xmrig | 625e31adb68a8d23216a407a855dfa37d73ee0bd48209df3efb92bbe9d03eca3

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
Size

2.0MB
MD5

0c44116212cc0c5217cf159831f10921
SHA1

502f4186832bffa22a343e90cbd3805df139b38a
SHA256

625e31adb68a8d23216a407a855dfa37d73ee0bd48209df3efb92bbe9d03eca3
SHA512

30d29f4826c1064c49377866bd80ecf4f370373d8cea5fb44bf87624ec8c0abfb5eda0aac22643ba94b9278796242d1cc476256c373598b4db43d099b6cbf86f
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+U1UU:NABs

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 26 IoCs

miner

resource	yara_rule
behavioral2/memory/3968-39-0x00007FF6FE340000-0x00007FF6FE732000-memory.dmp	xmrig
behavioral2/memory/1028-131-0x00007FF6032D0000-0x00007FF6036C2000-memory.dmp	xmrig
behavioral2/memory/3480-133-0x00007FF7D5560000-0x00007FF7D5952000-memory.dmp	xmrig
behavioral2/memory/928-137-0x00007FF602AF0000-0x00007FF602EE2000-memory.dmp	xmrig
behavioral2/memory/3932-329-0x00007FF74D700000-0x00007FF74DAF2000-memory.dmp	xmrig
behavioral2/memory/1716-348-0x00007FF73C250000-0x00007FF73C642000-memory.dmp	xmrig
behavioral2/memory/3404-606-0x00007FF63B840000-0x00007FF63BC32000-memory.dmp	xmrig
behavioral2/memory/1736-542-0x00007FF73F5F0000-0x00007FF73F9E2000-memory.dmp	xmrig
behavioral2/memory/952-499-0x00007FF6DC1C0000-0x00007FF6DC5B2000-memory.dmp	xmrig
behavioral2/memory/2124-471-0x00007FF78C8C0000-0x00007FF78CCB2000-memory.dmp	xmrig
behavioral2/memory/1516-470-0x00007FF747450000-0x00007FF747842000-memory.dmp	xmrig
behavioral2/memory/5044-407-0x00007FF79DCA0000-0x00007FF79E092000-memory.dmp	xmrig
behavioral2/memory/4300-296-0x00007FF7F7610000-0x00007FF7F7A02000-memory.dmp	xmrig
behavioral2/memory/4468-250-0x00007FF771010000-0x00007FF771402000-memory.dmp	xmrig
behavioral2/memory/4412-219-0x00007FF722390000-0x00007FF722782000-memory.dmp	xmrig
behavioral2/memory/2004-135-0x00007FF7B1CB0000-0x00007FF7B20A2000-memory.dmp	xmrig
behavioral2/memory/884-134-0x00007FF6E7F50000-0x00007FF6E8342000-memory.dmp	xmrig
behavioral2/memory/4440-132-0x00007FF729610000-0x00007FF729A02000-memory.dmp	xmrig
behavioral2/memory/2340-130-0x00007FF603CA0000-0x00007FF604092000-memory.dmp	xmrig
behavioral2/memory/4628-129-0x00007FF7EE250000-0x00007FF7EE642000-memory.dmp	xmrig
behavioral2/memory/4992-4355-0x00007FF6D0BE0000-0x00007FF6D0FD2000-memory.dmp	xmrig
behavioral2/memory/1348-4352-0x00007FF61B290000-0x00007FF61B682000-memory.dmp	xmrig
behavioral2/memory/436-4339-0x00007FF6EF130000-0x00007FF6EF522000-memory.dmp	xmrig
behavioral2/memory/3968-4337-0x00007FF6FE340000-0x00007FF6FE732000-memory.dmp	xmrig
behavioral2/memory/2196-4357-0x00007FF652E70000-0x00007FF653262000-memory.dmp	xmrig
behavioral2/memory/3248-4342-0x00007FF68F0D0000-0x00007FF68F4C2000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3248	xreZxFE.exe
3968	ipYmuUu.exe
1736	gdXoSln.exe
4628	QULtLvP.exe
2340	srNmxOo.exe
1028	hEbqPhY.exe
4440	JZTdbjJ.exe
3480	gxkbHfO.exe
884	XSIPcBq.exe
3404	RaGUhRC.exe
2004	PbBgSJJ.exe
1348	aCJONgb.exe
928	YmQljXN.exe
4992	aABEJtw.exe
2196	byUduSq.exe
4412	kHUfXoa.exe
4468	gqNLlIg.exe
4300	TcyLzZd.exe
3932	NFAIEZv.exe
1716	UTPJzJa.exe
5044	LdhtfwN.exe
1516	kroKVbJ.exe
2124	mnzAIZp.exe
952	MLrRBFG.exe
764	OoTmJrK.exe
1708	zcJTVYE.exe
644	WbKvdBb.exe
1344	gTlLLJd.exe
4972	lfmLHMI.exe
1204	WEURdkQ.exe
3192	fxfZrwp.exe
4360	XHFXich.exe
632	VVBQKkb.exe
380	JEORVYO.exe
3824	zrOXihx.exe
3396	bRXktpm.exe
1804	ygTXJAn.exe
4916	BKrTpdS.exe
3668	sDDVcWb.exe
2716	Dvjacuk.exe
1404	DolWXid.exe
3140	DYoNQyB.exe
3112	gHsXvxe.exe
3336	JDHnxaa.exe
4964	EaoeTAK.exe
4308	arKKujA.exe
3960	luYQIdp.exe
3528	YjwsDhC.exe
5076	jUTBsMY.exe
1696	rvbZeFS.exe
2808	kMhWtMk.exe
2488	RBOiETN.exe
3012	YHmJfdu.exe
1196	OHyJiAH.exe
1916	KpOccpO.exe
4748	LLNKozD.exe
2752	WzQxRYV.exe
8	QgmtkIo.exe
1772	SPPHtAy.exe
2208	FgDrusB.exe
2956	JbrRFWV.exe
3280	lTehLne.exe
3984	pGhNvHX.exe
4408	UzEZjcS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/436-0-0x00007FF6EF130000-0x00007FF6EF522000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-62.dat	upx
behavioral2/files/0x000a000000023b97-51.dat	upx
behavioral2/files/0x000a000000023b9a-48.dat	upx
behavioral2/files/0x000a000000023b92-47.dat	upx
behavioral2/files/0x000a000000023b99-43.dat	upx
behavioral2/files/0x000a000000023b96-66.dat	upx
behavioral2/files/0x000a000000023b9b-58.dat	upx
behavioral2/memory/3968-39-0x00007FF6FE340000-0x00007FF6FE732000-memory.dmp	upx
behavioral2/files/0x000b000000023b8d-32.dat	upx
behavioral2/files/0x000a000000023b95-28.dat	upx
behavioral2/files/0x000a000000023b94-27.dat	upx
behavioral2/files/0x000a000000023b98-38.dat	upx
behavioral2/files/0x000a000000023b91-20.dat	upx
behavioral2/memory/3248-19-0x00007FF68F0D0000-0x00007FF68F4C2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-112.dat	upx
behavioral2/memory/1028-131-0x00007FF6032D0000-0x00007FF6036C2000-memory.dmp	upx
behavioral2/memory/3480-133-0x00007FF7D5560000-0x00007FF7D5952000-memory.dmp	upx
behavioral2/memory/928-137-0x00007FF602AF0000-0x00007FF602EE2000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-147.dat	upx
behavioral2/memory/3932-329-0x00007FF74D700000-0x00007FF74DAF2000-memory.dmp	upx
behavioral2/memory/1716-348-0x00007FF73C250000-0x00007FF73C642000-memory.dmp	upx
behavioral2/memory/3404-606-0x00007FF63B840000-0x00007FF63BC32000-memory.dmp	upx
behavioral2/memory/1736-542-0x00007FF73F5F0000-0x00007FF73F9E2000-memory.dmp	upx
behavioral2/memory/952-499-0x00007FF6DC1C0000-0x00007FF6DC5B2000-memory.dmp	upx
behavioral2/memory/2124-471-0x00007FF78C8C0000-0x00007FF78CCB2000-memory.dmp	upx
behavioral2/memory/1516-470-0x00007FF747450000-0x00007FF747842000-memory.dmp	upx
behavioral2/memory/5044-407-0x00007FF79DCA0000-0x00007FF79E092000-memory.dmp	upx
behavioral2/memory/4300-296-0x00007FF7F7610000-0x00007FF7F7A02000-memory.dmp	upx
behavioral2/memory/4468-250-0x00007FF771010000-0x00007FF771402000-memory.dmp	upx
behavioral2/files/0x000a000000023bb8-225.dat	upx
behavioral2/files/0x0031000000023bb7-224.dat	upx
behavioral2/files/0x0031000000023bb6-223.dat	upx
behavioral2/files/0x0031000000023bb5-222.dat	upx
behavioral2/files/0x000a000000023bb4-221.dat	upx
behavioral2/memory/4412-219-0x00007FF722390000-0x00007FF722782000-memory.dmp	upx
behavioral2/memory/2196-216-0x00007FF652E70000-0x00007FF653262000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-196.dat	upx
behavioral2/files/0x000a000000023ba5-189.dat	upx
behavioral2/files/0x000a000000023bab-188.dat	upx
behavioral2/files/0x000a000000023bb1-187.dat	upx
behavioral2/files/0x000a000000023bb0-185.dat	upx
behavioral2/files/0x000a000000023baf-183.dat	upx
behavioral2/files/0x000a000000023bae-172.dat	upx
behavioral2/files/0x000a000000023bad-167.dat	upx
behavioral2/files/0x000a000000023ba1-157.dat	upx
behavioral2/files/0x000a000000023b9f-153.dat	upx
behavioral2/files/0x000a000000023b9e-150.dat	upx
behavioral2/files/0x000a000000023b9d-141.dat	upx
behavioral2/files/0x000a000000023bb3-220.dat	upx
behavioral2/memory/4992-138-0x00007FF6D0BE0000-0x00007FF6D0FD2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-199.dat	upx
behavioral2/files/0x000a000000023ba4-192.dat	upx
behavioral2/memory/1348-136-0x00007FF61B290000-0x00007FF61B682000-memory.dmp	upx
behavioral2/memory/2004-135-0x00007FF7B1CB0000-0x00007FF7B20A2000-memory.dmp	upx
behavioral2/memory/884-134-0x00007FF6E7F50000-0x00007FF6E8342000-memory.dmp	upx
behavioral2/memory/4440-132-0x00007FF729610000-0x00007FF729A02000-memory.dmp	upx
behavioral2/memory/2340-130-0x00007FF603CA0000-0x00007FF604092000-memory.dmp	upx
behavioral2/memory/4628-129-0x00007FF7EE250000-0x00007FF7EE642000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-126.dat	upx
behavioral2/files/0x000a000000023b9c-120.dat	upx
behavioral2/files/0x000a000000023ba9-117.dat	upx
behavioral2/files/0x000a000000023ba3-107.dat	upx
behavioral2/files/0x000a000000023ba2-86.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\trVdwfh.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\dzeCaBc.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\TahjRVd.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\upTxnHh.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\vOhkkVW.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\weFDVul.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\pzYqVfR.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\eLnozjh.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\BkciHuI.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\LIPERZf.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\AgBlPnq.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\pNDkJoI.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\GsIRMWU.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\AOOIixP.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\buisdMR.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\qSlhJlp.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\xpUzkEF.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\RzHJLMD.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\ljpTioB.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\nFkuEOI.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\neSuwEw.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\zjXuqiB.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\xrPvruY.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\QqYenLH.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\ujHYRtJ.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\QLqBaJO.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\XEMbYiS.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\xKZrjfW.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\IPjYKZU.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\jraqRUA.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\gGVSmYT.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\FVXndZU.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\uaKJntv.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\KMoshMs.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\ZieeJrh.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\udbusEX.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\xQlCDig.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\hWlgeIb.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\xLxzOex.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\NdNSVmh.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\drligxi.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\mnfBqJK.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\LvKiOan.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\sWmiPHQ.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\TaYzQoA.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\nNZSRSb.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\UouSSjI.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\AfTyoMe.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\NeLDZAq.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\FhnXOmr.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\CLUaMSM.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\HJrucxA.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\ZfMVyvT.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\OpumwNP.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\cSBdpQg.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\YZpgIXQ.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\cKjGiNg.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\CMEOBdC.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\FPCQqgP.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\lPtOhoB.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\JZItpZV.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\ulXLaHB.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\PzeFFgt.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
File created	C:\Windows\System\VZxawfv.exe	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4368	powershell.exe
4368	powershell.exe
4368	powershell.exe
4368	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
876	Process not Found
8096	Process not Found
8076	Process not Found
6372	Process not Found
8116	Process not Found
8180	Process not Found
5932	Process not Found
6628	Process not Found
9412	Process not Found
6084	Process not Found
5280	Process not Found
2216	Process not Found
7044	Process not Found
8816	Process not Found
4416	Process not Found
7116	Process not Found
9124	Process not Found
5284	Process not Found
2756	Process not Found
7252	Process not Found
6324	Process not Found
8224	Process not Found
7580	Process not Found
7172	Process not Found
8632	Process not Found
8776	Process not Found
7240	Process not Found
8912	Process not Found
9764	Process not Found
10524	Process not Found
7460	Process not Found
6772	Process not Found
7572	Process not Found
1404	Process not Found
3336	Process not Found
2752	Process not Found
1916	Process not Found
2368	Process not Found
4408	Process not Found
5148	Process not Found
5236	Process not Found
5316	Process not Found
5364	Process not Found
5404	Process not Found
5556	Process not Found
5756	Process not Found
6012	Process not Found
4000	Process not Found
400	Process not Found
5248	Process not Found
6184	Process not Found
6616	Process not Found
6744	Process not Found
6860	Process not Found
6980	Process not Found
7148	Process not Found
5784	Process not Found
5868	Process not Found
5928	Process not Found
6080	Process not Found
1216	Process not Found
6612	Process not Found
6920	Process not Found
5588	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
Token: SeDebugPrivilege	4368	powershell.exe
Token: SeCreateGlobalPrivilege	3936	dwm.exe
Token: SeChangeNotifyPrivilege	3936	dwm.exe
Token: 33	3936	dwm.exe
Token: SeIncBasePriorityPrivilege	3936	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4368	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	84
PID 436 wrote to memory of 4368	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	84
PID 436 wrote to memory of 3248	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	85
PID 436 wrote to memory of 3248	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	85
PID 436 wrote to memory of 3968	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	86
PID 436 wrote to memory of 3968	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	86
PID 436 wrote to memory of 4440	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	87
PID 436 wrote to memory of 4440	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	87
PID 436 wrote to memory of 1736	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	88
PID 436 wrote to memory of 1736	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	88
PID 436 wrote to memory of 4628	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	89
PID 436 wrote to memory of 4628	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	89
PID 436 wrote to memory of 2340	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	90
PID 436 wrote to memory of 2340	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	90
PID 436 wrote to memory of 1028	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	91
PID 436 wrote to memory of 1028	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	91
PID 436 wrote to memory of 3480	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	92
PID 436 wrote to memory of 3480	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	92
PID 436 wrote to memory of 884	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	93
PID 436 wrote to memory of 884	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	93
PID 436 wrote to memory of 3404	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	94
PID 436 wrote to memory of 3404	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	94
PID 436 wrote to memory of 2004	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	95
PID 436 wrote to memory of 2004	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	95
PID 436 wrote to memory of 1348	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	96
PID 436 wrote to memory of 1348	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	96
PID 436 wrote to memory of 928	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	97
PID 436 wrote to memory of 928	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	97
PID 436 wrote to memory of 4992	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	98
PID 436 wrote to memory of 4992	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	98
PID 436 wrote to memory of 2196	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	99
PID 436 wrote to memory of 2196	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	99
PID 436 wrote to memory of 4412	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	100
PID 436 wrote to memory of 4412	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	100
PID 436 wrote to memory of 4468	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	101
PID 436 wrote to memory of 4468	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	101
PID 436 wrote to memory of 4300	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	102
PID 436 wrote to memory of 4300	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	102
PID 436 wrote to memory of 3932	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	103
PID 436 wrote to memory of 3932	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	103
PID 436 wrote to memory of 1716	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	104
PID 436 wrote to memory of 1716	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	104
PID 436 wrote to memory of 5044	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	105
PID 436 wrote to memory of 5044	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	105
PID 436 wrote to memory of 1516	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	106
PID 436 wrote to memory of 1516	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	106
PID 436 wrote to memory of 2124	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	107
PID 436 wrote to memory of 2124	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	107
PID 436 wrote to memory of 952	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	108
PID 436 wrote to memory of 952	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	108
PID 436 wrote to memory of 764	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	109
PID 436 wrote to memory of 764	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	109
PID 436 wrote to memory of 1708	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	110
PID 436 wrote to memory of 1708	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	110
PID 436 wrote to memory of 644	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	111
PID 436 wrote to memory of 644	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	111
PID 436 wrote to memory of 380	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	112
PID 436 wrote to memory of 380	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	112
PID 436 wrote to memory of 1344	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	113
PID 436 wrote to memory of 1344	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	113
PID 436 wrote to memory of 4972	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	114
PID 436 wrote to memory of 4972	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	114
PID 436 wrote to memory of 1204	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	115
PID 436 wrote to memory of 1204	436	0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe	115

