
- C:\Windows\System\OkNvOYu.exe
  C:\Windows\System\OkNvOYu.exe
  2⤵
  PID:11568
- C:\Windows\System\uuDdQxI.exe
  C:\Windows\System\uuDdQxI.exe
  2⤵
  PID:11588
- C:\Windows\System\wAiaLvh.exe
  C:\Windows\System\wAiaLvh.exe
  2⤵
  PID:11628
- C:\Windows\System\lPHMERX.exe
  C:\Windows\System\lPHMERX.exe
  2⤵
  PID:11652
- C:\Windows\System\ipLxjLu.exe
  C:\Windows\System\ipLxjLu.exe
  2⤵
  PID:11684
- C:\Windows\System\zOkTwWs.exe
  C:\Windows\System\zOkTwWs.exe
  2⤵
  PID:11748
- C:\Windows\System\FRBOmeT.exe
  C:\Windows\System\FRBOmeT.exe
  2⤵
  PID:11804
- C:\Windows\System\kLQftiL.exe
  C:\Windows\System\kLQftiL.exe
  2⤵
  PID:11856
- C:\Windows\System\uDOZdxB.exe
  C:\Windows\System\uDOZdxB.exe
  2⤵
  PID:11872
- C:\Windows\System\hZWicdX.exe
  C:\Windows\System\hZWicdX.exe
  2⤵
  PID:11888
- C:\Windows\System\vFdZVKL.exe
  C:\Windows\System\vFdZVKL.exe
  2⤵
  PID:11904
- C:\Windows\System\MYXcXHT.exe
  C:\Windows\System\MYXcXHT.exe
  2⤵
  PID:11920
- C:\Windows\System\CtekAUH.exe
  C:\Windows\System\CtekAUH.exe
  2⤵
  PID:11944
- C:\Windows\System\etLheyd.exe
  C:\Windows\System\etLheyd.exe
  2⤵
  PID:11960
- C:\Windows\System\qvBAaQT.exe
  C:\Windows\System\qvBAaQT.exe
  2⤵
  PID:11980
- C:\Windows\System\PSKPdEk.exe
  C:\Windows\System\PSKPdEk.exe
  2⤵
  PID:11996
- C:\Windows\System\snzPDOO.exe
  C:\Windows\System\snzPDOO.exe
  2⤵
  PID:12032
- C:\Windows\System\fvagKxW.exe
  C:\Windows\System\fvagKxW.exe
  2⤵
  PID:12092
- C:\Windows\System\oYIcKzX.exe
  C:\Windows\System\oYIcKzX.exe
  2⤵
  PID:12160
- C:\Windows\System\hlCgnNH.exe
  C:\Windows\System\hlCgnNH.exe
  2⤵
  PID:12204
- C:\Windows\System\uwOEMHb.exe
  C:\Windows\System\uwOEMHb.exe
  2⤵
  PID:12224
- C:\Windows\System\YHVYxob.exe
  C:\Windows\System\YHVYxob.exe
  2⤵
  PID:12264
- C:\Windows\System\wmwWVLk.exe
  C:\Windows\System\wmwWVLk.exe
  2⤵
  PID:12284
- C:\Windows\System\zlCgmFq.exe
  C:\Windows\System\zlCgmFq.exe
  2⤵
  PID:11268
- C:\Windows\System\sQdCDao.exe
  C:\Windows\System\sQdCDao.exe
  2⤵
  PID:11364
- C:\Windows\System\whVlfLf.exe
  C:\Windows\System\whVlfLf.exe
  2⤵
  PID:11436
- C:\Windows\System\RvaqdRi.exe
  C:\Windows\System\RvaqdRi.exe
  2⤵
  PID:11516
- C:\Windows\System\zjkkSXZ.exe
  C:\Windows\System\zjkkSXZ.exe
  2⤵
  PID:11584
- C:\Windows\System\awMyGuG.exe
  C:\Windows\System\awMyGuG.exe
  2⤵
  PID:11620
- C:\Windows\System\HvEkpti.exe
  C:\Windows\System\HvEkpti.exe
  2⤵
  PID:11708
- C:\Windows\System\kqqXjmz.exe
  C:\Windows\System\kqqXjmz.exe
  2⤵
  PID:11720
- C:\Windows\System\dtjAoFN.exe
  C:\Windows\System\dtjAoFN.exe
  2⤵
  PID:11764
- C:\Windows\System\OexKeAy.exe
  C:\Windows\System\OexKeAy.exe
  2⤵
  PID:11780
- C:\Windows\System\kXtGVkl.exe
  C:\Windows\System\kXtGVkl.exe
  2⤵
  PID:11916
- C:\Windows\System\ZZqKmnZ.exe
