xmrig | aab2a899b90545c701331b0cb8e5578ad9caa3a9af16d5100da8de5a91782ba9

Analysis

max time kernel
67s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
Size

2.2MB
MD5

097f1122af0884521c82a44244507a8d
SHA1

ef2352ddb2904cd69f23eb839411b2ca8afff01d
SHA256

aab2a899b90545c701331b0cb8e5578ad9caa3a9af16d5100da8de5a91782ba9
SHA512

f466c1bdc67543c8f54e4b7bc8af54faca4ca169475bae9d23fb0df3f2dfd3d92524535f054993dd7a9304e86c2c0c20776df4a410c523844def71c2d49badee
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrfJ6XJ:NABz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral2/memory/3348-33-0x00007FF652120000-0x00007FF652512000-memory.dmp	xmrig
behavioral2/memory/5092-62-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp	xmrig
behavioral2/memory/4928-530-0x00007FF713530000-0x00007FF713922000-memory.dmp	xmrig
behavioral2/memory/1040-531-0x00007FF7DC1D0000-0x00007FF7DC5C2000-memory.dmp	xmrig
behavioral2/memory/2368-533-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	xmrig
behavioral2/memory/3432-532-0x00007FF7D2DF0000-0x00007FF7D31E2000-memory.dmp	xmrig
behavioral2/memory/4844-67-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp	xmrig
behavioral2/memory/2720-66-0x00007FF6042E0000-0x00007FF6046D2000-memory.dmp	xmrig
behavioral2/memory/1156-61-0x00007FF778C70000-0x00007FF779062000-memory.dmp	xmrig
behavioral2/memory/3192-546-0x00007FF6EAB40000-0x00007FF6EAF32000-memory.dmp	xmrig
behavioral2/memory/932-559-0x00007FF7B1E50000-0x00007FF7B2242000-memory.dmp	xmrig
behavioral2/memory/220-568-0x00007FF70EBA0000-0x00007FF70EF92000-memory.dmp	xmrig
behavioral2/memory/1948-572-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	xmrig
behavioral2/memory/4656-567-0x00007FF73D6E0000-0x00007FF73DAD2000-memory.dmp	xmrig
behavioral2/memory/2732-563-0x00007FF632120000-0x00007FF632512000-memory.dmp	xmrig
behavioral2/memory/2488-553-0x00007FF6DE9B0000-0x00007FF6DEDA2000-memory.dmp	xmrig
behavioral2/memory/1180-549-0x00007FF7A0E80000-0x00007FF7A1272000-memory.dmp	xmrig
behavioral2/memory/2496-2095-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp	xmrig
behavioral2/memory/1484-2098-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp	xmrig
behavioral2/memory/3652-2112-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp	xmrig
behavioral2/memory/3716-2113-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp	xmrig
behavioral2/memory/2496-2116-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp	xmrig
behavioral2/memory/3652-2143-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp	xmrig
behavioral2/memory/1156-2157-0x00007FF778C70000-0x00007FF779062000-memory.dmp	xmrig
behavioral2/memory/5092-2167-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp	xmrig
behavioral2/memory/4844-2174-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp	xmrig
behavioral2/memory/2720-2155-0x00007FF6042E0000-0x00007FF6046D2000-memory.dmp	xmrig
behavioral2/memory/1484-2145-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp	xmrig
behavioral2/memory/3348-2139-0x00007FF652120000-0x00007FF652512000-memory.dmp	xmrig
behavioral2/memory/220-2194-0x00007FF70EBA0000-0x00007FF70EF92000-memory.dmp	xmrig
behavioral2/memory/2488-2216-0x00007FF6DE9B0000-0x00007FF6DEDA2000-memory.dmp	xmrig
behavioral2/memory/932-2214-0x00007FF7B1E50000-0x00007FF7B2242000-memory.dmp	xmrig
behavioral2/memory/4656-2210-0x00007FF73D6E0000-0x00007FF73DAD2000-memory.dmp	xmrig
behavioral2/memory/1180-2207-0x00007FF7A0E80000-0x00007FF7A1272000-memory.dmp	xmrig
behavioral2/memory/1040-2201-0x00007FF7DC1D0000-0x00007FF7DC5C2000-memory.dmp	xmrig
behavioral2/memory/3432-2198-0x00007FF7D2DF0000-0x00007FF7D31E2000-memory.dmp	xmrig
behavioral2/memory/2368-2197-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	xmrig
behavioral2/memory/2732-2212-0x00007FF632120000-0x00007FF632512000-memory.dmp	xmrig
behavioral2/memory/1948-2183-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	xmrig
behavioral2/memory/3192-2205-0x00007FF6EAB40000-0x00007FF6EAF32000-memory.dmp	xmrig
behavioral2/memory/4928-2203-0x00007FF713530000-0x00007FF713922000-memory.dmp	xmrig
behavioral2/memory/3716-2372-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2496	aFYFcJe.exe
3348	lkgFwxd.exe
1484	xgeaXwk.exe
3652	qxEpVDr.exe
2720	MMDBDVe.exe
4844	sMMiJUY.exe
1156	FfVymLN.exe
5092	SHXiOZt.exe
3716	LqnEayT.exe
4928	THDsLwO.exe
1040	NUHsWMT.exe
3432	Jeogmou.exe
2368	kMZpErd.exe
3192	DRpOklH.exe
1180	XKSHxSY.exe
2488	RvhgOqF.exe
932	YfkChKi.exe
2732	XAwQBsz.exe
4656	LoxsaVO.exe
220	YTiWDJM.exe
1948	jwpwane.exe
988	CwSJxjr.exe
4744	yIbeIif.exe
2784	OagCLIX.exe
4636	tqIJiyU.exe
2352	nhjeXLI.exe
2704	EHNMIxr.exe
3200	LGNWlmj.exe
3176	PkClwax.exe
4044	BWjSDGc.exe
2468	lQOkUOj.exe
1940	GzBJhUg.exe
4088	XMYbLlT.exe
4108	lpsLMRr.exe
2696	ErCYGLG.exe
2424	XbMlZPF.exe
4988	NfoeRas.exe
892	tVvLNGx.exe
1308	khxeHsx.exe
3476	yBkSNCO.exe
940	zLBRyRa.exe
388	bLTjPtl.exe
952	HfjYnfG.exe
4524	XxeJYJB.exe
1644	susyHvU.exe
4900	kAtuiGZ.exe
2376	LwOdJjH.exe
1536	hvIWHfY.exe
4896	bAyPxdn.exe
2524	SdjJTgw.exe
4460	nKJSwdp.exe
4556	dZWLkpP.exe
1496	KZjnMEc.exe
2088	RHgOGEr.exe
3984	JdMjXWJ.exe
2896	fLkwJYQ.exe
4288	AfJJjCq.exe
2948	snjTKmv.exe
2736	CMthACi.exe
216	UBWavpx.exe
4428	jZXSWlD.exe
4244	jovvhSc.exe
4340	EsQeMXF.exe
1396	bFpanBU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4960-0-0x00007FF753E70000-0x00007FF754262000-memory.dmp	upx
behavioral2/files/0x000b000000023b97-5.dat	upx
behavioral2/files/0x000a000000023b9b-14.dat	upx
behavioral2/files/0x000a000000023b9d-16.dat	upx
behavioral2/files/0x000a000000023b9e-27.dat	upx
behavioral2/files/0x000a000000023b9c-23.dat	upx
behavioral2/memory/1484-21-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp	upx
behavioral2/memory/3652-24-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp	upx
behavioral2/memory/2496-17-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp	upx
behavioral2/memory/3348-33-0x00007FF652120000-0x00007FF652512000-memory.dmp	upx
behavioral2/files/0x000a000000023ba1-43.dat	upx
behavioral2/files/0x000a000000023ba0-41.dat	upx
behavioral2/files/0x000a000000023ba2-60.dat	upx
behavioral2/memory/5092-62-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp	upx
behavioral2/files/0x000b000000023ba4-70.dat	upx
behavioral2/files/0x000b000000023ba3-75.dat	upx
behavioral2/files/0x000a000000023ba8-99.dat	upx
behavioral2/files/0x000a000000023ba9-104.dat	upx
behavioral2/files/0x000a000000023bab-116.dat	upx
behavioral2/files/0x000a000000023bb1-138.dat	upx
behavioral2/files/0x0031000000023bb8-178.dat	upx
behavioral2/files/0x000a000000023bba-183.dat	upx
behavioral2/files/0x000a000000023bb9-180.dat	upx
behavioral2/files/0x0031000000023bb7-174.dat	upx
behavioral2/files/0x0031000000023bb6-168.dat	upx
behavioral2/files/0x000a000000023bb5-164.dat	upx
behavioral2/files/0x000a000000023bb4-161.dat	upx
behavioral2/files/0x000a000000023bb3-156.dat	upx
behavioral2/files/0x000a000000023bb2-151.dat	upx
behavioral2/files/0x000a000000023bb0-141.dat	upx
behavioral2/files/0x000a000000023baf-136.dat	upx
behavioral2/files/0x000a000000023bae-131.dat	upx
behavioral2/files/0x000a000000023bad-126.dat	upx
behavioral2/files/0x000a000000023bac-121.dat	upx
behavioral2/files/0x000a000000023baa-111.dat	upx
behavioral2/files/0x000a000000023ba7-93.dat	upx
behavioral2/files/0x000a000000023ba6-89.dat	upx
behavioral2/files/0x000a000000023ba5-84.dat	upx
behavioral2/memory/4928-530-0x00007FF713530000-0x00007FF713922000-memory.dmp	upx
behavioral2/memory/1040-531-0x00007FF7DC1D0000-0x00007FF7DC5C2000-memory.dmp	upx
behavioral2/memory/2368-533-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	upx
behavioral2/memory/3432-532-0x00007FF7D2DF0000-0x00007FF7D31E2000-memory.dmp	upx
behavioral2/memory/4844-67-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp	upx
behavioral2/memory/2720-66-0x00007FF6042E0000-0x00007FF6046D2000-memory.dmp	upx
behavioral2/memory/3716-63-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp	upx
behavioral2/memory/1156-61-0x00007FF778C70000-0x00007FF779062000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-40.dat	upx
behavioral2/memory/3192-546-0x00007FF6EAB40000-0x00007FF6EAF32000-memory.dmp	upx
behavioral2/memory/932-559-0x00007FF7B1E50000-0x00007FF7B2242000-memory.dmp	upx
behavioral2/memory/220-568-0x00007FF70EBA0000-0x00007FF70EF92000-memory.dmp	upx
behavioral2/memory/1948-572-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp	upx
behavioral2/memory/4656-567-0x00007FF73D6E0000-0x00007FF73DAD2000-memory.dmp	upx
behavioral2/memory/2732-563-0x00007FF632120000-0x00007FF632512000-memory.dmp	upx
behavioral2/memory/2488-553-0x00007FF6DE9B0000-0x00007FF6DEDA2000-memory.dmp	upx
behavioral2/memory/1180-549-0x00007FF7A0E80000-0x00007FF7A1272000-memory.dmp	upx
behavioral2/memory/2496-2095-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp	upx
behavioral2/memory/1484-2098-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp	upx
behavioral2/memory/3652-2112-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp	upx
behavioral2/memory/3716-2113-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp	upx
behavioral2/memory/2496-2116-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp	upx
behavioral2/memory/3652-2143-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp	upx
behavioral2/memory/1156-2157-0x00007FF778C70000-0x00007FF779062000-memory.dmp	upx
behavioral2/memory/5092-2167-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp	upx
behavioral2/memory/4844-2174-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ljhfWOA.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\bZygrTs.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\IfUFkAk.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\pEOZOls.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\vCowlzy.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\GWmUUul.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\ItcsfXx.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\nrmHplF.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\AkUueEK.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\qHRDjGB.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\JotTkBM.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\QkqrEEQ.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\IgBRyfw.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\YTiWDJM.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\ZmTtINb.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\YQePKYQ.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\PRbIcDp.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\IDjHIOJ.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\HjbhzbB.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\Gyfppcq.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\RaWFWtw.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\iYtPOJi.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\bVigNGC.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\wyIQCfM.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\ckAcCAj.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\VatkIjs.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\YwDJQha.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\zyQXdZp.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\QdbPqWc.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\lEXMZaK.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\TUCKgwv.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\AkwWANG.