C:\Users\Admin\AppData\Local\Temp\0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c44116212cc0c5217cf159831f10921_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4368
- C:\Windows\System\xreZxFE.exe
  C:\Windows\System\xreZxFE.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\ipYmuUu.exe
  C:\Windows\System\ipYmuUu.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\JZTdbjJ.exe
  C:\Windows\System\JZTdbjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\gdXoSln.exe
  C:\Windows\System\gdXoSln.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\QULtLvP.exe
  C:\Windows\System\QULtLvP.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\srNmxOo.exe
  C:\Windows\System\srNmxOo.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\hEbqPhY.exe
  C:\Windows\System\hEbqPhY.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\gxkbHfO.exe
  C:\Windows\System\gxkbHfO.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\XSIPcBq.exe
  C:\Windows\System\XSIPcBq.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\RaGUhRC.exe
  C:\Windows\System\RaGUhRC.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\PbBgSJJ.exe
  C:\Windows\System\PbBgSJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\aCJONgb.exe
  C:\Windows\System\aCJONgb.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\YmQljXN.exe
  C:\Windows\System\YmQljXN.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\aABEJtw.exe
  C:\Windows\System\aABEJtw.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\byUduSq.exe
  C:\Windows\System\byUduSq.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\kHUfXoa.exe
  C:\Windows\System\kHUfXoa.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\gqNLlIg.exe
  C:\Windows\System\gqNLlIg.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\TcyLzZd.exe
  C:\Windows\System\TcyLzZd.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\NFAIEZv.exe
  C:\Windows\System\NFAIEZv.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\UTPJzJa.exe
  C:\Windows\System\UTPJzJa.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\LdhtfwN.exe
  C:\Windows\System\LdhtfwN.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\kroKVbJ.exe
  C:\Windows\System\kroKVbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\mnzAIZp.exe
  C:\Windows\System\mnzAIZp.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\MLrRBFG.exe
  C:\Windows\System\MLrRBFG.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\OoTmJrK.exe
  C:\Windows\System\OoTmJrK.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\zcJTVYE.exe
  C:\Windows\System\zcJTVYE.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\WbKvdBb.exe
  C:\Windows\System\WbKvdBb.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\JEORVYO.exe
  C:\Windows\System\JEORVYO.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\gTlLLJd.exe
  C:\Windows\System\gTlLLJd.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\lfmLHMI.exe
  C:\Windows\System\lfmLHMI.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\WEURdkQ.exe
  C:\Windows\System\WEURdkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\fxfZrwp.exe
  C:\Windows\System\fxfZrwp.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\XHFXich.exe
  C:\Windows\System\XHFXich.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\VVBQKkb.exe
  C:\Windows\System\VVBQKkb.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\kMhWtMk.exe
  C:\Windows\System\kMhWtMk.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\zrOXihx.exe
  C:\Windows\System\zrOXihx.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\bRXktpm.exe
  C:\Windows\System\bRXktpm.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\ygTXJAn.exe
  C:\Windows\System\ygTXJAn.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\BKrTpdS.exe
  C:\Windows\System\BKrTpdS.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\sDDVcWb.exe
  C:\Windows\System\sDDVcWb.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\Dvjacuk.exe
  C:\Windows\System\Dvjacuk.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\DolWXid.exe
  C:\Windows\System\DolWXid.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\DYoNQyB.exe
  C:\Windows\System\DYoNQyB.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\gHsXvxe.exe
  C:\Windows\System\gHsXvxe.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\JDHnxaa.exe
  C:\Windows\System\JDHnxaa.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\EaoeTAK.exe
  C:\Windows\System\EaoeTAK.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\arKKujA.exe
  C:\Windows\System\arKKujA.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\WzQxRYV.exe
  C:\Windows\System\WzQxRYV.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\luYQIdp.exe
  C:\Windows\System\luYQIdp.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\YjwsDhC.exe
  C:\Windows\System\YjwsDhC.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\jUTBsMY.exe
  C:\Windows\System\jUTBsMY.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\rvbZeFS.exe
  C:\Windows\System\rvbZeFS.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\FgDrusB.exe
  C:\Windows\System\FgDrusB.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\RBOiETN.exe
  C:\Windows\System\RBOiETN.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\YHmJfdu.exe
  C:\Windows\System\YHmJfdu.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\OHyJiAH.exe
  C:\Windows\System\OHyJiAH.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\KpOccpO.exe
  C:\Windows\System\KpOccpO.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\LLNKozD.exe
  C:\Windows\System\LLNKozD.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\QgmtkIo.exe
  C:\Windows\System\QgmtkIo.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\EVdAJSa.exe
  C:\Windows\System\EVdAJSa.exe
  2⤵
  PID:2368
- C:\Windows\System\SPPHtAy.exe
  C:\Windows\System\SPPHtAy.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\JbrRFWV.exe
  C:\Windows\System\JbrRFWV.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\lTehLne.exe
  C:\Windows\System\lTehLne.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\pGhNvHX.exe
  C:\Windows\System\pGhNvHX.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\GZKtYxX.exe
  C:\Windows\System\GZKtYxX.exe
  2⤵
  PID:4620
- C:\Windows\System\UzEZjcS.exe
  C:\Windows\System\UzEZjcS.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\PCYqdOV.exe
  C:\Windows\System\PCYqdOV.exe
  2⤵
  PID:5008
- C:\Windows\System\yjaGIEl.exe
  C:\Windows\System\yjaGIEl.exe
  2⤵
  PID:1268
- C:\Windows\System\mYkITtR.exe
  C:\Windows\System\mYkITtR.exe
  2⤵
  PID:5128
- C:\Windows\System\tZWDasg.exe
  C:\Windows\System\tZWDasg.exe
  2⤵
  PID:5148
- C:\Windows\System\zDozjTZ.exe
  C:\Windows\System\zDozjTZ.exe
  2⤵
  PID:5164
- C:\Windows\System\jZdGEEB.exe
  C:\Windows\System\jZdGEEB.exe
  2⤵
  PID:5220
- C:\Windows\System\lgEnGmp.exe
  C:\Windows\System\lgEnGmp.exe
  2⤵
  PID:5236
- C:\Windows\System\mxfjUkr.exe
  C:\Windows\System\mxfjUkr.exe
  2⤵
  PID:5252
- C:\Windows\System\XhUXzXy.exe
  C:\Windows\System\XhUXzXy.exe
  2⤵
  PID:5272
- C:\Windows\System\mXqbgPj.exe
  C:\Windows\System\mXqbgPj.exe
  2⤵
  PID:5300
- C:\Windows\System\SuzbpKs.exe
  C:\Windows\System\SuzbpKs.exe
  2⤵
  PID:5316
- C:\Windows\System\TVZhGzz.exe
  C:\Windows\System\TVZhGzz.exe
  2⤵
  PID:5344
- C:\Windows\System\EzjAsDx.exe
  C:\Windows\System\EzjAsDx.exe
  2⤵
  PID:5364
- C:\Windows\System\eNkDlSk.exe
  C:\Windows\System\eNkDlSk.exe
  2⤵
  PID:5384
- C:\Windows\System\OgrsiDC.exe
  C:\Windows\System\OgrsiDC.exe
  2⤵
  PID:5404
- C:\Windows\System\zJFdCnE.exe
  C:\Windows\System\zJFdCnE.exe
  2⤵
  PID:5436
- C:\Windows\System\DCiRugs.exe
  C:\Windows\System\DCiRugs.exe
  2⤵
  PID:5452
- C:\Windows\System\BMiJMFZ.exe
  C:\Windows\System\BMiJMFZ.exe
  2⤵
  PID:5484
- C:\Windows\System\VPYjbmx.exe
  C:\Windows\System\VPYjbmx.exe
  2⤵
  PID:5556
- C:\Windows\System\pNDkJoI.exe
  C:\Windows\System\pNDkJoI.exe
  2⤵
  PID:5572
- C:\Windows\System\ywQyjbe.exe
  C:\Windows\System\ywQyjbe.exe
  2⤵
  PID:5592
- C:\Windows\System\ZJSnIQc.exe
  C:\Windows\System\ZJSnIQc.exe
  2⤵
  PID:5612
- C:\Windows\System\OMCoeYO.exe
  C:\Windows\System\OMCoeYO.exe
  2⤵
  PID:5632
- C:\Windows\System\vbtVXmh.exe
  C:\Windows\System\vbtVXmh.exe
  2⤵
  PID:5664
- C:\Windows\System\wkdrpVN.exe
  C:\Windows\System\wkdrpVN.exe
  2⤵
  PID:5680
- C:\Windows\System\UvyYCfu.exe
  C:\Windows\System\UvyYCfu.exe
  2⤵
  PID:5704
- C:\Windows\System\zaWAHhj.exe
  C:\Windows\System\zaWAHhj.exe
  2⤵
  PID:5732
- C:\Windows\System\peRZyKn.exe
  C:\Windows\System\peRZyKn.exe
  2⤵
  PID:5756
- C:\Windows\System\UtFchsu.exe
  C:\Windows\System\UtFchsu.exe
  2⤵
  PID:5772
- C:\Windows\System\OVwbnRm.exe
  C:\Windows\System\OVwbnRm.exe
  2⤵
  PID:5788
- C:\Windows\System\oEgqqwQ.exe
  C:\Windows\System\oEgqqwQ.exe
  2⤵
  PID:5832
- C:\Windows\System\svNIRFk.exe
  C:\Windows\System\svNIRFk.exe
  2⤵
  PID:5860
- C:\Windows\System\QBSbJdQ.exe
  C:\Windows\System\QBSbJdQ.exe
  2⤵
  PID:5948
- C:\Windows\System\RcUUpsz.exe
  C:\Windows\System\RcUUpsz.exe
  2⤵
  PID:5980
- C:\Windows\System\QQXmVBe.exe
  C:\Windows\System\QQXmVBe.exe
  2⤵
  PID:5996
- C:\Windows\System\PRSosuS.exe
  C:\Windows\System\PRSosuS.exe
  2⤵
  PID:6012
- C:\Windows\System\dnhNBZZ.exe
  C:\Windows\System\dnhNBZZ.exe
  2⤵
  PID:6044
- C:\Windows\System\MSLcroj.exe
  C:\Windows\System\MSLcroj.exe
  2⤵
  PID:6068
- C:\Windows\System\IGIEylh.exe
  C:\Windows\System\IGIEylh.exe
  2⤵
  PID:6088
- C:\Windows\System\zNTHbso.exe
  C:\Windows\System\zNTHbso.exe
  2⤵
  PID:6108
- C:\Windows\System\mHBXyLt.exe
  C:\Windows\System\mHBXyLt.exe
  2⤵
  PID:6124
- C:\Windows\System\XCZmdaQ.exe
  C:\Windows\System\XCZmdaQ.exe
  2⤵
  PID:4732
- C:\Windows\System\LTNBZap.exe
  C:\Windows\System\LTNBZap.exe
  2⤵
  PID:3876
- C:\Windows\System\PUokCJr.exe
  C:\Windows\System\PUokCJr.exe
  2⤵
  PID:208
- C:\Windows\System\YkwUhUi.exe
  C:\Windows\System\YkwUhUi.exe
  2⤵
  PID:1628
- C:\Windows\System\fPCzfoD.exe
  C:\Windows\System\fPCzfoD.exe
  2⤵
  PID:2356
- C:\Windows\System\AgmBykL.exe
  C:\Windows\System\AgmBykL.exe
  2⤵
  PID:1296
- C:\Windows\System\BArKRYP.exe
  C:\Windows\System\BArKRYP.exe
  2⤵
  PID:2092
- C:\Windows\System\ydJncsB.exe
  C:\Windows\System\ydJncsB.exe
  2⤵
  PID:4000
- C:\Windows\System\YqFwlUt.exe
  C:\Windows\System\YqFwlUt.exe
  2⤵
  PID:3988
- C:\Windows\System\aRoHfpA.exe
  C:\Windows\System\aRoHfpA.exe
  2⤵
  PID:1632
- C:\Windows\System\nrcIJAf.exe
  C:\Windows\System\nrcIJAf.exe
  2⤵
  PID:4728
- C:\Windows\System\KtEJRlB.exe
