xmrig | a957c302b82876a6c2337c6e2a227767c3d84f50d9309ebb3f748d70ad1c2b6f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
Size

1.5MB
MD5

34438f512883f426da25337a09dfa26d
SHA1

2512420053d07ecce9b37ceb5eebc1e8bf3100d7
SHA256

a957c302b82876a6c2337c6e2a227767c3d84f50d9309ebb3f748d70ad1c2b6f
SHA512

858e03a1a249108c2e8096a44e0c70ce946e6d9d779a266010491fe435f8ac3af8bd98b10420a62bc173e68635d90834035f270e3a4ea6af4f4957c7bd9603bb
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYKpGncHBN/VPwmvcBH:Lz071uv4BPMkibTIA5CJv6

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/4948-59-0x00007FF7FB530000-0x00007FF7FB922000-memory.dmp	xmrig
behavioral2/memory/1016-62-0x00007FF65D4F0000-0x00007FF65D8E2000-memory.dmp	xmrig
behavioral2/memory/3204-61-0x00007FF7B01B0000-0x00007FF7B05A2000-memory.dmp	xmrig
behavioral2/memory/4584-60-0x00007FF7B0C10000-0x00007FF7B1002000-memory.dmp	xmrig
behavioral2/memory/2060-45-0x00007FF6B55E0000-0x00007FF6B59D2000-memory.dmp	xmrig
behavioral2/memory/1928-112-0x00007FF73A660000-0x00007FF73AA52000-memory.dmp	xmrig
behavioral2/memory/4688-138-0x00007FF6D9C90000-0x00007FF6DA082000-memory.dmp	xmrig
behavioral2/memory/3440-134-0x00007FF746340000-0x00007FF746732000-memory.dmp	xmrig
behavioral2/memory/3684-126-0x00007FF6B2A40000-0x00007FF6B2E32000-memory.dmp	xmrig
behavioral2/memory/2920-93-0x00007FF7A83C0000-0x00007FF7A87B2000-memory.dmp	xmrig
behavioral2/memory/3512-179-0x00007FF682A80000-0x00007FF682E72000-memory.dmp	xmrig
behavioral2/memory/3928-174-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp	xmrig
behavioral2/memory/4296-1123-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp	xmrig
behavioral2/memory/2376-1124-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp	xmrig
behavioral2/memory/4848-1125-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp	xmrig
behavioral2/memory/4884-1144-0x00007FF70F160000-0x00007FF70F552000-memory.dmp	xmrig
behavioral2/memory/2072-1142-0x00007FF759A90000-0x00007FF759E82000-memory.dmp	xmrig
behavioral2/memory/3700-2575-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp	xmrig
behavioral2/memory/2664-2576-0x00007FF713040000-0x00007FF713432000-memory.dmp	xmrig
behavioral2/memory/3772-2589-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp	xmrig
behavioral2/memory/368-2596-0x00007FF745970000-0x00007FF745D62000-memory.dmp	xmrig
behavioral2/memory/3928-2599-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp	xmrig
behavioral2/memory/2376-2601-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp	xmrig
behavioral2/memory/2060-2606-0x00007FF6B55E0000-0x00007FF6B59D2000-memory.dmp	xmrig
behavioral2/memory/4584-2609-0x00007FF7B0C10000-0x00007FF7B1002000-memory.dmp	xmrig
behavioral2/memory/4848-2608-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp	xmrig
behavioral2/memory/4948-2604-0x00007FF7FB530000-0x00007FF7FB922000-memory.dmp	xmrig
behavioral2/memory/1016-2614-0x00007FF65D4F0000-0x00007FF65D8E2000-memory.dmp	xmrig
behavioral2/memory/3204-2617-0x00007FF7B01B0000-0x00007FF7B05A2000-memory.dmp	xmrig
behavioral2/memory/2072-2616-0x00007FF759A90000-0x00007FF759E82000-memory.dmp	xmrig
behavioral2/memory/4884-2612-0x00007FF70F160000-0x00007FF70F552000-memory.dmp	xmrig
behavioral2/memory/456-2631-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp	xmrig
behavioral2/memory/4296-2653-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp	xmrig
behavioral2/memory/2920-2669-0x00007FF7A83C0000-0x00007FF7A87B2000-memory.dmp	xmrig
behavioral2/memory/1928-2671-0x00007FF73A660000-0x00007FF73AA52000-memory.dmp	xmrig
behavioral2/memory/3684-2674-0x00007FF6B2A40000-0x00007FF6B2E32000-memory.dmp	xmrig
behavioral2/memory/2564-2680-0x00007FF6138A0000-0x00007FF613C92000-memory.dmp	xmrig
behavioral2/memory/3440-2685-0x00007FF746340000-0x00007FF746732000-memory.dmp	xmrig
behavioral2/memory/3700-2684-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp	xmrig
behavioral2/memory/2096-2676-0x00007FF739860000-0x00007FF739C52000-memory.dmp	xmrig
behavioral2/memory/1488-2682-0x00007FF772F10000-0x00007FF773302000-memory.dmp	xmrig
behavioral2/memory/4688-2678-0x00007FF6D9C90000-0x00007FF6DA082000-memory.dmp	xmrig
behavioral2/memory/2664-2704-0x00007FF713040000-0x00007FF713432000-memory.dmp	xmrig
behavioral2/memory/3772-2705-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp	xmrig
behavioral2/memory/368-2709-0x00007FF745970000-0x00007FF745D62000-memory.dmp	xmrig
behavioral2/memory/3512-2711-0x00007FF682A80000-0x00007FF682E72000-memory.dmp	xmrig
behavioral2/memory/456-2708-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
6	1056	powershell.exe
8	1056	powershell.exe
23	1056	powershell.exe
24	1056	powershell.exe
25	1056	powershell.exe
27	1056	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1056	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3928	jTatjWz.exe
2376	aSZyCVm.exe
4848	msfJfub.exe
2060	hLWDhrO.exe
4948	vIXrSav.exe
4584	GRHOLrO.exe
3204	wBlrtEu.exe
2072	BJoJOpc.exe
1016	hwbOwxs.exe
4884	VhNPJii.exe
2920	TxNqUcM.exe
2096	FmNqNGc.exe
1488	TyriujR.exe
1928	utZWiOl.exe
3684	iyMIUrv.exe
3440	TGSTnhC.exe
2564	WtoGfBm.exe
4688	uzGzbHW.exe
3700	KBqqjyo.exe
2664	Jfnwyhw.exe
3772	ZSPiMGB.exe
368	nKzVZkK.exe
456	YKMLQiw.exe
3512	rYyXlQI.exe
4180	HMDoksu.exe
2724	DYoHKvs.exe
3720	HiHQlIV.exe
3692	tAwvUYA.exe
220	krrzCqc.exe
208	aIvmCql.exe
388	lWZgmBd.exe
4124	TRTAzMC.exe
3912	sXlkKkH.exe
2208	ybWNOKt.exe
4580	pnHYdCY.exe
2268	MmGoZtE.exe
2520	XMNNtEy.exe
2760	QCivgcH.exe
1936	FOsMHfl.exe
740	BNmwOyb.exe
3708	MRGuhhb.exe
1308	xntnBoz.exe
4028	DsMyXzm.exe
1528	IhmShgz.exe
2700	xXSFden.exe
1340	zlirhbB.exe
4452	skVRWbF.exe
2080	EwCLLDt.exe
4256	XTLsJgv.exe
3836	sRgFojL.exe
224	NRBWsqZ.exe
3736	oirdhAM.exe
3244	fAjgcFK.exe
628	gBmkUGs.exe
4300	YhtAHVv.exe
3188	hqwAfxY.exe
4736	dsdRVJL.exe
2804	rFQXZKE.exe
2104	nemjdrJ.exe
4924	KXYjJbM.exe
2856	tZASagF.exe
5076	vMhpBvn.exe
4912	mHWXOSl.exe
4872	eNEBIXc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4296-0-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp	upx
behavioral2/files/0x000900000002347e-5.dat	upx
behavioral2/files/0x0007000000023490-23.dat	upx
behavioral2/files/0x000700000002348d-24.dat	upx
behavioral2/files/0x0007000000023491-28.dat	upx
behavioral2/files/0x0007000000023493-42.dat	upx
behavioral2/files/0x0007000000023494-46.dat	upx
behavioral2/files/0x0007000000023492-50.dat	upx
behavioral2/memory/2072-56-0x00007FF759A90000-0x00007FF759E82000-memory.dmp	upx
behavioral2/memory/4948-59-0x00007FF7FB530000-0x00007FF7FB922000-memory.dmp	upx
behavioral2/files/0x0007000000023495-63.dat	upx
behavioral2/memory/1016-62-0x00007FF65D4F0000-0x00007FF65D8E2000-memory.dmp	upx
behavioral2/memory/3204-61-0x00007FF7B01B0000-0x00007FF7B05A2000-memory.dmp	upx
behavioral2/memory/4584-60-0x00007FF7B0C10000-0x00007FF7B1002000-memory.dmp	upx
behavioral2/memory/4884-57-0x00007FF70F160000-0x00007FF70F552000-memory.dmp	upx
behavioral2/memory/2060-45-0x00007FF6B55E0000-0x00007FF6B59D2000-memory.dmp	upx
behavioral2/memory/4848-37-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp	upx
behavioral2/files/0x000700000002348f-32.dat	upx
behavioral2/files/0x000700000002348e-26.dat	upx
behavioral2/memory/2376-25-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp	upx
behavioral2/memory/3928-17-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp	upx
behavioral2/files/0x0009000000023486-88.dat	upx
behavioral2/files/0x0007000000023496-82.dat	upx
behavioral2/files/0x0008000000023498-89.dat	upx
behavioral2/files/0x000700000002349c-109.dat	upx
behavioral2/memory/1928-112-0x00007FF73A660000-0x00007FF73AA52000-memory.dmp	upx
behavioral2/files/0x000700000002349b-120.dat	upx
behavioral2/files/0x00070000000234a0-135.dat	upx
behavioral2/memory/2664-140-0x00007FF713040000-0x00007FF713432000-memory.dmp	upx
behavioral2/memory/368-142-0x00007FF745970000-0x00007FF745D62000-memory.dmp	upx
behavioral2/memory/3772-141-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp	upx
behavioral2/files/0x00070000000234a1-139.dat	upx
behavioral2/memory/4688-138-0x00007FF6D9C90000-0x00007FF6DA082000-memory.dmp	upx
behavioral2/memory/3440-134-0x00007FF746340000-0x00007FF746732000-memory.dmp	upx
behavioral2/files/0x000700000002349e-132.dat	upx
behavioral2/files/0x000700000002349d-130.dat	upx
behavioral2/memory/3684-126-0x00007FF6B2A40000-0x00007FF6B2E32000-memory.dmp	upx
behavioral2/files/0x000700000002349f-127.dat	upx
behavioral2/memory/3700-119-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp	upx
behavioral2/memory/2564-118-0x00007FF6138A0000-0x00007FF613C92000-memory.dmp	upx
behavioral2/memory/1488-104-0x00007FF772F10000-0x00007FF773302000-memory.dmp	upx
behavioral2/memory/2096-103-0x00007FF739860000-0x00007FF739C52000-memory.dmp	upx
behavioral2/files/0x000700000002349a-101.dat	upx
behavioral2/memory/2920-93-0x00007FF7A83C0000-0x00007FF7A87B2000-memory.dmp	upx
behavioral2/files/0x0007000000023499-91.dat	upx
behavioral2/files/0x00070000000234a2-152.dat	upx
behavioral2/files/0x00070000000234a3-154.dat	upx
behavioral2/files/0x00070000000234a5-164.dat	upx
behavioral2/files/0x00070000000234a7-173.dat	upx
behavioral2/files/0x00070000000234a8-185.dat	upx
behavioral2/memory/3512-179-0x00007FF682A80000-0x00007FF682E72000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-176.dat	upx
behavioral2/memory/3928-174-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-168.dat	upx
behavioral2/memory/456-153-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp	upx
behavioral2/files/0x00070000000234a9-190.dat	upx
behavioral2/files/0x00070000000234aa-194.dat	upx
behavioral2/files/0x00070000000234ab-199.dat	upx
behavioral2/memory/4296-1123-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp	upx
behavioral2/memory/2376-1124-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp	upx
behavioral2/memory/4848-1125-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp	upx
behavioral2/memory/4884-1144-0x00007FF70F160000-0x00007FF70F552000-memory.dmp	upx
behavioral2/memory/2072-1142-0x00007FF759A90000-0x00007FF759E82000-memory.dmp	upx
behavioral2/memory/3700-2575-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
