xmrig | 34c6360cf6581f7d7e6876ee0f243396e652c0631e160c1848f46068b94990c8

Analysis

max time kernel
30s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
Size

2.3MB
MD5

0a12ff01ee7bb42e2a3840eeb4b19b22
SHA1

800cfe60273225a80a05ed5d944cafeda6b2ed2f
SHA256

34c6360cf6581f7d7e6876ee0f243396e652c0631e160c1848f46068b94990c8
SHA512

b3c06da82c6131b5c9cb0d5b8d5f4a32862ce26c582fb05c864fabb36aee019cd407a66ef4cd7322f064b4c4c8d813d1b1147cf4edbbb22639bad596164271fd
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkc30JqMopiqEE:NABw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral2/memory/4044-50-0x00007FF66F4B0000-0x00007FF66F8A2000-memory.dmp	xmrig
behavioral2/memory/3856-70-0x00007FF68F870000-0x00007FF68FC62000-memory.dmp	xmrig
behavioral2/memory/4208-74-0x00007FF6EA900000-0x00007FF6EACF2000-memory.dmp	xmrig
behavioral2/memory/2524-81-0x00007FF7E2ED0000-0x00007FF7E32C2000-memory.dmp	xmrig
behavioral2/memory/2204-106-0x00007FF74CCB0000-0x00007FF74D0A2000-memory.dmp	xmrig
behavioral2/memory/3244-99-0x00007FF728350000-0x00007FF728742000-memory.dmp	xmrig
behavioral2/memory/3600-85-0x00007FF6B9130000-0x00007FF6B9522000-memory.dmp	xmrig
behavioral2/memory/708-80-0x00007FF63D110000-0x00007FF63D502000-memory.dmp	xmrig
behavioral2/memory/4132-55-0x00007FF630460000-0x00007FF630852000-memory.dmp	xmrig
behavioral2/memory/4880-51-0x00007FF649250000-0x00007FF649642000-memory.dmp	xmrig
behavioral2/memory/3628-45-0x00007FF734610000-0x00007FF734A02000-memory.dmp	xmrig
behavioral2/memory/3024-1773-0x00007FF62BDE0000-0x00007FF62C1D2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	1220	powershell.exe
10	1220	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1196	LMaCuHT.exe
3628	fDUKrWa.exe
4208	dFXFoQp.exe
708	mljjsQk.exe
4044	xZcIbIa.exe
4880	Zpmlkpp.exe
4132	ExUsxSA.exe
3856	ZfDBNHT.exe
2524	jhrramx.exe
3600	gUFtGzH.exe
2912	ZoVqpxu.exe
4520	Lisnwaa.exe
3244	JDEkoGE.exe
2204	EdFbYYD.exe
5116	vtZMKWU.exe
2520	aDyMxap.exe
4692	kCEPeTz.exe
4964	Vgdpykt.exe
4940	XCOafWq.exe
1768	qtdJIJN.exe
4936	EnhTisx.exe
2704	pgqBeSC.exe
3676	gMvtTDb.exe
2856	sVHsOuG.exe
4652	fyEcVRT.exe
2260	JPruuvY.exe
680	oegicKd.exe
880	qGANWgx.exe
3044	tujZPzE.exe
2640	yWVrptT.exe
1432	gfYdamO.exe
4440	SKCNmZy.exe
1924	qIXyNcg.exe
1644	nJeJgIC.exe
3096	TJcwUoR.exe
464	VryFKBU.exe
992	TmsSnRF.exe
4444	UNXZjKi.exe
4504	eVLjJkH.exe
4668	IuBsITM.exe
3532	BjurQXR.exe
1004	TlFaSxy.exe
1908	eJBSCaN.exe
4020	VScqKPb.exe
2348	IhHBTrr.exe
4592	VNStyCj.exe
5024	FFfRQjo.exe
2168	MXxwiHW.exe
1144	QUIfrjV.exe
4236	DjwJmQT.exe
4036	EtqzCCI.exe
4724	YxneOtX.exe
1036	zEQCIRa.exe
2540	ZiqpTYB.exe
1672	GkehleF.exe
3568	VqDUgco.exe
4352	likvYVD.exe
544	qLUprEH.exe
1900	VNhEWex.exe
228	nAnzYcY.exe
2280	pZQkpXX.exe
4552	RGGyaoJ.exe
760	UcxlORI.exe
4008	OufFZZo.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3024-0-0x00007FF62BDE0000-0x00007FF62C1D2000-memory.dmp	upx
behavioral2/files/0x000b000000023b7e-5.dat	upx
behavioral2/files/0x000a000000023b82-8.dat	upx
behavioral2/files/0x000a000000023b84-26.dat	upx
behavioral2/files/0x000a000000023b86-28.dat	upx
behavioral2/files/0x000a000000023b88-38.dat	upx
behavioral2/memory/4044-50-0x00007FF66F4B0000-0x00007FF66F8A2000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-54.dat	upx
behavioral2/memory/3856-70-0x00007FF68F870000-0x00007FF68FC62000-memory.dmp	upx
behavioral2/memory/4208-74-0x00007FF6EA900000-0x00007FF6EACF2000-memory.dmp	upx
behavioral2/memory/2524-81-0x00007FF7E2ED0000-0x00007FF7E32C2000-memory.dmp	upx
behavioral2/files/0x000a000000023b8b-87.dat	upx
behavioral2/files/0x000a000000023b8e-94.dat	upx
behavioral2/files/0x000b000000023b7f-107.dat	upx
behavioral2/files/0x000a000000023b91-115.dat	upx
behavioral2/files/0x000a000000023b92-131.dat	upx
behavioral2/files/0x000a000000023b95-139.dat	upx
behavioral2/files/0x000a000000023b97-151.dat	upx
behavioral2/files/0x000a000000023b9b-179.dat	upx
behavioral2/files/0x000a000000023b9e-194.dat	upx
behavioral2/files/0x000a000000023ba0-196.dat	upx
behavioral2/files/0x000a000000023b9f-191.dat	upx
behavioral2/files/0x000a000000023b9d-189.dat	upx
behavioral2/files/0x000a000000023b9c-184.dat	upx
behavioral2/files/0x000a000000023b9a-174.dat	upx
behavioral2/files/0x000a000000023b99-169.dat	upx
behavioral2/files/0x000a000000023b98-164.dat	upx
behavioral2/files/0x000a000000023b96-154.dat	upx
behavioral2/memory/4936-148-0x00007FF7B95B0000-0x00007FF7B99A2000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-143.dat	upx
behavioral2/memory/1768-142-0x00007FF6656A0000-0x00007FF665A92000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-137.dat	upx
behavioral2/memory/4940-136-0x00007FF7DD090000-0x00007FF7DD482000-memory.dmp	upx
behavioral2/memory/4964-130-0x00007FF6ED830000-0x00007FF6EDC22000-memory.dmp	upx
behavioral2/memory/4692-124-0x00007FF7195E0000-0x00007FF7199D2000-memory.dmp	upx
behavioral2/files/0x000a000000023b90-119.dat	upx
behavioral2/memory/2520-118-0x00007FF76CCB0000-0x00007FF76D0A2000-memory.dmp	upx
behavioral2/files/0x000b000000023b8c-113.dat	upx
behavioral2/memory/5116-112-0x00007FF645CE0000-0x00007FF6460D2000-memory.dmp	upx
behavioral2/memory/2204-106-0x00007FF74CCB0000-0x00007FF74D0A2000-memory.dmp	upx
behavioral2/memory/3244-99-0x00007FF728350000-0x00007FF728742000-memory.dmp	upx
behavioral2/memory/4520-98-0x00007FF72C9B0000-0x00007FF72CDA2000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-96.dat	upx
behavioral2/memory/2912-91-0x00007FF6FB920000-0x00007FF6FBD12000-memory.dmp	upx
behavioral2/files/0x000b000000023b8d-89.dat	upx
behavioral2/memory/3600-85-0x00007FF6B9130000-0x00007FF6B9522000-memory.dmp	upx
behavioral2/memory/708-80-0x00007FF63D110000-0x00007FF63D502000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-75.dat	upx
behavioral2/memory/4132-55-0x00007FF630460000-0x00007FF630852000-memory.dmp	upx
behavioral2/memory/4880-51-0x00007FF649250000-0x00007FF649642000-memory.dmp	upx
behavioral2/memory/3628-45-0x00007FF734610000-0x00007FF734A02000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-41.dat	upx
behavioral2/files/0x000a000000023b85-27.dat	upx
behavioral2/files/0x000a000000023b83-20.dat	upx
behavioral2/memory/1196-14-0x00007FF68F900000-0x00007FF68FCF2000-memory.dmp	upx
behavioral2/memory/3024-1773-0x00007FF62BDE0000-0x00007FF62C1D2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SEpGpyl.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\EnhTisx.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\MQhQxqv.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\elwQOfp.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\tZlENIU.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\likvYVD.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\UokMIOu.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\ZBhOfyS.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\QkHSTCJ.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\IqCCFlW.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\LlKhjxP.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\lVdYdre.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\nluxXae.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\dZnowLW.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\uOIWENX.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\HUsAclo.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\OVsGFWv.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\ARgKGWc.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\pLKwQLW.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\gQwKbEs.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\BHbssVH.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\cnBqtMH.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\MtZIdrt.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\dmydTft.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\wupMGvb.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\SESFInV.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\DnVzfYB.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\HKGXztS.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\mHgAtYX.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\QdGXEXq.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\hcdOCSp.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\ebApntG.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\UQqrfZY.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\RfNtfto.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\hcEnQtU.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\OOduYHr.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\mkfljHN.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\ZEDvOuw.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\FvtaTSz.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\xZPaMUj.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\GJeFVbb.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\JuIQCIC.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\DrpVFrr.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\fwALHrN.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\WMkyQho.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\vKxLZEh.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\eaWUmCW.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\XzXzozC.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\uMKFdkj.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\cDzUWAR.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\HQVHfyv.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\YWUopLb.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\hLVGVpY.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\gWaQZdP.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\slBOdaY.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\RzwKTiA.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\uhboYul.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\EyNlbJj.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\fZsozJR.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\WaTFuNu.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\argpwMY.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\NjgOlpM.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\LITJttm.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
File created	C:\Windows\System\snTnzcu.exe	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1220	powershell.exe
1220	powershell.exe
1220	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1220	powershell.exe
Token: SeLockMemoryPrivilege	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1220	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	85
PID 3024 wrote to memory of 1220	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	85
PID 3024 wrote to memory of 1196	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	86
PID 3024 wrote to memory of 1196	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	86