  C:\Windows\System\ZZqKmnZ.exe
  2⤵
  PID:11972
- C:\Windows\System\MQqGjUK.exe
  C:\Windows\System\MQqGjUK.exe
  2⤵
  PID:11824
- C:\Windows\System\rcTAWtL.exe
  C:\Windows\System\rcTAWtL.exe
  2⤵
  PID:11896
- C:\Windows\System\VMavSiM.exe
  C:\Windows\System\VMavSiM.exe
  2⤵
  PID:12044
- C:\Windows\System\xTMdSMS.exe
  C:\Windows\System\xTMdSMS.exe
  2⤵
  PID:12080
- C:\Windows\System\VHpHDIl.exe
  C:\Windows\System\VHpHDIl.exe
  2⤵
  PID:12104
- C:\Windows\System\eBOipTk.exe
  C:\Windows\System\eBOipTk.exe
  2⤵
  PID:12244
- C:\Windows\System\anFhBEw.exe
  C:\Windows\System\anFhBEw.exe
  2⤵
  PID:12276
- C:\Windows\System\UllybWn.exe
  C:\Windows\System\UllybWn.exe
  2⤵
  PID:11500
- C:\Windows\System\xfesqYc.exe
  C:\Windows\System\xfesqYc.exe
  2⤵
  PID:10708
- C:\Windows\System\jJOTlDm.exe
  C:\Windows\System\jJOTlDm.exe
  2⤵
  PID:11784
- C:\Windows\System\lliQscn.exe
  C:\Windows\System\lliQscn.exe
  2⤵
  PID:11792
- C:\Windows\System\hJuHLCb.exe
  C:\Windows\System\hJuHLCb.exe
  2⤵
  PID:11932
- C:\Windows\System\etUcMTk.exe
  C:\Windows\System\etUcMTk.exe
  2⤵
  PID:12072
- C:\Windows\System\jKPgOag.exe
  C:\Windows\System\jKPgOag.exe
  2⤵
  PID:12252
- C:\Windows\System\KDfqLZs.exe
  C:\Windows\System\KDfqLZs.exe
  2⤵
  PID:11644
- C:\Windows\System\bGgOefT.exe
  C:\Windows\System\bGgOefT.exe
  2⤵
  PID:11736
- C:\Windows\System\LHcnUca.exe
  C:\Windows\System\LHcnUca.exe
  2⤵
  PID:11912
- C:\Windows\System\DPhrrFw.exe
  C:\Windows\System\DPhrrFw.exe
  2⤵
  PID:11528
- C:\Windows\System\JybNgXd.exe
  C:\Windows\System\JybNgXd.exe
  2⤵
  PID:12300
- C:\Windows\System\BKniXaS.exe
  C:\Windows\System\BKniXaS.exe
  2⤵
  PID:12316
- C:\Windows\System\FdlewVg.exe
  C:\Windows\System\FdlewVg.exe
  2⤵
  PID:12332
- C:\Windows\System\uSTYXXA.exe
  C:\Windows\System\uSTYXXA.exe
  2⤵
  PID:12372
- C:\Windows\System\biFsRbe.exe
  C:\Windows\System\biFsRbe.exe
  2⤵
  PID:12396
- C:\Windows\System\laybiuz.exe
  C:\Windows\System\laybiuz.exe
  2⤵
  PID:12416
- C:\Windows\System\giLvkLD.exe
  C:\Windows\System\giLvkLD.exe
  2⤵
  PID:12436
- C:\Windows\System\qieKZGF.exe
  C:\Windows\System\qieKZGF.exe
  2⤵
  PID:12484
- C:\Windows\System\IAmpZfh.exe
  C:\Windows\System\IAmpZfh.exe
  2⤵
  PID:12500
- C:\Windows\System\nCiAAtY.exe
  C:\Windows\System\nCiAAtY.exe
  2⤵
  PID:12520
- C:\Windows\System\rKdjSLD.exe
  C:\Windows\System\rKdjSLD.exe
  2⤵
  PID:12536
- C:\Windows\System\cUNsbeY.exe
  C:\Windows\System\cUNsbeY.exe
  2⤵
  PID:12584
- C:\Windows\System\LFhJMoH.exe
  C:\Windows\System\LFhJMoH.exe
  2⤵
  PID:12624
- C:\Windows\System\LKRwYDS.exe
  C:\Windows\System\LKRwYDS.exe
  2⤵
  PID:12652
- C:\Windows\System\qkIeUId.exe
  C:\Windows\System\qkIeUId.exe
  2⤵
  PID:12668
- C:\Windows\System\HegRvoT.exe
  C:\Windows\System\HegRvoT.exe
  2⤵
  PID:12708
