xmrig | 7578b29addcb834dfdf64a67fabdaa23143cb47e99a1cb0fa2f77ad2b44fc14b

Analysis

max time kernel
126s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
Size

2.1MB
MD5

0f88f1996085a8650ac3a675a46a20ac
SHA1

b9748066f6a44bf61e2dded48552a7161fd84f53
SHA256

7578b29addcb834dfdf64a67fabdaa23143cb47e99a1cb0fa2f77ad2b44fc14b
SHA512

5c4c50d3ee9d989c16360bccedef0b142633201257154d705fb0801e1966c1f2a2d59a1a27160868d4bbc4fd4137f893fa7a6e06fd30fd7f1a96546a9227a9c2
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qru/:NABx

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/688-12-0x00007FF77E530000-0x00007FF77E922000-memory.dmp	xmrig
behavioral2/memory/4828-470-0x00007FF61BEF0000-0x00007FF61C2E2000-memory.dmp	xmrig
behavioral2/memory/2196-471-0x00007FF669300000-0x00007FF6696F2000-memory.dmp	xmrig
behavioral2/memory/492-472-0x00007FF662B60000-0x00007FF662F52000-memory.dmp	xmrig
behavioral2/memory/5100-469-0x00007FF72FD20000-0x00007FF730112000-memory.dmp	xmrig
behavioral2/memory/2032-67-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp	xmrig
behavioral2/memory/3716-473-0x00007FF6BE0B0000-0x00007FF6BE4A2000-memory.dmp	xmrig
behavioral2/memory/4176-475-0x00007FF7F6B20000-0x00007FF7F6F12000-memory.dmp	xmrig
behavioral2/memory/1552-476-0x00007FF667810000-0x00007FF667C02000-memory.dmp	xmrig
behavioral2/memory/2268-477-0x00007FF7BCFB0000-0x00007FF7BD3A2000-memory.dmp	xmrig
behavioral2/memory/2960-478-0x00007FF7B3C50000-0x00007FF7B4042000-memory.dmp	xmrig
behavioral2/memory/4680-480-0x00007FF752DC0000-0x00007FF7531B2000-memory.dmp	xmrig
behavioral2/memory/4740-479-0x00007FF6AAEF0000-0x00007FF6AB2E2000-memory.dmp	xmrig
behavioral2/memory/3116-474-0x00007FF798450000-0x00007FF798842000-memory.dmp	xmrig
behavioral2/memory/4488-500-0x00007FF7CFC80000-0x00007FF7D0072000-memory.dmp	xmrig
behavioral2/memory/1960-516-0x00007FF6795B0000-0x00007FF6799A2000-memory.dmp	xmrig
behavioral2/memory/3512-528-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp	xmrig
behavioral2/memory/4060-539-0x00007FF6FBBB0000-0x00007FF6FBFA2000-memory.dmp	xmrig
behavioral2/memory/1344-544-0x00007FF67DCE0000-0x00007FF67E0D2000-memory.dmp	xmrig
behavioral2/memory/2140-534-0x00007FF7A90E0000-0x00007FF7A94D2000-memory.dmp	xmrig
behavioral2/memory/2324-532-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp	xmrig
behavioral2/memory/4152-523-0x00007FF762660000-0x00007FF762A52000-memory.dmp	xmrig
behavioral2/memory/2632-492-0x00007FF7FC3A0000-0x00007FF7FC792000-memory.dmp	xmrig
behavioral2/memory/3724-485-0x00007FF763920000-0x00007FF763D12000-memory.dmp	xmrig
behavioral2/memory/1412-2129-0x00007FF709E50000-0x00007FF70A242000-memory.dmp	xmrig
behavioral2/memory/688-2166-0x00007FF77E530000-0x00007FF77E922000-memory.dmp	xmrig
behavioral2/memory/3512-2168-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp	xmrig
behavioral2/memory/5100-2174-0x00007FF72FD20000-0x00007FF730112000-memory.dmp	xmrig
behavioral2/memory/2032-2172-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp	xmrig
behavioral2/memory/2324-2171-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp	xmrig
behavioral2/memory/2140-2177-0x00007FF7A90E0000-0x00007FF7A94D2000-memory.dmp	xmrig
behavioral2/memory/4828-2178-0x00007FF61BEF0000-0x00007FF61C2E2000-memory.dmp	xmrig
behavioral2/memory/492-2186-0x00007FF662B60000-0x00007FF662F52000-memory.dmp	xmrig
behavioral2/memory/4060-2184-0x00007FF6FBBB0000-0x00007FF6FBFA2000-memory.dmp	xmrig
behavioral2/memory/3716-2188-0x00007FF6BE0B0000-0x00007FF6BE4A2000-memory.dmp	xmrig
behavioral2/memory/2196-2183-0x00007FF669300000-0x00007FF6696F2000-memory.dmp	xmrig
behavioral2/memory/1344-2181-0x00007FF67DCE0000-0x00007FF67E0D2000-memory.dmp	xmrig
behavioral2/memory/4740-2200-0x00007FF6AAEF0000-0x00007FF6AB2E2000-memory.dmp	xmrig
behavioral2/memory/3724-2204-0x00007FF763920000-0x00007FF763D12000-memory.dmp	xmrig
behavioral2/memory/2632-2208-0x00007FF7FC3A0000-0x00007FF7FC792000-memory.dmp	xmrig
behavioral2/memory/4152-2212-0x00007FF762660000-0x00007FF762A52000-memory.dmp	xmrig
behavioral2/memory/4488-2210-0x00007FF7CFC80000-0x00007FF7D0072000-memory.dmp	xmrig
behavioral2/memory/1960-2207-0x00007FF6795B0000-0x00007FF6799A2000-memory.dmp	xmrig
behavioral2/memory/2960-2202-0x00007FF7B3C50000-0x00007FF7B4042000-memory.dmp	xmrig
behavioral2/memory/1552-2193-0x00007FF667810000-0x00007FF667C02000-memory.dmp	xmrig
behavioral2/memory/4680-2199-0x00007FF752DC0000-0x00007FF7531B2000-memory.dmp	xmrig
behavioral2/memory/3116-2197-0x00007FF798450000-0x00007FF798842000-memory.dmp	xmrig
behavioral2/memory/4176-2195-0x00007FF7F6B20000-0x00007FF7F6F12000-memory.dmp	xmrig
behavioral2/memory/2268-2191-0x00007FF7BCFB0000-0x00007FF7BD3A2000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
9	1096	powershell.exe
11	1096	powershell.exe
16	1096	powershell.exe
17	1096	powershell.exe
19	1096	powershell.exe
21	1096	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1096	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
688	hwgKRQu.exe
3512	WtFTRrA.exe
2324	TIHNsct.exe
2032	IzvLriA.exe
5100	GHOXbEf.exe
4828	gMhmHXd.exe
2140	KJqzKec.exe
2196	QjgNIlA.exe
492	wmTlMBL.exe
4060	beGOvnc.exe
1344	BrFgLHX.exe
3716	bKEEoUf.exe
3116	OcGenGS.exe
4176	pYGMLEu.exe
1552	gSLNBVS.exe
2268	rjhTLNR.exe
2960	EWhBkYI.exe
4740	ysVQEEm.exe
4680	WWYNAcd.exe
3724	FlIevCr.exe
2632	aqqgulB.exe
4488	yDTVGMd.exe
1960	sBHOkwF.exe
4152	gaPpjuf.exe
1224	UjUUcat.exe
4936	jdGGQIb.exe
2344	GRRRNPO.exe
3720	tXoYGtl.exe
2148	gjXQuXw.exe
5116	zotrOKj.exe
3484	CfWfAsJ.exe
4696	WjdgQyC.exe
4536	JEnEfsG.exe
2808	lSDnuPw.exe
3784	UCQeESV.exe
2044	IzAQipE.exe
3644	HEcWVdN.exe
1264	eGpSQCT.exe
4456	OqNCJku.exe
572	AioSaHu.exe
2036	rlMVEoZ.exe
4284	AmfVdTS.exe
1500	lQGLgyH.exe
2404	aPPviHE.exe
3052	DDslGwo.exe
4852	YdhCtNR.exe
2000	VMKMkAB.exe
3920	LvdbHqk.exe
3172	XVrnovJ.exe
904	sAktMBF.exe
692	kDDkhxF.exe
3676	NpsJSdx.exe
4864	EEWzNUb.exe
5004	kEeZSxI.exe
4012	iKXycRq.exe
5024	bgXTIlx.exe
5000	zVQjUJh.exe
4420	xqoVxoh.exe
3160	GLgAqah.exe
4016	LRvJIsj.exe
3868	PVughGi.exe
2908	nNdytah.exe
4496	LAXnSRt.exe
4332	HNMxMHJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1412-0-0x00007FF709E50000-0x00007FF70A242000-memory.dmp	upx
behavioral2/files/0x000b000000023bc7-5.dat	upx
behavioral2/files/0x000a000000023bcc-8.dat	upx
behavioral2/memory/688-12-0x00007FF77E530000-0x00007FF77E922000-memory.dmp	upx
behavioral2/files/0x000a000000023bcb-11.dat	upx
behavioral2/files/0x000a000000023bcd-20.dat	upx
behavioral2/files/0x000a000000023bcf-29.dat	upx
behavioral2/files/0x000a000000023bce-30.dat	upx
behavioral2/files/0x000a000000023bd2-60.dat	upx
behavioral2/files/0x000a000000023bd3-64.dat	upx
behavioral2/files/0x000b000000023bd5-74.dat	upx
behavioral2/files/0x000a000000023bd6-76.dat	upx
behavioral2/files/0x000a000000023bd7-83.dat	upx
behavioral2/files/0x000b000000023bc8-89.dat	upx
behavioral2/files/0x000a000000023bd9-104.dat	upx
behavioral2/files/0x000a000000023bdb-113.dat	upx
behavioral2/files/0x000a000000023bdd-123.dat	upx
behavioral2/files/0x000b000000023be0-135.dat	upx
behavioral2/files/0x000b000000023be2-145.dat	upx
behavioral2/files/0x0009000000023bff-169.dat	upx
behavioral2/memory/4828-470-0x00007FF61BEF0000-0x00007FF61C2E2000-memory.dmp	upx
behavioral2/memory/2196-471-0x00007FF669300000-0x00007FF6696F2000-memory.dmp	upx
behavioral2/memory/492-472-0x00007FF662B60000-0x00007FF662F52000-memory.dmp	upx
behavioral2/memory/5100-469-0x00007FF72FD20000-0x00007FF730112000-memory.dmp	upx
behavioral2/files/0x000e000000023c05-178.dat	upx
behavioral2/files/0x0009000000023c01-175.dat	upx
behavioral2/files/0x0009000000023c00-173.dat	upx
behavioral2/files/0x0008000000023bfa-164.dat	upx
behavioral2/files/0x000e000000023bf1-158.dat	upx
behavioral2/files/0x000a000000023bea-154.dat	upx
behavioral2/files/0x000b000000023be1-143.dat	upx
behavioral2/files/0x000a000000023bdf-133.dat	upx
behavioral2/files/0x000a000000023bde-129.dat	upx
behavioral2/files/0x000a000000023bdc-119.dat	upx
behavioral2/files/0x000a000000023bda-109.dat	upx
behavioral2/files/0x000a000000023bd8-98.dat	upx
behavioral2/files/0x000b000000023bd4-94.dat	upx
behavioral2/memory/2032-67-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp	upx
behavioral2/files/0x000a000000023bd1-57.dat	upx
behavioral2/files/0x000a000000023bd0-37.dat	upx
behavioral2/memory/3716-473-0x00007FF6BE0B0000-0x00007FF6BE4A2000-memory.dmp	upx
behavioral2/memory/4176-475-0x00007FF7F6B20000-0x00007FF7F6F12000-memory.dmp	upx
behavioral2/memory/1552-476-0x00007FF667810000-0x00007FF667C02000-memory.dmp	upx
behavioral2/memory/2268-477-0x00007FF7BCFB0000-0x00007FF7BD3A2000-memory.dmp	upx
behavioral2/memory/2960-478-0x00007FF7B3C50000-0x00007FF7B4042000-memory.dmp	upx
behavioral2/memory/4680-480-0x00007FF752DC0000-0x00007FF7531B2000-memory.dmp	upx
behavioral2/memory/4740-479-0x00007FF6AAEF0000-0x00007FF6AB2E2000-memory.dmp	upx
behavioral2/memory/3116-474-0x00007FF798450000-0x00007FF798842000-memory.dmp	upx
behavioral2/memory/4488-500-0x00007FF7CFC80000-0x00007FF7D0072000-memory.dmp	upx
behavioral2/memory/1960-516-0x00007FF6795B0000-0x00007FF6799A2000-memory.dmp	upx
behavioral2/memory/3512-528-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp	upx
behavioral2/memory/4060-539-0x00007FF6FBBB0000-0x00007FF6FBFA2000-memory.dmp	upx
behavioral2/memory/1344-544-0x00007FF67DCE0000-0x00007FF67E0D2000-memory.dmp	upx
behavioral2/memory/2140-534-0x00007FF7A90E0000-0x00007FF7A94D2000-memory.dmp	upx
behavioral2/memory/2324-532-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp	upx
behavioral2/memory/4152-523-0x00007FF762660000-0x00007FF762A52000-memory.dmp	upx
behavioral2/memory/2632-492-0x00007FF7FC3A0000-0x00007FF7FC792000-memory.dmp	upx
behavioral2/memory/3724-485-0x00007FF763920000-0x00007FF763D12000-memory.dmp	upx
behavioral2/memory/1412-2129-0x00007FF709E50000-0x00007FF70A242000-memory.dmp	upx
behavioral2/memory/688-2166-0x00007FF77E530000-0x00007FF77E922000-memory.dmp	upx
behavioral2/memory/3512-2168-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp	upx
behavioral2/memory/5100-2174-0x00007FF72FD20000-0x00007FF730112000-memory.dmp	upx
behavioral2/memory/2032-2172-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp	upx
behavioral2/memory/2324-2171-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nxolDkD.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\pbWjFmL.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\NmPmZfD.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\VMKMkAB.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\kGfUSvY.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\JXUTfUf.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\IFaJpDv.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\cVMBOEN.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\lQGLgyH.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\NXGkCDj.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\YZbuCpX.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\XuHWbqd.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\beGOvnc.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\MApchEz.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\mjoooZP.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\CnIuoYt.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\TdfQGRZ.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\eVTOwxr.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\RVrnfrl.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\rMlnIVL.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\HjMuOzN.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\kkDyiDO.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\VfVVNyo.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\YRdHfdH.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\cotGSCR.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\rBDreyt.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\CJgyMdY.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\sEYkXWS.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\rDUDlIw.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\CoytyyQ.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\GEHKYJI.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\ODZoQkT.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\LnNsvNs.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\yZdlKOg.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\whXxlHY.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\BmyDZZi.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\ZuHbYVV.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\lmbNMqt.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\TETABAX.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\wxFkazn.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\OUADeQW.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\FmuPDQU.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\ZIqFLeI.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\DzrIyWI.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\bgXTIlx.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\dARfBMO.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\EUsSPIG.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\OHglRny.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\ZjtbKdM.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\zotrOKj.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\gAgAlje.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\uQVHYHf.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\WWYNAcd.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\xaZTzHu.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\xaCXmMv.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\EQtyENr.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\PAMTvze.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\qUwCHPo.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\xIJBNfj.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\BqRmbPA.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\PgKebUK.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\XUglBsd.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\gpkHNnh.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
File created	C:\Windows\System\vZXzciL.exe	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1096	powershell.exe
1096	powershell.exe
1096	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
Token: SeDebugPrivilege	1096	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 1096	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	85
PID 1412 wrote to memory of 1096	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	85
PID 1412 wrote to memory of 688	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	86
PID 1412 wrote to memory of 688	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	86
PID 1412 wrote to memory of 3512	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	87
PID 1412 wrote to memory of 3512	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	87
PID 1412 wrote to memory of 2324	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	88
PID 1412 wrote to memory of 2324	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	88
PID 1412 wrote to memory of 2032	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	89
PID 1412 wrote to memory of 2032	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	89
PID 1412 wrote to memory of 5100	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	90
PID 1412 wrote to memory of 5100	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	90
PID 1412 wrote to memory of 4828	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	91
PID 1412 wrote to memory of 4828	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	91
PID 1412 wrote to memory of 2140	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	92
PID 1412 wrote to memory of 2140	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	92
PID 1412 wrote to memory of 2196	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	93
PID 1412 wrote to memory of 2196	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	93
PID 1412 wrote to memory of 492	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	94
PID 1412 wrote to memory of 492	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	94
PID 1412 wrote to memory of 4060	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	95
PID 1412 wrote to memory of 4060	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	95
PID 1412 wrote to memory of 1344	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	96
PID 1412 wrote to memory of 1344	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	96
PID 1412 wrote to memory of 3716	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	97
PID 1412 wrote to memory of 3716	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	97
PID 1412 wrote to memory of 3116	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	98
PID 1412 wrote to memory of 3116	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	98
PID 1412 wrote to memory of 4176	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	99
PID 1412 wrote to memory of 4176	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	99
PID 1412 wrote to memory of 1552	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	100
PID 1412 wrote to memory of 1552	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	100
PID 1412 wrote to memory of 2268	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	101
PID 1412 wrote to memory of 2268	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	101
PID 1412 wrote to memory of 2960	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	102
PID 1412 wrote to memory of 2960	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	102
PID 1412 wrote to memory of 4740	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	103
PID 1412 wrote to memory of 4740	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	103
PID 1412 wrote to memory of 4680	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	104
PID 1412 wrote to memory of 4680	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	104
PID 1412 wrote to memory of 3724	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	105
PID 1412 wrote to memory of 3724	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	105
PID 1412 wrote to memory of 2632	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	106
PID 1412 wrote to memory of 2632	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	106
PID 1412 wrote to memory of 4488	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	107
PID 1412 wrote to memory of 4488	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	107
PID 1412 wrote to memory of 1960	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	108
PID 1412 wrote to memory of 1960	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	108
PID 1412 wrote to memory of 4152	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	109
PID 1412 wrote to memory of 4152	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	109
PID 1412 wrote to memory of 1224	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	110
PID 1412 wrote to memory of 1224	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	110
PID 1412 wrote to memory of 4936	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	111
PID 1412 wrote to memory of 4936	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	111
PID 1412 wrote to memory of 2344	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	112
PID 1412 wrote to memory of 2344	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	112
PID 1412 wrote to memory of 3720	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	113
PID 1412 wrote to memory of 3720	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	113
PID 1412 wrote to memory of 2148	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	114
PID 1412 wrote to memory of 2148	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	114
PID 1412 wrote to memory of 5116	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	115
PID 1412 wrote to memory of 5116	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	115
PID 1412 wrote to memory of 3484	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	116
PID 1412 wrote to memory of 3484	1412	0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe	116

