xmrig | b8685b9188e596aef8bcde8edf8e73cbb15c8d2f5c46d14b3c90dc9e5f9ccd76

Analysis

max time kernel
33s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 05:03

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
Size

1.9MB
MD5

0914ee9102023925991c53a9f0fe8a28
SHA1

659a574e9975a7a82d19146906935bee2a444f5c
SHA256

b8685b9188e596aef8bcde8edf8e73cbb15c8d2f5c46d14b3c90dc9e5f9ccd76
SHA512

5d7ac0cb75441c945088d5ed497bde467355c8e23cdbd71a5f59ce0fb8a751afcb2b788e20d411685cb7539f97525c893c501a9c523e3e71bb56e2f63c3def62
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+U13:NABc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 18 IoCs

miner

resource	yara_rule
behavioral2/memory/2620-29-0x00007FF6888B0000-0x00007FF688CA2000-memory.dmp	xmrig
behavioral2/memory/3712-33-0x00007FF70E7E0000-0x00007FF70EBD2000-memory.dmp	xmrig
behavioral2/memory/1856-539-0x00007FF6D4450000-0x00007FF6D4842000-memory.dmp	xmrig
behavioral2/memory/1872-540-0x00007FF6568A0000-0x00007FF656C92000-memory.dmp	xmrig
behavioral2/memory/3432-541-0x00007FF7DE540000-0x00007FF7DE932000-memory.dmp	xmrig
behavioral2/memory/3400-542-0x00007FF6AB850000-0x00007FF6ABC42000-memory.dmp	xmrig
behavioral2/memory/4864-543-0x00007FF61D830000-0x00007FF61DC22000-memory.dmp	xmrig
behavioral2/memory/1480-544-0x00007FF6F8B90000-0x00007FF6F8F82000-memory.dmp	xmrig
behavioral2/memory/2932-545-0x00007FF6D0170000-0x00007FF6D0562000-memory.dmp	xmrig
behavioral2/memory/2460-546-0x00007FF6C4DA0000-0x00007FF6C5192000-memory.dmp	xmrig
behavioral2/memory/452-84-0x00007FF6AC8D0000-0x00007FF6ACCC2000-memory.dmp	xmrig
behavioral2/memory/2080-64-0x00007FF697020000-0x00007FF697412000-memory.dmp	xmrig
behavioral2/memory/1128-41-0x00007FF6BA960000-0x00007FF6BAD52000-memory.dmp	xmrig
behavioral2/memory/3616-38-0x00007FF7C26B0000-0x00007FF7C2AA2000-memory.dmp	xmrig
behavioral2/memory/2556-37-0x00007FF657830000-0x00007FF657C22000-memory.dmp	xmrig
behavioral2/memory/716-2656-0x00007FF759060000-0x00007FF759452000-memory.dmp	xmrig
behavioral2/memory/1064-2659-0x00007FF6C6C80000-0x00007FF6C7072000-memory.dmp	xmrig
behavioral2/memory/2716-3021-0x00007FF63C7D0000-0x00007FF63CBC2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	1224	powershell.exe
7	1224	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1128	bjkaZXt.exe
2620	kllLdDk.exe
3712	hDdTsZo.exe
2556	lKQUFTZ.exe
3616	hKBiBPH.exe
716	xWTuKDi.exe
2080	OTaDYTx.exe
1064	TwknPMk.exe
2716	lzOXApF.exe
452	zMOlmQo.exe
2288	ndrsCCm.exe
3680	BOaievA.exe
2464	cTyOdze.exe
1856	dILekrT.exe
1872	ebPbVuG.exe
3432	aKfSuvR.exe
3400	EQmiqYv.exe
4864	bdeUQbj.exe
1480	KZTvFdC.exe
2932	BPOFHbS.exe
2460	MmpVGYe.exe
3232	ukqZCBI.exe
2248	uYBdhfU.exe
2084	RJSgvkf.exe
2840	MhgaGkG.exe
3192	ulBftkH.exe
4812	yIyumLO.exe
1360	joTUKsi.exe
1632	CNUSyTq.exe
3244	IpNVQxR.exe
5036	QZttSZc.exe
2040	XJyLeYZ.exe
2740	LlJEtkw.exe
2424	YUYYGAU.exe
2704	zJfyWJT.exe
848	cKaWSSn.exe
3740	QYcWHSQ.exe
816	mMPBihi.exe
4656	vYaIdut.exe
4408	eaDvjxo.exe
4296	TjsnOTw.exe
5112	pmFTsFU.exe
1376	ioRiYDG.exe
1752	sPLrcST.exe
464	aQlWKmG.exe
728	HKIQyuz.exe
3916	nIbkbAw.exe
1528	wdrgrZe.exe
4300	OPSbtvu.exe
3508	OYtRyxq.exe
3872	UCiJIcO.exe
4468	fYCKJEJ.exe
3204	yGUMkVl.exe
3052	tXOnZEs.exe
4712	OBKzyDQ.exe
3484	MclcsXX.exe
1244	jCCWCUf.exe
1784	eFqyXTz.exe
1104	PVPGbGv.exe
2384	MnvAHpL.exe
2072	wtzCvME.exe
2452	NWLsqwA.exe
4400	vblpjUO.exe
3524	DalRwFp.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4068-0-0x00007FF79A590000-0x00007FF79A982000-memory.dmp	upx
behavioral2/files/0x000b000000023ba8-5.dat	upx
behavioral2/files/0x000a000000023ba9-8.dat	upx
behavioral2/files/0x000a000000023bac-22.dat	upx
behavioral2/memory/2620-29-0x00007FF6888B0000-0x00007FF688CA2000-memory.dmp	upx
behavioral2/memory/3712-33-0x00007FF70E7E0000-0x00007FF70EBD2000-memory.dmp	upx
behavioral2/memory/716-55-0x00007FF759060000-0x00007FF759452000-memory.dmp	upx
behavioral2/files/0x000b000000023bb2-72.dat	upx
behavioral2/files/0x000a000000023bb0-75.dat	upx
behavioral2/files/0x0031000000023bb4-88.dat	upx
behavioral2/files/0x0031000000023bb5-91.dat	upx
behavioral2/files/0x000a000000023bbc-138.dat	upx
behavioral2/files/0x000a000000023bbf-153.dat	upx
behavioral2/files/0x000a000000023bc2-165.dat	upx
behavioral2/files/0x000a000000023bc5-183.dat	upx
behavioral2/memory/1856-539-0x00007FF6D4450000-0x00007FF6D4842000-memory.dmp	upx
behavioral2/memory/1872-540-0x00007FF6568A0000-0x00007FF656C92000-memory.dmp	upx
behavioral2/memory/3432-541-0x00007FF7DE540000-0x00007FF7DE932000-memory.dmp	upx
behavioral2/memory/3400-542-0x00007FF6AB850000-0x00007FF6ABC42000-memory.dmp	upx
behavioral2/memory/4864-543-0x00007FF61D830000-0x00007FF61DC22000-memory.dmp	upx
behavioral2/memory/1480-544-0x00007FF6F8B90000-0x00007FF6F8F82000-memory.dmp	upx
behavioral2/memory/2932-545-0x00007FF6D0170000-0x00007FF6D0562000-memory.dmp	upx
behavioral2/memory/2460-546-0x00007FF6C4DA0000-0x00007FF6C5192000-memory.dmp	upx
behavioral2/files/0x000a000000023bc6-186.dat	upx
behavioral2/files/0x000a000000023bc4-179.dat	upx
behavioral2/files/0x000a000000023bc3-173.dat	upx
behavioral2/files/0x000a000000023bc1-163.dat	upx
behavioral2/files/0x000a000000023bc0-159.dat	upx
behavioral2/files/0x000a000000023bbe-149.dat	upx
behavioral2/files/0x000a000000023bbd-144.dat	upx
behavioral2/files/0x000a000000023bbb-134.dat	upx
behavioral2/files/0x000a000000023bba-128.dat	upx
behavioral2/files/0x000a000000023bb9-124.dat	upx
behavioral2/files/0x000a000000023bb8-118.dat	upx
behavioral2/files/0x000a000000023bb7-114.dat	upx
behavioral2/files/0x0031000000023bb6-108.dat	upx
behavioral2/files/0x000b000000023bb1-104.dat	upx
behavioral2/files/0x000b000000023ba6-96.dat	upx
behavioral2/memory/2464-90-0x00007FF6B0CE0000-0x00007FF6B10D2000-memory.dmp	upx
behavioral2/memory/3680-87-0x00007FF601190000-0x00007FF601582000-memory.dmp	upx
behavioral2/memory/452-84-0x00007FF6AC8D0000-0x00007FF6ACCC2000-memory.dmp	upx
behavioral2/files/0x000a000000023bb3-78.dat	upx
behavioral2/memory/2288-77-0x00007FF7B7B20000-0x00007FF7B7F12000-memory.dmp	upx
behavioral2/memory/2716-73-0x00007FF63C7D0000-0x00007FF63CBC2000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-65.dat	upx
behavioral2/memory/2080-64-0x00007FF697020000-0x00007FF697412000-memory.dmp	upx
behavioral2/memory/1064-63-0x00007FF6C6C80000-0x00007FF6C7072000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-50.dat	upx
behavioral2/files/0x000a000000023bad-49.dat	upx
behavioral2/memory/1128-41-0x00007FF6BA960000-0x00007FF6BAD52000-memory.dmp	upx
behavioral2/memory/3616-38-0x00007FF7C26B0000-0x00007FF7C2AA2000-memory.dmp	upx
behavioral2/memory/2556-37-0x00007FF657830000-0x00007FF657C22000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-27.dat	upx
behavioral2/files/0x000a000000023baa-13.dat	upx
behavioral2/memory/716-2656-0x00007FF759060000-0x00007FF759452000-memory.dmp	upx
behavioral2/memory/1064-2659-0x00007FF6C6C80000-0x00007FF6C7072000-memory.dmp	upx
behavioral2/memory/2716-3021-0x00007FF63C7D0000-0x00007FF63CBC2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yqFpVoO.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\YDkgZyQ.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\cdOQGse.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\KnBuKqq.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\QPhoIPq.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\xhaIJVr.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\aAAxeVk.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\gNhlLUa.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\zFcaHrh.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\WjbgKYu.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\DUMOPQa.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\lmsgRZZ.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\uHWFGpD.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\KIIdflk.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\EUensKD.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\bwzHoun.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\JsJGjRN.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\hqxXNAP.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\YtCPzfk.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\oOdNqcx.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\XRRBcgy.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\jftxWdk.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\AFqgCSH.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\DSGwqyh.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\YUoJEbv.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\XXwaLXn.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\glrQuSN.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\cMpiuck.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\XSzaXSq.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\dhyGlOo.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\dfjIClZ.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\hGIJqdN.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\xtkSqHE.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\PgKFagG.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\IxEzXnl.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\jSyUgjD.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\qLWabHI.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\ICsyZAf.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\JUaMTAH.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\mMPBihi.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\qeYOWbT.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\JwimAXX.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\hUwyHmv.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\mjlliYP.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\lcjZMRN.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\YycIfxv.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\NwJvlcY.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\BXTzsvQ.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\mnThLTV.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\pnDFZoK.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\nIsDQmH.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\kvcEZez.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\vCwlemH.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\vwnWpUY.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\OTaDYTx.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\gYpBmOz.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\PVPGbGv.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\YjBMmow.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\qUwVBrE.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\drqGpxk.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\MfCafnR.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\JFbzDKO.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\npVyUjI.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
