xmrig | caa4ded599bb6d1d526ddfc2b67d69db02a961391742841d3f6e90fe5a3d7edb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
Size

1.7MB
MD5

128b09fba850dbfda464cbe37f6947a1
SHA1

3df4432d7a5bb57c822ac228c41253419ff1387c
SHA256

caa4ded599bb6d1d526ddfc2b67d69db02a961391742841d3f6e90fe5a3d7edb
SHA512

4c12178f2ceb894b28d953ec0ea31961ee01fdd9656e1711d631560cf87852caa04948e314b6f568b583ff40da43966d6b46dadee2ac5aa369ce57d4661b69b9
SSDEEP

49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQEk1t:NABf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3752-43-0x00007FF771030000-0x00007FF771422000-memory.dmp	xmrig
behavioral2/memory/4000-410-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp	xmrig
behavioral2/memory/2488-431-0x00007FF6E0FB0000-0x00007FF6E13A2000-memory.dmp	xmrig
behavioral2/memory/3124-439-0x00007FF7B55C0000-0x00007FF7B59B2000-memory.dmp	xmrig
behavioral2/memory/4360-440-0x00007FF6E94A0000-0x00007FF6E9892000-memory.dmp	xmrig
behavioral2/memory/1268-449-0x00007FF66A4F0000-0x00007FF66A8E2000-memory.dmp	xmrig
behavioral2/memory/516-460-0x00007FF7CCDA0000-0x00007FF7CD192000-memory.dmp	xmrig
behavioral2/memory/4728-503-0x00007FF7AF290000-0x00007FF7AF682000-memory.dmp	xmrig
behavioral2/memory/3400-550-0x00007FF6AAE40000-0x00007FF6AB232000-memory.dmp	xmrig
behavioral2/memory/4316-562-0x00007FF67FFC0000-0x00007FF6803B2000-memory.dmp	xmrig
behavioral2/memory/4932-561-0x00007FF68F9D0000-0x00007FF68FDC2000-memory.dmp	xmrig
behavioral2/memory/4340-516-0x00007FF77D610000-0x00007FF77DA02000-memory.dmp	xmrig
behavioral2/memory/2884-512-0x00007FF6F2B20000-0x00007FF6F2F12000-memory.dmp	xmrig
behavioral2/memory/4712-487-0x00007FF6A6F80000-0x00007FF6A7372000-memory.dmp	xmrig
behavioral2/memory/2284-483-0x00007FF76CF70000-0x00007FF76D362000-memory.dmp	xmrig
behavioral2/memory/1460-472-0x00007FF6DF2C0000-0x00007FF6DF6B2000-memory.dmp	xmrig
behavioral2/memory/3992-465-0x00007FF697D20000-0x00007FF698112000-memory.dmp	xmrig
behavioral2/memory/3656-464-0x00007FF6A2DA0000-0x00007FF6A3192000-memory.dmp	xmrig
behavioral2/memory/1848-444-0x00007FF647D10000-0x00007FF648102000-memory.dmp	xmrig
behavioral2/memory/536-425-0x00007FF7729D0000-0x00007FF772DC2000-memory.dmp	xmrig
behavioral2/memory/4680-416-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp	xmrig
behavioral2/memory/3184-36-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp	xmrig
behavioral2/memory/2148-35-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp	xmrig
behavioral2/memory/2368-2456-0x00007FF6140A0000-0x00007FF614492000-memory.dmp	xmrig
behavioral2/memory/2148-2482-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp	xmrig
behavioral2/memory/3184-2480-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp	xmrig
behavioral2/memory/3752-2485-0x00007FF771030000-0x00007FF771422000-memory.dmp	xmrig
behavioral2/memory/4000-2490-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp	xmrig
behavioral2/memory/4680-2488-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp	xmrig
behavioral2/memory/4932-2498-0x00007FF68F9D0000-0x00007FF68FDC2000-memory.dmp	xmrig
behavioral2/memory/3124-2503-0x00007FF7B55C0000-0x00007FF7B59B2000-memory.dmp	xmrig
behavioral2/memory/1848-2505-0x00007FF647D10000-0x00007FF648102000-memory.dmp	xmrig
behavioral2/memory/2488-2501-0x00007FF6E0FB0000-0x00007FF6E13A2000-memory.dmp	xmrig
behavioral2/memory/2368-2497-0x00007FF6140A0000-0x00007FF614492000-memory.dmp	xmrig
behavioral2/memory/3400-2494-0x00007FF6AAE40000-0x00007FF6AB232000-memory.dmp	xmrig
behavioral2/memory/4316-2492-0x00007FF67FFC0000-0x00007FF6803B2000-memory.dmp	xmrig
behavioral2/memory/536-2487-0x00007FF7729D0000-0x00007FF772DC2000-memory.dmp	xmrig
behavioral2/memory/1268-2531-0x00007FF66A4F0000-0x00007FF66A8E2000-memory.dmp	xmrig
behavioral2/memory/3656-2522-0x00007FF6A2DA0000-0x00007FF6A3192000-memory.dmp	xmrig
behavioral2/memory/3992-2520-0x00007FF697D20000-0x00007FF698112000-memory.dmp	xmrig
behavioral2/memory/2284-2516-0x00007FF76CF70000-0x00007FF76D362000-memory.dmp	xmrig
behavioral2/memory/4340-2514-0x00007FF77D610000-0x00007FF77DA02000-memory.dmp	xmrig
behavioral2/memory/4728-2510-0x00007FF7AF290000-0x00007FF7AF682000-memory.dmp	xmrig
behavioral2/memory/2884-2537-0x00007FF6F2B20000-0x00007FF6F2F12000-memory.dmp	xmrig
behavioral2/memory/4360-2506-0x00007FF6E94A0000-0x00007FF6E9892000-memory.dmp	xmrig
behavioral2/memory/516-2524-0x00007FF7CCDA0000-0x00007FF7CD192000-memory.dmp	xmrig
behavioral2/memory/1460-2518-0x00007FF6DF2C0000-0x00007FF6DF6B2000-memory.dmp	xmrig
behavioral2/memory/4712-2512-0x00007FF6A6F80000-0x00007FF6A7372000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
7	4380	powershell.exe
9	4380	powershell.exe
16	4380	powershell.exe
17	4380	powershell.exe
19	4380	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4380	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2148	TSwXicZ.exe
3184	qLzXNDf.exe
3752	fzGStMX.exe
2368	rOnjkIE.exe
3400	HYYcVtW.exe
4932	IDqzBRU.exe
4316	FCLucjx.exe
4000	NpPfNVq.exe
4680	EUwYZTr.exe
536	cQEqXey.exe
2488	TfGICyk.exe
3124	VvrerUB.exe
4360	sgiKkZj.exe
1848	bOBfPww.exe
1268	XvYOVat.exe
516	ciurgsS.exe
3656	DMWlwNc.exe
3992	KyHEnKf.exe
1460	QVqTCON.exe
2284	VgjpTJc.exe
4712	qPCvEUe.exe
4728	RbKFCHf.exe
2884	PSAiKXx.exe
4340	moQSAss.exe
3084	TizEWUo.exe
1984	nrBKEZm.exe
1592	ixrNhKE.exe
2240	wzVPYwn.exe
3920	yNdcfsu.exe
4632	oCUvECE.exe
2712	igjoDUi.exe
3768	vJpentG.exe
2228	RwZIsah.exe
4540	QpvMiLz.exe
1540	rSjLBea.exe
2108	mUDcEjt.exe
100	VkThwTt.exe
4988	bhRYwAu.exe
2648	ktelUYt.exe
4492	bBAAZtw.exe
3428	MFHDUbo.exe
2964	wsgeBZT.exe
3828	NRqLPXb.exe
2500	coQpZSt.exe
5116	XjuyDkJ.exe
2160	wPdUKim.exe
1580	vSCGMff.exe
2264	iXHnvRN.exe
3164	TuGEMpb.exe
4768	TvaHxKf.exe
4480	DGHbENG.exe
1108	YqrFLuV.exe
1064	KinIALG.exe
4624	rYawCoU.exe
4792	OzRVJBZ.exe
3456	HmIlpnX.exe
3228	pnHmtNa.exe
1648	jBrBqgy.exe
1940	wkhLmUW.exe
2924	AULozYI.exe
2336	yuQqbLc.exe
448	mdCABIy.exe
4904	RLjuQir.exe
64	iMguiPZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4948-0-0x00007FF6ACDB0000-0x00007FF6AD1A2000-memory.dmp	upx
behavioral2/files/0x000b000000023bc0-7.dat	upx
behavioral2/files/0x000a000000023bc5-9.dat	upx
behavioral2/files/0x000a000000023bc6-30.dat	upx
behavioral2/memory/3752-43-0x00007FF771030000-0x00007FF771422000-memory.dmp	upx
behavioral2/files/0x000a000000023bca-49.dat	upx
behavioral2/files/0x000a000000023bcb-54.dat	upx
behavioral2/files/0x000b000000023bc8-59.dat	upx
behavioral2/files/0x000a000000023bcc-69.dat	upx
behavioral2/files/0x000a000000023bcd-75.dat	upx
behavioral2/files/0x000a000000023bd1-89.dat	upx
behavioral2/files/0x000a000000023bd3-99.dat	upx
behavioral2/files/0x000a000000023bd5-117.dat	upx
behavioral2/files/0x000a000000023bda-134.dat	upx
behavioral2/files/0x000a000000023bdc-144.dat	upx
behavioral2/files/0x000a000000023bdd-157.dat	upx
behavioral2/memory/4000-410-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp	upx
behavioral2/memory/2488-431-0x00007FF6E0FB0000-0x00007FF6E13A2000-memory.dmp	upx
behavioral2/memory/3124-439-0x00007FF7B55C0000-0x00007FF7B59B2000-memory.dmp	upx
behavioral2/memory/4360-440-0x00007FF6E94A0000-0x00007FF6E9892000-memory.dmp	upx
behavioral2/memory/1268-449-0x00007FF66A4F0000-0x00007FF66A8E2000-memory.dmp	upx
behavioral2/memory/516-460-0x00007FF7CCDA0000-0x00007FF7CD192000-memory.dmp	upx
behavioral2/memory/4728-503-0x00007FF7AF290000-0x00007FF7AF682000-memory.dmp	upx
behavioral2/memory/3400-550-0x00007FF6AAE40000-0x00007FF6AB232000-memory.dmp	upx
behavioral2/memory/4316-562-0x00007FF67FFC0000-0x00007FF6803B2000-memory.dmp	upx
behavioral2/memory/4932-561-0x00007FF68F9D0000-0x00007FF68FDC2000-memory.dmp	upx
behavioral2/memory/4340-516-0x00007FF77D610000-0x00007FF77DA02000-memory.dmp	upx
behavioral2/memory/2884-512-0x00007FF6F2B20000-0x00007FF6F2F12000-memory.dmp	upx
behavioral2/memory/4712-487-0x00007FF6A6F80000-0x00007FF6A7372000-memory.dmp	upx
behavioral2/memory/2284-483-0x00007FF76CF70000-0x00007FF76D362000-memory.dmp	upx
behavioral2/memory/1460-472-0x00007FF6DF2C0000-0x00007FF6DF6B2000-memory.dmp	upx
behavioral2/memory/3992-465-0x00007FF697D20000-0x00007FF698112000-memory.dmp	upx
behavioral2/memory/3656-464-0x00007FF6A2DA0000-0x00007FF6A3192000-memory.dmp	upx
behavioral2/memory/1848-444-0x00007FF647D10000-0x00007FF648102000-memory.dmp	upx
behavioral2/memory/536-425-0x00007FF7729D0000-0x00007FF772DC2000-memory.dmp	upx
behavioral2/memory/4680-416-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp	upx
behavioral2/files/0x0008000000023bf8-179.dat	upx
behavioral2/files/0x000a000000023be8-177.dat	upx
behavioral2/files/0x000e000000023bef-174.dat	upx
behavioral2/files/0x000b000000023be0-172.dat	upx
behavioral2/files/0x000b000000023bdf-167.dat	upx
behavioral2/files/0x000b000000023bde-162.dat	upx
behavioral2/files/0x000a000000023bdb-147.dat	upx
behavioral2/files/0x000a000000023bd9-137.dat	upx
behavioral2/files/0x000a000000023bd8-132.dat	upx
behavioral2/files/0x000a000000023bd7-127.dat	upx
behavioral2/files/0x000a000000023bd6-122.dat	upx
behavioral2/files/0x000a000000023bd4-112.dat	upx
behavioral2/files/0x000a000000023bd2-100.dat	upx
behavioral2/files/0x000a000000023bd0-90.dat	upx
behavioral2/files/0x000a000000023bcf-85.dat	upx
behavioral2/files/0x000a000000023bce-79.dat	upx
behavioral2/memory/2368-53-0x00007FF6140A0000-0x00007FF614492000-memory.dmp	upx
behavioral2/files/0x000a000000023bc7-47.dat	upx
behavioral2/files/0x000b000000023bc9-42.dat	upx
behavioral2/memory/3184-36-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp	upx
behavioral2/memory/2148-35-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp	upx
behavioral2/files/0x000a000000023bc4-11.dat	upx
behavioral2/memory/2368-2456-0x00007FF6140A0000-0x00007FF614492000-memory.dmp	upx
behavioral2/memory/2148-2482-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp	upx
behavioral2/memory/3184-2480-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp	upx
behavioral2/memory/3752-2485-0x00007FF771030000-0x00007FF771422000-memory.dmp	upx
behavioral2/memory/4000-2490-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp	upx