PID 3024 wrote to memory of 3628	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	87
PID 3024 wrote to memory of 3628	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	87
PID 3024 wrote to memory of 4208	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	88
PID 3024 wrote to memory of 4208	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	88
PID 3024 wrote to memory of 4044	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	89
PID 3024 wrote to memory of 4044	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	89
PID 3024 wrote to memory of 708	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	90
PID 3024 wrote to memory of 708	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	90
PID 3024 wrote to memory of 4880	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	91
PID 3024 wrote to memory of 4880	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	91
PID 3024 wrote to memory of 4132	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	92
PID 3024 wrote to memory of 4132	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	92
PID 3024 wrote to memory of 3856	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	93
PID 3024 wrote to memory of 3856	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	93
PID 3024 wrote to memory of 2524	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	94
PID 3024 wrote to memory of 2524	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	94
PID 3024 wrote to memory of 3600	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	95
PID 3024 wrote to memory of 3600	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	95
PID 3024 wrote to memory of 2912	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	96
PID 3024 wrote to memory of 2912	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	96
PID 3024 wrote to memory of 4520	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	97
PID 3024 wrote to memory of 4520	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	97
PID 3024 wrote to memory of 3244	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	98
PID 3024 wrote to memory of 3244	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	98
PID 3024 wrote to memory of 2204	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	99
PID 3024 wrote to memory of 2204	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	99
PID 3024 wrote to memory of 5116	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	100
PID 3024 wrote to memory of 5116	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	100
PID 3024 wrote to memory of 2520	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	101
PID 3024 wrote to memory of 2520	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	101
PID 3024 wrote to memory of 4692	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	102
PID 3024 wrote to memory of 4692	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	102
PID 3024 wrote to memory of 4964	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	103
PID 3024 wrote to memory of 4964	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	103
PID 3024 wrote to memory of 4940	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	104
PID 3024 wrote to memory of 4940	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	104
PID 3024 wrote to memory of 1768	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	105
PID 3024 wrote to memory of 1768	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	105
PID 3024 wrote to memory of 4936	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	106
PID 3024 wrote to memory of 4936	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	106
PID 3024 wrote to memory of 2704	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	107
PID 3024 wrote to memory of 2704	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	107
PID 3024 wrote to memory of 3676	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	108
PID 3024 wrote to memory of 3676	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	108
PID 3024 wrote to memory of 2856	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	109
PID 3024 wrote to memory of 2856	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	109
PID 3024 wrote to memory of 4652	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	110
PID 3024 wrote to memory of 4652	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	110
PID 3024 wrote to memory of 2260	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	111
PID 3024 wrote to memory of 2260	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	111
PID 3024 wrote to memory of 680	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	112
PID 3024 wrote to memory of 680	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	112
PID 3024 wrote to memory of 880	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	113
PID 3024 wrote to memory of 880	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	113
PID 3024 wrote to memory of 3044	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	114
PID 3024 wrote to memory of 3044	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	114
PID 3024 wrote to memory of 2640	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	115
PID 3024 wrote to memory of 2640	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	115
PID 3024 wrote to memory of 1432	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	116
PID 3024 wrote to memory of 1432	3024	0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0a12ff01ee7bb42e2a3840eeb4b19b22_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1220
- C:\Windows\System\LMaCuHT.exe
  C:\Windows\System\LMaCuHT.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\fDUKrWa.exe
  C:\Windows\System\fDUKrWa.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\dFXFoQp.exe
  C:\Windows\System\dFXFoQp.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\xZcIbIa.exe
  C:\Windows\System\xZcIbIa.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\mljjsQk.exe
  C:\Windows\System\mljjsQk.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\Zpmlkpp.exe
  C:\Windows\System\Zpmlkpp.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\ExUsxSA.exe
  C:\Windows\System\ExUsxSA.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\ZfDBNHT.exe
  C:\Windows\System\ZfDBNHT.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\jhrramx.exe
  C:\Windows\System\jhrramx.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\gUFtGzH.exe
  C:\Windows\System\gUFtGzH.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\ZoVqpxu.exe
  C:\Windows\System\ZoVqpxu.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\Lisnwaa.exe
  C:\Windows\System\Lisnwaa.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\JDEkoGE.exe
  C:\Windows\System\JDEkoGE.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\EdFbYYD.exe
  C:\Windows\System\EdFbYYD.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\vtZMKWU.exe
  C:\Windows\System\vtZMKWU.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\aDyMxap.exe
  C:\Windows\System\aDyMxap.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\kCEPeTz.exe
  C:\Windows\System\kCEPeTz.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\Vgdpykt.exe
  C:\Windows\System\Vgdpykt.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\XCOafWq.exe
  C:\Windows\System\XCOafWq.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\qtdJIJN.exe
  C:\Windows\System\qtdJIJN.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\EnhTisx.exe
  C:\Windows\System\EnhTisx.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\pgqBeSC.exe
  C:\Windows\System\pgqBeSC.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gMvtTDb.exe
  C:\Windows\System\gMvtTDb.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\sVHsOuG.exe
  C:\Windows\System\sVHsOuG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\fyEcVRT.exe
  C:\Windows\System\fyEcVRT.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\JPruuvY.exe
  C:\Windows\System\JPruuvY.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\oegicKd.exe
  C:\Windows\System\oegicKd.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\qGANWgx.exe
  C:\Windows\System\qGANWgx.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\tujZPzE.exe
  C:\Windows\System\tujZPzE.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\yWVrptT.exe
  C:\Windows\System\yWVrptT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\gfYdamO.exe
  C:\Windows\System\gfYdamO.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\SKCNmZy.exe
  C:\Windows\System\SKCNmZy.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\qIXyNcg.exe
  C:\Windows\System\qIXyNcg.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\nJeJgIC.exe
  C:\Windows\System\nJeJgIC.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\TJcwUoR.exe
  C:\Windows\System\TJcwUoR.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\VryFKBU.exe
  C:\Windows\System\VryFKBU.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\TmsSnRF.exe
  C:\Windows\System\TmsSnRF.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\UNXZjKi.exe
  C:\Windows\System\UNXZjKi.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\eVLjJkH.exe
  C:\Windows\System\eVLjJkH.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\IuBsITM.exe
  C:\Windows\System\IuBsITM.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\BjurQXR.exe
  C:\Windows\System\BjurQXR.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\TlFaSxy.exe
  C:\Windows\System\TlFaSxy.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\eJBSCaN.exe
  C:\Windows\System\eJBSCaN.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\VScqKPb.exe
  C:\Windows\System\VScqKPb.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\IhHBTrr.exe
  C:\Windows\System\IhHBTrr.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\VNStyCj.exe
  C:\Windows\System\VNStyCj.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\FFfRQjo.exe
  C:\Windows\System\FFfRQjo.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\MXxwiHW.exe
  C:\Windows\System\MXxwiHW.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QUIfrjV.exe
  C:\Windows\System\QUIfrjV.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\DjwJmQT.exe
  C:\Windows\System\DjwJmQT.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\EtqzCCI.exe
  C:\Windows\System\EtqzCCI.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\YxneOtX.exe
  C:\Windows\System\YxneOtX.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\zEQCIRa.exe
  C:\Windows\System\zEQCIRa.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ZiqpTYB.exe
  C:\Windows\System\ZiqpTYB.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GkehleF.exe
  C:\Windows\System\GkehleF.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\VqDUgco.exe
  C:\Windows\System\VqDUgco.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\likvYVD.exe