  C:\Windows\System\KtEJRlB.exe
  2⤵
  PID:5392
- C:\Windows\System\cBxDDEW.exe
  C:\Windows\System\cBxDDEW.exe
  2⤵
  PID:400
- C:\Windows\System\VKfnoMT.exe
  C:\Windows\System\VKfnoMT.exe
  2⤵
  PID:1264
- C:\Windows\System\acTrOQn.exe
  C:\Windows\System\acTrOQn.exe
  2⤵
  PID:4304
- C:\Windows\System\qPnHZTV.exe
  C:\Windows\System\qPnHZTV.exe
  2⤵
  PID:1304
- C:\Windows\System\ZJqcSLg.exe
  C:\Windows\System\ZJqcSLg.exe
  2⤵
  PID:3672
- C:\Windows\System\naoVURB.exe
  C:\Windows\System\naoVURB.exe
  2⤵
  PID:4692
- C:\Windows\System\fWrEPiu.exe
  C:\Windows\System\fWrEPiu.exe
  2⤵
  PID:5172
- C:\Windows\System\LbOEUcH.exe
  C:\Windows\System\LbOEUcH.exe
  2⤵
  PID:5216
- C:\Windows\System\msFarky.exe
  C:\Windows\System\msFarky.exe
  2⤵
  PID:5248
- C:\Windows\System\XucItUS.exe
  C:\Windows\System\XucItUS.exe
  2⤵
  PID:5288
- C:\Windows\System\cBsNkHA.exe
  C:\Windows\System\cBsNkHA.exe
  2⤵
  PID:5372
- C:\Windows\System\tWdvHMe.exe
  C:\Windows\System\tWdvHMe.exe
  2⤵
  PID:6020
- C:\Windows\System\IoQCgWL.exe
  C:\Windows\System\IoQCgWL.exe
  2⤵
  PID:6152
- C:\Windows\System\OlCRTVk.exe
  C:\Windows\System\OlCRTVk.exe
  2⤵
  PID:6184
- C:\Windows\System\mFQcDef.exe
  C:\Windows\System\mFQcDef.exe
  2⤵
  PID:6212
- C:\Windows\System\WULCfFB.exe
  C:\Windows\System\WULCfFB.exe
  2⤵
  PID:6228
- C:\Windows\System\wUgmNjl.exe
  C:\Windows\System\wUgmNjl.exe
  2⤵
  PID:6252
- C:\Windows\System\kUGOjAc.exe
  C:\Windows\System\kUGOjAc.exe
  2⤵
  PID:6284
- C:\Windows\System\GczWPFZ.exe
  C:\Windows\System\GczWPFZ.exe
  2⤵
  PID:6308
- C:\Windows\System\tOzYcyt.exe
  C:\Windows\System\tOzYcyt.exe
  2⤵
  PID:6340
- C:\Windows\System\ADxviSP.exe
  C:\Windows\System\ADxviSP.exe
  2⤵
  PID:6356
- C:\Windows\System\WqVWPyg.exe
  C:\Windows\System\WqVWPyg.exe
  2⤵
  PID:6568
- C:\Windows\System\EsCkxtp.exe
  C:\Windows\System\EsCkxtp.exe
  2⤵
  PID:6600
- C:\Windows\System\OKUaxhY.exe
  C:\Windows\System\OKUaxhY.exe
  2⤵
  PID:6616
- C:\Windows\System\mjbbABM.exe
  C:\Windows\System\mjbbABM.exe
  2⤵
  PID:6636
- C:\Windows\System\wxsbtZY.exe
  C:\Windows\System\wxsbtZY.exe
  2⤵
  PID:6652
- C:\Windows\System\NKYkmTl.exe
  C:\Windows\System\NKYkmTl.exe
  2⤵
  PID:6668
- C:\Windows\System\gEsIJuj.exe
  C:\Windows\System\gEsIJuj.exe
  2⤵
  PID:6704
- C:\Windows\System\efUVYQI.exe
  C:\Windows\System\efUVYQI.exe
  2⤵
  PID:6728
- C:\Windows\System\WSbSBiD.exe
  C:\Windows\System\WSbSBiD.exe
  2⤵
  PID:6744
- C:\Windows\System\oWANrNa.exe
  C:\Windows\System\oWANrNa.exe
  2⤵
  PID:6760
- C:\Windows\System\vTiEZWO.exe
  C:\Windows\System\vTiEZWO.exe
  2⤵
  PID:6776
- C:\Windows\System\cHBesIn.exe
  C:\Windows\System\cHBesIn.exe
  2⤵
  PID:6796
- C:\Windows\System\XqstaVI.exe
  C:\Windows\System\XqstaVI.exe
  2⤵
  PID:6824
- C:\Windows\System\yuZhxJP.exe
  C:\Windows\System\yuZhxJP.exe
  2⤵
  PID:6860
- C:\Windows\System\hyojeHs.exe
  C:\Windows\System\hyojeHs.exe
  2⤵
  PID:6884
- C:\Windows\System\AUsyOiC.exe
  C:\Windows\System\AUsyOiC.exe
  2⤵
  PID:6912
- C:\Windows\System\tVrSIgn.exe
  C:\Windows\System\tVrSIgn.exe
  2⤵
  PID:6960
- C:\Windows\System\AKeaUkx.exe
  C:\Windows\System\AKeaUkx.exe
  2⤵
  PID:6980
- C:\Windows\System\TZZDQVf.exe
  C:\Windows\System\TZZDQVf.exe
  2⤵
  PID:7000
- C:\Windows\System\jNiCnxM.exe
  C:\Windows\System\jNiCnxM.exe
  2⤵
  PID:7028
- C:\Windows\System\ifVNZPC.exe
  C:\Windows\System\ifVNZPC.exe
  2⤵
  PID:7048
- C:\Windows\System\yRtgpxe.exe
  C:\Windows\System\yRtgpxe.exe
  2⤵
  PID:7100
- C:\Windows\System\OhvhyIG.exe
  C:\Windows\System\OhvhyIG.exe
  2⤵
  PID:7124
- C:\Windows\System\sDEMvCp.exe
  C:\Windows\System\sDEMvCp.exe
  2⤵
  PID:7148
- C:\Windows\System\bWCNJIw.exe
  C:\Windows\System\bWCNJIw.exe
  2⤵
  PID:5476
- C:\Windows\System\xoQHywJ.exe
  C:\Windows\System\xoQHywJ.exe
  2⤵
  PID:5852
- C:\Windows\System\qtRaQNr.exe
  C:\Windows\System\qtRaQNr.exe
  2⤵
  PID:5548
- C:\Windows\System\TtqVLpw.exe
  C:\Windows\System\TtqVLpw.exe
  2⤵
  PID:5564
- C:\Windows\System\RvWRKxW.exe
  C:\Windows\System\RvWRKxW.exe
  2⤵
  PID:5600
- C:\Windows\System\jCddqEl.exe
  C:\Windows\System\jCddqEl.exe
  2⤵
  PID:5672
- C:\Windows\System\sGeSzBr.exe
  C:\Windows\System\sGeSzBr.exe
  2⤵
  PID:5744
- C:\Windows\System\XXhfqzK.exe
  C:\Windows\System\XXhfqzK.exe
  2⤵
  PID:5784
- C:\Windows\System\xrXsGkG.exe
  C:\Windows\System\xrXsGkG.exe
  2⤵
  PID:5816
- C:\Windows\System\PYWhhZv.exe
  C:\Windows\System\PYWhhZv.exe
  2⤵
  PID:5868
- C:\Windows\System\KaIZQBN.exe
  C:\Windows\System\KaIZQBN.exe
  2⤵
  PID:6316
- C:\Windows\System\TPcXiPN.exe
  C:\Windows\System\TPcXiPN.exe
  2⤵
  PID:2180
- C:\Windows\System\nkxAnbc.exe
  C:\Windows\System\nkxAnbc.exe
  2⤵
  PID:5424
- C:\Windows\System\IZlqftY.exe
  C:\Windows\System\IZlqftY.exe
  2⤵
  PID:6220
- C:\Windows\System\NbDWFKB.exe
  C:\Windows\System\NbDWFKB.exe
  2⤵
  PID:5928
- C:\Windows\System\GYybeYE.exe
  C:\Windows\System\GYybeYE.exe
  2⤵
  PID:5988
- C:\Windows\System\OZxFhVV.exe
  C:\Windows\System\OZxFhVV.exe
  2⤵
  PID:6080
- C:\Windows\System\OeMRsdd.exe
  C:\Windows\System\OeMRsdd.exe
  2⤵
  PID:6120
- C:\Windows\System\RRjcnhT.exe
  C:\Windows\System\RRjcnhT.exe
  2⤵
  PID:4712
- C:\Windows\System\EsfHhKq.exe
  C:\Windows\System\EsfHhKq.exe
  2⤵
  PID:1020
- C:\Windows\System\wdpBHjf.exe
  C:\Windows\System\wdpBHjf.exe
  2⤵
  PID:1216
- C:\Windows\System\cRVFxqI.exe
  C:\Windows\System\cRVFxqI.exe
  2⤵
  PID:4244
- C:\Windows\System\aXLHmBL.exe
  C:\Windows\System\aXLHmBL.exe
  2⤵
  PID:6576
- C:\Windows\System\brooxku.exe
  C:\Windows\System\brooxku.exe
  2⤵
  PID:6596
- C:\Windows\System\KVVnHhK.exe
  C:\Windows\System\KVVnHhK.exe
  2⤵
  PID:6612
- C:\Windows\System\tAsrgnG.exe
  C:\Windows\System\tAsrgnG.exe
  2⤵
  PID:2732
- C:\Windows\System\SOEiIgt.exe
  C:\Windows\System\SOEiIgt.exe
  2⤵
  PID:5264
- C:\Windows\System\HaYETmX.exe
  C:\Windows\System\HaYETmX.exe
  2⤵
  PID:6920
- C:\Windows\System\VUnKxRR.exe
  C:\Windows\System\VUnKxRR.exe
  2⤵
  PID:6300
- C:\Windows\System\IDwmKEr.exe
  C:\Windows\System\IDwmKEr.exe
  2⤵
  PID:6392
- C:\Windows\System\VvWamQh.exe
  C:\Windows\System\VvWamQh.exe
  2⤵
  PID:5588
- C:\Windows\System\HKydDBt.exe
  C:\Windows\System\HKydDBt.exe
  2⤵
  PID:6504
- C:\Windows\System\UVavczl.exe
  C:\Windows\System\UVavczl.exe
  2⤵
  PID:3812
- C:\Windows\System\EewjWwq.exe
  C:\Windows\System\EewjWwq.exe
  2⤵
  PID:5964
- C:\Windows\System\dkrlJTN.exe
  C:\Windows\System\dkrlJTN.exe
  2⤵
  PID:6608
- C:\Windows\System\oXYbTxf.exe
  C:\Windows\System\oXYbTxf.exe
  2⤵
  PID:7192
- C:\Windows\System\TDpsrdL.exe
  C:\Windows\System\TDpsrdL.exe
  2⤵
  PID:7216
- C:\Windows\System\BvKCnpE.exe
  C:\Windows\System\BvKCnpE.exe
  2⤵
  PID:7236
- C:\Windows\System\iDllPIe.exe
  C:\Windows\System\iDllPIe.exe
  2⤵
  PID:7256
- C:\Windows\System\BpFailS.exe
  C:\Windows\System\BpFailS.exe
  2⤵
  PID:7324
- C:\Windows\System\seKBKZG.exe
  C:\Windows\System\seKBKZG.exe
  2⤵
  PID:7344
- C:\Windows\System\bQpDSEH.exe
  C:\Windows\System\bQpDSEH.exe
  2⤵
  PID:7368
- C:\Windows\System\AzHjlmm.exe
  C:\Windows\System\AzHjlmm.exe
  2⤵
  PID:7388
- C:\Windows\System\ClfSzCy.exe
  C:\Windows\System\ClfSzCy.exe
  2⤵
  PID:7408
- C:\Windows\System\XEumDFF.exe
  C:\Windows\System\XEumDFF.exe
  2⤵
  PID:7432
- C:\Windows\System\KffwHpk.exe
  C:\Windows\System\KffwHpk.exe
  2⤵
  PID:7456
- C:\Windows\System\kJiwcRP.exe
  C:\Windows\System\kJiwcRP.exe
  2⤵
  PID:7476
- C:\Windows\System\gjrHjof.exe
  C:\Windows\System\gjrHjof.exe
  2⤵
  PID:7504
- C:\Windows\System\FAyqflO.exe
  C:\Windows\System\FAyqflO.exe
  2⤵
  PID:7524
- C:\Windows\System\roWOomU.exe
  C:\Windows\System\roWOomU.exe
  2⤵
  PID:7544
- C:\Windows\System\gbSgCom.exe
  C:\Windows\System\gbSgCom.exe
  2⤵
  PID:7568
- C:\Windows\System\tGDvwPw.exe
  C:\Windows\System\tGDvwPw.exe
  2⤵
  PID:7588
- C:\Windows\System\kiqRQef.exe
  C:\Windows\System\kiqRQef.exe
  2⤵
  PID:7616
- C:\Windows\System\Plxihnf.exe
  C:\Windows\System\Plxihnf.exe
  2⤵
  PID:7632
- C:\Windows\System\VvCxsEu.exe
  C:\Windows\System\VvCxsEu.exe
  2⤵
  PID:7648
- C:\Windows\System\AnHbtZF.exe
  C:\Windows\System\AnHbtZF.exe
  2⤵
  PID:7672
- C:\Windows\System\ZlDNVYs.exe
  C:\Windows\System\ZlDNVYs.exe
  2⤵
  PID:7692
- C:\Windows\System\tYsjMLD.exe
  C:\Windows\System\tYsjMLD.exe
  2⤵
  PID:7716
- C:\Windows\System\eTixhZE.exe
  C:\Windows\System\eTixhZE.exe
  2⤵
  PID:7736
- C:\Windows\System\DJvuXbU.exe
  C:\Windows\System\DJvuXbU.exe
  2⤵
  PID:7760
- C:\Windows\System\EQXaSUJ.exe
  C:\Windows\System\EQXaSUJ.exe
  2⤵
  PID:7788
- C:\Windows\System\iDoCpru.exe
  C:\Windows\System\iDoCpru.exe
  2⤵
  PID:7804
- C:\Windows\System\TGLsbhG.exe
  C:\Windows\System\TGLsbhG.exe
  2⤵
  PID:7832
- C:\Windows\System\nQunbpn.exe
  C:\Windows\System\nQunbpn.exe
  2⤵
  PID:7852
- C:\Windows\System\JNwyOhw.exe
  C:\Windows\System\JNwyOhw.exe
  2⤵
  PID:7868
- C:\Windows\System\LReKaSI.exe
  C:\Windows\System\LReKaSI.exe
  2⤵
  PID:7892
- C:\Windows\System\rpeHaph.exe
  C:\Windows\System\rpeHaph.exe
  2⤵
  PID:7908
- C:\Windows\System\cVWanvC.exe
  C:\Windows\System\cVWanvC.exe
  2⤵
  PID:7996
- C:\Windows\System\aXbolsK.exe
  C:\Windows\System\aXbolsK.exe
  2⤵
  PID:8020
- C:\Windows\System\FoXojLT.exe
  C:\Windows\System\FoXojLT.exe
  2⤵
  PID:8040
- C:\Windows\System\YBmuOKv.exe
  C:\Windows\System\YBmuOKv.exe
  2⤵
  PID:8064
- C:\Windows\System\neeYVQf.exe
  C:\Windows\System\neeYVQf.exe
  2⤵
  PID:8108
- C:\Windows\System\NrINkzl.exe
  C:\Windows\System\NrINkzl.exe
  2⤵
  PID:8128
- C:\Windows\System\MyqZSmr.exe
  C:\Windows\System\MyqZSmr.exe
  2⤵
  PID:8152
- C:\Windows\System\JCFydLH.exe
  C:\Windows\System\JCFydLH.exe
  2⤵
  PID:8184
- C:\Windows\System\mncvSbK.exe
  C:\Windows\System\mncvSbK.exe
  2⤵
  PID:2636
- C:\Windows\System\qyGaWqq.exe
  C:\Windows\System\qyGaWqq.exe
  2⤵
  PID:6632
- C:\Windows\System\iSgvhAw.exe
  C:\Windows\System\iSgvhAw.exe
  2⤵
  PID:6660
- C:\Windows\System\tocWOTu.exe
  C:\Windows\System\tocWOTu.exe
  2⤵
  PID:6740
- C:\Windows\System\hwABmMy.exe
  C:\Windows\System\hwABmMy.exe
  2⤵
  PID:5528
- C:\Windows\System\xyOLjiT.exe
  C:\Windows\System\xyOLjiT.exe
  2⤵
  PID:6832
- C:\Windows\System\SnVgGDX.exe
  C:\Windows\System\SnVgGDX.exe
  2⤵
  PID:6868
- C:\Windows\System\Evsubpk.exe
  C:\Windows\System\Evsubpk.exe
  2⤵
  PID:6952
- C:\Windows\System\PuCQoJk.exe
  C:\Windows\System\PuCQoJk.exe
  2⤵
  PID:7008
- C:\Windows\System\MpIztPA.exe
  C:\Windows\System\MpIztPA.exe
  2⤵
  PID:7060
- C:\Windows\System\RjGQMHz.exe
  C:\Windows\System\RjGQMHz.exe
  2⤵
  PID:7224