behavioral2/memory/4680-2488-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hJwclSV.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\EgNXzob.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\yDeHbxm.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\stpdaZV.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\VkThwTt.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\jIecsVp.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\KisaRwJ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\JTBdsls.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\OstOnmP.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\eHACDBJ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\yWSyBiW.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\xRrhrdY.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\IVEMfXO.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\uRWWHTb.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\KiIYhwF.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\yBVgUvb.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\mAGnOhF.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\OZKjQRZ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\obUICdR.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\UMfIAxF.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\wGtfknf.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\lECbkPb.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\xDoAZEA.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\VbpmHuz.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\yTrvBAd.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\iqPQMyC.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\fukjoFg.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\DrYlUnD.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\BOEzMWa.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\mRFsMZb.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\wPVOTJT.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\tyrmYPl.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\IIXmVcB.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\ZdejIIX.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\TwYilAN.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\YbhToIF.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\iFfasaD.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\kjzFsRH.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\TiibMoE.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\vyzAfHe.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\vPXJdEr.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\dqoGwzM.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\azdwNKH.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\dZCfcOl.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\HYYcVtW.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\kjvlArm.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\URWdWsC.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\cNkOyOl.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\OSXXHhu.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\dxaSGzJ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\yycDCtZ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\wTIMeIT.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\nyKpbJU.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\DPewwDL.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\nyWxpjv.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\AKgxcpx.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\CpGZemQ.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\zXLSEvm.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\EoMeuri.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\VYzsXhf.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\tVAuupA.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\MKChKzw.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\WSQwTje.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
File created	C:\Windows\System\ofdTmJX.exe	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4380	powershell.exe
4380	powershell.exe
4380	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4380	powershell.exe
Token: SeLockMemoryPrivilege	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4380	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	87
PID 4948 wrote to memory of 4380	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	87
PID 4948 wrote to memory of 2148	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	88
PID 4948 wrote to memory of 2148	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	88
PID 4948 wrote to memory of 3184	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	89
PID 4948 wrote to memory of 3184	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	89
PID 4948 wrote to memory of 3752	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	90
PID 4948 wrote to memory of 3752	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	90
PID 4948 wrote to memory of 2368	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	91
PID 4948 wrote to memory of 2368	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	91
PID 4948 wrote to memory of 3400	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	92
PID 4948 wrote to memory of 3400	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	92
PID 4948 wrote to memory of 4932	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	93
PID 4948 wrote to memory of 4932	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	93
PID 4948 wrote to memory of 4316	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	94
PID 4948 wrote to memory of 4316	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	94
PID 4948 wrote to memory of 4000	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	95
PID 4948 wrote to memory of 4000	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	95
PID 4948 wrote to memory of 4680	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	96
PID 4948 wrote to memory of 4680	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	96
PID 4948 wrote to memory of 536	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	97
PID 4948 wrote to memory of 536	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	97
PID 4948 wrote to memory of 2488	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	98
PID 4948 wrote to memory of 2488	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	98
PID 4948 wrote to memory of 3124	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	99
PID 4948 wrote to memory of 3124	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	99
PID 4948 wrote to memory of 4360	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	100
PID 4948 wrote to memory of 4360	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	100
PID 4948 wrote to memory of 1848	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	101
PID 4948 wrote to memory of 1848	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	101
PID 4948 wrote to memory of 1268	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	102
PID 4948 wrote to memory of 1268	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	102
PID 4948 wrote to memory of 516	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	103
PID 4948 wrote to memory of 516	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	103
PID 4948 wrote to memory of 3656	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	104
PID 4948 wrote to memory of 3656	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	104
PID 4948 wrote to memory of 3992	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	105
PID 4948 wrote to memory of 3992	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	105
PID 4948 wrote to memory of 1460	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	106
PID 4948 wrote to memory of 1460	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	106
PID 4948 wrote to memory of 2284	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	107
PID 4948 wrote to memory of 2284	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	107
PID 4948 wrote to memory of 4712	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	108
PID 4948 wrote to memory of 4712	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	108
PID 4948 wrote to memory of 4728	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	109
PID 4948 wrote to memory of 4728	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	109
PID 4948 wrote to memory of 2884	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	110
PID 4948 wrote to memory of 2884	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	110
PID 4948 wrote to memory of 4340	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	111
PID 4948 wrote to memory of 4340	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	111
PID 4948 wrote to memory of 3084	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	112
PID 4948 wrote to memory of 3084	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	112
PID 4948 wrote to memory of 1984	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	113
PID 4948 wrote to memory of 1984	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	113
PID 4948 wrote to memory of 1592	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	114
PID 4948 wrote to memory of 1592	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	114
PID 4948 wrote to memory of 2240	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	115
PID 4948 wrote to memory of 2240	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	115
PID 4948 wrote to memory of 3920	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	116
PID 4948 wrote to memory of 3920	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	116
PID 4948 wrote to memory of 4632	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	117
PID 4948 wrote to memory of 4632	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	117
PID 4948 wrote to memory of 2712	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	118
PID 4948 wrote to memory of 2712	4948	128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\128b09fba850dbfda464cbe37f6947a1_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4380
- C:\Windows\System\TSwXicZ.exe
  C:\Windows\System\TSwXicZ.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\qLzXNDf.exe
  C:\Windows\System\qLzXNDf.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\fzGStMX.exe
  C:\Windows\System\fzGStMX.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\rOnjkIE.exe
  C:\Windows\System\rOnjkIE.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\HYYcVtW.exe
  C:\Windows\System\HYYcVtW.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\IDqzBRU.exe
  C:\Windows\System\IDqzBRU.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\FCLucjx.exe
  C:\Windows\System\FCLucjx.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\NpPfNVq.exe
  C:\Windows\System\NpPfNVq.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\EUwYZTr.exe
  C:\Windows\System\EUwYZTr.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\cQEqXey.exe
  C:\Windows\System\cQEqXey.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\TfGICyk.exe
  C:\Windows\System\TfGICyk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\VvrerUB.exe
  C:\Windows\System\VvrerUB.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\sgiKkZj.exe
  C:\Windows\System\sgiKkZj.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\bOBfPww.exe
  C:\Windows\System\bOBfPww.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\XvYOVat.exe
  C:\Windows\System\XvYOVat.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ciurgsS.exe
  C:\Windows\System\ciurgsS.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\DMWlwNc.exe
  C:\Windows\System\DMWlwNc.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\KyHEnKf.exe
  C:\Windows\System\KyHEnKf.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\QVqTCON.exe