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\WYGphys.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\XWfWOmi.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\AkRANpm.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\HVCiuLj.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\THDsLwO.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\CVdBadD.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\EKatrhD.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\dBDISrt.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\khxeHsx.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DWRwcmu.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\QXAVypn.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DlvpjYo.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\nhIRKTN.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DFsJqNX.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DRpOklH.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\yIbeIif.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\LwOdJjH.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\LeZEhLL.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\ykucKpq.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\PDbvXtr.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\kwrkjlL.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\VDwKUHU.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\SNlPmBe.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\APOetOO.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\sOaeWiA.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DEFXAqP.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\XjhHrlM.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\TJEDVgM.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\XtdYTSd.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\uKgyNRg.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\DoQeyxn.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
File created	C:\Windows\System\vestjPw.exe	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2444	powershell.exe
2444	powershell.exe
2444	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
Token: SeDebugPrivilege	2444	powershell.exe
Token: SeLockMemoryPrivilege	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2444	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	85
PID 4960 wrote to memory of 2444	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	85
PID 4960 wrote to memory of 2496	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	86
PID 4960 wrote to memory of 2496	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	86
PID 4960 wrote to memory of 3348	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	87
PID 4960 wrote to memory of 3348	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	87
PID 4960 wrote to memory of 1484	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	88
PID 4960 wrote to memory of 1484	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	88
PID 4960 wrote to memory of 3652	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	89
PID 4960 wrote to memory of 3652	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	89
PID 4960 wrote to memory of 2720	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	90
PID 4960 wrote to memory of 2720	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	90
PID 4960 wrote to memory of 4844	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	91
PID 4960 wrote to memory of 4844	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	91
PID 4960 wrote to memory of 1156	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	92
PID 4960 wrote to memory of 1156	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	92
PID 4960 wrote to memory of 5092	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	93
PID 4960 wrote to memory of 5092	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	93
PID 4960 wrote to memory of 3716	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	94
PID 4960 wrote to memory of 3716	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	94
PID 4960 wrote to memory of 4928	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	95
PID 4960 wrote to memory of 4928	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	95
PID 4960 wrote to memory of 1040	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	96
PID 4960 wrote to memory of 1040	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	96
PID 4960 wrote to memory of 3432	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	97
PID 4960 wrote to memory of 3432	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	97
PID 4960 wrote to memory of 2368	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	98
PID 4960 wrote to memory of 2368	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	98
PID 4960 wrote to memory of 3192	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	99
PID 4960 wrote to memory of 3192	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	99
PID 4960 wrote to memory of 1180	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	100
PID 4960 wrote to memory of 1180	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	100
PID 4960 wrote to memory of 2488	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	101
PID 4960 wrote to memory of 2488	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	101
PID 4960 wrote to memory of 932	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	102
PID 4960 wrote to memory of 932	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	102
PID 4960 wrote to memory of 2732	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	103
PID 4960 wrote to memory of 2732	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	103
PID 4960 wrote to memory of 4656	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	104
PID 4960 wrote to memory of 4656	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	104
PID 4960 wrote to memory of 220	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	105
PID 4960 wrote to memory of 220	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	105
PID 4960 wrote to memory of 1948	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	106
PID 4960 wrote to memory of 1948	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	106
PID 4960 wrote to memory of 988	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	107
PID 4960 wrote to memory of 988	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	107
PID 4960 wrote to memory of 4744	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	108
PID 4960 wrote to memory of 4744	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	108
PID 4960 wrote to memory of 2784	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	109
PID 4960 wrote to memory of 2784	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	109
PID 4960 wrote to memory of 4636	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	110
PID 4960 wrote to memory of 4636	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	110
PID 4960 wrote to memory of 2352	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	111
PID 4960 wrote to memory of 2352	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	111
PID 4960 wrote to memory of 2704	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	112
PID 4960 wrote to memory of 2704	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	112
PID 4960 wrote to memory of 3200	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	113
PID 4960 wrote to memory of 3200	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	113
PID 4960 wrote to memory of 3176	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	114
PID 4960 wrote to memory of 3176	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	114
PID 4960 wrote to memory of 4044	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	115
PID 4960 wrote to memory of 4044	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	115
PID 4960 wrote to memory of 2468	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	116
PID 4960 wrote to memory of 2468	4960	097f1122af0884521c82a44244507a8d_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\097f1122af0884521c82a44244507a8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\097f1122af0884521c82a44244507a8d_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2444
- C:\Windows\System\aFYFcJe.exe
  C:\Windows\System\aFYFcJe.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\lkgFwxd.exe
  C:\Windows\System\lkgFwxd.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\xgeaXwk.exe
  C:\Windows\System\xgeaXwk.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\qxEpVDr.exe
  C:\Windows\System\qxEpVDr.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\MMDBDVe.exe
  C:\Windows\System\MMDBDVe.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\sMMiJUY.exe
  C:\Windows\System\sMMiJUY.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\FfVymLN.exe
  C:\Windows\System\FfVymLN.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\SHXiOZt.exe
  C:\Windows\System\SHXiOZt.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\LqnEayT.exe
  C:\Windows\System\LqnEayT.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\THDsLwO.exe
  C:\Windows\System\THDsLwO.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\NUHsWMT.exe
  C:\Windows\System\NUHsWMT.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\Jeogmou.exe
  C:\Windows\System\Jeogmou.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\kMZpErd.exe
  C:\Windows\System\kMZpErd.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\DRpOklH.exe
  C:\Windows\System\DRpOklH.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\XKSHxSY.exe
  C:\Windows\System\XKSHxSY.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\RvhgOqF.exe
  C:\Windows\System\RvhgOqF.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\YfkChKi.exe
  C:\Windows\System\YfkChKi.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\XAwQBsz.exe
  C:\Windows\System\XAwQBsz.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\LoxsaVO.exe
  C:\Windows\System\LoxsaVO.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\YTiWDJM.exe
  C:\Windows\System\YTiWDJM.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\jwpwane.exe
  C:\Windows\System\jwpwane.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\CwSJxjr.exe
  C:\Windows\System\CwSJxjr.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\yIbeIif.exe
  C:\Windows\System\yIbeIif.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\OagCLIX.exe
  C:\Windows\System\OagCLIX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\tqIJiyU.exe
  C:\Windows\System\tqIJiyU.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\nhjeXLI.exe
  C:\Windows\System\nhjeXLI.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\EHNMIxr.exe
  C:\Windows\System\EHNMIxr.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\LGNWlmj.exe
  C:\Windows\System\LGNWlmj.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\PkClwax.exe
  C:\Windows\System\PkClwax.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\BWjSDGc.exe
  C:\Windows\System\BWjSDGc.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\lQOkUOj.exe
  C:\Windows\System\lQOkUOj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\GzBJhUg.exe
  C:\Windows\System\GzBJhUg.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\XMYbLlT.exe
  C:\Windows\System\XMYbLlT.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\lpsLMRr.exe