6	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Jfnwyhw.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\GIQYIcK.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\REEjdCW.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\lWZgmBd.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\ZcaiPHO.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\ydXFLJO.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\DModhIZ.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\PUOhPSk.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\haEglTm.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\xpztQHJ.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\WIKyXXw.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\Bcuwzks.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\TKLtXck.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\xKsNaXj.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\VyrXbbu.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\pjkONRn.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\KrIFuTy.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\OCYbbwr.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\IbhYgee.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\KZvVHPV.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\vyDYxYv.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\caEdcES.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\uXHNgkX.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\mWkPkYn.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\tSAUHXE.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\FsnwQKF.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\qfMbACe.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\qyGZXwO.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\HgPrBUR.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\TrhHren.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\dHSAnJb.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\MTsybtc.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\YolNgpU.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\eggcSaW.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\VuZMtVI.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\xXSFden.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\dTMeznR.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\ZAXZTeE.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\KqnpbZr.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\JXITZOj.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\aOFqgya.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\JpumhXC.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\TFfhYjQ.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\DYvXqAd.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\CwMZhiI.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\KeqTgjR.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\nxHHtOD.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\OaZajYr.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\PKzvuDa.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\BsISYWH.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\OLolUzs.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\rFQXZKE.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\btOzNdu.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\nXhskRp.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\VwTkrIC.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\yOqYaDE.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\xhfvXSq.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\rHZhqwi.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\yaluapm.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\kKYyVvg.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\MleMfJt.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\ZHjzmtL.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\fHXhgRP.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
File created	C:\Windows\System\TCJgZNo.exe	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1056	powershell.exe
1056	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1056	powershell.exe
Token: SeLockMemoryPrivilege	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
13412	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 1056	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	84
PID 4296 wrote to memory of 1056	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	84
PID 4296 wrote to memory of 3928	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	85
PID 4296 wrote to memory of 3928	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	85
PID 4296 wrote to memory of 2376	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	86
PID 4296 wrote to memory of 2376	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	86
PID 4296 wrote to memory of 4848	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	87
PID 4296 wrote to memory of 4848	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	87
PID 4296 wrote to memory of 2060	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	88
PID 4296 wrote to memory of 2060	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	88
PID 4296 wrote to memory of 4948	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	89
PID 4296 wrote to memory of 4948	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	89
PID 4296 wrote to memory of 4584	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	90
PID 4296 wrote to memory of 4584	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	90
PID 4296 wrote to memory of 3204	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	91
PID 4296 wrote to memory of 3204	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	91
PID 4296 wrote to memory of 2072	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	92
PID 4296 wrote to memory of 2072	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	92
PID 4296 wrote to memory of 1016	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	93
PID 4296 wrote to memory of 1016	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	93
PID 4296 wrote to memory of 4884	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	94
PID 4296 wrote to memory of 4884	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	94
PID 4296 wrote to memory of 2920	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	95
PID 4296 wrote to memory of 2920	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	95
PID 4296 wrote to memory of 2096	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	96
PID 4296 wrote to memory of 2096	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	96
PID 4296 wrote to memory of 1488	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	97
PID 4296 wrote to memory of 1488	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	97
PID 4296 wrote to memory of 1928	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	98
PID 4296 wrote to memory of 1928	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	98
PID 4296 wrote to memory of 3684	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	99
PID 4296 wrote to memory of 3684	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	99
PID 4296 wrote to memory of 3440	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	100
PID 4296 wrote to memory of 3440	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	100
PID 4296 wrote to memory of 2564	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	101
PID 4296 wrote to memory of 2564	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	101
PID 4296 wrote to memory of 4688	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	102
PID 4296 wrote to memory of 4688	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	102
PID 4296 wrote to memory of 3700	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	103
PID 4296 wrote to memory of 3700	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	103
PID 4296 wrote to memory of 2664	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	104
PID 4296 wrote to memory of 2664	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	104
PID 4296 wrote to memory of 3772	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	105
PID 4296 wrote to memory of 3772	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	105
PID 4296 wrote to memory of 368	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	106
PID 4296 wrote to memory of 368	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	106
PID 4296 wrote to memory of 456	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	107
PID 4296 wrote to memory of 456	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	107
PID 4296 wrote to memory of 3512	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	109
PID 4296 wrote to memory of 3512	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	109
PID 4296 wrote to memory of 2724	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	110
PID 4296 wrote to memory of 2724	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	110
PID 4296 wrote to memory of 4180	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	111
PID 4296 wrote to memory of 4180	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	111
PID 4296 wrote to memory of 3720	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	112
PID 4296 wrote to memory of 3720	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	112
PID 4296 wrote to memory of 3692	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	113
PID 4296 wrote to memory of 3692	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	113
PID 4296 wrote to memory of 220	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	114
PID 4296 wrote to memory of 220	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	114
PID 4296 wrote to memory of 208	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	117
PID 4296 wrote to memory of 208	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	117
PID 4296 wrote to memory of 388	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	118
PID 4296 wrote to memory of 388	4296	34438f512883f426da25337a09dfa26d_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\34438f512883f426da25337a09dfa26d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34438f512883f426da25337a09dfa26d_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1056
- C:\Windows\System\jTatjWz.exe
  C:\Windows\System\jTatjWz.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\aSZyCVm.exe
  C:\Windows\System\aSZyCVm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\msfJfub.exe
  C:\Windows\System\msfJfub.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\hLWDhrO.exe
  C:\Windows\System\hLWDhrO.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\vIXrSav.exe
  C:\Windows\System\vIXrSav.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\GRHOLrO.exe
  C:\Windows\System\GRHOLrO.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\wBlrtEu.exe
  C:\Windows\System\wBlrtEu.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\BJoJOpc.exe
  C:\Windows\System\BJoJOpc.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hwbOwxs.exe
  C:\Windows\System\hwbOwxs.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\VhNPJii.exe
  C:\Windows\System\VhNPJii.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\TxNqUcM.exe
  C:\Windows\System\TxNqUcM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\FmNqNGc.exe
  C:\Windows\System\FmNqNGc.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\TyriujR.exe
  C:\Windows\System\TyriujR.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\utZWiOl.exe
  C:\Windows\System\utZWiOl.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\iyMIUrv.exe
  C:\Windows\System\iyMIUrv.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\TGSTnhC.exe
  C:\Windows\System\TGSTnhC.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\WtoGfBm.exe
  C:\Windows\System\WtoGfBm.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\uzGzbHW.exe
  C:\Windows\System\uzGzbHW.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\KBqqjyo.exe
  C:\Windows\System\KBqqjyo.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\Jfnwyhw.exe
  C:\Windows\System\Jfnwyhw.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZSPiMGB.exe
  C:\Windows\System\ZSPiMGB.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\nKzVZkK.exe
  C:\Windows\System\nKzVZkK.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\YKMLQiw.exe
  C:\Windows\System\YKMLQiw.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\rYyXlQI.exe