  C:\Windows\System\likvYVD.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\qLUprEH.exe
  C:\Windows\System\qLUprEH.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\VNhEWex.exe
  C:\Windows\System\VNhEWex.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\nAnzYcY.exe
  C:\Windows\System\nAnzYcY.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\pZQkpXX.exe
  C:\Windows\System\pZQkpXX.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\RGGyaoJ.exe
  C:\Windows\System\RGGyaoJ.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\UcxlORI.exe
  C:\Windows\System\UcxlORI.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\OufFZZo.exe
  C:\Windows\System\OufFZZo.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\HsrtVWd.exe
  C:\Windows\System\HsrtVWd.exe
  2⤵
  PID:5148
- C:\Windows\System\LbUPxvn.exe
  C:\Windows\System\LbUPxvn.exe
  2⤵
  PID:5176
- C:\Windows\System\KHObnDE.exe
  C:\Windows\System\KHObnDE.exe
  2⤵
  PID:5200
- C:\Windows\System\cJwdfiM.exe
  C:\Windows\System\cJwdfiM.exe
  2⤵
  PID:5232
- C:\Windows\System\lbehQzg.exe
  C:\Windows\System\lbehQzg.exe
  2⤵
  PID:5260
- C:\Windows\System\dmydTft.exe
  C:\Windows\System\dmydTft.exe
  2⤵
  PID:5292
- C:\Windows\System\MQhQxqv.exe
  C:\Windows\System\MQhQxqv.exe
  2⤵
  PID:5328
- C:\Windows\System\lYmEACC.exe
  C:\Windows\System\lYmEACC.exe
  2⤵
  PID:5352
- C:\Windows\System\neEUBna.exe
  C:\Windows\System\neEUBna.exe
  2⤵
  PID:5380
- C:\Windows\System\txsBmun.exe
  C:\Windows\System\txsBmun.exe
  2⤵
  PID:5408
- C:\Windows\System\GJeFVbb.exe
  C:\Windows\System\GJeFVbb.exe
  2⤵
  PID:5436
- C:\Windows\System\FxjTYsl.exe
  C:\Windows\System\FxjTYsl.exe
  2⤵
  PID:5468
- C:\Windows\System\EXoLFTt.exe
  C:\Windows\System\EXoLFTt.exe
  2⤵
  PID:5496
- C:\Windows\System\iHYXOmF.exe
  C:\Windows\System\iHYXOmF.exe
  2⤵
  PID:5524
- C:\Windows\System\cbXvhaT.exe
  C:\Windows\System\cbXvhaT.exe
  2⤵
  PID:5552
- C:\Windows\System\oSWODSU.exe
  C:\Windows\System\oSWODSU.exe
  2⤵
  PID:5580
- C:\Windows\System\lIYPnFD.exe
  C:\Windows\System\lIYPnFD.exe
  2⤵
  PID:5604
- C:\Windows\System\EaLHgHb.exe
  C:\Windows\System\EaLHgHb.exe
  2⤵
  PID:5632
- C:\Windows\System\NLlPIpp.exe
  C:\Windows\System\NLlPIpp.exe
  2⤵
  PID:5660
- C:\Windows\System\SAvdcfr.exe
  C:\Windows\System\SAvdcfr.exe
  2⤵
  PID:5688
- C:\Windows\System\syFmioR.exe
  C:\Windows\System\syFmioR.exe
  2⤵
  PID:5716
- C:\Windows\System\FazufNA.exe
  C:\Windows\System\FazufNA.exe
  2⤵
  PID:5748
- C:\Windows\System\pFpLObN.exe
  C:\Windows\System\pFpLObN.exe
  2⤵
  PID:5780
- C:\Windows\System\nIBkBzS.exe
  C:\Windows\System\nIBkBzS.exe
  2⤵
  PID:5804
- C:\Windows\System\IuyivVr.exe
  C:\Windows\System\IuyivVr.exe
  2⤵
  PID:5836
- C:\Windows\System\eHiIbFR.exe
  C:\Windows\System\eHiIbFR.exe
  2⤵
  PID:5864
- C:\Windows\System\tekjtAB.exe
  C:\Windows\System\tekjtAB.exe
  2⤵
  PID:5892
- C:\Windows\System\NjgOlpM.exe
  C:\Windows\System\NjgOlpM.exe
  2⤵
  PID:5920
- C:\Windows\System\NAZVgvJ.exe
  C:\Windows\System\NAZVgvJ.exe
  2⤵
  PID:5948
- C:\Windows\System\NphJLWw.exe
  C:\Windows\System\NphJLWw.exe
  2⤵
  PID:5976
- C:\Windows\System\RmCFzgo.exe
  C:\Windows\System\RmCFzgo.exe
  2⤵
  PID:6004
- C:\Windows\System\mWsjLGM.exe
  C:\Windows\System\mWsjLGM.exe
  2⤵
  PID:6028
- C:\Windows\System\wJhcppg.exe
  C:\Windows\System\wJhcppg.exe
  2⤵
  PID:6060
- C:\Windows\System\dqtSVDD.exe
  C:\Windows\System\dqtSVDD.exe
  2⤵
  PID:6088
- C:\Windows\System\vdOGRWY.exe
  C:\Windows\System\vdOGRWY.exe
  2⤵
  PID:6120
- C:\Windows\System\OfsFgpE.exe
  C:\Windows\System\OfsFgpE.exe
  2⤵
  PID:1400
- C:\Windows\System\iwLgcxK.exe
  C:\Windows\System\iwLgcxK.exe
  2⤵
  PID:5016
- C:\Windows\System\hHFpPBh.exe
  C:\Windows\System\hHFpPBh.exe
  2⤵
  PID:3988
- C:\Windows\System\JuIQCIC.exe
  C:\Windows\System\JuIQCIC.exe
  2⤵
  PID:3284
- C:\Windows\System\yBXbpEz.exe
  C:\Windows\System\yBXbpEz.exe
  2⤵
  PID:2624
- C:\Windows\System\cTuRTky.exe
  C:\Windows\System\cTuRTky.exe
  2⤵
  PID:5164
- C:\Windows\System\tHpgqRv.exe
  C:\Windows\System\tHpgqRv.exe
  2⤵
  PID:5220
- C:\Windows\System\nOLnLFQ.exe
  C:\Windows\System\nOLnLFQ.exe
  2⤵
  PID:5284
- C:\Windows\System\arnnKUE.exe
  C:\Windows\System\arnnKUE.exe
  2⤵
  PID:5364
- C:\Windows\System\ozukCkD.exe
  C:\Windows\System\ozukCkD.exe
  2⤵
  PID:5420
- C:\Windows\System\vKxLZEh.exe
  C:\Windows\System\vKxLZEh.exe
  2⤵
  PID:5480
- C:\Windows\System\ccTzmhC.exe
  C:\Windows\System\ccTzmhC.exe
  2⤵
  PID:5544
- C:\Windows\System\nKFpwcq.exe
  C:\Windows\System\nKFpwcq.exe
  2⤵
  PID:5624
- C:\Windows\System\eGWONys.exe
  C:\Windows\System\eGWONys.exe
  2⤵
  PID:5680
- C:\Windows\System\IztTACd.exe
  C:\Windows\System\IztTACd.exe
  2⤵
  PID:5772
- C:\Windows\System\UxPhDgL.exe
  C:\Windows\System\UxPhDgL.exe
  2⤵
  PID:1016
- C:\Windows\System\CFTBwRG.exe
  C:\Windows\System\CFTBwRG.exe
  2⤵
  PID:5884
- C:\Windows\System\DTYDMuY.exe
  C:\Windows\System\DTYDMuY.exe
  2⤵
  PID:5960
- C:\Windows\System\tJUFOZW.exe
  C:\Windows\System\tJUFOZW.exe
  2⤵
  PID:5996
- C:\Windows\System\OUrUJqw.exe
  C:\Windows\System\OUrUJqw.exe
  2⤵
  PID:6076
- C:\Windows\System\pjjxOYz.exe
  C:\Windows\System\pjjxOYz.exe
  2⤵
  PID:1844
- C:\Windows\System\pANHWNs.exe
  C:\Windows\System\pANHWNs.exe
  2⤵
  PID:4328
- C:\Windows\System\WjrZxjy.exe
  C:\Windows\System\WjrZxjy.exe
  2⤵
  PID:4912
- C:\Windows\System\aFOTdoh.exe
  C:\Windows\System\aFOTdoh.exe
  2⤵
  PID:1200
- C:\Windows\System\toCSLIn.exe
  C:\Windows\System\toCSLIn.exe
  2⤵
  PID:5336
- C:\Windows\System\YxZkJeR.exe
  C:\Windows\System\YxZkJeR.exe
  2⤵
  PID:5456
- C:\Windows\System\jEKerwX.exe
  C:\Windows\System\jEKerwX.exe
  2⤵
  PID:5596
- C:\Windows\System\acRBWZo.exe
  C:\Windows\System\acRBWZo.exe
  2⤵
  PID:5708
- C:\Windows\System\ZdJlkUY.exe
  C:\Windows\System\ZdJlkUY.exe
  2⤵
  PID:1124
- C:\Windows\System\iafjvNw.exe
  C:\Windows\System\iafjvNw.exe
  2⤵
  PID:5988
- C:\Windows\System\gWaQZdP.exe
  C:\Windows\System\gWaQZdP.exe
  2⤵
  PID:6128
- C:\Windows\System\AYixPDb.exe
  C:\Windows\System\AYixPDb.exe
  2⤵
  PID:1468
- C:\Windows\System\KmvZPUW.exe
  C:\Windows\System\KmvZPUW.exe
  2⤵
  PID:5280
- C:\Windows\System\wYZRSvz.exe
  C:\Windows\System\wYZRSvz.exe
  2⤵
  PID:6164
- C:\Windows\System\YhaoBDG.exe
  C:\Windows\System\YhaoBDG.exe
  2⤵
  PID:6192
- C:\Windows\System\WAhjieK.exe
  C:\Windows\System\WAhjieK.exe
  2⤵
  PID:6216
- C:\Windows\System\uhboYul.exe
  C:\Windows\System\uhboYul.exe
  2⤵
  PID:6244
- C:\Windows\System\hNYDkcI.exe
  C:\Windows\System\hNYDkcI.exe
  2⤵
  PID:6284
- C:\Windows\System\aOUBAKt.exe
  C:\Windows\System\aOUBAKt.exe
  2⤵
  PID:6312
- C:\Windows\System\wSIIzTY.exe
  C:\Windows\System\wSIIzTY.exe
  2⤵
  PID:6332
- C:\Windows\System\pVVuUxS.exe
  C:\Windows\System\pVVuUxS.exe
  2⤵
  PID:6360
- C:\Windows\System\mbZGfqB.exe
  C:\Windows\System\mbZGfqB.exe
  2⤵
  PID:6388
- C:\Windows\System\veSSBYg.exe
  C:\Windows\System\veSSBYg.exe
  2⤵
  PID:6412
- C:\Windows\System\sfpBByc.exe
  C:\Windows\System\sfpBByc.exe
  2⤵
  PID:6440
- C:\Windows\System\DovMbgm.exe
  C:\Windows\System\DovMbgm.exe
  2⤵
  PID:6472
- C:\Windows\System\zzIqTux.exe
  C:\Windows\System\zzIqTux.exe
  2⤵
  PID:6500
- C:\Windows\System\rDHNEUo.exe
  C:\Windows\System\rDHNEUo.exe
  2⤵
  PID:6532
- C:\Windows\System\CFZVbqu.exe
  C:\Windows\System\CFZVbqu.exe
  2⤵
  PID:6564
- C:\Windows\System\VtorQNh.exe
  C:\Windows\System\VtorQNh.exe
  2⤵
  PID:6584
- C:\Windows\System\YdyenKI.exe
  C:\Windows\System\YdyenKI.exe
  2⤵
  PID:6612
- C:\Windows\System\raGeYIn.exe
  C:\Windows\System\raGeYIn.exe
  2⤵
  PID:6640
- C:\Windows\System\DEpDimE.exe
  C:\Windows\System\DEpDimE.exe
  2⤵
  PID:6668
- C:\Windows\System\lDLdKKN.exe
  C:\Windows\System\lDLdKKN.exe
  2⤵
  PID:6696
- C:\Windows\System\frPHpQV.exe
  C:\Windows\System\frPHpQV.exe
  2⤵
  PID:6724
- C:\Windows\System\mzFaWBh.exe
  C:\Windows\System\mzFaWBh.exe
  2⤵
  PID:6752
- C:\Windows\System\qKmgNjj.exe
  C:\Windows\System\qKmgNjj.exe
  2⤵
  PID:6780
- C:\Windows\System\pGkvEdY.exe
  C:\Windows\System\pGkvEdY.exe
  2⤵
  PID:6808
- C:\Windows\System\RdsiDEG.exe
  C:\Windows\System\RdsiDEG.exe
  2⤵
  PID:6836
- C:\Windows\System\ObEpUii.exe
  C:\Windows\System\ObEpUii.exe
  2⤵
  PID:6864
- C:\Windows\System\FnDXJCK.exe
  C:\Windows\System\FnDXJCK.exe
  2⤵
  PID:6888
- C:\Windows\System\lNuGveu.exe
  C:\Windows\System\lNuGveu.exe
  2⤵
  PID:6916
- C:\Windows\System\wzXOqye.exe
  C:\Windows\System\wzXOqye.exe
  2⤵
  PID:6944
- C:\Windows\System\sDlXEEj.exe
  C:\Windows\System\sDlXEEj.exe
  2⤵
  PID:6972
- C:\Windows\System\CEExphb.exe
  C:\Windows\System\CEExphb.exe
  2⤵
  PID:7000
- C:\Windows\System\AaNZKUN.exe
  C:\Windows\System\AaNZKUN.exe
  2⤵
  PID:7028
- C:\Windows\System\dVgtbiH.exe
  C:\Windows\System\dVgtbiH.exe
  2⤵
  PID:7056
- C:\Windows\System\drefIbA.exe
  C:\Windows\System\drefIbA.exe
  2⤵
  PID:7084
- C:\Windows\System\uBbMawz.exe
  C:\Windows\System\uBbMawz.exe
  2⤵
  PID:7116
- C:\Windows\System\MYaLpcY.exe
  C:\Windows\System\MYaLpcY.exe
  2⤵
  PID:7144
- C:\Windows\System\SxqFzBt.exe
  C:\Windows\System\SxqFzBt.exe
  2⤵
  PID:5400
- C:\Windows\System\WIeLpyL.exe
  C:\Windows\System\WIeLpyL.exe
  2⤵
  PID:5656
- C:\Windows\System\diyVKiS.exe
  C:\Windows\System\diyVKiS.exe
  2⤵
  PID:6176
- C:\Windows\System\CvNPWVx.exe
  C:\Windows\System\CvNPWVx.exe
  2⤵
  PID:6232
- C:\Windows\System\cwNQcxW.exe
  C:\Windows\System\cwNQcxW.exe
  2⤵
  PID:3836
- C:\Windows\System\bIbLHBt.exe
  C:\Windows\System\bIbLHBt.exe
  2⤵
  PID:3716
- C:\Windows\System\ZcPsnPh.exe
  C:\Windows\System\ZcPsnPh.exe
  2⤵
  PID:6324
- C:\Windows\System\RQbFRXO.exe
  C:\Windows\System\RQbFRXO.exe
  2⤵
  PID:6352
- C:\Windows\System\RikAAlA.exe
  C:\Windows\System\RikAAlA.exe
  2⤵
  PID:6404
- C:\Windows\System\tysFjxh.exe
  C:\Windows\System\tysFjxh.exe
  2⤵
  PID:6436
- C:\Windows\System\osWvpTo.exe
  C:\Windows\System\osWvpTo.exe
  2⤵
  PID:4000
- C:\Windows\System\yLhHOkf.exe
  C:\Windows\System\yLhHOkf.exe
  2⤵
  PID:6556
- C:\Windows\System\XNOFfkw.exe
  C:\Windows\System\XNOFfkw.exe
  2⤵
  PID:6600
- C:\Windows\System\AaRUVOc.exe
  C:\Windows\System\AaRUVOc.exe
  2⤵
  PID:6652
- C:\Windows\System\YFHCllT.exe
  C:\Windows\System\YFHCllT.exe
  2⤵
  PID:6684
- C:\Windows\System\ZgNymuy.exe
  C:\Windows\System\ZgNymuy.exe
  2⤵
  PID:6736
- C:\Windows\System\XdJVgEi.exe
  C:\Windows\System\XdJVgEi.exe
  2⤵
  PID:6792
- C:\Windows\System\nHXjxgg.exe
  C:\Windows\System\nHXjxgg.exe
  2⤵
  PID:6828
- C:\Windows\System\PEkHigZ.exe
  C:\Windows\System\PEkHigZ.exe
  2⤵
  PID:3412
- C:\Windows\System\FZZcnvr.exe
  C:\Windows\System\FZZcnvr.exe
  2⤵
  PID:6904
- C:\Windows\System\ulTxnqd.exe
  C:\Windows\System\ulTxnqd.exe
  2⤵
  PID:6936
- C:\Windows\System\vBIYBYC.exe
  C:\Windows\System\vBIYBYC.exe
  2⤵
  PID:4376
- C:\Windows\System\yeoWVga.exe
  C:\Windows\System\yeoWVga.exe
  2⤵