C:\Users\Admin\AppData\Local\Temp\0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f88f1996085a8650ac3a675a46a20ac_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1096
- C:\Windows\System\hwgKRQu.exe
  C:\Windows\System\hwgKRQu.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\WtFTRrA.exe
  C:\Windows\System\WtFTRrA.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\TIHNsct.exe
  C:\Windows\System\TIHNsct.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\IzvLriA.exe
  C:\Windows\System\IzvLriA.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\GHOXbEf.exe
  C:\Windows\System\GHOXbEf.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\gMhmHXd.exe
  C:\Windows\System\gMhmHXd.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\KJqzKec.exe
  C:\Windows\System\KJqzKec.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\QjgNIlA.exe
  C:\Windows\System\QjgNIlA.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\wmTlMBL.exe
  C:\Windows\System\wmTlMBL.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\beGOvnc.exe
  C:\Windows\System\beGOvnc.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\BrFgLHX.exe
  C:\Windows\System\BrFgLHX.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\bKEEoUf.exe
  C:\Windows\System\bKEEoUf.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\OcGenGS.exe
  C:\Windows\System\OcGenGS.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\pYGMLEu.exe
  C:\Windows\System\pYGMLEu.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\gSLNBVS.exe
  C:\Windows\System\gSLNBVS.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\rjhTLNR.exe
  C:\Windows\System\rjhTLNR.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\EWhBkYI.exe
  C:\Windows\System\EWhBkYI.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ysVQEEm.exe
  C:\Windows\System\ysVQEEm.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\WWYNAcd.exe
  C:\Windows\System\WWYNAcd.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\FlIevCr.exe
  C:\Windows\System\FlIevCr.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\aqqgulB.exe
  C:\Windows\System\aqqgulB.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\yDTVGMd.exe
  C:\Windows\System\yDTVGMd.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\sBHOkwF.exe
  C:\Windows\System\sBHOkwF.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\gaPpjuf.exe
  C:\Windows\System\gaPpjuf.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\UjUUcat.exe
  C:\Windows\System\UjUUcat.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\jdGGQIb.exe
  C:\Windows\System\jdGGQIb.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\GRRRNPO.exe
  C:\Windows\System\GRRRNPO.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\tXoYGtl.exe
  C:\Windows\System\tXoYGtl.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\gjXQuXw.exe
  C:\Windows\System\gjXQuXw.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\zotrOKj.exe
  C:\Windows\System\zotrOKj.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\CfWfAsJ.exe
  C:\Windows\System\CfWfAsJ.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\WjdgQyC.exe
  C:\Windows\System\WjdgQyC.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\JEnEfsG.exe
  C:\Windows\System\JEnEfsG.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\lSDnuPw.exe
  C:\Windows\System\lSDnuPw.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\UCQeESV.exe
  C:\Windows\System\UCQeESV.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\IzAQipE.exe
  C:\Windows\System\IzAQipE.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\HEcWVdN.exe
  C:\Windows\System\HEcWVdN.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\eGpSQCT.exe
  C:\Windows\System\eGpSQCT.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\OqNCJku.exe
  C:\Windows\System\OqNCJku.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\AioSaHu.exe
  C:\Windows\System\AioSaHu.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\rlMVEoZ.exe
  C:\Windows\System\rlMVEoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\AmfVdTS.exe
  C:\Windows\System\AmfVdTS.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\lQGLgyH.exe
  C:\Windows\System\lQGLgyH.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\aPPviHE.exe
  C:\Windows\System\aPPviHE.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\DDslGwo.exe
  C:\Windows\System\DDslGwo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\YdhCtNR.exe
  C:\Windows\System\YdhCtNR.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\VMKMkAB.exe
  C:\Windows\System\VMKMkAB.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\LvdbHqk.exe
  C:\Windows\System\LvdbHqk.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\XVrnovJ.exe
  C:\Windows\System\XVrnovJ.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\sAktMBF.exe
  C:\Windows\System\sAktMBF.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\kDDkhxF.exe
  C:\Windows\System\kDDkhxF.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\NpsJSdx.exe
  C:\Windows\System\NpsJSdx.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\EEWzNUb.exe
  C:\Windows\System\EEWzNUb.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\kEeZSxI.exe
  C:\Windows\System\kEeZSxI.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\iKXycRq.exe
  C:\Windows\System\iKXycRq.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\bgXTIlx.exe
  C:\Windows\System\bgXTIlx.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\zVQjUJh.exe
  C:\Windows\System\zVQjUJh.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\xqoVxoh.exe
  C:\Windows\System\xqoVxoh.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\GLgAqah.exe
  C:\Windows\System\GLgAqah.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\LRvJIsj.exe
  C:\Windows\System\LRvJIsj.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\PVughGi.exe
  C:\Windows\System\PVughGi.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\nNdytah.exe
  C:\Windows\System\nNdytah.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\LAXnSRt.exe
  C:\Windows\System\LAXnSRt.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\HNMxMHJ.exe
  C:\Windows\System\HNMxMHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\AUwOLlQ.exe
  C:\Windows\System\AUwOLlQ.exe
  2⤵
  PID:4720
- C:\Windows\System\LdFbzfX.exe
  C:\Windows\System\LdFbzfX.exe
  2⤵
  PID:2696
- C:\Windows\System\ZxYLEYQ.exe
  C:\Windows\System\ZxYLEYQ.exe
  2⤵
  PID:3972
- C:\Windows\System\uTKbEdj.exe
  C:\Windows\System\uTKbEdj.exe
  2⤵
  PID:968
- C:\Windows\System\rBDreyt.exe
  C:\Windows\System\rBDreyt.exe
  2⤵
  PID:5128
- C:\Windows\System\gkXHgaZ.exe
  C:\Windows\System\gkXHgaZ.exe
  2⤵
  PID:5156
- C:\Windows\System\ZJNGarG.exe
  C:\Windows\System\ZJNGarG.exe
  2⤵
  PID:5184
- C:\Windows\System\VZbsqXa.exe
  C:\Windows\System\VZbsqXa.exe
  2⤵
  PID:5216
- C:\Windows\System\uRXklOj.exe
  C:\Windows\System\uRXklOj.exe
  2⤵
  PID:5244
- C:\Windows\System\CJgyMdY.exe
  C:\Windows\System\CJgyMdY.exe
  2⤵
  PID:5276
- C:\Windows\System\simiohB.exe
  C:\Windows\System\simiohB.exe
  2⤵
  PID:5300
- C:\Windows\System\qqoCSCK.exe
  C:\Windows\System\qqoCSCK.exe
  2⤵
  PID:5328
- C:\Windows\System\WLNkGqp.exe
  C:\Windows\System\WLNkGqp.exe
  2⤵
  PID:5356
- C:\Windows\System\KuQzfhX.exe
  C:\Windows\System\KuQzfhX.exe
  2⤵
  PID:5384
- C:\Windows\System\LYNMNAU.exe
  C:\Windows\System\LYNMNAU.exe
  2⤵
  PID:5408
- C:\Windows\System\ICefHkz.exe
  C:\Windows\System\ICefHkz.exe
  2⤵
  PID:5440
- C:\Windows\System\mJwsylu.exe
  C:\Windows\System\mJwsylu.exe
  2⤵
  PID:5464
- C:\Windows\System\LfwpmUx.exe
  C:\Windows\System\LfwpmUx.exe
  2⤵
  PID:5504
- C:\Windows\System\LXjirHP.exe
  C:\Windows\System\LXjirHP.exe
  2⤵
  PID:5536
- C:\Windows\System\KDQrTTj.exe
  C:\Windows\System\KDQrTTj.exe
  2⤵
  PID:5564
- C:\Windows\System\rWJcNEe.exe
  C:\Windows\System\rWJcNEe.exe
  2⤵
  PID:5592
- C:\Windows\System\qDdEUSM.exe
  C:\Windows\System\qDdEUSM.exe
  2⤵
  PID:5620
- C:\Windows\System\XincRtv.exe
  C:\Windows\System\XincRtv.exe
  2⤵
  PID:5648
- C:\Windows\System\GPllhix.exe
  C:\Windows\System\GPllhix.exe
  2⤵
  PID:5676
- C:\Windows\System\DUVbqCK.exe
  C:\Windows\System\DUVbqCK.exe
  2⤵
  PID:5704
- C:\Windows\System\kwhwmwx.exe
  C:\Windows\System\kwhwmwx.exe
  2⤵
  PID:5756
- C:\Windows\System\nkyFsyY.exe
  C:\Windows\System\nkyFsyY.exe
  2⤵
  PID:5772
- C:\Windows\System\ZnwyWPY.exe
  C:\Windows\System\ZnwyWPY.exe
  2⤵
  PID:5788
- C:\Windows\System\EOOXCQk.exe
  C:\Windows\System\EOOXCQk.exe
  2⤵
  PID:5812
- C:\Windows\System\FYmqyvp.exe
  C:\Windows\System\FYmqyvp.exe
  2⤵
  PID:5844
- C:\Windows\System\uprdNln.exe
  C:\Windows\System\uprdNln.exe
  2⤵
  PID:5872
- C:\Windows\System\ODZoQkT.exe
  C:\Windows\System\ODZoQkT.exe
  2⤵
  PID:5900
- C:\Windows\System\ZuHbYVV.exe
  C:\Windows\System\ZuHbYVV.exe
  2⤵
  PID:5916
- C:\Windows\System\xaZTzHu.exe
  C:\Windows\System\xaZTzHu.exe
  2⤵
  PID:5944
- C:\Windows\System\OCOUcqT.exe
  C:\Windows\System\OCOUcqT.exe
  2⤵
  PID:5972
- C:\Windows\System\sOyTOwA.exe
  C:\Windows\System\sOyTOwA.exe
  2⤵
  PID:6000
- C:\Windows\System\pIzzivz.exe
  C:\Windows\System\pIzzivz.exe
  2⤵
  PID:6028
- C:\Windows\System\olrGkdY.exe