  C:\Windows\System\lpsLMRr.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\ErCYGLG.exe
  C:\Windows\System\ErCYGLG.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\XbMlZPF.exe
  C:\Windows\System\XbMlZPF.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\NfoeRas.exe
  C:\Windows\System\NfoeRas.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\tVvLNGx.exe
  C:\Windows\System\tVvLNGx.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\khxeHsx.exe
  C:\Windows\System\khxeHsx.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\yBkSNCO.exe
  C:\Windows\System\yBkSNCO.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\zLBRyRa.exe
  C:\Windows\System\zLBRyRa.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\bLTjPtl.exe
  C:\Windows\System\bLTjPtl.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\HfjYnfG.exe
  C:\Windows\System\HfjYnfG.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\XxeJYJB.exe
  C:\Windows\System\XxeJYJB.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\susyHvU.exe
  C:\Windows\System\susyHvU.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kAtuiGZ.exe
  C:\Windows\System\kAtuiGZ.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\LwOdJjH.exe
  C:\Windows\System\LwOdJjH.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hvIWHfY.exe
  C:\Windows\System\hvIWHfY.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\bAyPxdn.exe
  C:\Windows\System\bAyPxdn.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\SdjJTgw.exe
  C:\Windows\System\SdjJTgw.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\nKJSwdp.exe
  C:\Windows\System\nKJSwdp.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\dZWLkpP.exe
  C:\Windows\System\dZWLkpP.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\KZjnMEc.exe
  C:\Windows\System\KZjnMEc.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\RHgOGEr.exe
  C:\Windows\System\RHgOGEr.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JdMjXWJ.exe
  C:\Windows\System\JdMjXWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\fLkwJYQ.exe
  C:\Windows\System\fLkwJYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\AfJJjCq.exe
  C:\Windows\System\AfJJjCq.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\snjTKmv.exe
  C:\Windows\System\snjTKmv.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\CMthACi.exe
  C:\Windows\System\CMthACi.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\UBWavpx.exe
  C:\Windows\System\UBWavpx.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\jZXSWlD.exe
  C:\Windows\System\jZXSWlD.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\jovvhSc.exe
  C:\Windows\System\jovvhSc.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\EsQeMXF.exe
  C:\Windows\System\EsQeMXF.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\bFpanBU.exe
  C:\Windows\System\bFpanBU.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\RkqFYAM.exe
  C:\Windows\System\RkqFYAM.exe
  2⤵
  PID:440
- C:\Windows\System\CWDweGJ.exe
  C:\Windows\System\CWDweGJ.exe
  2⤵
  PID:1408
- C:\Windows\System\lExaTvU.exe
  C:\Windows\System\lExaTvU.exe
  2⤵
  PID:2748
- C:\Windows\System\GqGrRrG.exe
  C:\Windows\System\GqGrRrG.exe
  2⤵
  PID:4748
- C:\Windows\System\LwTxsck.exe
  C:\Windows\System\LwTxsck.exe
  2⤵
  PID:1520
- C:\Windows\System\LQpNLIQ.exe
  C:\Windows\System\LQpNLIQ.exe
  2⤵
  PID:5128
- C:\Windows\System\gfBuxbL.exe
  C:\Windows\System\gfBuxbL.exe
  2⤵
  PID:5156
- C:\Windows\System\iEnCYqi.exe
  C:\Windows\System\iEnCYqi.exe
  2⤵
  PID:5184
- C:\Windows\System\ShDIgHo.exe
  C:\Windows\System\ShDIgHo.exe
  2⤵
  PID:5212
- C:\Windows\System\RLYjCUc.exe
  C:\Windows\System\RLYjCUc.exe
  2⤵
  PID:5240
- C:\Windows\System\dxKzdCI.exe
  C:\Windows\System\dxKzdCI.exe
  2⤵
  PID:5268
- C:\Windows\System\xbyqKIu.exe
  C:\Windows\System\xbyqKIu.exe
  2⤵
  PID:5300
- C:\Windows\System\KvhfRkP.exe
  C:\Windows\System\KvhfRkP.exe
  2⤵
  PID:5328
- C:\Windows\System\cgvcnKE.exe
  C:\Windows\System\cgvcnKE.exe
  2⤵
  PID:5352
- C:\Windows\System\bhTlsWM.exe
  C:\Windows\System\bhTlsWM.exe
  2⤵
  PID:5380
- C:\Windows\System\iDrZUvU.exe
  C:\Windows\System\iDrZUvU.exe
  2⤵
  PID:5408
- C:\Windows\System\JotTkBM.exe
  C:\Windows\System\JotTkBM.exe
  2⤵
  PID:5436
- C:\Windows\System\qmuoyDv.exe
  C:\Windows\System\qmuoyDv.exe
  2⤵
  PID:5464
- C:\Windows\System\cNGmThZ.exe
  C:\Windows\System\cNGmThZ.exe
  2⤵
  PID:5492
- C:\Windows\System\cQyfQPu.exe
  C:\Windows\System\cQyfQPu.exe
  2⤵
  PID:5520
- C:\Windows\System\UyhiZcX.exe
  C:\Windows\System\UyhiZcX.exe
  2⤵
  PID:5572
- C:\Windows\System\XyyxWvf.exe
  C:\Windows\System\XyyxWvf.exe
  2⤵
  PID:5588
- C:\Windows\System\PrcpiXz.exe
  C:\Windows\System\PrcpiXz.exe
  2⤵
  PID:5604
- C:\Windows\System\VDwKUHU.exe
  C:\Windows\System\VDwKUHU.exe
  2⤵
  PID:5628
- C:\Windows\System\vEcsssa.exe
  C:\Windows\System\vEcsssa.exe
  2⤵
  PID:5648
- C:\Windows\System\ljhfWOA.exe
  C:\Windows\System\ljhfWOA.exe
  2⤵
  PID:5672
- C:\Windows\System\XtdYTSd.exe
  C:\Windows\System\XtdYTSd.exe
  2⤵
  PID:5700
- C:\Windows\System\DGLDUAA.exe
  C:\Windows\System\DGLDUAA.exe
  2⤵
  PID:5728
- C:\Windows\System\jjivFVb.exe
  C:\Windows\System\jjivFVb.exe
  2⤵
  PID:5756
- C:\Windows\System\SNlPmBe.exe
  C:\Windows\System\SNlPmBe.exe
  2⤵
  PID:5784
- C:\Windows\System\YliVBeq.exe
  C:\Windows\System\YliVBeq.exe
  2⤵
  PID:5816
- C:\Windows\System\FGKBWCr.exe
  C:\Windows\System\FGKBWCr.exe
  2⤵
  PID:5840
- C:\Windows\System\dAWAnyT.exe
  C:\Windows\System\dAWAnyT.exe
  2⤵
  PID:5868
- C:\Windows\System\oSYxOMt.exe
  C:\Windows\System\oSYxOMt.exe
  2⤵
  PID:5896
- C:\Windows\System\MRHOKZC.exe
  C:\Windows\System\MRHOKZC.exe
  2⤵
  PID:5924
- C:\Windows\System\ZmTtINb.exe
  C:\Windows\System\ZmTtINb.exe
  2⤵
  PID:5956
- C:\Windows\System\tGcasaW.exe
  C:\Windows\System\tGcasaW.exe
  2⤵
  PID:5984
- C:\Windows\System\lfwjDZz.exe
  C:\Windows\System\lfwjDZz.exe
  2⤵
  PID:6012
- C:\Windows\System\rdQxXYs.exe
  C:\Windows\System\rdQxXYs.exe
  2⤵
  PID:6040
- C:\Windows\System\RzWEMlu.exe
  C:\Windows\System\RzWEMlu.exe
  2⤵
  PID:6068
- C:\Windows\System\bdkdmFG.exe
  C:\Windows\System\bdkdmFG.exe
  2⤵
  PID:6096
- C:\Windows\System\WzEXoSA.exe
  C:\Windows\System\WzEXoSA.exe
  2⤵
  PID:6124
- C:\Windows\System\YZaskKE.exe
  C:\Windows\System\YZaskKE.exe
  2⤵
  PID:5048
- C:\Windows\System\gRPvAKA.exe
  C:\Windows\System\gRPvAKA.exe
  2⤵
  PID:4648
- C:\Windows\System\psJvtyI.exe
  C:\Windows\System\psJvtyI.exe
  2⤵
  PID:3452
- C:\Windows\System\qDhTjPD.exe
  C:\Windows\System\qDhTjPD.exe
  2⤵
  PID:4856
- C:\Windows\System\ClYdLpl.exe
  C:\Windows\System\ClYdLpl.exe
  2⤵
  PID:5148
- C:\Windows\System\XPmkkdY.exe
  C:\Windows\System\XPmkkdY.exe
  2⤵
  PID:5224
- C:\Windows\System\nGMmzaS.exe
  C:\Windows\System\nGMmzaS.exe
  2⤵
  PID:5284
- C:\Windows\System\thzgFmf.exe
  C:\Windows\System\thzgFmf.exe
  2⤵
  PID:5344
- C:\Windows\System\sKnqOgP.exe
  C:\Windows\System\sKnqOgP.exe
  2⤵
  PID:5392
- C:\Windows\System\DKyuAxC.exe
  C:\Windows\System\DKyuAxC.exe
  2⤵
  PID:5428
- C:\Windows\System\APOetOO.exe
  C:\Windows\System\APOetOO.exe
  2⤵
  PID:5504
- C:\Windows\System\wyIQCfM.exe
  C:\Windows\System\wyIQCfM.exe
  2⤵
  PID:5580
- C:\Windows\System\HjbhzbB.exe
  C:\Windows\System\HjbhzbB.exe
  2⤵
  PID:5620
- C:\Windows\System\sOaeWiA.exe
  C:\Windows\System\sOaeWiA.exe
  2⤵
  PID:5668
- C:\Windows\System\HQhnGUT.exe
  C:\Windows\System\HQhnGUT.exe
  2⤵
  PID:5720
- C:\Windows\System\roxBrLf.exe
  C:\Windows\System\roxBrLf.exe
  2⤵
  PID:5780
- C:\Windows\System\Xetihdt.exe
  C:\Windows\System\Xetihdt.exe
  2⤵
  PID:5860
- C:\Windows\System\lwnGcuO.exe
  C:\Windows\System\lwnGcuO.exe
  2⤵
  PID:5920
- C:\Windows\System\LXVyfbs.exe
  C:\Windows\System\LXVyfbs.exe
  2⤵
  PID:4232
- C:\Windows\System\IZIDFtz.exe
  C:\Windows\System\IZIDFtz.exe
  2⤵
  PID:1616
- C:\Windows\System\hGJApdW.exe
  C:\Windows\System\hGJApdW.exe
  2⤵
  PID:6064
- C:\Windows\System\YQePKYQ.exe
  C:\Windows\System\YQePKYQ.exe
  2⤵
  PID:6136
- C:\Windows\System\FtpXjHB.exe
  C:\Windows\System\FtpXjHB.exe
  2⤵
  PID:1120
- C:\Windows\System\tZtNJBx.exe
  C:\Windows\System\tZtNJBx.exe
  2⤵
  PID:5140
- C:\Windows\System\AkwWANG.exe
  C:\Windows\System\AkwWANG.exe
  2⤵
  PID:5260
- C:\Windows\System\CKSkYaa.exe
  C:\Windows\System\CKSkYaa.exe
  2⤵
  PID:5420
- C:\Windows\System\ZbTpZRv.exe
  C:\Windows\System\ZbTpZRv.exe
  2⤵
  PID:3312
- C:\Windows\System\iejiEVI.exe
  C:\Windows\System\iejiEVI.exe
  2⤵
  PID:5660
- C:\Windows\System\DObZSny.exe
  C:\Windows\System\DObZSny.exe
  2⤵
  PID:5776
- C:\Windows\System\QkqrEEQ.exe
  C:\Windows\System\QkqrEEQ.exe
  2⤵
  PID:5948
- C:\Windows\System\WLlnJwI.exe
  C:\Windows\System\WLlnJwI.exe
  2⤵
  PID:4368
- C:\Windows\System\mnhQxaw.exe
  C:\Windows\System\mnhQxaw.exe
  2⤵
  PID:6092
- C:\Windows\System\nWZrUqG.exe
  C:\Windows\System\nWZrUqG.exe
  2⤵
  PID:4040
- C:\Windows\System\nSRXQZd.exe
  C:\Windows\System\nSRXQZd.exe
  2⤵
  PID:3384
- C:\Windows\System\KrQCbKB.exe
  C:\Windows\System\KrQCbKB.exe
  2⤵
  PID:4820
- C:\Windows\System\Gyfppcq.exe
  C:\Windows\System\Gyfppcq.exe
  2⤵
  PID:1328
- C:\Windows\System\IThjemX.exe
  C:\Windows\System\IThjemX.exe
  2⤵
  PID:2724
- C:\Windows\System\qHRDjGB.exe
  C:\Windows\System\qHRDjGB.exe
  2⤵
  PID:4228
- C:\Windows\System\jGUkKwm.exe
  C:\Windows\System\jGUkKwm.exe
  2⤵
  PID:2552
- C:\Windows\System\nNkVINM.exe
  C:\Windows\System\nNkVINM.exe
  2⤵
  PID:2012
- C:\Windows\System\rrGlhHC.exe
  C:\Windows\System\rrGlhHC.exe
  2⤵
  PID:6172
- C:\Windows\System\wrrYDgn.exe
  C:\Windows\System\wrrYDgn.exe
  2⤵
  PID:6200
- C:\Windows\System\DMQKAmW.exe
  C:\Windows\System\DMQKAmW.exe
  2⤵
  PID:6228
- C:\Windows\System\IKzVNUP.exe
  C:\Windows\System\IKzVNUP.exe
  2⤵
  PID:6300
- C:\Windows\System\ywOrDwq.exe
  C:\Windows\System\ywOrDwq.exe
  2⤵
  PID:6320
- C:\Windows\System\CMjrbXP.exe
  C:\Windows\System\CMjrbXP.exe
  2⤵
  PID:6336
- C:\Windows\System\mUWGJqn.exe
  C:\Windows\System\mUWGJqn.exe
  2⤵
  PID:6356
- C:\Windows\System\ekfhRsp.exe
  C:\Windows\System\ekfhRsp.exe
  2⤵
  PID:6388
- C:\Windows\System\mPtBmqZ.exe
  C:\Windows\System\mPtBmqZ.exe
  2⤵
  PID:6412
- C:\Windows\System\QsXTCts.exe
  C:\Windows\System\QsXTCts.exe
  2⤵
  PID:6432
- C:\Windows\System\KHRjuma.exe
  C:\Windows\System\KHRjuma.exe
  2⤵
  PID:6496
- C:\Windows\System\zVpLUzt.exe
  C:\Windows\System\zVpLUzt.exe
  2⤵
  PID:6524
- C:\Windows\System\fQfAemV.exe
  C:\Windows\System\fQfAemV.exe
  2⤵
  PID:6564
- C:\Windows\System\DZjXzbv.exe
  C:\Windows\System\DZjXzbv.exe
  2⤵
  PID:6600
- C:\Windows\System\XCSYRzK.exe
  C:\Windows\System\XCSYRzK.exe
  2⤵
  PID:6648
- C:\Windows\System\rmwlNeN.exe
  C:\Windows\System\rmwlNeN.exe
  2⤵
  PID:6712
- C:\Windows\System\qXUtEGi.exe
  C:\Windows\System\qXUtEGi.exe
  2⤵
  PID:6736
- C:\Windows\System\garHOqQ.exe
  C:\Windows\System\garHOqQ.exe
  2⤵
  PID:6760
- C:\Windows\System\suszvQn.exe
  C:\Windows\System\suszvQn.exe
  2⤵
  PID:6780
- C:\Windows\System\rOryDLg.exe
  C:\Windows\System\rOryDLg.exe
  2⤵
  PID:6804
- C:\Windows\System\nzcUSYy.exe
  C:\Windows\System\nzcUSYy.exe
  2⤵
  PID:6828
- C:\Windows\System\zOQrryv.exe
  C:\Windows\System\zOQrryv.exe
  2⤵
  PID:6848
- C:\Windows\System\DWRwcmu.exe
  C:\Windows\System\DWRwcmu.exe
  2⤵
  PID:6872
- C:\Windows\System\hXpVthk.exe
  C:\Windows\System\hXpVthk.exe
  2⤵
  PID:6896