  C:\Windows\System\rYyXlQI.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\DYoHKvs.exe
  C:\Windows\System\DYoHKvs.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\HMDoksu.exe
  C:\Windows\System\HMDoksu.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\HiHQlIV.exe
  C:\Windows\System\HiHQlIV.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\tAwvUYA.exe
  C:\Windows\System\tAwvUYA.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\krrzCqc.exe
  C:\Windows\System\krrzCqc.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\aIvmCql.exe
  C:\Windows\System\aIvmCql.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\lWZgmBd.exe
  C:\Windows\System\lWZgmBd.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\TRTAzMC.exe
  C:\Windows\System\TRTAzMC.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\sXlkKkH.exe
  C:\Windows\System\sXlkKkH.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\ybWNOKt.exe
  C:\Windows\System\ybWNOKt.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\pnHYdCY.exe
  C:\Windows\System\pnHYdCY.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\MmGoZtE.exe
  C:\Windows\System\MmGoZtE.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\XMNNtEy.exe
  C:\Windows\System\XMNNtEy.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\QCivgcH.exe
  C:\Windows\System\QCivgcH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\xntnBoz.exe
  C:\Windows\System\xntnBoz.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\FOsMHfl.exe
  C:\Windows\System\FOsMHfl.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\BNmwOyb.exe
  C:\Windows\System\BNmwOyb.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\MRGuhhb.exe
  C:\Windows\System\MRGuhhb.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\DsMyXzm.exe
  C:\Windows\System\DsMyXzm.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\IhmShgz.exe
  C:\Windows\System\IhmShgz.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\xXSFden.exe
  C:\Windows\System\xXSFden.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\zlirhbB.exe
  C:\Windows\System\zlirhbB.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\skVRWbF.exe
  C:\Windows\System\skVRWbF.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\EwCLLDt.exe
  C:\Windows\System\EwCLLDt.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\XTLsJgv.exe
  C:\Windows\System\XTLsJgv.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\sRgFojL.exe
  C:\Windows\System\sRgFojL.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\NRBWsqZ.exe
  C:\Windows\System\NRBWsqZ.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\oirdhAM.exe
  C:\Windows\System\oirdhAM.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\fAjgcFK.exe
  C:\Windows\System\fAjgcFK.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\gBmkUGs.exe
  C:\Windows\System\gBmkUGs.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\YhtAHVv.exe
  C:\Windows\System\YhtAHVv.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\hqwAfxY.exe
  C:\Windows\System\hqwAfxY.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\dsdRVJL.exe
  C:\Windows\System\dsdRVJL.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\rFQXZKE.exe
  C:\Windows\System\rFQXZKE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\nemjdrJ.exe
  C:\Windows\System\nemjdrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\KXYjJbM.exe
  C:\Windows\System\KXYjJbM.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\tZASagF.exe
  C:\Windows\System\tZASagF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vMhpBvn.exe
  C:\Windows\System\vMhpBvn.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\mHWXOSl.exe
  C:\Windows\System\mHWXOSl.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\eNEBIXc.exe
  C:\Windows\System\eNEBIXc.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\EISqLFH.exe
  C:\Windows\System\EISqLFH.exe
  2⤵
  PID:2888
- C:\Windows\System\vvPfZBF.exe
  C:\Windows\System\vvPfZBF.exe
  2⤵
  PID:636
- C:\Windows\System\GQPOPVQ.exe
  C:\Windows\System\GQPOPVQ.exe
  2⤵
  PID:4660
- C:\Windows\System\HUeVnhR.exe
  C:\Windows\System\HUeVnhR.exe
  2⤵
  PID:4644
- C:\Windows\System\ECLpbVi.exe
  C:\Windows\System\ECLpbVi.exe
  2⤵
  PID:4568
- C:\Windows\System\pYiHujI.exe
  C:\Windows\System\pYiHujI.exe
  2⤵
  PID:4312
- C:\Windows\System\oXysnen.exe
  C:\Windows\System\oXysnen.exe
  2⤵
  PID:916
- C:\Windows\System\dHSAnJb.exe
  C:\Windows\System\dHSAnJb.exe
  2⤵
  PID:3552
- C:\Windows\System\CSfnHKw.exe
  C:\Windows\System\CSfnHKw.exe
  2⤵
  PID:1032
- C:\Windows\System\ZoDaPjD.exe
  C:\Windows\System\ZoDaPjD.exe
  2⤵
  PID:3916
- C:\Windows\System\HJlNJxi.exe
  C:\Windows\System\HJlNJxi.exe
  2⤵
  PID:2276
- C:\Windows\System\WdAwxMe.exe
  C:\Windows\System\WdAwxMe.exe
  2⤵
  PID:4864
- C:\Windows\System\tTxEUkk.exe
  C:\Windows\System\tTxEUkk.exe
  2⤵
  PID:1892
- C:\Windows\System\dbOkHEO.exe
  C:\Windows\System\dbOkHEO.exe
  2⤵
  PID:2880
- C:\Windows\System\cjKiDMi.exe
  C:\Windows\System\cjKiDMi.exe
  2⤵
  PID:3088
- C:\Windows\System\whTsriQ.exe
  C:\Windows\System\whTsriQ.exe
  2⤵
  PID:4556
- C:\Windows\System\ERuMGwu.exe
  C:\Windows\System\ERuMGwu.exe
  2⤵
  PID:5188
- C:\Windows\System\CLlojLU.exe
  C:\Windows\System\CLlojLU.exe
  2⤵
  PID:5216
- C:\Windows\System\MyVvOzD.exe
  C:\Windows\System\MyVvOzD.exe
  2⤵
  PID:5260
- C:\Windows\System\YuXcQAa.exe
  C:\Windows\System\YuXcQAa.exe
  2⤵
  PID:5304
- C:\Windows\System\vyDYxYv.exe
  C:\Windows\System\vyDYxYv.exe
  2⤵
  PID:5324
- C:\Windows\System\rUghywB.exe
  C:\Windows\System\rUghywB.exe
  2⤵
  PID:5352
- C:\Windows\System\twgiVIj.exe
  C:\Windows\System\twgiVIj.exe
  2⤵
  PID:5384
- C:\Windows\System\dKqmKQb.exe
  C:\Windows\System\dKqmKQb.exe
  2⤵
  PID:5448
- C:\Windows\System\axrhNpO.exe
  C:\Windows\System\axrhNpO.exe
  2⤵
  PID:5464
- C:\Windows\System\XEjRkGb.exe
  C:\Windows\System\XEjRkGb.exe
  2⤵
  PID:5516
- C:\Windows\System\GfhMtis.exe
  C:\Windows\System\GfhMtis.exe
  2⤵
  PID:5532
- C:\Windows\System\LoangSt.exe
  C:\Windows\System\LoangSt.exe
  2⤵
  PID:5552
- C:\Windows\System\lDmKpjK.exe
  C:\Windows\System\lDmKpjK.exe
  2⤵
  PID:5584
- C:\Windows\System\OeEGPNY.exe
  C:\Windows\System\OeEGPNY.exe
  2⤵
  PID:5628
- C:\Windows\System\baRWXmB.exe
  C:\Windows\System\baRWXmB.exe
  2⤵
  PID:5644
- C:\Windows\System\aXjRzsH.exe
  C:\Windows\System\aXjRzsH.exe
  2⤵
  PID:5716
- C:\Windows\System\Eodgegj.exe
  C:\Windows\System\Eodgegj.exe
  2⤵
  PID:5760
- C:\Windows\System\VZDkBgR.exe
  C:\Windows\System\VZDkBgR.exe
  2⤵
  PID:5820
- C:\Windows\System\qszJhDi.exe
  C:\Windows\System\qszJhDi.exe
  2⤵
  PID:5840
- C:\Windows\System\koUZykq.exe
  C:\Windows\System\koUZykq.exe
  2⤵
  PID:5872
- C:\Windows\System\BZzNdMo.exe
  C:\Windows\System\BZzNdMo.exe
  2⤵
  PID:5896
- C:\Windows\System\yJMqaFB.exe
  C:\Windows\System\yJMqaFB.exe
  2⤵
  PID:5936
- C:\Windows\System\hALAxpu.exe
  C:\Windows\System\hALAxpu.exe
  2⤵
  PID:5980
- C:\Windows\System\ohvWYlB.exe
  C:\Windows\System\ohvWYlB.exe
  2⤵
  PID:6036
- C:\Windows\System\oVKCLzR.exe
  C:\Windows\System\oVKCLzR.exe
  2⤵
  PID:6056
- C:\Windows\System\pfKPxie.exe
  C:\Windows\System\pfKPxie.exe
  2⤵
  PID:6100
- C:\Windows\System\YMGmzUb.exe
  C:\Windows\System\YMGmzUb.exe
  2⤵
  PID:6116
- C:\Windows\System\lLCFmJU.exe
  C:\Windows\System\lLCFmJU.exe
  2⤵
  PID:700
- C:\Windows\System\XZxDrdP.exe
  C:\Windows\System\XZxDrdP.exe
  2⤵
  PID:5152
- C:\Windows\System\SxhuURY.exe
  C:\Windows\System\SxhuURY.exe
  2⤵
  PID:5164
- C:\Windows\System\ZROZUOo.exe
  C:\Windows\System\ZROZUOo.exe
  2⤵
  PID:5320
- C:\Windows\System\afoipQm.exe
  C:\Windows\System\afoipQm.exe
  2⤵
  PID:5284
- C:\Windows\System\rMJBHko.exe
  C:\Windows\System\rMJBHko.exe
  2⤵
  PID:5412
- C:\Windows\System\vSvKxdX.exe
  C:\Windows\System\vSvKxdX.exe
  2⤵
  PID:5428
- C:\Windows\System\GAAygdh.exe
  C:\Windows\System\GAAygdh.exe
  2⤵
  PID:5548
- C:\Windows\System\OFaMfxS.exe
  C:\Windows\System\OFaMfxS.exe
  2⤵
  PID:5484
- C:\Windows\System\ToVlUkj.exe
  C:\Windows\System\ToVlUkj.exe
  2⤵
  PID:5640
- C:\Windows\System\eHXQNPX.exe
  C:\Windows\System\eHXQNPX.exe
  2⤵
  PID:5700
- C:\Windows\System\yOqYaDE.exe
  C:\Windows\System\yOqYaDE.exe
  2⤵
  PID:5748
- C:\Windows\System\HkPfOfw.exe
  C:\Windows\System\HkPfOfw.exe
  2⤵
  PID:5788
- C:\Windows\System\ZwljBeX.exe
  C:\Windows\System\ZwljBeX.exe
  2⤵
  PID:5920
- C:\Windows\System\rRaiXhE.exe
  C:\Windows\System\rRaiXhE.exe
  2⤵
  PID:6032
- C:\Windows\System\wXuhjRv.exe
  C:\Windows\System\wXuhjRv.exe
  2⤵
  PID:2028
- C:\Windows\System\NgTUGJb.exe
  C:\Windows\System\NgTUGJb.exe
  2⤵
  PID:6084
- C:\Windows\System\hybYanE.exe
  C:\Windows\System\hybYanE.exe
  2⤵
  PID:6096
- C:\Windows\System\HhzZblQ.exe
  C:\Windows\System\HhzZblQ.exe
  2⤵
  PID:1140
- C:\Windows\System\nDZQvdB.exe
  C:\Windows\System\nDZQvdB.exe
  2⤵
  PID:5396
- C:\Windows\System\afisfzv.exe
  C:\Windows\System\afisfzv.exe
  2⤵
  PID:5404
- C:\Windows\System\HzJNaem.exe
  C:\Windows\System\HzJNaem.exe
  2⤵
  PID:3672
- C:\Windows\System\yScOxSW.exe
  C:\Windows\System\yScOxSW.exe
  2⤵
  PID:5440
- C:\Windows\System\OXzLccj.exe
  C:\Windows\System\OXzLccj.exe
  2⤵
  PID:5616
- C:\Windows\System\FmwIzhE.exe
  C:\Windows\System\FmwIzhE.exe
  2⤵
  PID:5608
- C:\Windows\System\LCrHZpH.exe
  C:\Windows\System\LCrHZpH.exe
  2⤵
  PID:5784
- C:\Windows\System\SgTUYGO.exe
  C:\Windows\System\SgTUYGO.exe
  2⤵
  PID:5664
- C:\Windows\System\ZSAPrhU.exe
  C:\Windows\System\ZSAPrhU.exe
  2⤵
  PID:5892
- C:\Windows\System\QoFKseY.exe
  C:\Windows\System\QoFKseY.exe
  2⤵
  PID:5856
- C:\Windows\System\BkIVtXY.exe
  C:\Windows\System\BkIVtXY.exe
  2⤵
  PID:5360
- C:\Windows\System\DGRRVBB.exe
  C:\Windows\System\DGRRVBB.exe
  2⤵
  PID:5656
- C:\Windows\System\pwZClGe.exe
  C:\Windows\System\pwZClGe.exe
  2⤵
  PID:5596
- C:\Windows\System\MRoQgoB.exe
  C:\Windows\System\MRoQgoB.exe
  2⤵
  PID:4476
- C:\Windows\System\Wucunxh.exe
  C:\Windows\System\Wucunxh.exe
  2⤵
  PID:2976
- C:\Windows\System\cadArtH.exe
  C:\Windows\System\cadArtH.exe
  2⤵
  PID:5336
- C:\Windows\System\bQBOJxJ.exe
  C:\Windows\System\bQBOJxJ.exe
  2⤵
  PID:6164
- C:\Windows\System\zgbxhHc.exe
  C:\Windows\System\zgbxhHc.exe
  2⤵
  PID:6180
- C:\Windows\System\ITbgoJH.exe
  C:\Windows\System\ITbgoJH.exe
  2⤵
  PID:6200
- C:\Windows\System\sCkpYQN.exe
  C:\Windows\System\sCkpYQN.exe
  2⤵
  PID:6228
- C:\Windows\System\ljZzrMs.exe
  C:\Windows\System\ljZzrMs.exe
  2⤵
  PID:6252
- C:\Windows\System\dZxmyCs.exe
  C:\Windows\System\dZxmyCs.exe
  2⤵
  PID:6300
- C:\Windows\System\pBwKQDe.exe
  C:\Windows\System\pBwKQDe.exe
  2⤵
  PID:6328
- C:\Windows\System\suosfPk.exe
  C:\Windows\System\suosfPk.exe
  2⤵
  PID:6412
- C:\Windows\System\jYHeOFO.exe
  C:\Windows\System\jYHeOFO.exe
  2⤵
  PID:6444
- C:\Windows\System\ziBhphj.exe
  C:\Windows\System\ziBhphj.exe
  2⤵
  PID:6472
- C:\Windows\System\SsAMGar.exe
  C:\Windows\System\SsAMGar.exe
  2⤵
  PID:6488
- C:\Windows\System\pjkONRn.exe
  C:\Windows\System\pjkONRn.exe
  2⤵
  PID:6504
- C:\Windows\System\Mawffpp.exe
  C:\Windows\System\Mawffpp.exe
  2⤵
  PID:6528
- C:\Windows\System\qgSVjvN.exe
  C:\Windows\System\qgSVjvN.exe
  2⤵
  PID:6544
- C:\Windows\System\dCCZlUP.exe
  C:\Windows\System\dCCZlUP.exe
  2⤵
  PID:6564