  C:\Windows\System\olrGkdY.exe
  2⤵
  PID:6056
- C:\Windows\System\Fmnexfb.exe
  C:\Windows\System\Fmnexfb.exe
  2⤵
  PID:6084
- C:\Windows\System\sEYkXWS.exe
  C:\Windows\System\sEYkXWS.exe
  2⤵
  PID:6112
- C:\Windows\System\JxOlKuF.exe
  C:\Windows\System\JxOlKuF.exe
  2⤵
  PID:6140
- C:\Windows\System\xzpMjze.exe
  C:\Windows\System\xzpMjze.exe
  2⤵
  PID:4712
- C:\Windows\System\RVrnfrl.exe
  C:\Windows\System\RVrnfrl.exe
  2⤵
  PID:3728
- C:\Windows\System\EeSPYaK.exe
  C:\Windows\System\EeSPYaK.exe
  2⤵
  PID:3884
- C:\Windows\System\CGVMlQG.exe
  C:\Windows\System\CGVMlQG.exe
  2⤵
  PID:3300
- C:\Windows\System\dARfBMO.exe
  C:\Windows\System\dARfBMO.exe
  2⤵
  PID:5172
- C:\Windows\System\yognQbN.exe
  C:\Windows\System\yognQbN.exe
  2⤵
  PID:5228
- C:\Windows\System\APuRRTe.exe
  C:\Windows\System\APuRRTe.exe
  2⤵
  PID:5292
- C:\Windows\System\nXmAeKb.exe
  C:\Windows\System\nXmAeKb.exe
  2⤵
  PID:5344
- C:\Windows\System\wTVuOGT.exe
  C:\Windows\System\wTVuOGT.exe
  2⤵
  PID:5416
- C:\Windows\System\HcXFokt.exe
  C:\Windows\System\HcXFokt.exe
  2⤵
  PID:5456
- C:\Windows\System\byQoNJv.exe
  C:\Windows\System\byQoNJv.exe
  2⤵
  PID:5524
- C:\Windows\System\NOcpWdV.exe
  C:\Windows\System\NOcpWdV.exe
  2⤵
  PID:5584
- C:\Windows\System\KnDwnOd.exe
  C:\Windows\System\KnDwnOd.exe
  2⤵
  PID:5660
- C:\Windows\System\dHxhGgM.exe
  C:\Windows\System\dHxhGgM.exe
  2⤵
  PID:3404
- C:\Windows\System\ApDjDih.exe
  C:\Windows\System\ApDjDih.exe
  2⤵
  PID:5724
- C:\Windows\System\hGnrDbh.exe
  C:\Windows\System\hGnrDbh.exe
  2⤵
  PID:5808
- C:\Windows\System\zPjaCbz.exe
  C:\Windows\System\zPjaCbz.exe
  2⤵
  PID:5864
- C:\Windows\System\UAoSHkw.exe
  C:\Windows\System\UAoSHkw.exe
  2⤵
  PID:5932
- C:\Windows\System\OmhlMEi.exe
  C:\Windows\System\OmhlMEi.exe
  2⤵
  PID:5988
- C:\Windows\System\HHHgdkj.exe
  C:\Windows\System\HHHgdkj.exe
  2⤵
  PID:6044
- C:\Windows\System\eNtSuYO.exe
  C:\Windows\System\eNtSuYO.exe
  2⤵
  PID:2628
- C:\Windows\System\sgBseWQ.exe
  C:\Windows\System\sgBseWQ.exe
  2⤵
  PID:6128
- C:\Windows\System\nHnjyBf.exe
  C:\Windows\System\nHnjyBf.exe
  2⤵
  PID:2708
- C:\Windows\System\SslNrqQ.exe
  C:\Windows\System\SslNrqQ.exe
  2⤵
  PID:3976
- C:\Windows\System\OBvTsLL.exe
  C:\Windows\System\OBvTsLL.exe
  2⤵
  PID:5260
- C:\Windows\System\ykblAxI.exe
  C:\Windows\System\ykblAxI.exe
  2⤵
  PID:5720
- C:\Windows\System\hgNxrAY.exe
  C:\Windows\System\hgNxrAY.exe
  2⤵
  PID:4716
- C:\Windows\System\JTtnpmE.exe
  C:\Windows\System\JTtnpmE.exe
  2⤵
  PID:4064
- C:\Windows\System\DdCfTJL.exe
  C:\Windows\System\DdCfTJL.exe
  2⤵
  PID:5960
- C:\Windows\System\jqheLgC.exe
  C:\Windows\System\jqheLgC.exe
  2⤵
  PID:5984
- C:\Windows\System\VDVHLrk.exe
  C:\Windows\System\VDVHLrk.exe
  2⤵
  PID:548
- C:\Windows\System\HWQtYSO.exe
  C:\Windows\System\HWQtYSO.exe
  2⤵
  PID:4492
- C:\Windows\System\owZOYfV.exe
  C:\Windows\System\owZOYfV.exe
  2⤵
  PID:3304
- C:\Windows\System\MApchEz.exe
  C:\Windows\System\MApchEz.exe
  2⤵
  PID:1992
- C:\Windows\System\EaVPBHI.exe
  C:\Windows\System\EaVPBHI.exe
  2⤵
  PID:5208
- C:\Windows\System\sWjTceR.exe
  C:\Windows\System\sWjTceR.exe
  2⤵
  PID:5204
- C:\Windows\System\waWlIGL.exe
  C:\Windows\System\waWlIGL.exe
  2⤵
  PID:4136
- C:\Windows\System\eqkVsaq.exe
  C:\Windows\System\eqkVsaq.exe
  2⤵
  PID:5516
- C:\Windows\System\lHVYHrp.exe
  C:\Windows\System\lHVYHrp.exe
  2⤵
  PID:5476
- C:\Windows\System\ZmQcjQy.exe
  C:\Windows\System\ZmQcjQy.exe
  2⤵
  PID:5892
- C:\Windows\System\ieKSsSt.exe
  C:\Windows\System\ieKSsSt.exe
  2⤵
  PID:3064
- C:\Windows\System\ZAIXeTR.exe
  C:\Windows\System\ZAIXeTR.exe
  2⤵
  PID:6160
- C:\Windows\System\eOshMuu.exe
  C:\Windows\System\eOshMuu.exe
  2⤵
  PID:6184
- C:\Windows\System\sBDYoss.exe
  C:\Windows\System\sBDYoss.exe
  2⤵
  PID:6232
- C:\Windows\System\mwGuXbe.exe
  C:\Windows\System\mwGuXbe.exe
  2⤵
  PID:6268
- C:\Windows\System\bMrUIpp.exe
  C:\Windows\System\bMrUIpp.exe
  2⤵
  PID:6324
- C:\Windows\System\qDnJIXz.exe
  C:\Windows\System\qDnJIXz.exe
  2⤵
  PID:6352
- C:\Windows\System\xmWgbKm.exe
  C:\Windows\System\xmWgbKm.exe
  2⤵
  PID:6384
- C:\Windows\System\jHOOoxv.exe
  C:\Windows\System\jHOOoxv.exe
  2⤵
  PID:6404
- C:\Windows\System\taOJmIM.exe
  C:\Windows\System\taOJmIM.exe
  2⤵
  PID:6432
- C:\Windows\System\shOiyUf.exe
  C:\Windows\System\shOiyUf.exe
  2⤵
  PID:6452
- C:\Windows\System\jbYrFqQ.exe
  C:\Windows\System\jbYrFqQ.exe
  2⤵
  PID:6472
- C:\Windows\System\gpkHNnh.exe
  C:\Windows\System\gpkHNnh.exe
  2⤵
  PID:6492
- C:\Windows\System\NkQhTGA.exe
  C:\Windows\System\NkQhTGA.exe
  2⤵
  PID:6548
- C:\Windows\System\jvbxccM.exe
  C:\Windows\System\jvbxccM.exe
  2⤵
  PID:6576
- C:\Windows\System\KqUgShG.exe
  C:\Windows\System\KqUgShG.exe
  2⤵
  PID:6604
- C:\Windows\System\OyQnEMU.exe
  C:\Windows\System\OyQnEMU.exe
  2⤵
  PID:6636
- C:\Windows\System\BlrecUJ.exe
  C:\Windows\System\BlrecUJ.exe
  2⤵
  PID:6676
- C:\Windows\System\AFuJQuz.exe
  C:\Windows\System\AFuJQuz.exe
  2⤵
  PID:6708
- C:\Windows\System\YyRRHdq.exe
  C:\Windows\System\YyRRHdq.exe
  2⤵
  PID:6732
- C:\Windows\System\NsiNWPQ.exe
  C:\Windows\System\NsiNWPQ.exe
  2⤵
  PID:6768
- C:\Windows\System\rMlnIVL.exe
  C:\Windows\System\rMlnIVL.exe
  2⤵
  PID:6800
- C:\Windows\System\vZXzciL.exe
  C:\Windows\System\vZXzciL.exe
  2⤵
  PID:6820
- C:\Windows\System\aKycKQL.exe
  C:\Windows\System\aKycKQL.exe
  2⤵
  PID:6848
- C:\Windows\System\TIxWZJj.exe
  C:\Windows\System\TIxWZJj.exe
  2⤵
  PID:6876
- C:\Windows\System\ilJTlQz.exe
  C:\Windows\System\ilJTlQz.exe
  2⤵
  PID:6912
- C:\Windows\System\LHhoNlr.exe
  C:\Windows\System\LHhoNlr.exe
  2⤵
  PID:6964
- C:\Windows\System\CUAaslI.exe
  C:\Windows\System\CUAaslI.exe
  2⤵
  PID:6980
- C:\Windows\System\iJBNTuR.exe
  C:\Windows\System\iJBNTuR.exe
  2⤵
  PID:7056
- C:\Windows\System\rSzvNQn.exe
  C:\Windows\System\rSzvNQn.exe
  2⤵
  PID:7080
- C:\Windows\System\LnNsvNs.exe
  C:\Windows\System\LnNsvNs.exe
  2⤵
  PID:7096
- C:\Windows\System\QvPAJWV.exe
  C:\Windows\System\QvPAJWV.exe
  2⤵
  PID:7140
- C:\Windows\System\mNwsgsx.exe
  C:\Windows\System\mNwsgsx.exe
  2⤵
  PID:7164
- C:\Windows\System\FElbmBF.exe
  C:\Windows\System\FElbmBF.exe
  2⤵
  PID:1256
- C:\Windows\System\tYsShAj.exe
  C:\Windows\System\tYsShAj.exe
  2⤵
  PID:4884
- C:\Windows\System\ciBTDkH.exe
  C:\Windows\System\ciBTDkH.exe
  2⤵
  PID:5556
- C:\Windows\System\zTqJpnA.exe
  C:\Windows\System\zTqJpnA.exe
  2⤵
  PID:6304
- C:\Windows\System\hOQaiyt.exe
  C:\Windows\System\hOQaiyt.exe
  2⤵
  PID:6392
- C:\Windows\System\rktnUMl.exe
  C:\Windows\System\rktnUMl.exe
  2⤵
  PID:6556
- C:\Windows\System\PAalctM.exe
  C:\Windows\System\PAalctM.exe
  2⤵
  PID:464
- C:\Windows\System\HjMuOzN.exe
  C:\Windows\System\HjMuOzN.exe
  2⤵
  PID:6648
- C:\Windows\System\WbYwvEg.exe
  C:\Windows\System\WbYwvEg.exe
  2⤵
  PID:6724
- C:\Windows\System\esByBXH.exe
  C:\Windows\System\esByBXH.exe
  2⤵
  PID:6884
- C:\Windows\System\EYZkUHm.exe
  C:\Windows\System\EYZkUHm.exe
  2⤵
  PID:7116
- C:\Windows\System\XXtsOCi.exe
  C:\Windows\System\XXtsOCi.exe
  2⤵
  PID:1692
- C:\Windows\System\NKunsvy.exe
  C:\Windows\System\NKunsvy.exe
  2⤵
  PID:4660
- C:\Windows\System\xUVugPY.exe
  C:\Windows\System\xUVugPY.exe
  2⤵
  PID:6296
- C:\Windows\System\lauZliP.exe
  C:\Windows\System\lauZliP.exe
  2⤵
  PID:4856
- C:\Windows\System\ywQEQps.exe
  C:\Windows\System\ywQEQps.exe
  2⤵
  PID:6924
- C:\Windows\System\jfNsjLw.exe
  C:\Windows\System\jfNsjLw.exe
  2⤵
  PID:6764
- C:\Windows\System\qyNeMWM.exe
  C:\Windows\System\qyNeMWM.exe
  2⤵
  PID:7028
- C:\Windows\System\BbXXYHf.exe
  C:\Windows\System\BbXXYHf.exe
  2⤵
  PID:6812
- C:\Windows\System\SfdYUKk.exe
  C:\Windows\System\SfdYUKk.exe
  2⤵
  PID:6996
- C:\Windows\System\SwyBOYZ.exe
  C:\Windows\System\SwyBOYZ.exe
  2⤵
  PID:5692
- C:\Windows\System\uLZZUUG.exe
  C:\Windows\System\uLZZUUG.exe
  2⤵
  PID:7160
- C:\Windows\System\snakQds.exe
  C:\Windows\System\snakQds.exe
  2⤵
  PID:5420
- C:\Windows\System\PmFPAXe.exe
  C:\Windows\System\PmFPAXe.exe
  2⤵
  PID:6584
- C:\Windows\System\DmbqVbO.exe
  C:\Windows\System\DmbqVbO.exe
  2⤵
  PID:4748
- C:\Windows\System\fLSyugw.exe
  C:\Windows\System\fLSyugw.exe
  2⤵
  PID:6360
- C:\Windows\System\EUsSPIG.exe
  C:\Windows\System\EUsSPIG.exe
  2⤵
  PID:6976
- C:\Windows\System\EzYUCCe.exe
  C:\Windows\System\EzYUCCe.exe
  2⤵
  PID:7068
- C:\Windows\System\lmbNMqt.exe
  C:\Windows\System\lmbNMqt.exe
  2⤵
  PID:6316
- C:\Windows\System\BJwZDsU.exe
  C:\Windows\System\BJwZDsU.exe
  2⤵
  PID:6688
- C:\Windows\System\vMxfFPI.exe
  C:\Windows\System\vMxfFPI.exe
  2⤵
  PID:7044
- C:\Windows\System\PbjHFZe.exe
  C:\Windows\System\PbjHFZe.exe
  2⤵
  PID:5492
- C:\Windows\System\mjoooZP.exe
  C:\Windows\System\mjoooZP.exe
  2⤵
  PID:1056
- C:\Windows\System\VudWLNQ.exe
  C:\Windows\System\VudWLNQ.exe
  2⤵
  PID:6568
- C:\Windows\System\UfLYuSW.exe
  C:\Windows\System\UfLYuSW.exe
  2⤵
  PID:2284
- C:\Windows\System\FnlDYjb.exe
  C:\Windows\System\FnlDYjb.exe
  2⤵
  PID:7036
- C:\Windows\System\ScgWclA.exe
  C:\Windows\System\ScgWclA.exe
  2⤵
  PID:2276
- C:\Windows\System\XTqFtBe.exe
  C:\Windows\System\XTqFtBe.exe
  2⤵
  PID:6704
- C:\Windows\System\HFcTZcM.exe