- C:\Windows\System\xGvrrsv.exe
  C:\Windows\System\xGvrrsv.exe
  2⤵
  PID:7120
- C:\Windows\System\dwhKDeb.exe
  C:\Windows\System\dwhKDeb.exe
  2⤵
  PID:7160
- C:\Windows\System\TpZfPuw.exe
  C:\Windows\System\TpZfPuw.exe
  2⤵
  PID:5604
- C:\Windows\System\EjIFYrS.exe
  C:\Windows\System\EjIFYrS.exe
  2⤵
  PID:6280
- C:\Windows\System\mDETDFB.exe
  C:\Windows\System\mDETDFB.exe
  2⤵
  PID:6176
- C:\Windows\System\uAPOgTW.exe
  C:\Windows\System\uAPOgTW.exe
  2⤵
  PID:7624
- C:\Windows\System\gIEbotH.exe
  C:\Windows\System\gIEbotH.exe
  2⤵
  PID:7772
- C:\Windows\System\BFLAFzo.exe
  C:\Windows\System\BFLAFzo.exe
  2⤵
  PID:7840
- C:\Windows\System\XzWVGGx.exe
  C:\Windows\System\XzWVGGx.exe
  2⤵
  PID:5124
- C:\Windows\System\HOucErq.exe
  C:\Windows\System\HOucErq.exe
  2⤵
  PID:3996
- C:\Windows\System\ySvedTc.exe
  C:\Windows\System\ySvedTc.exe
  2⤵
  PID:6260
- C:\Windows\System\nueKUeA.exe
  C:\Windows\System\nueKUeA.exe
  2⤵
  PID:5244
- C:\Windows\System\gFafSpJ.exe
  C:\Windows\System\gFafSpJ.exe
  2⤵
  PID:6180
- C:\Windows\System\fffOuMa.exe
  C:\Windows\System\fffOuMa.exe
  2⤵
  PID:7564
- C:\Windows\System\TLuBZah.exe
  C:\Windows\System\TLuBZah.exe
  2⤵
  PID:8208
- C:\Windows\System\ebyQgiO.exe
  C:\Windows\System\ebyQgiO.exe
  2⤵
  PID:8228
- C:\Windows\System\CZXkhkB.exe
  C:\Windows\System\CZXkhkB.exe
  2⤵
  PID:8252
- C:\Windows\System\cJDdMBN.exe
  C:\Windows\System\cJDdMBN.exe
  2⤵
  PID:8276
- C:\Windows\System\SHAmKCy.exe
  C:\Windows\System\SHAmKCy.exe
  2⤵
  PID:8292
- C:\Windows\System\ejhpzeZ.exe
  C:\Windows\System\ejhpzeZ.exe
  2⤵
  PID:8316
- C:\Windows\System\HrvDfYk.exe
  C:\Windows\System\HrvDfYk.exe
  2⤵
  PID:8340
- C:\Windows\System\rvRVPxl.exe
  C:\Windows\System\rvRVPxl.exe
  2⤵
  PID:8360
- C:\Windows\System\rNpMzwe.exe
  C:\Windows\System\rNpMzwe.exe
  2⤵
  PID:8380
- C:\Windows\System\hAdOMSs.exe
  C:\Windows\System\hAdOMSs.exe
  2⤵
  PID:8400
- C:\Windows\System\mHLRDTV.exe
  C:\Windows\System\mHLRDTV.exe
  2⤵
  PID:8416
- C:\Windows\System\zGwwwsB.exe
  C:\Windows\System\zGwwwsB.exe
  2⤵
  PID:8436
- C:\Windows\System\jnkottH.exe
  C:\Windows\System\jnkottH.exe
  2⤵
  PID:8452
- C:\Windows\System\jQqtnHN.exe
  C:\Windows\System\jQqtnHN.exe
  2⤵
  PID:8472
- C:\Windows\System\WWsklux.exe
  C:\Windows\System\WWsklux.exe
  2⤵
  PID:8496
- C:\Windows\System\SklYZAr.exe
  C:\Windows\System\SklYZAr.exe
  2⤵
  PID:8516
- C:\Windows\System\usvQNcF.exe
  C:\Windows\System\usvQNcF.exe
  2⤵
  PID:8536
- C:\Windows\System\DFUoIzF.exe
  C:\Windows\System\DFUoIzF.exe
  2⤵
  PID:8564
- C:\Windows\System\nNMICmw.exe
  C:\Windows\System\nNMICmw.exe
  2⤵
  PID:8580
- C:\Windows\System\IhFjKFk.exe
  C:\Windows\System\IhFjKFk.exe
  2⤵
  PID:8600
- C:\Windows\System\QIXZvzb.exe
  C:\Windows\System\QIXZvzb.exe
  2⤵
  PID:8620
- C:\Windows\System\CxkiPVt.exe
  C:\Windows\System\CxkiPVt.exe
  2⤵
  PID:8644
- C:\Windows\System\mbEOxGx.exe
  C:\Windows\System\mbEOxGx.exe
  2⤵
  PID:8668
- C:\Windows\System\JRAAMzC.exe
  C:\Windows\System\JRAAMzC.exe
  2⤵
  PID:8688
- C:\Windows\System\PwrvKUK.exe
  C:\Windows\System\PwrvKUK.exe
  2⤵
  PID:8716
- C:\Windows\System\tZLVHzg.exe
  C:\Windows\System\tZLVHzg.exe
  2⤵
  PID:8732
- C:\Windows\System\vTHxRwD.exe
  C:\Windows\System\vTHxRwD.exe
  2⤵
  PID:8756
- C:\Windows\System\fktlacY.exe
  C:\Windows\System\fktlacY.exe
  2⤵
  PID:8788
- C:\Windows\System\GArPYEB.exe
  C:\Windows\System\GArPYEB.exe
  2⤵
  PID:8804
- C:\Windows\System\KIrtCRC.exe
  C:\Windows\System\KIrtCRC.exe
  2⤵
  PID:8828
- C:\Windows\System\RIVeCui.exe
  C:\Windows\System\RIVeCui.exe
  2⤵
  PID:8848
- C:\Windows\System\oAkRMXy.exe
  C:\Windows\System\oAkRMXy.exe
  2⤵
  PID:8864
- C:\Windows\System\tQpPvwa.exe
  C:\Windows\System\tQpPvwa.exe
  2⤵
  PID:8884
- C:\Windows\System\pJUUAjb.exe
  C:\Windows\System\pJUUAjb.exe
  2⤵
  PID:8900
- C:\Windows\System\jZCvRhQ.exe
  C:\Windows\System\jZCvRhQ.exe
  2⤵
  PID:8928
- C:\Windows\System\InIMrCo.exe
  C:\Windows\System\InIMrCo.exe
  2⤵
  PID:8956
- C:\Windows\System\XIhOySF.exe
  C:\Windows\System\XIhOySF.exe
  2⤵
  PID:8972
- C:\Windows\System\ZKjRlCG.exe
  C:\Windows\System\ZKjRlCG.exe
  2⤵
  PID:8988
- C:\Windows\System\QxIpQRM.exe
  C:\Windows\System\QxIpQRM.exe
  2⤵
  PID:9004
- C:\Windows\System\XvpNjdk.exe
  C:\Windows\System\XvpNjdk.exe
  2⤵
  PID:9020
- C:\Windows\System\aKgUkNS.exe
  C:\Windows\System\aKgUkNS.exe
  2⤵
  PID:9044
- C:\Windows\System\PHBxpGZ.exe
  C:\Windows\System\PHBxpGZ.exe
  2⤵
  PID:9068
- C:\Windows\System\dCNoABd.exe
  C:\Windows\System\dCNoABd.exe
  2⤵
  PID:9088
- C:\Windows\System\AujKBIM.exe
  C:\Windows\System\AujKBIM.exe
  2⤵
  PID:9108
- C:\Windows\System\WzebOen.exe
  C:\Windows\System\WzebOen.exe
  2⤵
  PID:9156
- C:\Windows\System\ivAHvcM.exe
  C:\Windows\System\ivAHvcM.exe
  2⤵
  PID:9204
- C:\Windows\System\NDCHmuy.exe
  C:\Windows\System\NDCHmuy.exe
  2⤵
  PID:7604
- C:\Windows\System\hhnGTzM.exe
  C:\Windows\System\hhnGTzM.exe
  2⤵
  PID:6492
- C:\Windows\System\wRiYhyr.exe
  C:\Windows\System\wRiYhyr.exe
  2⤵
  PID:5892
- C:\Windows\System\YEnRxWU.exe
  C:\Windows\System\YEnRxWU.exe
  2⤵
  PID:7744
- C:\Windows\System\jeLgiqd.exe
  C:\Windows\System\jeLgiqd.exe
  2⤵
  PID:6784
- C:\Windows\System\IancEjs.exe
  C:\Windows\System\IancEjs.exe
  2⤵
  PID:6852
- C:\Windows\System\cgpUDyb.exe
  C:\Windows\System\cgpUDyb.exe
  2⤵
  PID:7108
- C:\Windows\System\DxwmqYx.exe
  C:\Windows\System\DxwmqYx.exe
  2⤵
  PID:7292
- C:\Windows\System\vOhkkVW.exe
  C:\Windows\System\vOhkkVW.exe
  2⤵
  PID:7336
- C:\Windows\System\gPFSJCD.exe
  C:\Windows\System\gPFSJCD.exe
  2⤵
  PID:7376
- C:\Windows\System\rHfbtNE.exe
  C:\Windows\System\rHfbtNE.exe
  2⤵
  PID:7424
- C:\Windows\System\uDeLRka.exe
  C:\Windows\System\uDeLRka.exe
  2⤵
  PID:7512
- C:\Windows\System\MceuGCz.exe
  C:\Windows\System\MceuGCz.exe
  2⤵
  PID:7552
- C:\Windows\System\rxsShif.exe
  C:\Windows\System\rxsShif.exe
  2⤵
  PID:7600
- C:\Windows\System\BbHWrlE.exe
  C:\Windows\System\BbHWrlE.exe
  2⤵
  PID:8356
- C:\Windows\System\StFLYhq.exe
  C:\Windows\System\StFLYhq.exe
  2⤵
  PID:8424
- C:\Windows\System\xtBINUQ.exe
  C:\Windows\System\xtBINUQ.exe
  2⤵
  PID:8508
- C:\Windows\System\kWuNVxP.exe
  C:\Windows\System\kWuNVxP.exe
  2⤵
  PID:9232
- C:\Windows\System\gGVSmYT.exe
  C:\Windows\System\gGVSmYT.exe
  2⤵
  PID:9256
- C:\Windows\System\CelbGeF.exe
  C:\Windows\System\CelbGeF.exe
  2⤵
  PID:9280
- C:\Windows\System\weFDVul.exe
  C:\Windows\System\weFDVul.exe
  2⤵
  PID:9300
- C:\Windows\System\LzWGKIo.exe
  C:\Windows\System\LzWGKIo.exe
  2⤵
  PID:9324
- C:\Windows\System\qjAIfJf.exe
  C:\Windows\System\qjAIfJf.exe
  2⤵
  PID:9344
- C:\Windows\System\pscdulq.exe
  C:\Windows\System\pscdulq.exe
  2⤵
  PID:9372
- C:\Windows\System\HsIucFV.exe
  C:\Windows\System\HsIucFV.exe
  2⤵
  PID:9396
- C:\Windows\System\oGUdUjG.exe
  C:\Windows\System\oGUdUjG.exe
  2⤵
  PID:9420
- C:\Windows\System\sEaRqrC.exe
  C:\Windows\System\sEaRqrC.exe
  2⤵
  PID:9436
- C:\Windows\System\YKeoZUW.exe
  C:\Windows\System\YKeoZUW.exe
  2⤵
  PID:9456
- C:\Windows\System\vBYXUiZ.exe
  C:\Windows\System\vBYXUiZ.exe
  2⤵
  PID:9480
- C:\Windows\System\rHaRIXn.exe
  C:\Windows\System\rHaRIXn.exe
  2⤵
  PID:9508
- C:\Windows\System\nCqytIW.exe
  C:\Windows\System\nCqytIW.exe
  2⤵
  PID:9524
- C:\Windows\System\bfkDBRO.exe
  C:\Windows\System\bfkDBRO.exe
  2⤵
  PID:9544
- C:\Windows\System\wHXbjBh.exe
  C:\Windows\System\wHXbjBh.exe
  2⤵
  PID:9572
- C:\Windows\System\RnTvWfr.exe
  C:\Windows\System\RnTvWfr.exe
  2⤵
  PID:9600
- C:\Windows\System\lcpyJdz.exe
  C:\Windows\System\lcpyJdz.exe
  2⤵
  PID:9624
- C:\Windows\System\WAfThNI.exe
  C:\Windows\System\WAfThNI.exe
  2⤵
  PID:9644
- C:\Windows\System\wSdkEfF.exe
  C:\Windows\System\wSdkEfF.exe
  2⤵
  PID:9664
- C:\Windows\System\GEbqaJq.exe
  C:\Windows\System\GEbqaJq.exe
  2⤵
  PID:9680
- C:\Windows\System\CEvmmnI.exe
  C:\Windows\System\CEvmmnI.exe
  2⤵
  PID:9700
- C:\Windows\System\jjJpxsS.exe
  C:\Windows\System\jjJpxsS.exe
  2⤵
  PID:9720
- C:\Windows\System\DRoCAbZ.exe
  C:\Windows\System\DRoCAbZ.exe
  2⤵
  PID:9748
- C:\Windows\System\KGsuaxR.exe
  C:\Windows\System\KGsuaxR.exe
  2⤵
  PID:9776
- C:\Windows\System\LCsDZco.exe
  C:\Windows\System\LCsDZco.exe
  2⤵
  PID:9792
- C:\Windows\System\LfiQcNH.exe
  C:\Windows\System\LfiQcNH.exe
  2⤵
  PID:9808
- C:\Windows\System\KgHmbdG.exe
  C:\Windows\System\KgHmbdG.exe
  2⤵
  PID:9824
- C:\Windows\System\wpZeAjF.exe
  C:\Windows\System\wpZeAjF.exe
  2⤵
  PID:9844
- C:\Windows\System\xCBaPpQ.exe
  C:\Windows\System\xCBaPpQ.exe
  2⤵
  PID:9872
- C:\Windows\System\JpNaTjQ.exe
  C:\Windows\System\JpNaTjQ.exe
  2⤵
  PID:9888
- C:\Windows\System\wUapQmb.exe
  C:\Windows\System\wUapQmb.exe
  2⤵
  PID:9912
- C:\Windows\System\zAzNSug.exe
  C:\Windows\System\zAzNSug.exe
  2⤵
  PID:9932
- C:\Windows\System\McQNrHW.exe
  C:\Windows\System\McQNrHW.exe
  2⤵
  PID:9956
- C:\Windows\System\ZzMNxOt.exe
  C:\Windows\System\ZzMNxOt.exe
  2⤵
  PID:9976
- C:\Windows\System\NtZNlXL.exe
  C:\Windows\System\NtZNlXL.exe
  2⤵
  PID:10004
- C:\Windows\System\VuAzYoJ.exe
  C:\Windows\System\VuAzYoJ.exe
  2⤵
  PID:10036
- C:\Windows\System\NtGhVSH.exe
  C:\Windows\System\NtGhVSH.exe
  2⤵
  PID:10068
- C:\Windows\System\CAyHzzt.exe
  C:\Windows\System\CAyHzzt.exe
  2⤵
  PID:10084
- C:\Windows\System\EdMEPeR.exe
  C:\Windows\System\EdMEPeR.exe
  2⤵
  PID:10108
- C:\Windows\System\yDNQUis.exe
  C:\Windows\System\yDNQUis.exe
  2⤵
  PID:10128
- C:\Windows\System\nEklUBr.exe
  C:\Windows\System\nEklUBr.exe
  2⤵
  PID:10148
- C:\Windows\System\rArEJxI.exe
  C:\Windows\System\rArEJxI.exe
  2⤵
  PID:10176
- C:\Windows\System\DgWWDuR.exe
  C:\Windows\System\DgWWDuR.exe
  2⤵
  PID:10200
- C:\Windows\System\kOsamzq.exe
  C:\Windows\System\kOsamzq.exe
  2⤵
  PID:10220
- C:\Windows\System\uoCEKzI.exe
  C:\Windows\System\uoCEKzI.exe
  2⤵
  PID:6724
- C:\Windows\System\KFwVuyF.exe
  C:\Windows\System\KFwVuyF.exe
  2⤵
  PID:8640
- C:\Windows\System\thOzvym.exe
  C:\Windows\System\thOzvym.exe
  2⤵
  PID:7820
- C:\Windows\System\FnhKfPt.exe
  C:\Windows\System\FnhKfPt.exe
  2⤵
  PID:7900
- C:\Windows\System\VeBggev.exe
  C:\Windows\System\VeBggev.exe
  2⤵
  PID:7208
- C:\Windows\System\aOgaBfC.exe
  C:\Windows\System\aOgaBfC.exe
  2⤵
  PID:8872
- C:\Windows\System\DyeXlNA.exe
  C:\Windows\System\DyeXlNA.exe
  2⤵
  PID:8936
- C:\Windows\System\YPKJjxc.exe
  C:\Windows\System\YPKJjxc.exe
  2⤵
  PID:8008
- C:\Windows\System\HkxtcTF.exe
  C:\Windows\System\HkxtcTF.exe
  2⤵
  PID:8084
- C:\Windows\System\fQnKndI.exe