- C:\Windows\System\zOGsSyi.exe
  C:\Windows\System\zOGsSyi.exe
  2⤵
  PID:12724
- C:\Windows\System\BStGOBD.exe
  C:\Windows\System\BStGOBD.exe
  2⤵
  PID:12764
- C:\Windows\System\BhOqCws.exe
  C:\Windows\System\BhOqCws.exe
  2⤵
  PID:12784
- C:\Windows\System\fXZQxNS.exe
  C:\Windows\System\fXZQxNS.exe
  2⤵
  PID:12808
- C:\Windows\System\yhEsDnM.exe
  C:\Windows\System\yhEsDnM.exe
  2⤵
  PID:12848
- C:\Windows\System\jBOAnLm.exe
  C:\Windows\System\jBOAnLm.exe
  2⤵
  PID:12872
- C:\Windows\System\vzEKVzn.exe
  C:\Windows\System\vzEKVzn.exe
  2⤵
  PID:12900
- C:\Windows\System\JYCaGpU.exe
  C:\Windows\System\JYCaGpU.exe
  2⤵
  PID:12920
- C:\Windows\System\AHajEyB.exe
  C:\Windows\System\AHajEyB.exe
  2⤵
  PID:12960
- C:\Windows\System\WBuzFfK.exe
  C:\Windows\System\WBuzFfK.exe
  2⤵
  PID:12988
- C:\Windows\System\ggjeaBK.exe
  C:\Windows\System\ggjeaBK.exe
  2⤵
  PID:13008
- C:\Windows\System\fPzisBD.exe
  C:\Windows\System\fPzisBD.exe
  2⤵
  PID:13036
- C:\Windows\System\iydtjgo.exe
  C:\Windows\System\iydtjgo.exe
  2⤵
  PID:13060
- C:\Windows\System\Cbhhwln.exe
  C:\Windows\System\Cbhhwln.exe
  2⤵
  PID:13100
- C:\Windows\System\CAqZtfX.exe
  C:\Windows\System\CAqZtfX.exe
  2⤵
  PID:13120
- C:\Windows\System\oALctsu.exe
  C:\Windows\System\oALctsu.exe
  2⤵
  PID:13144
- C:\Windows\System\smNFdLK.exe
  C:\Windows\System\smNFdLK.exe
  2⤵
  PID:13164
- C:\Windows\System\RRwKZRT.exe
  C:\Windows\System\RRwKZRT.exe
  2⤵
  PID:13188
- C:\Windows\System\lKLAeah.exe
  C:\Windows\System\lKLAeah.exe
  2⤵
  PID:13212
- C:\Windows\System\CrqFuSn.exe
  C:\Windows\System\CrqFuSn.exe
  2⤵
  PID:13252
- C:\Windows\System\CkECqcO.exe
  C:\Windows\System\CkECqcO.exe
  2⤵
  PID:13280
- C:\Windows\System\RNdltMd.exe
  C:\Windows\System\RNdltMd.exe
  2⤵
  PID:13300
- C:\Windows\System\YJuOoaE.exe
  C:\Windows\System\YJuOoaE.exe
  2⤵
  PID:11340
- C:\Windows\System\hpjnvmk.exe
  C:\Windows\System\hpjnvmk.exe
  2⤵
  PID:12328
- C:\Windows\System\qxXgkaV.exe
  C:\Windows\System\qxXgkaV.exe
  2⤵
  PID:12432
- C:\Windows\System\ikEfcFK.exe
  C:\Windows\System\ikEfcFK.exe
  2⤵
  PID:12468
- C:\Windows\System\fTAEgfJ.exe
  C:\Windows\System\fTAEgfJ.exe
  2⤵
  PID:12508
- C:\Windows\System\dEDcBBe.exe
  C:\Windows\System\dEDcBBe.exe
  2⤵
  PID:12568
- C:\Windows\System\FIzmRZZ.exe
  C:\Windows\System\FIzmRZZ.exe
  2⤵
  PID:12600
- C:\Windows\System\yvtAmce.exe
  C:\Windows\System\yvtAmce.exe
  2⤵
  PID:12660
- C:\Windows\System\DeDMjFi.exe
  C:\Windows\System\DeDMjFi.exe
  2⤵
  PID:12692
- C:\Windows\System\VKckkoT.exe
  C:\Windows\System\VKckkoT.exe
  2⤵
  PID:13044
- C:\Windows\System\FJPCVDO.exe
  C:\Windows\System\FJPCVDO.exe
  2⤵
  PID:13076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i0ybbe4g.5q5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ClWGRwh.exe