  C:\Windows\System\HFcTZcM.exe
  2⤵
  PID:6176
- C:\Windows\System\ApvZOIx.exe
  C:\Windows\System\ApvZOIx.exe
  2⤵
  PID:2136
- C:\Windows\System\VfVVNyo.exe
  C:\Windows\System\VfVVNyo.exe
  2⤵
  PID:7212
- C:\Windows\System\TETABAX.exe
  C:\Windows\System\TETABAX.exe
  2⤵
  PID:7240
- C:\Windows\System\DccvQtN.exe
  C:\Windows\System\DccvQtN.exe
  2⤵
  PID:7272
- C:\Windows\System\Nbbilmd.exe
  C:\Windows\System\Nbbilmd.exe
  2⤵
  PID:7308
- C:\Windows\System\goTzUVv.exe
  C:\Windows\System\goTzUVv.exe
  2⤵
  PID:7356
- C:\Windows\System\eycazFn.exe
  C:\Windows\System\eycazFn.exe
  2⤵
  PID:7388
- C:\Windows\System\uGWXrND.exe
  C:\Windows\System\uGWXrND.exe
  2⤵
  PID:7416
- C:\Windows\System\hwHgpqP.exe
  C:\Windows\System\hwHgpqP.exe
  2⤵
  PID:7444
- C:\Windows\System\lDiJXCT.exe
  C:\Windows\System\lDiJXCT.exe
  2⤵
  PID:7500
- C:\Windows\System\sVCQXbE.exe
  C:\Windows\System\sVCQXbE.exe
  2⤵
  PID:7528
- C:\Windows\System\hYGoDRe.exe
  C:\Windows\System\hYGoDRe.exe
  2⤵
  PID:7564
- C:\Windows\System\qpGOCMO.exe
  C:\Windows\System\qpGOCMO.exe
  2⤵
  PID:7592
- C:\Windows\System\pigzTTZ.exe
  C:\Windows\System\pigzTTZ.exe
  2⤵
  PID:7624
- C:\Windows\System\GZIWNok.exe
  C:\Windows\System\GZIWNok.exe
  2⤵
  PID:7644
- C:\Windows\System\zQaUrQI.exe
  C:\Windows\System\zQaUrQI.exe
  2⤵
  PID:7688
- C:\Windows\System\DnYNDPx.exe
  C:\Windows\System\DnYNDPx.exe
  2⤵
  PID:7712
- C:\Windows\System\SIfYzCy.exe
  C:\Windows\System\SIfYzCy.exe
  2⤵
  PID:7732
- C:\Windows\System\wxFkazn.exe
  C:\Windows\System\wxFkazn.exe
  2⤵
  PID:7772
- C:\Windows\System\dWeZaEf.exe
  C:\Windows\System\dWeZaEf.exe
  2⤵
  PID:7824
- C:\Windows\System\HaCyCgf.exe
  C:\Windows\System\HaCyCgf.exe
  2⤵
  PID:7876
- C:\Windows\System\swamodQ.exe
  C:\Windows\System\swamodQ.exe
  2⤵
  PID:7892
- C:\Windows\System\fFqSgFg.exe
  C:\Windows\System\fFqSgFg.exe
  2⤵
  PID:7912
- C:\Windows\System\QfLmGgZ.exe
  C:\Windows\System\QfLmGgZ.exe
  2⤵
  PID:7936
- C:\Windows\System\RmqxFso.exe
  C:\Windows\System\RmqxFso.exe
  2⤵
  PID:7968
- C:\Windows\System\UrqYMve.exe
  C:\Windows\System\UrqYMve.exe
  2⤵
  PID:7996
- C:\Windows\System\LatinmS.exe
  C:\Windows\System\LatinmS.exe
  2⤵
  PID:8020
- C:\Windows\System\AKptHkq.exe
  C:\Windows\System\AKptHkq.exe
  2⤵
  PID:8044
- C:\Windows\System\gAgAlje.exe
  C:\Windows\System\gAgAlje.exe
  2⤵
  PID:8092
- C:\Windows\System\TeDxTDk.exe
  C:\Windows\System\TeDxTDk.exe
  2⤵
  PID:8112
- C:\Windows\System\zbGjCeW.exe
  C:\Windows\System\zbGjCeW.exe
  2⤵
  PID:8136
- C:\Windows\System\FbXBHZK.exe
  C:\Windows\System\FbXBHZK.exe
  2⤵
  PID:8164
- C:\Windows\System\gTHntgw.exe
  C:\Windows\System\gTHntgw.exe
  2⤵
  PID:8184
- C:\Windows\System\bWGePhs.exe
  C:\Windows\System\bWGePhs.exe
  2⤵
  PID:7208
- C:\Windows\System\sftBxYb.exe
  C:\Windows\System\sftBxYb.exe
  2⤵
  PID:7232
- C:\Windows\System\LorATON.exe
  C:\Windows\System\LorATON.exe
  2⤵
  PID:7324
- C:\Windows\System\daywnTB.exe
  C:\Windows\System\daywnTB.exe
  2⤵
  PID:7368
- C:\Windows\System\uZpITKH.exe
  C:\Windows\System\uZpITKH.exe
  2⤵
  PID:7400
- C:\Windows\System\xIJBNfj.exe
  C:\Windows\System\xIJBNfj.exe
  2⤵
  PID:7484
- C:\Windows\System\OxUfEBF.exe
  C:\Windows\System\OxUfEBF.exe
  2⤵
  PID:7476
- C:\Windows\System\gioEJzt.exe
  C:\Windows\System\gioEJzt.exe
  2⤵
  PID:7544
- C:\Windows\System\HRWqqSq.exe
  C:\Windows\System\HRWqqSq.exe
  2⤵
  PID:7588
- C:\Windows\System\sZxUWfr.exe
  C:\Windows\System\sZxUWfr.exe
  2⤵
  PID:7632
- C:\Windows\System\HyjjSmb.exe
  C:\Windows\System\HyjjSmb.exe
  2⤵
  PID:7728
- C:\Windows\System\NuhYGHw.exe
  C:\Windows\System\NuhYGHw.exe
  2⤵
  PID:7704
- C:\Windows\System\TjnBPvb.exe
  C:\Windows\System\TjnBPvb.exe
  2⤵
  PID:7768
- C:\Windows\System\oLsAwWe.exe
  C:\Windows\System\oLsAwWe.exe
  2⤵
  PID:7820
- C:\Windows\System\BqRmbPA.exe
  C:\Windows\System\BqRmbPA.exe
  2⤵
  PID:7872
- C:\Windows\System\AnrQHJM.exe
  C:\Windows\System\AnrQHJM.exe
  2⤵
  PID:7916
- C:\Windows\System\DigABIN.exe
  C:\Windows\System\DigABIN.exe
  2⤵
  PID:8012
- C:\Windows\System\glhLNjX.exe
  C:\Windows\System\glhLNjX.exe
  2⤵
  PID:8064
- C:\Windows\System\VNfNYcb.exe
  C:\Windows\System\VNfNYcb.exe
  2⤵
  PID:8160
- C:\Windows\System\ltbWOEX.exe
  C:\Windows\System\ltbWOEX.exe
  2⤵
  PID:6844
- C:\Windows\System\YbSvVqk.exe
  C:\Windows\System\YbSvVqk.exe
  2⤵
  PID:7252
- C:\Windows\System\yZdlKOg.exe
  C:\Windows\System\yZdlKOg.exe
  2⤵
  PID:7300
- C:\Windows\System\BLCkgIO.exe
  C:\Windows\System\BLCkgIO.exe
  2⤵
  PID:7560
- C:\Windows\System\NMypqtI.exe
  C:\Windows\System\NMypqtI.exe
  2⤵
  PID:7696
- C:\Windows\System\YiSyCDT.exe
  C:\Windows\System\YiSyCDT.exe
  2⤵
  PID:7888
- C:\Windows\System\FoqZUuF.exe
  C:\Windows\System\FoqZUuF.exe
  2⤵
  PID:7928
- C:\Windows\System\hYGocEJ.exe
  C:\Windows\System\hYGocEJ.exe
  2⤵
  PID:7904
- C:\Windows\System\XKEJnaW.exe
  C:\Windows\System\XKEJnaW.exe
  2⤵
  PID:8104
- C:\Windows\System\FEpqefr.exe
  C:\Windows\System\FEpqefr.exe
  2⤵
  PID:3792
- C:\Windows\System\ONppPEq.exe
  C:\Windows\System\ONppPEq.exe
  2⤵
  PID:7380
- C:\Windows\System\RJqowOp.exe
  C:\Windows\System\RJqowOp.exe
  2⤵
  PID:7680
- C:\Windows\System\KCSsjjJ.exe
  C:\Windows\System\KCSsjjJ.exe
  2⤵
  PID:1064
- C:\Windows\System\mcDxuNA.exe
  C:\Windows\System\mcDxuNA.exe
  2⤵
  PID:7284
- C:\Windows\System\qfKNdbf.exe
  C:\Windows\System\qfKNdbf.exe
  2⤵
  PID:7784
- C:\Windows\System\UsHjvma.exe
  C:\Windows\System\UsHjvma.exe
  2⤵
  PID:8216
- C:\Windows\System\fPfXHRH.exe
  C:\Windows\System\fPfXHRH.exe
  2⤵
  PID:8236
- C:\Windows\System\OVdrVIV.exe
  C:\Windows\System\OVdrVIV.exe
  2⤵
  PID:8284
- C:\Windows\System\iYUqGQZ.exe
  C:\Windows\System\iYUqGQZ.exe
  2⤵
  PID:8308
- C:\Windows\System\OHglRny.exe
  C:\Windows\System\OHglRny.exe
  2⤵
  PID:8332
- C:\Windows\System\mhgQBxr.exe
  C:\Windows\System\mhgQBxr.exe
  2⤵
  PID:8348
- C:\Windows\System\YRoveSr.exe
  C:\Windows\System\YRoveSr.exe
  2⤵
  PID:8372
- C:\Windows\System\TfKRccc.exe
  C:\Windows\System\TfKRccc.exe
  2⤵
  PID:8392
- C:\Windows\System\nZiGfqO.exe
  C:\Windows\System\nZiGfqO.exe
  2⤵
  PID:8416
- C:\Windows\System\bXSEfIr.exe
  C:\Windows\System\bXSEfIr.exe
  2⤵
  PID:8436
- C:\Windows\System\HOQYlfr.exe
  C:\Windows\System\HOQYlfr.exe
  2⤵
  PID:8456
- C:\Windows\System\soAxBmF.exe
  C:\Windows\System\soAxBmF.exe
  2⤵
  PID:8484
- C:\Windows\System\zsyyOQc.exe
  C:\Windows\System\zsyyOQc.exe
  2⤵
  PID:8528
- C:\Windows\System\tuCHwrk.exe
  C:\Windows\System\tuCHwrk.exe
  2⤵
  PID:8612
- C:\Windows\System\WuXstuy.exe
  C:\Windows\System\WuXstuy.exe
  2⤵
  PID:8644
- C:\Windows\System\GkZyaMB.exe
  C:\Windows\System\GkZyaMB.exe
  2⤵
  PID:8672
- C:\Windows\System\pjXobvq.exe
  C:\Windows\System\pjXobvq.exe
  2⤵
  PID:8704
- C:\Windows\System\nxolDkD.exe
  C:\Windows\System\nxolDkD.exe
  2⤵
  PID:8736
- C:\Windows\System\AYiDwAg.exe
  C:\Windows\System\AYiDwAg.exe
  2⤵
  PID:8756
- C:\Windows\System\NruBttQ.exe
  C:\Windows\System\NruBttQ.exe
  2⤵
  PID:8776
- C:\Windows\System\jxRWgNf.exe
  C:\Windows\System\jxRWgNf.exe
  2⤵
  PID:8796
- C:\Windows\System\uqPDiYE.exe
  C:\Windows\System\uqPDiYE.exe
  2⤵
  PID:8824
- C:\Windows\System\hZiaSWA.exe
  C:\Windows\System\hZiaSWA.exe
  2⤵
  PID:8860
- C:\Windows\System\kGfUSvY.exe
  C:\Windows\System\kGfUSvY.exe
  2⤵
  PID:8892
- C:\Windows\System\eBbPTVB.exe
  C:\Windows\System\eBbPTVB.exe
  2⤵
  PID:8908
- C:\Windows\System\YysBWyP.exe
  C:\Windows\System\YysBWyP.exe
  2⤵
  PID:8936
- C:\Windows\System\ubiCSbK.exe
  C:\Windows\System\ubiCSbK.exe
  2⤵
  PID:8964
- C:\Windows\System\ZZynXqU.exe
  C:\Windows\System\ZZynXqU.exe
  2⤵
  PID:8992
- C:\Windows\System\CYPbrku.exe
  C:\Windows\System\CYPbrku.exe
  2⤵
  PID:9016
- C:\Windows\System\LFOckmH.exe
  C:\Windows\System\LFOckmH.exe
  2⤵
  PID:9060
- C:\Windows\System\ZsHxDXh.exe
  C:\Windows\System\ZsHxDXh.exe
  2⤵
  PID:9076
- C:\Windows\System\nYRPCda.exe
  C:\Windows\System\nYRPCda.exe
  2⤵
  PID:9104
- C:\Windows\System\fETcRDg.exe
  C:\Windows\System\fETcRDg.exe
  2⤵
  PID:9128
- C:\Windows\System\ueAOhDa.exe
  C:\Windows\System\ueAOhDa.exe
  2⤵
  PID:9144
- C:\Windows\System\usArMMS.exe
  C:\Windows\System\usArMMS.exe
  2⤵
  PID:9184
- C:\Windows\System\OUADeQW.exe
  C:\Windows\System\OUADeQW.exe
  2⤵
  PID:4872
- C:\Windows\System\kBDUNTt.exe
  C:\Windows\System\kBDUNTt.exe
  2⤵
  PID:8204
- C:\Windows\System\YbmRxjz.exe
  C:\Windows\System\YbmRxjz.exe
  2⤵
  PID:8276
- C:\Windows\System\EGxhtSH.exe
  C:\Windows\System\EGxhtSH.exe
  2⤵
  PID:8356
- C:\Windows\System\FFOhSzs.exe
  C:\Windows\System\FFOhSzs.exe
  2⤵
  PID:8448
- C:\Windows\System\WxurrVz.exe
  C:\Windows\System\WxurrVz.exe
  2⤵
  PID:8360
- C:\Windows\System\kiVCWbi.exe
  C:\Windows\System\kiVCWbi.exe
  2⤵
  PID:8476
- C:\Windows\System\RrtYJFs.exe
  C:\Windows\System\RrtYJFs.exe
  2⤵
  PID:8572
- C:\Windows\System\ZtpggRu.exe
  C:\Windows\System\ZtpggRu.exe
  2⤵
  PID:8652
- C:\Windows\System\tKEWOkj.exe
  C:\Windows\System\tKEWOkj.exe
  2⤵
  PID:8680
- C:\Windows\System\mkEQGvf.exe
  C:\Windows\System\mkEQGvf.exe
  2⤵
  PID:8764
- C:\Windows\System\EWQzwjt.exe
  C:\Windows\System\EWQzwjt.exe
  2⤵
  PID:8792