  C:\Windows\System\fQnKndI.exe
  2⤵
  PID:5688
- C:\Windows\System\AzkbYmC.exe
  C:\Windows\System\AzkbYmC.exe
  2⤵
  PID:8196
- C:\Windows\System\AxvYfbR.exe
  C:\Windows\System\AxvYfbR.exe
  2⤵
  PID:7732
- C:\Windows\System\XQfnWpl.exe
  C:\Windows\System\XQfnWpl.exe
  2⤵
  PID:7140
- C:\Windows\System\dJwUZna.exe
  C:\Windows\System\dJwUZna.exe
  2⤵
  PID:6224
- C:\Windows\System\ItOcKYz.exe
  C:\Windows\System\ItOcKYz.exe
  2⤵
  PID:7684
- C:\Windows\System\MJArcRs.exe
  C:\Windows\System\MJArcRs.exe
  2⤵
  PID:9268
- C:\Windows\System\UbfXyZO.exe
  C:\Windows\System\UbfXyZO.exe
  2⤵
  PID:9312
- C:\Windows\System\dtSEXbA.exe
  C:\Windows\System\dtSEXbA.exe
  2⤵
  PID:9340
- C:\Windows\System\WCHYjqb.exe
  C:\Windows\System\WCHYjqb.exe
  2⤵
  PID:8680
- C:\Windows\System\wWwyRRV.exe
  C:\Windows\System\wWwyRRV.exe
  2⤵
  PID:9472
- C:\Windows\System\ZuJaOSs.exe
  C:\Windows\System\ZuJaOSs.exe
  2⤵
  PID:10260
- C:\Windows\System\NiPvnTl.exe
  C:\Windows\System\NiPvnTl.exe
  2⤵
  PID:10284
- C:\Windows\System\FwuEJDW.exe
  C:\Windows\System\FwuEJDW.exe
  2⤵
  PID:10308
- C:\Windows\System\TfvzBIm.exe
  C:\Windows\System\TfvzBIm.exe
  2⤵
  PID:10332
- C:\Windows\System\ssFTsXO.exe
  C:\Windows\System\ssFTsXO.exe
  2⤵
  PID:10352
- C:\Windows\System\hgENbkX.exe
  C:\Windows\System\hgENbkX.exe
  2⤵
  PID:10372
- C:\Windows\System\zIoYsTS.exe
  C:\Windows\System\zIoYsTS.exe
  2⤵
  PID:10396
- C:\Windows\System\HIqmxfw.exe
  C:\Windows\System\HIqmxfw.exe
  2⤵
  PID:10420
- C:\Windows\System\VZxawfv.exe
  C:\Windows\System\VZxawfv.exe
  2⤵
  PID:10440
- C:\Windows\System\IDXMLBy.exe
  C:\Windows\System\IDXMLBy.exe
  2⤵
  PID:10460
- C:\Windows\System\aLUmNcS.exe
  C:\Windows\System\aLUmNcS.exe
  2⤵
  PID:10484
- C:\Windows\System\nDOBurJ.exe
  C:\Windows\System\nDOBurJ.exe
  2⤵
  PID:10508
- C:\Windows\System\LtsqxVW.exe
  C:\Windows\System\LtsqxVW.exe
  2⤵
  PID:10640
- C:\Windows\System\oEDRmbP.exe
  C:\Windows\System\oEDRmbP.exe
  2⤵
  PID:10704
- C:\Windows\System\IPIhsvX.exe
  C:\Windows\System\IPIhsvX.exe
  2⤵
  PID:10728
- C:\Windows\System\WWIjQUR.exe
  C:\Windows\System\WWIjQUR.exe
  2⤵
  PID:10752
- C:\Windows\System\xaBQTLM.exe
  C:\Windows\System\xaBQTLM.exe
  2⤵
  PID:10776
- C:\Windows\System\bYNTmtJ.exe
  C:\Windows\System\bYNTmtJ.exe
  2⤵
  PID:10796
- C:\Windows\System\gUmlPyj.exe
  C:\Windows\System\gUmlPyj.exe
  2⤵
  PID:10820
- C:\Windows\System\MeIYxkJ.exe
  C:\Windows\System\MeIYxkJ.exe
  2⤵
  PID:10840
- C:\Windows\System\KgaRBWK.exe
  C:\Windows\System\KgaRBWK.exe
  2⤵
  PID:10864
- C:\Windows\System\SklTxzr.exe
  C:\Windows\System\SklTxzr.exe
  2⤵
  PID:10884
- C:\Windows\System\NNmFpIB.exe
  C:\Windows\System\NNmFpIB.exe
  2⤵
  PID:10908
- C:\Windows\System\aaUClte.exe
  C:\Windows\System\aaUClte.exe
  2⤵
  PID:10940
- C:\Windows\System\TtkOXpJ.exe
  C:\Windows\System\TtkOXpJ.exe
  2⤵
  PID:10956
- C:\Windows\System\HeAmrZY.exe
  C:\Windows\System\HeAmrZY.exe
  2⤵
  PID:10984
- C:\Windows\System\TFKgGEv.exe
  C:\Windows\System\TFKgGEv.exe
  2⤵
  PID:11004
- C:\Windows\System\JJoHoKJ.exe
  C:\Windows\System\JJoHoKJ.exe
  2⤵
  PID:11032
- C:\Windows\System\zZyCOEB.exe
  C:\Windows\System\zZyCOEB.exe
  2⤵
  PID:11052
- C:\Windows\System\ygZiXqe.exe
  C:\Windows\System\ygZiXqe.exe
  2⤵
  PID:11076
- C:\Windows\System\HfUzivH.exe
  C:\Windows\System\HfUzivH.exe
  2⤵
  PID:11100
- C:\Windows\System\gstWYLj.exe
  C:\Windows\System\gstWYLj.exe
  2⤵
  PID:11124
- C:\Windows\System\DWNDirF.exe
  C:\Windows\System\DWNDirF.exe
  2⤵
  PID:11140
- C:\Windows\System\TkFXsCl.exe
  C:\Windows\System\TkFXsCl.exe
  2⤵
  PID:11164
- C:\Windows\System\xBIVxWj.exe
  C:\Windows\System\xBIVxWj.exe
  2⤵
  PID:11184
- C:\Windows\System\MjuZjth.exe
  C:\Windows\System\MjuZjth.exe
  2⤵
  PID:11204
- C:\Windows\System\lVOEsgq.exe
  C:\Windows\System\lVOEsgq.exe
  2⤵
  PID:11232
- C:\Windows\System\lIHFcgI.exe
  C:\Windows\System\lIHFcgI.exe
  2⤵
  PID:11256
- C:\Windows\System\EAXmvYC.exe
  C:\Windows\System\EAXmvYC.exe
  2⤵
  PID:6204
- C:\Windows\System\RAxohld.exe
  C:\Windows\System\RAxohld.exe
  2⤵
  PID:7020
- C:\Windows\System\gMJtbgb.exe
  C:\Windows\System\gMJtbgb.exe
  2⤵
  PID:5520
- C:\Windows\System\tOoMxbg.exe
  C:\Windows\System\tOoMxbg.exe
  2⤵
  PID:2264
- C:\Windows\System\Eyaielz.exe
  C:\Windows\System\Eyaielz.exe
  2⤵
  PID:1484
- C:\Windows\System\YgndqoH.exe
  C:\Windows\System\YgndqoH.exe
  2⤵
  PID:7796
- C:\Windows\System\BVdCWfb.exe
  C:\Windows\System\BVdCWfb.exe
  2⤵
  PID:6588
- C:\Windows\System\LoqzkzB.exe
  C:\Windows\System\LoqzkzB.exe
  2⤵
  PID:8036
- C:\Windows\System\XJkHTbj.exe
  C:\Windows\System\XJkHTbj.exe
  2⤵
  PID:8260
- C:\Windows\System\EequPmw.exe
  C:\Windows\System\EequPmw.exe
  2⤵
  PID:8348
- C:\Windows\System\LxVHyCe.exe
  C:\Windows\System\LxVHyCe.exe
  2⤵
  PID:8392
- C:\Windows\System\frwRzvG.exe
  C:\Windows\System\frwRzvG.exe
  2⤵
  PID:6624
- C:\Windows\System\SVVfUDB.exe
  C:\Windows\System\SVVfUDB.exe
  2⤵
  PID:8612
- C:\Windows\System\EmAQtvs.exe
  C:\Windows\System\EmAQtvs.exe
  2⤵
  PID:8544
- C:\Windows\System\IHgMdrA.exe
  C:\Windows\System\IHgMdrA.exe
  2⤵
  PID:8812
- C:\Windows\System\TubGOWv.exe
  C:\Windows\System\TubGOWv.exe
  2⤵
  PID:3220
- C:\Windows\System\WTRGTzK.exe
  C:\Windows\System\WTRGTzK.exe
  2⤵
  PID:9192
- C:\Windows\System\HgtSOPB.exe
  C:\Windows\System\HgtSOPB.exe
  2⤵
  PID:9804
- C:\Windows\System\XXRNcOi.exe
  C:\Windows\System\XXRNcOi.exe
  2⤵
  PID:9852
- C:\Windows\System\OcqdKgY.exe
  C:\Windows\System\OcqdKgY.exe
  2⤵
  PID:9880
- C:\Windows\System\PmRTMVE.exe
  C:\Windows\System\PmRTMVE.exe
  2⤵
  PID:9924
- C:\Windows\System\iwtLJQk.exe
  C:\Windows\System\iwtLJQk.exe
  2⤵
  PID:9992
- C:\Windows\System\BEGGizh.exe
  C:\Windows\System\BEGGizh.exe
  2⤵
  PID:10048
- C:\Windows\System\mrBsVOm.exe
  C:\Windows\System\mrBsVOm.exe
  2⤵
  PID:10116
- C:\Windows\System\DSSEYdR.exe
  C:\Windows\System\DSSEYdR.exe
  2⤵
  PID:10156
- C:\Windows\System\TCaLeXq.exe
  C:\Windows\System\TCaLeXq.exe
  2⤵
  PID:10208
- C:\Windows\System\bhrkEHx.exe
  C:\Windows\System\bhrkEHx.exe
  2⤵
  PID:5692
- C:\Windows\System\WelsqTv.exe
  C:\Windows\System\WelsqTv.exe
  2⤵
  PID:8724
- C:\Windows\System\YSnSGNO.exe
  C:\Windows\System\YSnSGNO.exe
  2⤵
  PID:7984
- C:\Windows\System\XBOCQgA.exe
  C:\Windows\System\XBOCQgA.exe
  2⤵
  PID:9452
- C:\Windows\System\KVpsKiK.exe
  C:\Windows\System\KVpsKiK.exe
  2⤵
  PID:10272
- C:\Windows\System\iRtJzzU.exe
  C:\Windows\System\iRtJzzU.exe
  2⤵
  PID:10324
- C:\Windows\System\kaVGWRX.exe
  C:\Windows\System\kaVGWRX.exe
  2⤵
  PID:10364
- C:\Windows\System\YXPZvQd.exe
  C:\Windows\System\YXPZvQd.exe
  2⤵
  PID:10436
- C:\Windows\System\mhptkKu.exe
  C:\Windows\System\mhptkKu.exe
  2⤵
  PID:10492
- C:\Windows\System\IYUhWET.exe
  C:\Windows\System\IYUhWET.exe
  2⤵
  PID:10860
- C:\Windows\System\kNgDGgJ.exe
  C:\Windows\System\kNgDGgJ.exe
  2⤵
  PID:10976
- C:\Windows\System\sgALIQa.exe
  C:\Windows\System\sgALIQa.exe
  2⤵
  PID:11020
- C:\Windows\System\cMZutzk.exe
  C:\Windows\System\cMZutzk.exe
  2⤵
  PID:11152
- C:\Windows\System\ZDguxYP.exe
  C:\Windows\System\ZDguxYP.exe
  2⤵
  PID:6996
- C:\Windows\System\jAGCTmy.exe
  C:\Windows\System\jAGCTmy.exe
  2⤵
  PID:11296
- C:\Windows\System\jdVUjMJ.exe
  C:\Windows\System\jdVUjMJ.exe
  2⤵
  PID:10620
- C:\Windows\System\BfKsYhN.exe
  C:\Windows\System\BfKsYhN.exe
  2⤵
  PID:10548
- C:\Windows\System\vErEUQM.exe
  C:\Windows\System\vErEUQM.exe
  2⤵
  PID:10736
- C:\Windows\System\eiTbzDD.exe
  C:\Windows\System\eiTbzDD.exe
  2⤵
  PID:10792
- C:\Windows\System\SmumyoT.exe
  C:\Windows\System\SmumyoT.exe
  2⤵
  PID:10920
- C:\Windows\System\FDpopny.exe
  C:\Windows\System\FDpopny.exe
  2⤵
  PID:11048
- C:\Windows\System\szKgUyA.exe
  C:\Windows\System\szKgUyA.exe
  2⤵
  PID:11096
- C:\Windows\System\vYpvhBc.exe
  C:\Windows\System\vYpvhBc.exe
  2⤵
  PID:11180
- C:\Windows\System\snPzkMd.exe
  C:\Windows\System\snPzkMd.exe
  2⤵
  PID:11240
- C:\Windows\System\wfUkmZO.exe
  C:\Windows\System\wfUkmZO.exe
  2⤵
  PID:9640
- C:\Windows\System\OImAWHT.exe
  C:\Windows\System\OImAWHT.exe
  2⤵
  PID:6364
- C:\Windows\System\XqREOqx.exe
  C:\Windows\System\XqREOqx.exe
  2⤵
  PID:7484
- C:\Windows\System\zroSfJh.exe
  C:\Windows\System\zroSfJh.exe
  2⤵
  PID:8308
- C:\Windows\System\DVnrtyr.exe
  C:\Windows\System\DVnrtyr.exe
  2⤵
  PID:8448
- C:\Windows\System\ayGiGAH.exe
  C:\Windows\System\ayGiGAH.exe
  2⤵
  PID:8844
- C:\Windows\System\PsYjFss.exe
  C:\Windows\System\PsYjFss.exe
  2⤵
  PID:11304
- C:\Windows\System\sAHNTWY.exe
  C:\Windows\System\sAHNTWY.exe
  2⤵
  PID:11352
- C:\Windows\System\XisDUjU.exe
  C:\Windows\System\XisDUjU.exe
  2⤵
  PID:11392
- C:\Windows\System\rKhfrle.exe
  C:\Windows\System\rKhfrle.exe
  2⤵
  PID:11452
- C:\Windows\System\khDxWnO.exe
  C:\Windows\System\khDxWnO.exe
  2⤵
  PID:3624
- C:\Windows\System\GCSaZbF.exe
  C:\Windows\System\GCSaZbF.exe
  2⤵
  PID:11476
- C:\Windows\System\PmWZkoE.exe
  C:\Windows\System\PmWZkoE.exe
  2⤵
  PID:11516
- C:\Windows\System\oepRIVD.exe
  C:\Windows\System\oepRIVD.exe
  2⤵
  PID:11608
- C:\Windows\System\idafnaP.exe
  C:\Windows\System\idafnaP.exe
  2⤵
  PID:11680
- C:\Windows\System\WJhRfiM.exe
  C:\Windows\System\WJhRfiM.exe
  2⤵
  PID:11756
- C:\Windows\System\jLxEBMa.exe
  C:\Windows\System\jLxEBMa.exe
  2⤵
  PID:11848
- C:\Windows\System\dbtKPbe.exe
  C:\Windows\System\dbtKPbe.exe
  2⤵
  PID:12016
- C:\Windows\System\LIenaqb.exe
  C:\Windows\System\LIenaqb.exe
  2⤵
  PID:12096
- C:\Windows\System\VVrbIEo.exe
  C:\Windows\System\VVrbIEo.exe
  2⤵
  PID:12136
- C:\Windows\System\mqMKTxE.exe
  C:\Windows\System\mqMKTxE.exe
  2⤵
  PID:12196
- C:\Windows\System\BieHJJm.exe
  C:\Windows\System\BieHJJm.exe
  2⤵
  PID:12284
- C:\Windows\System\BPPupUT.exe
  C:\Windows\System\BPPupUT.exe
  2⤵
  PID:9096
- C:\Windows\System\SpejUiw.exe
  C:\Windows\System\SpejUiw.exe
  2⤵
  PID:4524
- C:\Windows\System\JfLtmBx.exe
  C:\Windows\System\JfLtmBx.exe
  2⤵
  PID:2676
- C:\Windows\System\eNchxIb.exe
  C:\Windows\System\eNchxIb.exe
  2⤵
  PID:6400
- C:\Windows\System\nlkXwbs.exe
  C:\Windows\System\nlkXwbs.exe
  2⤵
  PID:3660
- C:\Windows\System\paqLVtU.exe
  C:\Windows\System\paqLVtU.exe
  2⤵
  PID:5040
- C:\Windows\System\szTFklg.exe
  C:\Windows\System\szTFklg.exe
  2⤵
  PID:5924
- C:\Windows\System\JqJcAvV.exe
  C:\Windows\System\JqJcAvV.exe
  2⤵
  PID:1672
- C:\Windows\System\QczIwEB.exe
  C:\Windows\System\QczIwEB.exe
  2⤵
  PID:9516
- C:\Windows\System\hfvtZYC.exe
  C:\Windows\System\hfvtZYC.exe
  2⤵
  PID:2240
- C:\Windows\System\lTBHBzj.exe