Filesize
1.8MB

MD5
62a98bc93f7ca3a885d434fba8dad21c

SHA1
69fc9ffcb78a2bb791f380c965b4bc3040fd1953

SHA256
9e435bccebe6277f2339b8eb412e11c4812d1f1ce9c9020559612b4125860ea9

SHA512
c77585666eb1c28dd7fcf6b8fcd97c361821d47d294db10ff348e408fca6a72ca8127073579859fdd6dd2bdfce33223ed80a43feabafa6fd7fde2ab10d406dbd

Download Submit
C:\Windows\System\CrsHDaz.exe

Filesize
1.8MB

MD5
3ad1d574df40ff7846fe85c1e632288e

SHA1
6cd2e9ff9ad8d6643074057758d718ab99d17745

SHA256
e339282160fef1fb92316123c29ba1e99dd898834871c6cf1e3ae06614892bad

SHA512
3721b122de2fe48a11ea9f5b6cf0872e5e2cd671f0b487aa8d34a396ef4ba179d5424c7ae62b5d5cbe8e97deb3a50c961a537e79e8068237d578e6a305903ceb

Download Submit
C:\Windows\System\DzZZxfq.exe

Filesize
1.9MB

MD5
1d578e41c6b61868602bc992bf33d6f6

SHA1
d429db531ed1b11dceae959cb25e58d31994867d

SHA256
bcd2e563cffe8d911c93203126c29ebe3a53e0cdd8feeb26aeede0f080340ec2

SHA512
4b2e35f9e2aecd04d7c9e5ccab2bfbdf43212e8de62f50fd670f18623ff698d871f8e09d71695f3d1595b5e3540118e311dfdae63643e3e6f9bd69eda927bb81

Download Submit
C:\Windows\System\EOFwjOY.exe

Filesize
1.8MB

MD5
46d1e45b2afd926e1212aada573e0aa3

SHA1
a20fb44485e863da0376b02957d30d883e3ace11

SHA256
79698b7e9f053bb3c36f36c799a842e0875b5ac83aad9ca0d4430fa92e0e577b

SHA512
6b9208bbac402531e4076be2cba0fb632a9b68a33fa54ecaa6c774c2dceb12bc6ef8255094ca92562d1419159fe7904d9e27d16c8d2bd5190af70cba5415c016

Download Submit
C:\Windows\System\HHMWxww.exe

Filesize
1.8MB

MD5
4e4ee9ac85501e4b0e579eadcf996901

SHA1
593c9db4222fdcc3facb667bb100249a1d0c4a5c

SHA256
0681f0cafcbd1a5c9b119640016859c6fd55d0ba28e6ff23b53d6767b3fa77f8

SHA512
a8819f0030ba4535b69ce6a7ca8d10d339ed183a4fcfcacce065d7146d249ed68cc8aa0326067f3e562a353fe802d64ae8da4dea31b5f41d8250d86e6ae84452

Download Submit
C:\Windows\System\IavvMou.exe

Filesize
1.9MB

MD5
23743d57489e041ed8b74488e0d26734

SHA1
2d2f59a8d6e1193c30086e48e41cb3d35201c380

SHA256
417dd310e6c54fe440cf35e1bc82a0e4f45aa96f8099e2d6837db4e77b2cf995

SHA512
6fa6e6ddcf8729b6df637842ab606355e3ba89dedd257164ea52fb586e5724272a23179ff72870629366b571e968cc92a38bc9d71f3040befbf51a3fe1fbc42c

Download Submit
C:\Windows\System\JWsJwLM.exe

Filesize
1.9MB

MD5
459a7227acb867f8d5b5931157d0d55b

SHA1
7c606865d1fffd0d8f0e34e36ce2362eccda0591

SHA256
470533875c94088ba68729243231257e68ffff8ebca0160ed83db220a845eff4

SHA512
195f63e50045470dc6bae970d0885465f1140754e63b7ea6a8758c3c393432928d4b3380f1389aa3c83a4dc212558ca22c284189dd3393d0b4b6852d7ee61bee

Download Submit
C:\Windows\System\LEVNtKe.exe

Filesize
1.8MB

MD5
13d2ae4904ae4afb981e9a2ac8593a0c

SHA1
e03627a952f976948935ba65de349d8fb76625c9

SHA256
1e391e6db2ede1b0768dce394263d700a75201fd99b53e7716db7b66ab8aa5f7

SHA512
568f978c22940887db133089e247c8e5796e832c22d8ad7baf1940dd0d41fe66ad96fb65aa9957dbbe8ba5cfeb6aa8f4ce1515a683d5b809797b4f8459ecce58