- C:\Windows\System\KhTmhGE.exe
  C:\Windows\System\KhTmhGE.exe
  2⤵
  PID:8884
- C:\Windows\System\AyBkOgR.exe
  C:\Windows\System\AyBkOgR.exe
  2⤵
  PID:8976
- C:\Windows\System\xJHWsWD.exe
  C:\Windows\System\xJHWsWD.exe
  2⤵
  PID:9072
- C:\Windows\System\aFeWcaV.exe
  C:\Windows\System\aFeWcaV.exe
  2⤵
  PID:9176
- C:\Windows\System\xUkWtVc.exe
  C:\Windows\System\xUkWtVc.exe
  2⤵
  PID:8176
- C:\Windows\System\SMUHCRi.exe
  C:\Windows\System\SMUHCRi.exe
  2⤵
  PID:8404
- C:\Windows\System\NUUKDii.exe
  C:\Windows\System\NUUKDii.exe
  2⤵
  PID:8900
- C:\Windows\System\bInEgPi.exe
  C:\Windows\System\bInEgPi.exe
  2⤵
  PID:8944
- C:\Windows\System\cGIuKfc.exe
  C:\Windows\System\cGIuKfc.exe
  2⤵
  PID:9044
- C:\Windows\System\AQXIqUB.exe
  C:\Windows\System\AQXIqUB.exe
  2⤵
  PID:9116
- C:\Windows\System\SHUFHdw.exe
  C:\Windows\System\SHUFHdw.exe
  2⤵
  PID:9212
- C:\Windows\System\ndPUaNM.exe
  C:\Windows\System\ndPUaNM.exe
  2⤵
  PID:8296
- C:\Windows\System\bGuBkNy.exe
  C:\Windows\System\bGuBkNy.exe
  2⤵
  PID:8524
- C:\Windows\System\aayDZjp.exe
  C:\Windows\System\aayDZjp.exe
  2⤵
  PID:9232
- C:\Windows\System\aGPGULZ.exe
  C:\Windows\System\aGPGULZ.exe
  2⤵
  PID:9252
- C:\Windows\System\RDTVAhB.exe
  C:\Windows\System\RDTVAhB.exe
  2⤵
  PID:9376
- C:\Windows\System\YoxjHSl.exe
  C:\Windows\System\YoxjHSl.exe
  2⤵
  PID:9432
- C:\Windows\System\zLEHBbA.exe
  C:\Windows\System\zLEHBbA.exe
  2⤵
  PID:9460
- C:\Windows\System\MPbGaPL.exe
  C:\Windows\System\MPbGaPL.exe
  2⤵
  PID:9496
- C:\Windows\System\UjppZaa.exe
  C:\Windows\System\UjppZaa.exe
  2⤵
  PID:9520
- C:\Windows\System\oBqzVzp.exe
  C:\Windows\System\oBqzVzp.exe
  2⤵
  PID:9540
- C:\Windows\System\BCzAQtb.exe
  C:\Windows\System\BCzAQtb.exe
  2⤵
  PID:9556
- C:\Windows\System\AyzBoab.exe
  C:\Windows\System\AyzBoab.exe
  2⤵
  PID:9576
- C:\Windows\System\sNdesDD.exe
  C:\Windows\System\sNdesDD.exe
  2⤵
  PID:9596
- C:\Windows\System\WOolLQD.exe
  C:\Windows\System\WOolLQD.exe
  2⤵
  PID:9620
- C:\Windows\System\LiMMDgr.exe
  C:\Windows\System\LiMMDgr.exe
  2⤵
  PID:9636
- C:\Windows\System\HhXBBzv.exe
  C:\Windows\System\HhXBBzv.exe
  2⤵
  PID:9660
- C:\Windows\System\ADUkYHW.exe
  C:\Windows\System\ADUkYHW.exe
  2⤵
  PID:9724
- C:\Windows\System\TSToNSQ.exe
  C:\Windows\System\TSToNSQ.exe
  2⤵
  PID:9748
- C:\Windows\System\PAMTvze.exe
  C:\Windows\System\PAMTvze.exe
  2⤵
  PID:9788
- C:\Windows\System\McWOtof.exe
  C:\Windows\System\McWOtof.exe
  2⤵
  PID:9808
- C:\Windows\System\NXGkCDj.exe
  C:\Windows\System\NXGkCDj.exe
  2⤵
  PID:9860
- C:\Windows\System\PgKebUK.exe
  C:\Windows\System\PgKebUK.exe
  2⤵
  PID:9876
- C:\Windows\System\eaerkcO.exe
  C:\Windows\System\eaerkcO.exe
  2⤵
  PID:9892
- C:\Windows\System\ntSmWPi.exe
  C:\Windows\System\ntSmWPi.exe
  2⤵
  PID:9916
- C:\Windows\System\kkDyiDO.exe
  C:\Windows\System\kkDyiDO.exe
  2⤵
  PID:9944
- C:\Windows\System\dglsaTg.exe
  C:\Windows\System\dglsaTg.exe
  2⤵
  PID:9968
- C:\Windows\System\WoHgIpl.exe
  C:\Windows\System\WoHgIpl.exe
  2⤵
  PID:9996
- C:\Windows\System\BCuIiqh.exe
  C:\Windows\System\BCuIiqh.exe
  2⤵
  PID:10052
- C:\Windows\System\jOsfoai.exe
  C:\Windows\System\jOsfoai.exe
  2⤵
  PID:10072
- C:\Windows\System\tTmInvU.exe
  C:\Windows\System\tTmInvU.exe
  2⤵
  PID:10096
- C:\Windows\System\WDnaanZ.exe
  C:\Windows\System\WDnaanZ.exe
  2⤵
  PID:10120
- C:\Windows\System\oxIZSMC.exe
  C:\Windows\System\oxIZSMC.exe
  2⤵
  PID:10148
- C:\Windows\System\MRLFiOC.exe
  C:\Windows\System\MRLFiOC.exe
  2⤵
  PID:10168
- C:\Windows\System\MedXMvD.exe
  C:\Windows\System\MedXMvD.exe
  2⤵
  PID:10188
- C:\Windows\System\LydvtjB.exe
  C:\Windows\System\LydvtjB.exe
  2⤵
  PID:10208
- C:\Windows\System\ADWgrNg.exe
  C:\Windows\System\ADWgrNg.exe
  2⤵
  PID:10224
- C:\Windows\System\VBiXCWq.exe
  C:\Windows\System\VBiXCWq.exe
  2⤵
  PID:8692
- C:\Windows\System\NBfigFM.exe
  C:\Windows\System\NBfigFM.exe
  2⤵
  PID:7964
- C:\Windows\System\xmmQXBp.exe
  C:\Windows\System\xmmQXBp.exe
  2⤵
  PID:8604
- C:\Windows\System\XjCXVLa.exe
  C:\Windows\System\XjCXVLa.exe
  2⤵
  PID:9056
- C:\Windows\System\WloNKGg.exe
  C:\Windows\System\WloNKGg.exe
  2⤵
  PID:8844
- C:\Windows\System\NnqKPCa.exe
  C:\Windows\System\NnqKPCa.exe
  2⤵
  PID:9248
- C:\Windows\System\FmuPDQU.exe
  C:\Windows\System\FmuPDQU.exe
  2⤵
  PID:9316
- C:\Windows\System\RbbtEYe.exe
  C:\Windows\System\RbbtEYe.exe
  2⤵
  PID:9492
- C:\Windows\System\bOPXcga.exe
  C:\Windows\System\bOPXcga.exe
  2⤵
  PID:9532
- C:\Windows\System\eugjXCw.exe
  C:\Windows\System\eugjXCw.exe
  2⤵
  PID:9604
- C:\Windows\System\HXvUJNs.exe
  C:\Windows\System\HXvUJNs.exe
  2⤵
  PID:9780
- C:\Windows\System\WwTKQiX.exe
  C:\Windows\System\WwTKQiX.exe
  2⤵
  PID:9840
- C:\Windows\System\qZMNNSL.exe
  C:\Windows\System\qZMNNSL.exe
  2⤵
  PID:9884
- C:\Windows\System\rHKTsNe.exe
  C:\Windows\System\rHKTsNe.exe
  2⤵
  PID:9936
- C:\Windows\System\lLzzQAw.exe
  C:\Windows\System\lLzzQAw.exe
  2⤵
  PID:9988
- C:\Windows\System\nPnxNKe.exe
  C:\Windows\System\nPnxNKe.exe
  2⤵
  PID:10068
- C:\Windows\System\gRyBnOu.exe
  C:\Windows\System\gRyBnOu.exe
  2⤵
  PID:10116
- C:\Windows\System\KWvjPsc.exe
  C:\Windows\System\KWvjPsc.exe
  2⤵
  PID:10180
- C:\Windows\System\YRdHfdH.exe
  C:\Windows\System\YRdHfdH.exe
  2⤵
  PID:9208
- C:\Windows\System\ZREUgjC.exe
  C:\Windows\System\ZREUgjC.exe
  2⤵
  PID:9192
- C:\Windows\System\UczwJAE.exe
  C:\Windows\System\UczwJAE.exe
  2⤵
  PID:9352
- C:\Windows\System\ZbejPRh.exe
  C:\Windows\System\ZbejPRh.exe
  2⤵
  PID:8432
- C:\Windows\System\rxqIYhs.exe
  C:\Windows\System\rxqIYhs.exe
  2⤵
  PID:9472
- C:\Windows\System\OLFYIsk.exe
  C:\Windows\System\OLFYIsk.exe
  2⤵
  PID:9736
- C:\Windows\System\IFaJpDv.exe
  C:\Windows\System\IFaJpDv.exe
  2⤵
  PID:9852
- C:\Windows\System\uSfiijl.exe
  C:\Windows\System\uSfiijl.exe
  2⤵
  PID:10024
- C:\Windows\System\YIHUbQd.exe
  C:\Windows\System\YIHUbQd.exe
  2⤵
  PID:10204
- C:\Windows\System\kIcMpPN.exe
  C:\Windows\System\kIcMpPN.exe
  2⤵
  PID:8380
- C:\Windows\System\ZIqFLeI.exe
  C:\Windows\System\ZIqFLeI.exe
  2⤵
  PID:9608
- C:\Windows\System\JXWFAmD.exe
  C:\Windows\System\JXWFAmD.exe
  2⤵
  PID:9592
- C:\Windows\System\GYxMIvD.exe
  C:\Windows\System\GYxMIvD.exe
  2⤵
  PID:9908
- C:\Windows\System\gxftBtx.exe
  C:\Windows\System\gxftBtx.exe
  2⤵
  PID:9268
- C:\Windows\System\eClepvf.exe
  C:\Windows\System\eClepvf.exe
  2⤵
  PID:1488
- C:\Windows\System\myYEibW.exe
  C:\Windows\System\myYEibW.exe
  2⤵
  PID:10264
- C:\Windows\System\oRoXzab.exe
  C:\Windows\System\oRoXzab.exe
  2⤵
  PID:10292
- C:\Windows\System\EFrcXbG.exe
  C:\Windows\System\EFrcXbG.exe
  2⤵
  PID:10324
- C:\Windows\System\GXhCWvh.exe
  C:\Windows\System\GXhCWvh.exe
  2⤵
  PID:10352
- C:\Windows\System\wdPovTd.exe
  C:\Windows\System\wdPovTd.exe
  2⤵
  PID:10372
- C:\Windows\System\YZbuCpX.exe
  C:\Windows\System\YZbuCpX.exe
  2⤵
  PID:10396
- C:\Windows\System\ImSCkXo.exe
  C:\Windows\System\ImSCkXo.exe
  2⤵
  PID:10440
- C:\Windows\System\FRslPRo.exe
  C:\Windows\System\FRslPRo.exe
  2⤵
  PID:10460
- C:\Windows\System\EiGbnCQ.exe
  C:\Windows\System\EiGbnCQ.exe
  2⤵
  PID:10504
- C:\Windows\System\VRMGKnk.exe
  C:\Windows\System\VRMGKnk.exe
  2⤵
  PID:10524
- C:\Windows\System\XFkwOqh.exe
  C:\Windows\System\XFkwOqh.exe
  2⤵
  PID:10544
- C:\Windows\System\NJxiMdh.exe
  C:\Windows\System\NJxiMdh.exe
  2⤵
  PID:10584
- C:\Windows\System\ggNcJHi.exe
  C:\Windows\System\ggNcJHi.exe
  2⤵
  PID:10616
- C:\Windows\System\TKOyZJa.exe
  C:\Windows\System\TKOyZJa.exe
  2⤵
  PID:10640
- C:\Windows\System\dVtVeiy.exe
  C:\Windows\System\dVtVeiy.exe
  2⤵
  PID:10680
- C:\Windows\System\lwjZzgv.exe
  C:\Windows\System\lwjZzgv.exe
  2⤵
  PID:10696
- C:\Windows\System\cVMBOEN.exe
  C:\Windows\System\cVMBOEN.exe
  2⤵
  PID:10716
- C:\Windows\System\ZNUyhir.exe
  C:\Windows\System\ZNUyhir.exe
  2⤵
  PID:10760
- C:\Windows\System\eptpqKU.exe
  C:\Windows\System\eptpqKU.exe
  2⤵
  PID:10780
- C:\Windows\System\YCsfdFj.exe
  C:\Windows\System\YCsfdFj.exe
  2⤵
  PID:10796
- C:\Windows\System\iwvziFG.exe
  C:\Windows\System\iwvziFG.exe
  2⤵
  PID:10816
- C:\Windows\System\NQaMelM.exe
  C:\Windows\System\NQaMelM.exe
  2⤵
  PID:10840
- C:\Windows\System\VYcunRK.exe
  C:\Windows\System\VYcunRK.exe
  2⤵
  PID:10884
- C:\Windows\System\rjlNFHd.exe
  C:\Windows\System\rjlNFHd.exe
  2⤵
  PID:10908
- C:\Windows\System\hhliSPX.exe
  C:\Windows\System\hhliSPX.exe
  2⤵
  PID:10948
- C:\Windows\System\TAXQBHW.exe
  C:\Windows\System\TAXQBHW.exe
  2⤵
  PID:10988
- C:\Windows\System\otsmCJk.exe
  C:\Windows\System\otsmCJk.exe
  2⤵
  PID:11004
- C:\Windows\System\CwsrUdV.exe
  C:\Windows\System\CwsrUdV.exe
  2⤵
  PID:11044
- C:\Windows\System\BmyDZZi.exe
  C:\Windows\System\BmyDZZi.exe
  2⤵
  PID:11060
- C:\Windows\System\MRfRBNW.exe
  C:\Windows\System\MRfRBNW.exe
  2⤵
  PID:11080
- C:\Windows\System\GnuFqNZ.exe
  C:\Windows\System\GnuFqNZ.exe
  2⤵
  PID:11116
- C:\Windows\System\rtEateM.exe
  C:\Windows\System\rtEateM.exe
  2⤵
  PID:11156
- C:\Windows\System\OntUwAQ.exe
  C:\Windows\System\OntUwAQ.exe
  2⤵
  PID:11172
- C:\Windows\System\MYLQJpC.exe
  C:\Windows\System\MYLQJpC.exe
  2⤵
  PID:11200