  C:\Windows\System\lTBHBzj.exe
  2⤵
  PID:4484
- C:\Windows\System\nOjEDXb.exe
  C:\Windows\System\nOjEDXb.exe
  2⤵
  PID:3208
- C:\Windows\System\kEsnCHT.exe
  C:\Windows\System\kEsnCHT.exe
  2⤵
  PID:1464
- C:\Windows\System\AlUmtHA.exe
  C:\Windows\System\AlUmtHA.exe
  2⤵
  PID:2940
- C:\Windows\System\JKlxWwK.exe
  C:\Windows\System\JKlxWwK.exe
  2⤵
  PID:4176
- C:\Windows\System\DfhnppX.exe
  C:\Windows\System\DfhnppX.exe
  2⤵
  PID:10028
- C:\Windows\System\poviDEP.exe
  C:\Windows\System\poviDEP.exe
  2⤵
  PID:10184
- C:\Windows\System\oekifDj.exe
  C:\Windows\System\oekifDj.exe
  2⤵
  PID:9552
- C:\Windows\System\dKjCZpK.exe
  C:\Windows\System\dKjCZpK.exe
  2⤵
  PID:9656
- C:\Windows\System\qiTKJZj.exe
  C:\Windows\System\qiTKJZj.exe
  2⤵
  PID:5936
- C:\Windows\System\TIolbWb.exe
  C:\Windows\System\TIolbWb.exe
  2⤵
  PID:9744
- C:\Windows\System\UqOpRcK.exe
  C:\Windows\System\UqOpRcK.exe
  2⤵
  PID:9904
- C:\Windows\System\lqlZkvE.exe
  C:\Windows\System\lqlZkvE.exe
  2⤵
  PID:10392
- C:\Windows\System\rcMvGmg.exe
  C:\Windows\System\rcMvGmg.exe
  2⤵
  PID:10456
- C:\Windows\System\pCLOHfH.exe
  C:\Windows\System\pCLOHfH.exe
  2⤵
  PID:10948
- C:\Windows\System\VKNdmoa.exe
  C:\Windows\System\VKNdmoa.exe
  2⤵
  PID:11000
- C:\Windows\System\lOXYrOC.exe
  C:\Windows\System\lOXYrOC.exe
  2⤵
  PID:6140
- C:\Windows\System\yOVDGtC.exe
  C:\Windows\System\yOVDGtC.exe
  2⤵
  PID:10664
- C:\Windows\System\RgsgIaJ.exe
  C:\Windows\System\RgsgIaJ.exe
  2⤵
  PID:10896
- C:\Windows\System\RzHJLMD.exe
  C:\Windows\System\RzHJLMD.exe
  2⤵
  PID:10712
- C:\Windows\System\FPCQqgP.exe
  C:\Windows\System\FPCQqgP.exe
  2⤵
  PID:4256
- C:\Windows\System\vwnGrSH.exe
  C:\Windows\System\vwnGrSH.exe
  2⤵
  PID:10380
- C:\Windows\System\wjCStJc.exe
  C:\Windows\System\wjCStJc.exe
  2⤵
  PID:4312
- C:\Windows\System\lsuuPFq.exe
  C:\Windows\System\lsuuPFq.exe
  2⤵
  PID:6896
- C:\Windows\System\RNZYMDq.exe
  C:\Windows\System\RNZYMDq.exe
  2⤵
  PID:10560
- C:\Windows\System\dYBKqIc.exe
  C:\Windows\System\dYBKqIc.exe
  2⤵
  PID:11044
- C:\Windows\System\LMIDYGw.exe
  C:\Windows\System\LMIDYGw.exe
  2⤵
  PID:11676
- C:\Windows\System\JstquUk.exe
  C:\Windows\System\JstquUk.exe
  2⤵
  PID:11252
- C:\Windows\System\DXwVVmb.exe
  C:\Windows\System\DXwVVmb.exe
  2⤵
  PID:8272
- C:\Windows\System\QIcYdtI.exe
  C:\Windows\System\QIcYdtI.exe
  2⤵
  PID:12124
- C:\Windows\System\VYjUTaU.exe
  C:\Windows\System\VYjUTaU.exe
  2⤵
  PID:3588
- C:\Windows\System\lLXljIh.exe
  C:\Windows\System\lLXljIh.exe
  2⤵
  PID:2624
- C:\Windows\System\tXvKFyq.exe
  C:\Windows\System\tXvKFyq.exe
  2⤵
  PID:4496
- C:\Windows\System\EPPbqsj.exe
  C:\Windows\System\EPPbqsj.exe
  2⤵
  PID:10768
- C:\Windows\System\VvMVaBl.exe
  C:\Windows\System\VvMVaBl.exe
  2⤵
  PID:1392
- C:\Windows\System\xHFlIgh.exe
  C:\Windows\System\xHFlIgh.exe
  2⤵
  PID:1328
- C:\Windows\System\OkgJOVv.exe
  C:\Windows\System\OkgJOVv.exe
  2⤵
  PID:11748
- C:\Windows\System\YZpgIXQ.exe
  C:\Windows\System\YZpgIXQ.exe
  2⤵
  PID:12312
- C:\Windows\System\fPGvAFE.exe
  C:\Windows\System\fPGvAFE.exe
  2⤵
  PID:12332
- C:\Windows\System\mgQUubz.exe
  C:\Windows\System\mgQUubz.exe
  2⤵
  PID:12352
- C:\Windows\System\QcYSYrD.exe
  C:\Windows\System\QcYSYrD.exe
  2⤵
  PID:12376
- C:\Windows\System\GMgACGo.exe
  C:\Windows\System\GMgACGo.exe
  2⤵
  PID:12404
- C:\Windows\System\pRxHEft.exe
  C:\Windows\System\pRxHEft.exe
  2⤵
  PID:12428
- C:\Windows\System\OUfaBFQ.exe
  C:\Windows\System\OUfaBFQ.exe
  2⤵
  PID:12448
- C:\Windows\System\sHBzNzi.exe
  C:\Windows\System\sHBzNzi.exe
  2⤵
  PID:12476
- C:\Windows\System\czNFCmR.exe
  C:\Windows\System\czNFCmR.exe
  2⤵
  PID:12496
- C:\Windows\System\LEELpET.exe
  C:\Windows\System\LEELpET.exe
  2⤵
  PID:12516
- C:\Windows\System\BmULuFk.exe
  C:\Windows\System\BmULuFk.exe
  2⤵
  PID:12536
- C:\Windows\System\lPtOhoB.exe
  C:\Windows\System\lPtOhoB.exe
  2⤵
  PID:12556
- C:\Windows\System\UBdEAVO.exe
  C:\Windows\System\UBdEAVO.exe
  2⤵
  PID:12576
- C:\Windows\System\VXqdilU.exe
  C:\Windows\System\VXqdilU.exe
  2⤵
  PID:12600
- C:\Windows\System\LrFdJox.exe
  C:\Windows\System\LrFdJox.exe
  2⤵
  PID:12616
- C:\Windows\System\aDHKEVa.exe
  C:\Windows\System\aDHKEVa.exe
  2⤵
  PID:12636
- C:\Windows\System\UyTSYPJ.exe
  C:\Windows\System\UyTSYPJ.exe
  2⤵
  PID:12656
- C:\Windows\System\fsojTpz.exe
  C:\Windows\System\fsojTpz.exe
  2⤵
  PID:12684
- C:\Windows\System\CwTqKdy.exe
  C:\Windows\System\CwTqKdy.exe
  2⤵
  PID:12700
- C:\Windows\System\oeLattP.exe
  C:\Windows\System\oeLattP.exe
  2⤵
  PID:12728
- C:\Windows\System\AfTyoMe.exe
  C:\Windows\System\AfTyoMe.exe
  2⤵
  PID:12748
- C:\Windows\System\EZSFdpM.exe
  C:\Windows\System\EZSFdpM.exe
  2⤵
  PID:12768
- C:\Windows\System\rpnywbj.exe
  C:\Windows\System\rpnywbj.exe
  2⤵
  PID:12792
- C:\Windows\System\zDZWyNW.exe
  C:\Windows\System\zDZWyNW.exe
  2⤵
  PID:12816
- C:\Windows\System\CogChwP.exe
  C:\Windows\System\CogChwP.exe
  2⤵
  PID:12844
- C:\Windows\System\XQnhstU.exe
  C:\Windows\System\XQnhstU.exe
  2⤵
  PID:12864
- C:\Windows\System\RJEqdcp.exe
  C:\Windows\System\RJEqdcp.exe
  2⤵
  PID:12884
- C:\Windows\System\qfyYxLH.exe
  C:\Windows\System\qfyYxLH.exe
  2⤵
  PID:12908
- C:\Windows\System\CVpENZw.exe
  C:\Windows\System\CVpENZw.exe
  2⤵
  PID:12928
- C:\Windows\System\zNSZYgk.exe
  C:\Windows\System\zNSZYgk.exe
  2⤵
  PID:12948
- C:\Windows\System\TIsYMHc.exe
  C:\Windows\System\TIsYMHc.exe
  2⤵
  PID:12964
- C:\Windows\System\fzIWufx.exe
  C:\Windows\System\fzIWufx.exe
  2⤵
  PID:12984
- C:\Windows\System\sCnRkAP.exe
  C:\Windows\System\sCnRkAP.exe
  2⤵
  PID:13012
- C:\Windows\System\IwRUBvZ.exe
  C:\Windows\System\IwRUBvZ.exe
  2⤵
  PID:13036
- C:\Windows\System\zKJaNFX.exe
  C:\Windows\System\zKJaNFX.exe
  2⤵
  PID:13056
- C:\Windows\System\kuoWEVM.exe
  C:\Windows\System\kuoWEVM.exe
  2⤵
  PID:12960
- C:\Windows\System\HQICAWY.exe
  C:\Windows\System\HQICAWY.exe
  2⤵
  PID:12304
- C:\Windows\System\YeHCbIK.exe
  C:\Windows\System\YeHCbIK.exe
  2⤵
  PID:12420
- C:\Windows\System\VNcTrJP.exe
  C:\Windows\System\VNcTrJP.exe
  2⤵
  PID:13272
- C:\Windows\System\QSATtas.exe
  C:\Windows\System\QSATtas.exe
  2⤵
  PID:12860
- C:\Windows\System\CzbLZEm.exe
  C:\Windows\System\CzbLZEm.exe
  2⤵
  PID:12544
- C:\Windows\System\HEafIWe.exe
  C:\Windows\System\HEafIWe.exe
  2⤵
  PID:12876
- C:\Windows\System\TZVpaAV.exe
  C:\Windows\System\TZVpaAV.exe
  2⤵
  PID:13260
- C:\Windows\System\iatjTRT.exe
  C:\Windows\System\iatjTRT.exe
  2⤵
  PID:13088
- C:\Windows\System\GAtXvBu.exe
  C:\Windows\System\GAtXvBu.exe
  2⤵
  PID:4580
- C:\Windows\System\FnPlase.exe
  C:\Windows\System\FnPlase.exe
  2⤵
  PID:11440
- C:\Windows\System\llFDGay.exe
  C:\Windows\System\llFDGay.exe
  2⤵
  PID:8588
- C:\Windows\System\MyulXqE.exe
  C:\Windows\System\MyulXqE.exe
  2⤵
  PID:12892
- C:\Windows\System\vLxTPfu.exe
  C:\Windows\System\vLxTPfu.exe
  2⤵
  PID:3360
- C:\Windows\System\wCfQgvd.exe
  C:\Windows\System\wCfQgvd.exe
  2⤵
  PID:12916
- C:\Windows\System\FstzaPC.exe
  C:\Windows\System\FstzaPC.exe
  2⤵
  PID:844
- C:\Windows\System\GkctirA.exe
  C:\Windows\System\GkctirA.exe
  2⤵
  PID:9900
- C:\Windows\System\bkdZkVy.exe
  C:\Windows\System\bkdZkVy.exe
  2⤵
  PID:12072
- C:\Windows\System\RXypvRA.exe
  C:\Windows\System\RXypvRA.exe
  2⤵
  PID:13028
- C:\Windows\System\nQanOdr.exe
  C:\Windows\System\nQanOdr.exe
  2⤵
  PID:12980
- C:\Windows\System\NPXuIaO.exe
  C:\Windows\System\NPXuIaO.exe
  2⤵
  PID:12344
- C:\Windows\System\tFBIvOj.exe
  C:\Windows\System\tFBIvOj.exe
  2⤵
  PID:12896
- C:\Windows\System\HERNxHp.exe
  C:\Windows\System\HERNxHp.exe
  2⤵
  PID:12492
- C:\Windows\System\TcSZIaG.exe
  C:\Windows\System\TcSZIaG.exe
  2⤵
  PID:12592
- C:\Windows\System\lLhhTwZ.exe
  C:\Windows\System\lLhhTwZ.exe
  2⤵
  PID:12668
- C:\Windows\System\zUJYFUi.exe
  C:\Windows\System\zUJYFUi.exe
  2⤵
  PID:13156
- C:\Windows\System\gUakhMH.exe
  C:\Windows\System\gUakhMH.exe
  2⤵
  PID:13104
- C:\Windows\System\cjvzSLd.exe
  C:\Windows\System\cjvzSLd.exe
  2⤵
  PID:7656
- C:\Windows\System\LtxNrOz.exe
  C:\Windows\System\LtxNrOz.exe
  2⤵
  PID:13176
- C:\Windows\System\XEMbYiS.exe
  C:\Windows\System\XEMbYiS.exe
  2⤵
  PID:11832
- C:\Windows\System\DzlLeyG.exe
  C:\Windows\System\DzlLeyG.exe
  2⤵
  PID:13168
- C:\Windows\System\crKyOSW.exe
  C:\Windows\System\crKyOSW.exe
  2⤵
  PID:4340
- C:\Windows\System\OSFHfQt.exe
  C:\Windows\System\OSFHfQt.exe
  2⤵
  PID:12676
- C:\Windows\System\EAXPhRs.exe
  C:\Windows\System\EAXPhRs.exe
  2⤵
  PID:2660
- C:\Windows\System\BGhnfaT.exe
  C:\Windows\System\BGhnfaT.exe
  2⤵
  PID:724
- C:\Windows\System\azOxOng.exe
  C:\Windows\System\azOxOng.exe
  2⤵
  PID:13116
- C:\Windows\System\iNdUmBI.exe
  C:\Windows\System\iNdUmBI.exe
  2⤵
  PID:2012
- C:\Windows\System\OpfJEaz.exe
  C:\Windows\System\OpfJEaz.exe
  2⤵
  PID:2644
- C:\Windows\System\RcMiJZM.exe
  C:\Windows\System\RcMiJZM.exe
  2⤵
  PID:1072
- C:\Windows\System\JjonbuF.exe
  C:\Windows\System\JjonbuF.exe
  2⤵
  PID:3636
- C:\Windows\System\SMtspge.exe
  C:\Windows\System\SMtspge.exe
  2⤵
  PID:11276
- C:\Windows\System\dvBgKjY.exe
  C:\Windows\System\dvBgKjY.exe
  2⤵
  PID:3216
- C:\Windows\System\tCIInKG.exe
  C:\Windows\System\tCIInKG.exe
  2⤵
  PID:3532
- C:\Windows\System\ZOauvAL.exe
  C:\Windows\System\ZOauvAL.exe
  2⤵
  PID:1452
- C:\Windows\System\SanXCBd.exe
  C:\Windows\System\SanXCBd.exe
  2⤵
  PID:4744
- C:\Windows\System\dxRCkgg.exe
  C:\Windows\System\dxRCkgg.exe
  2⤵
  PID:13308
- C:\Windows\System\nuSUmrv.exe
  C:\Windows\System\nuSUmrv.exe
  2⤵
  PID:64
- C:\Windows\System\HtVlaok.exe
  C:\Windows\System\HtVlaok.exe
  2⤵
  PID:860
- C:\Windows\System\dUtICCS.exe
  C:\Windows\System\dUtICCS.exe
  2⤵
  PID:560
- C:\Windows\System\ZQZGBrb.exe
  C:\Windows\System\ZQZGBrb.exe
  2⤵
  PID:3120
- C:\Windows\System\vBEWrse.exe
  C:\Windows\System\vBEWrse.exe
  2⤵
  PID:4104
- C:\Windows\System\fJJLFMY.exe
  C:\Windows\System\fJJLFMY.exe
  2⤵
  PID:4156
- C:\Windows\System\ToHVFFD.exe
  C:\Windows\System\ToHVFFD.exe
  2⤵
  PID:4076
- C:\Windows\System\lsvAPUS.exe
  C:\Windows\System\lsvAPUS.exe
  2⤵
  PID:4008
- C:\Windows\System\rhQKGxw.exe
  C:\Windows\System\rhQKGxw.exe
  2⤵
  PID:5068
- C:\Windows\System\HITmmnB.exe
  C:\Windows\System\HITmmnB.exe
  2⤵
  PID:1168
- C:\Windows\System\PQfrNPP.exe
  C:\Windows\System\PQfrNPP.exe
  2⤵
  PID:4064
- C:\Windows\System\YcFfTvO.exe
  C:\Windows\System\YcFfTvO.exe
  2⤵
  PID:4148
- C:\Windows\System\pJPKrFU.exe
  C:\Windows\System\pJPKrFU.exe
  2⤵
  PID:3124