  C:\Windows\System\QVqTCON.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\VgjpTJc.exe
  C:\Windows\System\VgjpTJc.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\qPCvEUe.exe
  C:\Windows\System\qPCvEUe.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\RbKFCHf.exe
  C:\Windows\System\RbKFCHf.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\PSAiKXx.exe
  C:\Windows\System\PSAiKXx.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\moQSAss.exe
  C:\Windows\System\moQSAss.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\TizEWUo.exe
  C:\Windows\System\TizEWUo.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\nrBKEZm.exe
  C:\Windows\System\nrBKEZm.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ixrNhKE.exe
  C:\Windows\System\ixrNhKE.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\wzVPYwn.exe
  C:\Windows\System\wzVPYwn.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\yNdcfsu.exe
  C:\Windows\System\yNdcfsu.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\oCUvECE.exe
  C:\Windows\System\oCUvECE.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\igjoDUi.exe
  C:\Windows\System\igjoDUi.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vJpentG.exe
  C:\Windows\System\vJpentG.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\RwZIsah.exe
  C:\Windows\System\RwZIsah.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\QpvMiLz.exe
  C:\Windows\System\QpvMiLz.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\rSjLBea.exe
  C:\Windows\System\rSjLBea.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\mUDcEjt.exe
  C:\Windows\System\mUDcEjt.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VkThwTt.exe
  C:\Windows\System\VkThwTt.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\bhRYwAu.exe
  C:\Windows\System\bhRYwAu.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\ktelUYt.exe
  C:\Windows\System\ktelUYt.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\bBAAZtw.exe
  C:\Windows\System\bBAAZtw.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\MFHDUbo.exe
  C:\Windows\System\MFHDUbo.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\wsgeBZT.exe
  C:\Windows\System\wsgeBZT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\NRqLPXb.exe
  C:\Windows\System\NRqLPXb.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\coQpZSt.exe
  C:\Windows\System\coQpZSt.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\XjuyDkJ.exe
  C:\Windows\System\XjuyDkJ.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\wPdUKim.exe
  C:\Windows\System\wPdUKim.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\vSCGMff.exe
  C:\Windows\System\vSCGMff.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\iXHnvRN.exe
  C:\Windows\System\iXHnvRN.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\TuGEMpb.exe
  C:\Windows\System\TuGEMpb.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\TvaHxKf.exe
  C:\Windows\System\TvaHxKf.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\DGHbENG.exe
  C:\Windows\System\DGHbENG.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\YqrFLuV.exe
  C:\Windows\System\YqrFLuV.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\KinIALG.exe
  C:\Windows\System\KinIALG.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\rYawCoU.exe
  C:\Windows\System\rYawCoU.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\OzRVJBZ.exe
  C:\Windows\System\OzRVJBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\HmIlpnX.exe
  C:\Windows\System\HmIlpnX.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\pnHmtNa.exe
  C:\Windows\System\pnHmtNa.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\jBrBqgy.exe
  C:\Windows\System\jBrBqgy.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\wkhLmUW.exe
  C:\Windows\System\wkhLmUW.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AULozYI.exe
  C:\Windows\System\AULozYI.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yuQqbLc.exe
  C:\Windows\System\yuQqbLc.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\mdCABIy.exe
  C:\Windows\System\mdCABIy.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\RLjuQir.exe
  C:\Windows\System\RLjuQir.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\iMguiPZ.exe
  C:\Windows\System\iMguiPZ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\ZbQaDgw.exe
  C:\Windows\System\ZbQaDgw.exe
  2⤵
  PID:800
- C:\Windows\System\MoSfecV.exe
  C:\Windows\System\MoSfecV.exe
  2⤵
  PID:3296
- C:\Windows\System\DsjJFgg.exe
  C:\Windows\System\DsjJFgg.exe
  2⤵
  PID:3592
- C:\Windows\System\TlxuSeR.exe
  C:\Windows\System\TlxuSeR.exe
  2⤵
  PID:3264
- C:\Windows\System\croAOZa.exe
  C:\Windows\System\croAOZa.exe
  2⤵
  PID:1908
- C:\Windows\System\dqoGwzM.exe
  C:\Windows\System\dqoGwzM.exe
  2⤵
  PID:5144
- C:\Windows\System\JTBdsls.exe
  C:\Windows\System\JTBdsls.exe
  2⤵
  PID:5172
- C:\Windows\System\WAWFbPv.exe
  C:\Windows\System\WAWFbPv.exe
  2⤵
  PID:5196
- C:\Windows\System\FfVYFjh.exe
  C:\Windows\System\FfVYFjh.exe
  2⤵
  PID:5228
- C:\Windows\System\ipxlLlv.exe
  C:\Windows\System\ipxlLlv.exe
  2⤵
  PID:5260
- C:\Windows\System\itsGDpf.exe
  C:\Windows\System\itsGDpf.exe
  2⤵
  PID:5280
- C:\Windows\System\Motgszw.exe
  C:\Windows\System\Motgszw.exe
  2⤵
  PID:5308
- C:\Windows\System\bjmEuXN.exe
  C:\Windows\System\bjmEuXN.exe
  2⤵
  PID:5340
- C:\Windows\System\qdCLHZd.exe
  C:\Windows\System\qdCLHZd.exe
  2⤵
  PID:5372
- C:\Windows\System\ZbAxSOv.exe
  C:\Windows\System\ZbAxSOv.exe
  2⤵
  PID:5400
- C:\Windows\System\OkdOisA.exe
  C:\Windows\System\OkdOisA.exe
  2⤵
  PID:5428
- C:\Windows\System\AqQtbXI.exe
  C:\Windows\System\AqQtbXI.exe
  2⤵
  PID:5456
- C:\Windows\System\bheTlYI.exe
  C:\Windows\System\bheTlYI.exe
  2⤵
  PID:5484
- C:\Windows\System\pdWPwCb.exe
  C:\Windows\System\pdWPwCb.exe
  2⤵
  PID:5512
- C:\Windows\System\XyFceqk.exe
  C:\Windows\System\XyFceqk.exe
  2⤵
  PID:5536
- C:\Windows\System\NfxcRcV.exe
  C:\Windows\System\NfxcRcV.exe
  2⤵
  PID:5564
- C:\Windows\System\VrOWGPj.exe
  C:\Windows\System\VrOWGPj.exe
  2⤵
  PID:5592
- C:\Windows\System\gdELGcx.exe
  C:\Windows\System\gdELGcx.exe
  2⤵
  PID:5616
- C:\Windows\System\tAHujDB.exe
  C:\Windows\System\tAHujDB.exe
  2⤵
  PID:5652
- C:\Windows\System\lSuzEGL.exe
  C:\Windows\System\lSuzEGL.exe
  2⤵
  PID:5680
- C:\Windows\System\cmsISGn.exe
  C:\Windows\System\cmsISGn.exe
  2⤵
  PID:5716
- C:\Windows\System\QxfnoUn.exe
  C:\Windows\System\QxfnoUn.exe
  2⤵
  PID:5744
- C:\Windows\System\AWXwUpz.exe
  C:\Windows\System\AWXwUpz.exe
  2⤵
  PID:5772
- C:\Windows\System\vxZcFor.exe
  C:\Windows\System\vxZcFor.exe
  2⤵
  PID:5800
- C:\Windows\System\hvMJbJK.exe
  C:\Windows\System\hvMJbJK.exe
  2⤵
  PID:5828
- C:\Windows\System\INpRrdt.exe
  C:\Windows\System\INpRrdt.exe
  2⤵
  PID:5860
- C:\Windows\System\xfSedly.exe
  C:\Windows\System\xfSedly.exe
  2⤵
  PID:5888
- C:\Windows\System\IVrQjnf.exe
  C:\Windows\System\IVrQjnf.exe
  2⤵
  PID:5912
- C:\Windows\System\OjBMjBk.exe
  C:\Windows\System\OjBMjBk.exe
  2⤵
  PID:5940
- C:\Windows\System\ObTdkDb.exe
  C:\Windows\System\ObTdkDb.exe
  2⤵
  PID:5972
- C:\Windows\System\fGPlRut.exe
  C:\Windows\System\fGPlRut.exe
  2⤵
  PID:6000
- C:\Windows\System\HFPSzik.exe
  C:\Windows\System\HFPSzik.exe
  2⤵
  PID:6028
- C:\Windows\System\OzZRdLV.exe
  C:\Windows\System\OzZRdLV.exe
  2⤵
  PID:6056
- C:\Windows\System\UMfIAxF.exe
  C:\Windows\System\UMfIAxF.exe
  2⤵
  PID:6084
- C:\Windows\System\HRtNzUC.exe
  C:\Windows\System\HRtNzUC.exe
  2⤵
  PID:6112
- C:\Windows\System\NpAbopa.exe
  C:\Windows\System\NpAbopa.exe
  2⤵
  PID:6140
- C:\Windows\System\WzbWiCm.exe
  C:\Windows\System\WzbWiCm.exe
  2⤵
  PID:3572
- C:\Windows\System\wdBamSh.exe
  C:\Windows\System\wdBamSh.exe
  2⤵
  PID:4468
- C:\Windows\System\qDbnfgh.exe
  C:\Windows\System\qDbnfgh.exe
  2⤵
  PID:4460
- C:\Windows\System\wGtfknf.exe
  C:\Windows\System\wGtfknf.exe
  2⤵
  PID:5136
- C:\Windows\System\XoKwXJQ.exe
  C:\Windows\System\XoKwXJQ.exe
  2⤵
  PID:5180
- C:\Windows\System\LpkefSV.exe
  C:\Windows\System\LpkefSV.exe
  2⤵
  PID:5360
- C:\Windows\System\gDCPTsN.exe
  C:\Windows\System\gDCPTsN.exe
  2⤵
  PID:5392
- C:\Windows\System\KvuuJPW.exe
  C:\Windows\System\KvuuJPW.exe
  2⤵
  PID:5464
- C:\Windows\System\WGUxbZU.exe
  C:\Windows\System\WGUxbZU.exe
  2⤵
  PID:5520
- C:\Windows\System\aXaKeSs.exe
  C:\Windows\System\aXaKeSs.exe
  2⤵
  PID:5580
- C:\Windows\System\SXfesAk.exe
  C:\Windows\System\SXfesAk.exe
  2⤵
  PID:4396
- C:\Windows\System\VgTSyXy.exe
  C:\Windows\System\VgTSyXy.exe
  2⤵
  PID:5644
- C:\Windows\System\JXArOAI.exe
  C:\Windows\System\JXArOAI.exe
  2⤵
  PID:5736
- C:\Windows\System\WrhTFLG.exe
  C:\Windows\System\WrhTFLG.exe
  2⤵
  PID:5812
- C:\Windows\System\FSCAEgA.exe
  C:\Windows\System\FSCAEgA.exe
  2⤵
  PID:5848
- C:\Windows\System\eImFsSW.exe
  C:\Windows\System\eImFsSW.exe
  2⤵
  PID:3980
- C:\Windows\System\BnXMNEx.exe
  C:\Windows\System\BnXMNEx.exe
  2⤵
  PID:5932
- C:\Windows\System\uPyRPNs.exe
  C:\Windows\System\uPyRPNs.exe
  2⤵
  PID:5956
- C:\Windows\System\HhBNwQK.exe
  C:\Windows\System\HhBNwQK.exe
  2⤵
  PID:6048
- C:\Windows\System\KisaRwJ.exe
  C:\Windows\System\KisaRwJ.exe
  2⤵
  PID:2820
- C:\Windows\System\BvnTJJR.exe
  C:\Windows\System\BvnTJJR.exe
  2⤵
  PID:3692
- C:\Windows\System\BDHkiHG.exe
  C:\Windows\System\BDHkiHG.exe
  2⤵
  PID:4352
- C:\Windows\System\xMjvSXD.exe
  C:\Windows\System\xMjvSXD.exe
  2⤵
  PID:860
- C:\Windows\System\yPsQVCh.exe
  C:\Windows\System\yPsQVCh.exe
  2⤵
  PID:4088
- C:\Windows\System\oefiHve.exe
  C:\Windows\System\oefiHve.exe
  2⤵
  PID:544
- C:\Windows\System\tyrmYPl.exe
  C:\Windows\System\tyrmYPl.exe
  2⤵
  PID:3548
- C:\Windows\System\hTzYaFg.exe
  C:\Windows\System\hTzYaFg.exe
  2⤵
  PID:5256
- C:\Windows\System\WzypiLq.exe
  C:\Windows\System\WzypiLq.exe
  2⤵
  PID:1900
- C:\Windows\System\tQvxXSq.exe
  C:\Windows\System\tQvxXSq.exe
  2⤵
  PID:836
- C:\Windows\System\RHSrJLs.exe
  C:\Windows\System\RHSrJLs.exe
  2⤵
  PID:5348
- C:\Windows\System\vILsNww.exe
  C:\Windows\System\vILsNww.exe
  2⤵
  PID:5408
- C:\Windows\System\BEOcSoY.exe
  C:\Windows\System\BEOcSoY.exe
  2⤵
  PID:5640
- C:\Windows\System\wPIpuac.exe
  C:\Windows\System\wPIpuac.exe
  2⤵
  PID:5764
- C:\Windows\System\OstOnmP.exe
  C:\Windows\System\OstOnmP.exe
  2⤵
  PID:1656
- C:\Windows\System\yFQCCvJ.exe
  C:\Windows\System\yFQCCvJ.exe
  2⤵
  PID:4512
- C:\Windows\System\XmIIeQr.exe
  C:\Windows\System\XmIIeQr.exe
  2⤵
  PID:1368
- C:\Windows\System\hTpyFOA.exe
  C:\Windows\System\hTpyFOA.exe
  2⤵
  PID:1704
- C:\Windows\System\ulobAyA.exe
  C:\Windows\System\ulobAyA.exe
  2⤵
  PID:2672
- C:\Windows\System\YbBnYNy.exe
  C:\Windows\System\YbBnYNy.exe
  2⤵
  PID:5668
- C:\Windows\System\pPKJHVB.exe
  C:\Windows\System\pPKJHVB.exe
  2⤵
  PID:5160
- C:\Windows\System\NIIrblE.exe
  C:\Windows\System\NIIrblE.exe
  2⤵
  PID:5704
- C:\Windows\System\KiIYhwF.exe
  C:\Windows\System\KiIYhwF.exe
  2⤵
  PID:5928
- C:\Windows\System\jivqeES.exe