File created	C:\Windows\System\XHjdgOz.exe	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1224	powershell.exe
1224	powershell.exe
1224	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1224	powershell.exe
Token: SeLockMemoryPrivilege	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 1224	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	86
PID 4068 wrote to memory of 1224	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	86
PID 4068 wrote to memory of 1128	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	87
PID 4068 wrote to memory of 1128	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	87
PID 4068 wrote to memory of 2620	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	88
PID 4068 wrote to memory of 2620	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	88
PID 4068 wrote to memory of 3712	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	89
PID 4068 wrote to memory of 3712	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	89
PID 4068 wrote to memory of 2556	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	90
PID 4068 wrote to memory of 2556	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	90
PID 4068 wrote to memory of 3616	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	91
PID 4068 wrote to memory of 3616	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	91
PID 4068 wrote to memory of 716	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	92
PID 4068 wrote to memory of 716	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	92
PID 4068 wrote to memory of 2080	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	93
PID 4068 wrote to memory of 2080	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	93
PID 4068 wrote to memory of 1064	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	94
PID 4068 wrote to memory of 1064	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	94
PID 4068 wrote to memory of 2716	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	95
PID 4068 wrote to memory of 2716	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	95
PID 4068 wrote to memory of 452	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	96
PID 4068 wrote to memory of 452	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	96
PID 4068 wrote to memory of 2288	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	97
PID 4068 wrote to memory of 2288	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	97
PID 4068 wrote to memory of 3680	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	98
PID 4068 wrote to memory of 3680	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	98
PID 4068 wrote to memory of 2464	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	99
PID 4068 wrote to memory of 2464	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	99
PID 4068 wrote to memory of 1856	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	100
PID 4068 wrote to memory of 1856	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	100
PID 4068 wrote to memory of 1872	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	101
PID 4068 wrote to memory of 1872	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	101
PID 4068 wrote to memory of 3432	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	102
PID 4068 wrote to memory of 3432	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	102
PID 4068 wrote to memory of 3400	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	103
PID 4068 wrote to memory of 3400	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	103
PID 4068 wrote to memory of 4864	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	104
PID 4068 wrote to memory of 4864	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	104
PID 4068 wrote to memory of 1480	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	105
PID 4068 wrote to memory of 1480	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	105
PID 4068 wrote to memory of 2932	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	106
PID 4068 wrote to memory of 2932	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	106
PID 4068 wrote to memory of 2460	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	107
PID 4068 wrote to memory of 2460	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	107
PID 4068 wrote to memory of 3232	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	108
PID 4068 wrote to memory of 3232	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	108
PID 4068 wrote to memory of 2248	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	109
PID 4068 wrote to memory of 2248	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	109
PID 4068 wrote to memory of 2084	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	110
PID 4068 wrote to memory of 2084	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	110
PID 4068 wrote to memory of 2840	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	111
PID 4068 wrote to memory of 2840	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	111
PID 4068 wrote to memory of 3192	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	112
PID 4068 wrote to memory of 3192	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	112
PID 4068 wrote to memory of 4812	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	113
PID 4068 wrote to memory of 4812	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	113
PID 4068 wrote to memory of 1360	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	114
PID 4068 wrote to memory of 1360	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	114
PID 4068 wrote to memory of 1632	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	115
PID 4068 wrote to memory of 1632	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	115
PID 4068 wrote to memory of 3244	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	116
PID 4068 wrote to memory of 3244	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	116
PID 4068 wrote to memory of 5036	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	117
PID 4068 wrote to memory of 5036	4068	0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0914ee9102023925991c53a9f0fe8a28_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1224
- C:\Windows\System\bjkaZXt.exe
  C:\Windows\System\bjkaZXt.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\kllLdDk.exe
  C:\Windows\System\kllLdDk.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\hDdTsZo.exe
  C:\Windows\System\hDdTsZo.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\lKQUFTZ.exe
  C:\Windows\System\lKQUFTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\hKBiBPH.exe
  C:\Windows\System\hKBiBPH.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\xWTuKDi.exe
  C:\Windows\System\xWTuKDi.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\OTaDYTx.exe
  C:\Windows\System\OTaDYTx.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TwknPMk.exe
  C:\Windows\System\TwknPMk.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\lzOXApF.exe
  C:\Windows\System\lzOXApF.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\zMOlmQo.exe
  C:\Windows\System\zMOlmQo.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ndrsCCm.exe
  C:\Windows\System\ndrsCCm.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\BOaievA.exe
  C:\Windows\System\BOaievA.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\cTyOdze.exe
  C:\Windows\System\cTyOdze.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\dILekrT.exe
  C:\Windows\System\dILekrT.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ebPbVuG.exe
  C:\Windows\System\ebPbVuG.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\aKfSuvR.exe
  C:\Windows\System\aKfSuvR.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\EQmiqYv.exe
  C:\Windows\System\EQmiqYv.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\bdeUQbj.exe
  C:\Windows\System\bdeUQbj.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\KZTvFdC.exe
  C:\Windows\System\KZTvFdC.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\BPOFHbS.exe
  C:\Windows\System\BPOFHbS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\MmpVGYe.exe
  C:\Windows\System\MmpVGYe.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ukqZCBI.exe
  C:\Windows\System\ukqZCBI.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\uYBdhfU.exe
  C:\Windows\System\uYBdhfU.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\RJSgvkf.exe
  C:\Windows\System\RJSgvkf.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\MhgaGkG.exe
  C:\Windows\System\MhgaGkG.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ulBftkH.exe
  C:\Windows\System\ulBftkH.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\yIyumLO.exe
  C:\Windows\System\yIyumLO.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\joTUKsi.exe
  C:\Windows\System\joTUKsi.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\CNUSyTq.exe
  C:\Windows\System\CNUSyTq.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\IpNVQxR.exe
  C:\Windows\System\IpNVQxR.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\QZttSZc.exe
  C:\Windows\System\QZttSZc.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\XJyLeYZ.exe
  C:\Windows\System\XJyLeYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\LlJEtkw.exe
  C:\Windows\System\LlJEtkw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\YUYYGAU.exe
  C:\Windows\System\YUYYGAU.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\zJfyWJT.exe
  C:\Windows\System\zJfyWJT.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\cKaWSSn.exe
  C:\Windows\System\cKaWSSn.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\QYcWHSQ.exe
  C:\Windows\System\QYcWHSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\mMPBihi.exe
  C:\Windows\System\mMPBihi.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\vYaIdut.exe
  C:\Windows\System\vYaIdut.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\eaDvjxo.exe
  C:\Windows\System\eaDvjxo.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\TjsnOTw.exe
  C:\Windows\System\TjsnOTw.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\pmFTsFU.exe
  C:\Windows\System\pmFTsFU.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\ioRiYDG.exe
  C:\Windows\System\ioRiYDG.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\sPLrcST.exe
  C:\Windows\System\sPLrcST.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\aQlWKmG.exe
  C:\Windows\System\aQlWKmG.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\HKIQyuz.exe
  C:\Windows\System\HKIQyuz.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\nIbkbAw.exe
  C:\Windows\System\nIbkbAw.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\wdrgrZe.exe
  C:\Windows\System\wdrgrZe.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\OPSbtvu.exe
  C:\Windows\System\OPSbtvu.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\OYtRyxq.exe