- C:\Windows\System\nRvnnar.exe
  C:\Windows\System\nRvnnar.exe
  2⤵
  PID:6580
- C:\Windows\System\qbTugKt.exe
  C:\Windows\System\qbTugKt.exe
  2⤵
  PID:6612
- C:\Windows\System\DModhIZ.exe
  C:\Windows\System\DModhIZ.exe
  2⤵
  PID:6632
- C:\Windows\System\dviCwfW.exe
  C:\Windows\System\dviCwfW.exe
  2⤵
  PID:6700
- C:\Windows\System\YixAWjD.exe
  C:\Windows\System\YixAWjD.exe
  2⤵
  PID:6724
- C:\Windows\System\lwIufwX.exe
  C:\Windows\System\lwIufwX.exe
  2⤵
  PID:6752
- C:\Windows\System\FuprqVl.exe
  C:\Windows\System\FuprqVl.exe
  2⤵
  PID:6864
- C:\Windows\System\eVJplkg.exe
  C:\Windows\System\eVJplkg.exe
  2⤵
  PID:6924
- C:\Windows\System\BsISYWH.exe
  C:\Windows\System\BsISYWH.exe
  2⤵
  PID:6940
- C:\Windows\System\vmyQfcJ.exe
  C:\Windows\System\vmyQfcJ.exe
  2⤵
  PID:6964
- C:\Windows\System\jnpICIn.exe
  C:\Windows\System\jnpICIn.exe
  2⤵
  PID:7004
- C:\Windows\System\PKRYauX.exe
  C:\Windows\System\PKRYauX.exe
  2⤵
  PID:7040
- C:\Windows\System\Bcuwzks.exe
  C:\Windows\System\Bcuwzks.exe
  2⤵
  PID:7080
- C:\Windows\System\UqASVqG.exe
  C:\Windows\System\UqASVqG.exe
  2⤵
  PID:7100
- C:\Windows\System\cRrWrww.exe
  C:\Windows\System\cRrWrww.exe
  2⤵
  PID:7128
- C:\Windows\System\vawlHwB.exe
  C:\Windows\System\vawlHwB.exe
  2⤵
  PID:5776
- C:\Windows\System\yypaadv.exe
  C:\Windows\System\yypaadv.exe
  2⤵
  PID:6220
- C:\Windows\System\GvoMikU.exe
  C:\Windows\System\GvoMikU.exe
  2⤵
  PID:6192
- C:\Windows\System\TsKJJWt.exe
  C:\Windows\System\TsKJJWt.exe
  2⤵
  PID:6292
- C:\Windows\System\htBDQjI.exe
  C:\Windows\System\htBDQjI.exe
  2⤵
  PID:6388
- C:\Windows\System\pfGuPhA.exe
  C:\Windows\System\pfGuPhA.exe
  2⤵
  PID:6468
- C:\Windows\System\faUetRT.exe
  C:\Windows\System\faUetRT.exe
  2⤵
  PID:6496
- C:\Windows\System\SIsBggE.exe
  C:\Windows\System\SIsBggE.exe
  2⤵
  PID:6536
- C:\Windows\System\JijkFDV.exe
  C:\Windows\System\JijkFDV.exe
  2⤵
  PID:6688
- C:\Windows\System\qqlNBTi.exe
  C:\Windows\System\qqlNBTi.exe
  2⤵
  PID:6748
- C:\Windows\System\dMFgsud.exe
  C:\Windows\System\dMFgsud.exe
  2⤵
  PID:6852
- C:\Windows\System\dWvKFfd.exe
  C:\Windows\System\dWvKFfd.exe
  2⤵
  PID:6884
- C:\Windows\System\BNPwNvH.exe
  C:\Windows\System\BNPwNvH.exe
  2⤵
  PID:6932
- C:\Windows\System\TSwJGoG.exe
  C:\Windows\System\TSwJGoG.exe
  2⤵
  PID:7000
- C:\Windows\System\IBSzTgz.exe
  C:\Windows\System\IBSzTgz.exe
  2⤵
  PID:7016
- C:\Windows\System\QycibNd.exe
  C:\Windows\System\QycibNd.exe
  2⤵
  PID:7148
- C:\Windows\System\kSbLHWu.exe
  C:\Windows\System\kSbLHWu.exe
  2⤵
  PID:5340
- C:\Windows\System\tqznVNS.exe
  C:\Windows\System\tqznVNS.exe
  2⤵
  PID:6380
- C:\Windows\System\xhfvXSq.exe
  C:\Windows\System\xhfvXSq.exe
  2⤵
  PID:6516
- C:\Windows\System\dTMeznR.exe
  C:\Windows\System\dTMeznR.exe
  2⤵
  PID:6520
- C:\Windows\System\TpVyULe.exe
  C:\Windows\System\TpVyULe.exe
  2⤵
  PID:6624
- C:\Windows\System\ZcaiPHO.exe
  C:\Windows\System\ZcaiPHO.exe
  2⤵
  PID:6812
- C:\Windows\System\dUIkybA.exe
  C:\Windows\System\dUIkybA.exe
  2⤵
  PID:6988
- C:\Windows\System\BwQmTob.exe
  C:\Windows\System\BwQmTob.exe
  2⤵
  PID:7064
- C:\Windows\System\yNPxhNa.exe
  C:\Windows\System\yNPxhNa.exe
  2⤵
  PID:3048
- C:\Windows\System\QkToGso.exe
  C:\Windows\System\QkToGso.exe
  2⤵
  PID:6576
- C:\Windows\System\HOlHXUd.exe
  C:\Windows\System\HOlHXUd.exe
  2⤵
  PID:6912
- C:\Windows\System\aaYzvYf.exe
  C:\Windows\System\aaYzvYf.exe
  2⤵
  PID:6760
- C:\Windows\System\VLgBulM.exe
  C:\Windows\System\VLgBulM.exe
  2⤵
  PID:4668
- C:\Windows\System\BOcMlHa.exe
  C:\Windows\System\BOcMlHa.exe
  2⤵
  PID:6808
- C:\Windows\System\fpuwFcM.exe
  C:\Windows\System\fpuwFcM.exe
  2⤵
  PID:6976
- C:\Windows\System\bJbGWXL.exe
  C:\Windows\System\bJbGWXL.exe
  2⤵
  PID:7180
- C:\Windows\System\SgnkPTo.exe
  C:\Windows\System\SgnkPTo.exe
  2⤵
  PID:7236
- C:\Windows\System\RJPdTUB.exe
  C:\Windows\System\RJPdTUB.exe
  2⤵
  PID:7252
- C:\Windows\System\biPbCsQ.exe
  C:\Windows\System\biPbCsQ.exe
  2⤵
  PID:7288
- C:\Windows\System\ydXFLJO.exe
  C:\Windows\System\ydXFLJO.exe
  2⤵
  PID:7308
- C:\Windows\System\cIKRRJA.exe
  C:\Windows\System\cIKRRJA.exe
  2⤵
  PID:7340
- C:\Windows\System\ZAXZTeE.exe
  C:\Windows\System\ZAXZTeE.exe
  2⤵
  PID:7388
- C:\Windows\System\puoroGP.exe
  C:\Windows\System\puoroGP.exe
  2⤵
  PID:7452
- C:\Windows\System\LUmOebh.exe
  C:\Windows\System\LUmOebh.exe
  2⤵
  PID:7472
- C:\Windows\System\tSAUHXE.exe
  C:\Windows\System\tSAUHXE.exe
  2⤵
  PID:7492
- C:\Windows\System\qOWLjQz.exe
  C:\Windows\System\qOWLjQz.exe
  2⤵
  PID:7524
- C:\Windows\System\DYvXqAd.exe
  C:\Windows\System\DYvXqAd.exe
  2⤵
  PID:7544
- C:\Windows\System\IMJnZLi.exe
  C:\Windows\System\IMJnZLi.exe
  2⤵
  PID:7564
- C:\Windows\System\LznlLtC.exe
  C:\Windows\System\LznlLtC.exe
  2⤵
  PID:7588
- C:\Windows\System\WEIDDZw.exe
  C:\Windows\System\WEIDDZw.exe
  2⤵
  PID:7608
- C:\Windows\System\moCzxUY.exe
  C:\Windows\System\moCzxUY.exe
  2⤵
  PID:7628
- C:\Windows\System\XUcstne.exe
  C:\Windows\System\XUcstne.exe
  2⤵
  PID:7652
- C:\Windows\System\MLqzbCZ.exe
  C:\Windows\System\MLqzbCZ.exe
  2⤵
  PID:7680
- C:\Windows\System\ZFsJbKT.exe
  C:\Windows\System\ZFsJbKT.exe
  2⤵
  PID:7716
- C:\Windows\System\OcjLchm.exe
  C:\Windows\System\OcjLchm.exe
  2⤵
  PID:7752
- C:\Windows\System\EwMiIJa.exe
  C:\Windows\System\EwMiIJa.exe
  2⤵
  PID:7788
- C:\Windows\System\AyuWCJa.exe
  C:\Windows\System\AyuWCJa.exe
  2⤵
  PID:7844
- C:\Windows\System\nZUDMzn.exe
  C:\Windows\System\nZUDMzn.exe
  2⤵
  PID:7872
- C:\Windows\System\ovsCKOZ.exe
  C:\Windows\System\ovsCKOZ.exe
  2⤵
  PID:7904
- C:\Windows\System\QRJDxuE.exe
  C:\Windows\System\QRJDxuE.exe
  2⤵
  PID:7932
- C:\Windows\System\yPUgbVa.exe
  C:\Windows\System\yPUgbVa.exe
  2⤵
  PID:7956
- C:\Windows\System\ilvdtFF.exe
  C:\Windows\System\ilvdtFF.exe
  2⤵
  PID:7976
- C:\Windows\System\CwMZhiI.exe
  C:\Windows\System\CwMZhiI.exe
  2⤵
  PID:8008
- C:\Windows\System\ZrkZKEn.exe
  C:\Windows\System\ZrkZKEn.exe
  2⤵
  PID:8036
- C:\Windows\System\LnFFFMJ.exe
  C:\Windows\System\LnFFFMJ.exe
  2⤵
  PID:8060
- C:\Windows\System\kQyQtjg.exe
  C:\Windows\System\kQyQtjg.exe
  2⤵
  PID:8104
- C:\Windows\System\TLKdMAA.exe
  C:\Windows\System\TLKdMAA.exe
  2⤵
  PID:8132
- C:\Windows\System\crDFCfV.exe
  C:\Windows\System\crDFCfV.exe
  2⤵
  PID:8148
- C:\Windows\System\HZXagQh.exe
  C:\Windows\System\HZXagQh.exe
  2⤵
  PID:8172
- C:\Windows\System\UYjwnbX.exe
  C:\Windows\System\UYjwnbX.exe
  2⤵
  PID:7056
- C:\Windows\System\BeRsfgj.exe
  C:\Windows\System\BeRsfgj.exe
  2⤵
  PID:7232
- C:\Windows\System\QllfDUy.exe
  C:\Windows\System\QllfDUy.exe
  2⤵
  PID:7284
- C:\Windows\System\gczwdAF.exe
  C:\Windows\System\gczwdAF.exe
  2⤵
  PID:7336
- C:\Windows\System\RZdyCkQ.exe
  C:\Windows\System\RZdyCkQ.exe
  2⤵
  PID:7372
- C:\Windows\System\KqnpbZr.exe
  C:\Windows\System\KqnpbZr.exe
  2⤵
  PID:7532
- C:\Windows\System\uAcMICV.exe
  C:\Windows\System\uAcMICV.exe
  2⤵
  PID:7808
- C:\Windows\System\LKVMrLG.exe
  C:\Windows\System\LKVMrLG.exe
  2⤵
  PID:7836
- C:\Windows\System\vyOrFau.exe
  C:\Windows\System\vyOrFau.exe
  2⤵
  PID:7892
- C:\Windows\System\ZHjzmtL.exe
  C:\Windows\System\ZHjzmtL.exe
  2⤵
  PID:7928
- C:\Windows\System\dyPcaTJ.exe
  C:\Windows\System\dyPcaTJ.exe
  2⤵
  PID:7968
- C:\Windows\System\fevWPhf.exe
  C:\Windows\System\fevWPhf.exe
  2⤵
  PID:7996
- C:\Windows\System\uHHznAb.exe
  C:\Windows\System\uHHznAb.exe
  2⤵
  PID:8100
- C:\Windows\System\HPDokwA.exe
  C:\Windows\System\HPDokwA.exe
  2⤵
  PID:8056
- C:\Windows\System\xNjOyMQ.exe
  C:\Windows\System\xNjOyMQ.exe
  2⤵
  PID:8116
- C:\Windows\System\TdDtRnO.exe
  C:\Windows\System\TdDtRnO.exe
  2⤵
  PID:7176
- C:\Windows\System\zgJGdBf.exe
  C:\Windows\System\zgJGdBf.exe
  2⤵
  PID:8156
- C:\Windows\System\QWiLHWe.exe
  C:\Windows\System\QWiLHWe.exe
  2⤵
  PID:7272
- C:\Windows\System\jKnUIVA.exe
  C:\Windows\System\jKnUIVA.exe
  2⤵
  PID:7332
- C:\Windows\System\sgQNlmK.exe
  C:\Windows\System\sgQNlmK.exe
  2⤵
  PID:7384
- C:\Windows\System\msNNdtn.exe
  C:\Windows\System\msNNdtn.exe
  2⤵
  PID:7436
- C:\Windows\System\oApgOss.exe
  C:\Windows\System\oApgOss.exe
  2⤵
  PID:7560
- C:\Windows\System\uUytVqV.exe
  C:\Windows\System\uUytVqV.exe
  2⤵
  PID:7868
- C:\Windows\System\TKDKBiL.exe
  C:\Windows\System\TKDKBiL.exe
  2⤵
  PID:7964
- C:\Windows\System\jsgJqxv.exe
  C:\Windows\System\jsgJqxv.exe
  2⤵
  PID:8024
- C:\Windows\System\yLgFTxW.exe
  C:\Windows\System\yLgFTxW.exe
  2⤵
  PID:8096
- C:\Windows\System\PUOhPSk.exe
  C:\Windows\System\PUOhPSk.exe
  2⤵
  PID:8140
- C:\Windows\System\mjlCrfQ.exe
  C:\Windows\System\mjlCrfQ.exe
  2⤵
  PID:7604
- C:\Windows\System\WeemSKl.exe
  C:\Windows\System\WeemSKl.exe
  2⤵
  PID:7196
- C:\Windows\System\AFSlWDR.exe
  C:\Windows\System\AFSlWDR.exe
  2⤵
  PID:8200
- C:\Windows\System\zCXWTEC.exe
  C:\Windows\System\zCXWTEC.exe
  2⤵
  PID:8224
- C:\Windows\System\egHNVVl.exe
  C:\Windows\System\egHNVVl.exe
  2⤵
  PID:8352
- C:\Windows\System\rNeQRSG.exe
  C:\Windows\System\rNeQRSG.exe
  2⤵
  PID:8440
- C:\Windows\System\wNDKPdY.exe
  C:\Windows\System\wNDKPdY.exe
  2⤵
  PID:8468
- C:\Windows\System\AIIlTjS.exe
  C:\Windows\System\AIIlTjS.exe
  2⤵
  PID:8488
- C:\Windows\System\BfkAcwh.exe
  C:\Windows\System\BfkAcwh.exe
  2⤵
  PID:8504
- C:\Windows\System\igSVbAt.exe
  C:\Windows\System\igSVbAt.exe
  2⤵
  PID:8536
- C:\Windows\System\MTsybtc.exe
  C:\Windows\System\MTsybtc.exe
  2⤵
  PID:8560
- C:\Windows\System\CgBPtqc.exe
  C:\Windows\System\CgBPtqc.exe
  2⤵
  PID:8584
- C:\Windows\System\laYtoLo.exe
  C:\Windows\System\laYtoLo.exe
  2⤵
  PID:8612
- C:\Windows\System\RZGJSxK.exe
  C:\Windows\System\RZGJSxK.exe
  2⤵
  PID:8632
- C:\Windows\System\PttWVux.exe
  C:\Windows\System\PttWVux.exe
  2⤵
  PID:8684
- C:\Windows\System\guxZmlH.exe
  C:\Windows\System\guxZmlH.exe
  2⤵
  PID:8712
- C:\Windows\System\ljYMwDs.exe
  C:\Windows\System\ljYMwDs.exe
  2⤵
  PID:8748
- C:\Windows\System\vDobaBP.exe
  C:\Windows\System\vDobaBP.exe
  2⤵
  PID:8768
- C:\Windows\System\mBwqdol.exe
  C:\Windows\System\mBwqdol.exe
  2⤵
  PID:8816
- C:\Windows\System\spcJqRz.exe
  C:\Windows\System\spcJqRz.exe
  2⤵
  PID:8860
- C:\Windows\System\aPPJStC.exe
  C:\Windows\System\aPPJStC.exe
  2⤵
  PID:8888
- C:\Windows\System\AZLGpZL.exe
  C:\Windows\System\AZLGpZL.exe
  2⤵
  PID:8916
- C:\Windows\System\oWOizeu.exe
  C:\Windows\System\oWOizeu.exe
  2⤵
  PID:8952
- C:\Windows\System\cyFpcmN.exe
  C:\Windows\System\cyFpcmN.exe
  2⤵
  PID:8976
- C:\Windows\System\QdHfrhu.exe
  C:\Windows\System\QdHfrhu.exe
  2⤵
  PID:8996
- C:\Windows\System\EPqKzHC.exe
  C:\Windows\System\EPqKzHC.exe
  2⤵
  PID:9016
- C:\Windows\System\NkxvKBZ.exe
  C:\Windows\System\NkxvKBZ.exe
  2⤵
  PID:9048
- C:\Windows\System\fwyhjMH.exe
  C:\Windows\System\fwyhjMH.exe
  2⤵
  PID:9064
- C:\Windows\System\pzKjCOe.exe
  C:\Windows\System\pzKjCOe.exe
  2⤵
  PID:9096
- C:\Windows\System\jyXcxTo.exe
  C:\Windows\System\jyXcxTo.exe
  2⤵
  PID:9124
- C:\Windows\System\JDsDxab.exe
  C:\Windows\System\JDsDxab.exe
  2⤵
  PID:9148
- C:\Windows\System\hinGSlu.exe
  C:\Windows\System\hinGSlu.exe
  2⤵
  PID:9164
- C:\Windows\System\BVgrfVP.exe
  C:\Windows\System\BVgrfVP.exe
  2⤵
  PID:7784
- C:\Windows\System\aSjcQyK.exe
  C:\Windows\System\aSjcQyK.exe
  2⤵
  PID:8044