  C:\Windows\System\jivqeES.exe
  2⤵
  PID:6152
- C:\Windows\System\kuCzFkP.exe
  C:\Windows\System\kuCzFkP.exe
  2⤵
  PID:6176
- C:\Windows\System\xpGPQPO.exe
  C:\Windows\System\xpGPQPO.exe
  2⤵
  PID:6192
- C:\Windows\System\ROoVGEk.exe
  C:\Windows\System\ROoVGEk.exe
  2⤵
  PID:6232
- C:\Windows\System\hJwclSV.exe
  C:\Windows\System\hJwclSV.exe
  2⤵
  PID:6292
- C:\Windows\System\SduygJY.exe
  C:\Windows\System\SduygJY.exe
  2⤵
  PID:6316
- C:\Windows\System\WWwUimn.exe
  C:\Windows\System\WWwUimn.exe
  2⤵
  PID:6336
- C:\Windows\System\PWeWiQT.exe
  C:\Windows\System\PWeWiQT.exe
  2⤵
  PID:6356
- C:\Windows\System\GIwUprl.exe
  C:\Windows\System\GIwUprl.exe
  2⤵
  PID:6412
- C:\Windows\System\cyUzbjU.exe
  C:\Windows\System\cyUzbjU.exe
  2⤵
  PID:6464
- C:\Windows\System\wyqQAYD.exe
  C:\Windows\System\wyqQAYD.exe
  2⤵
  PID:6548
- C:\Windows\System\FEHFbKu.exe
  C:\Windows\System\FEHFbKu.exe
  2⤵
  PID:6564
- C:\Windows\System\dVihCgC.exe
  C:\Windows\System\dVihCgC.exe
  2⤵
  PID:6580
- C:\Windows\System\WJdIIkb.exe
  C:\Windows\System\WJdIIkb.exe
  2⤵
  PID:6612
- C:\Windows\System\caVtreK.exe
  C:\Windows\System\caVtreK.exe
  2⤵
  PID:6660
- C:\Windows\System\qBiUjXA.exe
  C:\Windows\System\qBiUjXA.exe
  2⤵
  PID:6692
- C:\Windows\System\LvQlHBP.exe
  C:\Windows\System\LvQlHBP.exe
  2⤵
  PID:6720
- C:\Windows\System\abWBwQa.exe
  C:\Windows\System\abWBwQa.exe
  2⤵
  PID:6752
- C:\Windows\System\XsVhvib.exe
  C:\Windows\System\XsVhvib.exe
  2⤵
  PID:6772
- C:\Windows\System\HhVWmaO.exe
  C:\Windows\System\HhVWmaO.exe
  2⤵
  PID:6804
- C:\Windows\System\fBhvASL.exe
  C:\Windows\System\fBhvASL.exe
  2⤵
  PID:6840
- C:\Windows\System\lvdLNoe.exe
  C:\Windows\System\lvdLNoe.exe
  2⤵
  PID:6876
- C:\Windows\System\RHTHruI.exe
  C:\Windows\System\RHTHruI.exe
  2⤵
  PID:6900
- C:\Windows\System\hOfHQjn.exe
  C:\Windows\System\hOfHQjn.exe
  2⤵
  PID:6920
- C:\Windows\System\DxBNtpr.exe
  C:\Windows\System\DxBNtpr.exe
  2⤵
  PID:6936
- C:\Windows\System\qmaegZN.exe
  C:\Windows\System\qmaegZN.exe
  2⤵
  PID:6968
- C:\Windows\System\yLZzNBl.exe
  C:\Windows\System\yLZzNBl.exe
  2⤵
  PID:7004
- C:\Windows\System\ybWSYHV.exe
  C:\Windows\System\ybWSYHV.exe
  2⤵
  PID:7036
- C:\Windows\System\OEsBKZB.exe
  C:\Windows\System\OEsBKZB.exe
  2⤵
  PID:7080
- C:\Windows\System\QMWwAam.exe
  C:\Windows\System\QMWwAam.exe
  2⤵
  PID:7096
- C:\Windows\System\XxpJIQQ.exe
  C:\Windows\System\XxpJIQQ.exe
  2⤵
  PID:7116
- C:\Windows\System\WAPVbBe.exe
  C:\Windows\System\WAPVbBe.exe
  2⤵
  PID:7136
- C:\Windows\System\sjPWLKB.exe
  C:\Windows\System\sjPWLKB.exe
  2⤵
  PID:2224
- C:\Windows\System\eCBuEGz.exe
  C:\Windows\System\eCBuEGz.exe
  2⤵
  PID:5696
- C:\Windows\System\StbZacW.exe
  C:\Windows\System\StbZacW.exe
  2⤵
  PID:5500
- C:\Windows\System\SqJEyGl.exe
  C:\Windows\System\SqJEyGl.exe
  2⤵
  PID:6072
- C:\Windows\System\nnOtGAA.exe
  C:\Windows\System\nnOtGAA.exe
  2⤵
  PID:6164
- C:\Windows\System\bZuMdvE.exe
  C:\Windows\System\bZuMdvE.exe
  2⤵
  PID:6244
- C:\Windows\System\LhAILzL.exe
  C:\Windows\System\LhAILzL.exe
  2⤵
  PID:6348
- C:\Windows\System\euaOvIZ.exe
  C:\Windows\System\euaOvIZ.exe
  2⤵
  PID:6276
- C:\Windows\System\dMauVIl.exe
  C:\Windows\System\dMauVIl.exe
  2⤵
  PID:5124
- C:\Windows\System\GPGTWIm.exe
  C:\Windows\System\GPGTWIm.exe
  2⤵
  PID:644
- C:\Windows\System\IMwtCLr.exe
  C:\Windows\System\IMwtCLr.exe
  2⤵
  PID:6596
- C:\Windows\System\TiAuFgS.exe
  C:\Windows\System\TiAuFgS.exe
  2⤵
  PID:6556
- C:\Windows\System\FpEmsEx.exe
  C:\Windows\System\FpEmsEx.exe
  2⤵
  PID:6700
- C:\Windows\System\miYGEzA.exe
  C:\Windows\System\miYGEzA.exe
  2⤵
  PID:6748
- C:\Windows\System\xRrhrdY.exe
  C:\Windows\System\xRrhrdY.exe
  2⤵
  PID:6788
- C:\Windows\System\oYccBka.exe
  C:\Windows\System\oYccBka.exe
  2⤵
  PID:6868
- C:\Windows\System\XjdLOdm.exe
  C:\Windows\System\XjdLOdm.exe
  2⤵
  PID:6872
- C:\Windows\System\SbVExtD.exe
  C:\Windows\System\SbVExtD.exe
  2⤵
  PID:6956
- C:\Windows\System\wMxjESm.exe
  C:\Windows\System\wMxjESm.exe
  2⤵
  PID:6944
- C:\Windows\System\jxYtwbr.exe
  C:\Windows\System\jxYtwbr.exe
  2⤵
  PID:7016
- C:\Windows\System\jMJlpHe.exe
  C:\Windows\System\jMJlpHe.exe
  2⤵
  PID:380
- C:\Windows\System\xQjfHBJ.exe
  C:\Windows\System\xQjfHBJ.exe
  2⤵
  PID:7088
- C:\Windows\System\MVeXUto.exe
  C:\Windows\System\MVeXUto.exe
  2⤵
  PID:7092
- C:\Windows\System\vfsIzzn.exe
  C:\Windows\System\vfsIzzn.exe
  2⤵
  PID:5236
- C:\Windows\System\bwfARrL.exe
  C:\Windows\System\bwfARrL.exe
  2⤵
  PID:5448
- C:\Windows\System\rOsKajB.exe
  C:\Windows\System\rOsKajB.exe
  2⤵
  PID:6228
- C:\Windows\System\ibLFzYi.exe
  C:\Windows\System\ibLFzYi.exe
  2⤵
  PID:6440
- C:\Windows\System\azwcsaz.exe
  C:\Windows\System\azwcsaz.exe
  2⤵
  PID:6576
- C:\Windows\System\nCPdEGk.exe
  C:\Windows\System\nCPdEGk.exe
  2⤵
  PID:2012
- C:\Windows\System\AGspkwx.exe
  C:\Windows\System\AGspkwx.exe
  2⤵
  PID:7132
- C:\Windows\System\gAbunRt.exe
  C:\Windows\System\gAbunRt.exe
  2⤵
  PID:6224
- C:\Windows\System\pUkqWJH.exe
  C:\Windows\System\pUkqWJH.exe
  2⤵
  PID:6404
- C:\Windows\System\WlepPyJ.exe
  C:\Windows\System\WlepPyJ.exe
  2⤵
  PID:6832
- C:\Windows\System\RTJIgix.exe
  C:\Windows\System\RTJIgix.exe
  2⤵
  PID:6160
- C:\Windows\System\cuTDbkL.exe
  C:\Windows\System\cuTDbkL.exe
  2⤵
  PID:6716
- C:\Windows\System\MqRFcuk.exe
  C:\Windows\System\MqRFcuk.exe
  2⤵
  PID:7176
- C:\Windows\System\rqwPDrp.exe
  C:\Windows\System\rqwPDrp.exe
  2⤵
  PID:7216
- C:\Windows\System\uXiVuQi.exe
  C:\Windows\System\uXiVuQi.exe
  2⤵
  PID:7240
- C:\Windows\System\dmDlOAI.exe
  C:\Windows\System\dmDlOAI.exe
  2⤵
  PID:7260
- C:\Windows\System\nLaHQnb.exe
  C:\Windows\System\nLaHQnb.exe
  2⤵
  PID:7300
- C:\Windows\System\opmpMNJ.exe
  C:\Windows\System\opmpMNJ.exe
  2⤵
  PID:7320
- C:\Windows\System\IHJvbEN.exe
  C:\Windows\System\IHJvbEN.exe
  2⤵
  PID:7336
- C:\Windows\System\OZTOWlu.exe
  C:\Windows\System\OZTOWlu.exe
  2⤵
  PID:7360
- C:\Windows\System\drlkxvp.exe
  C:\Windows\System\drlkxvp.exe
  2⤵
  PID:7376
- C:\Windows\System\eMAYyhG.exe
  C:\Windows\System\eMAYyhG.exe
  2⤵
  PID:7420
- C:\Windows\System\snEAhSh.exe
  C:\Windows\System\snEAhSh.exe
  2⤵
  PID:7444
- C:\Windows\System\HNgYuJk.exe
  C:\Windows\System\HNgYuJk.exe
  2⤵
  PID:7464
- C:\Windows\System\zsixsqN.exe
  C:\Windows\System\zsixsqN.exe
  2⤵
  PID:7492
- C:\Windows\System\mvENbwE.exe
  C:\Windows\System\mvENbwE.exe
  2⤵
  PID:7508
- C:\Windows\System\KmrwFxx.exe
  C:\Windows\System\KmrwFxx.exe
  2⤵
  PID:7540
- C:\Windows\System\sMySeGa.exe
  C:\Windows\System\sMySeGa.exe
  2⤵
  PID:7600
- C:\Windows\System\eNuEtfO.exe
  C:\Windows\System\eNuEtfO.exe
  2⤵
  PID:7624
- C:\Windows\System\FFXXkDI.exe
  C:\Windows\System\FFXXkDI.exe
  2⤵
  PID:7644
- C:\Windows\System\cUSeAvI.exe
  C:\Windows\System\cUSeAvI.exe
  2⤵
  PID:7660
- C:\Windows\System\dQFpaxn.exe
  C:\Windows\System\dQFpaxn.exe
  2⤵
  PID:7684
- C:\Windows\System\WXHxFuQ.exe
  C:\Windows\System\WXHxFuQ.exe
  2⤵
  PID:7740
- C:\Windows\System\wZsWRkT.exe
  C:\Windows\System\wZsWRkT.exe
  2⤵
  PID:7760
- C:\Windows\System\uyqfIqg.exe
  C:\Windows\System\uyqfIqg.exe
  2⤵
  PID:7808
- C:\Windows\System\jBjCIZD.exe
  C:\Windows\System\jBjCIZD.exe
  2⤵
  PID:7828
- C:\Windows\System\EYJGOwG.exe
  C:\Windows\System\EYJGOwG.exe
  2⤵
  PID:7852
- C:\Windows\System\LJLUjgO.exe
  C:\Windows\System\LJLUjgO.exe
  2⤵
  PID:7900
- C:\Windows\System\VaqFgZZ.exe
  C:\Windows\System\VaqFgZZ.exe
  2⤵
  PID:7924
- C:\Windows\System\MdMeAgN.exe
  C:\Windows\System\MdMeAgN.exe
  2⤵
  PID:7952
- C:\Windows\System\sKSLHXk.exe
  C:\Windows\System\sKSLHXk.exe
  2⤵
  PID:7968
- C:\Windows\System\tVAuupA.exe
  C:\Windows\System\tVAuupA.exe
  2⤵
  PID:7992
- C:\Windows\System\HdmjUDv.exe
  C:\Windows\System\HdmjUDv.exe
  2⤵
  PID:8052
- C:\Windows\System\SJdfjBm.exe
  C:\Windows\System\SJdfjBm.exe
  2⤵
  PID:8112
- C:\Windows\System\RfatQOH.exe
  C:\Windows\System\RfatQOH.exe
  2⤵
  PID:8128
- C:\Windows\System\HBJbfqt.exe
  C:\Windows\System\HBJbfqt.exe
  2⤵
  PID:8168
- C:\Windows\System\vHaSWYc.exe
  C:\Windows\System\vHaSWYc.exe
  2⤵
  PID:7184
- C:\Windows\System\jHMqEsC.exe
  C:\Windows\System\jHMqEsC.exe
  2⤵
  PID:7296
- C:\Windows\System\TNDoBnP.exe
  C:\Windows\System\TNDoBnP.exe
  2⤵
  PID:7368
- C:\Windows\System\uWgqwIW.exe
  C:\Windows\System\uWgqwIW.exe
  2⤵
  PID:7416
- C:\Windows\System\UBGOqCM.exe
  C:\Windows\System\UBGOqCM.exe
  2⤵
  PID:7564
- C:\Windows\System\CQlepRf.exe
  C:\Windows\System\CQlepRf.exe
  2⤵
  PID:7536
- C:\Windows\System\dHIwJOY.exe
  C:\Windows\System\dHIwJOY.exe
  2⤵
  PID:7612
- C:\Windows\System\PHPfiRs.exe
  C:\Windows\System\PHPfiRs.exe
  2⤵
  PID:7668
- C:\Windows\System\pjkzgaa.exe
  C:\Windows\System\pjkzgaa.exe
  2⤵
  PID:7772
- C:\Windows\System\bdcfGOR.exe
  C:\Windows\System\bdcfGOR.exe
  2⤵
  PID:7788
- C:\Windows\System\wTIMeIT.exe
  C:\Windows\System\wTIMeIT.exe
  2⤵
  PID:7888
- C:\Windows\System\AKgxcpx.exe
  C:\Windows\System\AKgxcpx.exe
  2⤵
  PID:7976
- C:\Windows\System\OsLhrNv.exe
  C:\Windows\System\OsLhrNv.exe
  2⤵
  PID:8036
- C:\Windows\System\GLUVNOt.exe
  C:\Windows\System\GLUVNOt.exe
  2⤵
  PID:8124
- C:\Windows\System\JyFznjM.exe
  C:\Windows\System\JyFznjM.exe
  2⤵
  PID:6836
- C:\Windows\System\vxmMpVD.exe
  C:\Windows\System\vxmMpVD.exe
  2⤵
  PID:7212
- C:\Windows\System\nSszyGM.exe
  C:\Windows\System\nSszyGM.exe
  2⤵
  PID:7232
- C:\Windows\System\hEJKBDd.exe
  C:\Windows\System\hEJKBDd.exe
  2⤵
  PID:7412
- C:\Windows\System\xfZnFJf.exe
  C:\Windows\System\xfZnFJf.exe
  2⤵
  PID:7680
- C:\Windows\System\rxNZJwY.exe
  C:\Windows\System\rxNZJwY.exe
  2⤵
  PID:7752
- C:\Windows\System\lHnFlds.exe
  C:\Windows\System\lHnFlds.exe
  2⤵
  PID:7876
- C:\Windows\System\XyBIPHV.exe
  C:\Windows\System\XyBIPHV.exe
  2⤵
  PID:7948
- C:\Windows\System\KrtKgPU.exe
  C:\Windows\System\KrtKgPU.exe
  2⤵
  PID:8092
- C:\Windows\System\YFEZERG.exe
  C:\Windows\System\YFEZERG.exe
  2⤵
  PID:7700
- C:\Windows\System\rMjlqkX.exe
  C:\Windows\System\rMjlqkX.exe
  2⤵
  PID:7640
- C:\Windows\System\cBVRrLF.exe
  C:\Windows\System\cBVRrLF.exe
  2⤵
  PID:8032
- C:\Windows\System\iiCDaAx.exe
  C:\Windows\System\iiCDaAx.exe
  2⤵
  PID:8088
- C:\Windows\System\VPgmtND.exe
  C:\Windows\System\VPgmtND.exe
  2⤵
  PID:7252
- C:\Windows\System\vUnGJGE.exe
  C:\Windows\System\vUnGJGE.exe
  2⤵
  PID:7848
- C:\Windows\System\OSXXHhu.exe
  C:\Windows\System\OSXXHhu.exe
  2⤵
  PID:7800
- C:\Windows\System\zpFmzEe.exe
  C:\Windows\System\zpFmzEe.exe
  2⤵
  PID:8196
- C:\Windows\System\FkhkzSW.exe
  C:\Windows\System\FkhkzSW.exe
  2⤵
  PID:8232
- C:\Windows\System\iXTvUIb.exe
  C:\Windows\System\iXTvUIb.exe
  2⤵
  PID:8252
- C:\Windows\System\BTQoBZh.exe
  C:\Windows\System\BTQoBZh.exe
  2⤵
  PID:8340
- C:\Windows\System\xlJywsX.exe
  C:\Windows\System\xlJywsX.exe
  2⤵
  PID:8364
- C:\Windows\System\UUgFLIU.exe
  C:\Windows\System\UUgFLIU.exe
  2⤵
  PID:8396
- C:\Windows\System\IVEMfXO.exe