- C:\Windows\System\nlhmLtk.exe
  C:\Windows\System\nlhmLtk.exe
  2⤵
  PID:11240
- C:\Windows\System\ZLwMKqJ.exe
  C:\Windows\System\ZLwMKqJ.exe
  2⤵
  PID:3692
- C:\Windows\System\KseWjJC.exe
  C:\Windows\System\KseWjJC.exe
  2⤵
  PID:10248
- C:\Windows\System\WECvnBV.exe
  C:\Windows\System\WECvnBV.exe
  2⤵
  PID:10276
- C:\Windows\System\XuHWbqd.exe
  C:\Windows\System\XuHWbqd.exe
  2⤵
  PID:10368
- C:\Windows\System\viweOCV.exe
  C:\Windows\System\viweOCV.exe
  2⤵
  PID:10452
- C:\Windows\System\OYqguEP.exe
  C:\Windows\System\OYqguEP.exe
  2⤵
  PID:10512
- C:\Windows\System\yUrManK.exe
  C:\Windows\System\yUrManK.exe
  2⤵
  PID:10592
- C:\Windows\System\LiAYvAm.exe
  C:\Windows\System\LiAYvAm.exe
  2⤵
  PID:10576
- C:\Windows\System\DzrIyWI.exe
  C:\Windows\System\DzrIyWI.exe
  2⤵
  PID:10660
- C:\Windows\System\qUwCHPo.exe
  C:\Windows\System\qUwCHPo.exe
  2⤵
  PID:10692
- C:\Windows\System\cJHnPwo.exe
  C:\Windows\System\cJHnPwo.exe
  2⤵
  PID:10752
- C:\Windows\System\kByWPXy.exe
  C:\Windows\System\kByWPXy.exe
  2⤵
  PID:10772
- C:\Windows\System\QDiEiyL.exe
  C:\Windows\System\QDiEiyL.exe
  2⤵
  PID:10904
- C:\Windows\System\PUXXjRz.exe
  C:\Windows\System\PUXXjRz.exe
  2⤵
  PID:10932
- C:\Windows\System\CzMuTAK.exe
  C:\Windows\System\CzMuTAK.exe
  2⤵
  PID:11028
- C:\Windows\System\AGtkNnX.exe
  C:\Windows\System\AGtkNnX.exe
  2⤵
  PID:11132
- C:\Windows\System\pdhEXFX.exe
  C:\Windows\System\pdhEXFX.exe
  2⤵
  PID:11188
- C:\Windows\System\nITUdLm.exe
  C:\Windows\System\nITUdLm.exe
  2⤵
  PID:11248
- C:\Windows\System\YYJwZAt.exe
  C:\Windows\System\YYJwZAt.exe
  2⤵
  PID:9820
- C:\Windows\System\dZMeAcM.exe
  C:\Windows\System\dZMeAcM.exe
  2⤵
  PID:10580
- C:\Windows\System\ThBziZU.exe
  C:\Windows\System\ThBziZU.exe
  2⤵
  PID:10552
- C:\Windows\System\tiXzzOu.exe
  C:\Windows\System\tiXzzOu.exe
  2⤵
  PID:10708
- C:\Windows\System\SbqNkuy.exe
  C:\Windows\System\SbqNkuy.exe
  2⤵
  PID:10756
- C:\Windows\System\lvNYVHk.exe
  C:\Windows\System\lvNYVHk.exe
  2⤵
  PID:11052
- C:\Windows\System\HIhTqOe.exe
  C:\Windows\System\HIhTqOe.exe
  2⤵
  PID:10392
- C:\Windows\System\VncKRtI.exe
  C:\Windows\System\VncKRtI.exe
  2⤵
  PID:10408
- C:\Windows\System\jHGLIbD.exe
  C:\Windows\System\jHGLIbD.exe
  2⤵
  PID:10540
- C:\Windows\System\rrSZRwK.exe
  C:\Windows\System\rrSZRwK.exe
  2⤵
  PID:10808
- C:\Windows\System\gAjyNma.exe
  C:\Windows\System\gAjyNma.exe
  2⤵
  PID:11280
- C:\Windows\System\TlYXPYR.exe
  C:\Windows\System\TlYXPYR.exe
  2⤵
  PID:11300
- C:\Windows\System\ySHHNiC.exe
  C:\Windows\System\ySHHNiC.exe
  2⤵
  PID:11324
- C:\Windows\System\xcUwxvk.exe
  C:\Windows\System\xcUwxvk.exe
  2⤵
  PID:11348
- C:\Windows\System\PzpoxzT.exe
  C:\Windows\System\PzpoxzT.exe
  2⤵
  PID:11388
- C:\Windows\System\KUSWBtu.exe
  C:\Windows\System\KUSWBtu.exe
  2⤵
  PID:11412
- C:\Windows\System\varalFm.exe
  C:\Windows\System\varalFm.exe
  2⤵
  PID:11432
- C:\Windows\System\SlmOfOh.exe
  C:\Windows\System\SlmOfOh.exe
  2⤵
  PID:11456
- C:\Windows\System\VouAokt.exe
  C:\Windows\System\VouAokt.exe
  2⤵
  PID:11488
- C:\Windows\System\rDUDlIw.exe
  C:\Windows\System\rDUDlIw.exe
  2⤵
  PID:11512
- C:\Windows\System\JPQRwHW.exe
  C:\Windows\System\JPQRwHW.exe
  2⤵
  PID:11556
- C:\Windows\System\uXDtEfO.exe
  C:\Windows\System\uXDtEfO.exe
  2⤵
  PID:11576
- C:\Windows\System\mEOOKzS.exe
  C:\Windows\System\mEOOKzS.exe
  2⤵
  PID:11600
- C:\Windows\System\GkhzgdS.exe
  C:\Windows\System\GkhzgdS.exe
  2⤵
  PID:11620
- C:\Windows\System\eokjRyK.exe
  C:\Windows\System\eokjRyK.exe
  2⤵
  PID:11644
- C:\Windows\System\QlWEKxT.exe
  C:\Windows\System\QlWEKxT.exe
  2⤵
  PID:11664
- C:\Windows\System\qXTFoXd.exe
  C:\Windows\System\qXTFoXd.exe
  2⤵
  PID:11732
- C:\Windows\System\sQXNymb.exe
  C:\Windows\System\sQXNymb.exe
  2⤵
  PID:11756
- C:\Windows\System\qzAauFB.exe
  C:\Windows\System\qzAauFB.exe
  2⤵
  PID:11780
- C:\Windows\System\CnIuoYt.exe
  C:\Windows\System\CnIuoYt.exe
  2⤵
  PID:11812
- C:\Windows\System\zRiymyr.exe
  C:\Windows\System\zRiymyr.exe
  2⤵
  PID:11836
- C:\Windows\System\dHXHqdM.exe
  C:\Windows\System\dHXHqdM.exe
  2⤵
  PID:11852
- C:\Windows\System\wFNrNQn.exe
  C:\Windows\System\wFNrNQn.exe
  2⤵
  PID:11880
- C:\Windows\System\jWRIPtb.exe
  C:\Windows\System\jWRIPtb.exe
  2⤵
  PID:11900
- C:\Windows\System\ZjtbKdM.exe
  C:\Windows\System\ZjtbKdM.exe
  2⤵
  PID:11940
- C:\Windows\System\JBsvSxx.exe
  C:\Windows\System\JBsvSxx.exe
  2⤵
  PID:11968
- C:\Windows\System\uQVHYHf.exe
  C:\Windows\System\uQVHYHf.exe
  2⤵
  PID:11992
- C:\Windows\System\bbCORZt.exe
  C:\Windows\System\bbCORZt.exe
  2⤵
  PID:12012
- C:\Windows\System\bQhGImj.exe
  C:\Windows\System\bQhGImj.exe
  2⤵
  PID:12036
- C:\Windows\System\cxpwllF.exe
  C:\Windows\System\cxpwllF.exe
  2⤵
  PID:12088
- C:\Windows\System\EsySWNm.exe
  C:\Windows\System\EsySWNm.exe
  2⤵
  PID:12108
- C:\Windows\System\irIzceO.exe
  C:\Windows\System\irIzceO.exe
  2⤵
  PID:12136
- C:\Windows\System\adxQDXf.exe
  C:\Windows\System\adxQDXf.exe
  2⤵
  PID:12164
- C:\Windows\System\YjDoKja.exe
  C:\Windows\System\YjDoKja.exe
  2⤵
  PID:12196
- C:\Windows\System\yZDwHtv.exe
  C:\Windows\System\yZDwHtv.exe
  2⤵
  PID:12220
- C:\Windows\System\cotGSCR.exe
  C:\Windows\System\cotGSCR.exe
  2⤵
  PID:12252
- C:\Windows\System\EjluzCI.exe
  C:\Windows\System\EjluzCI.exe
  2⤵
  PID:12272
- C:\Windows\System\IVkNLlP.exe
  C:\Windows\System\IVkNLlP.exe
  2⤵
  PID:11268
- C:\Windows\System\uvWGFwS.exe
  C:\Windows\System\uvWGFwS.exe
  2⤵
  PID:11364
- C:\Windows\System\MVdrmOR.exe
  C:\Windows\System\MVdrmOR.exe
  2⤵
  PID:11408
- C:\Windows\System\NYXFzqw.exe
  C:\Windows\System\NYXFzqw.exe
  2⤵
  PID:11424
- C:\Windows\System\OgBrvOg.exe
  C:\Windows\System\OgBrvOg.exe
  2⤵
  PID:11504
- C:\Windows\System\CoytyyQ.exe
  C:\Windows\System\CoytyyQ.exe
  2⤵
  PID:11568
- C:\Windows\System\MSjQYRE.exe
  C:\Windows\System\MSjQYRE.exe
  2⤵
  PID:11652
- C:\Windows\System\TvHBhlR.exe
  C:\Windows\System\TvHBhlR.exe
  2⤵
  PID:11728
- C:\Windows\System\vEaWiNO.exe
  C:\Windows\System\vEaWiNO.exe
  2⤵
  PID:11844
- C:\Windows\System\nMMZHqn.exe
  C:\Windows\System\nMMZHqn.exe
  2⤵
  PID:11932
- C:\Windows\System\kfesFoT.exe
  C:\Windows\System\kfesFoT.exe
  2⤵
  PID:11936
- C:\Windows\System\LcJCMwR.exe
  C:\Windows\System\LcJCMwR.exe
  2⤵
  PID:12008
- C:\Windows\System\XiMsgBs.exe
  C:\Windows\System\XiMsgBs.exe
  2⤵
  PID:12064
- C:\Windows\System\OhOFIfe.exe
  C:\Windows\System\OhOFIfe.exe
  2⤵
  PID:12132
- C:\Windows\System\TFzWQvW.exe
  C:\Windows\System\TFzWQvW.exe
  2⤵
  PID:12192
- C:\Windows\System\yyjevCM.exe
  C:\Windows\System\yyjevCM.exe
  2⤵
  PID:11272
- C:\Windows\System\LhmKbxV.exe
  C:\Windows\System\LhmKbxV.exe
  2⤵
  PID:11340
- C:\Windows\System\wHxhHzR.exe
  C:\Windows\System\wHxhHzR.exe
  2⤵
  PID:11484
- C:\Windows\System\yKqcPsk.exe
  C:\Windows\System\yKqcPsk.exe
  2⤵
  PID:264
- C:\Windows\System\oYiZDUi.exe
  C:\Windows\System\oYiZDUi.exe
  2⤵
  PID:11616
- C:\Windows\System\LIXWqcl.exe
  C:\Windows\System\LIXWqcl.exe
  2⤵
  PID:11696
- C:\Windows\System\GEHKYJI.exe
  C:\Windows\System\GEHKYJI.exe
  2⤵
  PID:11828
- C:\Windows\System\afGrqLS.exe
  C:\Windows\System\afGrqLS.exe
  2⤵
  PID:12264
- C:\Windows\System\MZZomlH.exe
  C:\Windows\System\MZZomlH.exe
  2⤵
  PID:11532
- C:\Windows\System\rCZWRlu.exe
  C:\Windows\System\rCZWRlu.exe
  2⤵
  PID:4724
- C:\Windows\System\roTdOpH.exe
  C:\Windows\System\roTdOpH.exe
  2⤵
  PID:12336
- C:\Windows\System\zAMwxMQ.exe
  C:\Windows\System\zAMwxMQ.exe
  2⤵
  PID:12436
- C:\Windows\System\cBDHaCZ.exe
  C:\Windows\System\cBDHaCZ.exe
  2⤵
  PID:12480
- C:\Windows\System\sNdcBoT.exe
  C:\Windows\System\sNdcBoT.exe
  2⤵
  PID:12508
- C:\Windows\System\GjAEKDq.exe
  C:\Windows\System\GjAEKDq.exe
  2⤵
  PID:12536
- C:\Windows\System\UwmBJGE.exe
  C:\Windows\System\UwmBJGE.exe
  2⤵
  PID:12572
- C:\Windows\System\whXxlHY.exe
  C:\Windows\System\whXxlHY.exe
  2⤵
  PID:12592
- C:\Windows\System\JXUTfUf.exe
  C:\Windows\System\JXUTfUf.exe
  2⤵
  PID:12612
- C:\Windows\System\dgsURkA.exe
  C:\Windows\System\dgsURkA.exe
  2⤵
  PID:12636
- C:\Windows\System\pbWjFmL.exe
  C:\Windows\System\pbWjFmL.exe
  2⤵
  PID:12664
- C:\Windows\System\xaCXmMv.exe
  C:\Windows\System\xaCXmMv.exe
  2⤵
  PID:12704
- C:\Windows\System\YFnVBlj.exe
  C:\Windows\System\YFnVBlj.exe
  2⤵
  PID:12720
- C:\Windows\System\qZuMzIN.exe
  C:\Windows\System\qZuMzIN.exe
  2⤵
  PID:12740
- C:\Windows\System\xFRJDMJ.exe
  C:\Windows\System\xFRJDMJ.exe
  2⤵
  PID:12768
- C:\Windows\System\ysoRqgd.exe
  C:\Windows\System\ysoRqgd.exe
  2⤵
  PID:12796
- C:\Windows\System\WUfvDIa.exe
  C:\Windows\System\WUfvDIa.exe
  2⤵
  PID:12820
- C:\Windows\System\JcPuGmw.exe
  C:\Windows\System\JcPuGmw.exe
  2⤵
  PID:12860
- C:\Windows\System\cgekNFX.exe
  C:\Windows\System\cgekNFX.exe
  2⤵
  PID:12896
- C:\Windows\System\RlNVozp.exe
  C:\Windows\System\RlNVozp.exe
  2⤵
  PID:12976
- C:\Windows\System\CjJiCtl.exe
  C:\Windows\System\CjJiCtl.exe
  2⤵
  PID:12996
- C:\Windows\System\iNsgpRM.exe
  C:\Windows\System\iNsgpRM.exe
  2⤵
  PID:13016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nmw3ks2r.fbt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BrFgLHX.exe