- C:\Windows\System\LeZEhLL.exe
  C:\Windows\System\LeZEhLL.exe
  2⤵
  PID:6916
- C:\Windows\System\ujdkASM.exe
  C:\Windows\System\ujdkASM.exe
  2⤵
  PID:6944
- C:\Windows\System\EmSwHUi.exe
  C:\Windows\System\EmSwHUi.exe
  2⤵
  PID:6964
- C:\Windows\System\AYcAWpI.exe
  C:\Windows\System\AYcAWpI.exe
  2⤵
  PID:7000
- C:\Windows\System\RnHgwvm.exe
  C:\Windows\System\RnHgwvm.exe
  2⤵
  PID:7016
- C:\Windows\System\cXwrBxm.exe
  C:\Windows\System\cXwrBxm.exe
  2⤵
  PID:7036
- C:\Windows\System\viMEsHS.exe
  C:\Windows\System\viMEsHS.exe
  2⤵
  PID:7052
- C:\Windows\System\aybYXXS.exe
  C:\Windows\System\aybYXXS.exe
  2⤵
  PID:7100
- C:\Windows\System\KWOUNBi.exe
  C:\Windows\System\KWOUNBi.exe
  2⤵
  PID:7128
- C:\Windows\System\FisJukh.exe
  C:\Windows\System\FisJukh.exe
  2⤵
  PID:7156
- C:\Windows\System\ZqJaSZe.exe
  C:\Windows\System\ZqJaSZe.exe
  2⤵
  PID:4980
- C:\Windows\System\zHvFZiS.exe
  C:\Windows\System\zHvFZiS.exe
  2⤵
  PID:3264
- C:\Windows\System\WzwGutE.exe
  C:\Windows\System\WzwGutE.exe
  2⤵
  PID:3360
- C:\Windows\System\kJziRSN.exe
  C:\Windows\System\kJziRSN.exe
  2⤵
  PID:5480
- C:\Windows\System\WYGphys.exe
  C:\Windows\System\WYGphys.exe
  2⤵
  PID:6164
- C:\Windows\System\FRacohd.exe
  C:\Windows\System\FRacohd.exe
  2⤵
  PID:5032
- C:\Windows\System\jFswmVO.exe
  C:\Windows\System\jFswmVO.exe
  2⤵
  PID:2996
- C:\Windows\System\NFiVvwG.exe
  C:\Windows\System\NFiVvwG.exe
  2⤵
  PID:6192
- C:\Windows\System\BZeoQIW.exe
  C:\Windows\System\BZeoQIW.exe
  2⤵
  PID:4488
- C:\Windows\System\VpLjcjl.exe
  C:\Windows\System\VpLjcjl.exe
  2⤵
  PID:1720
- C:\Windows\System\qygNIGL.exe
  C:\Windows\System\qygNIGL.exe
  2⤵
  PID:372
- C:\Windows\System\WHGhxaB.exe
  C:\Windows\System\WHGhxaB.exe
  2⤵
  PID:368
- C:\Windows\System\eomJZaO.exe
  C:\Windows\System\eomJZaO.exe
  2⤵
  PID:6328
- C:\Windows\System\ejrjcuw.exe
  C:\Windows\System\ejrjcuw.exe
  2⤵
  PID:6352
- C:\Windows\System\ykucKpq.exe
  C:\Windows\System\ykucKpq.exe
  2⤵
  PID:6376
- C:\Windows\System\Cjfwepx.exe
  C:\Windows\System\Cjfwepx.exe
  2⤵
  PID:6464
- C:\Windows\System\pTnfiIA.exe
  C:\Windows\System\pTnfiIA.exe
  2⤵
  PID:2508
- C:\Windows\System\NbmTsJT.exe
  C:\Windows\System\NbmTsJT.exe
  2⤵
  PID:6644
- C:\Windows\System\PTXjWvM.exe
  C:\Windows\System\PTXjWvM.exe
  2⤵
  PID:6396
- C:\Windows\System\lFmxXwI.exe
  C:\Windows\System\lFmxXwI.exe
  2⤵
  PID:6580
- C:\Windows\System\uKgyNRg.exe
  C:\Windows\System\uKgyNRg.exe
  2⤵
  PID:6812
- C:\Windows\System\KXpKZSZ.exe
  C:\Windows\System\KXpKZSZ.exe
  2⤵
  PID:6960
- C:\Windows\System\MXjYvIi.exe
  C:\Windows\System\MXjYvIi.exe
  2⤵
  PID:7028
- C:\Windows\System\doOsNyc.exe
  C:\Windows\System\doOsNyc.exe
  2⤵
  PID:7092
- C:\Windows\System\lXDKmjy.exe
  C:\Windows\System\lXDKmjy.exe
  2⤵
  PID:7064
- C:\Windows\System\QXAVypn.exe
  C:\Windows\System\QXAVypn.exe
  2⤵
  PID:7136
- C:\Windows\System\KGBECWi.exe
  C:\Windows\System\KGBECWi.exe
  2⤵
  PID:4952
- C:\Windows\System\lzCjumk.exe
  C:\Windows\System\lzCjumk.exe
  2⤵
  PID:2084
- C:\Windows\System\uzwbejj.exe
  C:\Windows\System\uzwbejj.exe
  2⤵
  PID:6428
- C:\Windows\System\gHKzXkH.exe
  C:\Windows\System\gHKzXkH.exe
  2⤵
  PID:6272
- C:\Windows\System\VtSwAzw.exe
  C:\Windows\System\VtSwAzw.exe
  2⤵
  PID:6576
- C:\Windows\System\xgdEBRc.exe
  C:\Windows\System\xgdEBRc.exe
  2⤵
  PID:6744
- C:\Windows\System\pHKXYve.exe
  C:\Windows\System\pHKXYve.exe
  2⤵
  PID:6884
- C:\Windows\System\SkaTIBu.exe
  C:\Windows\System\SkaTIBu.exe
  2⤵
  PID:7024
- C:\Windows\System\JIOILlF.exe
  C:\Windows\System\JIOILlF.exe
  2⤵
  PID:7164
- C:\Windows\System\pdmlpWz.exe
  C:\Windows\System\pdmlpWz.exe
  2⤵
  PID:7012
- C:\Windows\System\iXaDVoc.exe
  C:\Windows\System\iXaDVoc.exe
  2⤵
  PID:3772
- C:\Windows\System\xhIYpDD.exe
  C:\Windows\System\xhIYpDD.exe
  2⤵
  PID:6348
- C:\Windows\System\qWofRbn.exe
  C:\Windows\System\qWofRbn.exe
  2⤵
  PID:6956
- C:\Windows\System\VkEabrs.exe
  C:\Windows\System\VkEabrs.exe
  2⤵
  PID:6924
- C:\Windows\System\szLDXZL.exe
  C:\Windows\System\szLDXZL.exe
  2⤵
  PID:4632
- C:\Windows\System\AwemkFD.exe
  C:\Windows\System\AwemkFD.exe
  2⤵
  PID:5644
- C:\Windows\System\LBnzICg.exe
  C:\Windows\System\LBnzICg.exe
  2⤵
  PID:7184
- C:\Windows\System\DcnRcVZ.exe
  C:\Windows\System\DcnRcVZ.exe
  2⤵
  PID:7216
- C:\Windows\System\unwzaIh.exe
  C:\Windows\System\unwzaIh.exe
  2⤵
  PID:7252
- C:\Windows\System\QDYBdmK.exe
  C:\Windows\System\QDYBdmK.exe
  2⤵
  PID:7272
- C:\Windows\System\DhwVWxJ.exe
  C:\Windows\System\DhwVWxJ.exe
  2⤵
  PID:7288
- C:\Windows\System\vBJZjIp.exe
  C:\Windows\System\vBJZjIp.exe
  2⤵
  PID:7316
- C:\Windows\System\SyDRjJA.exe
  C:\Windows\System\SyDRjJA.exe
  2⤵
  PID:7364
- C:\Windows\System\hwkYimd.exe
  C:\Windows\System\hwkYimd.exe
  2⤵
  PID:7404
- C:\Windows\System\nHCijAQ.exe
  C:\Windows\System\nHCijAQ.exe
  2⤵
  PID:7424
- C:\Windows\System\nptwnSO.exe
  C:\Windows\System\nptwnSO.exe
  2⤵
  PID:7444
- C:\Windows\System\rpnppPO.exe
  C:\Windows\System\rpnppPO.exe
  2⤵
  PID:7464
- C:\Windows\System\ugNLLCK.exe
  C:\Windows\System\ugNLLCK.exe
  2⤵
  PID:7520
- C:\Windows\System\yLjOaCc.exe
  C:\Windows\System\yLjOaCc.exe
  2⤵
  PID:7540
- C:\Windows\System\gQVHeXz.exe
  C:\Windows\System\gQVHeXz.exe
  2⤵
  PID:7564
- C:\Windows\System\TjDKWUN.exe
  C:\Windows\System\TjDKWUN.exe
  2⤵
  PID:7580
- C:\Windows\System\eTjIgqp.exe
  C:\Windows\System\eTjIgqp.exe
  2⤵
  PID:7600
- C:\Windows\System\RcouHFC.exe
  C:\Windows\System\RcouHFC.exe
  2⤵
  PID:7620
- C:\Windows\System\UbtXPXd.exe
  C:\Windows\System\UbtXPXd.exe
  2⤵
  PID:7680
- C:\Windows\System\sHJNEJA.exe
  C:\Windows\System\sHJNEJA.exe
  2⤵
  PID:7704
- C:\Windows\System\RaWFWtw.exe
  C:\Windows\System\RaWFWtw.exe
  2⤵
  PID:7732
- C:\Windows\System\MSUqcQX.exe
  C:\Windows\System\MSUqcQX.exe
  2⤵
  PID:7768
- C:\Windows\System\swLOQsc.exe
  C:\Windows\System\swLOQsc.exe
  2⤵
  PID:7788
- C:\Windows\System\MsboVfz.exe
  C:\Windows\System\MsboVfz.exe
  2⤵
  PID:7828
- C:\Windows\System\LPiFmZr.exe
  C:\Windows\System\LPiFmZr.exe
  2⤵
  PID:7852
- C:\Windows\System\BibfjWH.exe
  C:\Windows\System\BibfjWH.exe
  2⤵
  PID:7872
- C:\Windows\System\jXYnooR.exe
  C:\Windows\System\jXYnooR.exe
  2⤵
  PID:7900
- C:\Windows\System\NdMRFMZ.exe
  C:\Windows\System\NdMRFMZ.exe
  2⤵
  PID:7920
- C:\Windows\System\qbkTDOg.exe
  C:\Windows\System\qbkTDOg.exe
  2⤵
  PID:7944
- C:\Windows\System\RfzjQEY.exe
  C:\Windows\System\RfzjQEY.exe
  2⤵
  PID:7984
- C:\Windows\System\fUCcRuq.exe
  C:\Windows\System\fUCcRuq.exe
  2⤵
  PID:8000
- C:\Windows\System\uvWbzSB.exe
  C:\Windows\System\uvWbzSB.exe
  2⤵
  PID:8020
- C:\Windows\System\zmDRCma.exe
  C:\Windows\System\zmDRCma.exe
  2⤵
  PID:8072
- C:\Windows\System\FQYdioY.exe
  C:\Windows\System\FQYdioY.exe
  2⤵
  PID:8088
- C:\Windows\System\UOqwllA.exe
  C:\Windows\System\UOqwllA.exe
  2⤵
  PID:8112
- C:\Windows\System\bKBxJVr.exe
  C:\Windows\System\bKBxJVr.exe
  2⤵
  PID:8160
- C:\Windows\System\XCMaEls.exe
  C:\Windows\System\XCMaEls.exe
  2⤵
  PID:8184
- C:\Windows\System\mEIWEiH.exe
  C:\Windows\System\mEIWEiH.exe
  2⤵
  PID:7180
- C:\Windows\System\wrdLJtT.exe
  C:\Windows\System\wrdLJtT.exe
  2⤵
  PID:7244
- C:\Windows\System\IOyVRxv.exe
  C:\Windows\System\IOyVRxv.exe
  2⤵
  PID:7324
- C:\Windows\System\JerrKSi.exe
  C:\Windows\System\JerrKSi.exe
  2⤵
  PID:7372
- C:\Windows\System\vCowlzy.exe
  C:\Windows\System\vCowlzy.exe
  2⤵
  PID:7416
- C:\Windows\System\tKAwIzS.exe
  C:\Windows\System\tKAwIzS.exe
  2⤵
  PID:7536
- C:\Windows\System\DEFXAqP.exe
  C:\Windows\System\DEFXAqP.exe
  2⤵
  PID:7592
- C:\Windows\System\YQFlZQo.exe
  C:\Windows\System\YQFlZQo.exe
  2⤵
  PID:7656
- C:\Windows\System\MJFqzVM.exe
  C:\Windows\System\MJFqzVM.exe
  2⤵
  PID:7692
- C:\Windows\System\zDFnEnz.exe
  C:\Windows\System\zDFnEnz.exe
  2⤵
  PID:7760
- C:\Windows\System\qXCLhqc.exe
  C:\Windows\System\qXCLhqc.exe
  2⤵
  PID:7860
- C:\Windows\System\fpOxhfb.exe
  C:\Windows\System\fpOxhfb.exe
  2⤵
  PID:7912
- C:\Windows\System\EEvAtCE.exe
  C:\Windows\System\EEvAtCE.exe
  2⤵
  PID:7960
- C:\Windows\System\SzjLOaQ.exe
  C:\Windows\System\SzjLOaQ.exe
  2⤵
  PID:8048
- C:\Windows\System\hOGtRHb.exe
  C:\Windows\System\hOGtRHb.exe
  2⤵
  PID:8136
- C:\Windows\System\jiAbqej.exe
  C:\Windows\System\jiAbqej.exe
  2⤵
  PID:3172
- C:\Windows\System\OkqpsRw.exe
  C:\Windows\System\OkqpsRw.exe
  2⤵
  PID:7264
- C:\Windows\System\nfBfabB.exe
  C:\Windows\System\nfBfabB.exe
  2⤵
  PID:7392
- C:\Windows\System\uOcNoeo.exe
  C:\Windows\System\uOcNoeo.exe
  2⤵
  PID:7548
- C:\Windows\System\MwHNtid.exe
  C:\Windows\System\MwHNtid.exe
  2⤵
  PID:7628
- C:\Windows\System\cegwlqM.exe
  C:\Windows\System\cegwlqM.exe
  2⤵
  PID:7728
- C:\Windows\System\zNNAdsO.exe
  C:\Windows\System\zNNAdsO.exe
  2⤵
  PID:7836
- C:\Windows\System\GLsPvmg.exe
  C:\Windows\System\GLsPvmg.exe
  2⤵
  PID:7968
- C:\Windows\System\jTtpOlQ.exe
  C:\Windows\System\jTtpOlQ.exe
  2⤵
  PID:8040
- C:\Windows\System\CMHzyDO.exe
  C:\Windows\System\CMHzyDO.exe
  2⤵
  PID:8108
- C:\Windows\System\jiTYyFg.exe
  C:\Windows\System\jiTYyFg.exe
  2⤵
  PID:7724
- C:\Windows\System\cbOMKaF.exe
  C:\Windows\System\cbOMKaF.exe
  2⤵
  PID:7888
- C:\Windows\System\eRyMzYk.exe
  C:\Windows\System\eRyMzYk.exe
  2⤵
  PID:7460
- C:\Windows\System\HQsQWmG.exe
  C:\Windows\System\HQsQWmG.exe
  2⤵
  PID:8208
- C:\Windows\System\unLdfKh.exe
  C:\Windows\System\unLdfKh.exe
  2⤵
  PID:8248
- C:\Windows\System\FVLRGFQ.exe
  C:\Windows\System\FVLRGFQ.exe
  2⤵
  PID:8272
- C:\Windows\System\LMbzutJ.exe
  C:\Windows\System\LMbzutJ.exe
  2⤵
  PID:8304
- C:\Windows\System\mHLHUNZ.exe
  C:\Windows\System\mHLHUNZ.exe
  2⤵
  PID:8340
- C:\Windows\System\ytgSylx.exe
  C:\Windows\System\ytgSylx.exe
  2⤵
  PID:8360
- C:\Windows\System\CNmwAzQ.exe
  C:\Windows\System\CNmwAzQ.exe
  2⤵
  PID:8384
- C:\Windows\System\rMOCXpK.exe
  C:\Windows\System\rMOCXpK.exe
  2⤵
  PID:8444
- C:\Windows\System\gxqaThd.exe
  C:\Windows\System\gxqaThd.exe
  2⤵
  PID:8464
- C:\Windows\System\eQZFgUr.exe
  C:\Windows\System\eQZFgUr.exe
  2⤵
  PID:8492
- C:\Windows\System\UtnWhgV.exe
  C:\Windows\System\UtnWhgV.exe
  2⤵
  PID:8520
- C:\Windows\System\iYtPOJi.exe
  C:\Windows\System\iYtPOJi.exe
  2⤵
  PID:8540
- C:\Windows\System\fJxkxbr.exe
  C:\Windows\System\fJxkxbr.exe
  2⤵
  PID:8584
- C:\Windows\System\byvmrsh.exe
  C:\Windows\System\byvmrsh.exe
  2⤵
  PID:8624
- C:\Windows\System\XWfWOmi.exe
  C:\Windows\System\XWfWOmi.exe
  2⤵
  PID:8648
- C:\Windows\System\KAVrtMJ.exe
  C:\Windows\System\KAVrtMJ.exe
  2⤵
  PID:8668
- C:\Windows\System\KvGkSjm.exe
  C:\Windows\System\KvGkSjm.exe
  2⤵
  PID:8696
- C:\Windows\System\qPiotDO.exe
  C:\Windows\System\qPiotDO.exe
  2⤵
  PID:8732
- C:\Windows\System\FbMBaeP.exe
  C:\Windows\System\FbMBaeP.exe
  2⤵
  PID:8752
- C:\Windows\System\wfizuif.exe
  C:\Windows\System\wfizuif.exe
  2⤵
  PID:8796
- C:\Windows\System\cKlObSq.exe
  C:\Windows\System\cKlObSq.exe
  2⤵
  PID:8816
- C:\Windows\System\oQYKwoG.exe
  C:\Windows\System\oQYKwoG.exe
  2⤵
  PID:8844
- C:\Windows\System\WPFijrK.exe
  C:\Windows\System\WPFijrK.exe
  2⤵
  PID:8864
- C:\Windows\System\ckAcCAj.exe
  C:\Windows\System\ckAcCAj.exe
  2⤵
  PID:8892
- C:\Windows\System\lTbSLTp.exe
  C:\Windows\System\lTbSLTp.exe
  2⤵
  PID:8920
- C:\Windows\System\tKpFoYK.exe
  C:\Windows\System\tKpFoYK.exe
  2⤵
  PID:8948
- C:\Windows\System\SklJVOV.exe