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3936

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:6460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:6800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kjzz0ut4.t3b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BKrTpdS.exe

Filesize
2.0MB

MD5
84a9a277f559888576d6dcea72532b61

SHA1
82999e0bbfc7c4abfebd7306a06b6d37e7bf4786

SHA256
4420c78aa945f0c6e37fd5525d88ac7134474e00149eecd95abf7766f8ca636b

SHA512
2589eced79f4ecf7ef46c17b8ffa26c1d3e948e6385df8c50f908194d998ef9d4f8dc3cf666172d38bf520ad155bd13418379fb5574bde85ffc3f8b92fce7be4

Download Submit
C:\Windows\System\Dvjacuk.exe

Filesize
2.0MB

MD5
19c7118656f1f2e44e012d166d0c561c

SHA1
1be04ca6fb6ede86d38bbe58221a97fc7c2a7455

SHA256
a2f1f36bda7e91e063d191fffa0734d60e75275e0e7309236cb100b58c7e4d31

SHA512
177e4896999e33818d8a97b7cecee0afad3cf7a4326057af30068b84e4bd97ec61cb65900f88519715d5b2e05bc3f21be1b1724d2848020a09e6010afecd2ab1

Download Submit
C:\Windows\System\JEORVYO.exe

Filesize
2.0MB

MD5
c6e69e85fb10ca562379d41feac86a0e

SHA1
5fc72471fb8bbfc2966fd7cc038acc247cef7780

SHA256
1d075b3941307be7f6afa48f8d6d719ed678527355c3deea977c81ac48f06242

SHA512
fe034c9a7936513baeb9b8d90b35621644a3615bea92524d98d15fb4842dc0717d1501b9c5ea4409cd77cfa456bae6d6efd2048b31e4ecb01dc55432671520c3

Download Submit
C:\Windows\System\JZTdbjJ.exe

Filesize
2.0MB

MD5
00a557d30277f6220080b66926087824

SHA1
919ad6ad4acb814170fbaf1ee3cc424219a57e10

SHA256
1447b0a1c570d8601769c61a1cc94a082adf0c99fc1f3bea442703ea1baa1613

SHA512
5c80f867598318d7fc70dc3b703c192dda8f1a27e6a700f89b46290bca33e232942c18ff07bda9f4a168312f75df188c7d6ab36df35ee72692407b9563d724a4

Download Submit
C:\Windows\System\LdhtfwN.exe

Filesize
2.0MB

MD5
7afcbaff948a29422daa06d2b721c581

SHA1
32345f106626974233f786ff1a89ff91e92225eb

SHA256
eee6c10569c9bde4245c3a9ad2592b8a88d2bd798269d4151ffeae69f84bcb59

SHA512
ef6cf2282f3c429a1d037649c8ba06cc209b24a42023f2289cc4db734251bbe99c7c533ef618d01dda46e8f9088faf319306f5423494615c81c20343fcc83d9c

Download Submit
C:\Windows\System\MLrRBFG.exe

Filesize
2.0MB

MD5
79daf45b2720920c0f36c16708a5554a

SHA1
ec58a43573b635118e9c90cb9885164ecc99ba9f

SHA256
105ca7539094fd9830cc2cd337bcf8a2904e86b36fbb74d4c398ead369d7c3f6

SHA512
fdfcb9730b5fb7892140c07a4430426435997b1c29198b6ea95e28f7381dc57aa49a7281215e0069ac23df3a73bbf6f1c31fa95a5a8016c8818b9f64757759ed

Download Submit
C:\Windows\System\NFAIEZv.exe

Filesize
2.0MB

MD5
9877d2ea21a69b0766d1d2856d819e91

SHA1
d298c7b11571e3329910cf3baef151f0db53520e

SHA256
81a7f56dbaf3256b950e8748a65e07dfd8c60103076a640ae63856cced9be3f9

SHA512
0696404f002a34d01ad99f84fba25922dce8ed84f1aff0cb30b110c0127e18084e88a2ab4ebef0ea8d28506ae73df2dae7b1253e50d6f50110a1f726fd6d2768

Download Submit
C:\Windows\System\NWmKTzG.exe

Filesize
18B

MD5
b5af15b91ef901dbbad280bf2ec97d3f

SHA1
b8fc44effcf94c604b3a330099fdd05d70ca2290

SHA256
4b241b0358bbe69bc40fb7c8558ef0dacf7a7dd595b9974e7ee1287f6f6a57a6

SHA512
77e9e1cd7604d29efe33ea37dfc85035465c8eb4a6b1edf396f009c9427a6171460e7b24fac454a276653572360ea48634eb43a059b68dd9d91460bd58c1ddf1

Download Submit
C:\Windows\System\OoTmJrK.exe

Filesize
2.0MB

MD5
0b30a5ffb5824c1aada93dbf2594d637

SHA1
23c07494c1744b0aa82ca54b220e361e8134cdf5

SHA256
69ed85cc237af9459c3d2cd3ed1c362cb68537874682379c58bbd4cbf35b15e2

SHA512
81e088438cdb3a70494897c308c2b1b72ade419b8088ff66abcdcff21d7981f8ac179952734654950fc680ab76f67ec5d2c19d98331a2379840f9449a6b663f3

Download Submit
C:\Windows\System\PbBgSJJ.exe

Filesize
2.0MB

MD5
791e96ef6c6299392d5da2e5e131be8a

SHA1
8add8ca5223b2d31d02a9ffe473a937ec28ecd6d

SHA256
a28d62d2f547fc1fff84f5cb51bfba4f14265ef052629e201574851d2e767270

SHA512
d2f7d0183d91cecb82ee8e27db0142789c83ca127129f963467f3842eb06b6c7b2297a59699ce49c8411bf10184e1b094a366685a42680f310471f54fa6c4a13

Download Submit
C:\Windows\System\QULtLvP.exe

Filesize
2.0MB

MD5
807fce35088c5dabbe6c8724bcf3523d

SHA1
3b652084983357b892c1ec8dd1c8db51dd210606

SHA256
dd79c5e75049bb4597f6d731acb3939056ce5430caf34c0a452dc2c6f8150d64

SHA512
cc2c35ae0ed587995746cb2b9273f2af6e7f63b88b439642e48d08e9194a3d6979589db6442a86ce44d3e1638fc09e252129bfad9e4222b0897415f9d2a52c75

Download Submit
C:\Windows\System\RaGUhRC.exe

Filesize
2.0MB

MD5
28035bc0a1a624e7b52f70de5ddab4af

SHA1
9a225277c29011169751ad5bba7af074dbbfe3d9

SHA256
7af44e78dc33a2d9bce37d34050831b8d6b17662f1d7102881b834cfbb84623a

SHA512
9e26cf1eb72dbd85c14eb3f55704890faa936bf450f213d9aefaaf029d18cfa7a1190949cb0fa51d54dc9ef4b583b291e155911a26ac11c0c334b2a71ac40137

Download Submit
C:\Windows\System\TcyLzZd.exe

Filesize
2.0MB

MD5
f1f0dfe96777dfaa4ea1956339bf4919

SHA1
d8e0c8f3b1e4dc1db37ff28ff6b78f08c7d1bdd4

SHA256
f50b5710fa66371a7d3d9e6fc34bd68ac2c3e19d1cb3215deba1056e4d4d4717

SHA512
9afc9214395351ab4ac68feba9e98e8fa1229f502aa15d7c8c2929cb8e78d5d8b48a4137649c61a3db8451236f845168a9a3759ad158b29710a73f3457955cec

Download Submit
C:\Windows\System\UTPJzJa.exe

Filesize
2.0MB

MD5
a06c66c8acad9ba296ed8aea84fa1128

SHA1
ce19b0e1de0f69ded830036d956cad711d853dd7

SHA256
c646539302f22e3ee82f413c89e83634a517f1363c5013cd2d41468a98a512cf

SHA512
7832f1bf1a8d714f226a1f165ed99b79128abaa1d5a5432066a514acb33022e3ebd0efcd8015a719fe8b1b1b6a38979e772bb7a58afadb588d8de957a6022bf7

Download Submit
C:\Windows\System\VVBQKkb.exe

Filesize
2.0MB

MD5
306f44f151a0069043de26e6edf22ef2

SHA1
e402508a8e492c9081bb3c016ef2011f80838c7c

SHA256
ddd599ea427c04a3f5583412d95aa055d84a654f1e2a0550790f968a936d078b

SHA512
a5410884a983746a39cbbb1bdd281f06639990f6de95ff48f2358347faff4317bbce151dc706012dc0a0bc54514e9bd292b7bdd25a7c7b6fa406cd10e82d6d9c

Download Submit
C:\Windows\System\WEURdkQ.exe

Filesize
2.0MB

MD5
c662a849a0a5a75a4c6a94a669196ceb

SHA1
39ceb848704f77238493b6d9638f5645b464bf04

SHA256
f3fa1ba5b0a42ad33bbe8d33e798b036f7ea91e50d741a37e3fcf5de229359cd

SHA512
e93ce65db81700b6698846ee3eaf53084fd776689e5fd3952db15e4a6c2408476ccb6a010370e06652ae9d7fccde608e6ed7bb5792fe01770b9213158200e44e

Download Submit
C:\Windows\System\WbKvdBb.exe

Filesize
2.0MB

MD5
5da2a54c7248feaaba23c8e5e21258e5

SHA1
55d1e82b4170f48406e96962b02ffb27ce697e19

SHA256
ef99360bb9391831fc88e8b2f7fc48be6fd44ed0c074319eff4fb9c550f4a20c

SHA512
b51932482ce07107bd440bcb1589a5f08bec24e4410a6eb8a0848541e812b50aa9a47653449f969550269e9a61a2c385cc82ed2868cae0d3c15b21da44f950df

Download Submit
C:\Windows\System\XHFXich.exe

Filesize
2.0MB

MD5
b4c967a45184e2f0cd817b60a6c6ab58

SHA1
b9f4674656238086d330cb05a7959c0d666d5c89

SHA256
b0c8324ca42d0755933baef2cb5b3f00f7427f3c5f70aa1b8faededed25ba4f2

SHA512
549856d9b8abc3fdadb63344c76c096855a9240e87249c85323fceae5fe6c0f9f551cc0229346405f8f47f69d40c2df1989e16461cb7034d2a7da6edcafb5194

Download Submit
C:\Windows\System\XSIPcBq.exe

Filesize
2.0MB

MD5
aeab71747591ac78e54395b0847e96f1

SHA1
b6c74be8d57e0ca1697bd9979e35a21e73cd3881

SHA256
1efaa7bda4a38d2a355034eb9afb61dea4f3dc595ede33b50ccd4b5e573f2991

SHA512
6efef2515a2eb0083734cf47ebea4367b92e0c65d8d35f440f1eb7206e1df45695aa6635c6f08e26340b8d8702f15ec93c6ce7345b7c90913453b666b93b4369

Download Submit
C:\Windows\System\YmQljXN.exe

Filesize
2.0MB

MD5
6f5dcc12ac8f92e8bb4b9884f07e1684

SHA1
1930ff8ac8812f0d9d30ca84b06c451a597f093c

SHA256
8624cc174414a95a264565b7ca8cf70fe7b0af8b566b108fbb596e67d7da0400

SHA512
9edfa9ee7c61f2461e0323cd993d571ca6e277822e9fc409edd443d0d54a1ba372aa75aed1958173828a7b7f047410f360ceee68d18426836e8c8e4a0b041a98

Download Submit
C:\Windows\System\aABEJtw.exe

Filesize
2.0MB

MD5
09fad959ab625be19c48c578270f9818

SHA1
87be88aace108dae2fcc2699dba3dc61279d9d5b

SHA256
c2b0503c09049e9e5d9475a25238e2b314299254db47055121bb16c0be3da8cf

SHA512
25974d044ba86588a899c942ae615a7ef39f71eb2a2b852457886c71427925143a9d0d013ef92780a2c46a3d4cf2dee4011383caa736239cfb8f1c1214034113

Download Submit
C:\Windows\System\aCJONgb.exe

Filesize
2.0MB

MD5
b2a5cdd0018034d6392ac1b289ed6c8c

SHA1
e848865e78101ca0464f157474f894e06eed7043

SHA256
e6f67d95f61eef01f32ec52379173aaeefeaca7e6d4b7e10405d4d5045e477a0

SHA512
a9e4e66bf65a1ff06ed62e8a68148fb01263f6f168f48fd7aedc1d33dcd2a2d35b8fa33a8f4da3c2b68e50b260f21ce883d926ea1928e35f0d721a30be9c8376