  PID:7020
- C:\Windows\System\ZQzGcgL.exe
  C:\Windows\System\ZQzGcgL.exe
  2⤵
  PID:7052
- C:\Windows\System\gleEigJ.exe
  C:\Windows\System\gleEigJ.exe
  2⤵
  PID:7072
- C:\Windows\System\pdAOaFT.exe
  C:\Windows\System\pdAOaFT.exe
  2⤵
  PID:7076
- C:\Windows\System\SFnxOFm.exe
  C:\Windows\System\SFnxOFm.exe
  2⤵
  PID:7104
- C:\Windows\System\ZxpUrpF.exe
  C:\Windows\System\ZxpUrpF.exe
  2⤵
  PID:7132
- C:\Windows\System\reiZita.exe
  C:\Windows\System\reiZita.exe
  2⤵
  PID:4232
- C:\Windows\System\MpBZMUI.exe
  C:\Windows\System\MpBZMUI.exe
  2⤵
  PID:2128
- C:\Windows\System\niUUrST.exe
  C:\Windows\System\niUUrST.exe
  2⤵
  PID:5536
- C:\Windows\System\CGlYPYW.exe
  C:\Windows\System\CGlYPYW.exe
  2⤵
  PID:4140
- C:\Windows\System\OujoHYY.exe
  C:\Windows\System\OujoHYY.exe
  2⤵
  PID:1732
- C:\Windows\System\ATKPLgn.exe
  C:\Windows\System\ATKPLgn.exe
  2⤵
  PID:3352
- C:\Windows\System\qScIXVU.exe
  C:\Windows\System\qScIXVU.exe
  2⤵
  PID:620
- C:\Windows\System\grLDsxU.exe
  C:\Windows\System\grLDsxU.exe
  2⤵
  PID:6264
- C:\Windows\System\sTDSsqk.exe
  C:\Windows\System\sTDSsqk.exe
  2⤵
  PID:6460
- C:\Windows\System\uPnMIRg.exe
  C:\Windows\System\uPnMIRg.exe
  2⤵
  PID:6432
- C:\Windows\System\GwltBSe.exe
  C:\Windows\System\GwltBSe.exe
  2⤵
  PID:6400
- C:\Windows\System\NVRYtQz.exe
  C:\Windows\System\NVRYtQz.exe
  2⤵
  PID:2076
- C:\Windows\System\AnLfUqj.exe
  C:\Windows\System\AnLfUqj.exe
  2⤵
  PID:6632
- C:\Windows\System\NksgjyM.exe
  C:\Windows\System\NksgjyM.exe
  2⤵
  PID:6488
- C:\Windows\System\MSbLggv.exe
  C:\Windows\System\MSbLggv.exe
  2⤵
  PID:6772
- C:\Windows\System\STkMgyJ.exe
  C:\Windows\System\STkMgyJ.exe
  2⤵
  PID:6680
- C:\Windows\System\YncaPRO.exe
  C:\Windows\System\YncaPRO.exe
  2⤵
  PID:6932
- C:\Windows\System\SUsQNic.exe
  C:\Windows\System\SUsQNic.exe
  2⤵
  PID:6968
- C:\Windows\System\YoRGWBk.exe
  C:\Windows\System\YoRGWBk.exe
  2⤵
  PID:7016
- C:\Windows\System\XlvTJfX.exe
  C:\Windows\System\XlvTJfX.exe
  2⤵
  PID:4496
- C:\Windows\System\UWqmMEj.exe
  C:\Windows\System\UWqmMEj.exe
  2⤵
  PID:2516
- C:\Windows\System\rSSyjjZ.exe
  C:\Windows\System\rSSyjjZ.exe
  2⤵
  PID:1588
- C:\Windows\System\LVNCPwh.exe
  C:\Windows\System\LVNCPwh.exe
  2⤵
  PID:388
- C:\Windows\System\hyuVvMd.exe
  C:\Windows\System\hyuVvMd.exe
  2⤵
  PID:3512
- C:\Windows\System\OzxTAnm.exe
  C:\Windows\System\OzxTAnm.exe
  2⤵
  PID:6380
- C:\Windows\System\eaWUmCW.exe
  C:\Windows\System\eaWUmCW.exe
  2⤵
  PID:6712
- C:\Windows\System\aOkcvUC.exe
  C:\Windows\System\aOkcvUC.exe
  2⤵
  PID:6880
- C:\Windows\System\RrlVYGD.exe
  C:\Windows\System\RrlVYGD.exe
  2⤵
  PID:7196
- C:\Windows\System\qHsyrrZ.exe
  C:\Windows\System\qHsyrrZ.exe
  2⤵
  PID:7216
- C:\Windows\System\bIuZRXi.exe
  C:\Windows\System\bIuZRXi.exe
  2⤵
  PID:7236
- C:\Windows\System\OToEXKE.exe
  C:\Windows\System\OToEXKE.exe
  2⤵
  PID:7260
- C:\Windows\System\pylegYX.exe
  C:\Windows\System\pylegYX.exe
  2⤵
  PID:7280
- C:\Windows\System\oWJUEdz.exe
  C:\Windows\System\oWJUEdz.exe
  2⤵
  PID:7304
- C:\Windows\System\uUycFdt.exe
  C:\Windows\System\uUycFdt.exe
  2⤵
  PID:7328
- C:\Windows\System\NeiXDog.exe
  C:\Windows\System\NeiXDog.exe
  2⤵
  PID:7356
- C:\Windows\System\TKWIGdV.exe
  C:\Windows\System\TKWIGdV.exe
  2⤵
  PID:7380
- C:\Windows\System\SMYkWpR.exe
  C:\Windows\System\SMYkWpR.exe
  2⤵
  PID:7400
- C:\Windows\System\AsQPidL.exe
  C:\Windows\System\AsQPidL.exe
  2⤵
  PID:7424
- C:\Windows\System\MyKLHsc.exe
  C:\Windows\System\MyKLHsc.exe
  2⤵
  PID:7448
- C:\Windows\System\nXihHtL.exe
  C:\Windows\System\nXihHtL.exe
  2⤵
  PID:7568
- C:\Windows\System\JeaYHMt.exe
  C:\Windows\System\JeaYHMt.exe
  2⤵
  PID:7588
- C:\Windows\System\hbDmeyt.exe
  C:\Windows\System\hbDmeyt.exe
  2⤵
  PID:7612
- C:\Windows\System\gepMlst.exe
  C:\Windows\System\gepMlst.exe
  2⤵
  PID:7692
- C:\Windows\System\sNOrMbQ.exe
  C:\Windows\System\sNOrMbQ.exe
  2⤵
  PID:7868
- C:\Windows\System\XvEFffe.exe
  C:\Windows\System\XvEFffe.exe
  2⤵
  PID:7900
- C:\Windows\System\JZzJEHN.exe
  C:\Windows\System\JZzJEHN.exe
  2⤵
  PID:7956
- C:\Windows\System\cnueZRo.exe
  C:\Windows\System\cnueZRo.exe
  2⤵
  PID:7976
- C:\Windows\System\YWvTwDK.exe
  C:\Windows\System\YWvTwDK.exe
  2⤵
  PID:8012
- C:\Windows\System\nLQcUII.exe
  C:\Windows\System\nLQcUII.exe
  2⤵
  PID:8044
- C:\Windows\System\FZFlwGD.exe
  C:\Windows\System\FZFlwGD.exe
  2⤵
  PID:8080
- C:\Windows\System\QAbiNrU.exe
  C:\Windows\System\QAbiNrU.exe
  2⤵
  PID:8108
- C:\Windows\System\aEfcAxD.exe
  C:\Windows\System\aEfcAxD.exe
  2⤵
  PID:8128
- C:\Windows\System\XKViPXB.exe
  C:\Windows\System\XKViPXB.exe
  2⤵
  PID:8148
- C:\Windows\System\bKdMgKN.exe
  C:\Windows\System\bKdMgKN.exe
  2⤵
  PID:8188
- C:\Windows\System\MDHjNGZ.exe
  C:\Windows\System\MDHjNGZ.exe
  2⤵
  PID:4468
- C:\Windows\System\DIDsyrl.exe
  C:\Windows\System\DIDsyrl.exe
  2⤵
  PID:1236
- C:\Windows\System\MISrrfQ.exe
  C:\Windows\System\MISrrfQ.exe
  2⤵
  PID:7208
- C:\Windows\System\abucHwe.exe
  C:\Windows\System\abucHwe.exe
  2⤵
  PID:2480
- C:\Windows\System\wCGKdww.exe
  C:\Windows\System\wCGKdww.exe
  2⤵
  PID:6820
- C:\Windows\System\QLvwfGB.exe
  C:\Windows\System\QLvwfGB.exe
  2⤵
  PID:3556
- C:\Windows\System\DlBXgCW.exe
  C:\Windows\System\DlBXgCW.exe
  2⤵
  PID:7244
- C:\Windows\System\eYIRKrt.exe
  C:\Windows\System\eYIRKrt.exe
  2⤵
  PID:7288
- C:\Windows\System\EyNlbJj.exe
  C:\Windows\System\EyNlbJj.exe
  2⤵
  PID:7396
- C:\Windows\System\jSLdTya.exe
  C:\Windows\System\jSLdTya.exe
  2⤵
  PID:7524
- C:\Windows\System\uOIWENX.exe
  C:\Windows\System\uOIWENX.exe
  2⤵
  PID:7580
- C:\Windows\System\rnyyooT.exe
  C:\Windows\System\rnyyooT.exe
  2⤵
  PID:7684
- C:\Windows\System\htmsYip.exe
  C:\Windows\System\htmsYip.exe
  2⤵
  PID:7760
- C:\Windows\System\WKMdjYu.exe
  C:\Windows\System\WKMdjYu.exe
  2⤵
  PID:7796
- C:\Windows\System\JUVxLoo.exe
  C:\Windows\System\JUVxLoo.exe
  2⤵
  PID:7968
- C:\Windows\System\mHgAtYX.exe
  C:\Windows\System\mHgAtYX.exe
  2⤵
  PID:7952
- C:\Windows\System\ZCIVaQL.exe
  C:\Windows\System\ZCIVaQL.exe
  2⤵
  PID:8028
- C:\Windows\System\wDTypFP.exe
  C:\Windows\System\wDTypFP.exe
  2⤵
  PID:8140
- C:\Windows\System\HCyDTwG.exe
  C:\Windows\System\HCyDTwG.exe
  2⤵
  PID:8176
- C:\Windows\System\fZsozJR.exe
  C:\Windows\System\fZsozJR.exe
  2⤵
  PID:2216
- C:\Windows\System\mnpccdp.exe
  C:\Windows\System\mnpccdp.exe
  2⤵
  PID:7440
- C:\Windows\System\ArwXRdL.exe
  C:\Windows\System\ArwXRdL.exe
  2⤵
  PID:7228
- C:\Windows\System\jpeLwvH.exe
  C:\Windows\System\jpeLwvH.exe
  2⤵
  PID:7456
- C:\Windows\System\okmAriM.exe
  C:\Windows\System\okmAriM.exe
  2⤵
  PID:7908
- C:\Windows\System\iWNCQZX.exe
  C:\Windows\System\iWNCQZX.exe
  2⤵
  PID:7820
- C:\Windows\System\xjDYUXG.exe
  C:\Windows\System\xjDYUXG.exe
  2⤵
  PID:8036
- C:\Windows\System\UxTTxKP.exe
  C:\Windows\System\UxTTxKP.exe
  2⤵
  PID:8144
- C:\Windows\System\xLChmgB.exe
  C:\Windows\System\xLChmgB.exe
  2⤵
  PID:3356
- C:\Windows\System\bCEjSHO.exe
  C:\Windows\System\bCEjSHO.exe
  2⤵
  PID:7388
- C:\Windows\System\iDZlWlo.exe
  C:\Windows\System\iDZlWlo.exe
  2⤵
  PID:7832
- C:\Windows\System\wupMGvb.exe
  C:\Windows\System\wupMGvb.exe
  2⤵
  PID:3712
- C:\Windows\System\gGcizWn.exe
  C:\Windows\System\gGcizWn.exe
  2⤵
  PID:7788
- C:\Windows\System\AQBtzLh.exe
  C:\Windows\System\AQBtzLh.exe
  2⤵
  PID:8200
- C:\Windows\System\qkDXDLv.exe
  C:\Windows\System\qkDXDLv.exe
  2⤵
  PID:8248
- C:\Windows\System\SESFInV.exe
  C:\Windows\System\SESFInV.exe
  2⤵
  PID:8268
- C:\Windows\System\TbLOUiu.exe
  C:\Windows\System\TbLOUiu.exe
  2⤵
  PID:8308
- C:\Windows\System\NuzwgZU.exe
  C:\Windows\System\NuzwgZU.exe
  2⤵
  PID:8332
- C:\Windows\System\MqSFwtW.exe
  C:\Windows\System\MqSFwtW.exe
  2⤵
  PID:8352
- C:\Windows\System\eMkMnLJ.exe
  C:\Windows\System\eMkMnLJ.exe
  2⤵
  PID:8372
- C:\Windows\System\yEMgQso.exe
  C:\Windows\System\yEMgQso.exe
  2⤵
  PID:8396
- C:\Windows\System\qaZZXZd.exe
  C:\Windows\System\qaZZXZd.exe
  2⤵
  PID:8444
- C:\Windows\System\LbYXTWC.exe
  C:\Windows\System\LbYXTWC.exe
  2⤵
  PID:8468
- C:\Windows\System\kjHLnte.exe
  C:\Windows\System\kjHLnte.exe
  2⤵
  PID:8484
- C:\Windows\System\yfqrrbX.exe
  C:\Windows\System\yfqrrbX.exe
  2⤵
  PID:8512
- C:\Windows\System\aAsUcQO.exe
  C:\Windows\System\aAsUcQO.exe
  2⤵
  PID:8540
- C:\Windows\System\NAkNSDx.exe
  C:\Windows\System\NAkNSDx.exe
  2⤵
  PID:8564
- C:\Windows\System\AxOqyRS.exe
  C:\Windows\System\AxOqyRS.exe
  2⤵
  PID:8588
- C:\Windows\System\ykbzFJN.exe
  C:\Windows\System\ykbzFJN.exe
  2⤵
  PID:8620
- C:\Windows\System\OOTWbUk.exe
  C:\Windows\System\OOTWbUk.exe
  2⤵
  PID:8644
- C:\Windows\System\jGGuvBq.exe
  C:\Windows\System\jGGuvBq.exe
  2⤵
  PID:8668
- C:\Windows\System\JPYthZv.exe
  C:\Windows\System\JPYthZv.exe
  2⤵
  PID:8688
- C:\Windows\System\JUDbRbr.exe
  C:\Windows\System\JUDbRbr.exe
  2⤵
  PID:8720
- C:\Windows\System\IOqqHVD.exe
  C:\Windows\System\IOqqHVD.exe
  2⤵
  PID:8736
- C:\Windows\System\PSZFelm.exe
  C:\Windows\System\PSZFelm.exe
  2⤵
  PID:8776
- C:\Windows\System\juIAZFo.exe
  C:\Windows\System\juIAZFo.exe
  2⤵
  PID:8808
- C:\Windows\System\nXXlktM.exe
  C:\Windows\System\nXXlktM.exe
  2⤵
  PID:8828
- C:\Windows\System\olfFIwE.exe
  C:\Windows\System\olfFIwE.exe
  2⤵
  PID:8872
- C:\Windows\System\UvgqPGl.exe
  C:\Windows\System\UvgqPGl.exe
  2⤵
  PID:8888
- C:\Windows\System\XBgzWGP.exe
  C:\Windows\System\XBgzWGP.exe
  2⤵
  PID:8912
- C:\Windows\System\oFQdnur.exe
  C:\Windows\System\oFQdnur.exe
  2⤵
  PID:8948
- C:\Windows\System\qphVhma.exe
  C:\Windows\System\qphVhma.exe
  2⤵
  PID:8976
- C:\Windows\System\CQbSoWQ.exe
  C:\Windows\System\CQbSoWQ.exe
  2⤵
  PID:9016
- C:\Windows\System\qGzFBOl.exe
  C:\Windows\System\qGzFBOl.exe
  2⤵
  PID:9052
- C:\Windows\System\MxrPUOx.exe
  C:\Windows\System\MxrPUOx.exe
  2⤵
  PID:9072
- C:\Windows\System\mSEsmCz.exe
  C:\Windows\System\mSEsmCz.exe
  2⤵
  PID:9104
- C:\Windows\System\ARgKGWc.exe
  C:\Windows\System\ARgKGWc.exe
  2⤵
  PID:9124
- C:\Windows\System\bHuBCDP.exe
  C:\Windows\System\bHuBCDP.exe
  2⤵
  PID:9144
- C:\Windows\System\zaLrJAH.exe
  C:\Windows\System\zaLrJAH.exe
  2⤵
  PID:9176
- C:\Windows\System\xXLhNfg.exe
  C:\Windows\System\xXLhNfg.exe
  2⤵
  PID:7296
- C:\Windows\System\YNkWrhj.exe
  C:\Windows\System\YNkWrhj.exe
  2⤵
  PID:8256
- C:\Windows\System\skaZDIN.exe
  C:\Windows\System\skaZDIN.exe
  2⤵
  PID:8340
- C:\Windows\System\nWVQkOr.exe
  C:\Windows\System\nWVQkOr.exe
  2⤵
  PID:8392
- C:\Windows\System\SmxRSKv.exe
  C:\Windows\System\SmxRSKv.exe
  2⤵
  PID:8436
- C:\Windows\System\CQfMzHr.exe
  C:\Windows\System\CQfMzHr.exe
  2⤵
  PID:8508
- C:\Windows\System\dTLbtWM.exe
  C:\Windows\System\dTLbtWM.exe
  2⤵
  PID:8556
- C:\Windows\System\LbzIfwA.exe
  C:\Windows\System\LbzIfwA.exe
  2⤵
  PID:8604
- C:\Windows\System\yOfCNJk.exe