  C:\Windows\System\SklJVOV.exe
  2⤵
  PID:8988
- C:\Windows\System\xQFompm.exe
  C:\Windows\System\xQFompm.exe
  2⤵
  PID:9012
- C:\Windows\System\BWKruZs.exe
  C:\Windows\System\BWKruZs.exe
  2⤵
  PID:9036
- C:\Windows\System\VNgSyMa.exe
  C:\Windows\System\VNgSyMa.exe
  2⤵
  PID:9060
- C:\Windows\System\ZRenhui.exe
  C:\Windows\System\ZRenhui.exe
  2⤵
  PID:9088
- C:\Windows\System\iCxfGhk.exe
  C:\Windows\System\iCxfGhk.exe
  2⤵
  PID:9124
- C:\Windows\System\bZygrTs.exe
  C:\Windows\System\bZygrTs.exe
  2⤵
  PID:9148
- C:\Windows\System\YyiAuHo.exe
  C:\Windows\System\YyiAuHo.exe
  2⤵
  PID:9168
- C:\Windows\System\gpNZIhn.exe
  C:\Windows\System\gpNZIhn.exe
  2⤵
  PID:9188
- C:\Windows\System\qtlPBaN.exe
  C:\Windows\System\qtlPBaN.exe
  2⤵
  PID:9208
- C:\Windows\System\RJWWTSW.exe
  C:\Windows\System\RJWWTSW.exe
  2⤵
  PID:7332
- C:\Windows\System\uEuFcFO.exe
  C:\Windows\System\uEuFcFO.exe
  2⤵
  PID:8244
- C:\Windows\System\pqhNwhH.exe
  C:\Windows\System\pqhNwhH.exe
  2⤵
  PID:8336
- C:\Windows\System\uraVLnN.exe
  C:\Windows\System\uraVLnN.exe
  2⤵
  PID:8404
- C:\Windows\System\QsCZKEX.exe
  C:\Windows\System\QsCZKEX.exe
  2⤵
  PID:8484
- C:\Windows\System\fXLMYcx.exe
  C:\Windows\System\fXLMYcx.exe
  2⤵
  PID:8576
- C:\Windows\System\sUcXVfv.exe
  C:\Windows\System\sUcXVfv.exe
  2⤵
  PID:8640
- C:\Windows\System\JYZZCEd.exe
  C:\Windows\System\JYZZCEd.exe
  2⤵
  PID:8684
- C:\Windows\System\ajzBIXo.exe
  C:\Windows\System\ajzBIXo.exe
  2⤵
  PID:8788
- C:\Windows\System\rphJXYy.exe
  C:\Windows\System\rphJXYy.exe
  2⤵
  PID:8832
- C:\Windows\System\ercBxHb.exe
  C:\Windows\System\ercBxHb.exe
  2⤵
  PID:8884
- C:\Windows\System\TBfTbpn.exe
  C:\Windows\System\TBfTbpn.exe
  2⤵
  PID:9008
- C:\Windows\System\TwyHiaG.exe
  C:\Windows\System\TwyHiaG.exe
  2⤵
  PID:9084
- C:\Windows\System\OTUtbDS.exe
  C:\Windows\System\OTUtbDS.exe
  2⤵
  PID:9120
- C:\Windows\System\pHyXrCI.exe
  C:\Windows\System\pHyXrCI.exe
  2⤵
  PID:9144
- C:\Windows\System\ERZLGid.exe
  C:\Windows\System\ERZLGid.exe
  2⤵
  PID:9204
- C:\Windows\System\GWmUUul.exe
  C:\Windows\System\GWmUUul.exe
  2⤵
  PID:8376
- C:\Windows\System\VYXhdBh.exe
  C:\Windows\System\VYXhdBh.exe
  2⤵
  PID:8676
- C:\Windows\System\JNSoOrs.exe
  C:\Windows\System\JNSoOrs.exe
  2⤵
  PID:8760
- C:\Windows\System\rnZRwrz.exe
  C:\Windows\System\rnZRwrz.exe
  2⤵
  PID:8828
- C:\Windows\System\AJTLGwK.exe
  C:\Windows\System\AJTLGwK.exe
  2⤵
  PID:8984
- C:\Windows\System\QfbJxzt.exe
  C:\Windows\System\QfbJxzt.exe
  2⤵
  PID:9156
- C:\Windows\System\CNvmkIA.exe
  C:\Windows\System\CNvmkIA.exe
  2⤵
  PID:8200
- C:\Windows\System\EcmqLNC.exe
  C:\Windows\System\EcmqLNC.exe
  2⤵
  PID:8812
- C:\Windows\System\IDODKlL.exe
  C:\Windows\System\IDODKlL.exe
  2⤵
  PID:9200
- C:\Windows\System\RGwhQjT.exe
  C:\Windows\System\RGwhQjT.exe
  2⤵
  PID:8860
- C:\Windows\System\LDEXtaF.exe
  C:\Windows\System\LDEXtaF.exe
  2⤵
  PID:9220
- C:\Windows\System\xUGGZDJ.exe
  C:\Windows\System\xUGGZDJ.exe
  2⤵
  PID:9260
- C:\Windows\System\sJuFSeo.exe
  C:\Windows\System\sJuFSeo.exe
  2⤵
  PID:9280
- C:\Windows\System\DWPmOke.exe
  C:\Windows\System\DWPmOke.exe
  2⤵
  PID:9348
- C:\Windows\System\pWkqATu.exe
  C:\Windows\System\pWkqATu.exe
  2⤵
  PID:9404
- C:\Windows\System\CFaezNF.exe
  C:\Windows\System\CFaezNF.exe
  2⤵
  PID:9420
- C:\Windows\System\oKXpjkn.exe
  C:\Windows\System\oKXpjkn.exe
  2⤵
  PID:9436
- C:\Windows\System\aEiJoLB.exe
  C:\Windows\System\aEiJoLB.exe
  2⤵
  PID:9452
- C:\Windows\System\JNlNxTB.exe
  C:\Windows\System\JNlNxTB.exe
  2⤵
  PID:9468
- C:\Windows\System\eWtGTsm.exe
  C:\Windows\System\eWtGTsm.exe
  2⤵
  PID:9488
- C:\Windows\System\ZeEiOxW.exe
  C:\Windows\System\ZeEiOxW.exe
  2⤵
  PID:9544
- C:\Windows\System\wPRclPl.exe
  C:\Windows\System\wPRclPl.exe
  2⤵
  PID:9564
- C:\Windows\System\uUgSUpc.exe
  C:\Windows\System\uUgSUpc.exe
  2⤵
  PID:9620
- C:\Windows\System\cRNwSGQ.exe
  C:\Windows\System\cRNwSGQ.exe
  2⤵
  PID:9644
- C:\Windows\System\KSvEcrf.exe
  C:\Windows\System\KSvEcrf.exe
  2⤵
  PID:9688
- C:\Windows\System\mjiYzlY.exe
  C:\Windows\System\mjiYzlY.exe
  2⤵
  PID:9740
- C:\Windows\System\DEXvuus.exe
  C:\Windows\System\DEXvuus.exe
  2⤵
  PID:9784
- C:\Windows\System\qsUtceB.exe
  C:\Windows\System\qsUtceB.exe
  2⤵
  PID:9804
- C:\Windows\System\rDSwCtC.exe
  C:\Windows\System\rDSwCtC.exe
  2⤵
  PID:9860
- C:\Windows\System\MwKecRF.exe
  C:\Windows\System\MwKecRF.exe
  2⤵
  PID:9880
- C:\Windows\System\ItcsfXx.exe
  C:\Windows\System\ItcsfXx.exe
  2⤵
  PID:9896
- C:\Windows\System\AAQeadg.exe
  C:\Windows\System\AAQeadg.exe
  2⤵
  PID:9916
- C:\Windows\System\LjrXQVy.exe
  C:\Windows\System\LjrXQVy.exe
  2⤵
  PID:9972
- C:\Windows\System\EvbumnY.exe
  C:\Windows\System\EvbumnY.exe
  2⤵
  PID:9988
- C:\Windows\System\XyrOPVa.exe
  C:\Windows\System\XyrOPVa.exe
  2⤵
  PID:10008
- C:\Windows\System\JofiFDo.exe
  C:\Windows\System\JofiFDo.exe
  2⤵
  PID:10056
- C:\Windows\System\CKBhVhb.exe
  C:\Windows\System\CKBhVhb.exe
  2⤵
  PID:10080
- C:\Windows\System\VatkIjs.exe
  C:\Windows\System\VatkIjs.exe
  2⤵
  PID:10100
- C:\Windows\System\rOWEbMR.exe
  C:\Windows\System\rOWEbMR.exe
  2⤵
  PID:10124
- C:\Windows\System\bmdiJKk.exe
  C:\Windows\System\bmdiJKk.exe
  2⤵
  PID:10152
- C:\Windows\System\VQpMKkm.exe
  C:\Windows\System\VQpMKkm.exe
  2⤵
  PID:10192
- C:\Windows\System\sUEStad.exe
  C:\Windows\System\sUEStad.exe
  2⤵
  PID:10224
- C:\Windows\System\DvOEFVR.exe
  C:\Windows\System\DvOEFVR.exe
  2⤵
  PID:8532
- C:\Windows\System\pcVQlDl.exe
  C:\Windows\System\pcVQlDl.exe
  2⤵
  PID:9252
- C:\Windows\System\XjhHrlM.exe
  C:\Windows\System\XjhHrlM.exe
  2⤵
  PID:9340
- C:\Windows\System\TVyWDLe.exe
  C:\Windows\System\TVyWDLe.exe
  2⤵
  PID:9336
- C:\Windows\System\fLfQiIb.exe
  C:\Windows\System\fLfQiIb.exe
  2⤵
  PID:9360
- C:\Windows\System\nwywWmw.exe
  C:\Windows\System\nwywWmw.exe
  2⤵
  PID:9528
- C:\Windows\System\WVbnmgD.exe
  C:\Windows\System\WVbnmgD.exe
  2⤵
  PID:9380
- C:\Windows\System\gsAjxRo.exe
  C:\Windows\System\gsAjxRo.exe
  2⤵
  PID:9428
- C:\Windows\System\qqHeAqV.exe
  C:\Windows\System\qqHeAqV.exe
  2⤵
  PID:9500
- C:\Windows\System\cSXLeAT.exe
  C:\Windows\System\cSXLeAT.exe
  2⤵
  PID:9560
- C:\Windows\System\GTjQGYY.exe
  C:\Windows\System\GTjQGYY.exe
  2⤵
  PID:9640
- C:\Windows\System\QoxNeuS.exe
  C:\Windows\System\QoxNeuS.exe
  2⤵
  PID:9660
- C:\Windows\System\SmsDxQZ.exe
  C:\Windows\System\SmsDxQZ.exe
  2⤵
  PID:9732
- C:\Windows\System\hlFGcHT.exe
  C:\Windows\System\hlFGcHT.exe
  2⤵
  PID:9856
- C:\Windows\System\PQpZFbd.exe
  C:\Windows\System\PQpZFbd.exe
  2⤵
  PID:9952
- C:\Windows\System\PFXXrFM.exe
  C:\Windows\System\PFXXrFM.exe
  2⤵
  PID:9984
- C:\Windows\System\tPJINSJ.exe
  C:\Windows\System\tPJINSJ.exe
  2⤵
  PID:10032
- C:\Windows\System\nUZBsXn.exe
  C:\Windows\System\nUZBsXn.exe
  2⤵
  PID:10168
- C:\Windows\System\TOPheyk.exe
  C:\Windows\System\TOPheyk.exe
  2⤵
  PID:9296
- C:\Windows\System\cUYLJOB.exe
  C:\Windows\System\cUYLJOB.exe
  2⤵
  PID:9328
- C:\Windows\System\xSHYXqD.exe
  C:\Windows\System\xSHYXqD.exe
  2⤵
  PID:9484
- C:\Windows\System\AANJmAl.exe
  C:\Windows\System\AANJmAl.exe
  2⤵
  PID:8616
- C:\Windows\System\wkpzsUw.exe
  C:\Windows\System\wkpzsUw.exe
  2⤵
  PID:9724
- C:\Windows\System\rUXirXN.exe
  C:\Windows\System\rUXirXN.exe
  2⤵
  PID:9848
- C:\Windows\System\vAfAPKN.exe
  C:\Windows\System\vAfAPKN.exe
  2⤵
  PID:9928
- C:\Windows\System\TDBFaAt.exe
  C:\Windows\System\TDBFaAt.exe
  2⤵
  PID:10004
- C:\Windows\System\BrXNupE.exe
  C:\Windows\System\BrXNupE.exe
  2⤵
  PID:10208
- C:\Windows\System\kgJmKsb.exe
  C:\Windows\System\kgJmKsb.exe
  2⤵
  PID:9496
- C:\Windows\System\sWUBnmE.exe
  C:\Windows\System\sWUBnmE.exe
  2⤵
  PID:9432
- C:\Windows\System\jayBxTN.exe
  C:\Windows\System\jayBxTN.exe
  2⤵
  PID:9876
- C:\Windows\System\YGcNchR.exe
  C:\Windows\System\YGcNchR.exe
  2⤵
  PID:9536
- C:\Windows\System\YwDJQha.exe
  C:\Windows\System\YwDJQha.exe
  2⤵
  PID:9800
- C:\Windows\System\UwRagrn.exe
  C:\Windows\System\UwRagrn.exe
  2⤵
  PID:10248
- C:\Windows\System\pVZaReC.exe
  C:\Windows\System\pVZaReC.exe
  2⤵
  PID:10272
- C:\Windows\System\StiFNmy.exe
  C:\Windows\System\StiFNmy.exe
  2⤵
  PID:10304
- C:\Windows\System\zmScpVJ.exe
  C:\Windows\System\zmScpVJ.exe
  2⤵
  PID:10324
- C:\Windows\System\qYLDNEo.exe
  C:\Windows\System\qYLDNEo.exe
  2⤵
  PID:10352
- C:\Windows\System\WadiMMz.exe
  C:\Windows\System\WadiMMz.exe
  2⤵
  PID:10392
- C:\Windows\System\FgClzZf.exe
  C:\Windows\System\FgClzZf.exe
  2⤵
  PID:10412
- C:\Windows\System\LVUIYFZ.exe
  C:\Windows\System\LVUIYFZ.exe
  2⤵
  PID:10456
- C:\Windows\System\TtISrGf.exe
  C:\Windows\System\TtISrGf.exe
  2⤵
  PID:10476
- C:\Windows\System\yGHCuPe.exe
  C:\Windows\System\yGHCuPe.exe
  2⤵
  PID:10500
- C:\Windows\System\HUbhrWz.exe
  C:\Windows\System\HUbhrWz.exe
  2⤵
  PID:10544
- C:\Windows\System\oilAfRF.exe
  C:\Windows\System\oilAfRF.exe
  2⤵
  PID:10564
- C:\Windows\System\hWDJxbW.exe
  C:\Windows\System\hWDJxbW.exe
  2⤵
  PID:10592
- C:\Windows\System\BVwFuyz.exe
  C:\Windows\System\BVwFuyz.exe
  2⤵
  PID:10616
- C:\Windows\System\VYUxwMZ.exe
  C:\Windows\System\VYUxwMZ.exe
  2⤵
  PID:10640
- C:\Windows\System\nmqZVXe.exe
  C:\Windows\System\nmqZVXe.exe
  2⤵
  PID:10672
- C:\Windows\System\hCbdnYQ.exe
  C:\Windows\System\hCbdnYQ.exe
  2⤵
  PID:10712
- C:\Windows\System\DRZCGwV.exe
  C:\Windows\System\DRZCGwV.exe
  2⤵
  PID:10740
- C:\Windows\System\xSoAewu.exe
  C:\Windows\System\xSoAewu.exe
  2⤵
  PID:10756
- C:\Windows\System\LUKpQyN.exe
  C:\Windows\System\LUKpQyN.exe
  2⤵
  PID:10784
- C:\Windows\System\OZCKzFH.exe
  C:\Windows\System\OZCKzFH.exe
  2⤵
  PID:10808
- C:\Windows\System\shTyrqX.exe
  C:\Windows\System\shTyrqX.exe
  2⤵
  PID:10832
- C:\Windows\System\sPAEFPw.exe
  C:\Windows\System\sPAEFPw.exe
  2⤵
  PID:10856
- C:\Windows\System\tTjtnDK.exe
  C:\Windows\System\tTjtnDK.exe
  2⤵
  PID:10896
- C:\Windows\System\CFEPLVU.exe
  C:\Windows\System\CFEPLVU.exe
  2⤵
  PID:10920
- C:\Windows\System\nVsPzSn.exe
  C:\Windows\System\nVsPzSn.exe
  2⤵
  PID:10944
- C:\Windows\System\fPhrGqp.exe
  C:\Windows\System\fPhrGqp.exe
  2⤵
  PID:10972
- C:\Windows\System\sdZgdfx.exe
  C:\Windows\System\sdZgdfx.exe
  2⤵
  PID:11000
- C:\Windows\System\ICKagKQ.exe
  C:\Windows\System\ICKagKQ.exe
  2⤵
  PID:11024
- C:\Windows\System\cMVZpxR.exe
  C:\Windows\System\cMVZpxR.exe
  2⤵
  PID:11040
- C:\Windows\System\WTTmdVh.exe
  C:\Windows\System\WTTmdVh.exe
  2⤵
  PID:11080
- C:\Windows\System\bOBOGQf.exe
  C:\Windows\System\bOBOGQf.exe
  2⤵
  PID:11108
- C:\Windows\System\cpCukSa.exe
  C:\Windows\System\cpCukSa.exe
  2⤵
  PID:11144
- C:\Windows\System\tIqgSWl.exe
  C:\Windows\System\tIqgSWl.exe
  2⤵
  PID:11168
- C:\Windows\System\nzeUdXr.exe
  C:\Windows\System\nzeUdXr.exe
  2⤵
  PID:11196
- C:\Windows\System\AkRANpm.exe
  C:\Windows\System\AkRANpm.exe
  2⤵
  PID:11220
- C:\Windows\System\eymyagH.exe
  C:\Windows\System\eymyagH.exe
  2⤵
  PID:11236
- C:\Windows\System\DXeucHF.exe
  C:\Windows\System\DXeucHF.exe
  2⤵
  PID:11256
- C:\Windows\System\mmcJuAR.exe
  C:\Windows\System\mmcJuAR.exe
  2⤵
  PID:10292
- C:\Windows\System\zyQXdZp.exe
  C:\Windows\System\zyQXdZp.exe
  2⤵
  PID:10364
- C:\Windows\System\IqeMwGs.exe
  C:\Windows\System\IqeMwGs.exe
  2⤵
  PID:10428
- C:\Windows\System\WHtNgmV.exe
  C:\Windows\System\WHtNgmV.exe
  2⤵
  PID:10600