- C:\Windows\System\quZEbLv.exe
  C:\Windows\System\quZEbLv.exe
  2⤵
  PID:8244
- C:\Windows\System\IflxVYK.exe
  C:\Windows\System\IflxVYK.exe
  2⤵
  PID:8292
- C:\Windows\System\iHuretT.exe
  C:\Windows\System\iHuretT.exe
  2⤵
  PID:8432
- C:\Windows\System\mecEDRz.exe
  C:\Windows\System\mecEDRz.exe
  2⤵
  PID:8500
- C:\Windows\System\llcRujj.exe
  C:\Windows\System\llcRujj.exe
  2⤵
  PID:8556
- C:\Windows\System\HwUcZml.exe
  C:\Windows\System\HwUcZml.exe
  2⤵
  PID:8664
- C:\Windows\System\caEdcES.exe
  C:\Windows\System\caEdcES.exe
  2⤵
  PID:8700
- C:\Windows\System\qTlGqFi.exe
  C:\Windows\System\qTlGqFi.exe
  2⤵
  PID:8792
- C:\Windows\System\NhfIuyR.exe
  C:\Windows\System\NhfIuyR.exe
  2⤵
  PID:8856
- C:\Windows\System\Mxhkrjg.exe
  C:\Windows\System\Mxhkrjg.exe
  2⤵
  PID:8908
- C:\Windows\System\MKcbSsZ.exe
  C:\Windows\System\MKcbSsZ.exe
  2⤵
  PID:7580
- C:\Windows\System\gGpMAgB.exe
  C:\Windows\System\gGpMAgB.exe
  2⤵
  PID:9032
- C:\Windows\System\OaCTCiE.exe
  C:\Windows\System\OaCTCiE.exe
  2⤵
  PID:9132
- C:\Windows\System\BsGKPXL.exe
  C:\Windows\System\BsGKPXL.exe
  2⤵
  PID:9136
- C:\Windows\System\uYWNdfD.exe
  C:\Windows\System\uYWNdfD.exe
  2⤵
  PID:9212
- C:\Windows\System\wOpJdEl.exe
  C:\Windows\System\wOpJdEl.exe
  2⤵
  PID:6244
- C:\Windows\System\pHLlGAp.exe
  C:\Windows\System\pHLlGAp.exe
  2⤵
  PID:8316
- C:\Windows\System\zkcgpmf.exe
  C:\Windows\System\zkcgpmf.exe
  2⤵
  PID:8460
- C:\Windows\System\BuULEQb.exe
  C:\Windows\System\BuULEQb.exe
  2⤵
  PID:8528
- C:\Windows\System\XGZAtLF.exe
  C:\Windows\System\XGZAtLF.exe
  2⤵
  PID:8696
- C:\Windows\System\sVjNNxP.exe
  C:\Windows\System\sVjNNxP.exe
  2⤵
  PID:8764
- C:\Windows\System\lkmCnSm.exe
  C:\Windows\System\lkmCnSm.exe
  2⤵
  PID:7424
- C:\Windows\System\yUBRKTu.exe
  C:\Windows\System\yUBRKTu.exe
  2⤵
  PID:9008
- C:\Windows\System\HjDrVIj.exe
  C:\Windows\System\HjDrVIj.exe
  2⤵
  PID:6360
- C:\Windows\System\lzyUiNa.exe
  C:\Windows\System\lzyUiNa.exe
  2⤵
  PID:9184
- C:\Windows\System\sLvBrOZ.exe
  C:\Windows\System\sLvBrOZ.exe
  2⤵
  PID:8740
- C:\Windows\System\wWkDDcz.exe
  C:\Windows\System\wWkDDcz.exe
  2⤵
  PID:8904
- C:\Windows\System\DeIjhEV.exe
  C:\Windows\System\DeIjhEV.exe
  2⤵
  PID:3556
- C:\Windows\System\bMZIZFU.exe
  C:\Windows\System\bMZIZFU.exe
  2⤵
  PID:9252
- C:\Windows\System\YolNgpU.exe
  C:\Windows\System\YolNgpU.exe
  2⤵
  PID:9276
- C:\Windows\System\cvtJmvY.exe
  C:\Windows\System\cvtJmvY.exe
  2⤵
  PID:9292
- C:\Windows\System\KPlscKi.exe
  C:\Windows\System\KPlscKi.exe
  2⤵
  PID:9320
- C:\Windows\System\sYziQyk.exe
  C:\Windows\System\sYziQyk.exe
  2⤵
  PID:9384
- C:\Windows\System\QISzQJd.exe
  C:\Windows\System\QISzQJd.exe
  2⤵
  PID:9412
- C:\Windows\System\EnKxDEw.exe
  C:\Windows\System\EnKxDEw.exe
  2⤵
  PID:9432
- C:\Windows\System\qaIRHDw.exe
  C:\Windows\System\qaIRHDw.exe
  2⤵
  PID:9468
- C:\Windows\System\eBhaiKU.exe
  C:\Windows\System\eBhaiKU.exe
  2⤵
  PID:9520
- C:\Windows\System\ZvoRQqQ.exe
  C:\Windows\System\ZvoRQqQ.exe
  2⤵
  PID:9540
- C:\Windows\System\MyTIwty.exe
  C:\Windows\System\MyTIwty.exe
  2⤵
  PID:9560
- C:\Windows\System\xHVlAXg.exe
  C:\Windows\System\xHVlAXg.exe
  2⤵
  PID:9608
- C:\Windows\System\aDsdHcL.exe
  C:\Windows\System\aDsdHcL.exe
  2⤵
  PID:9632
- C:\Windows\System\SpqSUIC.exe
  C:\Windows\System\SpqSUIC.exe
  2⤵
  PID:9672
- C:\Windows\System\fxtyOcS.exe
  C:\Windows\System\fxtyOcS.exe
  2⤵
  PID:9700
- C:\Windows\System\haEglTm.exe
  C:\Windows\System\haEglTm.exe
  2⤵
  PID:9732
- C:\Windows\System\BqqjXqY.exe
  C:\Windows\System\BqqjXqY.exe
  2⤵
  PID:9780
- C:\Windows\System\HlsDNsp.exe
  C:\Windows\System\HlsDNsp.exe
  2⤵
  PID:9796
- C:\Windows\System\QTIhPcm.exe
  C:\Windows\System\QTIhPcm.exe
  2⤵
  PID:9828
- C:\Windows\System\LONrTxt.exe
  C:\Windows\System\LONrTxt.exe
  2⤵
  PID:9852
- C:\Windows\System\GQPYloc.exe
  C:\Windows\System\GQPYloc.exe
  2⤵
  PID:9896
- C:\Windows\System\jPWrqes.exe
  C:\Windows\System\jPWrqes.exe
  2⤵
  PID:9940
- C:\Windows\System\DCTHlkR.exe
  C:\Windows\System\DCTHlkR.exe
  2⤵
  PID:9976
- C:\Windows\System\oBkoeyK.exe
  C:\Windows\System\oBkoeyK.exe
  2⤵
  PID:10004
- C:\Windows\System\nxHHtOD.exe
  C:\Windows\System\nxHHtOD.exe
  2⤵
  PID:10036
- C:\Windows\System\GThltxh.exe
  C:\Windows\System\GThltxh.exe
  2⤵
  PID:10052
- C:\Windows\System\cSraXQS.exe
  C:\Windows\System\cSraXQS.exe
  2⤵
  PID:10072
- C:\Windows\System\crYIDYa.exe
  C:\Windows\System\crYIDYa.exe
  2⤵
  PID:10096
- C:\Windows\System\uwOOHgw.exe
  C:\Windows\System\uwOOHgw.exe
  2⤵
  PID:10112
- C:\Windows\System\sIdNhGK.exe
  C:\Windows\System\sIdNhGK.exe
  2⤵
  PID:10152
- C:\Windows\System\EPtKOAs.exe
  C:\Windows\System\EPtKOAs.exe
  2⤵
  PID:10168
- C:\Windows\System\CvSiATq.exe
  C:\Windows\System\CvSiATq.exe
  2⤵
  PID:10196
- C:\Windows\System\WqKvhdb.exe
  C:\Windows\System\WqKvhdb.exe
  2⤵
  PID:10216
- C:\Windows\System\dDqbkya.exe
  C:\Windows\System\dDqbkya.exe
  2⤵
  PID:9236
- C:\Windows\System\Xwlzoka.exe
  C:\Windows\System\Xwlzoka.exe
  2⤵
  PID:9392
- C:\Windows\System\szDINia.exe
  C:\Windows\System\szDINia.exe
  2⤵
  PID:9376
- C:\Windows\System\PIEaYbN.exe
  C:\Windows\System\PIEaYbN.exe
  2⤵
  PID:9488
- C:\Windows\System\CKkbfHn.exe
  C:\Windows\System\CKkbfHn.exe
  2⤵
  PID:9552
- C:\Windows\System\gDiLlPw.exe
  C:\Windows\System\gDiLlPw.exe
  2⤵
  PID:8604
- C:\Windows\System\CdTuqhr.exe
  C:\Windows\System\CdTuqhr.exe
  2⤵
  PID:9664
- C:\Windows\System\JJdcBVn.exe
  C:\Windows\System\JJdcBVn.exe
  2⤵
  PID:9696
- C:\Windows\System\SpWiAOb.exe
  C:\Windows\System\SpWiAOb.exe
  2⤵
  PID:9744
- C:\Windows\System\lGCcjOP.exe
  C:\Windows\System\lGCcjOP.exe
  2⤵
  PID:9816
- C:\Windows\System\pbExwaK.exe
  C:\Windows\System\pbExwaK.exe
  2⤵
  PID:9932
- C:\Windows\System\Sazfazp.exe
  C:\Windows\System\Sazfazp.exe
  2⤵
  PID:10000
- C:\Windows\System\yuVqNyS.exe
  C:\Windows\System\yuVqNyS.exe
  2⤵
  PID:10068
- C:\Windows\System\NUHqTdu.exe
  C:\Windows\System\NUHqTdu.exe
  2⤵
  PID:10164
- C:\Windows\System\DmfOmkV.exe
  C:\Windows\System\DmfOmkV.exe
  2⤵
  PID:9312
- C:\Windows\System\wRwEGeZ.exe
  C:\Windows\System\wRwEGeZ.exe
  2⤵
  PID:9692
- C:\Windows\System\IJicmEf.exe
  C:\Windows\System\IJicmEf.exe
  2⤵
  PID:9684
- C:\Windows\System\OnOXGDk.exe
  C:\Windows\System\OnOXGDk.exe
  2⤵
  PID:9888
- C:\Windows\System\ubwnkVq.exe
  C:\Windows\System\ubwnkVq.exe
  2⤵
  PID:9972
- C:\Windows\System\mRstBFb.exe
  C:\Windows\System\mRstBFb.exe
  2⤵
  PID:10144
- C:\Windows\System\qcrTPGu.exe
  C:\Windows\System\qcrTPGu.exe
  2⤵
  PID:9264
- C:\Windows\System\ZCUQBpH.exe
  C:\Windows\System\ZCUQBpH.exe
  2⤵
  PID:9876
- C:\Windows\System\YavDAHr.exe
  C:\Windows\System\YavDAHr.exe
  2⤵
  PID:10060
- C:\Windows\System\RIvJjOL.exe
  C:\Windows\System\RIvJjOL.exe
  2⤵
  PID:9288
- C:\Windows\System\dMEzzRu.exe
  C:\Windows\System\dMEzzRu.exe
  2⤵
  PID:9776
- C:\Windows\System\algyBru.exe
  C:\Windows\System\algyBru.exe
  2⤵
  PID:9616
- C:\Windows\System\nVhaiXo.exe
  C:\Windows\System\nVhaiXo.exe
  2⤵
  PID:10296
- C:\Windows\System\FsnwQKF.exe
  C:\Windows\System\FsnwQKF.exe
  2⤵
  PID:10316
- C:\Windows\System\fgtPkBQ.exe
  C:\Windows\System\fgtPkBQ.exe
  2⤵
  PID:10336
- C:\Windows\System\clJsBSw.exe
  C:\Windows\System\clJsBSw.exe
  2⤵
  PID:10360
- C:\Windows\System\wjlckBQ.exe
  C:\Windows\System\wjlckBQ.exe
  2⤵
  PID:10404
- C:\Windows\System\waYVSbR.exe
  C:\Windows\System\waYVSbR.exe
  2⤵
  PID:10428
- C:\Windows\System\jPoCioN.exe
  C:\Windows\System\jPoCioN.exe
  2⤵
  PID:10472
- C:\Windows\System\LgLiFyw.exe
  C:\Windows\System\LgLiFyw.exe
  2⤵
  PID:10496
- C:\Windows\System\BXnxDOB.exe
  C:\Windows\System\BXnxDOB.exe
  2⤵
  PID:10512
- C:\Windows\System\btHuEGw.exe
  C:\Windows\System\btHuEGw.exe
  2⤵
  PID:10560
- C:\Windows\System\nCPpDPg.exe
  C:\Windows\System\nCPpDPg.exe
  2⤵
  PID:10580
- C:\Windows\System\ilZaDgm.exe
  C:\Windows\System\ilZaDgm.exe
  2⤵
  PID:10600
- C:\Windows\System\qfMbACe.exe
  C:\Windows\System\qfMbACe.exe
  2⤵
  PID:10616
- C:\Windows\System\iJdUsVL.exe
  C:\Windows\System\iJdUsVL.exe
  2⤵
  PID:10636
- C:\Windows\System\FghECGl.exe
  C:\Windows\System\FghECGl.exe
  2⤵
  PID:10664
- C:\Windows\System\XmMSuZP.exe
  C:\Windows\System\XmMSuZP.exe
  2⤵
  PID:10720
- C:\Windows\System\kwxYeup.exe
  C:\Windows\System\kwxYeup.exe
  2⤵
  PID:10740
- C:\Windows\System\PWwzwLU.exe
  C:\Windows\System\PWwzwLU.exe
  2⤵
  PID:10764
- C:\Windows\System\gzZTScY.exe
  C:\Windows\System\gzZTScY.exe
  2⤵
  PID:10816
- C:\Windows\System\FqROFGC.exe
  C:\Windows\System\FqROFGC.exe
  2⤵
  PID:10840
- C:\Windows\System\rHZhqwi.exe
  C:\Windows\System\rHZhqwi.exe
  2⤵
  PID:10868
- C:\Windows\System\YgtCMpA.exe
  C:\Windows\System\YgtCMpA.exe
  2⤵
  PID:10888
- C:\Windows\System\GIQYIcK.exe
  C:\Windows\System\GIQYIcK.exe
  2⤵
  PID:10908
- C:\Windows\System\ZQtbVDU.exe
  C:\Windows\System\ZQtbVDU.exe
  2⤵
  PID:10924
- C:\Windows\System\afuaYHh.exe
  C:\Windows\System\afuaYHh.exe
  2⤵
  PID:10944
- C:\Windows\System\xOyHbVV.exe
  C:\Windows\System\xOyHbVV.exe
  2⤵
  PID:10964
- C:\Windows\System\KRTzKdJ.exe
  C:\Windows\System\KRTzKdJ.exe
  2⤵
  PID:11008
- C:\Windows\System\TDPEqcu.exe
  C:\Windows\System\TDPEqcu.exe
  2⤵
  PID:11032
- C:\Windows\System\GDvkvKu.exe
  C:\Windows\System\GDvkvKu.exe
  2⤵
  PID:11048
- C:\Windows\System\GwJevEA.exe
  C:\Windows\System\GwJevEA.exe
  2⤵
  PID:11072
- C:\Windows\System\sbmczno.exe
  C:\Windows\System\sbmczno.exe
  2⤵
  PID:11100
- C:\Windows\System\yaluapm.exe
  C:\Windows\System\yaluapm.exe
  2⤵
  PID:11120
- C:\Windows\System\wqnzwWV.exe
  C:\Windows\System\wqnzwWV.exe
  2⤵
  PID:11136
- C:\Windows\System\CLHOVUV.exe
  C:\Windows\System\CLHOVUV.exe
  2⤵
  PID:11180
- C:\Windows\System\tRHOFeK.exe
  C:\Windows\System\tRHOFeK.exe
  2⤵
  PID:11200
- C:\Windows\System\xpztQHJ.exe
  C:\Windows\System\xpztQHJ.exe
  2⤵
  PID:11220
- C:\Windows\System\aiDdCKt.exe
  C:\Windows\System\aiDdCKt.exe
  2⤵
  PID:11244
- C:\Windows\System\taTVUnf.exe
  C:\Windows\System\taTVUnf.exe
  2⤵
  PID:10308
- C:\Windows\System\NYBjazQ.exe
  C:\Windows\System\NYBjazQ.exe
  2⤵
  PID:10508
- C:\Windows\System\TLAkwWs.exe
  C:\Windows\System\TLAkwWs.exe
  2⤵
  PID:10568
- C:\Windows\System\RDQnzaw.exe
  C:\Windows\System\RDQnzaw.exe
  2⤵
  PID:10612
- C:\Windows\System\cAaxDbN.exe
  C:\Windows\System\cAaxDbN.exe
  2⤵
  PID:10624
- C:\Windows\System\pHuWYNQ.exe
  C:\Windows\System\pHuWYNQ.exe
  2⤵
  PID:10696
- C:\Windows\System\deVURRK.exe
  C:\Windows\System\deVURRK.exe
  2⤵
  PID:10756
- C:\Windows\System\ClPNkbi.exe
  C:\Windows\System\ClPNkbi.exe
  2⤵
  PID:10788
- C:\Windows\System\olhZXFq.exe
  C:\Windows\System\olhZXFq.exe
  2⤵
  PID:10832
- C:\Windows\System\QChHVOu.exe
  C:\Windows\System\QChHVOu.exe
  2⤵
  PID:10880
- C:\Windows\System\nyfhRPN.exe
  C:\Windows\System\nyfhRPN.exe
  2⤵
  PID:11004
- C:\Windows\System\zOoIWol.exe
  C:\Windows\System\zOoIWol.exe
  2⤵
  PID:11096
- C:\Windows\System\fHXhgRP.exe
  C:\Windows\System\fHXhgRP.exe
  2⤵
  PID:11092
- C:\Windows\System\GEXtWPU.exe
  C:\Windows\System\GEXtWPU.exe
  2⤵
  PID:11160
- C:\Windows\System\AIpwYrd.exe
  C:\Windows\System\AIpwYrd.exe
  2⤵
  PID:11208
- C:\Windows\System\nEqxmSk.exe
  C:\Windows\System\nEqxmSk.exe
  2⤵