  C:\Windows\System\IVEMfXO.exe
  2⤵
  PID:8416
- C:\Windows\System\UdETQdn.exe
  C:\Windows\System\UdETQdn.exe
  2⤵
  PID:8440
- C:\Windows\System\gXgAneT.exe
  C:\Windows\System\gXgAneT.exe
  2⤵
  PID:8456
- C:\Windows\System\YwsiRMa.exe
  C:\Windows\System\YwsiRMa.exe
  2⤵
  PID:8532
- C:\Windows\System\YHaLcdi.exe
  C:\Windows\System\YHaLcdi.exe
  2⤵
  PID:8568
- C:\Windows\System\gAAktjJ.exe
  C:\Windows\System\gAAktjJ.exe
  2⤵
  PID:8588
- C:\Windows\System\NjBEdbW.exe
  C:\Windows\System\NjBEdbW.exe
  2⤵
  PID:8648
- C:\Windows\System\IVBpXFG.exe
  C:\Windows\System\IVBpXFG.exe
  2⤵
  PID:8736
- C:\Windows\System\rJeCJMX.exe
  C:\Windows\System\rJeCJMX.exe
  2⤵
  PID:8756
- C:\Windows\System\MKChKzw.exe
  C:\Windows\System\MKChKzw.exe
  2⤵
  PID:8784
- C:\Windows\System\fXUuJpw.exe
  C:\Windows\System\fXUuJpw.exe
  2⤵
  PID:8816
- C:\Windows\System\UqnEcmW.exe
  C:\Windows\System\UqnEcmW.exe
  2⤵
  PID:8840
- C:\Windows\System\qIPpbXZ.exe
  C:\Windows\System\qIPpbXZ.exe
  2⤵
  PID:8908
- C:\Windows\System\LtpCZPO.exe
  C:\Windows\System\LtpCZPO.exe
  2⤵
  PID:8924
- C:\Windows\System\VRtWFMG.exe
  C:\Windows\System\VRtWFMG.exe
  2⤵
  PID:8964
- C:\Windows\System\XcfjarN.exe
  C:\Windows\System\XcfjarN.exe
  2⤵
  PID:8988
- C:\Windows\System\infFahq.exe
  C:\Windows\System\infFahq.exe
  2⤵
  PID:9024
- C:\Windows\System\nhdwUWE.exe
  C:\Windows\System\nhdwUWE.exe
  2⤵
  PID:9060
- C:\Windows\System\pnfdFFa.exe
  C:\Windows\System\pnfdFFa.exe
  2⤵
  PID:9084
- C:\Windows\System\kzBZwni.exe
  C:\Windows\System\kzBZwni.exe
  2⤵
  PID:9140
- C:\Windows\System\WovnpFm.exe
  C:\Windows\System\WovnpFm.exe
  2⤵
  PID:9180
- C:\Windows\System\TqAlQgm.exe
  C:\Windows\System\TqAlQgm.exe
  2⤵
  PID:9200
- C:\Windows\System\PMriSom.exe
  C:\Windows\System\PMriSom.exe
  2⤵
  PID:8260
- C:\Windows\System\SKceLkR.exe
  C:\Windows\System\SKceLkR.exe
  2⤵
  PID:8280
- C:\Windows\System\ZYcGIbc.exe
  C:\Windows\System\ZYcGIbc.exe
  2⤵
  PID:8248
- C:\Windows\System\KcgdaPA.exe
  C:\Windows\System\KcgdaPA.exe
  2⤵
  PID:8412
- C:\Windows\System\kjvlArm.exe
  C:\Windows\System\kjvlArm.exe
  2⤵
  PID:8316
- C:\Windows\System\ovRnzbJ.exe
  C:\Windows\System\ovRnzbJ.exe
  2⤵
  PID:8516
- C:\Windows\System\SxXoVKi.exe
  C:\Windows\System\SxXoVKi.exe
  2⤵
  PID:8584
- C:\Windows\System\nueWxxN.exe
  C:\Windows\System\nueWxxN.exe
  2⤵
  PID:8660
- C:\Windows\System\hCzvrHR.exe
  C:\Windows\System\hCzvrHR.exe
  2⤵
  PID:8676
- C:\Windows\System\GGiCMiq.exe
  C:\Windows\System\GGiCMiq.exe
  2⤵
  PID:8748
- C:\Windows\System\jfkqFrJ.exe
  C:\Windows\System\jfkqFrJ.exe
  2⤵
  PID:8780
- C:\Windows\System\LSrwAtJ.exe
  C:\Windows\System\LSrwAtJ.exe
  2⤵
  PID:8832
- C:\Windows\System\mzQpPZx.exe
  C:\Windows\System\mzQpPZx.exe
  2⤵
  PID:8888
- C:\Windows\System\llQJjAO.exe
  C:\Windows\System\llQJjAO.exe
  2⤵
  PID:8960
- C:\Windows\System\fPJEFlR.exe
  C:\Windows\System\fPJEFlR.exe
  2⤵
  PID:9012
- C:\Windows\System\qZPOUVX.exe
  C:\Windows\System\qZPOUVX.exe
  2⤵
  PID:9108
- C:\Windows\System\lDtuyqA.exe
  C:\Windows\System\lDtuyqA.exe
  2⤵
  PID:9148
- C:\Windows\System\wAjCXVv.exe
  C:\Windows\System\wAjCXVv.exe
  2⤵
  PID:8268
- C:\Windows\System\QJPTFvE.exe
  C:\Windows\System\QJPTFvE.exe
  2⤵
  PID:8296
- C:\Windows\System\oZuKEve.exe
  C:\Windows\System\oZuKEve.exe
  2⤵
  PID:8388
- C:\Windows\System\miHAkTT.exe
  C:\Windows\System\miHAkTT.exe
  2⤵
  PID:8492
- C:\Windows\System\ECxkYCF.exe
  C:\Windows\System\ECxkYCF.exe
  2⤵
  PID:8564
- C:\Windows\System\dXxpeda.exe
  C:\Windows\System\dXxpeda.exe
  2⤵
  PID:8708
- C:\Windows\System\XnWrpAG.exe
  C:\Windows\System\XnWrpAG.exe
  2⤵
  PID:8828
- C:\Windows\System\dfUQvDX.exe
  C:\Windows\System\dfUQvDX.exe
  2⤵
  PID:9016
- C:\Windows\System\atYeDpU.exe
  C:\Windows\System\atYeDpU.exe
  2⤵
  PID:9104
- C:\Windows\System\IwDeXCm.exe
  C:\Windows\System\IwDeXCm.exe
  2⤵
  PID:8208
- C:\Windows\System\PUHuoyn.exe
  C:\Windows\System\PUHuoyn.exe
  2⤵
  PID:8376
- C:\Windows\System\luJrmpj.exe
  C:\Windows\System\luJrmpj.exe
  2⤵
  PID:8240
- C:\Windows\System\SOuvmbd.exe
  C:\Windows\System\SOuvmbd.exe
  2⤵
  PID:8680
- C:\Windows\System\llxsWUP.exe
  C:\Windows\System\llxsWUP.exe
  2⤵
  PID:9100
- C:\Windows\System\mKNXyYm.exe
  C:\Windows\System\mKNXyYm.exe
  2⤵
  PID:8580
- C:\Windows\System\vBqhBbP.exe
  C:\Windows\System\vBqhBbP.exe
  2⤵
  PID:8552
- C:\Windows\System\XzDYglM.exe
  C:\Windows\System\XzDYglM.exe
  2⤵
  PID:8160
- C:\Windows\System\OteunuT.exe
  C:\Windows\System\OteunuT.exe
  2⤵
  PID:8956
- C:\Windows\System\LYgyUDf.exe
  C:\Windows\System\LYgyUDf.exe
  2⤵
  PID:8848
- C:\Windows\System\AaGCjGL.exe
  C:\Windows\System\AaGCjGL.exe
  2⤵
  PID:8408
- C:\Windows\System\NPRbXtD.exe
  C:\Windows\System\NPRbXtD.exe
  2⤵
  PID:9228
- C:\Windows\System\EabxzEK.exe
  C:\Windows\System\EabxzEK.exe
  2⤵
  PID:9268
- C:\Windows\System\ClTwfMu.exe
  C:\Windows\System\ClTwfMu.exe
  2⤵
  PID:9296
- C:\Windows\System\EgNXzob.exe
  C:\Windows\System\EgNXzob.exe
  2⤵
  PID:9316
- C:\Windows\System\AaqsYMl.exe
  C:\Windows\System\AaqsYMl.exe
  2⤵
  PID:9336
- C:\Windows\System\pDlspGQ.exe
  C:\Windows\System\pDlspGQ.exe
  2⤵
  PID:9360
- C:\Windows\System\ZBKocja.exe
  C:\Windows\System\ZBKocja.exe
  2⤵
  PID:9388
- C:\Windows\System\yDeHbxm.exe
  C:\Windows\System\yDeHbxm.exe
  2⤵
  PID:9408
- C:\Windows\System\DlutEPz.exe
  C:\Windows\System\DlutEPz.exe
  2⤵
  PID:9432
- C:\Windows\System\kjpuEgQ.exe
  C:\Windows\System\kjpuEgQ.exe
  2⤵
  PID:9456
- C:\Windows\System\uRWWHTb.exe
  C:\Windows\System\uRWWHTb.exe
  2⤵
  PID:9488
- C:\Windows\System\xTFcIio.exe
  C:\Windows\System\xTFcIio.exe
  2⤵
  PID:9524
- C:\Windows\System\CCyYxiL.exe
  C:\Windows\System\CCyYxiL.exe
  2⤵
  PID:9548
- C:\Windows\System\pdXlAWq.exe
  C:\Windows\System\pdXlAWq.exe
  2⤵
  PID:9576
- C:\Windows\System\GnzRQcj.exe
  C:\Windows\System\GnzRQcj.exe
  2⤵
  PID:9604
- C:\Windows\System\XMevDkk.exe
  C:\Windows\System\XMevDkk.exe
  2⤵
  PID:9668
- C:\Windows\System\YglTiYU.exe
  C:\Windows\System\YglTiYU.exe
  2⤵
  PID:9692
- C:\Windows\System\QnhcMgc.exe
  C:\Windows\System\QnhcMgc.exe
  2⤵
  PID:9744
- C:\Windows\System\WSQwTje.exe
  C:\Windows\System\WSQwTje.exe
  2⤵
  PID:9836
- C:\Windows\System\VoSDktF.exe
  C:\Windows\System\VoSDktF.exe
  2⤵
  PID:9864
- C:\Windows\System\ONOEYDF.exe
  C:\Windows\System\ONOEYDF.exe
  2⤵
  PID:9884
- C:\Windows\System\gBfkbrB.exe
  C:\Windows\System\gBfkbrB.exe
  2⤵
  PID:9920
- C:\Windows\System\bIMyxrq.exe
  C:\Windows\System\bIMyxrq.exe
  2⤵
  PID:9956
- C:\Windows\System\xJeUZDI.exe
  C:\Windows\System\xJeUZDI.exe
  2⤵
  PID:9980
- C:\Windows\System\GZgjpYe.exe
  C:\Windows\System\GZgjpYe.exe
  2⤵
  PID:10000
- C:\Windows\System\tgPjHJh.exe
  C:\Windows\System\tgPjHJh.exe
  2⤵
  PID:10032
- C:\Windows\System\PUYByGL.exe
  C:\Windows\System\PUYByGL.exe
  2⤵
  PID:10080
- C:\Windows\System\yTrvBAd.exe
  C:\Windows\System\yTrvBAd.exe
  2⤵
  PID:10108
- C:\Windows\System\JmdRZAY.exe
  C:\Windows\System\JmdRZAY.exe
  2⤵
  PID:10144
- C:\Windows\System\hQJLOyB.exe
  C:\Windows\System\hQJLOyB.exe
  2⤵
  PID:10160
- C:\Windows\System\ZOPuipU.exe
  C:\Windows\System\ZOPuipU.exe
  2⤵
  PID:10220
- C:\Windows\System\ROkZQsA.exe
  C:\Windows\System\ROkZQsA.exe
  2⤵
  PID:9328
- C:\Windows\System\bOgMrjC.exe
  C:\Windows\System\bOgMrjC.exe
  2⤵
  PID:9452
- C:\Windows\System\IxXRpVu.exe
  C:\Windows\System\IxXRpVu.exe
  2⤵
  PID:9592
- C:\Windows\System\xaqjofs.exe
  C:\Windows\System\xaqjofs.exe
  2⤵
  PID:9540
- C:\Windows\System\sjtIUbY.exe
  C:\Windows\System\sjtIUbY.exe
  2⤵
  PID:9652
- C:\Windows\System\WScpacc.exe
  C:\Windows\System\WScpacc.exe
  2⤵
  PID:9756
- C:\Windows\System\vCsYPXP.exe
  C:\Windows\System\vCsYPXP.exe
  2⤵
  PID:9780
- C:\Windows\System\kqIhpkS.exe
  C:\Windows\System\kqIhpkS.exe
  2⤵
  PID:9812
- C:\Windows\System\ymthdMP.exe
  C:\Windows\System\ymthdMP.exe
  2⤵
  PID:9852
- C:\Windows\System\NkHRTpp.exe
  C:\Windows\System\NkHRTpp.exe
  2⤵
  PID:9900
- C:\Windows\System\QKVFfMz.exe
  C:\Windows\System\QKVFfMz.exe
  2⤵
  PID:9988
- C:\Windows\System\ThNLtnJ.exe
  C:\Windows\System\ThNLtnJ.exe
  2⤵
  PID:10172
- C:\Windows\System\vLppeTV.exe
  C:\Windows\System\vLppeTV.exe
  2⤵
  PID:3320
- C:\Windows\System\zMtXbKW.exe
  C:\Windows\System\zMtXbKW.exe
  2⤵
  PID:9072
- C:\Windows\System\HjdAlxp.exe
  C:\Windows\System\HjdAlxp.exe
  2⤵
  PID:9356
- C:\Windows\System\YZdAEFQ.exe
  C:\Windows\System\YZdAEFQ.exe
  2⤵
  PID:9444
- C:\Windows\System\ucFxKsg.exe
  C:\Windows\System\ucFxKsg.exe
  2⤵
  PID:9280
- C:\Windows\System\XsTlqdD.exe
  C:\Windows\System\XsTlqdD.exe
  2⤵
  PID:9588
- C:\Windows\System\qPusggG.exe
  C:\Windows\System\qPusggG.exe
  2⤵
  PID:9764
- C:\Windows\System\ifyKRQY.exe
  C:\Windows\System\ifyKRQY.exe
  2⤵
  PID:9464
- C:\Windows\System\lECbkPb.exe
  C:\Windows\System\lECbkPb.exe
  2⤵
  PID:9688
- C:\Windows\System\IIXmVcB.exe
  C:\Windows\System\IIXmVcB.exe
  2⤵
  PID:9908
- C:\Windows\System\AWGQQBd.exe
  C:\Windows\System\AWGQQBd.exe
  2⤵
  PID:10012
- C:\Windows\System\SEuUJCD.exe
  C:\Windows\System\SEuUJCD.exe
  2⤵
  PID:10088
- C:\Windows\System\qTKrUUI.exe
  C:\Windows\System\qTKrUUI.exe
  2⤵
  PID:10212
- C:\Windows\System\FXXCoTf.exe
  C:\Windows\System\FXXCoTf.exe
  2⤵
  PID:9520
- C:\Windows\System\iMoqzRl.exe
  C:\Windows\System\iMoqzRl.exe
  2⤵
  PID:9368
- C:\Windows\System\kErCQzP.exe
  C:\Windows\System\kErCQzP.exe
  2⤵
  PID:9468
- C:\Windows\System\FUowinW.exe
  C:\Windows\System\FUowinW.exe
  2⤵
  PID:9976
- C:\Windows\System\MmOtACS.exe
  C:\Windows\System\MmOtACS.exe
  2⤵
  PID:10180
- C:\Windows\System\uAgHXDC.exe
  C:\Windows\System\uAgHXDC.exe
  2⤵
  PID:10116
- C:\Windows\System\DBpBmWb.exe
  C:\Windows\System\DBpBmWb.exe
  2⤵
  PID:10216
- C:\Windows\System\VWLyAWF.exe
  C:\Windows\System\VWLyAWF.exe
  2⤵
  PID:2356
- C:\Windows\System\ayDDWqX.exe
  C:\Windows\System\ayDDWqX.exe
  2⤵
  PID:5060
- C:\Windows\System\azzeEho.exe
  C:\Windows\System\azzeEho.exe
  2⤵
  PID:10272
- C:\Windows\System\pPorwqU.exe
  C:\Windows\System\pPorwqU.exe
  2⤵
  PID:10292
- C:\Windows\System\zPQRajX.exe
  C:\Windows\System\zPQRajX.exe
  2⤵
  PID:10308
- C:\Windows\System\nGwAKYj.exe
  C:\Windows\System\nGwAKYj.exe
  2⤵
  PID:10348
- C:\Windows\System\EysVnXm.exe
  C:\Windows\System\EysVnXm.exe
  2⤵
  PID:10368
- C:\Windows\System\IbPZGls.exe
  C:\Windows\System\IbPZGls.exe
  2⤵
  PID:10396
- C:\Windows\System\gphNUcQ.exe
  C:\Windows\System\gphNUcQ.exe
  2⤵
  PID:10432
- C:\Windows\System\jaONVAz.exe
  C:\Windows\System\jaONVAz.exe
  2⤵
  PID:10464
- C:\Windows\System\nFnJQgJ.exe
  C:\Windows\System\nFnJQgJ.exe
  2⤵
  PID:10480
- C:\Windows\System\FWLtHrZ.exe
  C:\Windows\System\FWLtHrZ.exe
  2⤵
  PID:10504
- C:\Windows\System\eHACDBJ.exe
  C:\Windows\System\eHACDBJ.exe
  2⤵
  PID:10524
- C:\Windows\System\TmirTzG.exe
  C:\Windows\System\TmirTzG.exe
  2⤵
  PID:10544
- C:\Windows\System\dxaSGzJ.exe
  C:\Windows\System\dxaSGzJ.exe
  2⤵