  C:\Windows\System\yOfCNJk.exe
  2⤵
  PID:8704
- C:\Windows\System\PiwTGVC.exe
  C:\Windows\System\PiwTGVC.exe
  2⤵
  PID:8768
- C:\Windows\System\yLmcKYt.exe
  C:\Windows\System\yLmcKYt.exe
  2⤵
  PID:8864
- C:\Windows\System\wHorBxr.exe
  C:\Windows\System\wHorBxr.exe
  2⤵
  PID:8884
- C:\Windows\System\PuCuqdx.exe
  C:\Windows\System\PuCuqdx.exe
  2⤵
  PID:8956
- C:\Windows\System\LITJttm.exe
  C:\Windows\System\LITJttm.exe
  2⤵
  PID:8968
- C:\Windows\System\xovocIP.exe
  C:\Windows\System\xovocIP.exe
  2⤵
  PID:9152
- C:\Windows\System\mFTrums.exe
  C:\Windows\System\mFTrums.exe
  2⤵
  PID:7556
- C:\Windows\System\gYIuwAE.exe
  C:\Windows\System\gYIuwAE.exe
  2⤵
  PID:8264
- C:\Windows\System\LsBIrAe.exe
  C:\Windows\System\LsBIrAe.exe
  2⤵
  PID:8480
- C:\Windows\System\XprahrE.exe
  C:\Windows\System\XprahrE.exe
  2⤵
  PID:8552
- C:\Windows\System\EINkKAO.exe
  C:\Windows\System\EINkKAO.exe
  2⤵
  PID:8684
- C:\Windows\System\YvVyVaT.exe
  C:\Windows\System\YvVyVaT.exe
  2⤵
  PID:8820
- C:\Windows\System\nRVaAIQ.exe
  C:\Windows\System\nRVaAIQ.exe
  2⤵
  PID:8920
- C:\Windows\System\gGfkBxw.exe
  C:\Windows\System\gGfkBxw.exe
  2⤵
  PID:8324
- C:\Windows\System\lgLYECM.exe
  C:\Windows\System\lgLYECM.exe
  2⤵
  PID:8456
- C:\Windows\System\claXyWc.exe
  C:\Windows\System\claXyWc.exe
  2⤵
  PID:8824
- C:\Windows\System\sRvHtdU.exe
  C:\Windows\System\sRvHtdU.exe
  2⤵
  PID:8944
- C:\Windows\System\hhzRJdL.exe
  C:\Windows\System\hhzRJdL.exe
  2⤵
  PID:8788
- C:\Windows\System\BBveRGZ.exe
  C:\Windows\System\BBveRGZ.exe
  2⤵
  PID:9232
- C:\Windows\System\VuSRlft.exe
  C:\Windows\System\VuSRlft.exe
  2⤵
  PID:9252
- C:\Windows\System\JgEDmmO.exe
  C:\Windows\System\JgEDmmO.exe
  2⤵
  PID:9280
- C:\Windows\System\PspvdGb.exe
  C:\Windows\System\PspvdGb.exe
  2⤵
  PID:9304
- C:\Windows\System\HJwzSpU.exe
  C:\Windows\System\HJwzSpU.exe
  2⤵
  PID:9344
- C:\Windows\System\nguSiBW.exe
  C:\Windows\System\nguSiBW.exe
  2⤵
  PID:9456
- C:\Windows\System\IErGatt.exe
  C:\Windows\System\IErGatt.exe
  2⤵
  PID:9472
- C:\Windows\System\pYjlIjS.exe
  C:\Windows\System\pYjlIjS.exe
  2⤵
  PID:9488
- C:\Windows\System\tpPkRuu.exe
  C:\Windows\System\tpPkRuu.exe
  2⤵
  PID:9504
- C:\Windows\System\WgCZdhR.exe
  C:\Windows\System\WgCZdhR.exe
  2⤵
  PID:9520
- C:\Windows\System\IqCCFlW.exe
  C:\Windows\System\IqCCFlW.exe
  2⤵
  PID:9536
- C:\Windows\System\bPLbNfB.exe
  C:\Windows\System\bPLbNfB.exe
  2⤵
  PID:9552
- C:\Windows\System\nLEFExW.exe
  C:\Windows\System\nLEFExW.exe
  2⤵
  PID:9568
- C:\Windows\System\GgtvKqm.exe
  C:\Windows\System\GgtvKqm.exe
  2⤵
  PID:9584
- C:\Windows\System\AiqTYjQ.exe
  C:\Windows\System\AiqTYjQ.exe
  2⤵
  PID:9600
- C:\Windows\System\MrWGNxM.exe
  C:\Windows\System\MrWGNxM.exe
  2⤵
  PID:9620
- C:\Windows\System\kobIOLW.exe
  C:\Windows\System\kobIOLW.exe
  2⤵
  PID:9636
- C:\Windows\System\slBOdaY.exe
  C:\Windows\System\slBOdaY.exe
  2⤵
  PID:9656
- C:\Windows\System\VCpektr.exe
  C:\Windows\System\VCpektr.exe
  2⤵
  PID:9752
- C:\Windows\System\yXDnJgQ.exe
  C:\Windows\System\yXDnJgQ.exe
  2⤵
  PID:9808
- C:\Windows\System\XzXzozC.exe
  C:\Windows\System\XzXzozC.exe
  2⤵
  PID:9840
- C:\Windows\System\ofXvFCN.exe
  C:\Windows\System\ofXvFCN.exe
  2⤵
  PID:9872
- C:\Windows\System\JHiolZf.exe
  C:\Windows\System\JHiolZf.exe
  2⤵
  PID:9932
- C:\Windows\System\Vyviozj.exe
  C:\Windows\System\Vyviozj.exe
  2⤵
  PID:9968
- C:\Windows\System\AVRJuyq.exe
  C:\Windows\System\AVRJuyq.exe
  2⤵
  PID:10020
- C:\Windows\System\IPJdwkb.exe
  C:\Windows\System\IPJdwkb.exe
  2⤵
  PID:10040
- C:\Windows\System\qlEURMt.exe
  C:\Windows\System\qlEURMt.exe
  2⤵
  PID:10072
- C:\Windows\System\kepffSN.exe
  C:\Windows\System\kepffSN.exe
  2⤵
  PID:10100
- C:\Windows\System\aumszdI.exe
  C:\Windows\System\aumszdI.exe
  2⤵
  PID:10116
- C:\Windows\System\KfzClvc.exe
  C:\Windows\System\KfzClvc.exe
  2⤵
  PID:10136
- C:\Windows\System\zjUxmNg.exe
  C:\Windows\System\zjUxmNg.exe
  2⤵
  PID:10184
- C:\Windows\System\OXtPotG.exe
  C:\Windows\System\OXtPotG.exe
  2⤵
  PID:10204
- C:\Windows\System\VITtjHo.exe
  C:\Windows\System\VITtjHo.exe
  2⤵
  PID:10228
- C:\Windows\System\PIhqdLo.exe
  C:\Windows\System\PIhqdLo.exe
  2⤵
  PID:8696
- C:\Windows\System\igkkxIz.exe
  C:\Windows\System\igkkxIz.exe
  2⤵
  PID:9288
- C:\Windows\System\mFvjSMh.exe
  C:\Windows\System\mFvjSMh.exe
  2⤵
  PID:9324
- C:\Windows\System\lQeFbLV.exe
  C:\Windows\System\lQeFbLV.exe
  2⤵
  PID:9468
- C:\Windows\System\LucjNZh.exe
  C:\Windows\System\LucjNZh.exe
  2⤵
  PID:9564
- C:\Windows\System\kWvJauj.exe
  C:\Windows\System\kWvJauj.exe
  2⤵
  PID:9648
- C:\Windows\System\ogrByGY.exe
  C:\Windows\System\ogrByGY.exe
  2⤵
  PID:9696
- C:\Windows\System\MsDEpPw.exe
  C:\Windows\System\MsDEpPw.exe
  2⤵
  PID:9392
- C:\Windows\System\QmNKbBL.exe
  C:\Windows\System\QmNKbBL.exe
  2⤵
  PID:9672
- C:\Windows\System\sQrjkXq.exe
  C:\Windows\System\sQrjkXq.exe
  2⤵
  PID:9712
- C:\Windows\System\RLHdbNI.exe
  C:\Windows\System\RLHdbNI.exe
  2⤵
  PID:9852
- C:\Windows\System\yoHmeLK.exe
  C:\Windows\System\yoHmeLK.exe
  2⤵
  PID:9900
- C:\Windows\System\EBwLGIU.exe
  C:\Windows\System\EBwLGIU.exe
  2⤵
  PID:9920
- C:\Windows\System\cdldTQV.exe
  C:\Windows\System\cdldTQV.exe
  2⤵
  PID:9904
- C:\Windows\System\RZKdyTI.exe
  C:\Windows\System\RZKdyTI.exe
  2⤵
  PID:10064
- C:\Windows\System\ezxGgMu.exe
  C:\Windows\System\ezxGgMu.exe
  2⤵
  PID:10096
- C:\Windows\System\lVdYdre.exe
  C:\Windows\System\lVdYdre.exe
  2⤵
  PID:10196
- C:\Windows\System\UnCCmdg.exe
  C:\Windows\System\UnCCmdg.exe
  2⤵
  PID:9248
- C:\Windows\System\svAWfpQ.exe
  C:\Windows\System\svAWfpQ.exe
  2⤵
  PID:9260
- C:\Windows\System\UbGghKj.exe
  C:\Windows\System\UbGghKj.exe
  2⤵
  PID:9616
- C:\Windows\System\wOGasXO.exe
  C:\Windows\System\wOGasXO.exe
  2⤵
  PID:9684
- C:\Windows\System\SxyBXks.exe
  C:\Windows\System\SxyBXks.exe
  2⤵
  PID:9484
- C:\Windows\System\zqfPSiu.exe
  C:\Windows\System\zqfPSiu.exe
  2⤵
  PID:9480
- C:\Windows\System\zMVtzHA.exe
  C:\Windows\System\zMVtzHA.exe
  2⤵
  PID:10048
- C:\Windows\System\OnRGNal.exe
  C:\Windows\System\OnRGNal.exe
  2⤵
  PID:10112
- C:\Windows\System\uMrzdUf.exe
  C:\Windows\System\uMrzdUf.exe
  2⤵
  PID:10220
- C:\Windows\System\VnJyTtf.exe
  C:\Windows\System\VnJyTtf.exe
  2⤵
  PID:9356
- C:\Windows\System\rTSCZnE.exe
  C:\Windows\System\rTSCZnE.exe
  2⤵
  PID:9688
- C:\Windows\System\rqweqXf.exe
  C:\Windows\System\rqweqXf.exe
  2⤵
  PID:10092
- C:\Windows\System\fLyvzyA.exe
  C:\Windows\System\fLyvzyA.exe
  2⤵
  PID:9676
- C:\Windows\System\hoIcIwp.exe
  C:\Windows\System\hoIcIwp.exe
  2⤵
  PID:9380
- C:\Windows\System\evToIkC.exe
  C:\Windows\System\evToIkC.exe
  2⤵
  PID:10268
- C:\Windows\System\PwEBVNA.exe
  C:\Windows\System\PwEBVNA.exe
  2⤵
  PID:10288
- C:\Windows\System\iFPhiEf.exe
  C:\Windows\System\iFPhiEf.exe
  2⤵
  PID:10316
- C:\Windows\System\DpBqhFA.exe
  C:\Windows\System\DpBqhFA.exe
  2⤵
  PID:10344
- C:\Windows\System\lxzikMb.exe
  C:\Windows\System\lxzikMb.exe
  2⤵
  PID:10364
- C:\Windows\System\WwoTUOl.exe
  C:\Windows\System\WwoTUOl.exe
  2⤵
  PID:10384
- C:\Windows\System\YJSXuzo.exe
  C:\Windows\System\YJSXuzo.exe
  2⤵
  PID:10424
- C:\Windows\System\lIZpBGc.exe
  C:\Windows\System\lIZpBGc.exe
  2⤵
  PID:10448
- C:\Windows\System\UokMIOu.exe
  C:\Windows\System\UokMIOu.exe
  2⤵
  PID:10468
- C:\Windows\System\PiNDdvA.exe
  C:\Windows\System\PiNDdvA.exe
  2⤵
  PID:10504
- C:\Windows\System\DPTsHLj.exe
  C:\Windows\System\DPTsHLj.exe
  2⤵
  PID:10528
- C:\Windows\System\ifQjgfa.exe
  C:\Windows\System\ifQjgfa.exe
  2⤵
  PID:10560
- C:\Windows\System\TlqeKCy.exe
  C:\Windows\System\TlqeKCy.exe
  2⤵
  PID:10584
- C:\Windows\System\EmFSPhL.exe
  C:\Windows\System\EmFSPhL.exe
  2⤵
  PID:10632
- C:\Windows\System\iTiKjxb.exe
  C:\Windows\System\iTiKjxb.exe
  2⤵
  PID:10652
- C:\Windows\System\uMKFdkj.exe
  C:\Windows\System\uMKFdkj.exe
  2⤵
  PID:10684
- C:\Windows\System\Svhpifn.exe
  C:\Windows\System\Svhpifn.exe
  2⤵
  PID:10708
- C:\Windows\System\zUVSQJH.exe
  C:\Windows\System\zUVSQJH.exe
  2⤵
  PID:10740
- C:\Windows\System\RQkcpct.exe
  C:\Windows\System\RQkcpct.exe
  2⤵
  PID:10764
- C:\Windows\System\vbPBnII.exe
  C:\Windows\System\vbPBnII.exe
  2⤵
  PID:10792
- C:\Windows\System\QENuMHO.exe
  C:\Windows\System\QENuMHO.exe
  2⤵
  PID:10812
- C:\Windows\System\NmLWvql.exe
  C:\Windows\System\NmLWvql.exe
  2⤵
  PID:10836
- C:\Windows\System\EkgfWSb.exe
  C:\Windows\System\EkgfWSb.exe
  2⤵
  PID:10892
- C:\Windows\System\xwlWfgU.exe
  C:\Windows\System\xwlWfgU.exe
  2⤵
  PID:10912
- C:\Windows\System\RiUvlMP.exe
  C:\Windows\System\RiUvlMP.exe
  2⤵
  PID:10932
- C:\Windows\System\EdhGXGd.exe
  C:\Windows\System\EdhGXGd.exe
  2⤵
  PID:10980
- C:\Windows\System\XaPEPab.exe
  C:\Windows\System\XaPEPab.exe
  2⤵
  PID:11000
- C:\Windows\System\ofLfDHC.exe
  C:\Windows\System\ofLfDHC.exe
  2⤵
  PID:11024
- C:\Windows\System\ZOomWAj.exe
  C:\Windows\System\ZOomWAj.exe
  2⤵
  PID:11052
- C:\Windows\System\UHYGFhc.exe
  C:\Windows\System\UHYGFhc.exe
  2⤵
  PID:11088
- C:\Windows\System\kTaNXpj.exe
  C:\Windows\System\kTaNXpj.exe
  2⤵
  PID:11128
- C:\Windows\System\dpRTzDB.exe
  C:\Windows\System\dpRTzDB.exe
  2⤵
  PID:11156
- C:\Windows\System\emXpACe.exe
  C:\Windows\System\emXpACe.exe
  2⤵
  PID:11172
- C:\Windows\System\xqEVCFB.exe
  C:\Windows\System\xqEVCFB.exe
  2⤵
  PID:11204
- C:\Windows\System\GQjrdSw.exe
  C:\Windows\System\GQjrdSw.exe
  2⤵
  PID:11236
- C:\Windows\System\kbWzFiN.exe
  C:\Windows\System\kbWzFiN.exe
  2⤵
  PID:10224
- C:\Windows\System\KKpJNyE.exe
  C:\Windows\System\KKpJNyE.exe
  2⤵
  PID:10296
- C:\Windows\System\gebPlrz.exe
  C:\Windows\System\gebPlrz.exe
  2⤵
  PID:10360
- C:\Windows\System\QUioHcj.exe
  C:\Windows\System\QUioHcj.exe
  2⤵
  PID:10412
- C:\Windows\System\ZdPkFPR.exe
  C:\Windows\System\ZdPkFPR.exe
  2⤵
  PID:10460
- C:\Windows\System\FBaIDxw.exe
  C:\Windows\System\FBaIDxw.exe
  2⤵
  PID:10492
- C:\Windows\System\CinEWGu.exe
  C:\Windows\System\CinEWGu.exe
  2⤵
  PID:10604
- C:\Windows\System\EaScEXC.exe
  C:\Windows\System\EaScEXC.exe
  2⤵
  PID:10644
- C:\Windows\System\sTZAQRP.exe
  C:\Windows\System\sTZAQRP.exe
  2⤵
  PID:10756
- C:\Windows\System\jurSSmE.exe
  C:\Windows\System\jurSSmE.exe
  2⤵
  PID:10780
- C:\Windows\System\ZNDDEqm.exe
  C:\Windows\System\ZNDDEqm.exe
  2⤵
  PID:10776
- C:\Windows\System\EQrUuxf.exe
  C:\Windows\System\EQrUuxf.exe
  2⤵
  PID:10900
- C:\Windows\System\OcuhaeM.exe
  C:\Windows\System\OcuhaeM.exe
  2⤵
  PID:2784
- C:\Windows\System\kuHSgUU.exe
  C:\Windows\System\kuHSgUU.exe
  2⤵
  PID:11012
- C:\Windows\System\MMRzSHm.exe
  C:\Windows\System\MMRzSHm.exe
  2⤵
  PID:11048
- C:\Windows\System\fIcJvcu.exe
  C:\Windows\System\fIcJvcu.exe
  2⤵
  PID:11116
- C:\Windows\System\vNrQYgr.exe
  C:\Windows\System\vNrQYgr.exe
  2⤵