  PID:11188
- C:\Windows\System\oloAxIX.exe
  C:\Windows\System\oloAxIX.exe
  2⤵
  PID:10548
- C:\Windows\System\ppXtSup.exe
  C:\Windows\System\ppXtSup.exe
  2⤵
  PID:10608
- C:\Windows\System\zWBxCFE.exe
  C:\Windows\System\zWBxCFE.exe
  2⤵
  PID:10748
- C:\Windows\System\CbrQAmJ.exe
  C:\Windows\System\CbrQAmJ.exe
  2⤵
  PID:10860
- C:\Windows\System\rSFZiyD.exe
  C:\Windows\System\rSFZiyD.exe
  2⤵
  PID:11112
- C:\Windows\System\zxtsfhl.exe
  C:\Windows\System\zxtsfhl.exe
  2⤵
  PID:10424
- C:\Windows\System\txBlafF.exe
  C:\Windows\System\txBlafF.exe
  2⤵
  PID:10836
- C:\Windows\System\mZPLOeN.exe
  C:\Windows\System\mZPLOeN.exe
  2⤵
  PID:11228
- C:\Windows\System\bfFaIeE.exe
  C:\Windows\System\bfFaIeE.exe
  2⤵
  PID:11256
- C:\Windows\System\pvfoXUw.exe
  C:\Windows\System\pvfoXUw.exe
  2⤵
  PID:11284
- C:\Windows\System\aOFqgya.exe
  C:\Windows\System\aOFqgya.exe
  2⤵
  PID:11312
- C:\Windows\System\eFEjUnY.exe
  C:\Windows\System\eFEjUnY.exe
  2⤵
  PID:11328
- C:\Windows\System\tQkHbRn.exe
  C:\Windows\System\tQkHbRn.exe
  2⤵
  PID:11352
- C:\Windows\System\zhevcKf.exe
  C:\Windows\System\zhevcKf.exe
  2⤵
  PID:11368
- C:\Windows\System\TCJgZNo.exe
  C:\Windows\System\TCJgZNo.exe
  2⤵
  PID:11400
- C:\Windows\System\aipKKBO.exe
  C:\Windows\System\aipKKBO.exe
  2⤵
  PID:11416
- C:\Windows\System\bgFcrsP.exe
  C:\Windows\System\bgFcrsP.exe
  2⤵
  PID:11440
- C:\Windows\System\uFHetYh.exe
  C:\Windows\System\uFHetYh.exe
  2⤵
  PID:11520
- C:\Windows\System\AFHEKLl.exe
  C:\Windows\System\AFHEKLl.exe
  2⤵
  PID:11580
- C:\Windows\System\PKWmnOf.exe
  C:\Windows\System\PKWmnOf.exe
  2⤵
  PID:11596
- C:\Windows\System\ZZUKxDb.exe
  C:\Windows\System\ZZUKxDb.exe
  2⤵
  PID:11616
- C:\Windows\System\qdeeCdz.exe
  C:\Windows\System\qdeeCdz.exe
  2⤵
  PID:11632
- C:\Windows\System\GdFCMYF.exe
  C:\Windows\System\GdFCMYF.exe
  2⤵
  PID:11664
- C:\Windows\System\rJyTEYA.exe
  C:\Windows\System\rJyTEYA.exe
  2⤵
  PID:11700
- C:\Windows\System\muMYOGL.exe
  C:\Windows\System\muMYOGL.exe
  2⤵
  PID:11740
- C:\Windows\System\xrOrhaX.exe
  C:\Windows\System\xrOrhaX.exe
  2⤵
  PID:11756
- C:\Windows\System\IqsmvrM.exe
  C:\Windows\System\IqsmvrM.exe
  2⤵
  PID:11784
- C:\Windows\System\ewkbdCY.exe
  C:\Windows\System\ewkbdCY.exe
  2⤵
  PID:11800
- C:\Windows\System\HwcNesf.exe
  C:\Windows\System\HwcNesf.exe
  2⤵
  PID:11824
- C:\Windows\System\GdmRGPu.exe
  C:\Windows\System\GdmRGPu.exe
  2⤵
  PID:11848
- C:\Windows\System\KaeeJkM.exe
  C:\Windows\System\KaeeJkM.exe
  2⤵
  PID:11868
- C:\Windows\System\tRPjTAF.exe
  C:\Windows\System\tRPjTAF.exe
  2⤵
  PID:11896
- C:\Windows\System\AyNiwmT.exe
  C:\Windows\System\AyNiwmT.exe
  2⤵
  PID:12028
- C:\Windows\System\zFdCAgt.exe
  C:\Windows\System\zFdCAgt.exe
  2⤵
  PID:12056
- C:\Windows\System\TuZaTlr.exe
  C:\Windows\System\TuZaTlr.exe
  2⤵
  PID:12076
- C:\Windows\System\kCHlSUS.exe
  C:\Windows\System\kCHlSUS.exe
  2⤵
  PID:12096
- C:\Windows\System\bTVtmLV.exe
  C:\Windows\System\bTVtmLV.exe
  2⤵
  PID:12112
- C:\Windows\System\vIGdwYu.exe
  C:\Windows\System\vIGdwYu.exe
  2⤵
  PID:12140
- C:\Windows\System\znUdUsh.exe
  C:\Windows\System\znUdUsh.exe
  2⤵
  PID:12156
- C:\Windows\System\ExQhTge.exe
  C:\Windows\System\ExQhTge.exe
  2⤵
  PID:12196
- C:\Windows\System\zkuefqJ.exe
  C:\Windows\System\zkuefqJ.exe
  2⤵
  PID:12224
- C:\Windows\System\yJLXbLO.exe
  C:\Windows\System\yJLXbLO.exe
  2⤵
  PID:12248
- C:\Windows\System\BgtgQJb.exe
  C:\Windows\System\BgtgQJb.exe
  2⤵
  PID:12268
- C:\Windows\System\CkJEfAy.exe
  C:\Windows\System\CkJEfAy.exe
  2⤵
  PID:10932
- C:\Windows\System\BsQdZwk.exe
  C:\Windows\System\BsQdZwk.exe
  2⤵
  PID:11276
- C:\Windows\System\MamQVtx.exe
  C:\Windows\System\MamQVtx.exe
  2⤵
  PID:11408
- C:\Windows\System\yBKraWM.exe
  C:\Windows\System\yBKraWM.exe
  2⤵
  PID:11428
- C:\Windows\System\fBeGzsM.exe
  C:\Windows\System\fBeGzsM.exe
  2⤵
  PID:11492
- C:\Windows\System\ALRpKTe.exe
  C:\Windows\System\ALRpKTe.exe
  2⤵
  PID:11628
- C:\Windows\System\vmojSSl.exe
  C:\Windows\System\vmojSSl.exe
  2⤵
  PID:11696
- C:\Windows\System\UrJwrTf.exe
  C:\Windows\System\UrJwrTf.exe
  2⤵
  PID:11732
- C:\Windows\System\wlVmZPJ.exe
  C:\Windows\System\wlVmZPJ.exe
  2⤵
  PID:11796
- C:\Windows\System\EYZGCAD.exe
  C:\Windows\System\EYZGCAD.exe
  2⤵
  PID:11864
- C:\Windows\System\VgnzVSB.exe
  C:\Windows\System\VgnzVSB.exe
  2⤵
  PID:11928
- C:\Windows\System\ZMFfaPP.exe
  C:\Windows\System\ZMFfaPP.exe
  2⤵
  PID:11968
- C:\Windows\System\shOZmkG.exe
  C:\Windows\System\shOZmkG.exe
  2⤵
  PID:11988
- C:\Windows\System\bKikpIu.exe
  C:\Windows\System\bKikpIu.exe
  2⤵
  PID:11948
- C:\Windows\System\ZkETCOo.exe
  C:\Windows\System\ZkETCOo.exe
  2⤵
  PID:12024
- C:\Windows\System\yWRIufu.exe
  C:\Windows\System\yWRIufu.exe
  2⤵
  PID:12108
- C:\Windows\System\EfvLWWF.exe
  C:\Windows\System\EfvLWWF.exe
  2⤵
  PID:12132
- C:\Windows\System\LtjDaws.exe
  C:\Windows\System\LtjDaws.exe
  2⤵
  PID:12204
- C:\Windows\System\HmPCqwP.exe
  C:\Windows\System\HmPCqwP.exe
  2⤵
  PID:12260
- C:\Windows\System\CoAKLJm.exe
  C:\Windows\System\CoAKLJm.exe
  2⤵
  PID:10688
- C:\Windows\System\tOzyzfs.exe
  C:\Windows\System\tOzyzfs.exe
  2⤵
  PID:10484
- C:\Windows\System\UqewGdB.exe
  C:\Windows\System\UqewGdB.exe
  2⤵
  PID:11476
- C:\Windows\System\vcjSDdp.exe
  C:\Windows\System\vcjSDdp.exe
  2⤵
  PID:11624
- C:\Windows\System\FOpmxHF.exe
  C:\Windows\System\FOpmxHF.exe
  2⤵
  PID:11880
- C:\Windows\System\OeWdVli.exe
  C:\Windows\System\OeWdVli.exe
  2⤵
  PID:12000
- C:\Windows\System\qyGZXwO.exe
  C:\Windows\System\qyGZXwO.exe
  2⤵
  PID:12084
- C:\Windows\System\cmBKvWU.exe
  C:\Windows\System\cmBKvWU.exe
  2⤵
  PID:12240
- C:\Windows\System\AKlORae.exe
  C:\Windows\System\AKlORae.exe
  2⤵
  PID:4904
- C:\Windows\System\VaWlocH.exe
  C:\Windows\System\VaWlocH.exe
  2⤵
  PID:10396
- C:\Windows\System\HnVxwgh.exe
  C:\Windows\System\HnVxwgh.exe
  2⤵
  PID:12068
- C:\Windows\System\zRSwFsg.exe
  C:\Windows\System\zRSwFsg.exe
  2⤵
  PID:3224
- C:\Windows\System\goMvRvj.exe
  C:\Windows\System\goMvRvj.exe
  2⤵
  PID:12292
- C:\Windows\System\gszZbUO.exe
  C:\Windows\System\gszZbUO.exe
  2⤵
  PID:12328
- C:\Windows\System\AWhaLfb.exe
  C:\Windows\System\AWhaLfb.exe
  2⤵
  PID:12352
- C:\Windows\System\cKgBfWb.exe
  C:\Windows\System\cKgBfWb.exe
  2⤵
  PID:12376
- C:\Windows\System\ByWgehJ.exe
  C:\Windows\System\ByWgehJ.exe
  2⤵
  PID:12400
- C:\Windows\System\aBDdXcF.exe
  C:\Windows\System\aBDdXcF.exe
  2⤵
  PID:12416
- C:\Windows\System\DPJouXx.exe
  C:\Windows\System\DPJouXx.exe
  2⤵
  PID:12476
- C:\Windows\System\QdbGtwy.exe
  C:\Windows\System\QdbGtwy.exe
  2⤵
  PID:12496
- C:\Windows\System\pHaIbvm.exe
  C:\Windows\System\pHaIbvm.exe
  2⤵
  PID:12516
- C:\Windows\System\oURHRoG.exe
  C:\Windows\System\oURHRoG.exe
  2⤵
  PID:12548
- C:\Windows\System\vIBOiYk.exe
  C:\Windows\System\vIBOiYk.exe
  2⤵
  PID:12564
- C:\Windows\System\nIHDEZK.exe
  C:\Windows\System\nIHDEZK.exe
  2⤵
  PID:12600
- C:\Windows\System\yIcBJpD.exe
  C:\Windows\System\yIcBJpD.exe
  2⤵
  PID:12620
- C:\Windows\System\tYaYbcy.exe
  C:\Windows\System\tYaYbcy.exe
  2⤵
  PID:12640
- C:\Windows\System\wboZLKf.exe
  C:\Windows\System\wboZLKf.exe
  2⤵
  PID:12656
- C:\Windows\System\bJjpFzE.exe
  C:\Windows\System\bJjpFzE.exe
  2⤵
  PID:12676
- C:\Windows\System\afufAYi.exe
  C:\Windows\System\afufAYi.exe
  2⤵
  PID:12696
- C:\Windows\System\bKgxRXu.exe
  C:\Windows\System\bKgxRXu.exe
  2⤵
  PID:12716
- C:\Windows\System\LsoPRtd.exe
  C:\Windows\System\LsoPRtd.exe
  2⤵
  PID:12744
- C:\Windows\System\mMRFqBR.exe
  C:\Windows\System\mMRFqBR.exe
  2⤵
  PID:12760
- C:\Windows\System\GxreSmI.exe
  C:\Windows\System\GxreSmI.exe
  2⤵
  PID:12784
- C:\Windows\System\pnPrKnF.exe
  C:\Windows\System\pnPrKnF.exe
  2⤵
  PID:12808
- C:\Windows\System\hKgDYLL.exe
  C:\Windows\System\hKgDYLL.exe
  2⤵
  PID:12884
- C:\Windows\System\sBhCixn.exe
  C:\Windows\System\sBhCixn.exe
  2⤵
  PID:12904
- C:\Windows\System\pgeYnSW.exe
  C:\Windows\System\pgeYnSW.exe
  2⤵
  PID:12924
- C:\Windows\System\dUETqfq.exe
  C:\Windows\System\dUETqfq.exe
  2⤵
  PID:12944
- C:\Windows\System\AKEaqtO.exe
  C:\Windows\System\AKEaqtO.exe
  2⤵
  PID:12960
- C:\Windows\System\pAagCwr.exe
  C:\Windows\System\pAagCwr.exe
  2⤵
  PID:12992
- C:\Windows\System\KiltXVi.exe
  C:\Windows\System\KiltXVi.exe
  2⤵
  PID:13044
- C:\Windows\System\wkgIdhe.exe
  C:\Windows\System\wkgIdhe.exe
  2⤵
  PID:13064
- C:\Windows\System\tpxnHhG.exe
  C:\Windows\System\tpxnHhG.exe
  2⤵
  PID:13132
- C:\Windows\System\OSwZXbl.exe
  C:\Windows\System\OSwZXbl.exe
  2⤵
  PID:13176
- C:\Windows\System\ZigotQL.exe
  C:\Windows\System\ZigotQL.exe
  2⤵
  PID:13200
- C:\Windows\System\QIMKWTR.exe
  C:\Windows\System\QIMKWTR.exe
  2⤵
  PID:13220
- C:\Windows\System\sHtEJOZ.exe
  C:\Windows\System\sHtEJOZ.exe
  2⤵
  PID:13256
- C:\Windows\System\gEkFbqU.exe
  C:\Windows\System\gEkFbqU.exe
  2⤵
  PID:13296
- C:\Windows\System\ecxcquk.exe
  C:\Windows\System\ecxcquk.exe
  2⤵
  PID:11564
- C:\Windows\System\lEfsowP.exe
  C:\Windows\System\lEfsowP.exe
  2⤵
  PID:12324
- C:\Windows\System\AVxOTCm.exe
  C:\Windows\System\AVxOTCm.exe
  2⤵
  PID:12372
- C:\Windows\System\Uwvnrxw.exe
  C:\Windows\System\Uwvnrxw.exe
  2⤵
  PID:12408
- C:\Windows\System\KnkUamK.exe
  C:\Windows\System\KnkUamK.exe
  2⤵
  PID:12508
- C:\Windows\System\vayVdhD.exe
  C:\Windows\System\vayVdhD.exe
  2⤵
  PID:12572
- C:\Windows\System\aiYAKer.exe
  C:\Windows\System\aiYAKer.exe
  2⤵
  PID:12612
- C:\Windows\System\DKpeEpy.exe
  C:\Windows\System\DKpeEpy.exe
  2⤵
  PID:12608
- C:\Windows\System\REEjdCW.exe
  C:\Windows\System\REEjdCW.exe
  2⤵
  PID:12688
- C:\Windows\System\banUiYz.exe
  C:\Windows\System\banUiYz.exe
  2⤵
  PID:12752
- C:\Windows\System\LUhsldr.exe
  C:\Windows\System\LUhsldr.exe
  2⤵
  PID:12776
- C:\Windows\System\FGLUVMk.exe
  C:\Windows\System\FGLUVMk.exe
  2⤵
  PID:12932
- C:\Windows\System\TwioWqv.exe
  C:\Windows\System\TwioWqv.exe
  2⤵
  PID:12844
- C:\Windows\System\VTjJvJD.exe
  C:\Windows\System\VTjJvJD.exe
  2⤵
  PID:12988
- C:\Windows\System\KrIFuTy.exe
  C:\Windows\System\KrIFuTy.exe
  2⤵
  PID:13172
- C:\Windows\System\mJqVOrx.exe
  C:\Windows\System\mJqVOrx.exe
  2⤵
  PID:13164
- C:\Windows\System\sxbDnUh.exe
  C:\Windows\System\sxbDnUh.exe
  2⤵
  PID:13276
- C:\Windows\System\bcntSnI.exe
  C:\Windows\System\bcntSnI.exe
  2⤵
  PID:13308
- C:\Windows\System\mUufXAr.exe
  C:\Windows\System\mUufXAr.exe
  2⤵
  PID:12452
- C:\Windows\System\zRHCNYL.exe
  C:\Windows\System\zRHCNYL.exe
  2⤵
  PID:12492
- C:\Windows\System\sLAMfHi.exe
  C:\Windows\System\sLAMfHi.exe
  2⤵
  PID:12672
- C:\Windows\System\ospFTDN.exe
  C:\Windows\System\ospFTDN.exe
  2⤵
  PID:12708
- C:\Windows\System\hRzwOvm.exe
  C:\Windows\System\hRzwOvm.exe
  2⤵
  PID:12896
- C:\Windows\System\tdAXHlI.exe
  C:\Windows\System\tdAXHlI.exe
  2⤵
  PID:3248
- C:\Windows\System\jEEkOsS.exe
  C:\Windows\System\jEEkOsS.exe
  2⤵
  PID:13252
- C:\Windows\System\qpKPuhq.exe
  C:\Windows\System\qpKPuhq.exe
  2⤵
  PID:13020
- C:\Windows\System\dgQRDkO.exe
  C:\Windows\System\dgQRDkO.exe
  2⤵
  PID:3292
- C:\Windows\System\kKYyVvg.exe
  C:\Windows\System\kKYyVvg.exe
  2⤵
  PID:6764
- C:\Windows\System\IpqtlFi.exe
  C:\Windows\System\IpqtlFi.exe
  2⤵
  PID:12540