  PID:10560
- C:\Windows\System\MbYYWKF.exe
  C:\Windows\System\MbYYWKF.exe
  2⤵
  PID:10620
- C:\Windows\System\jbcvBUC.exe
  C:\Windows\System\jbcvBUC.exe
  2⤵
  PID:10648
- C:\Windows\System\xaSsMUG.exe
  C:\Windows\System\xaSsMUG.exe
  2⤵
  PID:10664
- C:\Windows\System\wAqWqxw.exe
  C:\Windows\System\wAqWqxw.exe
  2⤵
  PID:10688
- C:\Windows\System\lJZfkmh.exe
  C:\Windows\System\lJZfkmh.exe
  2⤵
  PID:10704
- C:\Windows\System\OAMbitn.exe
  C:\Windows\System\OAMbitn.exe
  2⤵
  PID:10724
- C:\Windows\System\kxJYvLf.exe
  C:\Windows\System\kxJYvLf.exe
  2⤵
  PID:10752
- C:\Windows\System\rvhaQoL.exe
  C:\Windows\System\rvhaQoL.exe
  2⤵
  PID:10780
- C:\Windows\System\dWaAAGX.exe
  C:\Windows\System\dWaAAGX.exe
  2⤵
  PID:10812
- C:\Windows\System\kWtyyuh.exe
  C:\Windows\System\kWtyyuh.exe
  2⤵
  PID:10876
- C:\Windows\System\ZdejIIX.exe
  C:\Windows\System\ZdejIIX.exe
  2⤵
  PID:10900
- C:\Windows\System\kisQWSr.exe
  C:\Windows\System\kisQWSr.exe
  2⤵
  PID:10924
- C:\Windows\System\QOhnszI.exe
  C:\Windows\System\QOhnszI.exe
  2⤵
  PID:10960
- C:\Windows\System\vTwlSyX.exe
  C:\Windows\System\vTwlSyX.exe
  2⤵
  PID:10988
- C:\Windows\System\jIecsVp.exe
  C:\Windows\System\jIecsVp.exe
  2⤵
  PID:11008
- C:\Windows\System\pBrFsDy.exe
  C:\Windows\System\pBrFsDy.exe
  2⤵
  PID:11032
- C:\Windows\System\qCqjWNv.exe
  C:\Windows\System\qCqjWNv.exe
  2⤵
  PID:11048
- C:\Windows\System\hrFBuRU.exe
  C:\Windows\System\hrFBuRU.exe
  2⤵
  PID:11072
- C:\Windows\System\GSJzNZD.exe
  C:\Windows\System\GSJzNZD.exe
  2⤵
  PID:11104
- C:\Windows\System\acDOCBE.exe
  C:\Windows\System\acDOCBE.exe
  2⤵
  PID:11144
- C:\Windows\System\MzAaPFg.exe
  C:\Windows\System\MzAaPFg.exe
  2⤵
  PID:11168
- C:\Windows\System\lYgXQti.exe
  C:\Windows\System\lYgXQti.exe
  2⤵
  PID:11192
- C:\Windows\System\pDycACo.exe
  C:\Windows\System\pDycACo.exe
  2⤵
  PID:11212
- C:\Windows\System\QtqolBw.exe
  C:\Windows\System\QtqolBw.exe
  2⤵
  PID:11248
- C:\Windows\System\nyKpbJU.exe
  C:\Windows\System\nyKpbJU.exe
  2⤵
  PID:10264
- C:\Windows\System\RzeKJYo.exe
  C:\Windows\System\RzeKJYo.exe
  2⤵
  PID:10332
- C:\Windows\System\FXwaqqX.exe
  C:\Windows\System\FXwaqqX.exe
  2⤵
  PID:10392
- C:\Windows\System\FDmqTJL.exe
  C:\Windows\System\FDmqTJL.exe
  2⤵
  PID:10428
- C:\Windows\System\wGtttDv.exe
  C:\Windows\System\wGtttDv.exe
  2⤵
  PID:10532
- C:\Windows\System\qMfJAzD.exe
  C:\Windows\System\qMfJAzD.exe
  2⤵
  PID:10512
- C:\Windows\System\xDoAZEA.exe
  C:\Windows\System\xDoAZEA.exe
  2⤵
  PID:10608
- C:\Windows\System\rKqBJQm.exe
  C:\Windows\System\rKqBJQm.exe
  2⤵
  PID:10592
- C:\Windows\System\QgcMpXF.exe
  C:\Windows\System\QgcMpXF.exe
  2⤵
  PID:10640
- C:\Windows\System\iFfasaD.exe
  C:\Windows\System\iFfasaD.exe
  2⤵
  PID:10908
- C:\Windows\System\GDednDl.exe
  C:\Windows\System\GDednDl.exe
  2⤵
  PID:10952
- C:\Windows\System\WtUuKLX.exe
  C:\Windows\System\WtUuKLX.exe
  2⤵
  PID:11060
- C:\Windows\System\bLAmbeV.exe
  C:\Windows\System\bLAmbeV.exe
  2⤵
  PID:4104
- C:\Windows\System\jKZfsOk.exe
  C:\Windows\System\jKZfsOk.exe
  2⤵
  PID:11176
- C:\Windows\System\NODGVKU.exe
  C:\Windows\System\NODGVKU.exe
  2⤵
  PID:11160
- C:\Windows\System\uRbocLQ.exe
  C:\Windows\System\uRbocLQ.exe
  2⤵
  PID:11208
- C:\Windows\System\knFeUnk.exe
  C:\Windows\System\knFeUnk.exe
  2⤵
  PID:10244
- C:\Windows\System\DPewwDL.exe
  C:\Windows\System\DPewwDL.exe
  2⤵
  PID:10336
- C:\Windows\System\JoqDJOO.exe
  C:\Windows\System\JoqDJOO.exe
  2⤵
  PID:10424
- C:\Windows\System\iqPQMyC.exe
  C:\Windows\System\iqPQMyC.exe
  2⤵
  PID:10672
- C:\Windows\System\UaEnlVg.exe
  C:\Windows\System\UaEnlVg.exe
  2⤵
  PID:10700
- C:\Windows\System\hcJVkSc.exe
  C:\Windows\System\hcJVkSc.exe
  2⤵
  PID:10976
- C:\Windows\System\YoFpCna.exe
  C:\Windows\System\YoFpCna.exe
  2⤵
  PID:11164
- C:\Windows\System\HXMamMZ.exe
  C:\Windows\System\HXMamMZ.exe
  2⤵
  PID:1296
- C:\Windows\System\qJOsKJA.exe
  C:\Windows\System\qJOsKJA.exe
  2⤵
  PID:10288
- C:\Windows\System\tVYNymu.exe
  C:\Windows\System\tVYNymu.exe
  2⤵
  PID:3552
- C:\Windows\System\PyndUtU.exe
  C:\Windows\System\PyndUtU.exe
  2⤵
  PID:10696
- C:\Windows\System\DXILtrL.exe
  C:\Windows\System\DXILtrL.exe
  2⤵
  PID:10980
- C:\Windows\System\gCHSRHt.exe
  C:\Windows\System\gCHSRHt.exe
  2⤵
  PID:11204
- C:\Windows\System\UzpQscb.exe
  C:\Windows\System\UzpQscb.exe
  2⤵
  PID:11308
- C:\Windows\System\ZVKjYZM.exe
  C:\Windows\System\ZVKjYZM.exe
  2⤵
  PID:11352
- C:\Windows\System\DSxTESv.exe
  C:\Windows\System\DSxTESv.exe
  2⤵
  PID:11380
- C:\Windows\System\XzVBgsj.exe
  C:\Windows\System\XzVBgsj.exe
  2⤵
  PID:11404
- C:\Windows\System\tdIDGlk.exe
  C:\Windows\System\tdIDGlk.exe
  2⤵
  PID:11436
- C:\Windows\System\kHtYyrU.exe
  C:\Windows\System\kHtYyrU.exe
  2⤵
  PID:11460
- C:\Windows\System\VRanChA.exe
  C:\Windows\System\VRanChA.exe
  2⤵
  PID:11496
- C:\Windows\System\xTGDTsr.exe
  C:\Windows\System\xTGDTsr.exe
  2⤵
  PID:11516
- C:\Windows\System\nltCVib.exe
  C:\Windows\System\nltCVib.exe
  2⤵
  PID:11544
- C:\Windows\System\SArSXKq.exe
  C:\Windows\System\SArSXKq.exe
  2⤵
  PID:11572
- C:\Windows\System\JiMFbuA.exe
  C:\Windows\System\JiMFbuA.exe
  2⤵
  PID:11600
- C:\Windows\System\dBtSOwB.exe
  C:\Windows\System\dBtSOwB.exe
  2⤵
  PID:11632
- C:\Windows\System\mRucEsb.exe
  C:\Windows\System\mRucEsb.exe
  2⤵
  PID:11680
- C:\Windows\System\LBgyxMs.exe
  C:\Windows\System\LBgyxMs.exe
  2⤵
  PID:11696
- C:\Windows\System\ATEoQvb.exe
  C:\Windows\System\ATEoQvb.exe
  2⤵
  PID:11724
- C:\Windows\System\CTfAkLY.exe
  C:\Windows\System\CTfAkLY.exe
  2⤵
  PID:11768
- C:\Windows\System\oUtsQDZ.exe
  C:\Windows\System\oUtsQDZ.exe
  2⤵
  PID:11788
- C:\Windows\System\JcAsnEU.exe
  C:\Windows\System\JcAsnEU.exe
  2⤵
  PID:11824
- C:\Windows\System\eyEtUDO.exe
  C:\Windows\System\eyEtUDO.exe
  2⤵
  PID:11840
- C:\Windows\System\rShlPNy.exe
  C:\Windows\System\rShlPNy.exe
  2⤵
  PID:11860
- C:\Windows\System\bFnUlFH.exe
  C:\Windows\System\bFnUlFH.exe
  2⤵
  PID:11884
- C:\Windows\System\CpGZemQ.exe
  C:\Windows\System\CpGZemQ.exe
  2⤵
  PID:11936
- C:\Windows\System\qItoqEO.exe
  C:\Windows\System\qItoqEO.exe
  2⤵
  PID:11952
- C:\Windows\System\rtgDQuh.exe
  C:\Windows\System\rtgDQuh.exe
  2⤵
  PID:11988
- C:\Windows\System\FHjxHiC.exe
  C:\Windows\System\FHjxHiC.exe
  2⤵
  PID:12008
- C:\Windows\System\hFLqQmZ.exe
  C:\Windows\System\hFLqQmZ.exe
  2⤵
  PID:12032
- C:\Windows\System\juYVJLb.exe
  C:\Windows\System\juYVJLb.exe
  2⤵
  PID:12052
- C:\Windows\System\XBVQIgP.exe
  C:\Windows\System\XBVQIgP.exe
  2⤵
  PID:12076
- C:\Windows\System\RHKAxTx.exe
  C:\Windows\System\RHKAxTx.exe
  2⤵
  PID:12124
- C:\Windows\System\eCAIbWk.exe
  C:\Windows\System\eCAIbWk.exe
  2⤵
  PID:12148
- C:\Windows\System\SdoDYNU.exe
  C:\Windows\System\SdoDYNU.exe
  2⤵
  PID:12164
- C:\Windows\System\loVfdRX.exe
  C:\Windows\System\loVfdRX.exe
  2⤵
  PID:12188
- C:\Windows\System\eebwwuE.exe
  C:\Windows\System\eebwwuE.exe
  2⤵
  PID:12216
- C:\Windows\System\CokXDlm.exe
  C:\Windows\System\CokXDlm.exe
  2⤵
  PID:12232
- C:\Windows\System\aBWpJGi.exe
  C:\Windows\System\aBWpJGi.exe
  2⤵
  PID:12272
- C:\Windows\System\uwoJtel.exe
  C:\Windows\System\uwoJtel.exe
  2⤵
  PID:468
- C:\Windows\System\TrXOtBz.exe
  C:\Windows\System\TrXOtBz.exe
  2⤵
  PID:1432
- C:\Windows\System\jfEKkta.exe
  C:\Windows\System\jfEKkta.exe
  2⤵
  PID:11292
- C:\Windows\System\gTTyHlB.exe
  C:\Windows\System\gTTyHlB.exe
  2⤵
  PID:11340
- C:\Windows\System\zADxNyx.exe
  C:\Windows\System\zADxNyx.exe
  2⤵
  PID:11444
- C:\Windows\System\qhHwVRl.exe
  C:\Windows\System\qhHwVRl.exe
  2⤵
  PID:11476
- C:\Windows\System\GETUrnA.exe
  C:\Windows\System\GETUrnA.exe
  2⤵
  PID:11560
- C:\Windows\System\gqYornr.exe
  C:\Windows\System\gqYornr.exe
  2⤵
  PID:10936
- C:\Windows\System\SdrlkaY.exe
  C:\Windows\System\SdrlkaY.exe
  2⤵
  PID:11708
- C:\Windows\System\IcpCxwA.exe
  C:\Windows\System\IcpCxwA.exe
  2⤵
  PID:11776
- C:\Windows\System\vmkOgjX.exe
  C:\Windows\System\vmkOgjX.exe
  2⤵
  PID:11872
- C:\Windows\System\tqJwhfr.exe
  C:\Windows\System\tqJwhfr.exe
  2⤵
  PID:11908
- C:\Windows\System\ghEkxWm.exe
  C:\Windows\System\ghEkxWm.exe
  2⤵
  PID:12020
- C:\Windows\System\CMPxHbg.exe
  C:\Windows\System\CMPxHbg.exe
  2⤵
  PID:12000
- C:\Windows\System\yWSyBiW.exe
  C:\Windows\System\yWSyBiW.exe
  2⤵
  PID:12068
- C:\Windows\System\gsCOXQy.exe
  C:\Windows\System\gsCOXQy.exe
  2⤵
  PID:12144
- C:\Windows\System\elrDxsI.exe
  C:\Windows\System\elrDxsI.exe
  2⤵
  PID:12156
- C:\Windows\System\jtzrRCg.exe
  C:\Windows\System\jtzrRCg.exe
  2⤵
  PID:12280
- C:\Windows\System\OibNJrt.exe
  C:\Windows\System\OibNJrt.exe
  2⤵
  PID:10796
- C:\Windows\System\uvWeLUQ.exe
  C:\Windows\System\uvWeLUQ.exe
  2⤵
  PID:11376
- C:\Windows\System\ptiNVSu.exe
  C:\Windows\System\ptiNVSu.exe
  2⤵
  PID:4032
- C:\Windows\System\hVbQMEr.exe
  C:\Windows\System\hVbQMEr.exe
  2⤵
  PID:11732
- C:\Windows\System\TwYilAN.exe
  C:\Windows\System\TwYilAN.exe
  2⤵
  PID:11832
- C:\Windows\System\hOifhXw.exe
  C:\Windows\System\hOifhXw.exe
  2⤵
  PID:11976
- C:\Windows\System\FbfKiJk.exe
  C:\Windows\System\FbfKiJk.exe
  2⤵
  PID:12132
- C:\Windows\System\wmZUlyt.exe
  C:\Windows\System\wmZUlyt.exe
  2⤵
  PID:12140
- C:\Windows\System\meRkJXR.exe
  C:\Windows\System\meRkJXR.exe
  2⤵
  PID:11536
- C:\Windows\System\fukjoFg.exe
  C:\Windows\System\fukjoFg.exe
  2⤵
  PID:11820
- C:\Windows\System\hZxkQOW.exe
  C:\Windows\System\hZxkQOW.exe
  2⤵
  PID:12100
- C:\Windows\System\SvslgFM.exe
  C:\Windows\System\SvslgFM.exe
  2⤵
  PID:12224
- C:\Windows\System\DrYlUnD.exe
  C:\Windows\System\DrYlUnD.exe
  2⤵
  PID:11528
- C:\Windows\System\YbhToIF.exe
  C:\Windows\System\YbhToIF.exe
  2⤵
  PID:12300
- C:\Windows\System\WqLVzPR.exe
  C:\Windows\System\WqLVzPR.exe
  2⤵
  PID:12332
- C:\Windows\System\gwvFZhS.exe
  C:\Windows\System\gwvFZhS.exe
  2⤵
  PID:12348
- C:\Windows\System\PCREFyh.exe
  C:\Windows\System\PCREFyh.exe
  2⤵
  PID:12368
- C:\Windows\System\WxNBSCt.exe
  C:\Windows\System\WxNBSCt.exe
  2⤵
  PID:12424
- C:\Windows\System\SFLlCBy.exe
  C:\Windows\System\SFLlCBy.exe
  2⤵
  PID:12452
- C:\Windows\System\yycDCtZ.exe
  C:\Windows\System\yycDCtZ.exe
  2⤵
  PID:12480
- C:\Windows\System\dlUgcwe.exe
  C:\Windows\System\dlUgcwe.exe
  2⤵
  PID:12500
- C:\Windows\System\jcLNzUP.exe
  C:\Windows\System\jcLNzUP.exe
  2⤵
  PID:12520
- C:\Windows\System\uCKoXjL.exe
  C:\Windows\System\uCKoXjL.exe
  2⤵
  PID:12540
- C:\Windows\System\gWIUVYB.exe
  C:\Windows\System\gWIUVYB.exe
  2⤵
  PID:12612
- C:\Windows\System\CpVCFta.exe
  C:\Windows\System\CpVCFta.exe
  2⤵
  PID:12628
- C:\Windows\System\HSdVAZw.exe
  C:\Windows\System\HSdVAZw.exe
  2⤵
  PID:12664
- C:\Windows\System\kDQzzPI.exe
  C:\Windows\System\kDQzzPI.exe
  2⤵
  PID:12708
- C:\Windows\System\LszKITw.exe
  C:\Windows\System\LszKITw.exe
  2⤵
  PID:12732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SZ2TD4H5\home-993d2c38b2c1[1].css