- C:\Windows\System\UFtzpRQ.exe
  C:\Windows\System\UFtzpRQ.exe
  2⤵
  PID:10628
- C:\Windows\System\PRbIcDp.exe
  C:\Windows\System\PRbIcDp.exe
  2⤵
  PID:10664
- C:\Windows\System\VuiSrtc.exe
  C:\Windows\System\VuiSrtc.exe
  2⤵
  PID:10728
- C:\Windows\System\PycBKfT.exe
  C:\Windows\System\PycBKfT.exe
  2⤵
  PID:1964
- C:\Windows\System\DaOzLik.exe
  C:\Windows\System\DaOzLik.exe
  2⤵
  PID:10816
- C:\Windows\System\LLrkHOx.exe
  C:\Windows\System\LLrkHOx.exe
  2⤵
  PID:10892
- C:\Windows\System\KUTNuzH.exe
  C:\Windows\System\KUTNuzH.exe
  2⤵
  PID:10936
- C:\Windows\System\soEqPRb.exe
  C:\Windows\System\soEqPRb.exe
  2⤵
  PID:10980
- C:\Windows\System\XWFqNWl.exe
  C:\Windows\System\XWFqNWl.exe
  2⤵
  PID:11064
- C:\Windows\System\ZEkPPUu.exe
  C:\Windows\System\ZEkPPUu.exe
  2⤵
  PID:11092
- C:\Windows\System\eXWgCBv.exe
  C:\Windows\System\eXWgCBv.exe
  2⤵
  PID:11192
- C:\Windows\System\PrdMTAi.exe
  C:\Windows\System\PrdMTAi.exe
  2⤵
  PID:10212
- C:\Windows\System\UfDHahF.exe
  C:\Windows\System\UfDHahF.exe
  2⤵
  PID:10284
- C:\Windows\System\nBsizpo.exe
  C:\Windows\System\nBsizpo.exe
  2⤵
  PID:10436
- C:\Windows\System\TjxpyXw.exe
  C:\Windows\System\TjxpyXw.exe
  2⤵
  PID:10848
- C:\Windows\System\TiDgHhv.exe
  C:\Windows\System\TiDgHhv.exe
  2⤵
  PID:10872
- C:\Windows\System\TfiOEfe.exe
  C:\Windows\System\TfiOEfe.exe
  2⤵
  PID:11096
- C:\Windows\System\WFnRfoe.exe
  C:\Windows\System\WFnRfoe.exe
  2⤵
  PID:10388
- C:\Windows\System\JhSWloX.exe
  C:\Windows\System\JhSWloX.exe
  2⤵
  PID:11204
- C:\Windows\System\hAmcPPL.exe
  C:\Windows\System\hAmcPPL.exe
  2⤵
  PID:10560
- C:\Windows\System\HRWwenJ.exe
  C:\Windows\System\HRWwenJ.exe
  2⤵
  PID:11164
- C:\Windows\System\ElHRTsR.exe
  C:\Windows\System\ElHRTsR.exe
  2⤵
  PID:11276
- C:\Windows\System\YEXTtLW.exe
  C:\Windows\System\YEXTtLW.exe
  2⤵
  PID:11292
- C:\Windows\System\BoNegpK.exe
  C:\Windows\System\BoNegpK.exe
  2⤵
  PID:11308
- C:\Windows\System\oqsIynL.exe
  C:\Windows\System\oqsIynL.exe
  2⤵
  PID:11360
- C:\Windows\System\ehFXhAd.exe
  C:\Windows\System\ehFXhAd.exe
  2⤵
  PID:11400
- C:\Windows\System\fhzbRSN.exe
  C:\Windows\System\fhzbRSN.exe
  2⤵
  PID:11416
- C:\Windows\System\enXHnQn.exe
  C:\Windows\System\enXHnQn.exe
  2⤵
  PID:11436
- C:\Windows\System\IfUFkAk.exe
  C:\Windows\System\IfUFkAk.exe
  2⤵
  PID:11468
- C:\Windows\System\FUpfYnI.exe
  C:\Windows\System\FUpfYnI.exe
  2⤵
  PID:11556
- C:\Windows\System\HOpVirE.exe
  C:\Windows\System\HOpVirE.exe
  2⤵
  PID:11572
- C:\Windows\System\HsSAoLi.exe
  C:\Windows\System\HsSAoLi.exe
  2⤵
  PID:11588
- C:\Windows\System\WZMwXOo.exe
  C:\Windows\System\WZMwXOo.exe
  2⤵
  PID:11608
- C:\Windows\System\CVdBadD.exe
  C:\Windows\System\CVdBadD.exe
  2⤵
  PID:11624
- C:\Windows\System\cRsQEUF.exe
  C:\Windows\System\cRsQEUF.exe
  2⤵
  PID:11640
- C:\Windows\System\MqvEejX.exe
  C:\Windows\System\MqvEejX.exe
  2⤵
  PID:11660
- C:\Windows\System\GClXUkk.exe
  C:\Windows\System\GClXUkk.exe
  2⤵
  PID:11732
- C:\Windows\System\IHRGNIj.exe
  C:\Windows\System\IHRGNIj.exe
  2⤵
  PID:11756
- C:\Windows\System\iBSkkoi.exe
  C:\Windows\System\iBSkkoi.exe
  2⤵
  PID:11772
- C:\Windows\System\QdbPqWc.exe
  C:\Windows\System\QdbPqWc.exe
  2⤵
  PID:11820
- C:\Windows\System\IDjHIOJ.exe
  C:\Windows\System\IDjHIOJ.exe
  2⤵
  PID:11848
- C:\Windows\System\ptitsQf.exe
  C:\Windows\System\ptitsQf.exe
  2⤵
  PID:11876
- C:\Windows\System\egScdzw.exe
  C:\Windows\System\egScdzw.exe
  2⤵
  PID:11896
- C:\Windows\System\SCJTUNz.exe
  C:\Windows\System\SCJTUNz.exe
  2⤵
  PID:11916
- C:\Windows\System\EkQjquX.exe
  C:\Windows\System\EkQjquX.exe
  2⤵
  PID:11952
- C:\Windows\System\HqZDnjz.exe
  C:\Windows\System\HqZDnjz.exe
  2⤵
  PID:11972
- C:\Windows\System\bNVhYEE.exe
  C:\Windows\System\bNVhYEE.exe
  2⤵
  PID:12012
- C:\Windows\System\KpGILZv.exe
  C:\Windows\System\KpGILZv.exe
  2⤵
  PID:12036
- C:\Windows\System\piOgFwu.exe
  C:\Windows\System\piOgFwu.exe
  2⤵
  PID:12076
- C:\Windows\System\dIAtXKT.exe
  C:\Windows\System\dIAtXKT.exe
  2⤵
  PID:12092
- C:\Windows\System\PDbvXtr.exe
  C:\Windows\System\PDbvXtr.exe
  2⤵
  PID:12112
- C:\Windows\System\bmZpSyr.exe
  C:\Windows\System\bmZpSyr.exe
  2⤵
  PID:12140
- C:\Windows\System\XyhFeYW.exe
  C:\Windows\System\XyhFeYW.exe
  2⤵
  PID:12160
- C:\Windows\System\LxgpPni.exe
  C:\Windows\System\LxgpPni.exe
  2⤵
  PID:12180
- C:\Windows\System\YAtRJIE.exe
  C:\Windows\System\YAtRJIE.exe
  2⤵
  PID:12196
- C:\Windows\System\xDFzaZB.exe
  C:\Windows\System\xDFzaZB.exe
  2⤵
  PID:12232
- C:\Windows\System\PmBRBmS.exe
  C:\Windows\System\PmBRBmS.exe
  2⤵
  PID:12276
- C:\Windows\System\kwrkjlL.exe
  C:\Windows\System\kwrkjlL.exe
  2⤵
  PID:10916
- C:\Windows\System\JUfUdbq.exe
  C:\Windows\System\JUfUdbq.exe
  2⤵
  PID:11356
- C:\Windows\System\iyymPPE.exe
  C:\Windows\System\iyymPPE.exe
  2⤵
  PID:11396
- C:\Windows\System\orgBTuJ.exe
  C:\Windows\System\orgBTuJ.exe
  2⤵
  PID:11428
- C:\Windows\System\XatLQVO.exe
  C:\Windows\System\XatLQVO.exe
  2⤵
  PID:4400
- C:\Windows\System\WDvbJAN.exe
  C:\Windows\System\WDvbJAN.exe
  2⤵
  PID:11596
- C:\Windows\System\NCJhBPy.exe
  C:\Windows\System\NCJhBPy.exe
  2⤵
  PID:11616
- C:\Windows\System\PUAEyuJ.exe
  C:\Windows\System\PUAEyuJ.exe
  2⤵
  PID:11652
- C:\Windows\System\VnAPzKd.exe
  C:\Windows\System\VnAPzKd.exe
  2⤵
  PID:1984
- C:\Windows\System\dRaMAfe.exe
  C:\Windows\System\dRaMAfe.exe
  2⤵
  PID:11812
- C:\Windows\System\QDaMxmE.exe
  C:\Windows\System\QDaMxmE.exe
  2⤵
  PID:11868
- C:\Windows\System\lcequjc.exe
  C:\Windows\System\lcequjc.exe
  2⤵
  PID:11928
- C:\Windows\System\QHEnRUL.exe
  C:\Windows\System\QHEnRUL.exe
  2⤵
  PID:12008
- C:\Windows\System\SoYqUWY.exe
  C:\Windows\System\SoYqUWY.exe
  2⤵
  PID:12004
- C:\Windows\System\qTqZZHa.exe
  C:\Windows\System\qTqZZHa.exe
  2⤵
  PID:12152
- C:\Windows\System\fMhXarW.exe
  C:\Windows\System\fMhXarW.exe
  2⤵
  PID:2656
- C:\Windows\System\hdQUtvp.exe
  C:\Windows\System\hdQUtvp.exe
  2⤵
  PID:12192
- C:\Windows\System\ELyroxq.exe
  C:\Windows\System\ELyroxq.exe
  2⤵
  PID:12252
- C:\Windows\System\pWdMdat.exe
  C:\Windows\System\pWdMdat.exe
  2⤵
  PID:12264
- C:\Windows\System\nqyxvkL.exe
  C:\Windows\System\nqyxvkL.exe
  2⤵
  PID:11304
- C:\Windows\System\HVCiuLj.exe
  C:\Windows\System\HVCiuLj.exe
  2⤵
  PID:11380
- C:\Windows\System\WuFkdqg.exe
  C:\Windows\System\WuFkdqg.exe
  2⤵
  PID:11412
- C:\Windows\System\oaCyyGY.exe
  C:\Windows\System\oaCyyGY.exe
  2⤵
  PID:11564
- C:\Windows\System\tyefBBf.exe
  C:\Windows\System\tyefBBf.exe
  2⤵
  PID:11768
- C:\Windows\System\SGgJhlL.exe
  C:\Windows\System\SGgJhlL.exe
  2⤵
  PID:12108
- C:\Windows\System\EueXabO.exe
  C:\Windows\System\EueXabO.exe
  2⤵
  PID:12060
- C:\Windows\System\SyqheRt.exe
  C:\Windows\System\SyqheRt.exe
  2⤵
  PID:11704
- C:\Windows\System\RUzjZHT.exe
  C:\Windows\System\RUzjZHT.exe
  2⤵
  PID:4248
- C:\Windows\System\AfEYZuT.exe
  C:\Windows\System\AfEYZuT.exe
  2⤵
  PID:4320
- C:\Windows\System\TlsditX.exe
  C:\Windows\System\TlsditX.exe
  2⤵
  PID:1084
- C:\Windows\System\SliEJIu.exe
  C:\Windows\System\SliEJIu.exe
  2⤵
  PID:4804
- C:\Windows\System\bCwyibo.exe
  C:\Windows\System\bCwyibo.exe
  2⤵
  PID:1080
- C:\Windows\System\bRzbGZM.exe
  C:\Windows\System\bRzbGZM.exe
  2⤵
  PID:12292
- C:\Windows\System\xwhJvQS.exe
  C:\Windows\System\xwhJvQS.exe
  2⤵
  PID:12312
- C:\Windows\System\IgBRyfw.exe
  C:\Windows\System\IgBRyfw.exe
  2⤵
  PID:12336
- C:\Windows\System\OlHvRGi.exe
  C:\Windows\System\OlHvRGi.exe
  2⤵
  PID:12352
- C:\Windows\System\vRnQtRf.exe
  C:\Windows\System\vRnQtRf.exe
  2⤵
  PID:12384
- C:\Windows\System\lunIZyJ.exe
  C:\Windows\System\lunIZyJ.exe
  2⤵
  PID:12408
- C:\Windows\System\sJiOACl.exe
  C:\Windows\System\sJiOACl.exe
  2⤵
  PID:12432
- C:\Windows\System\hHWxmfA.exe
  C:\Windows\System\hHWxmfA.exe
  2⤵
  PID:12460
- C:\Windows\System\cJoTdva.exe
  C:\Windows\System\cJoTdva.exe
  2⤵
  PID:12504
- C:\Windows\System\cmeRjyK.exe
  C:\Windows\System\cmeRjyK.exe
  2⤵
  PID:12520
- C:\Windows\System\KDNonPd.exe
  C:\Windows\System\KDNonPd.exe
  2⤵
  PID:12560
- C:\Windows\System\xkVmNWm.exe
  C:\Windows\System\xkVmNWm.exe
  2⤵
  PID:12576
- C:\Windows\System\RuNBthI.exe
  C:\Windows\System\RuNBthI.exe
  2⤵
  PID:12596
- C:\Windows\System\RTZEGOF.exe
  C:\Windows\System\RTZEGOF.exe
  2⤵
  PID:12628
- C:\Windows\System\KXDqpob.exe
  C:\Windows\System\KXDqpob.exe
  2⤵
  PID:12660
- C:\Windows\System\PXopwZz.exe
  C:\Windows\System\PXopwZz.exe
  2⤵
  PID:12680
- C:\Windows\System\KRtnFhH.exe
  C:\Windows\System\KRtnFhH.exe
  2⤵
  PID:12712
- C:\Windows\System\OEXsuEV.exe
  C:\Windows\System\OEXsuEV.exe
  2⤵
  PID:12764
- C:\Windows\System\zvjqemE.exe
  C:\Windows\System\zvjqemE.exe
  2⤵
  PID:12788
- C:\Windows\System\TJEDVgM.exe
  C:\Windows\System\TJEDVgM.exe
  2⤵
  PID:12812
- C:\Windows\System\tmscpko.exe
  C:\Windows\System\tmscpko.exe
  2⤵
  PID:12836
- C:\Windows\System\YwNspAh.exe
  C:\Windows\System\YwNspAh.exe
  2⤵
  PID:12864
- C:\Windows\System\xXaHdhu.exe
  C:\Windows\System\xXaHdhu.exe
  2⤵
  PID:12888
- C:\Windows\System\DLdIwCz.exe
  C:\Windows\System\DLdIwCz.exe
  2⤵
  PID:12904
- C:\Windows\System\lEXMZaK.exe
  C:\Windows\System\lEXMZaK.exe
  2⤵
  PID:12940
- C:\Windows\System\OrqfFzm.exe
  C:\Windows\System\OrqfFzm.exe
  2⤵
  PID:12972
- C:\Windows\System\JQobDRy.exe
  C:\Windows\System\JQobDRy.exe
  2⤵
  PID:13004
- C:\Windows\System\exCaPRB.exe
  C:\Windows\System\exCaPRB.exe
  2⤵
  PID:13032
- C:\Windows\System\QnkrSNU.exe
  C:\Windows\System\QnkrSNU.exe
  2⤵
  PID:13056
- C:\Windows\System\aaDqiBY.exe
  C:\Windows\System\aaDqiBY.exe
  2⤵
  PID:13076
- C:\Windows\System\SvZJdxh.exe
  C:\Windows\System\SvZJdxh.exe
  2⤵
  PID:13096
- C:\Windows\System\BntsBMk.exe
  C:\Windows\System\BntsBMk.exe
  2⤵
  PID:13116
- C:\Windows\System\zABJOry.exe
  C:\Windows\System\zABJOry.exe
  2⤵
  PID:13160
- C:\Windows\System\JsKEnTB.exe
  C:\Windows\System\JsKEnTB.exe
  2⤵
  PID:13180
- C:\Windows\System\PJWbOdw.exe
  C:\Windows\System\PJWbOdw.exe
  2⤵
  PID:13228
- C:\Windows\System\GDcpNXf.exe
  C:\Windows\System\GDcpNXf.exe
  2⤵
  PID:13252
- C:\Windows\System\OoPQmEO.exe
  C:\Windows\System\OoPQmEO.exe
  2⤵
  PID:12548
- C:\Windows\System\OnbsRwJ.exe
  C:\Windows\System\OnbsRwJ.exe
  2⤵
  PID:12752
- C:\Windows\System\WILeAbk.exe
  C:\Windows\System\WILeAbk.exe
  2⤵
  PID:12804
- C:\Windows\System\wWQQTJp.exe
  C:\Windows\System\wWQQTJp.exe
  2⤵
  PID:12872
- C:\Windows\System\IadojzX.exe
  C:\Windows\System\IadojzX.exe
  2⤵
  PID:12844
- C:\Windows\System\FVFeykv.exe
  C:\Windows\System\FVFeykv.exe
  2⤵
  PID:12924
- C:\Windows\System\bVigNGC.exe
  C:\Windows\System\bVigNGC.exe
  2⤵
  PID:13024
- C:\Windows\System\mFjGzch.exe
  C:\Windows\System\mFjGzch.exe
  2⤵
  PID:13088
- C:\Windows\System\oPdCgpa.exe
  C:\Windows\System\oPdCgpa.exe
  2⤵
  PID:13152
- C:\Windows\System\wAkAxCQ.exe
  C:\Windows\System\wAkAxCQ.exe
  2⤵
  PID:13132
- C:\Windows\System\xMEHSFI.exe
  C:\Windows\System\xMEHSFI.exe
  2⤵
  PID:13308
- C:\Windows\System\fZBCyIn.exe
  C:\Windows\System\fZBCyIn.exe
  2⤵
  PID:11908
- C:\Windows\System\zgXGnIo.exe
  C:\Windows\System\zgXGnIo.exe
  2⤵
  PID:12320
- C:\Windows\System\cRjgGfL.exe
  C:\Windows\System\cRjgGfL.exe
  2⤵
  PID:12452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xqtevoqj.swy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BWjSDGc.exe