  PID:11164
- C:\Windows\System\rKgIcFs.exe
  C:\Windows\System\rKgIcFs.exe
  2⤵
  PID:11228
- C:\Windows\System\iFgUMpA.exe
  C:\Windows\System\iFgUMpA.exe
  2⤵
  PID:10256
- C:\Windows\System\BVxmGKu.exe
  C:\Windows\System\BVxmGKu.exe
  2⤵
  PID:10356
- C:\Windows\System\MZbLbdZ.exe
  C:\Windows\System\MZbLbdZ.exe
  2⤵
  PID:10748
- C:\Windows\System\ysWqBYA.exe
  C:\Windows\System\ysWqBYA.exe
  2⤵
  PID:10868
- C:\Windows\System\JSLPfXy.exe
  C:\Windows\System\JSLPfXy.exe
  2⤵
  PID:10996
- C:\Windows\System\olLbNUb.exe
  C:\Windows\System\olLbNUb.exe
  2⤵
  PID:11192
- C:\Windows\System\hYThTDW.exe
  C:\Windows\System\hYThTDW.exe
  2⤵
  PID:10556
- C:\Windows\System\DnVzfYB.exe
  C:\Windows\System\DnVzfYB.exe
  2⤵
  PID:10736
- C:\Windows\System\oBUHLNc.exe
  C:\Windows\System\oBUHLNc.exe
  2⤵
  PID:11036
- C:\Windows\System\GsrXSle.exe
  C:\Windows\System\GsrXSle.exe
  2⤵
  PID:10580
- C:\Windows\System\uSwKWRo.exe
  C:\Windows\System\uSwKWRo.exe
  2⤵
  PID:11268
- C:\Windows\System\zdouOsS.exe
  C:\Windows\System\zdouOsS.exe
  2⤵
  PID:11308
- C:\Windows\System\wyPKwca.exe
  C:\Windows\System\wyPKwca.exe
  2⤵
  PID:11328
- C:\Windows\System\yMGmmGY.exe
  C:\Windows\System\yMGmmGY.exe
  2⤵
  PID:11352
- C:\Windows\System\MoWhPrM.exe
  C:\Windows\System\MoWhPrM.exe
  2⤵
  PID:11376
- C:\Windows\System\RHKcvrb.exe
  C:\Windows\System\RHKcvrb.exe
  2⤵
  PID:11392
- C:\Windows\System\QZpGnmO.exe
  C:\Windows\System\QZpGnmO.exe
  2⤵
  PID:11444
- C:\Windows\System\saahQCF.exe
  C:\Windows\System\saahQCF.exe
  2⤵
  PID:11464
- C:\Windows\System\APjACdH.exe
  C:\Windows\System\APjACdH.exe
  2⤵
  PID:11500
- C:\Windows\System\szlEJXm.exe
  C:\Windows\System\szlEJXm.exe
  2⤵
  PID:11520
- C:\Windows\System\DneNrOP.exe
  C:\Windows\System\DneNrOP.exe
  2⤵
  PID:11548
- C:\Windows\System\YhjEeNB.exe
  C:\Windows\System\YhjEeNB.exe
  2⤵
  PID:11572
- C:\Windows\System\CKywGYy.exe
  C:\Windows\System\CKywGYy.exe
  2⤵
  PID:11604
- C:\Windows\System\FcmVjLk.exe
  C:\Windows\System\FcmVjLk.exe
  2⤵
  PID:11632
- C:\Windows\System\ghoDIDF.exe
  C:\Windows\System\ghoDIDF.exe
  2⤵
  PID:11652
- C:\Windows\System\tsfZuUo.exe
  C:\Windows\System\tsfZuUo.exe
  2⤵
  PID:11680
- C:\Windows\System\uhpjVbj.exe
  C:\Windows\System\uhpjVbj.exe
  2⤵
  PID:11708
- C:\Windows\System\MKLfzkL.exe
  C:\Windows\System\MKLfzkL.exe
  2⤵
  PID:11736
- C:\Windows\System\lzhXyuk.exe
  C:\Windows\System\lzhXyuk.exe
  2⤵
  PID:11780
- C:\Windows\System\DrpVFrr.exe
  C:\Windows\System\DrpVFrr.exe
  2⤵
  PID:11800
- C:\Windows\System\MroLcOn.exe
  C:\Windows\System\MroLcOn.exe
  2⤵
  PID:11816
- C:\Windows\System\ieCPryf.exe
  C:\Windows\System\ieCPryf.exe
  2⤵
  PID:11836
- C:\Windows\System\ArNsVSq.exe
  C:\Windows\System\ArNsVSq.exe
  2⤵
  PID:11864
- C:\Windows\System\MAzDSlW.exe
  C:\Windows\System\MAzDSlW.exe
  2⤵
  PID:11904
- C:\Windows\System\rwGtLFp.exe
  C:\Windows\System\rwGtLFp.exe
  2⤵
  PID:11924
- C:\Windows\System\OgQkDYs.exe
  C:\Windows\System\OgQkDYs.exe
  2⤵
  PID:11948
- C:\Windows\System\smtLQWq.exe
  C:\Windows\System\smtLQWq.exe
  2⤵
  PID:11972
- C:\Windows\System\tTNnCou.exe
  C:\Windows\System\tTNnCou.exe
  2⤵
  PID:12004
- C:\Windows\System\tvaoAmP.exe
  C:\Windows\System\tvaoAmP.exe
  2⤵
  PID:12056
- C:\Windows\System\avEpife.exe
  C:\Windows\System\avEpife.exe
  2⤵
  PID:12076
- C:\Windows\System\cEIVOqG.exe
  C:\Windows\System\cEIVOqG.exe
  2⤵
  PID:12096
- C:\Windows\System\FRVVNuV.exe
  C:\Windows\System\FRVVNuV.exe
  2⤵
  PID:12144
- C:\Windows\System\xGJbOoA.exe
  C:\Windows\System\xGJbOoA.exe
  2⤵
  PID:12164
- C:\Windows\System\fAphTPw.exe
  C:\Windows\System\fAphTPw.exe
  2⤵
  PID:12184
- C:\Windows\System\qcYYxOM.exe
  C:\Windows\System\qcYYxOM.exe
  2⤵
  PID:12204
- C:\Windows\System\lyFqNMC.exe
  C:\Windows\System\lyFqNMC.exe
  2⤵
  PID:12240
- C:\Windows\System\zhRPGiR.exe
  C:\Windows\System\zhRPGiR.exe
  2⤵
  PID:12268
- C:\Windows\System\NrwkUYZ.exe
  C:\Windows\System\NrwkUYZ.exe
  2⤵
  PID:10664
- C:\Windows\System\HYOWRtq.exe
  C:\Windows\System\HYOWRtq.exe
  2⤵
  PID:11364
- C:\Windows\System\wBSkyxK.exe
  C:\Windows\System\wBSkyxK.exe
  2⤵
  PID:11416
- C:\Windows\System\RAZGQoT.exe
  C:\Windows\System\RAZGQoT.exe
  2⤵
  PID:11480
- C:\Windows\System\DuiNLOP.exe
  C:\Windows\System\DuiNLOP.exe
  2⤵
  PID:11512
- C:\Windows\System\phimQsP.exe
  C:\Windows\System\phimQsP.exe
  2⤵
  PID:11568
- C:\Windows\System\axsHBTv.exe
  C:\Windows\System\axsHBTv.exe
  2⤵
  PID:11672
- C:\Windows\System\giDLHAh.exe
  C:\Windows\System\giDLHAh.exe
  2⤵
  PID:11700
- C:\Windows\System\qPBgZsQ.exe
  C:\Windows\System\qPBgZsQ.exe
  2⤵
  PID:11768
- C:\Windows\System\IPmZpMg.exe
  C:\Windows\System\IPmZpMg.exe
  2⤵
  PID:11796
- C:\Windows\System\dvCXHDA.exe
  C:\Windows\System\dvCXHDA.exe
  2⤵
  PID:11852
- C:\Windows\System\RdskCNs.exe
  C:\Windows\System\RdskCNs.exe
  2⤵
  PID:11912
- C:\Windows\System\uZGOuHa.exe
  C:\Windows\System\uZGOuHa.exe
  2⤵
  PID:11988
- C:\Windows\System\feiGFBK.exe
  C:\Windows\System\feiGFBK.exe
  2⤵
  PID:12040
- C:\Windows\System\YeVnAfp.exe
  C:\Windows\System\YeVnAfp.exe
  2⤵
  PID:12160
- C:\Windows\System\KmDHTti.exe
  C:\Windows\System\KmDHTti.exe
  2⤵
  PID:12200
- C:\Windows\System\xLVDQdZ.exe
  C:\Windows\System\xLVDQdZ.exe
  2⤵
  PID:1072
- C:\Windows\System\WDcmlqr.exe
  C:\Windows\System\WDcmlqr.exe
  2⤵
  PID:2880
- C:\Windows\System\URkNWSO.exe
  C:\Windows\System\URkNWSO.exe
  2⤵
  PID:4040
- C:\Windows\System\riuBdUh.exe
  C:\Windows\System\riuBdUh.exe
  2⤵
  PID:11348
- C:\Windows\System\ijxVCzk.exe
  C:\Windows\System\ijxVCzk.exe
  2⤵
  PID:11344
- C:\Windows\System\LlKhjxP.exe
  C:\Windows\System\LlKhjxP.exe
  2⤵
  PID:11592
- C:\Windows\System\bgbheDg.exe
  C:\Windows\System\bgbheDg.exe
  2⤵
  PID:11660
- C:\Windows\System\eIjptfs.exe
  C:\Windows\System\eIjptfs.exe
  2⤵
  PID:11144
- C:\Windows\System\SNziskX.exe
  C:\Windows\System\SNziskX.exe
  2⤵
  PID:12232
- C:\Windows\System\IlQHPFK.exe
  C:\Windows\System\IlQHPFK.exe
  2⤵
  PID:11540
- C:\Windows\System\hcEnQtU.exe
  C:\Windows\System\hcEnQtU.exe
  2⤵
  PID:11940
- C:\Windows\System\adomZnI.exe
  C:\Windows\System\adomZnI.exe
  2⤵
  PID:12196
- C:\Windows\System\cLiYmCN.exe
  C:\Windows\System\cLiYmCN.exe
  2⤵
  PID:11300
- C:\Windows\System\aYXHMBr.exe
  C:\Windows\System\aYXHMBr.exe
  2⤵
  PID:12312
- C:\Windows\System\ktEqaob.exe
  C:\Windows\System\ktEqaob.exe
  2⤵
  PID:12352
- C:\Windows\System\hEIKWSk.exe
  C:\Windows\System\hEIKWSk.exe
  2⤵
  PID:12368
- C:\Windows\System\XuLgNJo.exe
  C:\Windows\System\XuLgNJo.exe
  2⤵
  PID:12384
- C:\Windows\System\wXxJJZj.exe
  C:\Windows\System\wXxJJZj.exe
  2⤵
  PID:12400
- C:\Windows\System\dbzvAjZ.exe
  C:\Windows\System\dbzvAjZ.exe
  2⤵
  PID:12456
- C:\Windows\System\FrPRMsk.exe
  C:\Windows\System\FrPRMsk.exe
  2⤵
  PID:12508
- C:\Windows\System\HigihyM.exe
  C:\Windows\System\HigihyM.exe
  2⤵
  PID:12528
- C:\Windows\System\TUjcEjc.exe
  C:\Windows\System\TUjcEjc.exe
  2⤵
  PID:12556
- C:\Windows\System\jpfrlaV.exe
  C:\Windows\System\jpfrlaV.exe
  2⤵
  PID:12576
- C:\Windows\System\maFVqza.exe
  C:\Windows\System\maFVqza.exe
  2⤵
  PID:12624
- C:\Windows\System\FKyTZLK.exe
  C:\Windows\System\FKyTZLK.exe
  2⤵
  PID:12664
- C:\Windows\System\RJCTuNE.exe
  C:\Windows\System\RJCTuNE.exe
  2⤵
  PID:12704
- C:\Windows\System\UNRUyJh.exe
  C:\Windows\System\UNRUyJh.exe
  2⤵
  PID:12740
- C:\Windows\System\oRzvdVw.exe
  C:\Windows\System\oRzvdVw.exe
  2⤵
  PID:12760
- C:\Windows\System\OBDGbjV.exe
  C:\Windows\System\OBDGbjV.exe
  2⤵
  PID:12788
- C:\Windows\System\sNfYSgF.exe
  C:\Windows\System\sNfYSgF.exe
  2⤵
  PID:12816
- C:\Windows\System\rgiwSSD.exe
  C:\Windows\System\rgiwSSD.exe
  2⤵
  PID:12840
- C:\Windows\System\lyvDSFZ.exe
  C:\Windows\System\lyvDSFZ.exe
  2⤵
  PID:12860
- C:\Windows\System\zFrrihe.exe
  C:\Windows\System\zFrrihe.exe
  2⤵
  PID:12880
- C:\Windows\System\plvxbOs.exe
  C:\Windows\System\plvxbOs.exe
  2⤵
  PID:12908
- C:\Windows\System\HUsAclo.exe
  C:\Windows\System\HUsAclo.exe
  2⤵
  PID:12960
- C:\Windows\System\DiSPGmk.exe
  C:\Windows\System\DiSPGmk.exe
  2⤵
  PID:12996
- C:\Windows\System\skhnDBj.exe
  C:\Windows\System\skhnDBj.exe
  2⤵
  PID:13012
- C:\Windows\System\xfbBDoq.exe
  C:\Windows\System\xfbBDoq.exe
  2⤵
  PID:13040
- C:\Windows\System\qnytZlZ.exe
  C:\Windows\System\qnytZlZ.exe
  2⤵
  PID:13064
- C:\Windows\System\ibmezaq.exe
  C:\Windows\System\ibmezaq.exe
  2⤵
  PID:13088
- C:\Windows\System\CBAEeJP.exe
  C:\Windows\System\CBAEeJP.exe
  2⤵
  PID:13116
- C:\Windows\System\vjXGvrQ.exe
  C:\Windows\System\vjXGvrQ.exe
  2⤵
  PID:13148
- C:\Windows\System\mMFyeeD.exe
  C:\Windows\System\mMFyeeD.exe
  2⤵
  PID:13164
- C:\Windows\System\AvsYpat.exe
  C:\Windows\System\AvsYpat.exe
  2⤵
  PID:13184
- C:\Windows\System\xmoKwpk.exe
  C:\Windows\System\xmoKwpk.exe
  2⤵
  PID:13208
- C:\Windows\System\kBZLbIT.exe
  C:\Windows\System\kBZLbIT.exe
  2⤵
  PID:13228
- C:\Windows\System\KZvnxmu.exe
  C:\Windows\System\KZvnxmu.exe
  2⤵
  PID:13252
- C:\Windows\System\GiaDVUo.exe
  C:\Windows\System\GiaDVUo.exe
  2⤵
  PID:13288
- C:\Windows\System\OJZumqK.exe
  C:\Windows\System\OJZumqK.exe
  2⤵
  PID:4304
- C:\Windows\System\kPPfCrm.exe
  C:\Windows\System\kPPfCrm.exe
  2⤵
  PID:12320
- C:\Windows\System\lmAZEbM.exe
  C:\Windows\System\lmAZEbM.exe
  2⤵
  PID:12088
- C:\Windows\System\rxobwcq.exe
  C:\Windows\System\rxobwcq.exe
  2⤵
  PID:12248
- C:\Windows\System\NPTnqzV.exe
  C:\Windows\System\NPTnqzV.exe
  2⤵
  PID:12444
- C:\Windows\System\LEFFPkk.exe
  C:\Windows\System\LEFFPkk.exe
  2⤵
  PID:12396
- C:\Windows\System\zmRqqKB.exe
  C:\Windows\System\zmRqqKB.exe
  2⤵
  PID:12432
- C:\Windows\System\QdGXEXq.exe
  C:\Windows\System\QdGXEXq.exe
  2⤵
  PID:12536
- C:\Windows\System\nRmNVTF.exe
  C:\Windows\System\nRmNVTF.exe
  2⤵
  PID:12632
- C:\Windows\System\nFuHbQI.exe
  C:\Windows\System\nFuHbQI.exe
  2⤵
  PID:13280
- C:\Windows\System\soKmJrn.exe
  C:\Windows\System\soKmJrn.exe
  2⤵
  PID:4632
- C:\Windows\System\bVxSPko.exe
  C:\Windows\System\bVxSPko.exe
  2⤵
  PID:12304
- C:\Windows\System\GdpWktT.exe
  C:\Windows\System\GdpWktT.exe
  2⤵
  PID:11452
- C:\Windows\System\CcKWOwn.exe
  C:\Windows\System\CcKWOwn.exe
  2⤵
  PID:12440
- C:\Windows\System\PFphlUG.exe
  C:\Windows\System\PFphlUG.exe
  2⤵
  PID:12376
- C:\Windows\System\dePuPXv.exe
  C:\Windows\System\dePuPXv.exe
  2⤵
  PID:12500
- C:\Windows\System\rNVuhkh.exe
  C:\Windows\System\rNVuhkh.exe
  2⤵
  PID:12680
- C:\Windows\System\kbDadkv.exe
  C:\Windows\System\kbDadkv.exe
  2⤵
  PID:13096
- C:\Windows\System\fAcsoSi.exe
  C:\Windows\System\fAcsoSi.exe
  2⤵
  PID:13124
- C:\Windows\System\FaohuWa.exe
  C:\Windows\System\FaohuWa.exe
  2⤵
  PID:12592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kwvi1lrs.ety.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\EdFbYYD.exe