Download Submit
C:\Windows\System\OtzpnUs.exe

Filesize
1.8MB

MD5
fe347b498c5d259e83fc6c8f204cbaee

SHA1
1997233b556768a1e3dee2465abe4060bee7f00a

SHA256
a2f5cf437a108f1e95474cef6db0ddb48f3bbc9953bbe7a3ab5cebabf1ba68e3

SHA512
221c341ae3434ce6acbb203a6ccfc6d2dfa3fd75addc46d48ecfff81d85f851894bba8879d441302bb59a0cce29e9d6fd7905ac0aef4c885a75d78d53a836e79

Download Submit
C:\Windows\System\QDeYTyF.exe

Filesize
1.9MB

MD5
df35ffa48f9375902e76c02de3dcac4a

SHA1
73483076274e8ecf44ec99b84e914aece6aa2e23

SHA256
9551d8823f880cde07947483e1e463d24163f2d9f056b12706423b7f9fb6e231

SHA512
6f75b19e841b3eff59e826ea93527ef76e833dd1b2c17e7bf9c2b16737a9ff5207b37a30d5d7354371caab60f30d3459187fc8b129a012d16096ce948ce96b50

Download Submit
C:\Windows\System\QKEtxOV.exe

Filesize
1.9MB

MD5
bc9bcaf15edd473b2e1578d7e1474946

SHA1
99545a34268a199c879116b8b54d925c6c2302dd

SHA256
5d7341a44e509b5015880da56b338eb25ed46adb44589cd2e4a168aa32b8a2af

SHA512
2d39e068a38fc733690301ec45346e0ac6f94a508dd3940e238c874ccc1d7f9a5c2bfcbef44a91e99d3523ddeca1e812c4506f66c7820b2ef6a1e9b89a802d92

Download Submit
C:\Windows\System\VWNuLeO.exe

Filesize
1.8MB

MD5
707ea268b6602e0c67e207218b06e740

SHA1
ba4a97fd2320815f814022c1c67e4a34f8f1c495

SHA256
68aa40802502362bc507f2ffd91a149a9cb2b28bc79e1636e3a237ca4d9a5f34

SHA512
60ab86215749894b6994c7911283ab110c3971792cb662b989ca2d89ab612973cd09c5d4cbc75f7aaa585622b389d570b6ec42478e0f3cb5f3f1dd0ed1de4907

Download Submit
C:\Windows\System\WvhhbFT.exe

Filesize
1.8MB

MD5
c075c60d3da579e2c268e1ef1966d121

SHA1
64171ec064f77b74b50878a33ee61b345cb0d955

SHA256
5348a1cbab1393d20489252ebd5cf4f67cc12459a0e0028698d83b753970d8d8

SHA512
11a08acb260d48946fa1f5f366a6443829c4b655a995c210b3bd07c97fb0feb99e263097fcd3bfb75598fdd19779e5bae1d33215d711e1895efb43b21fb3172f

Download Submit
C:\Windows\System\dBMsxYj.exe

Filesize
1.8MB

MD5
0a3fc022dfad597e9357bf4c485c19c3

SHA1
6013511e1d8a56c25529c5e7978e8a34a6b7f176

SHA256
f481730bf6802cb208dd1b4e42e254c1d7c831c590abcd881292a82ca302f95c

SHA512
fc0f026b85c3553b7c57eaa93d8610bb5e62c274c911a929c229ead196879401007c547a4c7f44d897f69e28a976e6c536da0031316cb9af3da3a7384f9d821c

Download Submit
C:\Windows\System\dgqDNMd.exe

Filesize
1.9MB

MD5
826f943db737d4227b01e5253c3f9bd0

SHA1
27514ae5a6be7a0cabaabd64c53aa11c597c0cc6

SHA256
070511acb0116f60f9b5039825efc0147bb4795450fa2b831a8b9e40522555c1

SHA512
0112247cff06d5e6a653fff7572c392db1356b285db05710b06c855bb53b067fa029b20425c078bc1cd0dcb9fd588cab95ae8dc0f79a5d0b4854904437e5beb9

Download Submit
C:\Windows\System\eGKcUJG.exe

Filesize
1.8MB

MD5
5ce1c5681d0097f929cdf6a7e5f7475f

SHA1
6654da1949340b5385746cd712ebb165af96a4f2

SHA256
7012462d465f7503d1bddb5b93ea9e841244d50e98c17cba2a97af2ae036563c

SHA512
7840c21c67f232db43134cab7795580a2494365fdee4984113ebf934011a63a464d4e71f184896b5e5cd9f1e079753d99c9be3bac6ae3a0d7355953e00061d7f