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:13412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vciqg5ue.yzw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BJoJOpc.exe

Filesize
1.5MB

MD5
74da978a16a9142ae01a1a088406097c

SHA1
833f2834990ac881f76ba9007a774df0dcfcd386

SHA256
0a1eb600bc9e3a1406a824fed213fe576969e90bac47036e83dae90d999cb099

SHA512
d9687ea3bbffe1d1b9c42290aff55d06b6f4021401a161778dfdc00545edf45620a676e88755a77acecf7430be5b63b0b013ed6df61952b4523e6e4868bf44f9

Download Submit
C:\Windows\System\DYoHKvs.exe

Filesize
1.5MB

MD5
3f375b6874c4228c16c91b8219c86141

SHA1
95e72fc507435d8ef8009443b56afa36d063221d

SHA256
443704d88d0f2de8a28317fe92ff962603c291fdadd3101b4450b474ec83c9b2

SHA512
10b0f9a847302596c0117cd732ca6c29fbbca5a87caba115f5c5003eedfe916eeb3522da5ca550e0ac0154bacb292527a5eddd75bfc82d0f957225fc86c0da3a

Download Submit
C:\Windows\System\FmNqNGc.exe

Filesize
1.5MB

MD5
d5fb62542dd5f4c57669e650678cb0ca

SHA1
3d23b8d164a46c012cd5bbfbc29f287b0e3482c0

SHA256
8dcf293d3b40240b94386f9937de35d72eadef97152d754ab49435cc5d7b2cb7

SHA512
1f400247a378322f3632c1b71b6a8a39e15b4f4f6d6bba8de812757481441f7fe33f4780e72a859fc6abd3cd3d89e1df1d55d067439189f4258b4c9b121b640b

Download Submit
C:\Windows\System\GRHOLrO.exe

Filesize
1.5MB

MD5
02d8ea3907854cb31a5f1cff784b62d3

SHA1
82b28b7d81df09f50ada4dcef434ebbd4c6eb09c

SHA256
e5460e60c468257afda23005d07cb7c435b2e1a6bea7a1d118783f99ef072f55

SHA512
f7bd0481ba79149ec8415727f53d05a57864a6f7a57dec4eb251c04e81e4ae29c9bd7afc5d6c724f166bcd5a138e9526052f8cb9d32ed8e786a1d17567a96d66

Download Submit
C:\Windows\System\HMDoksu.exe

Filesize
1.5MB

MD5
e7a83c4baa0aba902b57878be2cf0f34

SHA1
e96f55f4a3d9e6c8606bc648da1384ef794cffb3

SHA256
7ed4922f2ebd8c239b2642dc0e37eff45f1b589f5af96f018cf45836344f052d

SHA512
9cba1d214dff7bc4cc60a75a89028460171cd095827a140c39579af78d5cc08e984e38cde9ec11723e25d2e1496b589f9ce167d1e2b8bd6c5b208275cd544dcb

Download Submit
C:\Windows\System\HiHQlIV.exe

Filesize
1.5MB

MD5
8a0000ff14565bf3207acadd19c6608f

SHA1
343b867a800f43a3a6ea45e16cafc32dcd8be683

SHA256
58f3bfcccfb4be57117df2358549aebb23107a29c12f567c55455312ec9b4f78

SHA512
5bbcb5eae76cb401b8f837d5365749e71f6ac01af1921f13581c4c36b59ec5bce3f3aea9fb922d4864c84a366727b16cffaad7b3cd97ffc620bdaee45587cc71

Download Submit
C:\Windows\System\Jfnwyhw.exe

Filesize
1.5MB

MD5
7d9683e9fee834b8bb575c0ea5790df8

SHA1
f7e86fd373610e8ca13072cee29153ed4a388f09

SHA256
833f9d48f3fb5c326817c71859720d6c0aa07d015cde94bbe46601e79c88f559

SHA512
15b67f75a8979fef9cb8b4e2aa14b0d9bbbdfaab911c4faf2f513805f3bd22f44ef6e0ad92e7b11de19ece48997a60f17773805a5f135aee4cbc988085518f5f

Download Submit
C:\Windows\System\KBqqjyo.exe

Filesize
1.5MB

MD5
b4509a66289168cc81e195494fcc2911

SHA1
b971911c6403cc7c7180a5b30c1a79329174e91a

SHA256
4c79a932624838a04695b69ea555ef48deafd97c7d780203eba3c1ad141d1f2c

SHA512
d9daf2789da10ea7031dbb3ca43d8e4aa3b901ed00a996bc0ebe95df4e4f164a08aa2a00b22ab8776f4a4025aa9e36381f3692fcce1859f89d19bbd9b7b1dbaf

Download Submit
C:\Windows\System\TGSTnhC.exe

Filesize
1.5MB

MD5
95b9202a7709f70e700ed80ede58fde8

SHA1
bddd41e708396b29690083634dc9a9b3196f3c9f

SHA256
1098c4f06a77e6da8c136ac3450e5b8a6e9a859066f1d170f576d465abeb5cfd

SHA512
0b4d7adb1372cd6821834dd045132bf62711b888840e84b06150335e78d60ba03ee9255721036ecd832d1737624db1172a43aa40a9d6da1c6db8a657d0278972

Download Submit
C:\Windows\System\TRTAzMC.exe

Filesize
1.5MB

MD5
90c9ef7c4679a9023223466c2444d071

SHA1
ebfc8448760d7005a2b964f6c9af58092fb43294

SHA256
f43ef5033ea25d9dfe1c7de478b0e2e9f5617e08434de6487bf633b048fe6c9a

SHA512
06048d0c52c54254cbb687c64e6dfeb61e76ca82008aa49183f5d86e0c1d1ead6634324b3f5f3f1f810a537789691226d1415ecb4b7375312b8a69bd2d36ea5e

Download Submit
C:\Windows\System\TxNqUcM.exe

Filesize
1.5MB

MD5
7c0fb0a5f0568d32f884b8b839b1746b

SHA1
c020dac7e3b11d09addd88817cde9445e3e9771a

SHA256
8e75fe5134d9ac04dd8de8b921efdb01b3678a96ed671904235a66014dac9634

SHA512
5e19017d9bc61e97fc4e935c9e9c9efcf4f3e1041e4d4c305356e96b4e3227bd774a8ca22891da3993728e06f8b2b7af8bb8f12f677189a0dfe0a8f3c8ee5f2d

Download Submit
C:\Windows\System\TyriujR.exe

Filesize
1.5MB

MD5
7a9541b1524242f7265511c656192631

SHA1
767db1972d31e363a38045808df0393a744a3596

SHA256
c71ed4cb0d9f1ce167232d17c2f19df8e55a24cdd1c7085167386ac19627268a

SHA512
a2cb563338f4117ca94d16d3c1c5c070d5d0be02e2135f454425d2b0c7a995392b43d91c51f5d92bf9a4ea31a7622260f92617059a00657a2cba4acb09282221

Download Submit
C:\Windows\System\VhNPJii.exe

Filesize
1.5MB

MD5
196e4438b2f1af6e0528afd1670fe9d0

SHA1
f676417d177fbee4dd01d35d720a458b26465533

SHA256
4a3b74411fe708ac5c539502906a4366956e4607552463afb06aabf2b940e5f2

SHA512
7564ddc0dd28de51aa69e95d9066762980ac57074322c844daa78ce1b125cb7cbc3447f9a79c48948658e71d921875b014031c6878ad67a82b40adafb75b3959

Download Submit
C:\Windows\System\WtoGfBm.exe

Filesize
1.5MB

MD5
9038be2dfc5f054656bc9bbec0311635

SHA1
78a7d5504f630659e0e301bb9784bd5f01e58b2f

SHA256
bf387c0d99726beffc111d88bba038c02f32a568c07a03c8ffa0a4d5d8b3f628

SHA512
4c67b5d3643209f884b9736bb4e740a175c32ec9fa13071fb65960bb4f75faaeb6d852e377a94b319079c01b2229b0e14df68d6ae8662594fd82f21c57991442

Download Submit
C:\Windows\System\YKMLQiw.exe

Filesize
1.5MB

MD5
c08ddec2cc429a74f653dfbde215ec17

SHA1
a5fe939bb7b92d02204f77e2dc99b634e8566d37

SHA256
a6dcb992ec000983211d1358e2255612db981d938c9bc07631b7e309d7ab753d

SHA512
42548f1c7f81853680265a3ca0d5fe35a461f0fbf483e46b397804631d22b8c08212cad5f9166912449edac8b17d5e984417f1c0999e66bb22aca5bed5d71f4e

Download Submit
C:\Windows\System\ZSPiMGB.exe

Filesize
1.5MB

MD5
b781b1c674787b45510fb4b3d2a46a08

SHA1
cbb14f9af68ec1f0fd4cca7b7aacd806235411e0

SHA256
4cf68b56f05f57537d2c481da30efb31740253ecc1cfef36ec9ef20fa0f0e388

SHA512
86d166faa894e606297fc92a15368aae852eec602773ce3fd1f3928d32eacc146fa3557b2c979d39d454af00df52752033aede96a0f1e88d9b19cdd1c4e466c6

Download Submit
C:\Windows\System\aIvmCql.exe

Filesize
1.5MB

MD5
325db8cf71b24b34e58eec5f77fe9557

SHA1
51c8bc2e342ed7995ff07b983794b7c552b5dc53

SHA256
a7c292eec9fe544fb01de9e6e22f39c1c93ea4207ad2296cf645321d6b971704

SHA512
e4ecc992ecd90d4cdac9383c25306a0fb9977ea8f00833eeafe959f15f5127bb49ca52d25b1a80b926cc55c2ff9bb4710da215bb26fb2e54433e9aef4d56915f

Download Submit
C:\Windows\System\aSZyCVm.exe

Filesize
1.5MB

MD5
48a3279dd13096385dce498e53952821

SHA1
85cce54d02de8d05f66808d2a98ab22e2715631c

SHA256
8d350e20497445633d29825dd6246632ffbbb494e07868cd9fb92046fbe174e3

SHA512
fb891d752ecf8f198aab71d48f7268e254049c5880fffd8b29e2d5bb72398f56ee632b222bf9088151f76bcab163cbce522f94ab655c8394f16b7111521f8b43

Download Submit
C:\Windows\System\hLWDhrO.exe

Filesize
1.5MB

MD5
aa664b1f41d267e1267cb6a9dec3003c

SHA1
103f618601595f34c624c13e709ecf1b0f5e2112

SHA256
d669655116dae18e428f0f9058add3ddde554cccc80de1fc432227cbea498451

SHA512
f0f3275f0be60664c0b4a020ae9b7c3128f3b87b3b9167e5df421afaeabd552816ca9b5d9560add53aed25b851183161d5056b17e29949647558ee8596260158

Download Submit
C:\Windows\System\hwbOwxs.exe

Filesize
1.5MB

MD5
dfb924744521011a3073dab37e80e7ec

SHA1
8670b745ee399ab87b71fa37c6b8d6c2d7771369

SHA256
013777e0b191433f1a059a189def6f09cb6b479e146adc7051808167cb4b010a

SHA512
b25bdae336dfdddb7e3b12223c85357970eecbe44931c6b313132cfe1ebf44e7f082634aff8a1f52e6c3828751ac033510660e5895e0275f38d08a7f5c75287f