Filesize
2.1MB

MD5
eee40c8aaacc6ee852c751914934eca8

SHA1
d89c1f55526b9d99e17c1698b789fb07d5058334

SHA256
b19eed05adbabbaf1da6858c5e71e7681d37616dbfc7f6109e71ee27a4d39a10

SHA512
75ecd8e2995e79df1bee45022d48198c8259a1937cf19aa3e5720088d2fd903d61abacc90d470fda4e36b94b39bf65bd7d5dd018600e6cbfc31f1d7f9042a883

Download Submit
C:\Windows\System\CfWfAsJ.exe

Filesize
2.1MB

MD5
2196aba0a400393f93ad33fe837d4861

SHA1
7f6cebaf614a42f77d3eaa44318271e7c14677c5

SHA256
d0d999c1753d1cd5c4be5ee4a80cb9edc93ea9999a70b2556582a703c72a87e6

SHA512
954ed34a3bb125ce86d026c019a3d00b80562bf269fc1ddbd61b1f09e5c8b7768c66aeb492fb1f51d9ad5c3040ab243acc08f00dba8ec39c869ab453274f3969

Download Submit
C:\Windows\System\EWhBkYI.exe

Filesize
2.1MB

MD5
b69b0e92061373258e66756db6bcc132

SHA1
cfa0c43e9d8a0dbe969a08623935aad8e8c5617d

SHA256
e55d2085ed3a74ce627ea0c11f62869a6f975db42ec16e59d12e5fd44676c88f

SHA512
54dbd2f46b164e2591b0b206334fd5c9b7ca2af17fd62cc6cd8c509dcb668aa4eacdedaf8dc9e9709214e9cd551e8bd57be1e3d0270795963fbdbd7468684121

Download Submit
C:\Windows\System\FlIevCr.exe

Filesize
2.1MB

MD5
af92140e1c914e9c4dce0fa10dc19e04

SHA1
cd82481b3a51dba74300bb69664db12a8cf5df39

SHA256
95d4f32fc6715f008c3985e905e0163188e322a70c86b06cf6c7c2da3322d0ce

SHA512
4d2c5bf31e14cb97fe907b366c7edd575fe514b721de86ff374b3f532ed9c78c89e60deb3225230e0779e650ec9316ee72839b82ff6ab85a989ff76dc1df3b9a

Download Submit
C:\Windows\System\GHOXbEf.exe

Filesize
2.1MB

MD5
576be5cd4e56c5502d878038af0be9cc

SHA1
2b5b7474cf109618aede50dc67e2e16342dd98a5

SHA256
3d4c86ed0176a89f1a39cd5a8dc3b543406eda0ff22db4c006aaf4535d6eaa12

SHA512
6d2ac3e4119f979cc06ce212e0dd00432a7c61139d1ca8e5c10ad080b359e6f06e084565e4cbe684a2aef0b6e799739166f09cf994a8a5d361e9871b8aae9073

Download Submit
C:\Windows\System\GRRRNPO.exe

Filesize
2.1MB

MD5
08e05557281818c01addd448af7fc27e

SHA1
0977822011dd29aca95e48d721b07c2896853838

SHA256
d5224cb617c71172690de6e1255b5d63d83b83017c2a890f498021420e131941

SHA512
7e7ce015e4d85585c6032ececfd9bffcc3f6e0af0f7e1afd62be034e833463c099cbcd050780ed14bf2f8c9c4520968379e7641ede14e676bb07f76b6aaecbdf

Download Submit
C:\Windows\System\IzvLriA.exe

Filesize
2.1MB

MD5
ad6709affcfa47b3d39e4acc2a7af9c9

SHA1
7df6f2a4cb357268ff3f2b87779446cfd2daaa0e

SHA256
1614884d68732a367f4cb13fc549136e37cb7bf7e4b6c409b7aca8a213b7e3b3

SHA512
c4e5418a44edcba7b24926721bf412c283afd4d2ee3ec4f964f3b8a60ead4c3558763bdab8c73c744cf073557b334360d9251bc0e777518d5c95ce6cca2e6cb5

Download Submit
C:\Windows\System\JEnEfsG.exe

Filesize
2.1MB

MD5
1c600f23a3bc9e32f646bb4b0a6e9913

SHA1
e5e604bd758754253e67a1cf67ef006462931cb4

SHA256
89c71737bd24d00217a490c23eb98928af89da9ae695692ecf09ac4c9fc61383

SHA512
4b3a54524004b689fdb838ad994bf509f0093af7c0a813bc3c9ad42c0cfeaaf0c6773a9a3b70fc367aac6d5f604a9bd1db8de5b7fb8619752942ea9a6a184736

Download Submit
C:\Windows\System\KJqzKec.exe

Filesize
2.1MB

MD5
878f55dfac9dcdab5a288f5223dd49fe

SHA1
1c851eb8d49e063b9a8404b9aae98f666704d8de

SHA256
3c909c408c8494b0a39e74ea8cb4b84ed69ac48184a9a2f156f4babcc2197095

SHA512
9a544c53e48dc2f1a88526500fc9c10001e085966c7e67d0d52d5fbd6c4f010fdff02957e4b02eda8a051e00c6e077cc0dd6fab87d249b8b644c77ed406c158a

Download Submit
C:\Windows\System\OcGenGS.exe

Filesize
2.1MB

MD5
8237061519d9b9a67bffff428aaa84b1

SHA1
cadaa8df4cf9db70b656c4e48fac1fe4094823e5

SHA256
1e7628e8e90f0da82305a01b9054a12179bc32216d98b148f999eaf7ee48880a

SHA512
92976672e5850f5044264b2efeab2dc49b1a93bceaf81ebd9ccbf215f59ca7f9b9318c47cbd60b9abaad6ba4f5e1c9237eb37217e79921aaa2b4dcc7d8892d70

Download Submit
C:\Windows\System\QjgNIlA.exe

Filesize
2.1MB

MD5
a23c5b99d188e49ca17a0c6c7284e1e0

SHA1
cef88340ba87a66e004f1f6059feae8f17592049

SHA256
204881aafecf7cace0f3b44a6b5d080c01eded308ab1ab5ef1203c0499d52d15

SHA512
3144a8d500bc34761a68c4ddbbfc9be039de11d7c0292f52edb408172365c0ba6bc901844b2895f317f018b982be2f4f34a7bb6c28ee07645b063d9ef07b2222

Download Submit
C:\Windows\System\TIHNsct.exe

Filesize
2.1MB

MD5
dc329ef458f2e1ed4b9b5d05cdc8b667

SHA1
79eb7bdd0bc19a6e02250889b9819fc543774371

SHA256
8afc5ff90599064927f16ea6ef0829f41cce79dfca6f25670c6b34195edc2065

SHA512
2d43b161907133a14f63aaef4aca5eb127443b6be8c7be11783b0c6a2c78c702796845b6575f4de4c9641ed0e3ae7d1b5042a4776130be17cafeb38a478af5df

Download Submit
C:\Windows\System\UjUUcat.exe

Filesize
2.1MB

MD5
b0399ab209999bf15b41ef34ac3a1d36

SHA1
75f7cbc4c5327bf7c504a47931a9b84a969f1f85

SHA256
78a265f3ae7aa3f57a5988e5bdd8f38622a434ea137d801af61ff813e296ca56

SHA512
647c907988c5658ffe6a27a6d23235ef25c3f68b6aaff05db7cc5ae7cc64441f2db69bcf65b31a46c6353ed8518e4328c22062f158b2c6489d865e266798cc6d

Download Submit
C:\Windows\System\WWYNAcd.exe

Filesize
2.1MB

MD5
f7fce5d71e0bbbc02a0914fb0aec8669

SHA1
3339c03d8f9bb0f60ccde4caf211b57ea667191a

SHA256
ae85578fcfd599caeea5f88811329000e046dd73db90f1e40f13f36c7a59175a

SHA512
517f53743051a02c9ab268300fde366cc63ed1a907917ad10061e78c645727af0a190dc52a176f60d674b221047383767027a7c058b5e04926ebc20dea92fcf1

Download Submit
C:\Windows\System\WjdgQyC.exe

Filesize
2.1MB

MD5
b5911237b22aaf590c089364d3820445

SHA1
8bbae174a57318b4037ba1225d8866529650486c

SHA256
2c431b3ab5d341f6bad16df249bef57300f53c51d4894d5f066677e6f57dc091

SHA512
4436b38c1ebb2920feee0ec8168cb361bee3ca0d894fa1ad6e46b7004142ff23340d9f1f0dba0f0c002b76e7c5effcb969ac67a5f0b38d4f122e5d1f643a95ff

Download Submit
C:\Windows\System\WtFTRrA.exe

Filesize
2.1MB

MD5
db1d9009a8ffdaa629d4e6560b08cc5b

SHA1
a3b8e036717736d2bd7dd869ff0c0b9f3cad4d71

SHA256
72d0eba5b8186ad10fa511e113adef88145453b46b577a0b304ad6f3d31a64b0

SHA512
0d696a8a5b2471820e07f52a8ab7bfc2768ac76b905929a359a977fd036aebcb763cbcc874beceade6ba5a17778788d10d8960f0cf693ce965ae7a4de7f18ed7

Download Submit
C:\Windows\System\aqqgulB.exe

Filesize
2.1MB

MD5
8b14c8a443c1cf312b9efe2e25c02c52

SHA1
12a30e570f6018a882f5ce92e37a2327bd1e6098

SHA256
1fcd3b9fb87089a6268d716d909c0e7acf4f623e8db84f7216e1bce1cb45d17a

SHA512
b080ba6e54cdf111a318c7f046acc21bf52677271791a17d5b30356cb264730ba3f6507f174a78b44a74469fb7ebecfd882a6385cd390ebda1285a207a7c84bf

Download Submit
C:\Windows\System\bKEEoUf.exe

Filesize
2.1MB

MD5
b49f7594acf43838cef5017186170fae

SHA1
1a299bf04b3987a73af1f4372f06c11679607b2f

SHA256
2c4aeca5ceb70e92f591068c6dc4a09fdd76ac41b5f8afb095f86c8007c17a71

SHA512
55cae0c43de34c4e306770ab7a6bab0e78ec829a894ae222a8c92faf4c1270b6b4b40a4eca049f94fa6a4be00885064910e974d67ae2589efe067dd30a04ec51

Download Submit
C:\Windows\System\beGOvnc.exe

Filesize
2.1MB

MD5
ea110ea7618c237ba2ab72a3dc6496fa

SHA1
af5fceae9f470b6432d18f47498697e306cf9856

SHA256
0cd8ea02d462c8b31801826dd983d1e1d3e604b4e2b8e96d33ae0b658a53f9c1

SHA512
5d2a1a68487d46cdf03249cacfebd05edc1973236e7ec450d976010bb187dd812d0e509cef096f99223210ca7af79440a6ae01af3cdf1d1901872b39f98613f7

Download Submit
C:\Windows\System\gMhmHXd.exe

Filesize
2.1MB

MD5
08d9b367af53f40e10fdcebf2547131f

SHA1
2cec9a4b9e91b61b7bf1374d915e0a27beeb4e12

SHA256
64076083bbcaec3744c739c869c37e744cd3055283ac0e1c9f950e409be98402

SHA512
afce77346b333388077ea420c97b46070779606c335886bb25a3a5a6c4ec13ebd182b0636ca8b272bb034f96e24b2ad3cd5b16320a1682a11783890d8a251fd0