Filesize
11KB

MD5
6328d6d9a6b00ce7f992230b97b17c1f

SHA1
88837b802bdde407e37e92641072ea2eeec95556

SHA256
c9d9b80794cebd7d97daf52f7f0ce0e31bcf7a6f65a6e07851c688d67f10dba8

SHA512
993d2c38b2c15499aebdb39c1f9c21d0501d4c2a5973caec65be9ddc3ddfd6e46d06449e7483daa4fa9afa17cb81ff27a391519a64629169eb15c52911aab2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mmfoggq0.gf1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DMWlwNc.exe

Filesize
1.7MB

MD5
e5256997d0995c553b4e13808b8c1320

SHA1
a0da3c3146659c31d27f76397d710fe5bb8dc3d4

SHA256
a8dc71991bb1ff82885c230fcacda0d14f1555ca88daf3b1d8149e09bcecba5d

SHA512
c7fbd0d67470458b74e496439f1742641933cc51f9b545d9768068353ac3fb265bdcd2d132edb4b58b7ff60841ad136d5d5e325978b7b8062bd891717271eea3

Download Submit
C:\Windows\System\EUwYZTr.exe

Filesize
1.7MB

MD5
a2e2f3720d92c9f48a68e9e01ed16ff7

SHA1
6a72a32741d494c20ab46069a97d9838e90e9c57

SHA256
13a4af1eb2eed5048ed68a82181c3964f4ccf4abcd94d26f66940ca2cf9a52b3

SHA512
6d0edd87d99972ea4e05ec88ffb8668fa4443967ffa2746a264009ce75b984f4fbfb2f9e86defe620973600cca9cb96cd69665a325b88ced775dc2f154257944

Download Submit
C:\Windows\System\FCLucjx.exe

Filesize
1.7MB

MD5
142cd1cea8b5df0f0f2f1e60e2940cd4

SHA1
ddcb42c516d9a1d045e9b09ca7ec98f18118671e

SHA256
6ad736404dfa2bfe57ccdf4fdd421121989440959e6d27ec7f74fd8f244a87b6

SHA512
c876ff87aa11934ee3a0039157d5c85bceb504ae91a26479b9c562fbcd518266b075fdd39c17ba5f71fefb29afec8ba9a5867e02d71755538209f40f4e37265f

Download Submit
C:\Windows\System\HYYcVtW.exe

Filesize
1.7MB

MD5
be496ba4e954e981759d5d3c2a4f5087

SHA1
ce65ff183d33d595c255b8aa36ab49eaaecc0c5c

SHA256
c217ef239c9ab85880a8312928f17793ff2f976b45bd023f4b92584c64cdcaa7

SHA512
e05b5afd1e8632899d72c9d8fb2bcb74d90e8e5b47b568b529c264b347cffeeca3aa86ddc3e2a27be8ce1ea0aaa554622abb91fba50daf65498bdc4cf8f5e37e

Download Submit
C:\Windows\System\IDqzBRU.exe

Filesize
1.7MB

MD5
ae7d1b3151d840feced5345231aa2973

SHA1
d740f32cd4efefb15ddf25b6d770c8ca85785d8c

SHA256
3615bc07cd02cbf0496598f711d2afd0e3ca5e252578fd8aa661e61d71bda17e

SHA512
5a74e50e755be55ded10c6a95cf41287be2c2ac92f98241022be07f2d3399292bd6e4be5c1a352aeaf8760b172d7bc7112c3a0c15a159770e350d41d80099401

Download Submit
C:\Windows\System\KyHEnKf.exe

Filesize
1.7MB

MD5
ad0aea343dc8d73d527192f4470854f7

SHA1
4b67c611595beab955b240a8b920519170f9c901

SHA256
1f1435004168cf3726f338189a5f6a5377a91ac0ebcc923f26e55f31fe48d904

SHA512
4fdd898311a9506c7b26df039f5e049b7382d27c67d482f3cdb37f02027f44d2c61506d4eadb2cacbc030c63269103793f55f922de2336eeb8db5bb493373dd4

Download Submit
C:\Windows\System\NpPfNVq.exe

Filesize
1.7MB

MD5
51b33fe4085ecfc35c81fac553bcf0a0

SHA1
f6c129b7d140a20abae9c3a7e4b896b9c63ebd48

SHA256
b32519c80f0dcc00a019f1c3fc9549ed63748175daab4807b815a93570382063

SHA512
16990da8d20580c07c217480570c9b49855367b8310ce72ccbc89f42c40e75d92baf8e42227a381b6ca4e43f0928793d25166087aadbbad33b92cc18a48caeb4

Download Submit
C:\Windows\System\PSAiKXx.exe

Filesize
1.7MB

MD5
5810e5346168d614d38376262b87a36d

SHA1
67efbe54ba06116493899613260d1b293d95b9ce

SHA256
b40eff014e38e2188a84c8cc176211ef2af9df2473860f48ed0b248b6d8a06ab

SHA512
842b5fd9739253835e1b9d2f9b68f9470329d173ef31a0f75bab5a81bb4d607fdad239071cceff83bd8881345173ae53da769b58cce65fc97818a28dd7886b35

Download Submit
C:\Windows\System\QVqTCON.exe

Filesize
1.7MB

MD5
ebc3e75491104188dd308da206246246

SHA1
56b305dc67e8447a58b5d4e8be6863e36335a6f1

SHA256
c5e2075ddb8e178b303dbd0addbd8ca9892b614d864643a09e7afd6f5b32ca98

SHA512
5087d9af1dcb9f49bbd023e07c1b04541b22b200c1e7ccf267a0f3a1c12ebccc914cdaa21e92af0643a99eace92443f85af09dbfca916c987996d7f64d0c5bf0

Download Submit
C:\Windows\System\RbKFCHf.exe

Filesize
1.7MB

MD5
3f0ea8a67b86ae16a7ebf527fb4fe33c

SHA1
fcd5c62f28db23f32f3994027e0170a66bd8d612

SHA256
39dc6fb8fa253de7c886c51d723563eb1670eee8a83c31d858fcb0407e4f3956

SHA512
031f2dd68eaef874fc43c38d5fb835edf6b7b2e9f7dfd22da8fb11ca2ea20db39dca650370db0d3bc5b60e25f7325ffca0ffa758a73fe6f556012cf7f09c3bfa

Download Submit
C:\Windows\System\RwZIsah.exe

Filesize
1.7MB

MD5
9d63789d62ff57c0a3b6776fdb4ed628

SHA1
487fd862a112bd6811cff811fba0263f4e52b041

SHA256
20c0a324ee54fd38b9b827fe1704bde1ec90139c24b72289779eb7ef90dcccce

SHA512
c0d74a76203f6680f8ef04787893cd09ae5af987dd5c5c64a515bb4e7feb54cd2a41ed102e92a0f4725201c678e75026b543f57330225f508ec76f2694348fd3

Download Submit
C:\Windows\System\TSwXicZ.exe

Filesize
1.7MB

MD5
7a2bddaf5a2d620582e7e7419fd02375

SHA1
6d8b59fefb4f355be28843b044a0cae35c4248c6

SHA256
e2308c9a396abe5ff4525a35cc35e43badd15e5c8db2a1ff4a4db4f518abdeec

SHA512
5bdfec8d5ff34fc069409107b471d5d92ef77d881441ff292d78d427b370ecdfca147ebf7f06841ec406ecf3bf9674fb8bb4323820640e51c8360f94c5c4b53b

Download Submit
C:\Windows\System\TfGICyk.exe

Filesize
1.7MB

MD5
317433bd26abeef08c177b45a17866a1

SHA1
ac04b39061f144b2a7a152960df04be3b5cd624c

SHA256
ce5f5e7bdff67e43c684dbaffc9c48546eafc6ef639dd08b5c4f2e03406ea5d4

SHA512
274687b7b3b4c4442db2981d776a348c1471b7110b478950902fbe6fe9b6a2bf737445c7eb6343d93019c066e6996d895279441388239295f1a8aae2d55cafee

Download Submit
C:\Windows\System\TizEWUo.exe

Filesize
1.7MB

MD5
6c0efc7c28e59231e0c82c6e9c1767df

SHA1
cd836004c89bd0171b59197caa235d5a36a4f3c3

SHA256
7290723ebca0e482ac5b6fdc03aa20d635defed9443372178b65523dab0f7ec7

SHA512
3582502107455307d0c01866ed7c93819c401171d57be8bfce1c081b1032bc47f407dd99cd64ca62fcdb68ef5c902b4da1931fefdbaac25a6a2e1dea7effb5e0

Download Submit
C:\Windows\System\VgjpTJc.exe

Filesize
1.7MB

MD5
c693c38a5fc3a58b4ecb2891e3f45941

SHA1
1b6e08ade0f5977514147b83ad533cbc74af649b

SHA256
87fe02add188945a53468f049ed2e01fe6e480faaa4e088b5520c2ff482d22c5

SHA512
3247e6ac2b333efc35907c3e7699a739f63edb795140a020aa6e880696329c9d9e7f1b564555b9cdd317cbb5f1c48110cbf68bdcbf5a24ddebd806beca5343ba

Download Submit
C:\Windows\System\VvrerUB.exe

Filesize
1.7MB

MD5
835aae0fcc058b597a686d34600bb3bf

SHA1
c63a93c5c030de435c4a289d32ba291da2b8da18

SHA256
6db2f4333f2b3f3194a671b799c8990dade82e51156d8e93ae90e7df2ed0f145

SHA512
5e663b03f5793430d534df0f002cdb518edbd1bcb7ce8ecf6a8b571132ab389aa15c31fa398baf0fe63ec4dfb1100e210edaac84249d36a241064427155a0bfd

Download Submit
C:\Windows\System\XvYOVat.exe

Filesize
1.7MB

MD5
6a96ba16dfb2cd57ce3410ee3f23bca9

SHA1
a593d894b7aef08db55d945922308427e217aa22

SHA256
f07f5451dbdb2997560b927137a8c95c24dcc1c7ee7db638ec643a0ea28d3066

SHA512
69a015d793521accd349c7878294cce799e532b9adbf6415661fa70d7bbfb9077bb77974bda934507eff4888a80d701e42473ab4178d64d7bce12ff2e14cbb2b

Download Submit
C:\Windows\System\bOBfPww.exe

Filesize
1.7MB

MD5
fd5c3b6c7da0b1b691ed99cbbb365640

SHA1
48a2c31855b3f4bc23e0eaf62b9e194d7d0be3aa

SHA256
c474c4b055b6659ed166ebbcd9e03df41f45ac7e0dfb3f02434a2eedc345ca1b

SHA512
cf1b1457a2708c920ecbfdec89fafcca81ae8637e587aec773433495c35e8f8be8f244f9e2cc6c0b744077ed53073d6d3bcd8a708a00456b7145a90eb5d5248e

Download Submit
C:\Windows\System\cQEqXey.exe

Filesize
1.7MB

MD5
9efad95560f8055bc16db9145c306c81

SHA1
84183a312e37e256e1baebeac4d8639be925cb25

SHA256
5fcac96e4cae4ea47b372071bb84ea5aa166d4414ec74319bcfea1ec4c28ad1e

SHA512
6e25e9cb583a24441b5593c202d9b38e9f9b8beeae1dfc66be95afaffe2f2f7e865695846f3aeba2e6a33c6fc3ee4ca4b3635bad3fce6bd28582cecb62449152