Download Submit
C:\Windows\System\iyMIUrv.exe

Filesize
1.5MB

MD5
a050ca0a387be8bba25c9da4c5ee52d0

SHA1
063a2cbd3e765f7fc932351e161cda4ba3f9d933

SHA256
a14a4780825779a00f1b830bf74f5a7e8fb67969f31f70bfcba399f746cb60da

SHA512
a9c56c36294af3dfd64f9bdd0cd07d51aa9123425a82b8859daace793972913979043e75dadc1408677839516999bf7f9d866402082259c36abfc632c804451c

Download Submit
C:\Windows\System\jTatjWz.exe

Filesize
1.5MB

MD5
720e6e0ed7e8eff3bfcac54467c06670

SHA1
265a541c651ad27c9e9459010f5d976a6196a1dc

SHA256
f81c6a23503d0bc3a45245b16ea5f0e25fa4594eb9f4649b7d4fd0cd654aba42

SHA512
60795660232300e3de72ed462fcf7d624e84a8d3a2b33f7b04c04123206e24332161537e4b90a549b1d436acf0d9fa507e2d9af697fc921920aa72008d90998f

Download Submit
C:\Windows\System\krrzCqc.exe

Filesize
1.5MB

MD5
aaac202334102c3aa680163aa6690fbf

SHA1
4dea08c576ff3d962eb2cfb62d984105d4ba7750

SHA256
fe1be58d211068284c6bb7c664e3dcdf9be0bb02390517308ada115c8831d8a9

SHA512
9fc6942bfe3c87941b1e154b29a2def79fa3c87b8058322be7e23843c5182489d72973df54c7fa184d1e589379f0978065907fc14022f4ecb42f1cdff8e96d41

Download Submit
C:\Windows\System\lWZgmBd.exe

Filesize
1.5MB

MD5
7cdaaf16be5a90d8c16af261fc1fb7f7

SHA1
b37659e3d936f9ab30026bc2162c18c0ba6d2953

SHA256
85770400c46ce2db3059f023e0c1267bb2429be3fd010c2cda61c5d09155f668

SHA512
cbcdbf59e48dbe52dcfafbc181fea09c18c61aac52cc9ca549d2378f3d7d4c348163f984295bdfcbc28767f278ce98e89e3dca014d8cf6bf68df09a9cc6d3bd4

Download Submit
C:\Windows\System\lyAccYR.exe

Filesize
8B

MD5
8a9416a5ba3f4513ce86ee25fcd9ed2c

SHA1
a36f3dd1333c8cfee404b646d4c6809d7e653313

SHA256
fb7dd3a16f87fe8b7e98987069f2b605508df1550402bd2a9bfdec4856b1a59a

SHA512
c747d417c3e282ae9ec82b691c8fea9cb7d0729d1dda54d2144fa9c71dd39f2ab11cee5a6768a89cb91fd4a7ae6e579302cb4e4de8d6384014994320074580a4

Download Submit
C:\Windows\System\msfJfub.exe

Filesize
1.5MB

MD5
a637045f01784b495809e3401115ea1e

SHA1
eb0c3f9364f0c0e473152ef8659fbad13bec30e2

SHA256
a3da2a02a0e3d7479aaf4b32315d5ccd3e230b5470023097734604eb3ee9a4e7

SHA512
10e9f206e5237db52f83b28f0ca884ebae884e92b027d8ae77967f86cc717bd37dc367b2d940d785845578bc11594a1915b287ac9e41550539328a1b7ffaba44

Download Submit
C:\Windows\System\nKzVZkK.exe

Filesize
1.5MB

MD5
20fbe9b342d94829ea22f2022d043ca4

SHA1
1aa087903dba012a10da09b2fb2aa0b9a0ef6702

SHA256
a541f841b4b4c8cccbbfebbbea72940595406584d4c85e48e387be80f4b72fac

SHA512
79d13b54a1360ac4e7cfd607261910531d18359b5b2faa560b5ad695ca41ecbb7306ddf1bcd2ba392878cce483366898bbce66347d135edd52c428b712a43121

Download Submit
C:\Windows\System\rYyXlQI.exe

Filesize
1.5MB

MD5
7915487fcbd8f230ca10487fcd5fd59d

SHA1
1b8157c08a51244646cebd100fc0914e677b4e4f

SHA256
be7e615af683e435e5bbe70edaed040539c3d2044624977cf8988e3b5221c2d7

SHA512
6d3989bb115210160053bb2b9fa976f7bfbd58dd781e9f5a08b18a962f12dc4fc445dc89722f814d615f76d47d04abbe7fbc5cbb5c5324290337e873bbcfdea1

Download Submit
C:\Windows\System\tAwvUYA.exe

Filesize
1.5MB

MD5
740123c0e6723f174724466e43d24395

SHA1
42f5d8b63723cf832e734875063322bd2c602e27

SHA256
4228f9fabcfa9074c5a67bdd4d12f784ccc07a3b1840eed824da8b6d3ef94c19

SHA512
2aaec560c0150f9e044730fa424832b7df6e8c3857fc21dbdf4fbce2624de98a758d41434803a8e56241d3b9538bc436d18a1de69caadc6e0b3e05ba6e646d42

Download Submit
C:\Windows\System\utZWiOl.exe

Filesize
1.5MB

MD5
a2fbda3322a7aeeee800b66987272ba5

SHA1
83f76244e3ffb8639d42df8173b413b4db732562

SHA256
2e141cbb984598c476e6702233e13dac4452869d5abd3c62f8a8ce6e8d9ced66

SHA512
a4eed57b9477ef6748f0dccf3dd7e8cdec6ba0189380bd7a8554dc8cc4f811289c77e6a8a4eb9cbbb61dfb84fc7458e3b55e0c7f31a3825cf03a4c5358945be6

Download Submit
C:\Windows\System\uzGzbHW.exe

Filesize
1.5MB

MD5
32bf54955adf19ad6b1a231c2df049ce

SHA1
a498b69272d73b794190f7abd0509f75cb7eb564

SHA256
ef7f084d217338d61cb58f27681ebe640b67e3ed6c25e43e2e94dd1bdf3f801c

SHA512
50302941b3dbf9e6317ba1f09134a1b6caa0f8273623cae43754198de7922c1648d66b3138e15460a5b72913d6618c7d8272e94fc3f64a77075ed7891dd2a63e

Download Submit
C:\Windows\System\vIXrSav.exe

Filesize
1.5MB

MD5
3b00bae23284ab935701cdadf482983b

SHA1
23c12ee68808091149f57828653efb7238698c41

SHA256
c9e918bd6795feb30ed8e2fc543eb92e467370c185b7926f0a4a2fb70f927ccc

SHA512
bb24443368ae08cf6e7e37ccd79585d281a9eae657e406a068c6f32347bd87a2b72f9ea6da4780892b148544b0a2c41f9c453f4501388db7b14b6bf591f6d3d9

Download Submit
C:\Windows\System\wBlrtEu.exe

Filesize
1.5MB

MD5
fe93c2d968d80c189e92a1bed27d4c80

SHA1
78bb4b57974fbe9c0ce74838c2cf53e3d8e37063

SHA256
e513989284911d70734f165c43b153977b7140d98fdc020908aa3a08dd8482cf

SHA512
72e6deb3b7a7f7ec092b784260b8a8a019481ebe42a1cf019066772976a96eb1d9071db695df5c9164d89ad23693cddb8b504cbb9c5376e12109c928bb0f3f75

Download Submit
memory/368-142-0x00007FF745970000-0x00007FF745D62000-memory.dmp

Filesize
3.9MB

Download
memory/368-2596-0x00007FF745970000-0x00007FF745D62000-memory.dmp

Filesize
3.9MB

Download
memory/368-2709-0x00007FF745970000-0x00007FF745D62000-memory.dmp

Filesize
3.9MB

Download
memory/456-2708-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp

Filesize
3.9MB

Download
memory/456-153-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp

Filesize
3.9MB

Download
memory/456-2631-0x00007FF60A6F0000-0x00007FF60AAE2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-62-0x00007FF65D4F0000-0x00007FF65D8E2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-2614-0x00007FF65D4F0000-0x00007FF65D8E2000-memory.dmp

Filesize
3.9MB

Download
memory/1056-2228-0x00007FFAA29F3000-0x00007FFAA29F5000-memory.dmp

Filesize
8KB

Download
memory/1056-74-0x0000012EA65A0000-0x0000012EA65C2000-memory.dmp

Filesize
136KB

Download
memory/1056-20-0x0000012EA4320000-0x0000012EA4330000-memory.dmp

Filesize
64KB

Download
memory/1056-58-0x00007FFAA29F3000-0x00007FFAA29F5000-memory.dmp

Filesize
8KB

Download
memory/1056-75-0x0000012EA7130000-0x0000012EA78D6000-memory.dmp

Filesize
7.6MB

Download
memory/1488-104-0x00007FF772F10000-0x00007FF773302000-memory.dmp

Filesize
3.9MB

Download
memory/1488-2682-0x00007FF772F10000-0x00007FF773302000-memory.dmp

Filesize
3.9MB

Download
memory/1928-112-0x00007FF73A660000-0x00007FF73AA52000-memory.dmp

Filesize
3.9MB

Download
memory/1928-2671-0x00007FF73A660000-0x00007FF73AA52000-memory.dmp

Filesize
3.9MB

Download
memory/2060-45-0x00007FF6B55E0000-0x00007FF6B59D2000-memory.dmp

Filesize
3.9MB

Download
memory/2060-2606-0x00007FF6B55E0000-0x00007FF6B59D2000-memory.dmp

Filesize
3.9MB

Download
memory/2072-1142-0x00007FF759A90000-0x00007FF759E82000-memory.dmp

Filesize
3.9MB

Download
memory/2072-56-0x00007FF759A90000-0x00007FF759E82000-memory.dmp

Filesize
3.9MB

Download
memory/2072-2616-0x00007FF759A90000-0x00007FF759E82000-memory.dmp

Filesize
3.9MB

Download
memory/2096-2676-0x00007FF739860000-0x00007FF739C52000-memory.dmp

Filesize
3.9MB

Download
memory/2096-103-0x00007FF739860000-0x00007FF739C52000-memory.dmp

Filesize
3.9MB

Download
memory/2376-25-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp

Filesize
3.9MB

Download
memory/2376-2601-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp

Filesize
3.9MB

Download
memory/2376-1124-0x00007FF76C0A0000-0x00007FF76C492000-memory.dmp

Filesize
3.9MB

Download
memory/2564-118-0x00007FF6138A0000-0x00007FF613C92000-memory.dmp

Filesize
3.9MB

Download
memory/2564-2680-0x00007FF6138A0000-0x00007FF613C92000-memory.dmp

Filesize
3.9MB

Download
memory/2664-2704-0x00007FF713040000-0x00007FF713432000-memory.dmp

Filesize
3.9MB

Download
memory/2664-2576-0x00007FF713040000-0x00007FF713432000-memory.dmp

Filesize
3.9MB

Download
memory/2664-140-0x00007FF713040000-0x00007FF713432000-memory.dmp

Filesize
3.9MB

Download
memory/2920-93-0x00007FF7A83C0000-0x00007FF7A87B2000-memory.dmp

Filesize
3.9MB

Download
memory/2920-2669-0x00007FF7A83C0000-0x00007FF7A87B2000-memory.dmp

Filesize
3.9MB

Download
memory/3204-61-0x00007FF7B01B0000-0x00007FF7B05A2000-memory.dmp

Filesize
3.9MB

Download
memory/3204-2617-0x00007FF7B01B0000-0x00007FF7B05A2000-memory.dmp

Filesize
3.9MB

Download
memory/3440-2685-0x00007FF746340000-0x00007FF746732000-memory.dmp

Filesize
3.9MB

Download
memory/3440-134-0x00007FF746340000-0x00007FF746732000-memory.dmp

Filesize
3.9MB

Download
memory/3512-2711-0x00007FF682A80000-0x00007FF682E72000-memory.dmp

Filesize
3.9MB

Download
memory/3512-179-0x00007FF682A80000-0x00007FF682E72000-memory.dmp

Filesize
3.9MB

Download
memory/3684-2674-0x00007FF6B2A40000-0x00007FF6B2E32000-memory.dmp

Filesize
3.9MB

Download
memory/3684-126-0x00007FF6B2A40000-0x00007FF6B2E32000-memory.dmp

Filesize
3.9MB

Download
memory/3700-119-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp

Filesize
3.9MB

Download
memory/3700-2575-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp

Filesize
3.9MB

Download
memory/3700-2684-0x00007FF6DE790000-0x00007FF6DEB82000-memory.dmp

Filesize
3.9MB

Download
memory/3772-141-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp

Filesize
3.9MB

Download
memory/3772-2589-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp

Filesize
3.9MB

Download
memory/3772-2705-0x00007FF6E7AD0000-0x00007FF6E7EC2000-memory.dmp

Filesize
3.9MB

Download
memory/3928-2599-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp

Filesize
3.9MB

Download
memory/3928-174-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp

Filesize
3.9MB

Download
memory/3928-17-0x00007FF7B1E90000-0x00007FF7B2282000-memory.dmp

Filesize
3.9MB

Download
memory/4296-1-0x0000016793E00000-0x0000016793E10000-memory.dmp

Filesize
64KB

Download
memory/4296-2653-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp

Filesize
3.9MB

Download
memory/4296-1123-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp

Filesize
3.9MB

Download
memory/4296-0-0x00007FF6DBAA0000-0x00007FF6DBE92000-memory.dmp

Filesize
3.9MB

Download
memory/4584-60-0x00007FF7B0C10000-0x00007FF7B1002000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2609-0x00007FF7B0C10000-0x00007FF7B1002000-memory.dmp

Filesize
3.9MB

Download
memory/4688-138-0x00007FF6D9C90000-0x00007FF6DA082000-memory.dmp

Filesize
3.9MB

Download
memory/4688-2678-0x00007FF6D9C90000-0x00007FF6DA082000-memory.dmp

Filesize
3.9MB

Download
memory/4848-37-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp

Filesize
3.9MB

Download
memory/4848-1125-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp

Filesize
3.9MB

Download
memory/4848-2608-0x00007FF62BA80000-0x00007FF62BE72000-memory.dmp

Filesize
3.9MB

Download
memory/4884-57-0x00007FF70F160000-0x00007FF70F552000-memory.dmp

Filesize
3.9MB

Download
memory/4884-1144-0x00007FF70F160000-0x00007FF70F552000-memory.dmp

Filesize
3.9MB

Download
memory/4884-2612-0x00007FF70F160000-0x00007FF70F552000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2604-0x00007FF7FB530000-0x00007FF7FB922000-memory.dmp

Filesize
3.9MB

Download
memory/4948-59-0x00007FF7FB530000-0x00007FF7FB922000-memory.dmp

Filesize
3.9MB

Download