Download Submit
C:\Windows\System\gSLNBVS.exe

Filesize
2.1MB

MD5
2ec94496e536c96f8fb155ed097567b8

SHA1
f4b4d0929d4c245677b49e45935fc522876461c6

SHA256
64db8d4dd9f1e7a1d1a471489bdc144d11c3bc6d9ae386f4d7e92292256c6ce9

SHA512
fd110920c0ccc75f33d924cc99329925c5a97255882c7e9aa6323448b901e7df065235c96ae80cd37d28ee26268ea82af22f90927ce3e3099d6f96b5ac73d8d7

Download Submit
C:\Windows\System\gaPpjuf.exe

Filesize
2.1MB

MD5
750a4a17dc0378d6cffe55bd6b26473f

SHA1
e57ffeca9c262b6b8c8c438434372f3d1906731f

SHA256
c85dda6849c4213426987005910e7f2aa650147d2b05787887a5b90fa4508d4d

SHA512
87217ebfbb5a8a636dd3de3021df7d2a74a3fac0f059808d2cdd9c7c265e58fabe905020280697762f24ae152c4ac9a7a12573f4fc385e0460d675a8a8997f67

Download Submit
C:\Windows\System\gjXQuXw.exe

Filesize
2.1MB

MD5
7b4a11353f6c1d4c5e2832c0d95cf794

SHA1
91c1761c5d7da90f846c6e40bb357bace84a1177

SHA256
32f2f3deadbc5cb6fda02dfe25b70347b81060259f710ab3d9210446fa27644c

SHA512
4b22d5f5887cc59058e22dcffbec561b83aebaa7c06e58b702f0a2bd09495dee7a95d00fc8402ecf78e1d0c9077bb5c83cd8fba82490d854ac936774124f91c7

Download Submit
C:\Windows\System\hwgKRQu.exe

Filesize
2.1MB

MD5
f0b748ae56c11dc5ba5242405229cbf5

SHA1
5eb5da8d20c194012c521b627bcd41a23c77f262

SHA256
fa6e3a06f8dd47665dc74157a2c56feadd3dab070840b2773d4cbda64d843490

SHA512
14417e12033351b9a19a6b7ff2ebf4e882549deb385a459aebde7829098fccba8fa0436bb277dd9d372e2224107aa04e8d92b6bd0286121f5aa9bc363936f8e0

Download Submit
C:\Windows\System\jdGGQIb.exe

Filesize
2.1MB

MD5
832d07cf243148b355883dc663a15edb

SHA1
20fd120209663613201b3f19b92b212944ac87ec

SHA256
2b60a6e7cc5e384a0b4f7e18332f642fa484af950497be743f611f16c88312d8

SHA512
cd0fe0e042b931ca86af599dc15b2ecd5f37ac7a2bd69f567467fab3a6d3d150193a44a94e241500533ae3469d8b3efa1e501fe4d541d285487d2f701880ff21

Download Submit
C:\Windows\System\pYGMLEu.exe

Filesize
2.1MB

MD5
fab3e5e8590083d85873bb4d6aa88b35

SHA1
d0960e55271bb44535a76e050d948c7dc2d3559e

SHA256
b3c68dd9450dcc3832e5e26ea63d5062be79a0dc28ffb9dfc5100cac27faa5f8

SHA512
079d06510de2749bd3fe75701ba6c92941c4a6c7f7c90df6e8b74afbb80c3f866df23f3e6b1fc083190bd02bc8974cdaade92c3bc2ba712b8672c7d12c2c6691

Download Submit
C:\Windows\System\rjhTLNR.exe

Filesize
2.1MB

MD5
3366fc43ea0d2297815566b1b41dea88

SHA1
beed4da8523e2947b33ad1b0c380552fd42f8192

SHA256
76848a5f5261e9918c805cfe324e183c67d531d371d8f5c2a47c216aee44f8b2

SHA512
c727d56d524b201e6e7c17e08a52972c956cb808b81adb0bd931bc34e967e6e9977dccd68c7efe4af149de61d1faf8b9b23f113fa9540b1e9221be1d530ba62e

Download Submit
C:\Windows\System\sBHOkwF.exe

Filesize
2.1MB

MD5
79587ebdb6ee5e55f64fc73a6db23c36

SHA1
a62a2e13a39ccda0ede7f70256b2d6b468db05dd

SHA256
230d66e872b87132773b35d3babf6582ebc980622f2744411a887f5aea75d7d7

SHA512
e78d8a00e7424a437337180266f8fd551a8bae57b0098c9f0f78905a4c8b3181692bc66fd793d142354c80d95c3a83cdddb7e65d868058e760c483333962993b

Download Submit
C:\Windows\System\tXoYGtl.exe

Filesize
2.1MB

MD5
95589438092e4f86e18958d5679815b7

SHA1
32d5333020def6886c5cb46b2f7d7ca3958631cb

SHA256
102d8852df9bca367712743d0e2f4590f9fe2b9f6caf25948a4cc3ebe0cda991

SHA512
8fd1257dd077fff58f611602e39df87d6587e0131d287c10698af1a27079a352141512b47430ea9382933446b7c0373b1c38855bfe146e9ae4a9f938308184a4

Download Submit
C:\Windows\System\wmTlMBL.exe

Filesize
2.1MB

MD5
5efd5c15c05ed94587221b32cfe02120

SHA1
56f445853a016ad7dc75bdbb62cda76eb1b4a8ca

SHA256
0da0dd462f9556939165bde51b7249a5af1321e082d8ce91c61bda47aac72f5a

SHA512
a59789297617a38ed5e2a24074348bd09f4acf31f4f39cfa4f71ade22ad4a5a6fcabc83a75ef001f5bd018e691323f67a70a60422a36524549816135f65419ad

Download Submit
C:\Windows\System\yDTVGMd.exe

Filesize
2.1MB

MD5
e1be27c20677221e05ffb969815fc7d0

SHA1
5e34f50dcf237f212fe7030fdd3373021cb881b6

SHA256
22546c2e8f03c42fc616c697ec3457749c231be966814a797d5b5c96ab761e01

SHA512
6d67aff725d43b513640a3a90fa184b677c8f6a6c5b3c96e348b24d2fb19a304a618de7a507e7c759fb57a35903c1ef0b942345eb565796998935676aa5e04b7

Download Submit
C:\Windows\System\ysVQEEm.exe

Filesize
2.1MB

MD5
5be523cbb006a5cb8d905667b91eed68

SHA1
8d4b97eb7afc9605cf26dfb8f18f97130e8c171f

SHA256
bc9a6139d94e19e829a775ca7cac99cac7ee9829ffcc88567ecd4e690a924323

SHA512
de7dacd95209c678ae4e42bfd228190af705b40cd4f15a42ac6ed6b37aac6841eff9de5c994c92281a97162ae705131afc11963628bc7792ee01d2a6f186aaef

Download Submit
C:\Windows\System\zotrOKj.exe

Filesize
2.1MB

MD5
97c5be5ae20609846c2a542e27d4a34b

SHA1
ff99bdfb2853d05a3e098225742662c3d41429f4

SHA256
eccd3801da695bccdad57cad7b2a799b7141eb756fc6ccb46c33145e85ac9910

SHA512
2dae4641c1bc6b752547e8fe23794484b3af896836c4f057ce2a70fe881c2900519209124c8032917083149d4a92e140cd9e2b79075e5403f837e1609032e7eb

Download Submit
memory/492-472-0x00007FF662B60000-0x00007FF662F52000-memory.dmp

Filesize
3.9MB

Download
memory/492-2186-0x00007FF662B60000-0x00007FF662F52000-memory.dmp

Filesize
3.9MB

Download
memory/688-12-0x00007FF77E530000-0x00007FF77E922000-memory.dmp

Filesize
3.9MB

Download
memory/688-2166-0x00007FF77E530000-0x00007FF77E922000-memory.dmp

Filesize
3.9MB

Download
memory/1096-33-0x00007FFF98A50000-0x00007FFF99511000-memory.dmp

Filesize
10.8MB

Download
memory/1096-314-0x000002BE452D0000-0x000002BE45A76000-memory.dmp

Filesize
7.6MB

Download
memory/1096-62-0x00007FFF98A50000-0x00007FFF99511000-memory.dmp

Filesize
10.8MB

Download
memory/1096-56-0x000002BE44760000-0x000002BE44782000-memory.dmp

Filesize
136KB

Download
memory/1096-2163-0x00007FFF98A50000-0x00007FFF99511000-memory.dmp

Filesize
10.8MB

Download
memory/1096-2164-0x00007FFF98A53000-0x00007FFF98A55000-memory.dmp

Filesize
8KB

Download
memory/1096-16-0x00007FFF98A53000-0x00007FFF98A55000-memory.dmp

Filesize
8KB

Download
memory/1344-544-0x00007FF67DCE0000-0x00007FF67E0D2000-memory.dmp

Filesize
3.9MB

Download
memory/1344-2181-0x00007FF67DCE0000-0x00007FF67E0D2000-memory.dmp

Filesize
3.9MB

Download
memory/1412-1-0x00000144FF370000-0x00000144FF380000-memory.dmp

Filesize
64KB

Download
memory/1412-0-0x00007FF709E50000-0x00007FF70A242000-memory.dmp

Filesize
3.9MB

Download
memory/1412-2129-0x00007FF709E50000-0x00007FF70A242000-memory.dmp

Filesize
3.9MB

Download
memory/1552-476-0x00007FF667810000-0x00007FF667C02000-memory.dmp

Filesize
3.9MB

Download
memory/1552-2193-0x00007FF667810000-0x00007FF667C02000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2207-0x00007FF6795B0000-0x00007FF6799A2000-memory.dmp

Filesize
3.9MB

Download
memory/1960-516-0x00007FF6795B0000-0x00007FF6799A2000-memory.dmp

Filesize
3.9MB

Download
memory/2032-2172-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp

Filesize
3.9MB

Download
memory/2032-67-0x00007FF7A1070000-0x00007FF7A1462000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2177-0x00007FF7A90E0000-0x00007FF7A94D2000-memory.dmp

Filesize
3.9MB

Download
memory/2140-534-0x00007FF7A90E0000-0x00007FF7A94D2000-memory.dmp

Filesize
3.9MB

Download
memory/2196-2183-0x00007FF669300000-0x00007FF6696F2000-memory.dmp

Filesize
3.9MB

Download
memory/2196-471-0x00007FF669300000-0x00007FF6696F2000-memory.dmp

Filesize
3.9MB

Download
memory/2268-2191-0x00007FF7BCFB0000-0x00007FF7BD3A2000-memory.dmp

Filesize
3.9MB

Download
memory/2268-477-0x00007FF7BCFB0000-0x00007FF7BD3A2000-memory.dmp

Filesize
3.9MB

Download
memory/2324-532-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp

Filesize
3.9MB

Download
memory/2324-2171-0x00007FF7CD920000-0x00007FF7CDD12000-memory.dmp

Filesize
3.9MB

Download
memory/2632-492-0x00007FF7FC3A0000-0x00007FF7FC792000-memory.dmp

Filesize
3.9MB

Download
memory/2632-2208-0x00007FF7FC3A0000-0x00007FF7FC792000-memory.dmp

Filesize
3.9MB

Download
memory/2960-2202-0x00007FF7B3C50000-0x00007FF7B4042000-memory.dmp

Filesize
3.9MB

Download
memory/2960-478-0x00007FF7B3C50000-0x00007FF7B4042000-memory.dmp

Filesize
3.9MB

Download
memory/3116-2197-0x00007FF798450000-0x00007FF798842000-memory.dmp

Filesize
3.9MB

Download
memory/3116-474-0x00007FF798450000-0x00007FF798842000-memory.dmp

Filesize
3.9MB

Download
memory/3512-528-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-2168-0x00007FF6AAEB0000-0x00007FF6AB2A2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-2188-0x00007FF6BE0B0000-0x00007FF6BE4A2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-473-0x00007FF6BE0B0000-0x00007FF6BE4A2000-memory.dmp

Filesize
3.9MB

Download
memory/3724-485-0x00007FF763920000-0x00007FF763D12000-memory.dmp

Filesize
3.9MB

Download
memory/3724-2204-0x00007FF763920000-0x00007FF763D12000-memory.dmp

Filesize
3.9MB

Download
memory/4060-539-0x00007FF6FBBB0000-0x00007FF6FBFA2000-memory.dmp

Filesize
3.9MB

Download
memory/4060-2184-0x00007FF6FBBB0000-0x00007FF6FBFA2000-memory.dmp

Filesize
3.9MB

Download
memory/4152-2212-0x00007FF762660000-0x00007FF762A52000-memory.dmp

Filesize
3.9MB

Download
memory/4152-523-0x00007FF762660000-0x00007FF762A52000-memory.dmp

Filesize
3.9MB

Download
memory/4176-475-0x00007FF7F6B20000-0x00007FF7F6F12000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2195-0x00007FF7F6B20000-0x00007FF7F6F12000-memory.dmp

Filesize
3.9MB

Download
memory/4488-2210-0x00007FF7CFC80000-0x00007FF7D0072000-memory.dmp

Filesize
3.9MB

Download
memory/4488-500-0x00007FF7CFC80000-0x00007FF7D0072000-memory.dmp

Filesize
3.9MB

Download
memory/4680-480-0x00007FF752DC0000-0x00007FF7531B2000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2199-0x00007FF752DC0000-0x00007FF7531B2000-memory.dmp

Filesize
3.9MB

Download
memory/4740-2200-0x00007FF6AAEF0000-0x00007FF6AB2E2000-memory.dmp

Filesize
3.9MB

Download
memory/4740-479-0x00007FF6AAEF0000-0x00007FF6AB2E2000-memory.dmp

Filesize
3.9MB

Download
memory/4828-2178-0x00007FF61BEF0000-0x00007FF61C2E2000-memory.dmp

Filesize
3.9MB

Download
memory/4828-470-0x00007FF61BEF0000-0x00007FF61C2E2000-memory.dmp

Filesize
3.9MB

Download
memory/5100-469-0x00007FF72FD20000-0x00007FF730112000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2174-0x00007FF72FD20000-0x00007FF730112000-memory.dmp

Filesize
3.9MB

Download