Filesize
2.3MB

MD5
4f6238900aaa2321d280734d4ff7efd5

SHA1
e927a433926c5261cf5a392c960e7476e3358b85

SHA256
0118e3fea6a5b97a3675e12148e627d77565d63659c49f16edc5e7d4627f5e33

SHA512
7dee6455ec7ec8a4f13c60b3862e8d6d0822513cc19b225d641b148669625da31e295fd7bbad21fe50d5b6a4a65e440cb1e8f6dd3b48dd27c1b7c23b53a2b699

Download Submit
C:\Windows\System\EnhTisx.exe

Filesize
2.3MB

MD5
57bd54b83197533429da74297c03a1f1

SHA1
53e586ed476a3aba0d897eeff877eff8307bb650

SHA256
0c50d09c21d1932e7619da24c91c8ae786b4bf9c8c11719118f0fb1a389b9405

SHA512
b6bc5c46349ffb07fd81a19b847c7d5af0e2651b12549051acf0f8ff52586186e3a6a0d5cecda33a9af1dc541613b82c2cec8e16958df8e001f3272c4034c41f

Download Submit
C:\Windows\System\ExUsxSA.exe

Filesize
2.3MB

MD5
e5f0290194ef20b3fd4a1896772425a4

SHA1
9737402728871a8cdd2a403965b419fb7cd70278

SHA256
1477ded50d9dc27d4239951c71795a00376627187928ad90246ccc809bd4f5fc

SHA512
70faeb0602a5615cab018089fa6ccb76f1c9b91d2f3bfe26ac0556ea20c928b9053f11b8f6ef5880e7ada76280d48e8cbb5205f14cb9b9748377ef7907d43e85

Download Submit
C:\Windows\System\JDEkoGE.exe

Filesize
2.3MB

MD5
5c3cd696787a30a4368e923bb3686472

SHA1
5f0057c2412142f47901d5eba3e9c07b459b811d

SHA256
401afc011f3667f7cf924ef374178d0408d0f70d23ec0a1538ebb1c1304c02e3

SHA512
3f5ac51a45b04bc44cb7a9a3526d927f8e55a998afe98347abee78c3bc643e6c1bbfab62c8b20ff6e5f00f7c5fd50e73d8ec8e4318cfbfc1c887bebadea019db

Download Submit
C:\Windows\System\JPruuvY.exe

Filesize
2.3MB

MD5
0f6441a23ca3ffdcb4d9be70de193e56

SHA1
29949c4f6dc2d1de32acb1263bac46e216b28de5

SHA256
f1c01429990d02be8aefadbe0e3bfec1f1653f92dc9d35d8ea09afeff8d73798

SHA512
9f8bb4b12052d92877ad6ffed43031e92b47dea899d9c2e2243e9b6926f880a095d90b4de5fccd116732b77f469c0c2eb18806e12bfb55ddccd39cf046db5819

Download Submit
C:\Windows\System\KbewdMH.exe

Filesize
8B

MD5
ce98e4fb0d1b3e55b413072afff0d9b0

SHA1
ea92124ca4b7f582ca9bded1d03be27e59b4ea59

SHA256
ff9bed5abd6e63c0617526102c0f954cef8653d22647e6d0cc15dd6455af1a78

SHA512
b03d5e8e2563e87b69e649ee452bd2c1714db6cee8c57a2d9c80350a9bfea4a14df4deeed12085a7535561f33b8025c13820b94443ecdbd732b098776b2234a9

Download Submit
C:\Windows\System\LMaCuHT.exe

Filesize
2.3MB

MD5
4fe26e83fe7436848a05675eecd5e6d1

SHA1
81bbee1cd3279b745f6ac546cba740f73ddd3be5

SHA256
bd65da310368fe9c672803e12d01ec81acf4efeb01c950f05ebc43a85cadd66c

SHA512
16905e6e175d5632078e622f125bb304f951e3860e2ed0b63763d2a9d0cb899b9b6a08a2d0b92e346fb967a95c61e69a0b6ea245653aa4b3071b117d541439cd

Download Submit
C:\Windows\System\Lisnwaa.exe

Filesize
2.3MB

MD5
7dfa49eaa23eb0fc965174ae11e1250c

SHA1
29bba6aaf836c104176b6ae8030f5391705405ba

SHA256
5e3c671e0f22624fc7967312d641209004721dac006b20d85eb338d2f09a9032

SHA512
c5576a51783992d5c8346b803e4fd867e172b823fe8aa21fcd520261bcce714a769792544ca71555f6ec498974f9116080d6e61f3d7c7019a74f104c83c363c7

Download Submit
C:\Windows\System\SKCNmZy.exe

Filesize
2.3MB

MD5
5e0cec95298af40a11c793d8079b5bf9

SHA1
4b38fdc45d65b8613a2a9ae3f845215c54480961

SHA256
0bc42d0b3e39cbf618af96a4a6a7f2e055b0886fda7bfc0d274dd46b688e50e2

SHA512
1ba12ba02aadf350cf23680f4df76bafaca4e59d7d93e7a30af33285c5f116b6125d3963a2ed8247abf9aea0aafbbc779f92986c177b7d25213d796c2f639068

Download Submit
C:\Windows\System\Vgdpykt.exe

Filesize
2.3MB

MD5
dfb697e12df20eb7fcf45cb581cbadd2

SHA1
b3971483880d385203c152578e9b3b0a476299ec

SHA256
f3f332b17b2ffe6e7c6bdf66372ec2daa5ecf19a6e4c4547bb8da14d6e731592

SHA512
3b4884cb113ca5252311e4b5cc56c59b69bab2d394f52bcb65a366287a1f2bad2b24d4ce310fdddeb49bacb3424e0c821c40ead73799a1e31536057cbedd90f4

Download Submit
C:\Windows\System\XCOafWq.exe

Filesize
2.3MB

MD5
f2999cf7e978a04a7ee54ae4e01ad28f

SHA1
2686eb1e0caae1bcd73b7621b7d6f83a668d8ef4

SHA256
6f7d505830c7547be56416e579bb0ad6dd14d67beb860f6d26154cdeb83a5589

SHA512
7b3b2d140dc4aadc2c80ec2485c109bb4b34656c33e9f6c642ac9f46ece470b30cf0e2108a8f5871b496821886a2b7cb7cb6f72a07ef8156a34cb4d2d839d218

Download Submit
C:\Windows\System\ZfDBNHT.exe

Filesize
2.3MB

MD5
aed07a179b69c2a25435131267d52df9

SHA1
8b678b56874d9ebadcb05c862c76dfa9b09ee458

SHA256
bda492fff3d4d328274c8c5c50b106d45f9817a4ee4ebf98585a195090e56c47

SHA512
d4908909fb12173be0bf8e716fc443bd9bce053f661e07996b8c88ec09dd92b39232526ff067c778d942e701edb809739dcce705a6c2152ce624b1ae6aed2c4d

Download Submit
C:\Windows\System\ZoVqpxu.exe

Filesize
2.3MB

MD5
b8fb8c64bf230fad9c28b783c25dc07f

SHA1
095670927c51d89a709b2c13930c9089d85eef2c

SHA256
384075fa15cbef3b695a9b280b3708fc161e853d8c0847c5df7dd726b817ffa6

SHA512
dc0770561ecaccfede954c2a4af46b4ba282fb0154512c4354791d89b9e943b8d20226d460b34e79f1c030bcc2618ba0f1e675ea573ca3f8c421224a9ac5ba63

Download Submit
C:\Windows\System\Zpmlkpp.exe

Filesize
2.3MB

MD5
a70de9542ccc56acdcda9a58b1f3b367

SHA1
038c56da983eea76a3728b9d8672c60414f00b1e

SHA256
9683396dcfa7bd2f83f0f85bfae1d3fda298dc4001a6d3ea8c10c1b66e63c1b0

SHA512
614cad7fa77efbde2c2afdf6c447dde091f8196cb0487fb6875788daf4f53d40e9ad34eb519b31277d073cf6c56a0d2ee6960bef47e66aa2e78144c57a4d16dc

Download Submit
C:\Windows\System\aDyMxap.exe

Filesize
2.3MB

MD5
88bc9081238ad5fac3c4df34e0348bdf

SHA1
333da10181c5f09b599dc852d0ec94c06c1c838f

SHA256
a319643441d497dd9649d239f45b557cef88c1283c681fb854a8c165c9920c43

SHA512
4a9202482b5530014066fa1a60cc8b94d517d5c7f762171dc466c64a4c7342e33725ecddac9136439b3571ef438be364b34b6ca16542eab1d474633f9ee0dc81

Download Submit
C:\Windows\System\dFXFoQp.exe

Filesize
2.3MB

MD5
85dc734a8c647218cba7704f8c51801b

SHA1
d9006098f219dece52c37ab4cd8b7752ccf3ef4d

SHA256
0761be7a6abbb036326a19b14b9193fae00c6e4d7b92d08bfac8402d6d238d0e

SHA512
0da9c593f7395d8297b73ff0720940b7e4c37c2848da2ab9a53ed770b1fe589e6ab511ffc26b1192f05dc40c3ea302a47a2d64998e4b98c0e7ae7b14d3ee5955