Download Submit
C:\Windows\System\bRXktpm.exe

Filesize
2.0MB

MD5
1fb56c4fa9d841f20a4322f5f1c566ee

SHA1
d2ee778d138c32a61cd7c0985faa8743399fad92

SHA256
ae68331f56b0804545f977f74951671284ad9dfc1ac4e4a9d209129caacc6fb3

SHA512
98667cc72ecab41e538e58f1a48898243caccfb1ae419938f94191207c8ea07deb65adad9368252a96403f326fb6f0d672dd6e27cb55fcdbad2c3dbde1e19a6f

Download Submit
C:\Windows\System\byUduSq.exe

Filesize
2.0MB

MD5
0b665a33210ca740d9a26bcdb5c46667

SHA1
31888beec847720db178dd048365fa8114decb71

SHA256
d6336c9296566b148eb35856ee525e97b9de6f0dbd8b20883133fb55ecaf2499

SHA512
2e0f35e2d048f9c32d3623823877a624dd1a4a7abe7c2326e013d0cb2cf117d4079e44ff8fedb9bafc54012c4be89dc90407f30b4ff9db1232c0bbe52e4ccf91

Download Submit
C:\Windows\System\fxfZrwp.exe

Filesize
2.0MB

MD5
be0d0aa33815ad4c146235373e018235

SHA1
e4517ba83b4f02fc539d5423d07be3ebc620d429

SHA256
544945a143d72a23f19182e17ae286328004b9ad837ee4697bf21a7f770320a8

SHA512
1d707db0663451ffb915acb5de25275c69768a264695060e4008b07bf84029dababf64cd17227f8cb6d2f38cbc77ce98c7ac9b8bbf0451324ba0fc6fae6b0794

Download Submit
C:\Windows\System\gTlLLJd.exe

Filesize
2.0MB

MD5
8d62c45b9bb4d205bab592549fe2cba9

SHA1
0e759efb096ace9c3534821cff3de0b02436871a

SHA256
7f7c8047489117442f5d3715c2dd5988c0e5f1b4948b3c43f05c88a58eb669de

SHA512
7910981f8f493c8ce5c9ec77c85246abaca6e258b267f34c5da61e20180925bd28f0bef94b746856074ab33b4fab27766e1e125b69b098f3ccf740f090216c9e

Download Submit
C:\Windows\System\gdXoSln.exe

Filesize
2.0MB

MD5
b9e93efd9f1eca9675c616936f9c529e

SHA1
e88bf7228d8dfb087d255ceee655519ee6f9b768

SHA256
ec30956bb7c21a0c083bcdb74af24de0a498fefd51a05f813c658e7f28ea8f6c

SHA512
8bafc7fabd6fbc2713658ab76688d1d2ccd8430294822aae29d6160c04b0218a3830b2f15ab23f1737decb23846e5f62cf2584e68492ffc68b72ba692bfdea97

Download Submit
C:\Windows\System\gqNLlIg.exe

Filesize
2.0MB

MD5
f8e34d2081c38ec3be5e70d8e71ace4f

SHA1
f8f95285c54a897da76ac0bce740ba7d017dd62d

SHA256
dda07950a7a5699bfcb547d6e41d2cb688129c193eb4d79e84b2bd37877151d3

SHA512
d2da449dab442b9c1033c6da3a4324aedfe89a95e0b1fd4fb31625ed3cfb6108734052a93345fe651999eb3ac3f080415f5b554415086f301533d623ea475e6f

Download Submit
C:\Windows\System\gxkbHfO.exe

Filesize
2.0MB

MD5
d280da68bb094c224ae4473f3bf164dd

SHA1
4949a591f1760e745f531b8000c6ed6cb3405076

SHA256
19b18b2d5b7420d250d5b0e768b118f13f9456d5185b142736caf2e5f6c9851e

SHA512
3308f1d5fc26f05d1859bc38a53299fd928c71f05877bb401a19457d79f51d2bb6ceaa8afd89d054573a2d4150606bc9f6ca63cd995f658596f1502dc43f123a

Download Submit
C:\Windows\System\hEbqPhY.exe

Filesize
2.0MB

MD5
a5265d95f6ccc5ad5db8ee264571761c

SHA1
cc19d3eb5318106e89a6a881ba468f1a278761af

SHA256
faaf470a39dac3289e3f0df6cc748ad9d6ca5a5effc9a335e7ae2466ccfa1f8b

SHA512
94afc8a908a9bcf0c8ecf7a026c9d39d3d95e5996935de67a189e4d65dde1fbe32db809e201b5bbbd278beac6a96c413ecee0da6066f48689626a17f701e0c58

Download Submit
C:\Windows\System\ipYmuUu.exe

Filesize
2.0MB

MD5
c504cca3c8e3987de4c06ca1ae56a890

SHA1
cacfbd4e0553584d36cc2f587be30426ac579d29

SHA256
d7bdf9c5142a032d611ad752d3ff50753999eda7847bf351ca8cfaa4835852bd

SHA512
4d827c274e14af34c3b8d21354116edc4ae3f957f940e38ed52639d96e5fe45c60fd008c3aab89eb230ee211b45401c4fa7f72210809d22543cba7b44b6f1d64

Download Submit
C:\Windows\System\kHUfXoa.exe

Filesize
2.0MB

MD5
87a7551bc270c3ce8e0133e60318e9a6

SHA1
8921dcee630e16e8f27e6bb4ca49aec397b2195f

SHA256
65539db51c3f7b4b6b87b2b308f527229ee9649e1027de8008169cf44cf0f35b

SHA512
b759d657c49b1f94ac5e4d2f7716e036a7c42d8b4662e86c939917195dc96503009170217c03bae51a4ee25afe922fa92f60f1cc36da60d55b8538b07f9c3be0

Download Submit
C:\Windows\System\kroKVbJ.exe

Filesize
2.0MB

MD5
efd6afb20d799947151b3577b3d4c8ed

SHA1
d01ba55d27d24988f405440afc9c037d196ed17e

SHA256
216550f4a4e81637380f5996f5e742f3d43ef58e416e62bc6a66962e9fa24099

SHA512
90f0887cf680bfa10673b481d6825478a3ff6b879493a95bf467b76609d3fa30cfdb577d4b2c290012af7115f7bcaddf4302860442e9b86cea89c35a638fbb0c

Download Submit
C:\Windows\System\lfmLHMI.exe

Filesize
2.0MB

MD5
5f63a02cfc8437e110c78628db8b9722

SHA1
fffa93e15af36ff270856012a6df1158c3d90e4d

SHA256
6f40b85383855f904adf1eaf3044f9d31dfa809a4517ad79c03cc1dd3187d7e1

SHA512
3d447f747b569bcc17c595d369cbae16ab6bdc9fb1a417acf08effe7eaa5e32f3c9dce2ccbea3d39b19fd7ea571e4344b74fad6207279e8c3956193d75591e81

Download Submit
C:\Windows\System\mnzAIZp.exe

Filesize
2.0MB

MD5
63f90570182a5f7cacf30718dc7e091b

SHA1
2ff488d8c2b6665bc0d1d00cf1bb48936d69032e

SHA256
e08d54921c0224e3c3777750bc46c8c0ee4de4286d79a676a2ac1527e4dc9eb7

SHA512
204fbbcfae707e10a8680427ebca266ac91486180594bee5b906844c059b02109aee8cea59d170977877479e7946d99a540fb30fca7dc9f13d49f3145a216a0d

Download Submit
C:\Windows\System\pkpASiG.exe

Filesize
8B

MD5
9e16362b7eef9ff59cf4576b688fec20

SHA1
58714a79316bdda8b345ca47c2a7e8087e024871

SHA256
cb157cd47cb9ddacb8fa194262e9cc1364ca68490d93ad041938e77ef90ead7c

SHA512
53056e2e9a952538e1c61538c2bad2166adaf2d4a03d0e97e211329cd7f80967988343aa21690b08c2f1ad6d3fabfdc6095392f57b127d575de79d724d1a09de

Download Submit
C:\Windows\System\sDDVcWb.exe

Filesize
2.0MB

MD5
7f043516a255f6b189f268ddb47bf857

SHA1
8b7f71811cd7cc1f20ab1165615b20b2f94fabef

SHA256
6da0569883329d6d60b943ffcf587789930d7eb55688e07fe9574ec245b50b40

SHA512
4712cf1c293700e1b2a316674e8419757286a6a3b489079221ada583c907f6366f6993629c5f6818d624c0b17611bc0027ba48b19a2166b4dcadad890044280e

Download Submit
C:\Windows\System\srNmxOo.exe

Filesize
2.0MB

MD5
2a23d412f8e807cc40302e9fa929e51e

SHA1
78d4ed713f24a6965f6da4788e923afd5a6453cc

SHA256
83bee6ddb23eb9e1af680a9cf36572f3aca7c1b32392b477f6be6489ae720d97

SHA512
2f006807b12c990d469b6bd5138364fdef381b1728eeb096cd5da8523045b4286ed09dab18eb4ef459fddb43f2ccad2dd588088e4c55ccc0b6d82d5b468c0407

Download Submit
C:\Windows\System\xreZxFE.exe

Filesize
2.0MB

MD5
06cb3a09488b2c615ec11780e973f2f6

SHA1
26868713196da03cdf795ed188d94c83915d336b

SHA256
0cd2d0550e8e176cf62103ac0c2fc00b5bb64fd58caed81f9141c0fb2cfa7cdd

SHA512
70ab92ea3f00e693f83851399842055c3f62b5256930543ee811ff2b113dc92bfc322d2e0d0b4218004010b004003af3cb943734b30065a84ced983ef9d6bb52

Download Submit
C:\Windows\System\ygTXJAn.exe

Filesize
2.0MB

MD5
9c999fd24f8c40cbe588284543cb43b4

SHA1
5e1e39913e4116a1de82d60ada4a0363ccb3ad58

SHA256
d363c99a88bf6d76d783498894539debaa7d98756816c5d8cba26740a9400695

SHA512
78a0a645df4ab3465d444e4d1c533378a82a545c97f05ee82b3d0828e3e0ecd8d3215212c777e993154054694e84744ace68b4b40becc6cd17614f17fb0e989d

Download Submit
C:\Windows\System\zcJTVYE.exe

Filesize
2.0MB

MD5
484b4c671970c14a566b273f6aa83cac

SHA1
be314ccde2e0da52ba9691957abb07d71511e231

SHA256
80a3a284453a5ea4ace0e8bbd60554a9ab7384913ac26e863f7c8ab083b1fca4

SHA512
41c540657ef90f9e949c7a14b70c3f4025fb9fa775c35f222b9e47ee78795925d8fb34959311c63bd74c1240830d3db007245741a1ba89f039425000b382c16b

Download Submit
C:\Windows\System\zrOXihx.exe

Filesize
2.0MB

MD5
86645b0555b02abd3905e083f2851f8b

SHA1
733c12a193e17e4256fdb98450f53822d1be1c6e

SHA256
1da07b1f3881f8e6e46acba1a46ba75f96bd08bb7ab1facdfff0cfec6fbe035b

SHA512
0905e7049c7eb79bf8f637e784610bd6be84f2b46d2a304d951f13f4baad6b1db0cee465d4024223c5a37722040ba2dd4f6f3be3b2a14de2cb888a19765832a6

Download Submit
memory/436-4339-0x00007FF6EF130000-0x00007FF6EF522000-memory.dmp

Filesize
3.9MB

Download
memory/436-0-0x00007FF6EF130000-0x00007FF6EF522000-memory.dmp

Filesize
3.9MB

Download
memory/436-1-0x0000023BF8390000-0x0000023BF83A0000-memory.dmp

Filesize
64KB

Download
memory/884-134-0x00007FF6E7F50000-0x00007FF6E8342000-memory.dmp

Filesize
3.9MB

Download
memory/928-137-0x00007FF602AF0000-0x00007FF602EE2000-memory.dmp

Filesize
3.9MB

Download
memory/952-499-0x00007FF6DC1C0000-0x00007FF6DC5B2000-memory.dmp

Filesize
3.9MB

Download
memory/1028-131-0x00007FF6032D0000-0x00007FF6036C2000-memory.dmp

Filesize
3.9MB

Download
memory/1348-4352-0x00007FF61B290000-0x00007FF61B682000-memory.dmp

Filesize
3.9MB

Download
memory/1348-136-0x00007FF61B290000-0x00007FF61B682000-memory.dmp

Filesize
3.9MB

Download
memory/1516-470-0x00007FF747450000-0x00007FF747842000-memory.dmp

Filesize
3.9MB

Download
memory/1716-348-0x00007FF73C250000-0x00007FF73C642000-memory.dmp

Filesize
3.9MB

Download
memory/1736-542-0x00007FF73F5F0000-0x00007FF73F9E2000-memory.dmp

Filesize
3.9MB

Download
memory/2004-135-0x00007FF7B1CB0000-0x00007FF7B20A2000-memory.dmp

Filesize
3.9MB

Download
memory/2124-471-0x00007FF78C8C0000-0x00007FF78CCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2196-4357-0x00007FF652E70000-0x00007FF653262000-memory.dmp

Filesize
3.9MB

Download
memory/2196-216-0x00007FF652E70000-0x00007FF653262000-memory.dmp

Filesize
3.9MB

Download
memory/2340-130-0x00007FF603CA0000-0x00007FF604092000-memory.dmp

Filesize
3.9MB

Download
memory/3248-4342-0x00007FF68F0D0000-0x00007FF68F4C2000-memory.dmp

Filesize
3.9MB

Download
memory/3248-19-0x00007FF68F0D0000-0x00007FF68F4C2000-memory.dmp

Filesize
3.9MB

Download
memory/3404-606-0x00007FF63B840000-0x00007FF63BC32000-memory.dmp

Filesize
3.9MB

Download
memory/3480-133-0x00007FF7D5560000-0x00007FF7D5952000-memory.dmp

Filesize
3.9MB

Download
memory/3932-329-0x00007FF74D700000-0x00007FF74DAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3968-39-0x00007FF6FE340000-0x00007FF6FE732000-memory.dmp

Filesize
3.9MB

Download
memory/3968-4337-0x00007FF6FE340000-0x00007FF6FE732000-memory.dmp

Filesize
3.9MB

Download
memory/4300-296-0x00007FF7F7610000-0x00007FF7F7A02000-memory.dmp

Filesize
3.9MB

Download
memory/4368-92-0x00007FFA1DF90000-0x00007FFA1EA51000-memory.dmp

Filesize
10.8MB

Download
memory/4368-128-0x00007FFA1DF90000-0x00007FFA1EA51000-memory.dmp

Filesize
10.8MB

Download
memory/4368-40-0x00007FFA1DF93000-0x00007FFA1DF95000-memory.dmp

Filesize
8KB

Download
memory/4368-212-0x000002B95B280000-0x000002B95B2A2000-memory.dmp

Filesize
136KB

Download
memory/4412-219-0x00007FF722390000-0x00007FF722782000-memory.dmp

Filesize
3.9MB

Download
memory/4440-132-0x00007FF729610000-0x00007FF729A02000-memory.dmp

Filesize
3.9MB

Download
memory/4468-250-0x00007FF771010000-0x00007FF771402000-memory.dmp

Filesize
3.9MB

Download
memory/4628-129-0x00007FF7EE250000-0x00007FF7EE642000-memory.dmp

Filesize
3.9MB

Download
memory/4992-4355-0x00007FF6D0BE0000-0x00007FF6D0FD2000-memory.dmp

Filesize
3.9MB

Download
memory/4992-138-0x00007FF6D0BE0000-0x00007FF6D0FD2000-memory.dmp

Filesize
3.9MB

Download
memory/5044-407-0x00007FF79DCA0000-0x00007FF79E092000-memory.dmp

Filesize
3.9MB

Download