Download Submit
C:\Windows\System\eTMJzyL.exe

Filesize
1.8MB

MD5
fa9a5253f7e51ece37cc30be6008ec8b

SHA1
e2d4a666c7e57102aa81624fffebd8671d34779f

SHA256
5828029559f1e562d61075f32f5cd5994fb8c1c28b2ab16fb420b1d8415d03d3

SHA512
8efe951bc87e981ef97550a42e335d72926195322eb35905579232c8cedeebecebbac52efaec20560dea81910e64deca285ec918add6654ae676b2546885b90b

Download Submit
C:\Windows\System\eZvwoyE.exe

Filesize
1.8MB

MD5
07d54acd47e69a6375b1ae05189ee090

SHA1
b3741a97350263ad1d07ef8a4cd86576d74a7257

SHA256
18118556ea635332341ba29b6e8f76ede0cbbd98cff8ef108a0b52f178ea6f4c

SHA512
fcc58444666a6d3aaa88f16d26bbd174b86b896967c002dbb9ac2d996f989ae029b5b861571dce86b637c897662cb46708944f5b626f9daf1d5c9a4abc4d81d0

Download Submit
C:\Windows\System\fQpnWHW.exe

Filesize
1.8MB

MD5
74bdf875386482ab80ada78353f2be5f

SHA1
cf4a092b4688add817b629acfe3b192f285dfc7d

SHA256
78fac5dc7784c1ae87c10c15d4e5ba17aa0479ead0916d3ed5fca68241f05f6b

SHA512
1c15bec02e1846b969575ee1ccc44db78b8a9e52f60cc645c4f72e6b66fef7b8174e078f8e10b87d121d7571bf0ae09a544054cea8de0cd7b075f8a9920c570a

Download Submit
C:\Windows\System\gkXdwkB.exe

Filesize
1.8MB

MD5
216fa65eb9e10d01935e5195f5f1c1f3

SHA1
69917d2d9cb01ec503e6c1e95b86b551290fbca5

SHA256
f67afea587966cf93d695312e6d38d314ad854e41226a6c17ec24011874e58a2

SHA512
97291eace9ef651651af18efbe00973d57689c752f6af20d068af24b381474e52195853dc78b155688e093bd58f74ae3f275ec8a636b83a88bc25058abf49b9b

Download Submit
C:\Windows\System\hNgnlWH.exe

Filesize
1.8MB

MD5
44da4228871518351719047adee8c28a

SHA1
11a6b6325536eb6f00c2e57fcff8e5b853d92050

SHA256
d22617309aba1228e8bcf0aefba23606b492f415f774b3e786480f07f4275aba

SHA512
bcb7d7cfbcaff0b252a77b56ae5cba725277505e8f9344b4da0bedf799fb5d13c76b74e52cc71c642b115b50840c9bc6c3c2abd525269300407c83b9adfaf24c

Download Submit
C:\Windows\System\hqOiUyn.exe

Filesize
1.8MB

MD5
577499cd27422b8509f3916432f205c1

SHA1
14b5211de8a349531577e029130f050110436899

SHA256
e0b1579e6d701450ada5c282171ca71842ddcae4e21ab86ea593dc3a0ccad060

SHA512
60c9205e30512a16c6a60bfa116568580707450229b9ae073ba919d3890d558da2e2304542cd509ae5734b8eafdfa92e8d1c463e60cd8c5fea2d67c7bd124e52

Download Submit
C:\Windows\System\hwjJKSL.exe

Filesize
1.8MB

MD5
fb8ced8b7d01fb1b9ee03579849d2ae2

SHA1
cd74e37bc5427f727d7df20463695a2c261aa820

SHA256
08b0e2fd6b5b4b0587f74f1adea558f7825db69e48feb9aa3da30d783a4e94d2

SHA512
c16952fe3d4b824feffeeca74afa71970285623a7c7c1234995fbe8c82f4949d502f38feca166fe57486c71900bb9268e942582c643b2fd0d2828caaff18df7d

Download Submit
C:\Windows\System\hyMLLzl.exe

Filesize
1.9MB

MD5
ed1555b888af7d6a936918b520365da1

SHA1
ad0c3d4a9c8950f60ecd8757950b5986a2923453

SHA256
dad9718bed6270cd2c093f8eccdae165f561882d2c74d01d3341088796a59d8a

SHA512
a36aa636ecdfb5e1da7e62812f8e2ad180496dec335d9f91790e319796a792e2c6955588c5e7e687436e90e33a2efd9ad8d2374bd66e804cbbf07117f1a73f6d