Filesize
2.2MB

MD5
c4f5422f9990a2a87ef4efd57a74e1e1

SHA1
b823f74cc6960bf7ca0a0d96be409702877258fa

SHA256
0c91fa347f9f9cb594eacb413ae20a75683f7ea80b719e59e3c11351a8e13797

SHA512
637dc92c5d973c38587f3023db663cd2fa1121a9b5ca1cce5e20efb88ef9582baab49cb4fe8c3e547c949d3c046aaef7dbf0813a8e3da11117ae7d9663b5af5f

Download Submit
C:\Windows\System\CwSJxjr.exe

Filesize
2.2MB

MD5
1cc14eb84cda7308688f9b6e6ccde2ac

SHA1
4370d1df9232ae6c3bdff13fdaf0321b5b8e981c

SHA256
793e541ed90b92ee0b39f0a88c5ff70b749615d1a8380d69fafc2ad2715cbf74

SHA512
24d2c8c7bfbc6f7c1f8d4df19dac3bf4ce6babc1b779ddaa3b573f4817c893cd458a89801f8cf3ae3cb176cb61ec37657f47b0b0bd42bde403c418ed326dc1d3

Download Submit
C:\Windows\System\DFsJqNX.exe

Filesize
8B

MD5
0b02220145771e90ebe4310a5742c9eb

SHA1
9bd568d96b03bd5446f96a7b59c08196eb5a57c3

SHA256
6135f164d0697be47c97ab606a7a1adcbc1eb3846ae4debecafb1a6ccfd23e4e

SHA512
cb08dee7f4e4dd1bb8de836a2364c078d9de5aef5dcb329e7e0b8e1cc2bfaa06c42f8b8ddf04bdb30392074759beef091a761854b0812b9a726b3c820c99a5a8

Download Submit
C:\Windows\System\DRpOklH.exe

Filesize
2.2MB

MD5
3a7aea12e7f3ea839e810cfaec3f1cec

SHA1
51d985a833b4d71f9bda89323d38f40ca9b326b5

SHA256
a81433e15cc8247ec1cc79d136b736b01f4f91059a7cdbd841980856804fe3a8

SHA512
498135e769bda27d5308ec707fd81972429494e1b7e7f31e7bcb245606cface160d2d512a34532b278f4f71bb0347d1d76e59951bfce0a7f3f38502111fdd513

Download Submit
C:\Windows\System\EHNMIxr.exe

Filesize
2.2MB

MD5
1082790790c96768baa1c6ce98415f5d

SHA1
033aeaebbd25061a963805f5f52924edb15f030e

SHA256
03e8b7aedb1e7fc7fbdfd1e3c11010c32097d236370ce52334c73ee06497ae4e

SHA512
725dfbdc7448e7dffa57f5e0c20eba9dd6ab53d0cfd091e9be0496e15a7d03ae9ca554c47c24670cb3f579013c92925ca452ed5711a7824c1e3e1c42af6c477f

Download Submit
C:\Windows\System\FfVymLN.exe

Filesize
2.2MB

MD5
77de7a9ce2f0d901f765f46c283fd9d3

SHA1
77387b6dee833d784fc47e86ed73320a51970cd7

SHA256
c4e49f67ea859d66bb6766d8ca94c45fca6ba980704c53e625d6139cd91d35a9

SHA512
921e6e4129557eed79ca86673beb3ef4bea17d8fbe55f339ea7d85e44f04819540e051fdc6adbdf6439f57d17713f71553a46bce06d1d58e62e57639fe7c4917

Download Submit
C:\Windows\System\GzBJhUg.exe

Filesize
2.2MB

MD5
837d53ebc44f2b9edc98056c2b13b181

SHA1
2612e1ed6d95081899ae7c95913f561da1884e4c

SHA256
99e0f73ca5a949dceb8ef1342fc7ba7cc00e8001412a5421adcf690b872f06b0

SHA512
7a4330050630ee1957cde3cbcebccd270741ec09dba54e221fa9e02e9712ed49e71f3cdb15e883d28762b097a4873e9a144b17b70d68a78b4c3911455aea8d73

Download Submit
C:\Windows\System\Jeogmou.exe

Filesize
2.2MB

MD5
d3394dca392e86167f38e87c6358d78a

SHA1
b26e29ca1d5d7a96e2f1b49b0c842d41c342f48e

SHA256
036dfb3d57551a9dfc9d99b3964546eb76afefebe967fe0c3932ba082525b3ff

SHA512
3dc5f7101d817dfee46f765f161353c52cca15bd37eebca9070d8e7a64dcef12e030c1e5e9dac463924ca0be1132b59ef1036566c952de1c2d2326692cd5ea1d

Download Submit
C:\Windows\System\LGNWlmj.exe

Filesize
2.2MB

MD5
3ac39dfd89cd439b9edb07ba3081c16f

SHA1
996601667c2a19b8b64e3c0848b117aae735ff37

SHA256
a8a06a69845411e9af72ffc6d2ad31a6c3f342658afe98dfb97013a797dcad52

SHA512
4511a842a666c3785957a94472c8d0b86bd635007231dfddc193d673a6a89b28c2fe5e5b38d5b3b8141b3bbbe91a4b73fd410b9960e10d87d525f3204176e246

Download Submit
C:\Windows\System\LoxsaVO.exe

Filesize
2.2MB

MD5
7947e3acd9621cd154b7064eea8e626a

SHA1
425c0b7e11ecaec61bfc2c18dac65f977ecb15e9

SHA256
bfeb687c01d4418b989af1fc52ca26978b33a5567a1f53f1cc571458d726748f

SHA512
ebb3db9228d6684c6e986c4ce25b8fe810989ccdb42d800fea546175d465f35a15fed0205eb46a5843719f4b795956f1d6395158e4eeeee752547ecbc64f4b1f

Download Submit
C:\Windows\System\LqnEayT.exe

Filesize
2.2MB

MD5
1a28dde5eaa162d06754be1f741c3e22

SHA1
ce0cac818c805d595e240e6fb53efdb1682b262e

SHA256
e119e198e0ddede40fef8c9e4a6e92960cacc4c0f9b542852b1844ff61570917

SHA512
24683dd6d917c8093c531a2badbb7a6794c5eb518f5569948b64b7d0df0b2174c3c7b0f7036ed0385e0471f8d995bf2a733bb287df7c45e2cdde549ed778174a

Download Submit
C:\Windows\System\MMDBDVe.exe

Filesize
2.2MB

MD5
b9d66e734e04034b2eb632f0a710d800

SHA1
f571d986f3ea8718f6622e41f8a4a9b30b0d9c47

SHA256
d6b7679c5b79cf0f1a3b6a0c12fdae9d0f8104d1034bfe468052ba2310173d5b

SHA512
7ac9017a371aac818d661641adee50bd4b68ea51f1059db63c8d51f9be18c06ad9a3e045eb8eddf52baae219ce6f0f2fc387d37c36bc2586f3d475892d9f1ecc

Download Submit
C:\Windows\System\NUHsWMT.exe

Filesize
2.2MB

MD5
8d4bd121d0b1a1601b5c364451ed4b5b

SHA1
c8abe5f0aa61710aa8b63ba816277a6c75ea56c6

SHA256
cd727829252469c02ebe897ae5c31607fd70a82b113489f8a6bd3a8720ac1001

SHA512
541dc861212598fc6ad3869cf6ad7d828da396da1e1634727b483e8be2cdc760cf43b06629f7bc508158604b715fdd8f95b0ea295c81a755804e4b16f6e6d925

Download Submit
C:\Windows\System\OagCLIX.exe

Filesize
2.2MB

MD5
db27fd8ad944a92cc8f29b287253ac06

SHA1
cf73562d120ec3eeb6730f9676583b06022d17d7

SHA256
45f51991d15ccc3672047125af4ca6b3f4eea0bef7d1705970aefd2b29da54ae

SHA512
4db74edbbd7614de27fe897ac398f69ce0bd19187cc66c448e09f28f4feaef87bc8cd790526ab98bc2ed0b8e2560efdca631b78c63c05df34d71cca1aa497aa4

Download Submit
C:\Windows\System\PkClwax.exe

Filesize
2.2MB

MD5
8af5188d3a0f68ebf0d360988d16a92a

SHA1
e739d6b1e644375d06dd3f6f6cade09522d2d094

SHA256
a1cfaa1eddf31662fcc7f6c9e664658c62f1502e00114cc39377c2075042ce87

SHA512
c110d68b9058d6bc24a8bb5b930c0a8dacadd043dfe2fba466cf275bb0f97ed1a4b591e16657d74c452b8fafab66d3fd134cddcf9930da16a94016ad25dd6a3d

Download Submit
C:\Windows\System\RvhgOqF.exe

Filesize
2.2MB

MD5
6b7a40798e787a2d54999ea0d8c44d72

SHA1
5c59d1b3bf0286df97a551b3b8cdc04c95e08007

SHA256
9eb5c9a04fad0f0f46a51b9e01287832c7cb48152b03969d77246b50c86eb845

SHA512
694027fad2fc819539435743106bc3b304ac722eee43f07e6e90a980554c42fe551bed1db864a1d747309afc3f6b4e379af531250f09c555c5295cf46a0359b4

Download Submit
C:\Windows\System\SHXiOZt.exe

Filesize
2.2MB

MD5
818a291aceceb07b712a7748de5d0a84

SHA1
2c4f01426acce9c0fda62c39adfd3b38d8a2ce7c

SHA256
463c428840cfe86d441fa95e9841a665df33480feb7597a6821ccc8ae66cbbbe

SHA512
b404607df801e236a17dc599fdedc74118645fd70eca5caa4b8348ef0ce35f4f3f1d8533231b9a2a24669193c18c5d3b31a779fba7468be80cbf550f39f0aecd

Download Submit
C:\Windows\System\THDsLwO.exe

Filesize
2.2MB

MD5
b0422ed1b49801ecd09a4c9dd87aa23c

SHA1
efd618d423f5d15321f726e0736891fb917ff0ec

SHA256
486bbec04eab31ea6d0a666bd1c94df9b455e45796780abbb503348be404e3f5

SHA512
956d2c924bd3617a4bcededbc5a2bfaf8129d0ad4116ce2d236f00a4b03acc4dc8d08fe7d40d78a66a05bc2e49e97444c545bca0a8e33532cc2adfdbeccdc30a