  C:\Windows\System\OYtRyxq.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\UCiJIcO.exe
  C:\Windows\System\UCiJIcO.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\fYCKJEJ.exe
  C:\Windows\System\fYCKJEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\yGUMkVl.exe
  C:\Windows\System\yGUMkVl.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\tXOnZEs.exe
  C:\Windows\System\tXOnZEs.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\OBKzyDQ.exe
  C:\Windows\System\OBKzyDQ.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\MclcsXX.exe
  C:\Windows\System\MclcsXX.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\jCCWCUf.exe
  C:\Windows\System\jCCWCUf.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\eFqyXTz.exe
  C:\Windows\System\eFqyXTz.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\PVPGbGv.exe
  C:\Windows\System\PVPGbGv.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\MnvAHpL.exe
  C:\Windows\System\MnvAHpL.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\wtzCvME.exe
  C:\Windows\System\wtzCvME.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\NWLsqwA.exe
  C:\Windows\System\NWLsqwA.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\vblpjUO.exe
  C:\Windows\System\vblpjUO.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\DalRwFp.exe
  C:\Windows\System\DalRwFp.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\FtTJYer.exe
  C:\Windows\System\FtTJYer.exe
  2⤵
  PID:3792
- C:\Windows\System\bigzKlH.exe
  C:\Windows\System\bigzKlH.exe
  2⤵
  PID:4664
- C:\Windows\System\MAdlPrO.exe
  C:\Windows\System\MAdlPrO.exe
  2⤵
  PID:4272
- C:\Windows\System\EQCirRW.exe
  C:\Windows\System\EQCirRW.exe
  2⤵
  PID:4612
- C:\Windows\System\SoHMvnH.exe
  C:\Windows\System\SoHMvnH.exe
  2⤵
  PID:5140
- C:\Windows\System\MSgmuXr.exe
  C:\Windows\System\MSgmuXr.exe
  2⤵
  PID:5172
- C:\Windows\System\cDfjmlI.exe
  C:\Windows\System\cDfjmlI.exe
  2⤵
  PID:5204
- C:\Windows\System\HVJfARx.exe
  C:\Windows\System\HVJfARx.exe
  2⤵
  PID:5232
- C:\Windows\System\QulWeBX.exe
  C:\Windows\System\QulWeBX.exe
  2⤵
  PID:5260
- C:\Windows\System\kFJxWbr.exe
  C:\Windows\System\kFJxWbr.exe
  2⤵
  PID:5288
- C:\Windows\System\oVHDTTr.exe
  C:\Windows\System\oVHDTTr.exe
  2⤵
  PID:5316
- C:\Windows\System\oOdNqcx.exe
  C:\Windows\System\oOdNqcx.exe
  2⤵
  PID:5344
- C:\Windows\System\ZOUUpKA.exe
  C:\Windows\System\ZOUUpKA.exe
  2⤵
  PID:5372
- C:\Windows\System\AHMqRXX.exe
  C:\Windows\System\AHMqRXX.exe
  2⤵
  PID:5400
- C:\Windows\System\UqTFfvA.exe
  C:\Windows\System\UqTFfvA.exe
  2⤵
  PID:5428
- C:\Windows\System\yUNPkUY.exe
  C:\Windows\System\yUNPkUY.exe
  2⤵
  PID:5456
- C:\Windows\System\gjjsXYX.exe
  C:\Windows\System\gjjsXYX.exe
  2⤵
  PID:5484
- C:\Windows\System\TuiwFdB.exe
  C:\Windows\System\TuiwFdB.exe
  2⤵
  PID:5512
- C:\Windows\System\sRLMFey.exe
  C:\Windows\System\sRLMFey.exe
  2⤵
  PID:5540
- C:\Windows\System\NHuYNAy.exe
  C:\Windows\System\NHuYNAy.exe
  2⤵
  PID:5568
- C:\Windows\System\proOugg.exe
  C:\Windows\System\proOugg.exe
  2⤵
  PID:5596
- C:\Windows\System\sMLtuZK.exe
  C:\Windows\System\sMLtuZK.exe
  2⤵
  PID:5624
- C:\Windows\System\IFSVNXC.exe
  C:\Windows\System\IFSVNXC.exe
  2⤵
  PID:5652
- C:\Windows\System\qfoDISN.exe
  C:\Windows\System\qfoDISN.exe
  2⤵
  PID:5680
- C:\Windows\System\CaQnKuz.exe
  C:\Windows\System\CaQnKuz.exe
  2⤵
  PID:5724
- C:\Windows\System\KADQPly.exe
  C:\Windows\System\KADQPly.exe
  2⤵
  PID:5744
- C:\Windows\System\xjQuYrU.exe
  C:\Windows\System\xjQuYrU.exe
  2⤵
  PID:5772
- C:\Windows\System\eyWIYDJ.exe
  C:\Windows\System\eyWIYDJ.exe
  2⤵
  PID:5788
- C:\Windows\System\ICzvOvn.exe
  C:\Windows\System\ICzvOvn.exe
  2⤵
  PID:5816
- C:\Windows\System\zyqBOLr.exe
  C:\Windows\System\zyqBOLr.exe
  2⤵
  PID:5844
- C:\Windows\System\vMLXZmv.exe
  C:\Windows\System\vMLXZmv.exe
  2⤵
  PID:5872
- C:\Windows\System\fGokPuH.exe
  C:\Windows\System\fGokPuH.exe
  2⤵
  PID:5900
- C:\Windows\System\wiPgMMX.exe
  C:\Windows\System\wiPgMMX.exe
  2⤵
  PID:5928
- C:\Windows\System\DIPHUGd.exe
  C:\Windows\System\DIPHUGd.exe
  2⤵
  PID:5956
- C:\Windows\System\GvjjSAj.exe
  C:\Windows\System\GvjjSAj.exe
  2⤵
  PID:5984
- C:\Windows\System\VaMZcgx.exe
  C:\Windows\System\VaMZcgx.exe
  2⤵
  PID:6012
- C:\Windows\System\GYCQwFP.exe
  C:\Windows\System\GYCQwFP.exe
  2⤵
  PID:6040
- C:\Windows\System\ICsyZAf.exe
  C:\Windows\System\ICsyZAf.exe
  2⤵
  PID:6068
- C:\Windows\System\yoUfdKT.exe
  C:\Windows\System\yoUfdKT.exe
  2⤵
  PID:6096
- C:\Windows\System\SaEUeHn.exe
  C:\Windows\System\SaEUeHn.exe
  2⤵
  PID:6124
- C:\Windows\System\jONVWpd.exe
  C:\Windows\System\jONVWpd.exe
  2⤵
  PID:2420
- C:\Windows\System\INPjgXO.exe
  C:\Windows\System\INPjgXO.exe
  2⤵
  PID:3956
- C:\Windows\System\JaURtfT.exe
  C:\Windows\System\JaURtfT.exe
  2⤵
  PID:4016
- C:\Windows\System\pkAiWxG.exe
  C:\Windows\System\pkAiWxG.exe
  2⤵
  PID:4744
- C:\Windows\System\XQfdHtw.exe
  C:\Windows\System\XQfdHtw.exe
  2⤵
  PID:5136
- C:\Windows\System\kaIvxMV.exe
  C:\Windows\System\kaIvxMV.exe
  2⤵
  PID:5188
- C:\Windows\System\vSjnZVW.exe
  C:\Windows\System\vSjnZVW.exe
  2⤵
  PID:5252
- C:\Windows\System\ygVSFxB.exe
  C:\Windows\System\ygVSFxB.exe
  2⤵
  PID:5332
- C:\Windows\System\twjfubG.exe
  C:\Windows\System\twjfubG.exe
  2⤵
  PID:5392
- C:\Windows\System\XRRBcgy.exe
  C:\Windows\System\XRRBcgy.exe
  2⤵
  PID:5448
- C:\Windows\System\ayyLaPn.exe
  C:\Windows\System\ayyLaPn.exe
  2⤵
  PID:5520
- C:\Windows\System\ZPxTWtC.exe
  C:\Windows\System\ZPxTWtC.exe
  2⤵
  PID:5560
- C:\Windows\System\YqSxMpi.exe
  C:\Windows\System\YqSxMpi.exe
  2⤵
  PID:5640
- C:\Windows\System\aqzYeZS.exe
  C:\Windows\System\aqzYeZS.exe
  2⤵
  PID:5708
- C:\Windows\System\szIGIEU.exe
  C:\Windows\System\szIGIEU.exe
  2⤵
  PID:5760
- C:\Windows\System\hezaXCy.exe
  C:\Windows\System\hezaXCy.exe
  2⤵
  PID:5808
- C:\Windows\System\mbHNYoG.exe
  C:\Windows\System\mbHNYoG.exe
  2⤵
  PID:5884
- C:\Windows\System\YmLPIXf.exe
  C:\Windows\System\YmLPIXf.exe
  2⤵
  PID:5944
- C:\Windows\System\MNYuscg.exe
  C:\Windows\System\MNYuscg.exe
  2⤵
  PID:6004
- C:\Windows\System\btcQPys.exe
  C:\Windows\System\btcQPys.exe
  2⤵
  PID:6060
- C:\Windows\System\SFyCctn.exe
  C:\Windows\System\SFyCctn.exe
  2⤵
  PID:6112
- C:\Windows\System\NUGUOkp.exe
  C:\Windows\System\NUGUOkp.exe
  2⤵
  PID:1728
- C:\Windows\System\RFwASZt.exe
  C:\Windows\System\RFwASZt.exe
  2⤵
  PID:2340
- C:\Windows\System\pFTWgKC.exe
  C:\Windows\System\pFTWgKC.exe
  2⤵
  PID:5224
- C:\Windows\System\cZNSwVW.exe
  C:\Windows\System\cZNSwVW.exe
  2⤵
  PID:544
- C:\Windows\System\TFwVZMJ.exe
  C:\Windows\System\TFwVZMJ.exe
  2⤵
  PID:5476
- C:\Windows\System\vhKPsGP.exe
  C:\Windows\System\vhKPsGP.exe
  2⤵
  PID:5604
- C:\Windows\System\gzwaiXc.exe
  C:\Windows\System\gzwaiXc.exe
  2⤵
  PID:5740
- C:\Windows\System\aSLWzSx.exe
  C:\Windows\System\aSLWzSx.exe
  2⤵
  PID:5836
- C:\Windows\System\uDNNtCs.exe
  C:\Windows\System\uDNNtCs.exe
  2⤵
  PID:5972
- C:\Windows\System\YUXhTqQ.exe
  C:\Windows\System\YUXhTqQ.exe
  2⤵
  PID:6052
- C:\Windows\System\YRrXgHq.exe
  C:\Windows\System\YRrXgHq.exe
  2⤵
  PID:1844
- C:\Windows\System\VHkkoyb.exe
  C:\Windows\System\VHkkoyb.exe
  2⤵
  PID:5164
- C:\Windows\System\pWCJlAx.exe
  C:\Windows\System\pWCJlAx.exe
  2⤵
  PID:5532
- C:\Windows\System\llQKHSI.exe
  C:\Windows\System\llQKHSI.exe
  2⤵
  PID:6172
- C:\Windows\System\SsoIGYj.exe
  C:\Windows\System\SsoIGYj.exe
  2⤵
  PID:6200
- C:\Windows\System\uxPaLaE.exe
  C:\Windows\System\uxPaLaE.exe
  2⤵
  PID:6228
- C:\Windows\System\WkGkWWA.exe
  C:\Windows\System\WkGkWWA.exe
  2⤵
  PID:6256
- C:\Windows\System\nuDuNcP.exe
  C:\Windows\System\nuDuNcP.exe
  2⤵
  PID:6280
- C:\Windows\System\LxBVBPW.exe
  C:\Windows\System\LxBVBPW.exe
  2⤵
  PID:6312
- C:\Windows\System\yLvmfwc.exe
  C:\Windows\System\yLvmfwc.exe
  2⤵
  PID:6340
- C:\Windows\System\gHTysOD.exe
  C:\Windows\System\gHTysOD.exe
  2⤵
  PID:6368
- C:\Windows\System\SRLojBp.exe
  C:\Windows\System\SRLojBp.exe
  2⤵
  PID:6396
- C:\Windows\System\ywsCWNf.exe
  C:\Windows\System\ywsCWNf.exe
  2⤵
  PID:6424
- C:\Windows\System\hFxIpPZ.exe
  C:\Windows\System\hFxIpPZ.exe
  2⤵
  PID:6452
- C:\Windows\System\gdWbTOZ.exe
  C:\Windows\System\gdWbTOZ.exe
  2⤵
  PID:6480
- C:\Windows\System\gcVMRKo.exe
  C:\Windows\System\gcVMRKo.exe
  2⤵
  PID:6580
- C:\Windows\System\kpffAet.exe
  C:\Windows\System\kpffAet.exe
  2⤵
  PID:6604
- C:\Windows\System\HMWRCUV.exe
  C:\Windows\System\HMWRCUV.exe
  2⤵
  PID:6664
- C:\Windows\System\dvGZWUd.exe
  C:\Windows\System\dvGZWUd.exe
  2⤵
  PID:6712
- C:\Windows\System\ssQKoMB.exe
  C:\Windows\System\ssQKoMB.exe
  2⤵
  PID:6728
- C:\Windows\System\bpIjLKh.exe
  C:\Windows\System\bpIjLKh.exe
  2⤵
  PID:6744
- C:\Windows\System\eCDSXlf.exe
  C:\Windows\System\eCDSXlf.exe
  2⤵
  PID:6760
- C:\Windows\System\AknUJsq.exe
  C:\Windows\System\AknUJsq.exe
  2⤵
  PID:6780
- C:\Windows\System\FJFEYAH.exe
  C:\Windows\System\FJFEYAH.exe
  2⤵
  PID:6796
- C:\Windows\System\jftxWdk.exe
  C:\Windows\System\jftxWdk.exe
  2⤵
  PID:6820
- C:\Windows\System\LEYDUfi.exe
  C:\Windows\System\LEYDUfi.exe
  2⤵
  PID:6848
- C:\Windows\System\yPgaRCJ.exe
  C:\Windows\System\yPgaRCJ.exe
  2⤵
  PID:6924
- C:\Windows\System\xkxbsRi.exe
  C:\Windows\System\xkxbsRi.exe
  2⤵
  PID:6944
- C:\Windows\System\JslTfhD.exe
  C:\Windows\System\JslTfhD.exe
  2⤵
  PID:6964
- C:\Windows\System\hfMHUWt.exe
  C:\Windows\System\hfMHUWt.exe
  2⤵
  PID:7008
- C:\Windows\System\pWIihsq.exe
  C:\Windows\System\pWIihsq.exe
  2⤵
  PID:7028
- C:\Windows\System\TnetZRS.exe
  C:\Windows\System\TnetZRS.exe
  2⤵
  PID:7048
- C:\Windows\System\zbDiXuJ.exe
  C:\Windows\System\zbDiXuJ.exe
  2⤵
  PID:7072
- C:\Windows\System\dkmbiHz.exe
  C:\Windows\System\dkmbiHz.exe
  2⤵
  PID:7092
- C:\Windows\System\kAynKOn.exe
  C:\Windows\System\kAynKOn.exe
  2⤵
  PID:7108
- C:\Windows\System\krngEoL.exe
  C:\Windows\System\krngEoL.exe
  2⤵
  PID:7132
- C:\Windows\System\TisIlPe.exe
  C:\Windows\System\TisIlPe.exe
  2⤵
  PID:7152
- C:\Windows\System\AzeeqyG.exe
  C:\Windows\System\AzeeqyG.exe
  2⤵
  PID:1200
- C:\Windows\System\GbGJzJl.exe
  C:\Windows\System\GbGJzJl.exe
  2⤵
  PID:3320
- C:\Windows\System\OFCxLJB.exe
  C:\Windows\System\OFCxLJB.exe
  2⤵
  PID:5912
- C:\Windows\System\QzTBJzC.exe
  C:\Windows\System\QzTBJzC.exe
  2⤵
  PID:4416
- C:\Windows\System\KfHtXLv.exe
  C:\Windows\System\KfHtXLv.exe
  2⤵
  PID:5056
- C:\Windows\System\vOfQUGG.exe
  C:\Windows\System\vOfQUGG.exe
  2⤵
  PID:5420
- C:\Windows\System\IKDGFbk.exe
  C:\Windows\System\IKDGFbk.exe
  2⤵
  PID:6160
- C:\Windows\System\STTyoCj.exe
  C:\Windows\System\STTyoCj.exe
  2⤵
  PID:6220
- C:\Windows\System\vJpHSuL.exe
  C:\Windows\System\vJpHSuL.exe
  2⤵
  PID:6248
- C:\Windows\System\Kuarugy.exe