Download Submit
C:\Windows\System\jKVBiXR.exe

Filesize
1.9MB

MD5
1ea3331c61babc5b50b376e5bfe9bc23

SHA1
3950ce472fa4d315cd4ada566fd43f0859646df4

SHA256
387c74bdde58fe3b8311a6502689783f3f413a9cb3ce1913bee15b7d264a0b47

SHA512
f1f117226f0efdf96a8c49d605358ca3b83d4278be6b3d0ded54c46a9f0f1b02054187f6e192082010f1101fdc05c04d30a4b8ca10d1b547c9d3accb8fedf76c

Download Submit
C:\Windows\System\nfvNMpK.exe

Filesize
1.9MB

MD5
e8c227b7e8d3a4fe7ea889bd79e9d000

SHA1
c612f56fae3e0d66d9c67b241b780311e75eddc0

SHA256
be5dad38710b4bcd74e868b688df6b092c49ef172226e1261239479b84eac1fc

SHA512
da78d370e7992075c3796f1ff7e4fc085782fff8175f7b9427c2ce0e438e83e78a5232325fc58f559cb62e0b1dc5afafd5bac3e7090159eca923513a18f2f380

Download Submit
C:\Windows\System\nqNbPwg.exe

Filesize
1.9MB

MD5
23379f0f3d8aea8594add71d5a4206d3

SHA1
e3d79db8ae98e3585c944bceb0c1564866ccdb91

SHA256
dbb3a46d39cc633b2949667c6b9689695ca4ceda922cecd6f9583f22d90a6f41

SHA512
d5b78f53aa521faa20c30585b4417b8ed941618cc0ffa40870ec252dc6fc5d88eaf2bbd2486042bee34254bbbf9406af5aff8ffcd17f095f220a04e7999f4ce3

Download Submit
C:\Windows\System\pkIzMHc.exe

Filesize
1.8MB

MD5
b7a54592879a6e41dd80f5bf726090e6

SHA1
bc3309b974578f2ef3a481483f57e01317c81c36

SHA256
d68fd7a0adfdc5947a773c940635a6a3ea90a6f928c5a6b6ae9974d4c49737eb

SHA512
20cc82eed22ce734efed2fdb8900734f35ecabc56f0bda23c1df1a139bf1af6b3b8aa1ecd24a3156c5dabb8fb65c84cef961bdcc2c6c5c7c11d43d51ae114560

Download Submit
C:\Windows\System\ucwDzia.exe

Filesize
1.8MB

MD5
02e33754b2661e68db9595c520bd6c11

SHA1
78a0b4c9943397923402b54beb295d5f26e38274

SHA256
28a5d55fa3b5106c930a982f22739ee788e501eb063e4cd4f77d4d8f195f17ae

SHA512
2e8ad61c35fac82b858506a1a3f486fca86e09c59bd4b1130cb349557e6a3bf0a37baeeb187bacb18170435a96b2b377e22049d73749288e363e3826bc8f444f

Download Submit
C:\Windows\System\vnzykBo.exe

Filesize
8B

MD5
3277aa72bb7d7f1eb1043502fbd1c406

SHA1
8712dca2f3fbc82bf0cbbeecdc5d6a26c87f443c

SHA256
e94b62f30c9ce8b0b5cea14d4367a52fe08005d1bd56ca932a1fd7fc15c61bc9

SHA512
9fb0369549dba8937fb796cbc4ade6bacf540f10f98e02675f1b04c615cbb49e396cdbd25cd29de56c7bfb889c8464199939a84fa31434a75c020caeb4f9f503

Download Submit
C:\Windows\System\wWBuqjn.exe

Filesize
1.8MB

MD5
1ffd6fb855e4c1e4cf1e1301d5e35cc0

SHA1
b57f97c55e826e52c03862575778a0a78b6459d3

SHA256
1ac9ec56d100c73a7717a8e7bcb5965cd428ed2cec0bd1a6ef16e778c6f29e64

SHA512
75c8b254a4437bcc820965abbadb22079b85bbe6e6f56a47d361998075db06b9bd9a9ee1642047cd200fb1122c627c5d193dbc17b348b2026227c072248e5ee0

Download Submit
C:\Windows\System\xhuavwN.exe

Filesize
1.8MB

MD5
f5a0702c5c7c60d7fb0af651f93ed679

SHA1
100da96298fa0b71cadbb9d708936e67ba19c5dc

SHA256
448d9478f48af99c68fb96d461d305d1ec78c9630853baba66b873f7935f81f8

SHA512
1a551afb51062690035a7ce30f63a127e251bbed74c1185162778c3f35347b9e5fae574cca1f7ba9743131ae7559b6a726e34f08657b96813bfc1c3a33afe3b4