Download Submit
C:\Windows\System\XAwQBsz.exe

Filesize
2.2MB

MD5
e2a50e224941b2107b7110cfe84af7bc

SHA1
90323c2931a682faa617a196b926b0f6b465e91a

SHA256
fdd7114c2bc76e1a6fdfc2710699139273a69b2e0a4e5e6bf0f9eead9cc2b6ce

SHA512
fe7ea426080d3eeaea3c2c233b7c83555ab5ae7a6214ccf1c5465cc5cb9f5ed2f0ff2e1711b1096a7f8e8440c8e5b77cd6950728f6cde35a1f3861d9072f33e2

Download Submit
C:\Windows\System\XKSHxSY.exe

Filesize
2.2MB

MD5
9ea0cb9b57af803127efc7fc430381d2

SHA1
bebb3b8a814a772f077b20f655f63710da603248

SHA256
58a0d6943e65782ed8722d4ddcb69b44e43704b3fa8999b9fa1b7d9864776586

SHA512
61f859542b28794895c08e92a3d5d1a3232c9647d71508929e96d681a24c526f17576e9e4b0b13b8156af829133e95fd8ffa700f5b108ad1c2f65c60bc567d8b

Download Submit
C:\Windows\System\XMYbLlT.exe

Filesize
2.2MB

MD5
b05bf7d038c4b58808f4990508fbe956

SHA1
283830c6c7aa39f78bcc0599bdc1b371a0a36b06

SHA256
8b684b6c083789b5aa7fe1c271f7491800968f8f97c12c24e39fe11910d9b9c2

SHA512
665c78b324b4a981f5a3c5ef13d48b6c882336191259a05bb35bd16013adda16cce4cc65ffb0b08e2853a0acda2a31e47ce1f1ad6748d39c9f10267b68588a82

Download Submit
C:\Windows\System\YTiWDJM.exe

Filesize
2.2MB

MD5
5a9795dc58f64173f6f3de6a8f7f0f24

SHA1
0e581ba0a7e0079ee7ebaecc3fbb8fe881ef1b8e

SHA256
28a2fe5678a8a62f9adcbb20e77fe417b367b9a7b626daa652d2557c672b0434

SHA512
c7aed6784c13110c666f806fdc081f51f0ed72517bca9508cfbca6dcbb35c4edfef7d3984f08f2505b4826e6f4fbab064663cd5d99e027c86317c8c25da81700

Download Submit
C:\Windows\System\YfkChKi.exe

Filesize
2.2MB

MD5
e87ad242404bd670c719e0c1a4ce8f79

SHA1
54701ec21c80df9f6b86bbc6e7cf4bf7c666c9d8

SHA256
c4e8e559757776c27fa0123fa18b4d308330d24d0f386a2e763902d23fcafce9

SHA512
6ba7bceec4b228d149850f28d46f816350865a6f1a3f0c1480e478b28297ea5299880b18da392054118e1d380c8b5fd28d6d673ebb1c602b4a8bbbf0630f29d3

Download Submit
C:\Windows\System\aFYFcJe.exe

Filesize
2.2MB

MD5
2a8a92f928226675755f556de890e6be

SHA1
c3f95018a3e76f25ee012b9d6d6ebe8407a0af33

SHA256
1dfb8457b1a14edb8aeed36473ed536e6c749466a97b26cb8214fb4bb6711275

SHA512
0c868c95f8bccde0081880d97bdb7b2928ca2060f6adb756369925fc06929ebfa17c10fda723098512042cf05c4e74344ef0a14996a17a4158961dd283fe956f

Download Submit
C:\Windows\System\jwpwane.exe

Filesize
2.2MB

MD5
42670126bb988b81a4170d6647cb2cad

SHA1
0371f86d471f1f7f797bc3d5752cf09e578470b1

SHA256
e0f968b1497be9c296293e8c0fd32b6c1ee34ba43d1a2b7acdb97f9c0fb47945

SHA512
e5618f9f9f4bf91617cbe41cf48e5dfa12ef113fa0aa4c16bd114f5e89a2ecfc238232c58d9cc411d8a2918d9075cbf7795a4f7fbb3780a479713f6da4a83d69

Download Submit
C:\Windows\System\kMZpErd.exe

Filesize
2.2MB

MD5
e0c9251356210febeb1d499d73ef703b

SHA1
0ba85515a3a86954230e2f09b3a1cb08fdc05a9e

SHA256
79a447997750d957189a33d39e32f23c4d11f4c40055eb6de6ac4928fcc428a4

SHA512
ddc284f9ec8e5d2c1eae26942b78f8754406d4222197c8380cf990c3e760377f8119f21726925e315828b768c1a640ae3404707c0b270a26404d734a07b0029f

Download Submit
C:\Windows\System\lQOkUOj.exe

Filesize
2.2MB

MD5
6dd840ee7df4abe57dfcbe6de723d22c

SHA1
586b77e9cb14e4e701a1858c20c2877e5a19fd6a

SHA256
edb0c9d9f3111d91f4d75610d711d47e0c66f6c13b45191f0869f8838cd88877

SHA512
1c1b75b571adb3e3bbe84d66d016c20b9280bc703e0931858863150638632281b7b7a9418877b24cd37e4ba21451470aab3f6130b865e7f84efca69e700d82f2

Download Submit
C:\Windows\System\lkgFwxd.exe

Filesize
2.2MB

MD5
4460f8be60be5dce84991f86da13f7d9

SHA1
9082ac63ba3cb1df8915b56f4e6c80318df17a61

SHA256
1163309653ef0b161598ae9d40e5b3b6bd74e8e22c7c80d90ebb6860d8771ec2

SHA512
56f4abfacdd527a1a3387f848c5bde7a4731c2b8369de9fa3c2b7136f84fdaf9177f4c2fcc488a5f291f1c08c82a16a5ac856e22e66c8112a27818c387c2584d

Download Submit
C:\Windows\System\nhjeXLI.exe

Filesize
2.2MB

MD5
b2d6c52e257a3b47ed3c0a6cbd9cdb2a

SHA1
20d6edd58ab15f28e4bcee0ff02ba65353323480

SHA256
a5f87c9b182315444295b3a8aec740d16675cf217ec93d16b046edd0424772b2

SHA512
491b314c9d7a37542e63f03df7eba7863fe59e83e0e1b475ce7cbdf50c6fb904bb21528062c404761f6edf2560aca2ac9ad47f6cacb6e2ce4f8e1ebc482bb66f

Download Submit
C:\Windows\System\qxEpVDr.exe

Filesize
2.2MB

MD5
486af82e52463818acc560a8e3b16e32

SHA1
469d0f8246cbf3aa504983dabadc3c4f65d36e6c

SHA256
669724dd309f70dd455ea3d50a0ab2fa95200fa221b0637164080df300994862

SHA512
eedc331e0a5cbd3aff93910257d06f7aaf06900e19c08d18c720d2eb2afecbb67da647c038ccef465d41dac820fbe11a4df02dd8b9687d712d98e7a746e9f155

Download Submit
C:\Windows\System\sMMiJUY.exe

Filesize
2.2MB

MD5
afa05a38cbabafd8bf783e81f50517cf

SHA1
d90b355bcfdf97f6eb972c37d8e254f8ba4d0e74

SHA256
788e98380d5db1d0a10fc6ca9e8a51a193635555a926b5afca811a5f161f049b

SHA512
a7c323e54dcc3073fab4eb38db09c21533b70e8fa6221286b68bfcf41a01aaee102d12012d2e455070bfcd5f30ffdce5521e3df940dbb8e4ea344d49d4db32ba

Download Submit
C:\Windows\System\tqIJiyU.exe

Filesize
2.2MB

MD5
b0f7419bf51b96e62e093b370c754ee2

SHA1
11967ff4d2538cf53f89aae0a04b072153d5cb3a

SHA256
4fefe645f5c50d81752237f26476b6df5fbd7fc1f1ba8e31a45d39124ee0fad5

SHA512
ee2fc81d4cb14de6a558fee52453d92d2fd08b0f3dbb78438c0e220e38a2ac43ee23ecc2d67fdb34063bd1a6794828cc9e26e8df58c4a2ebccd35ad8230fb902

Download Submit
C:\Windows\System\xgeaXwk.exe

Filesize
2.2MB

MD5
d7e2b6fb7e37fae3f6e225a3eb54629a

SHA1
73587fdc4dbf84f729b2bed3e7314adffffb8997

SHA256
02e65bd29259345356e7a5a0e4eb63dea3fb381049d22e7881f570c53e8b047c

SHA512
3e270cd48175d60670e2445c75f4c766e7556ef67ed6459a4ef6759d416bff92a1de95345d9ee2200dc1cae6a445b0094ce57c4fd3fd3ab0c55c812f422001a0

Download Submit
C:\Windows\System\yIbeIif.exe

Filesize
2.2MB

MD5
1debacb0f5d557122b48d3979176c9f5

SHA1
fca18963322709294197aa79ff54d83a0ab49d3f

SHA256
bbdd9b02598fd1919c6c1561abe6528092c05db019ebf5ab65da1d0317efaf36

SHA512
3e8bde286e043ff0a026956abff18a75464c694316b4193a33fc0e9d04d5bd8ebf179b0d83ced07eae084a859c6d33380b98361a9cf7a933eebfc3e9da4d779c

Download Submit
memory/220-2194-0x00007FF70EBA0000-0x00007FF70EF92000-memory.dmp

Filesize
3.9MB

Download
memory/220-568-0x00007FF70EBA0000-0x00007FF70EF92000-memory.dmp

Filesize
3.9MB

Download
memory/932-559-0x00007FF7B1E50000-0x00007FF7B2242000-memory.dmp

Filesize
3.9MB

Download
memory/932-2214-0x00007FF7B1E50000-0x00007FF7B2242000-memory.dmp

Filesize
3.9MB

Download
memory/1040-531-0x00007FF7DC1D0000-0x00007FF7DC5C2000-memory.dmp

Filesize
3.9MB

Download
memory/1040-2201-0x00007FF7DC1D0000-0x00007FF7DC5C2000-memory.dmp

Filesize
3.9MB

Download
memory/1156-2157-0x00007FF778C70000-0x00007FF779062000-memory.dmp

Filesize
3.9MB

Download
memory/1156-61-0x00007FF778C70000-0x00007FF779062000-memory.dmp

Filesize
3.9MB

Download
memory/1180-2207-0x00007FF7A0E80000-0x00007FF7A1272000-memory.dmp

Filesize
3.9MB

Download
memory/1180-549-0x00007FF7A0E80000-0x00007FF7A1272000-memory.dmp

Filesize
3.9MB

Download
memory/1484-2145-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp

Filesize
3.9MB

Download
memory/1484-2098-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp

Filesize
3.9MB

Download
memory/1484-21-0x00007FF76A640000-0x00007FF76AA32000-memory.dmp

Filesize
3.9MB

Download
memory/1948-572-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp

Filesize
3.9MB

Download
memory/1948-2183-0x00007FF6DFDF0000-0x00007FF6E01E2000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2197-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2368-533-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2444-25-0x0000014DD8890000-0x0000014DD88A0000-memory.dmp

Filesize
64KB

Download
memory/2444-57-0x0000014DF4750000-0x0000014DF4772000-memory.dmp

Filesize
136KB

Download
memory/2444-59-0x00007FFF27E70000-0x00007FFF28931000-memory.dmp

Filesize
10.8MB

Download
memory/2488-2216-0x00007FF6DE9B0000-0x00007FF6DEDA2000-memory.dmp

Filesize
3.9MB

Download
memory/2488-553-0x00007FF6DE9B0000-0x00007FF6DEDA2000-memory.dmp

Filesize
3.9MB

Download
memory/2496-2116-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp

Filesize
3.9MB

Download
memory/2496-17-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp

Filesize
3.9MB

Download
memory/2496-2095-0x00007FF7FD180000-0x00007FF7FD572000-memory.dmp

Filesize
3.9MB

Download
memory/2720-2155-0x00007FF6042E0000-0x00007FF6046D2000-memory.dmp

Filesize
3.9MB

Download
memory/2720-66-0x00007FF6042E0000-0x00007FF6046D2000-memory.dmp

Filesize
3.9MB

Download
memory/2732-2212-0x00007FF632120000-0x00007FF632512000-memory.dmp

Filesize
3.9MB

Download
memory/2732-563-0x00007FF632120000-0x00007FF632512000-memory.dmp

Filesize
3.9MB

Download
memory/3192-546-0x00007FF6EAB40000-0x00007FF6EAF32000-memory.dmp

Filesize
3.9MB

Download
memory/3192-2205-0x00007FF6EAB40000-0x00007FF6EAF32000-memory.dmp

Filesize
3.9MB

Download
memory/3348-33-0x00007FF652120000-0x00007FF652512000-memory.dmp

Filesize
3.9MB

Download
memory/3348-2139-0x00007FF652120000-0x00007FF652512000-memory.dmp

Filesize
3.9MB

Download
memory/3432-532-0x00007FF7D2DF0000-0x00007FF7D31E2000-memory.dmp

Filesize
3.9MB

Download
memory/3432-2198-0x00007FF7D2DF0000-0x00007FF7D31E2000-memory.dmp

Filesize
3.9MB

Download
memory/3652-2112-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp

Filesize
3.9MB

Download
memory/3652-24-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp

Filesize
3.9MB

Download
memory/3652-2143-0x00007FF6B5050000-0x00007FF6B5442000-memory.dmp

Filesize
3.9MB

Download
memory/3716-63-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp

Filesize
3.9MB

Download
memory/3716-2113-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp

Filesize
3.9MB

Download
memory/3716-2372-0x00007FF70CDA0000-0x00007FF70D192000-memory.dmp

Filesize
3.9MB

Download
memory/4656-2210-0x00007FF73D6E0000-0x00007FF73DAD2000-memory.dmp

Filesize
3.9MB

Download
memory/4656-567-0x00007FF73D6E0000-0x00007FF73DAD2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-67-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp

Filesize
3.9MB

Download
memory/4844-2174-0x00007FF68A820000-0x00007FF68AC12000-memory.dmp

Filesize
3.9MB

Download
memory/4928-530-0x00007FF713530000-0x00007FF713922000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2203-0x00007FF713530000-0x00007FF713922000-memory.dmp

Filesize
3.9MB

Download
memory/4960-1-0x0000028505C90000-0x0000028505CA0000-memory.dmp

Filesize
64KB

Download
memory/4960-0-0x00007FF753E70000-0x00007FF754262000-memory.dmp

Filesize
3.9MB

Download
memory/5092-62-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp

Filesize
3.9MB

Download
memory/5092-2167-0x00007FF743FF0000-0x00007FF7443E2000-memory.dmp

Filesize
3.9MB

Download