  C:\Windows\System\Kuarugy.exe
  2⤵
  PID:3296
- C:\Windows\System\paFRKha.exe
  C:\Windows\System\paFRKha.exe
  2⤵
  PID:6304
- C:\Windows\System\KHXsfqU.exe
  C:\Windows\System\KHXsfqU.exe
  2⤵
  PID:6328
- C:\Windows\System\cyzXuAr.exe
  C:\Windows\System\cyzXuAr.exe
  2⤵
  PID:2268
- C:\Windows\System\RDQVSYZ.exe
  C:\Windows\System\RDQVSYZ.exe
  2⤵
  PID:6380
- C:\Windows\System\lcmKsIN.exe
  C:\Windows\System\lcmKsIN.exe
  2⤵
  PID:6436
- C:\Windows\System\dFDmjqf.exe
  C:\Windows\System\dFDmjqf.exe
  2⤵
  PID:5024
- C:\Windows\System\MlvPbjg.exe
  C:\Windows\System\MlvPbjg.exe
  2⤵
  PID:6472
- C:\Windows\System\brdOnPr.exe
  C:\Windows\System\brdOnPr.exe
  2⤵
  PID:4880
- C:\Windows\System\CFdapOK.exe
  C:\Windows\System\CFdapOK.exe
  2⤵
  PID:6556
- C:\Windows\System\MkpDKwr.exe
  C:\Windows\System\MkpDKwr.exe
  2⤵
  PID:6696
- C:\Windows\System\OedSkMD.exe
  C:\Windows\System\OedSkMD.exe
  2⤵
  PID:6836
- C:\Windows\System\aJljjcb.exe
  C:\Windows\System\aJljjcb.exe
  2⤵
  PID:6880
- C:\Windows\System\fidvbEH.exe
  C:\Windows\System\fidvbEH.exe
  2⤵
  PID:6560
- C:\Windows\System\PodNYEf.exe
  C:\Windows\System\PodNYEf.exe
  2⤵
  PID:6936
- C:\Windows\System\mrEGJZa.exe
  C:\Windows\System\mrEGJZa.exe
  2⤵
  PID:7140
- C:\Windows\System\hhlihxf.exe
  C:\Windows\System\hhlihxf.exe
  2⤵
  PID:7124
- C:\Windows\System\nPCyJPO.exe
  C:\Windows\System\nPCyJPO.exe
  2⤵
  PID:5672
- C:\Windows\System\QmyburW.exe
  C:\Windows\System\QmyburW.exe
  2⤵
  PID:6108
- C:\Windows\System\DxahGBw.exe
  C:\Windows\System\DxahGBw.exe
  2⤵
  PID:5784
- C:\Windows\System\HHbCnOy.exe
  C:\Windows\System\HHbCnOy.exe
  2⤵
  PID:6352
- C:\Windows\System\qVWNBGr.exe
  C:\Windows\System\qVWNBGr.exe
  2⤵
  PID:3188
- C:\Windows\System\dbZVadu.exe
  C:\Windows\System\dbZVadu.exe
  2⤵
  PID:1280
- C:\Windows\System\nMfFQPA.exe
  C:\Windows\System\nMfFQPA.exe
  2⤵
  PID:2792
- C:\Windows\System\uHWFGpD.exe
  C:\Windows\System\uHWFGpD.exe
  2⤵
  PID:3768
- C:\Windows\System\MxJtbkT.exe
  C:\Windows\System\MxJtbkT.exe
  2⤵
  PID:6596
- C:\Windows\System\beOkUIv.exe
  C:\Windows\System\beOkUIv.exe
  2⤵
  PID:6876
- C:\Windows\System\eYfxoQB.exe
  C:\Windows\System\eYfxoQB.exe
  2⤵
  PID:6932
- C:\Windows\System\cvmEJoh.exe
  C:\Windows\System\cvmEJoh.exe
  2⤵
  PID:5556
- C:\Windows\System\khRaweb.exe
  C:\Windows\System\khRaweb.exe
  2⤵
  PID:4324
- C:\Windows\System\dIifABO.exe
  C:\Windows\System\dIifABO.exe
  2⤵
  PID:6324
- C:\Windows\System\GWyHyPJ.exe
  C:\Windows\System\GWyHyPJ.exe
  2⤵
  PID:1876
- C:\Windows\System\aIpMTNl.exe
  C:\Windows\System\aIpMTNl.exe
  2⤵
  PID:1804
- C:\Windows\System\iJkBchY.exe
  C:\Windows\System\iJkBchY.exe
  2⤵
  PID:6788
- C:\Windows\System\hOLoxHd.exe
  C:\Windows\System\hOLoxHd.exe
  2⤵
  PID:7016
- C:\Windows\System\JvYPqmI.exe
  C:\Windows\System\JvYPqmI.exe
  2⤵
  PID:7104
- C:\Windows\System\hiFvQgj.exe
  C:\Windows\System\hiFvQgj.exe
  2⤵
  PID:6640
- C:\Windows\System\DNhGbGN.exe
  C:\Windows\System\DNhGbGN.exe
  2⤵
  PID:7180
- C:\Windows\System\yqFpVoO.exe
  C:\Windows\System\yqFpVoO.exe
  2⤵
  PID:7252
- C:\Windows\System\cyZVTEO.exe
  C:\Windows\System\cyZVTEO.exe
  2⤵
  PID:7300
- C:\Windows\System\zwHSkdn.exe
  C:\Windows\System\zwHSkdn.exe
  2⤵
  PID:7316
- C:\Windows\System\RITPfdR.exe
  C:\Windows\System\RITPfdR.exe
  2⤵
  PID:7336
- C:\Windows\System\zYGfweL.exe
  C:\Windows\System\zYGfweL.exe
  2⤵
  PID:7364
- C:\Windows\System\PgsVwls.exe
  C:\Windows\System\PgsVwls.exe
  2⤵
  PID:7404
- C:\Windows\System\mSebQLg.exe
  C:\Windows\System\mSebQLg.exe
  2⤵
  PID:7428
- C:\Windows\System\YUoJEbv.exe
  C:\Windows\System\YUoJEbv.exe
  2⤵
  PID:7448
- C:\Windows\System\HAavmfv.exe
  C:\Windows\System\HAavmfv.exe
  2⤵
  PID:7488
- C:\Windows\System\nmwLFgK.exe
  C:\Windows\System\nmwLFgK.exe
  2⤵
  PID:7512
- C:\Windows\System\jngpJCd.exe
  C:\Windows\System\jngpJCd.exe
  2⤵
  PID:7532
- C:\Windows\System\frvZRIC.exe
  C:\Windows\System\frvZRIC.exe
  2⤵
  PID:7572
- C:\Windows\System\nbqZyGr.exe
  C:\Windows\System\nbqZyGr.exe
  2⤵
  PID:7608
- C:\Windows\System\FndXTdv.exe
  C:\Windows\System\FndXTdv.exe
  2⤵
  PID:7624
- C:\Windows\System\byasyPo.exe
  C:\Windows\System\byasyPo.exe
  2⤵
  PID:7652
- C:\Windows\System\PNEgZDO.exe
  C:\Windows\System\PNEgZDO.exe
  2⤵
  PID:7676
- C:\Windows\System\XiLAnNU.exe
  C:\Windows\System\XiLAnNU.exe
  2⤵
  PID:7704
- C:\Windows\System\KSrPEps.exe
  C:\Windows\System\KSrPEps.exe
  2⤵
  PID:7748
- C:\Windows\System\HmIhyiG.exe
  C:\Windows\System\HmIhyiG.exe
  2⤵
  PID:7772
- C:\Windows\System\KasmRhW.exe
  C:\Windows\System\KasmRhW.exe
  2⤵
  PID:7792
- C:\Windows\System\ueOUXHn.exe
  C:\Windows\System\ueOUXHn.exe
  2⤵
  PID:7808
- C:\Windows\System\eLqOomi.exe
  C:\Windows\System\eLqOomi.exe
  2⤵
  PID:7852
- C:\Windows\System\LiWtXFE.exe
  C:\Windows\System\LiWtXFE.exe
  2⤵
  PID:7872
- C:\Windows\System\eZxqXgv.exe
  C:\Windows\System\eZxqXgv.exe
  2⤵
  PID:7896
- C:\Windows\System\gukUGOW.exe
  C:\Windows\System\gukUGOW.exe
  2⤵
  PID:7920
- C:\Windows\System\ZUACJJn.exe
  C:\Windows\System\ZUACJJn.exe
  2⤵
  PID:7956
- C:\Windows\System\DUMOPQa.exe
  C:\Windows\System\DUMOPQa.exe
  2⤵
  PID:7980
- C:\Windows\System\EcqOgOI.exe
  C:\Windows\System\EcqOgOI.exe
  2⤵
  PID:8000
- C:\Windows\System\gwIrFwF.exe
  C:\Windows\System\gwIrFwF.exe
  2⤵
  PID:8020
- C:\Windows\System\bnKAtHl.exe
  C:\Windows\System\bnKAtHl.exe
  2⤵
  PID:8040
- C:\Windows\System\brmTXIa.exe
  C:\Windows\System\brmTXIa.exe
  2⤵
  PID:8108
- C:\Windows\System\OLpPmqJ.exe
  C:\Windows\System\OLpPmqJ.exe
  2⤵
  PID:8124
- C:\Windows\System\pfuXkeT.exe
  C:\Windows\System\pfuXkeT.exe
  2⤵
  PID:8148
- C:\Windows\System\yUJMwTF.exe
  C:\Windows\System\yUJMwTF.exe
  2⤵
  PID:8172
- C:\Windows\System\EjmvIqy.exe
  C:\Windows\System\EjmvIqy.exe
  2⤵
  PID:6516
- C:\Windows\System\iOSWcDw.exe
  C:\Windows\System\iOSWcDw.exe
  2⤵
  PID:7192
- C:\Windows\System\WbNincu.exe
  C:\Windows\System\WbNincu.exe
  2⤵
  PID:7272
- C:\Windows\System\uRNdsuJ.exe
  C:\Windows\System\uRNdsuJ.exe
  2⤵
  PID:7328
- C:\Windows\System\lcPVHLn.exe
  C:\Windows\System\lcPVHLn.exe
  2⤵
  PID:7400
- C:\Windows\System\aiEqwfO.exe
  C:\Windows\System\aiEqwfO.exe
  2⤵
  PID:7456
- C:\Windows\System\EHVjjpv.exe
  C:\Windows\System\EHVjjpv.exe
  2⤵
  PID:7524
- C:\Windows\System\LAySiHj.exe
  C:\Windows\System\LAySiHj.exe
  2⤵
  PID:7592
- C:\Windows\System\PFhOkTj.exe
  C:\Windows\System\PFhOkTj.exe
  2⤵
  PID:7644
- C:\Windows\System\nwkGrnZ.exe
  C:\Windows\System\nwkGrnZ.exe
  2⤵
  PID:7668
- C:\Windows\System\ddaQWUl.exe
  C:\Windows\System\ddaQWUl.exe
  2⤵
  PID:7800
- C:\Windows\System\ApHwkxm.exe
  C:\Windows\System\ApHwkxm.exe
  2⤵
  PID:7832
- C:\Windows\System\lvCzyaO.exe
  C:\Windows\System\lvCzyaO.exe
  2⤵
  PID:7964
- C:\Windows\System\PgKFagG.exe
  C:\Windows\System\PgKFagG.exe
  2⤵
  PID:8032
- C:\Windows\System\ecCJnYq.exe
  C:\Windows\System\ecCJnYq.exe
  2⤵
  PID:8016
- C:\Windows\System\MXccOWq.exe
  C:\Windows\System\MXccOWq.exe
  2⤵
  PID:8144
- C:\Windows\System\zvFErUa.exe
  C:\Windows\System\zvFErUa.exe
  2⤵
  PID:6904
- C:\Windows\System\YgCHSAc.exe
  C:\Windows\System\YgCHSAc.exe
  2⤵
  PID:7276
- C:\Windows\System\vPIkRTz.exe
  C:\Windows\System\vPIkRTz.exe
  2⤵
  PID:7508
- C:\Windows\System\hwmkarQ.exe
  C:\Windows\System\hwmkarQ.exe
  2⤵
  PID:7720
- C:\Windows\System\xDpPQAx.exe
  C:\Windows\System\xDpPQAx.exe
  2⤵
  PID:7616
- C:\Windows\System\LosffZk.exe
  C:\Windows\System\LosffZk.exe
  2⤵
  PID:7820
- C:\Windows\System\LhvCKZh.exe
  C:\Windows\System\LhvCKZh.exe
  2⤵
  PID:7936
- C:\Windows\System\qfouFFw.exe
  C:\Windows\System\qfouFFw.exe
  2⤵
  PID:8012
- C:\Windows\System\bZDAUFu.exe
  C:\Windows\System\bZDAUFu.exe
  2⤵
  PID:8160
- C:\Windows\System\afOtIEl.exe
  C:\Windows\System\afOtIEl.exe
  2⤵
  PID:7412
- C:\Windows\System\vKxRsmA.exe
  C:\Windows\System\vKxRsmA.exe
  2⤵
  PID:7788
- C:\Windows\System\ZAJvWQI.exe
  C:\Windows\System\ZAJvWQI.exe
  2⤵
  PID:7760
- C:\Windows\System\JwimAXX.exe
  C:\Windows\System\JwimAXX.exe
  2⤵
  PID:8228
- C:\Windows\System\WuqMIPE.exe
  C:\Windows\System\WuqMIPE.exe
  2⤵
  PID:8248
- C:\Windows\System\jgSpIlw.exe
  C:\Windows\System\jgSpIlw.exe
  2⤵
  PID:8276
- C:\Windows\System\mRrwdER.exe
  C:\Windows\System\mRrwdER.exe
  2⤵
  PID:8336
- C:\Windows\System\VNqOPJE.exe
  C:\Windows\System\VNqOPJE.exe
  2⤵
  PID:8356
- C:\Windows\System\nAXBKmH.exe
  C:\Windows\System\nAXBKmH.exe
  2⤵
  PID:8388
- C:\Windows\System\MdcOrBm.exe
  C:\Windows\System\MdcOrBm.exe
  2⤵
  PID:8408
- C:\Windows\System\COIhovm.exe
  C:\Windows\System\COIhovm.exe
  2⤵
  PID:8428
- C:\Windows\System\RhFvsuK.exe
  C:\Windows\System\RhFvsuK.exe
  2⤵
  PID:8452
- C:\Windows\System\IMkvqXs.exe
  C:\Windows\System\IMkvqXs.exe
  2⤵
  PID:8472
- C:\Windows\System\bFhqxoY.exe
  C:\Windows\System\bFhqxoY.exe
  2⤵
  PID:8512
- C:\Windows\System\KBITMgi.exe
  C:\Windows\System\KBITMgi.exe
  2⤵
  PID:8576
- C:\Windows\System\smLqMla.exe
  C:\Windows\System\smLqMla.exe
  2⤵
  PID:8592
- C:\Windows\System\hYOYpuz.exe
  C:\Windows\System\hYOYpuz.exe
  2⤵
  PID:8632
- C:\Windows\System\MqjBrdD.exe
  C:\Windows\System\MqjBrdD.exe
  2⤵
  PID:8648
- C:\Windows\System\vroSTWP.exe
  C:\Windows\System\vroSTWP.exe
  2⤵
  PID:8668
- C:\Windows\System\zNjaxGY.exe
  C:\Windows\System\zNjaxGY.exe
  2⤵
  PID:8708
- C:\Windows\System\iNCMYsc.exe
  C:\Windows\System\iNCMYsc.exe
  2⤵
  PID:8732
- C:\Windows\System\yctLeDP.exe
  C:\Windows\System\yctLeDP.exe
  2⤵
  PID:8756
- C:\Windows\System\jcpMXxo.exe
  C:\Windows\System\jcpMXxo.exe
  2⤵
  PID:8772
- C:\Windows\System\GXRgpXY.exe
  C:\Windows\System\GXRgpXY.exe
  2⤵
  PID:8796
- C:\Windows\System\BQZZkkE.exe
  C:\Windows\System\BQZZkkE.exe
  2⤵
  PID:8828
- C:\Windows\System\hovwXUW.exe
  C:\Windows\System\hovwXUW.exe
  2⤵
  PID:8852
- C:\Windows\System\DOhKlNt.exe
  C:\Windows\System\DOhKlNt.exe
  2⤵
  PID:8892
- C:\Windows\System\Uaiinli.exe
  C:\Windows\System\Uaiinli.exe
  2⤵
  PID:8912
- C:\Windows\System\BMNKDna.exe
  C:\Windows\System\BMNKDna.exe
  2⤵
  PID:8940
- C:\Windows\System\tRBEIuq.exe
  C:\Windows\System\tRBEIuq.exe
  2⤵
  PID:8984
- C:\Windows\System\YWxOXqu.exe
  C:\Windows\System\YWxOXqu.exe
  2⤵
  PID:9000
- C:\Windows\System\qTCvzHI.exe
  C:\Windows\System\qTCvzHI.exe
  2⤵
  PID:9024
- C:\Windows\System\mHaNKSw.exe
  C:\Windows\System\mHaNKSw.exe
  2⤵
  PID:9044
- C:\Windows\System\qFinOAN.exe
  C:\Windows\System\qFinOAN.exe
  2⤵
  PID:9068
- C:\Windows\System\gVEbrHH.exe
  C:\Windows\System\gVEbrHH.exe
  2⤵
  PID:9088
- C:\Windows\System\NziuWpX.exe
  C:\Windows\System\NziuWpX.exe
  2⤵
  PID:9108
- C:\Windows\System\TqdhBtY.exe
  C:\Windows\System\TqdhBtY.exe
  2⤵
  PID:9128
- C:\Windows\System\nKEnFuY.exe
  C:\Windows\System\nKEnFuY.exe
  2⤵
  PID:9148
- C:\Windows\System\FInmLgR.exe