Download Submit
C:\Windows\System\xxMrRop.exe

Filesize
1.9MB

MD5
3b006594bc5f637d50d78c6c9f6e1244

SHA1
b4ac58eeacc57ce8e701dcc067c3a244217b91e7

SHA256
217ecf0ad575a5784ba6c966e5fa0fd5328707ff86f7cc69a7de984d764a6b07

SHA512
793bf25159d503a68e5dcdf9c23fef6dd9e98485e5a1f1df6d049952b9ab161721256440c086fea872aaf5a62aaab1ca92ff379c408f4415d69f9e42b812d7b8

Download Submit
C:\Windows\System\zJkvSeA.exe

Filesize
1.8MB

MD5
7acd2b2a16a7ae86d5b8996806ba1b14

SHA1
1574905de735a93f11d0b44cbad84e80f3308c41

SHA256
d1bb0171073f15eba234456b828b85addc37cc9d024c34a7b1d58ffbf4871d84

SHA512
6990bd2242724b65572917314873802dbc2286b6b86a35ea1a1f40c49ed7e43eb5cc4e20f057ffcaaeb5c607032c43137c08c1c5452cd9028ada54ed44c72ca0

Download Submit
memory/712-32-0x00007FF639220000-0x00007FF639612000-memory.dmp

Filesize
3.9MB

Download
memory/868-336-0x00007FF697FF0000-0x00007FF6983E2000-memory.dmp

Filesize
3.9MB

Download
memory/880-103-0x00007FF6BFEC0000-0x00007FF6C02B2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-350-0x00007FF707A40000-0x00007FF707E32000-memory.dmp

Filesize
3.9MB

Download
memory/1712-46-0x00007FF77E9A0000-0x00007FF77ED92000-memory.dmp

Filesize
3.9MB

Download
memory/2368-347-0x00007FF741680000-0x00007FF741A72000-memory.dmp

Filesize
3.9MB

Download
memory/2580-65-0x00007FF67DF30000-0x00007FF67E322000-memory.dmp

Filesize
3.9MB

Download
memory/2776-49-0x00007FF781210000-0x00007FF781602000-memory.dmp

Filesize
3.9MB

Download
memory/3188-30-0x000002B3D0700000-0x000002B3D0710000-memory.dmp

Filesize
64KB

Download
memory/3188-434-0x000002B3D3530000-0x000002B3D3CD6000-memory.dmp

Filesize
7.6MB

Download
memory/3188-62-0x000002B3D0660000-0x000002B3D0682000-memory.dmp

Filesize
136KB

Download
memory/3188-31-0x000002B3D0700000-0x000002B3D0710000-memory.dmp

Filesize
64KB

Download
memory/3188-25-0x00007FFFD41B0000-0x00007FFFD4C71000-memory.dmp

Filesize
10.8MB

Download
memory/3236-37-0x00007FF789B00000-0x00007FF789EF2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-90-0x00007FF65F0D0000-0x00007FF65F4C2000-memory.dmp

Filesize
3.9MB

Download
memory/3252-337-0x00007FF672520000-0x00007FF672912000-memory.dmp

Filesize
3.9MB

Download
memory/3544-106-0x00007FF7D92F0000-0x00007FF7D96E2000-memory.dmp

Filesize
3.9MB

Download
memory/3588-78-0x00007FF74E0C0000-0x00007FF74E4B2000-memory.dmp

Filesize
3.9MB

Download
memory/3608-343-0x00007FF6E5BD0000-0x00007FF6E5FC2000-memory.dmp

Filesize
3.9MB

Download
memory/3888-97-0x00007FF7F2010000-0x00007FF7F2402000-memory.dmp

Filesize
3.9MB

Download
memory/4264-334-0x00007FF7BC170000-0x00007FF7BC562000-memory.dmp

Filesize
3.9MB

Download
memory/4344-351-0x00007FF724240000-0x00007FF724632000-memory.dmp

Filesize
3.9MB

Download
memory/4428-339-0x00007FF7C4ED0000-0x00007FF7C52C2000-memory.dmp

Filesize
3.9MB

Download
memory/4468-80-0x00007FF6ABE80000-0x00007FF6AC272000-memory.dmp

Filesize
3.9MB

Download
memory/4716-57-0x00007FF7C6C30000-0x00007FF7C7022000-memory.dmp

Filesize
3.9MB

Download
memory/4816-352-0x00007FF701480000-0x00007FF701872000-memory.dmp

Filesize
3.9MB

Download
memory/4828-0-0x00007FF77E580000-0x00007FF77E972000-memory.dmp

Filesize
3.9MB

Download
memory/4828-1-0x0000025D8B8E0000-0x0000025D8B8F0000-memory.dmp

Filesize
64KB

Download