Download Submit
C:\Windows\System\fDUKrWa.exe

Filesize
2.3MB

MD5
adf2b94aaa909640ba91b6bd24f5e397

SHA1
f2083f06cfec3b7bd4fefe7eb050b3650d1d026a

SHA256
0a3b0ff650e21a9a08d6bd798101f1e258c831b3212634266c3f22a9f788c714

SHA512
f3dd61bc1817511c011178471d5fa7d91f5811cb73b18ceb3092fe928e92000a245ece9cd6efd2ee42aae5687471664f2640be1f3bd49e1174e4358040ea27c8

Download Submit
C:\Windows\System\fyEcVRT.exe

Filesize
2.3MB

MD5
1d20d00f558268e47770ac8fcfdcee48

SHA1
c96157da854cae80dedac0d5ee08efe7e52f1160

SHA256
c2dcfbeba3f73153f20824eabdad89d8d3a098c97b4e3c14791df531e723c8fc

SHA512
1e2d8095008904a5147ea59c0499ca896573e5d03596a62540f915a7d0dfb6878d0da33101f2e8cceb021d3847f316c7455327f859295a1f97f9b56b6b1262aa

Download Submit
C:\Windows\System\gMvtTDb.exe

Filesize
2.3MB

MD5
918d1922b41433131fa87bb7325c7b6f

SHA1
f66f6c8eb03dba0b7617511563e0ed43c5eb332d

SHA256
f60f08931ef0fdba8634271f399b3181b0c3d290b2f30ba14de7cbc3201ede21

SHA512
eb3ce8781e2a68be451abd27f4527d5fc9a6d98dbe78aa622b706adedbb2b935dcc0d36efc1bf7e7d22ea1734e39f8f83863a1274517954e24b444839a0db859

Download Submit
C:\Windows\System\gUFtGzH.exe

Filesize
2.3MB

MD5
a84a50fecae9934d1fabb07745dd6573

SHA1
91f798d8c104889b1dbe2b8fd631fb8d588104f2

SHA256
e6129e30123afac2c58ef1dcd25296efce70afa3a07393924cfb9ca98da627e2

SHA512
92e24020c664e72e3747804664000f60a162f1bfe25fd3375145450ed38b56bfbaa82ac4a486cc9cf0e35cac2042034b685aa67db46f019cfe19f2890f150c0d

Download Submit
C:\Windows\System\gfYdamO.exe

Filesize
2.3MB

MD5
90aa7e199f9af5a92b3c1ce5b7ce6d4b

SHA1
dd8318b6ca9b1fe5abe6401383151e55028b29e8

SHA256
ba87e0b95188f2523c511a039602bf3b533f49e47baa16497b6e5d538cd38ce5

SHA512
29b8b7d65dc5e5eeaef5260357fbffd09dd3c1718b8ead91e0e3662f9b44389af6c31a376d224c7d391ea1c7ec06b607028c8510c33ebd69c222f4424edeff23

Download Submit
C:\Windows\System\jhrramx.exe

Filesize
2.3MB

MD5
37b299776483dff688ccc61199c50967

SHA1
7cb7792d122d838b04c80ad30599ab9212d78448

SHA256
80887e9036d7d9a650cab5de2c56eb96c30d0caa4f1915e1ce6d2b12320e7140

SHA512
f85db1ad15ab78dbbca02e0c542f59eb24a980080fadb98d2be0554a428ac1598116a124ab4bd0a4bf60b0a45785dbc097213fdcc6b2b5f4225df5236b8e6377

Download Submit
C:\Windows\System\kCEPeTz.exe

Filesize
2.3MB

MD5
60b611a78a87ce25cfe33f377c3498fe

SHA1
126b8c6663126cda8e859e69f93313e4c4fd1981

SHA256
133a715c086a5ace79951ec9c8d0b17f53858841a3b8dd0d7bf92f335b6efe36

SHA512
e0bf2cbfd9033d1c2c5bf5fb433ed49aae82ab1db463594118cf2527491cbb90d82a93045f2209d9e6d37751e2a7b2cd70467d7f3f099a7117a820848aed2db5

Download Submit
C:\Windows\System\mljjsQk.exe

Filesize
2.3MB

MD5
c5f8c557436c2c432cba0549d5475036

SHA1
f1b045ebb45d9453985920411e5a2dc6a419d08a

SHA256
4ddbbda73808c4e561d94eab4aeb5d81383d52ff94fbb13d4832782fac7ea3eb

SHA512
df631d6e3eb135ead9def723343bd8e9e071c689661aef4846d09f0652c81985a68de4dfbf22aa3009a4d6da45f2cdbacc095d1bcfc84f79d70593c27a6b5dda

Download Submit
C:\Windows\System\oegicKd.exe

Filesize
2.3MB

MD5
c55abb9588ddab264e92a667930e0fbd

SHA1
d22c1649816c258d77fb74babad05351911cadc8

SHA256
9029a006bb1d8d3af5e5798e10aa4d76db9c1a1014d7b1e5729d09aef201729f

SHA512
fdbbdc9bc9cc43867485cf51a2f92cf88818a9ceeb38e3b0b8132acd60dc09cd4acfdb78b57992a1be87ac17410243382898b28466e0d2cb4839b44819cd9743

Download Submit
C:\Windows\System\pgqBeSC.exe

Filesize
2.3MB

MD5
56d4b51c90e7afd5f144b87cff7c89be

SHA1
716f3d09ec407950b6fedaf331a680ea91a73c7b

SHA256
27c9faabed42dfe567d601ca567790ed8fbf964729ebcfbb0c71b6126224a3de

SHA512
b0f02b552bf9ae4a7f7d606c6b51d27a23407d3447a22a1f8ada7be4d577e333b75c7b81caba2c641273ae25ee5f02e7c6e999300de8af8d4e231058268ba278

Download Submit
C:\Windows\System\qGANWgx.exe

Filesize
2.3MB

MD5
87c99b1156bab1120801ba01d9813404

SHA1
43de46b2188c0f62359343fe0a37dab172878acb

SHA256
420a842011a5844706a602754eeb92ad3a28e33a8285e2eed3986dc10a1a068b

SHA512
2cf113f586967e0a2615a8b750d50ee50fc4b761fe3b6c4f48be0b6e1a9f74ae17a27d92ada54d6a9feca949b8dedfe2c61ede0b8ad2e89dffccb1e7b7981315

Download Submit
C:\Windows\System\qIXyNcg.exe

Filesize
2.3MB

MD5
63623951e299bd0f969554e2d8bce219

SHA1
b8a23e3b9ffc640174ff3abf94660f798a240c8b

SHA256
ea059c6ce055c1e6800f4545888702c083bd592b8162f65e46eade801632299b

SHA512
3d3a35501b0a6e9734a53acaf9ff171bcda35b1ddbcac6641396c4f01af4dae18c117ad047ed0433b685156640cc940debf6b381780a802911e6092dead9f3b7

Download Submit
C:\Windows\System\qtdJIJN.exe

Filesize
2.3MB

MD5
5ecebea4ffbcd8696779d1bb3caa773b

SHA1
c7fa4099be980413a1dd230789e5ca7b9dffe196

SHA256
9d368ce7eb658a5653a3088de7da2cd92609c6e9a402c55cfae2bf00fe398a15

SHA512
d631a18a5d7f69cb61f5a0837df7be313843e1d3dd95bb7c5d9f37ba6c891dffe48ae013102fad1464a2318e1b5c72a4e75b12f0683f3dda0250d88b96b4316e

Download Submit
C:\Windows\System\sVHsOuG.exe

Filesize
2.3MB

MD5
a9d92d8c54a5111afaedc50f7f2c2fd5

SHA1
bbbb27ef7544cc79e0e307c7cadcc009762bdfff

SHA256
00c493ebe01177a58a9c58df5e3a814b1c7dbe9c4f1d81d2c32a3edc8bf94723

SHA512
4b7d3c1077ee9b1f999f061aff171fbdd76cc943b71441136f1d2a91d7add5551e6574c848ef6ce9d9437b02fa61903a888ef1598c6d5f33885339723c416a9a

Download Submit
C:\Windows\System\tujZPzE.exe

Filesize
2.3MB

MD5
a208ae27ed76754c95870138937125c5

SHA1
4c02e29389b74797fb69c581972954b440ba72ae

SHA256
91a8d6496ca5321326aff3ba9cae1526dd8d44a977d935685046f5d83dfd3900

SHA512
62c6b7a89913c7fd9a164b75f70a5fa236894497c22ff957f6df1d5202aa7ca38867e25d72052431e4078b6a5829a40c1f2c35b63dac6d421a47deebe85f7546

Download Submit
C:\Windows\System\vtZMKWU.exe

Filesize
2.3MB

MD5
4394d82a9a88a48b6f247fe2b2c9cf51

SHA1
87d8dac8168bff108916de5876671fdb2f0e88cd

SHA256
a42d94a00b848335a1e95ac6eb680c1121ae18fbe583df383774a16dbf79f9c8

SHA512
4b88ed408ab0d37b76d05492055f6f80d30ce470dfc3170e449fa65fd1ce7eb0f4ee500342fa24f8849d19c65d19d937fce32b3a1ff562219e61d9bab276ed36

Download Submit
C:\Windows\System\xZcIbIa.exe

Filesize
2.3MB

MD5
f505cddd358a211e2695eed759c185a9

SHA1
584805c9d85453616b4af9acdd1fae9209f3d362

SHA256
8714f1d2921380908b898b9e64de67f4ea4acebec60d6759bb07a5203c360c51

SHA512
2c2df61a311ceea93f3d90c8454c845baf1f9e0d118a5bb8b4575ccf065d011503a481109a9ab602cd61805585588a25aa0d6fdb5b72d16a330040675f13f7c3

Download Submit
C:\Windows\System\yWVrptT.exe

Filesize
2.3MB

MD5
f0a331ac19afdb0705b4c16a4a726fc3

SHA1
7ac5a4ea24055569739d824d30f31fa5e953be43

SHA256
006724e38ff935d4d3def1d4b4a0b94bbe7125127c6eb7d2f1e3d2458e025b92

SHA512
98a161254a24a7314e2ed1c3f8daa6f36969e454cb95b0088a7386a9e2e8029cd2c63e5e84284e5eb10f565ebc5d722383d2f2bf433325ba6f6be73446c3c329

Download Submit
memory/708-80-0x00007FF63D110000-0x00007FF63D502000-memory.dmp

Filesize
3.9MB

Download
memory/1196-14-0x00007FF68F900000-0x00007FF68FCF2000-memory.dmp

Filesize
3.9MB

Download
memory/1220-39-0x00007FFF7BE10000-0x00007FFF7C8D1000-memory.dmp

Filesize
10.8MB

Download
memory/1220-40-0x000001E4B5900000-0x000001E4B5910000-memory.dmp

Filesize
64KB

Download
memory/1220-427-0x000001E4CEA00000-0x000001E4CF1A6000-memory.dmp

Filesize
7.6MB

Download
memory/1220-67-0x000001E4CDE90000-0x000001E4CDEB2000-memory.dmp

Filesize
136KB

Download
memory/1220-2390-0x000001E4B5900000-0x000001E4B5910000-memory.dmp

Filesize
64KB

Download
memory/1768-142-0x00007FF6656A0000-0x00007FF665A92000-memory.dmp

Filesize
3.9MB

Download
memory/2204-106-0x00007FF74CCB0000-0x00007FF74D0A2000-memory.dmp

Filesize
3.9MB

Download
memory/2520-118-0x00007FF76CCB0000-0x00007FF76D0A2000-memory.dmp

Filesize
3.9MB

Download
memory/2524-81-0x00007FF7E2ED0000-0x00007FF7E32C2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-91-0x00007FF6FB920000-0x00007FF6FBD12000-memory.dmp

Filesize
3.9MB

Download
memory/3024-1-0x000001F002000000-0x000001F002010000-memory.dmp

Filesize
64KB

Download
memory/3024-0-0x00007FF62BDE0000-0x00007FF62C1D2000-memory.dmp

Filesize
3.9MB

Download
memory/3024-1773-0x00007FF62BDE0000-0x00007FF62C1D2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-99-0x00007FF728350000-0x00007FF728742000-memory.dmp

Filesize
3.9MB

Download
memory/3600-85-0x00007FF6B9130000-0x00007FF6B9522000-memory.dmp

Filesize
3.9MB

Download
memory/3628-45-0x00007FF734610000-0x00007FF734A02000-memory.dmp

Filesize
3.9MB

Download
memory/3856-70-0x00007FF68F870000-0x00007FF68FC62000-memory.dmp

Filesize
3.9MB

Download
memory/4044-50-0x00007FF66F4B0000-0x00007FF66F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/4132-55-0x00007FF630460000-0x00007FF630852000-memory.dmp

Filesize
3.9MB

Download
memory/4208-74-0x00007FF6EA900000-0x00007FF6EACF2000-memory.dmp

Filesize
3.9MB

Download
memory/4520-98-0x00007FF72C9B0000-0x00007FF72CDA2000-memory.dmp

Filesize
3.9MB

Download
memory/4692-124-0x00007FF7195E0000-0x00007FF7199D2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-51-0x00007FF649250000-0x00007FF649642000-memory.dmp

Filesize
3.9MB

Download
memory/4936-148-0x00007FF7B95B0000-0x00007FF7B99A2000-memory.dmp

Filesize
3.9MB

Download
memory/4940-136-0x00007FF7DD090000-0x00007FF7DD482000-memory.dmp

Filesize
3.9MB

Download
memory/4964-130-0x00007FF6ED830000-0x00007FF6EDC22000-memory.dmp

Filesize
3.9MB

Download
memory/5116-112-0x00007FF645CE0000-0x00007FF6460D2000-memory.dmp

Filesize
3.9MB

Download