  C:\Windows\System\FInmLgR.exe
  2⤵
  PID:9168
- C:\Windows\System\iejKxkm.exe
  C:\Windows\System\iejKxkm.exe
  2⤵
  PID:9184
- C:\Windows\System\bdaBwkf.exe
  C:\Windows\System\bdaBwkf.exe
  2⤵
  PID:9208
- C:\Windows\System\YZCdteY.exe
  C:\Windows\System\YZCdteY.exe
  2⤵
  PID:8244
- C:\Windows\System\wmEToQz.exe
  C:\Windows\System\wmEToQz.exe
  2⤵
  PID:8272
- C:\Windows\System\pHbVdzL.exe
  C:\Windows\System\pHbVdzL.exe
  2⤵
  PID:8444
- C:\Windows\System\BChjbEp.exe
  C:\Windows\System\BChjbEp.exe
  2⤵
  PID:8496
- C:\Windows\System\Xngzuuh.exe
  C:\Windows\System\Xngzuuh.exe
  2⤵
  PID:7728
- C:\Windows\System\EUensKD.exe
  C:\Windows\System\EUensKD.exe
  2⤵
  PID:8612
- C:\Windows\System\bDntAes.exe
  C:\Windows\System\bDntAes.exe
  2⤵
  PID:8720
- C:\Windows\System\quSwVsV.exe
  C:\Windows\System\quSwVsV.exe
  2⤵
  PID:8788
- C:\Windows\System\Bpvqcnj.exe
  C:\Windows\System\Bpvqcnj.exe
  2⤵
  PID:8844
- C:\Windows\System\zyXmvgV.exe
  C:\Windows\System\zyXmvgV.exe
  2⤵
  PID:8948
- C:\Windows\System\XDuZnfp.exe
  C:\Windows\System\XDuZnfp.exe
  2⤵
  PID:8976
- C:\Windows\System\kOOmQcf.exe
  C:\Windows\System\kOOmQcf.exe
  2⤵
  PID:9096
- C:\Windows\System\aTSPkAP.exe
  C:\Windows\System\aTSPkAP.exe
  2⤵
  PID:9176
- C:\Windows\System\CtWUXnM.exe
  C:\Windows\System\CtWUXnM.exe
  2⤵
  PID:9164
- C:\Windows\System\nIsDQmH.exe
  C:\Windows\System\nIsDQmH.exe
  2⤵
  PID:8224
- C:\Windows\System\exfMIDy.exe
  C:\Windows\System\exfMIDy.exe
  2⤵
  PID:8304
- C:\Windows\System\MTvQwTS.exe
  C:\Windows\System\MTvQwTS.exe
  2⤵
  PID:8488
- C:\Windows\System\VlHVDeY.exe
  C:\Windows\System\VlHVDeY.exe
  2⤵
  PID:8588
- C:\Windows\System\JuKCapg.exe
  C:\Windows\System\JuKCapg.exe
  2⤵
  PID:8820
- C:\Windows\System\RnYuLNF.exe
  C:\Windows\System\RnYuLNF.exe
  2⤵
  PID:8956
- C:\Windows\System\afmQYlm.exe
  C:\Windows\System\afmQYlm.exe
  2⤵
  PID:9012
- C:\Windows\System\XXoqKIf.exe
  C:\Windows\System\XXoqKIf.exe
  2⤵
  PID:9136
- C:\Windows\System\tzQeFUZ.exe
  C:\Windows\System\tzQeFUZ.exe
  2⤵
  PID:8240
- C:\Windows\System\YDkgZyQ.exe
  C:\Windows\System\YDkgZyQ.exe
  2⤵
  PID:8744
- C:\Windows\System\sfPfqmG.exe
  C:\Windows\System\sfPfqmG.exe
  2⤵
  PID:8748
- C:\Windows\System\oTtpfFu.exe
  C:\Windows\System\oTtpfFu.exe
  2⤵
  PID:9252
- C:\Windows\System\waoVNmo.exe
  C:\Windows\System\waoVNmo.exe
  2⤵
  PID:9272
- C:\Windows\System\VzZKfFD.exe
  C:\Windows\System\VzZKfFD.exe
  2⤵
  PID:9292
- C:\Windows\System\qsxYXDk.exe
  C:\Windows\System\qsxYXDk.exe
  2⤵
  PID:9320
- C:\Windows\System\NQiotja.exe
  C:\Windows\System\NQiotja.exe
  2⤵
  PID:9340
- C:\Windows\System\MghBOOL.exe
  C:\Windows\System\MghBOOL.exe
  2⤵
  PID:9416
- C:\Windows\System\wdWhRKf.exe
  C:\Windows\System\wdWhRKf.exe
  2⤵
  PID:9448
- C:\Windows\System\UhvhpeI.exe
  C:\Windows\System\UhvhpeI.exe
  2⤵
  PID:9468
- C:\Windows\System\blSjFBx.exe
  C:\Windows\System\blSjFBx.exe
  2⤵
  PID:9488
- C:\Windows\System\pEZZHvn.exe
  C:\Windows\System\pEZZHvn.exe
  2⤵
  PID:9504
- C:\Windows\System\nwCCHJs.exe
  C:\Windows\System\nwCCHJs.exe
  2⤵
  PID:9524
- C:\Windows\System\ZskjQES.exe
  C:\Windows\System\ZskjQES.exe
  2⤵
  PID:9568
- C:\Windows\System\sDWIGqF.exe
  C:\Windows\System\sDWIGqF.exe
  2⤵
  PID:9608
- C:\Windows\System\rfFOUKj.exe
  C:\Windows\System\rfFOUKj.exe
  2⤵
  PID:9640
- C:\Windows\System\cHqBhwC.exe
  C:\Windows\System\cHqBhwC.exe
  2⤵
  PID:9660
- C:\Windows\System\NRRxOtT.exe
  C:\Windows\System\NRRxOtT.exe
  2⤵
  PID:9700
- C:\Windows\System\neCbMbl.exe
  C:\Windows\System\neCbMbl.exe
  2⤵
  PID:9720
- C:\Windows\System\jqyExOK.exe
  C:\Windows\System\jqyExOK.exe
  2⤵
  PID:9764
- C:\Windows\System\iClxJXd.exe
  C:\Windows\System\iClxJXd.exe
  2⤵
  PID:9784
- C:\Windows\System\PTfEdIO.exe
  C:\Windows\System\PTfEdIO.exe
  2⤵
  PID:9812
- C:\Windows\System\ZiXLxiL.exe
  C:\Windows\System\ZiXLxiL.exe
  2⤵
  PID:9836
- C:\Windows\System\biJJMHD.exe
  C:\Windows\System\biJJMHD.exe
  2⤵
  PID:9892
- C:\Windows\System\WIpbKkP.exe
  C:\Windows\System\WIpbKkP.exe
  2⤵
  PID:9944
- C:\Windows\System\fiZAVvJ.exe
  C:\Windows\System\fiZAVvJ.exe
  2⤵
  PID:9996
- C:\Windows\System\rVKRCYi.exe
  C:\Windows\System\rVKRCYi.exe
  2⤵
  PID:10016
- C:\Windows\System\lVcItbH.exe
  C:\Windows\System\lVcItbH.exe
  2⤵
  PID:10064
- C:\Windows\System\PLlLZYo.exe
  C:\Windows\System\PLlLZYo.exe
  2⤵
  PID:10080
- C:\Windows\System\UrsMiRc.exe
  C:\Windows\System\UrsMiRc.exe
  2⤵
  PID:10096
- C:\Windows\System\nEoyAAs.exe
  C:\Windows\System\nEoyAAs.exe
  2⤵
  PID:10112
- C:\Windows\System\MUKqYej.exe
  C:\Windows\System\MUKqYej.exe
  2⤵
  PID:10128
- C:\Windows\System\hvkbMWp.exe
  C:\Windows\System\hvkbMWp.exe
  2⤵
  PID:10148
- C:\Windows\System\PFBnlxF.exe
  C:\Windows\System\PFBnlxF.exe
  2⤵
  PID:10208
- C:\Windows\System\UEOxuFz.exe
  C:\Windows\System\UEOxuFz.exe
  2⤵
  PID:9228
- C:\Windows\System\XzuCfYe.exe
  C:\Windows\System\XzuCfYe.exe
  2⤵
  PID:9332
- C:\Windows\System\JFbzDKO.exe
  C:\Windows\System\JFbzDKO.exe
  2⤵
  PID:9412
- C:\Windows\System\vrllxdC.exe
  C:\Windows\System\vrllxdC.exe
  2⤵
  PID:9500
- C:\Windows\System\jPfsIDE.exe
  C:\Windows\System\jPfsIDE.exe
  2⤵
  PID:9480
- C:\Windows\System\DFTVqeo.exe
  C:\Windows\System\DFTVqeo.exe
  2⤵
  PID:8572
- C:\Windows\System\KVJHLQj.exe
  C:\Windows\System\KVJHLQj.exe
  2⤵
  PID:9616
- C:\Windows\System\zXcwadC.exe
  C:\Windows\System\zXcwadC.exe
  2⤵
  PID:9676
- C:\Windows\System\UcifFGH.exe
  C:\Windows\System\UcifFGH.exe
  2⤵
  PID:9712
- C:\Windows\System\dZXUVMe.exe
  C:\Windows\System\dZXUVMe.exe
  2⤵
  PID:9740
- C:\Windows\System\BqXYtyX.exe
  C:\Windows\System\BqXYtyX.exe
  2⤵
  PID:9804
- C:\Windows\System\FJSmZSL.exe
  C:\Windows\System\FJSmZSL.exe
  2⤵
  PID:9928
- C:\Windows\System\YcaIpKJ.exe
  C:\Windows\System\YcaIpKJ.exe
  2⤵
  PID:9828
- C:\Windows\System\ligesHb.exe
  C:\Windows\System\ligesHb.exe
  2⤵
  PID:9880
- C:\Windows\System\DaCtkbW.exe
  C:\Windows\System\DaCtkbW.exe
  2⤵
  PID:10024
- C:\Windows\System\OQpFksM.exe
  C:\Windows\System\OQpFksM.exe
  2⤵
  PID:10072
- C:\Windows\System\clXjRrm.exe
  C:\Windows\System\clXjRrm.exe
  2⤵
  PID:10048
- C:\Windows\System\pyLcDmb.exe
  C:\Windows\System\pyLcDmb.exe
  2⤵
  PID:10092
- C:\Windows\System\SoQbcZg.exe
  C:\Windows\System\SoQbcZg.exe
  2⤵
  PID:8424
- C:\Windows\System\gjtExPN.exe
  C:\Windows\System\gjtExPN.exe
  2⤵
  PID:9260
- C:\Windows\System\rfRpdeR.exe
  C:\Windows\System\rfRpdeR.exe
  2⤵
  PID:10224
- C:\Windows\System\NwJvlcY.exe
  C:\Windows\System\NwJvlcY.exe
  2⤵
  PID:9496
- C:\Windows\System\qQnDqKV.exe
  C:\Windows\System\qQnDqKV.exe
  2⤵
  PID:9532
- C:\Windows\System\IXLldYQ.exe
  C:\Windows\System\IXLldYQ.exe
  2⤵
  PID:9600
- C:\Windows\System\gLMJsku.exe
  C:\Windows\System\gLMJsku.exe
  2⤵
  PID:9780
- C:\Windows\System\aqwKdob.exe
  C:\Windows\System\aqwKdob.exe
  2⤵
  PID:9912
- C:\Windows\System\IRVxiac.exe
  C:\Windows\System\IRVxiac.exe
  2⤵
  PID:9972
- C:\Windows\System\YjBMmow.exe
  C:\Windows\System\YjBMmow.exe
  2⤵
  PID:10088
- C:\Windows\System\YjNyhto.exe
  C:\Windows\System\YjNyhto.exe
  2⤵
  PID:9796
- C:\Windows\System\CawTuOU.exe
  C:\Windows\System\CawTuOU.exe
  2⤵
  PID:10200
- C:\Windows\System\MIYmpnP.exe
  C:\Windows\System\MIYmpnP.exe
  2⤵
  PID:10256
- C:\Windows\System\WDPqShH.exe
  C:\Windows\System\WDPqShH.exe
  2⤵
  PID:10284
- C:\Windows\System\JMsLUVw.exe
  C:\Windows\System\JMsLUVw.exe
  2⤵
  PID:10316
- C:\Windows\System\pnkFhMb.exe
  C:\Windows\System\pnkFhMb.exe
  2⤵
  PID:10344
- C:\Windows\System\hTFsEtM.exe
  C:\Windows\System\hTFsEtM.exe
  2⤵
  PID:10372
- C:\Windows\System\zCAmJgF.exe
  C:\Windows\System\zCAmJgF.exe
  2⤵
  PID:10400
- C:\Windows\System\QbPdjTL.exe
  C:\Windows\System\QbPdjTL.exe
  2⤵
  PID:10424
- C:\Windows\System\WRCSJSb.exe
  C:\Windows\System\WRCSJSb.exe
  2⤵
  PID:10444
- C:\Windows\System\ONNopGz.exe
  C:\Windows\System\ONNopGz.exe
  2⤵
  PID:10484
- C:\Windows\System\RIgpVcZ.exe
  C:\Windows\System\RIgpVcZ.exe
  2⤵
  PID:10508
- C:\Windows\System\PWARxyO.exe
  C:\Windows\System\PWARxyO.exe
  2⤵
  PID:10528
- C:\Windows\System\tGmjISr.exe
  C:\Windows\System\tGmjISr.exe
  2⤵
  PID:10556
- C:\Windows\System\LDoBFkE.exe
  C:\Windows\System\LDoBFkE.exe
  2⤵
  PID:10616
- C:\Windows\System\OJezTYV.exe
  C:\Windows\System\OJezTYV.exe
  2⤵
  PID:10632
- C:\Windows\System\rxhCCtf.exe
  C:\Windows\System\rxhCCtf.exe
  2⤵
  PID:10652
- C:\Windows\System\kNmhAAS.exe
  C:\Windows\System\kNmhAAS.exe
  2⤵
  PID:10680
- C:\Windows\System\ysUuBiZ.exe
  C:\Windows\System\ysUuBiZ.exe
  2⤵
  PID:10720
- C:\Windows\System\SYEubSy.exe
  C:\Windows\System\SYEubSy.exe
  2⤵
  PID:10744
- C:\Windows\System\pGSnYzk.exe
  C:\Windows\System\pGSnYzk.exe
  2⤵
  PID:10784
- C:\Windows\System\rQlboMg.exe
  C:\Windows\System\rQlboMg.exe
  2⤵
  PID:10804
- C:\Windows\System\VyeThfF.exe
  C:\Windows\System\VyeThfF.exe
  2⤵
  PID:10828
- C:\Windows\System\CorFkVr.exe
  C:\Windows\System\CorFkVr.exe
  2⤵
  PID:10864
- C:\Windows\System\yfXSgiW.exe
  C:\Windows\System\yfXSgiW.exe
  2⤵
  PID:10884
- C:\Windows\System\iSsZkDT.exe
  C:\Windows\System\iSsZkDT.exe
  2⤵
  PID:10904
- C:\Windows\System\hqMwhuH.exe
  C:\Windows\System\hqMwhuH.exe
  2⤵
  PID:10952
- C:\Windows\System\OUXdNXH.exe
  C:\Windows\System\OUXdNXH.exe
  2⤵
  PID:10972
- C:\Windows\System\pnGqYOM.exe
  C:\Windows\System\pnGqYOM.exe
  2⤵
  PID:10996
- C:\Windows\System\xcquyLD.exe
  C:\Windows\System\xcquyLD.exe
  2⤵
  PID:11036
- C:\Windows\System\epnZdfd.exe
  C:\Windows\System\epnZdfd.exe
  2⤵
  PID:11068
- C:\Windows\System\kSHtAsW.exe
  C:\Windows\System\kSHtAsW.exe
  2⤵
  PID:11088
- C:\Windows\System\meDjKsx.exe
  C:\Windows\System\meDjKsx.exe
  2⤵
  PID:11108
- C:\Windows\System\XaaYdxz.exe
  C:\Windows\System\XaaYdxz.exe
  2⤵
  PID:11132
- C:\Windows\System\WhOMHeC.exe
  C:\Windows\System\WhOMHeC.exe
  2⤵
  PID:11156
- C:\Windows\System\BcZoWIf.exe
  C:\Windows\System\BcZoWIf.exe
  2⤵
  PID:11192
- C:\Windows\System\myvaQgh.exe
  C:\Windows\System\myvaQgh.exe
  2⤵
  PID:11208
- C:\Windows\System\xeUCeYp.exe
  C:\Windows\System\xeUCeYp.exe
  2⤵
  PID:11248
- C:\Windows\System\uHhyHcz.exe
  C:\Windows\System\uHhyHcz.exe
  2⤵
  PID:9312
- C:\Windows\System\ShlWesd.exe
  C:\Windows\System\ShlWesd.exe
  2⤵
  PID:10296
- C:\Windows\System\qdlDDIj.exe
  C:\Windows\System\qdlDDIj.exe
  2⤵
  PID:10352
- C:\Windows\System\xvWhHEa.exe
  C:\Windows\System\xvWhHEa.exe
  2⤵
  PID:9316
- C:\Windows\System\rgjjjgQ.exe
  C:\Windows\System\rgjjjgQ.exe
  2⤵
  PID:10392
- C:\Windows\System\tMXoFOr.exe
  C:\Windows\System\tMXoFOr.exe
  2⤵
  PID:10452
- C:\Windows\System\qUwVBrE.exe
  C:\Windows\System\qUwVBrE.exe
  2⤵
  PID:10500
- C:\Windows\System\lDVlrXn.exe
  C:\Windows\System\lDVlrXn.exe
  2⤵
  PID:10624
- C:\Windows\System\FZOhQSb.exe
  C:\Windows\System\FZOhQSb.exe
  2⤵
  PID:10664