Download Submit
C:\Windows\System\ciurgsS.exe

Filesize
1.7MB

MD5
fe506736cdec670af25533171c0fb3ba

SHA1
bf2cff608abddc4eafaf91aee6b8f6fbd8638aef

SHA256
555b77525ad3c5f510229634e7214376a9a04ca3b030336e45d1395f2263ec68

SHA512
09fce84c3ef4f7b3c3eac45653b793cd3e8cbc656218058f8de755852e9a0f77eb9295bb019f3aab7b45c5b09f71a0f082383add1166bbc68badf62f3913f6e0

Download Submit
C:\Windows\System\fzGStMX.exe

Filesize
1.7MB

MD5
816fd815ee71b00f5559da68ce149508

SHA1
a91f6e746c614b1da344d423fc177c4876fc7843

SHA256
615f5554cd7ecf4646d0ab717f666ab5b2b8d1117e7b2c9ffa9783255963e16f

SHA512
60a70603fc983285f595bfbbe6481756619feac5ce3307b5ce7ebb1ca67886f53ae3a709a1b80783eeff7ee8d31ca925197a55d3b413df1a59dc78b22a2c90e8

Download Submit
C:\Windows\System\igjoDUi.exe

Filesize
1.7MB

MD5
2aea51ce1e7409d7d2da2540869840be

SHA1
658a6b123a5bc9534e75cbb2770cbb9f93839244

SHA256
5e1437b508e367a61e89558e5a0165cd3a1f082fb6960827502ae94e3d663d60

SHA512
c5ad51ed7807b08a7d51070cf2d585c65f26853c64973825da08bc4171f22bb9ffb8dc53b0f53d82c58cd4013d841c8d52bf163fa26669dfc5a0040499756a4e

Download Submit
C:\Windows\System\ixrNhKE.exe

Filesize
1.7MB

MD5
0932e4efa78b0869ef74a8f964188865

SHA1
90040b885cb096bb5d7fe586fbd715b3e559fdf9

SHA256
f180895e9a2ea992effb88e92193f3215c05695720086f612d49ad948f77145c

SHA512
6210eabc3e9ceac4633107e1d367f5ee65ea4a596aab154a69067a510d0f892c63d46572a060c35db7073e400d6d42182c98a37b8ce2a0eceb127021c865cfff

Download Submit
C:\Windows\System\moQSAss.exe

Filesize
1.7MB

MD5
b5be64ebb79487201f09e7760360c3c3

SHA1
d21d42fa3ccdb8b50e29f23599f2b60906cc56b8

SHA256
564c59075bf147f91392e0e298829ce057ee16b1863609d721b0cf9d48597194

SHA512
a834b9e160a586119ee9ba0adb71aef98c6b105b87ad6fc121a4533fc1a9761dcfe1f319ba65689146c09b20e0dc3b6fdea4125161ffb15834b40273ed58342f

Download Submit
C:\Windows\System\nrBKEZm.exe

Filesize
1.7MB

MD5
09c9b99caffa40791680e1780fd0c21d

SHA1
b89b6b0c65e6e3b0e7b58f5ee28dfe688065a2dc

SHA256
e99bfe59693a5ea9823ace1f9c906dc2c7707ddcf02727e4df9f37e4090187d7

SHA512
4e2afcf3fb13c0561d14442356ca5f3b483274368424da549335c446b07d28eabfca124f0e5bda0f510e163497f140e4c91ec2b4079fab05297572898b377a6d

Download Submit
C:\Windows\System\oCUvECE.exe

Filesize
1.7MB

MD5
cf7535a1f9bc86509f8dc4d05fa37466

SHA1
ca7486bf9a8b627a4792dfe6ec9c0464b1c49340

SHA256
fddc65340cbdc145c91b5dc35b425f3bece52e3a49e36395ec805aa7097e8c03

SHA512
7a384d4f41827921d2f282059cb815c36805f5271a9c5bad2014ec67ad492eb4e10ceaac2af1a62ee3697ae83eb7bff70a6e10a7cf1d1e220098bca5f75faf8e

Download Submit
C:\Windows\System\qLzXNDf.exe

Filesize
1.7MB

MD5
6aa9592f59668810102f6adb0b20c393

SHA1
453bb2a7c7fd0c5a7547103debe941a106c38572

SHA256
d7724a96f548dbeb6d38cc04a754d587932e2186d319356872c791066cc0182b

SHA512
7244011b894588bb5ab6de7e67c3238a7b45fe4098b60730deb3d5ffc8a98268e9bd5192cd8f89f482c9a546aa3809b2d29ac043c38064b1c4e8dafda5db482f

Download Submit
C:\Windows\System\qPCvEUe.exe

Filesize
1.7MB

MD5
b981d7efcd880bc7aae8f103a97a181f

SHA1
6f04b0664b486ddc13b7bef6be9cc0a9731df0df

SHA256
7b106174768e109dac8c3c2482b1e534267c8a8a430f80b72a27540b7f9d6e90

SHA512
eae66882cf5d5523b471bf7a3c5ea6b9dbcc01c3f42e7ce08a097bab5289dffeeb5d582c2bcdbc594262b49a10d17f6ccd15098c4b480fce1b5c05dfb9bc15a9

Download Submit
C:\Windows\System\rOnjkIE.exe

Filesize
1.7MB

MD5
282889eb14d66771e420cf3a7d186257

SHA1
28450124270d4b6bcf33b848dfbd0bcafe67bd02

SHA256
8a0fa7365c1a89e9e91c03a12c49864085297e7fc4f51b61606d9841902d8f1e

SHA512
0aa497d5c558b7d60a8e5d5d1bcf8cc80c637ddd07c98f3f11011f00c5b872c076b0dd44b76742c9533f117259aa9f4a8963c9d80d0f461672e8d736b7a1208e

Download Submit
C:\Windows\System\sgiKkZj.exe

Filesize
1.7MB

MD5
d293f3a851eab955cbf2667edc6f5548

SHA1
a43dc8c4a36ab8426033a6911c0bc16dd06a6e5c

SHA256
663cb65567041391ca7f8add20516a81770e204e9673ea43d9e398a4d0294d82

SHA512
9bca13689bf7af662a33f6aba8e7940f5809f912f4e51844c24def8ec964452b0de7a48e944ed35d56c0e633dc86cbf79f23f17292e79d103a528356445a024d

Download Submit
C:\Windows\System\vJpentG.exe

Filesize
1.7MB

MD5
17e561934c2f5fc40600bb30b1c44043

SHA1
b016bd693a819e05bd4486730399f8e9d5b072eb

SHA256
8f891ae5acd0bfd36a7f95cd13e2215a05daeb7046b2911bacf860df43ab5ecd

SHA512
b549a3abfdd89757f752ec95f75f3a7c40ca06549137fceb68675aa59a56b6a5257c65f13b435f1b5d2779e2671bf71642fcf81b0342bfa325d8f2c1f41a068a

Download Submit
C:\Windows\System\wzVPYwn.exe

Filesize
1.7MB

MD5
0c6f9687cced2231ebda680674ca14da

SHA1
c02d2e76805b6d70b8a66f4b5c49b3f699d260ff

SHA256
05d14faea3ee5fecd2e8609c440428fa44cab217a026a4007a0a6650935dae16

SHA512
6a69280c73797bd15304334c73b2f5e3ed5d72486f34c733fc083145470438e9231ccc908d39443e87c29956c2fb7dd34aae9170e82db911de144e67b92c93f0

Download Submit
C:\Windows\System\yNdcfsu.exe

Filesize
1.7MB

MD5
4c183451c9e33f705a9a488958829470

SHA1
b78c084e087986f4eac38b0219fcc13240112a14

SHA256
4c64f35188a172368adb6bdf79237c50e09a51a80fa503d8a175fa4ab12f25e3

SHA512
9141ade02e38fc6d79a48e68d8af6de8ee5b693b1f7949a3681357bff2c7b169b49e8164307ea04b2797f501a586ec7a1ccd61248061d70936d276397ecffc90

Download Submit
memory/516-2524-0x00007FF7CCDA0000-0x00007FF7CD192000-memory.dmp

Filesize
3.9MB

Download
memory/516-460-0x00007FF7CCDA0000-0x00007FF7CD192000-memory.dmp

Filesize
3.9MB

Download
memory/536-2487-0x00007FF7729D0000-0x00007FF772DC2000-memory.dmp

Filesize
3.9MB

Download
memory/536-425-0x00007FF7729D0000-0x00007FF772DC2000-memory.dmp

Filesize
3.9MB

Download
memory/1268-449-0x00007FF66A4F0000-0x00007FF66A8E2000-memory.dmp

Filesize
3.9MB

Download
memory/1268-2531-0x00007FF66A4F0000-0x00007FF66A8E2000-memory.dmp

Filesize
3.9MB

Download
memory/1460-2518-0x00007FF6DF2C0000-0x00007FF6DF6B2000-memory.dmp

Filesize
3.9MB

Download
memory/1460-472-0x00007FF6DF2C0000-0x00007FF6DF6B2000-memory.dmp

Filesize
3.9MB

Download
memory/1848-444-0x00007FF647D10000-0x00007FF648102000-memory.dmp

Filesize
3.9MB

Download
memory/1848-2505-0x00007FF647D10000-0x00007FF648102000-memory.dmp

Filesize
3.9MB

Download
memory/2148-2482-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp

Filesize
3.9MB

Download
memory/2148-35-0x00007FF7BF180000-0x00007FF7BF572000-memory.dmp

Filesize
3.9MB

Download
memory/2284-483-0x00007FF76CF70000-0x00007FF76D362000-memory.dmp

Filesize
3.9MB

Download
memory/2284-2516-0x00007FF76CF70000-0x00007FF76D362000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2456-0x00007FF6140A0000-0x00007FF614492000-memory.dmp

Filesize
3.9MB

Download
memory/2368-53-0x00007FF6140A0000-0x00007FF614492000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2497-0x00007FF6140A0000-0x00007FF614492000-memory.dmp

Filesize
3.9MB

Download
memory/2488-431-0x00007FF6E0FB0000-0x00007FF6E13A2000-memory.dmp

Filesize
3.9MB

Download
memory/2488-2501-0x00007FF6E0FB0000-0x00007FF6E13A2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-2537-0x00007FF6F2B20000-0x00007FF6F2F12000-memory.dmp

Filesize
3.9MB

Download
memory/2884-512-0x00007FF6F2B20000-0x00007FF6F2F12000-memory.dmp

Filesize
3.9MB

Download
memory/3124-439-0x00007FF7B55C0000-0x00007FF7B59B2000-memory.dmp

Filesize
3.9MB

Download
memory/3124-2503-0x00007FF7B55C0000-0x00007FF7B59B2000-memory.dmp

Filesize
3.9MB

Download
memory/3184-36-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3184-2480-0x00007FF66E700000-0x00007FF66EAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3400-550-0x00007FF6AAE40000-0x00007FF6AB232000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2494-0x00007FF6AAE40000-0x00007FF6AB232000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2522-0x00007FF6A2DA0000-0x00007FF6A3192000-memory.dmp

Filesize
3.9MB

Download
memory/3656-464-0x00007FF6A2DA0000-0x00007FF6A3192000-memory.dmp

Filesize
3.9MB

Download
memory/3752-43-0x00007FF771030000-0x00007FF771422000-memory.dmp

Filesize
3.9MB

Download
memory/3752-2485-0x00007FF771030000-0x00007FF771422000-memory.dmp

Filesize
3.9MB

Download
memory/3992-465-0x00007FF697D20000-0x00007FF698112000-memory.dmp

Filesize
3.9MB

Download
memory/3992-2520-0x00007FF697D20000-0x00007FF698112000-memory.dmp

Filesize
3.9MB

Download
memory/4000-410-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4000-2490-0x00007FF7967C0000-0x00007FF796BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2492-0x00007FF67FFC0000-0x00007FF6803B2000-memory.dmp

Filesize
3.9MB

Download
memory/4316-562-0x00007FF67FFC0000-0x00007FF6803B2000-memory.dmp

Filesize
3.9MB

Download
memory/4340-516-0x00007FF77D610000-0x00007FF77DA02000-memory.dmp

Filesize
3.9MB

Download
memory/4340-2514-0x00007FF77D610000-0x00007FF77DA02000-memory.dmp

Filesize
3.9MB

Download
memory/4360-440-0x00007FF6E94A0000-0x00007FF6E9892000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2506-0x00007FF6E94A0000-0x00007FF6E9892000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2477-0x00007FFA16B80000-0x00007FFA17641000-memory.dmp

Filesize
10.8MB

Download
memory/4380-31-0x00007FFA16B80000-0x00007FFA17641000-memory.dmp

Filesize
10.8MB

Download
memory/4380-2455-0x00007FFA16B80000-0x00007FFA17641000-memory.dmp

Filesize
10.8MB

Download
memory/4380-2457-0x00007FFA16B83000-0x00007FFA16B85000-memory.dmp

Filesize
8KB

Download
memory/4380-339-0x0000026A65E60000-0x0000026A66606000-memory.dmp

Filesize
7.6MB

Download
memory/4380-539-0x00007FFA16B80000-0x00007FFA17641000-memory.dmp

Filesize
10.8MB

Download
memory/4380-5-0x00007FFA16B83000-0x00007FFA16B85000-memory.dmp

Filesize
8KB

Download
memory/4380-32-0x0000026A4B120000-0x0000026A4B142000-memory.dmp

Filesize
136KB

Download
memory/4680-416-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2488-0x00007FF78BD80000-0x00007FF78C172000-memory.dmp

Filesize
3.9MB

Download
memory/4712-2512-0x00007FF6A6F80000-0x00007FF6A7372000-memory.dmp

Filesize
3.9MB

Download
memory/4712-487-0x00007FF6A6F80000-0x00007FF6A7372000-memory.dmp

Filesize
3.9MB

Download
memory/4728-503-0x00007FF7AF290000-0x00007FF7AF682000-memory.dmp

Filesize
3.9MB

Download
memory/4728-2510-0x00007FF7AF290000-0x00007FF7AF682000-memory.dmp

Filesize
3.9MB

Download
memory/4932-561-0x00007FF68F9D0000-0x00007FF68FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2498-0x00007FF68F9D0000-0x00007FF68FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-1-0x000001F996F70000-0x000001F996F80000-memory.dmp

Filesize
64KB

Download
memory/4948-0-0x00007FF6ACDB0000-0x00007FF6AD1A2000-memory.dmp

Filesize
3.9MB

Download