- C:\Windows\System\YsnnYej.exe
  C:\Windows\System\YsnnYej.exe
  2⤵
  PID:10760
- C:\Windows\System\VEQGoAT.exe
  C:\Windows\System\VEQGoAT.exe
  2⤵
  PID:10824
- C:\Windows\System\ZDxCwJC.exe
  C:\Windows\System\ZDxCwJC.exe
  2⤵
  PID:10856
- C:\Windows\System\WoaIaPg.exe
  C:\Windows\System\WoaIaPg.exe
  2⤵
  PID:10912
- C:\Windows\System\rbBoDLE.exe
  C:\Windows\System\rbBoDLE.exe
  2⤵
  PID:2860
- C:\Windows\System\IipacVr.exe
  C:\Windows\System\IipacVr.exe
  2⤵
  PID:10984
- C:\Windows\System\HyFXsbJ.exe
  C:\Windows\System\HyFXsbJ.exe
  2⤵
  PID:11104
- C:\Windows\System\jKfBvIU.exe
  C:\Windows\System\jKfBvIU.exe
  2⤵
  PID:11180
- C:\Windows\System\klvnuKN.exe
  C:\Windows\System\klvnuKN.exe
  2⤵
  PID:11216
- C:\Windows\System\JAWuyqZ.exe
  C:\Windows\System\JAWuyqZ.exe
  2⤵
  PID:9308
- C:\Windows\System\WRWDXCT.exe
  C:\Windows\System\WRWDXCT.exe
  2⤵
  PID:10364
- C:\Windows\System\MVuRltG.exe
  C:\Windows\System\MVuRltG.exe
  2⤵
  PID:10492
- C:\Windows\System\VetuJYe.exe
  C:\Windows\System\VetuJYe.exe
  2⤵
  PID:10772
- C:\Windows\System\lLALmuY.exe
  C:\Windows\System\lLALmuY.exe
  2⤵
  PID:10880
- C:\Windows\System\LFTDbZA.exe
  C:\Windows\System\LFTDbZA.exe
  2⤵
  PID:10980
- C:\Windows\System\vjrlvqn.exe
  C:\Windows\System\vjrlvqn.exe
  2⤵
  PID:11116
- C:\Windows\System\kBMzAjD.exe
  C:\Windows\System\kBMzAjD.exe
  2⤵
  PID:1828
- C:\Windows\System\lWeLOgB.exe
  C:\Windows\System\lWeLOgB.exe
  2⤵
  PID:10408
- C:\Windows\System\JUoGTNd.exe
  C:\Windows\System\JUoGTNd.exe
  2⤵
  PID:10336
- C:\Windows\System\DbwCBRL.exe
  C:\Windows\System\DbwCBRL.exe
  2⤵
  PID:11016
- C:\Windows\System\kisJUsb.exe
  C:\Windows\System\kisJUsb.exe
  2⤵
  PID:11128
- C:\Windows\System\fKObIJg.exe
  C:\Windows\System\fKObIJg.exe
  2⤵
  PID:11268
- C:\Windows\System\VYsxALB.exe
  C:\Windows\System\VYsxALB.exe
  2⤵
  PID:11296
- C:\Windows\System\IruXHqh.exe
  C:\Windows\System\IruXHqh.exe
  2⤵
  PID:11312
- C:\Windows\System\nNWGoIC.exe
  C:\Windows\System\nNWGoIC.exe
  2⤵
  PID:11332
- C:\Windows\System\ytFWcsv.exe
  C:\Windows\System\ytFWcsv.exe
  2⤵
  PID:11372
- C:\Windows\System\drqGpxk.exe
  C:\Windows\System\drqGpxk.exe
  2⤵
  PID:11388
- C:\Windows\System\XmealBF.exe
  C:\Windows\System\XmealBF.exe
  2⤵
  PID:11412
- C:\Windows\System\VcWKPMC.exe
  C:\Windows\System\VcWKPMC.exe
  2⤵
  PID:11440
- C:\Windows\System\EkpFBbH.exe
  C:\Windows\System\EkpFBbH.exe
  2⤵
  PID:11500
- C:\Windows\System\hUwyHmv.exe
  C:\Windows\System\hUwyHmv.exe
  2⤵
  PID:11520
- C:\Windows\System\DKQdmYi.exe
  C:\Windows\System\DKQdmYi.exe
  2⤵
  PID:11536
- C:\Windows\System\UbLyugp.exe
  C:\Windows\System\UbLyugp.exe
  2⤵
  PID:11556
- C:\Windows\System\umxAjqJ.exe
  C:\Windows\System\umxAjqJ.exe
  2⤵
  PID:11592
- C:\Windows\System\gxCqUBa.exe
  C:\Windows\System\gxCqUBa.exe
  2⤵
  PID:11616
- C:\Windows\System\uCRwqHy.exe
  C:\Windows\System\uCRwqHy.exe
  2⤵
  PID:11648
- C:\Windows\System\DfQXjhs.exe
  C:\Windows\System\DfQXjhs.exe
  2⤵
  PID:11672
- C:\Windows\System\xzWpJcY.exe
  C:\Windows\System\xzWpJcY.exe
  2⤵
  PID:11704
- C:\Windows\System\jlKDILR.exe
  C:\Windows\System\jlKDILR.exe
  2⤵
  PID:11744
- C:\Windows\System\luXFuQB.exe
  C:\Windows\System\luXFuQB.exe
  2⤵
  PID:11760
- C:\Windows\System\WXfPnRx.exe
  C:\Windows\System\WXfPnRx.exe
  2⤵
  PID:11784
- C:\Windows\System\sFIRunT.exe
  C:\Windows\System\sFIRunT.exe
  2⤵
  PID:11808
- C:\Windows\System\fUaQriY.exe
  C:\Windows\System\fUaQriY.exe
  2⤵
  PID:11836
- C:\Windows\System\Gdfjrhs.exe
  C:\Windows\System\Gdfjrhs.exe
  2⤵
  PID:11900
- C:\Windows\System\NNDLEyE.exe
  C:\Windows\System\NNDLEyE.exe
  2⤵
  PID:11924
- C:\Windows\System\wmCFVAT.exe
  C:\Windows\System\wmCFVAT.exe
  2⤵
  PID:11944
- C:\Windows\System\STSJJJa.exe
  C:\Windows\System\STSJJJa.exe
  2⤵
  PID:11972
- C:\Windows\System\hHuXnDF.exe
  C:\Windows\System\hHuXnDF.exe
  2⤵
  PID:11992
- C:\Windows\System\buoyiTt.exe
  C:\Windows\System\buoyiTt.exe
  2⤵
  PID:12016
- C:\Windows\System\tIjImBx.exe
  C:\Windows\System\tIjImBx.exe
  2⤵
  PID:12040
- C:\Windows\System\ZbtRiTR.exe
  C:\Windows\System\ZbtRiTR.exe
  2⤵
  PID:12096
- C:\Windows\System\ixrPFth.exe
  C:\Windows\System\ixrPFth.exe
  2⤵
  PID:12116
- C:\Windows\System\vsrlVRd.exe
  C:\Windows\System\vsrlVRd.exe
  2⤵
  PID:12136
- C:\Windows\System\KUytLeX.exe
  C:\Windows\System\KUytLeX.exe
  2⤵
  PID:12172
- C:\Windows\System\vpHrHer.exe
  C:\Windows\System\vpHrHer.exe
  2⤵
  PID:12188
- C:\Windows\System\YMBttZz.exe
  C:\Windows\System\YMBttZz.exe
  2⤵
  PID:12212
- C:\Windows\System\ChtdDaB.exe
  C:\Windows\System\ChtdDaB.exe
  2⤵
  PID:12244
- C:\Windows\System\VDbTMGc.exe
  C:\Windows\System\VDbTMGc.exe
  2⤵
  PID:12264
- C:\Windows\System\eGwJVRC.exe
  C:\Windows\System\eGwJVRC.exe
  2⤵
  PID:11304
- C:\Windows\System\XXwaLXn.exe
  C:\Windows\System\XXwaLXn.exe
  2⤵
  PID:4232
- C:\Windows\System\YSHBGBz.exe
  C:\Windows\System\YSHBGBz.exe
  2⤵
  PID:11368
- C:\Windows\System\DNIPKjO.exe
  C:\Windows\System\DNIPKjO.exe
  2⤵
  PID:11436
- C:\Windows\System\NMkqDkE.exe
  C:\Windows\System\NMkqDkE.exe
  2⤵
  PID:11472
- C:\Windows\System\dgyECjf.exe
  C:\Windows\System\dgyECjf.exe
  2⤵
  PID:11516
- C:\Windows\System\qpkTMSj.exe
  C:\Windows\System\qpkTMSj.exe
  2⤵
  PID:4892
- C:\Windows\System\mzeMZwA.exe
  C:\Windows\System\mzeMZwA.exe
  2⤵
  PID:11604
- C:\Windows\System\AysogGf.exe
  C:\Windows\System\AysogGf.exe
  2⤵
  PID:11668
- C:\Windows\System\zrdGMyP.exe
  C:\Windows\System\zrdGMyP.exe
  2⤵
  PID:11768
- C:\Windows\System\MNJrnbs.exe
  C:\Windows\System\MNJrnbs.exe
  2⤵
  PID:11896
- C:\Windows\System\tMDYTPS.exe
  C:\Windows\System\tMDYTPS.exe
  2⤵
  PID:9484
- C:\Windows\System\JwQDAxa.exe
  C:\Windows\System\JwQDAxa.exe
  2⤵
  PID:12036
- C:\Windows\System\Zobgvkj.exe
  C:\Windows\System\Zobgvkj.exe
  2⤵
  PID:12084
- C:\Windows\System\WMoNrYt.exe
  C:\Windows\System\WMoNrYt.exe
  2⤵
  PID:12180
- C:\Windows\System\fhfgxkI.exe
  C:\Windows\System\fhfgxkI.exe
  2⤵
  PID:12236
- C:\Windows\System\MvCxkfj.exe
  C:\Windows\System\MvCxkfj.exe
  2⤵
  PID:11308
- C:\Windows\System\AfIKQDg.exe
  C:\Windows\System\AfIKQDg.exe
  2⤵
  PID:4004
- C:\Windows\System\aZjgilW.exe
  C:\Windows\System\aZjgilW.exe
  2⤵
  PID:11404
- C:\Windows\System\oBcEvMP.exe
  C:\Windows\System\oBcEvMP.exe
  2⤵
  PID:11488
- C:\Windows\System\QbPAzTl.exe
  C:\Windows\System\QbPAzTl.exe
  2⤵
  PID:11580
- C:\Windows\System\mNvRffY.exe
  C:\Windows\System\mNvRffY.exe
  2⤵
  PID:11664
- C:\Windows\System\mtltKFT.exe
  C:\Windows\System\mtltKFT.exe
  2⤵
  PID:2408
- C:\Windows\System\maxNKEF.exe
  C:\Windows\System\maxNKEF.exe
  2⤵
  PID:11824
- C:\Windows\System\hfOwUXr.exe
  C:\Windows\System\hfOwUXr.exe
  2⤵
  PID:12000
- C:\Windows\System\TgSkyqN.exe
  C:\Windows\System\TgSkyqN.exe
  2⤵
  PID:12272
- C:\Windows\System\mhyBISi.exe
  C:\Windows\System\mhyBISi.exe
  2⤵
  PID:11408
- C:\Windows\System\UWPdNtV.exe
  C:\Windows\System\UWPdNtV.exe
  2⤵
  PID:11804
- C:\Windows\System\xleiYMy.exe
  C:\Windows\System\xleiYMy.exe
  2⤵
  PID:11852
- C:\Windows\System\cSpbgFN.exe
  C:\Windows\System\cSpbgFN.exe
  2⤵
  PID:12008
- C:\Windows\System\AyrRHAh.exe
  C:\Windows\System\AyrRHAh.exe
  2⤵
  PID:12304
- C:\Windows\System\BfLMSnq.exe
  C:\Windows\System\BfLMSnq.exe
  2⤵
  PID:12328
- C:\Windows\System\bfCpUIS.exe
  C:\Windows\System\bfCpUIS.exe
  2⤵
  PID:12376
- C:\Windows\System\ZMPGYps.exe
  C:\Windows\System\ZMPGYps.exe
  2⤵
  PID:12396
- C:\Windows\System\SOcrvVh.exe
  C:\Windows\System\SOcrvVh.exe
  2⤵
  PID:12456
- C:\Windows\System\PFprGUu.exe
  C:\Windows\System\PFprGUu.exe
  2⤵
  PID:12476
- C:\Windows\System\ZljhlzF.exe
  C:\Windows\System\ZljhlzF.exe
  2⤵
  PID:12500
- C:\Windows\System\PxUGITj.exe
  C:\Windows\System\PxUGITj.exe
  2⤵
  PID:12520
- C:\Windows\System\pXbQVDS.exe
  C:\Windows\System\pXbQVDS.exe
  2⤵
  PID:12540
- C:\Windows\System\xXPXDFV.exe
  C:\Windows\System\xXPXDFV.exe
  2⤵
  PID:12560
- C:\Windows\System\dWVyEuH.exe
  C:\Windows\System\dWVyEuH.exe
  2⤵
  PID:12600
- C:\Windows\System\kOJmuQc.exe
  C:\Windows\System\kOJmuQc.exe
  2⤵
  PID:12644
- C:\Windows\System\oltJoqV.exe
  C:\Windows\System\oltJoqV.exe
  2⤵
  PID:12676
- C:\Windows\System\gqZLunV.exe
  C:\Windows\System\gqZLunV.exe
  2⤵
  PID:12692
- C:\Windows\System\ERcXbUe.exe
  C:\Windows\System\ERcXbUe.exe
  2⤵
  PID:12712
- C:\Windows\System\YlWQekH.exe
  C:\Windows\System\YlWQekH.exe
  2⤵
  PID:12736
- C:\Windows\System\ynRNeVp.exe
  C:\Windows\System\ynRNeVp.exe
  2⤵
  PID:12756
- C:\Windows\System\ShCpGdI.exe
  C:\Windows\System\ShCpGdI.exe
  2⤵
  PID:12832
- C:\Windows\System\PnEhqFf.exe
  C:\Windows\System\PnEhqFf.exe
  2⤵
  PID:12892
- C:\Windows\System\lmYtCDG.exe
  C:\Windows\System\lmYtCDG.exe
  2⤵
  PID:12932
- C:\Windows\System\AeQRoxk.exe
  C:\Windows\System\AeQRoxk.exe
  2⤵
  PID:12952
- C:\Windows\System\uSVzfSH.exe
  C:\Windows\System\uSVzfSH.exe
  2⤵
  PID:12972
- C:\Windows\System\HVikVMx.exe
  C:\Windows\System\HVikVMx.exe
  2⤵
  PID:12988
- C:\Windows\System\UhWdrls.exe
  C:\Windows\System\UhWdrls.exe
  2⤵
  PID:13016
- C:\Windows\System\EcdRkBG.exe
  C:\Windows\System\EcdRkBG.exe
  2⤵
  PID:13044
- C:\Windows\System\EpNmlkI.exe
  C:\Windows\System\EpNmlkI.exe
  2⤵
  PID:13064
- C:\Windows\System\NQjUMAj.exe
  C:\Windows\System\NQjUMAj.exe
  2⤵
  PID:13084
- C:\Windows\System\jHstQUS.exe
  C:\Windows\System\jHstQUS.exe
  2⤵
  PID:13112
- C:\Windows\System\tbNfyfq.exe
  C:\Windows\System\tbNfyfq.exe
  2⤵
  PID:13180
- C:\Windows\System\MthvWAa.exe
  C:\Windows\System\MthvWAa.exe
  2⤵
  PID:13196
- C:\Windows\System\aUPQqpQ.exe
  C:\Windows\System\aUPQqpQ.exe
  2⤵
  PID:13220
- C:\Windows\System\dpOBamG.exe
  C:\Windows\System\dpOBamG.exe
  2⤵
  PID:13272
- C:\Windows\System\NnvQlMP.exe
  C:\Windows\System\NnvQlMP.exe
  2⤵
  PID:13292
- C:\Windows\System\URmzsKd.exe
  C:\Windows\System\URmzsKd.exe
  2⤵
  PID:10436
- C:\Windows\System\dDxHWau.exe
  C:\Windows\System\dDxHWau.exe
  2⤵
  PID:12028
- C:\Windows\System\FNAEiKC.exe
  C:\Windows\System\FNAEiKC.exe
  2⤵
  PID:12296
- C:\Windows\System\TxCZUdP.exe
  C:\Windows\System\TxCZUdP.exe
  2⤵
  PID:12840
- C:\Windows\System\LKrRAQz.exe
  C:\Windows\System\LKrRAQz.exe
  2⤵
  PID:12728
- C:\Windows\System\VVNBpBz.exe
  C:\Windows\System\VVNBpBz.exe
  2⤵
  PID:12800
- C:\Windows\System\DXNqNjs.exe
  C:\Windows\System\DXNqNjs.exe
  2⤵
  PID:12828
- C:\Windows\System\WaMDXWF.exe
  C:\Windows\System\WaMDXWF.exe
  2⤵
  PID:13136
- C:\Windows\System\qGESCuH.exe
  C:\Windows\System\qGESCuH.exe
  2⤵
  PID:13204
- C:\Windows\System\WziIQYf.exe
  C:\Windows\System\WziIQYf.exe
  2⤵
  PID:13256
- C:\Windows\System\rUDCLat.exe
  C:\Windows\System\rUDCLat.exe
  2⤵
  PID:12240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dyndswac.lox.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BOaievA.exe

Filesize
1.9MB

MD5
709984683d2974d4ce940962d06a84fa

SHA1
64fd0f6e3f932ed1770c7a36e3a66ae0ba6a18c1

SHA256
faf24fe1531984e03680d9847c1e46caf0d995920d60efa0ffffa55b0f165222

SHA512
6093c4a6409aee8d312eb970ba62c70b5cdc255700cec19c7b333d7cda90fc5592fca4f3af118973dfec9bcfecfec720655d5f8bd655c788b43252761951f037

Download Submit
C:\Windows\System\BPOFHbS.exe

Filesize
1.9MB

MD5
304da44df69e4cafd5476006d2e6ea10

SHA1
d92af358bfbdd74162dcad3788a4fc7044b62cc8

SHA256
72e9c02aaf3d829ca47c8e9a8f6390e9cc29f96e84776f8f5f514c726df7e49e

SHA512
b6985b3406506bc99bfff874ca1700e3dc9033f5a70673387e2bb5b7376cf3bd02df0c4ebfdf0606dfcc9b1ff059d693bce3a57a1d9bb4ef941fefba66cf55ab

Download Submit
C:\Windows\System\CNUSyTq.exe

Filesize
1.9MB

MD5
297b63c765edaca056da790589f5809f

SHA1
6d13d14412802d8caa4ee754b200396b546d308b

SHA256
6fa20be0e48a741b8b4ed4a7f721fca4f28626b06fe8129bf002f9455a2a20e8

SHA512
fd5e06dd86c2ccd8c7b5798cf53938cb9eaa9a79d691adfea2b363562acff3c5713bce43a9fccb84295f4d9183f67ec92980151c347f327c377e175890f9fb71

Download Submit
C:\Windows\System\EQmiqYv.exe

Filesize
1.9MB

MD5
fff419b6a375b3e05c83ccd1f3b9aa23

SHA1
c1bf0b72e37183b484f60c2497c35d645248124b

SHA256
e2ade04b9e200ff6ec950b9d29769c321c8e8ca1ed88740de28b706fdac689d2

SHA512
9be68533ad499217f4a35f3037ac659189e3162b2e5c815650f2606b18128136813c64d1f0514ec0bb3fafc25579672cb5c030074c991cca3e06e8ca414ffb33

Download Submit
C:\Windows\System\IpNVQxR.exe

Filesize
1.9MB

MD5
839d327c7e6e6cb186131b391f15865c

SHA1
3e584a906d09613e0efb0213e0ce1caa990966f4

SHA256
39cf39169914e349a6ef5c0425e6996d98368105d3a330e370c87aaf0eccc827

SHA512
85ce5ef2ea122fe1500010320a4d39ca06a7a60a459b4f19ede70e046c2a046b35812c50befbb9b0a7ff96a332e081f5daa236a619f7ee378d62f2a6300e8943

Download Submit
C:\Windows\System\KZTvFdC.exe

Filesize
1.9MB

MD5
f2b8ad6d3c581e6207d98ae4746e13ce

SHA1
e1c326a4058799e80014d89582a3328eb462e0fd

SHA256
bdf04f843a86463c391664be6713b86decaafe5b2a74e2e32620fcc3c8e5f18c

SHA512
85b204f75e50f9b610ab34ad1ff39aa4c7e9c07303cb5f4571ba3a2cee86bd4358917cc9993c2f701e0aac54ee3d90c2d7ca564b08ae2c9adaf83d0c6316a1dd

Download Submit
C:\Windows\System\MhgaGkG.exe

Filesize
1.9MB

MD5
e94fd83704ddb2386f33f7cde19decf8

SHA1
077aefec86cf1287a008d78d458f95feb9e571fd

SHA256
e39b0bcc9bce1fa0e522c9ad4220d6065cebad9069c8dbadb46dce3c1e81880e

SHA512
4797c6017b983462b0cd88fe25d526e50123a61011059f4d97c0215802576a0a06fbb64bfcf78cbde55f7aafea6fbec7037dba97d443bb872ecf9d3a1077af87

Download Submit
C:\Windows\System\MmpVGYe.exe

Filesize
1.9MB

MD5
b9ae41a0bccd323ad279facc0c4f7e25

SHA1
d52a9849288c49b25d49f12f5f1199d0faa33d34

SHA256
a4d5654228a996bc93affcb1972b3acdb9573419af8e274b6e78beb82ea7882a

SHA512
057e0111190d71d9836410466a9fa264e190e8a2d2e421fb919ce213b537780fe78c14a1e5810c347c63e3466af0699ed5b32d81950547a2dec1735e0d4f70bc

Download Submit
C:\Windows\System\OTaDYTx.exe

Filesize
1.9MB

MD5
33562c77fcbfa4443e6638e32088aebc

SHA1
6494701a9807bb23bdd18ac750dae2c8aaf7da41

SHA256
05e4341dfc3b227d77a127c0b70f6b7a280afbebf302812871573e8488914a2b

SHA512
93086615cfeeffacc846d22a2a18827d11974919fcebe8a6c88a54785629da07c729da0de5301faf4a74298723cb4bbb92f812bfdf108d80a372005506f879b1

Download Submit
C:\Windows\System\QZttSZc.exe

Filesize
1.9MB

MD5
fe134f94048da851d1cd905276c5122b

SHA1
fed3796c4a3444938f4a546b59c476415947b6ef

SHA256
a314e7e3b7b4ac25e58370d6b5e07232458301e3acb335e9b84ba65f511a793c

SHA512
e00d8b961bc4a429756209f4d79a8165fb01c1e38fea7264dfc5670756af5b172082e5a4bc20b8da1ad373bf2dcbcacc46b8344bc64a3c82a3a12921699ac1af

Download Submit
C:\Windows\System\RJSgvkf.exe

Filesize
1.9MB

MD5
13c0e2431a401a0c87b946ef0fead971

SHA1
9c307f6ace3e99ef943f6d657635b10566114fdb

SHA256
586149935a311f9c3ae3a5efb558fe02162d31683e826b127b9c81d0fab5ed78

SHA512
dbea777c7cd6127f5bf6dc4a7c5374a27df3a52f6912b1f3d816ea581c9eb8089d7adf6892558535c597d5273a2b128c69aac3565b9b11696aa42a773d84476f

Download Submit
C:\Windows\System\TwknPMk.exe

Filesize
1.9MB

MD5
0b1985c6a1171f5e5c19929c343597eb

SHA1
b014b7d9af953d1071a591fde917cf069fd865b2

SHA256
c97629e236912f2a269be030352b605bbe9655c3714a0bf39eaadb550379626a

SHA512
5fdfab81d4510ac11145ef6e5aef289e999cbc064c8598647c9d991a3c4808aecab1c0c143aa69e97436f3bccd2edbb3f59bdd442017053f5dad40eacff5efd6

Download Submit
C:\Windows\System\XJyLeYZ.exe

Filesize
1.9MB

MD5
70b68686eaf23318edba0841eee426d3

SHA1
9282070684eebab9d609307bc259708081558e49

SHA256
038822ea160115740d3eeee2084df54b002894cd8e6939c5d62acf91c9704dee

SHA512
e3bc74ff5b383af6b477b927c9a00d1964b41543a1008e604544b3710025527d787f734c656c3e11b5709f6328e70381e3b6701956315b427279ac5e5d836ccc

Download Submit
C:\Windows\System\aKfSuvR.exe

Filesize
1.9MB

MD5
6ce47e9b7d196dc8e8fd6a40f29856f5

SHA1
3fee9f86e80985e9805216267c25f0b7288453e9

SHA256
377f976a4b3ee02feacc808baa8dbe6106e0c0bde1f8d36bd043dc5d4bc0123e

SHA512
712cac588509a996e8775d273da5812b0d943edb957b89bf871199e5416c93f2293c905c89a4d4bc2b7370e999450524d2d1e513304e6f54d2d6dad6a168a565

Download Submit
C:\Windows\System\bdeUQbj.exe

Filesize
1.9MB

MD5
03b7fa74671342bc52543bcb6666c19d

SHA1
0041f42147b9d1dff7c6ef4e70fab270e9f71390

SHA256
cdb83586a7b97a13e128cafc4c259bc0778479e31efd2de558d464c6fea81ff6

SHA512
151241a315990898f8253e5fcb9ccfedb23f44ca6f24fb468e90ce9bc23da6a528b77da89b56e1eda2e2a4d03571c872a2b77324449a1c10857a6b2f747b79e9

Download Submit
C:\Windows\System\bjkaZXt.exe

Filesize
1.9MB

MD5
698cfe8ecc31614c8945488e3c9b44af

SHA1
cd56f0b4aba4f21430d43a0f444e6596fb37798f

SHA256
ab5c57445b2ac4e6a1cb095c11a439214eda9e23c281ff7ee2f43f23620d38f4

SHA512
b00c8721f9e86e8dc6e5854ea2ae40ab3769b713a6614bf6de96e7af2181351f5c8da2cc9a1a7fa9fe5af1ae39a8b7865c6b783ad50bf2c87a971a094e6a61a6

Download Submit
C:\Windows\System\cTyOdze.exe

Filesize
1.9MB

MD5
da39a0665df7b8a5c9b2d9df6837a3f9

SHA1
4400c5f8b93639829620fea9c46befa69224f75b

SHA256
ca27495613ae1490f0619106e44e3d23bb29a7c5f30455b5589c371037ddb3d5

SHA512
8abfcb04d4e40cd2ce66ff6003f6981f8b550d594b995f5ff0a1bedd980f576ce40598b4099ca65abcf5fce221f1cb4ab7eb59988555445c028468855523e1ed

Download Submit
C:\Windows\System\dILekrT.exe

Filesize
1.9MB

MD5
b1bf4d4d662a9769711c469ef250bc9c

SHA1
00b12a2afaf671c0a3ac4e8aeb793ab150b5c113

SHA256
9950da43d73e657c32b85e70e05d1df956827be3deea05735b279947dcd91146

SHA512
40630d0e9b63597eaf07f896d5d00e3cc492bec549426a6892e014c4ce8bc297fc0565174fd5bf32c7cdc78ad7780bdf56c2bde6836c070eff1301724c3d526c

Download Submit
C:\Windows\System\ebPbVuG.exe

Filesize
1.9MB

MD5
7d424e7c55ba496ca547aff2ff3614e4

SHA1
26301553035d09d27830002d119b4bbdf700731e

SHA256
e3021bbfb6e21ab208040e2241e06e2eed58f0c5aa31f8e81452e8d9f5aaed3f

SHA512
7f01875d802e184674c60e659c14e0b70940366564562fca635a79f886254d293c98d36c5360eebc7b6cd27e8bdb9fd83f26a73a6d582dc59ab411a3417595b5

Download Submit
C:\Windows\System\hDdTsZo.exe

Filesize
1.9MB

MD5
8781e92c4c842dc0d88f8b0001683c3c

SHA1
811fa990f731e1e97cce411100f35e3556fd914f

SHA256
7a5fe79195ea154b67b2b7c3806adaacb36745c50517dcf6f3e92d1338b5a04c

SHA512
cc3bfc734262e823c974a7a73204a8638c9842a5e48a1366945cceaa866d32d31f2a90ff3d299362ac7c4f629c8e5d118f96251dcb1862ed54631df7cf69247f

Download Submit
C:\Windows\System\hKBiBPH.exe

Filesize
1.9MB

MD5
d43b4cb99f196cd7f53222136b7928ab

SHA1
55d9dd348ade982d321af35a22a59503ee122563

SHA256
3de2b40f145617cc2ef56dffb75bdb764a8dfa75db78deb80f1c286f6754e48b

SHA512
8e490d004cd9531bc61798bec9ec4d93ae353a2f5e165fa55ac712728223d4ecf688283d9514eb0e5d0403f6d5fa4c53b9e618a7f12289d6da0d19bca1d54deb

Download Submit
C:\Windows\System\joTUKsi.exe

Filesize
1.9MB

MD5
3fe2fbb499451056600137e422202065

SHA1
2cc99c3a9b79f49bb5325e80d7cbf60d6a979548

SHA256
b36648c470cc224be3481ad8f2bb516496f060d77bb65da6f478e2397c5a5b19

SHA512
3fffe1c2bbe393815367a8509e0a5bb191c83fe91d5bccec1e86227cb948a33a856aab25b141b08af4e1f47595bc012e485d600832b1c8d21aa7d8daf33790f2

Download Submit
C:\Windows\System\kllLdDk.exe

Filesize
1.9MB

MD5
c0372afce5740dc4f98c9b18221aadcf

SHA1
793674c387518f2f56be54e66ab267a33e573f56

SHA256
f5933bc30850623cd8019c2b7f2759984ee3eb21b9a479c0395172ee32acb166

SHA512
1dbdd72737aaaccd28439024178b5106629905c5bf35d3618cddacf6d0dd7355a8a39b2246b7c9198b3c47dea9553806b5ae3b0b846ea6315293e5b4850bcb8d

Download Submit
C:\Windows\System\lKQUFTZ.exe

Filesize
1.9MB

MD5
43e6324745723f915704ab1ccc635145

SHA1
aac40eced2877bda62256b81f0fe3d257b2ad747

SHA256
807ef164cd56603a216b1784abf870cab94b205ba374a835f355102e5d687770

SHA512
9a5502dc71e6aedde8f8e15bf82168ed06d4eedb6275c26ba06e6cba20a8bcc97c4d5a5657c0978201afb38f4852511a5757ba68dedaef76e81b7834f2ddca6d

Download Submit
C:\Windows\System\lzOXApF.exe

Filesize
1.9MB

MD5
2678e770c9f81e04248f64ac486d41f3

SHA1
307bcdcd8dc2642610d54f38fe7c58094a1764f8

SHA256
bb15a2e2c5f6ab9aadb33053b0fa896b6312ecd55110604574efa4fcf0e777f8

SHA512
2914bbfddcbd39e80e0b20d39ed8fbf911703633484ef51c3e159cf9522f672919dcfe564c03f6e18916bbab305ba2965a7ebeb7b973009b1024098ef8fc8caf

Download Submit
C:\Windows\System\ndrsCCm.exe

Filesize
1.9MB

MD5
66e71c382f371ee7c22e08e000c1315f

SHA1
84346077891dde2a1443b74cc38255b41d44bdc7

SHA256
cc3efdd6511522dab0e245b8e26d1abd0ddb6c101d1e56553a687833ab0606c3

SHA512
7246cc75e518b1484d5424d70594fde4ff248edc9e63d8ca5c9353923f29ee3b2ca451047e7c3d0cc278d24adf7f441903abc1ae1fdd5c855ae77894149a1c64

Download Submit
C:\Windows\System\ofevqJo.exe

Filesize
8B

MD5
9e16362b7eef9ff59cf4576b688fec20

SHA1
58714a79316bdda8b345ca47c2a7e8087e024871

SHA256
cb157cd47cb9ddacb8fa194262e9cc1364ca68490d93ad041938e77ef90ead7c

SHA512
53056e2e9a952538e1c61538c2bad2166adaf2d4a03d0e97e211329cd7f80967988343aa21690b08c2f1ad6d3fabfdc6095392f57b127d575de79d724d1a09de

Download Submit
C:\Windows\System\uYBdhfU.exe

Filesize
1.9MB

MD5
4c1808174909f024b22c215f2a64b79e

SHA1
b7b33be709cec89bda33b22c6e53986ea9bd9dcb

SHA256
60f6a3ba0475d7c4db9bcf18631408e7d146b00f3255c24d1d009c1b0a5195a6

SHA512
be6073c0cf6d8cbe34b5b6739b7dcc2991b47375bcaf5d9fcd475b129ce0f54fa9a0d2d3545b94ed7033c6805c4367451e7e4acb300353dad2931133048ca272

Download Submit
C:\Windows\System\ukqZCBI.exe

Filesize
1.9MB

MD5
770ce100d0bc98200b7f5dbc77186791

SHA1
a3fc7d734fc66bc3d0fedd5edaa303caa970548c

SHA256
149c37abe626a264a9096ba3e42a1591efa4d304476388d5665c36041ad48092

SHA512
b2faf5dfec2f165fbf7ec268574551c9db5dd5577d3193dd385659c5c5077f104d6fe7f6fbcfb2108c7f72270df94e9b16e80d3f547ab7bef77585f72c1807a4

Download Submit
C:\Windows\System\ulBftkH.exe

Filesize
1.9MB

MD5
f0e06326a8b922ce758777aed921954b

SHA1
455fc97f5b69946a4cf27de6c670f3d92011c14e

SHA256
6a5ce4bb4b472e6e67b8ce34151ce50a796336f9fa423fe564e4f5b84b1d503b

SHA512
29528917ca140d8ed932670c73104a1831083b5171d5a51c5a7b2144cf2fbf64d8942523a7d6c08a268aa390c8646371ed9a7004826376a9a1b496627b3c3c4f

Download Submit
C:\Windows\System\xWTuKDi.exe

Filesize
1.9MB

MD5
e10b264dead12e2f70c1ce10d724a4b0

SHA1
4cb4612d0ca135cb842a692e1d63267097850f0c

SHA256
aef1ab66e0e3f073a41346ee15e569089942dde7e1f24c252a7b831ee2e518ca

SHA512
fa1373a606ec532873a9ccf2913ed0883e7bf1718990b43e9a94fbe4fdda915bbb0a9b79dec087c4961154956aedbe0587bd22cfebc9126bb8e254a43c67ddc7

Download Submit
C:\Windows\System\yIyumLO.exe

Filesize
1.9MB

MD5
ea049e012267e61b2941543017bff2f4

SHA1
b03b07251086364e4f94cf335ea2d4e886bf3344

SHA256
e6e8df93f04f55d88967cd8fe6408fb777d580b9f1444951e25796bf73e1bd77

SHA512
fb64970bda6bb50db801f5d80ea492c8f7e5b141dbba29312dbf7c81d080b65d51a7c852f9c72531a9b62903b75be859a4de72f28ad874f530ef4e8bc13b5a6d

Download Submit
C:\Windows\System\zMOlmQo.exe

Filesize
1.9MB

MD5
940b523b9cdd6a67bbd6b7a20a516970

SHA1
1343d62a1e08a8b8c6fcbbf4156812590500a217

SHA256
ba210a9790509b9f7a0b5b2e4d0440bb3728f911b1ea0cfe44e22469ce0388ad

SHA512
3888da61d71177323dd1e74aa7b70c94b4634d3691e8ab2a122bd0911710d2ea68e23c0de1f067dca51e634e4c76f0f07da0ef1c6b5d1c82f6c4b87cc9f14550

Download Submit
memory/452-84-0x00007FF6AC8D0000-0x00007FF6ACCC2000-memory.dmp

Filesize
3.9MB

Download
memory/716-2656-0x00007FF759060000-0x00007FF759452000-memory.dmp

Filesize
3.9MB

Download
memory/716-55-0x00007FF759060000-0x00007FF759452000-memory.dmp

Filesize
3.9MB

Download
memory/1064-2659-0x00007FF6C6C80000-0x00007FF6C7072000-memory.dmp

Filesize
3.9MB

Download
memory/1064-63-0x00007FF6C6C80000-0x00007FF6C7072000-memory.dmp

Filesize
3.9MB

Download
memory/1128-41-0x00007FF6BA960000-0x00007FF6BAD52000-memory.dmp

Filesize
3.9MB

Download
memory/1224-281-0x000002E7ABC30000-0x000002E7AC3D6000-memory.dmp

Filesize
7.6MB

Download
memory/1224-81-0x000002E7AB0B0000-0x000002E7AB0D2000-memory.dmp

Filesize
136KB

Download
memory/1224-39-0x000002E790670000-0x000002E790680000-memory.dmp

Filesize
64KB

Download
memory/1224-24-0x00007FFA81D30000-0x00007FFA827F1000-memory.dmp

Filesize
10.8MB

Download
memory/1224-2645-0x000002E790670000-0x000002E790680000-memory.dmp

Filesize
64KB

Download
memory/1480-544-0x00007FF6F8B90000-0x00007FF6F8F82000-memory.dmp

Filesize
3.9MB

Download
memory/1856-539-0x00007FF6D4450000-0x00007FF6D4842000-memory.dmp

Filesize
3.9MB

Download
memory/1872-540-0x00007FF6568A0000-0x00007FF656C92000-memory.dmp

Filesize
3.9MB

Download
memory/2080-64-0x00007FF697020000-0x00007FF697412000-memory.dmp

Filesize
3.9MB

Download
memory/2288-77-0x00007FF7B7B20000-0x00007FF7B7F12000-memory.dmp

Filesize
3.9MB

Download
memory/2460-546-0x00007FF6C4DA0000-0x00007FF6C5192000-memory.dmp

Filesize
3.9MB

Download
memory/2464-90-0x00007FF6B0CE0000-0x00007FF6B10D2000-memory.dmp

Filesize
3.9MB

Download
memory/2556-37-0x00007FF657830000-0x00007FF657C22000-memory.dmp

Filesize
3.9MB

Download
memory/2620-29-0x00007FF6888B0000-0x00007FF688CA2000-memory.dmp

Filesize
3.9MB

Download
memory/2716-73-0x00007FF63C7D0000-0x00007FF63CBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2716-3021-0x00007FF63C7D0000-0x00007FF63CBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2932-545-0x00007FF6D0170000-0x00007FF6D0562000-memory.dmp

Filesize
3.9MB

Download
memory/3400-542-0x00007FF6AB850000-0x00007FF6ABC42000-memory.dmp

Filesize
3.9MB

Download
memory/3432-541-0x00007FF7DE540000-0x00007FF7DE932000-memory.dmp

Filesize
3.9MB

Download
memory/3616-38-0x00007FF7C26B0000-0x00007FF7C2AA2000-memory.dmp

Filesize
3.9MB

Download
memory/3680-87-0x00007FF601190000-0x00007FF601582000-memory.dmp

Filesize
3.9MB

Download
memory/3712-33-0x00007FF70E7E0000-0x00007FF70EBD2000-memory.dmp

Filesize
3.9MB

Download
memory/4068-1-0x000002B0EC080000-0x000002B0EC090000-memory.dmp

Filesize
64KB

Download
memory/4068-0-0x00007FF79A590000-0x00007FF79A982000-memory.dmp

Filesize
3.9MB

Download
memory/4864-543-0x00007FF61D830000-0x00007FF61DC22000-memory.dmp

Filesize
3.9MB

Download